Go Back   Cyber Tech Help Support Forums > Operating Systems > Windows 10

Notices

Reply
 
Topic Tools
  #1  
Old November 1st, 2016, 07:50 PM
preachy's Avatar
preachy preachy is offline
Senior Member
 
Join Date: Apr 2004
O/S: Windows 10 Home
Posts: 402
multiple errors

Hi

i haverun into several erros inthe last couple of days and im at a loss.
upon boot i get a
Update.exe C\windows\microsoft\.NET\framework\v4.0.30319\clrj it.dll is either not designed to run on windows or has an error.. error status 0xc0000020

after clicking ok i get a message box saying Unknown Hard Error.

also

i get an sdiaghost.exe - unknown hard error


also

i cant turn on windows security centre, pc just doesnt respond
i also cant update via the windows 10 upgrade assistant.

if i try to boot into safe mode via msconfig the pc hangs..

i can boot into it via shift+restart but the same problems exist in safe mode

ive tried to run eset online free av scanner and bit defender scanner neither would start up.. (this was in safe mode though)

if you can help i'd (as usual) be extremely grateful



edit

also, if i try to search on the pc using anything from cortana to settings the pc searches endlessly but will not find anything.. it doesn't hang, it just doesn't do anything

edit edit after running eset online to 90 (something) % i got message saying the program had crashed and windows would inform me if there fix for the issue.
repeatedly i had unknown hard error message box pop up

Last edited by preachy; November 1st, 2016 at 11:38 PM. Reason: more information
Reply With Quote


  #2  
Old November 2nd, 2016, 11:52 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,000
Hello preachy,

It surely would seem to be a graphics setting error, but with the other errors, best we take a look. Any malware, I'll ask a Mod to move this to the CTH Malware Removal Forum.


To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"


If you know how, it's best to disable your antivirus while doing these steps.


Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Reply With Quote
  #3  
Old November 3rd, 2016, 10:47 AM
preachy's Avatar
preachy preachy is offline
Senior Member
 
Join Date: Apr 2004
O/S: Windows 10 Home
Posts: 402
Hi
Just quickly, i haven't been able to run any AV service since this problem started. windows defender wont start and the pc just hangs (allows me to do other stuff but i have to end the task when i try to enable the service.

any other AV that I have tried to install eventually fails

here are the logs
Reply With Quote
  #4  
Old November 3rd, 2016, 10:48 AM
preachy's Avatar
preachy preachy is offline
Senior Member
 
Join Date: Apr 2004
O/S: Windows 10 Home
Posts: 402
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-10-2016
Ran by Matt Murphy (administrator) on HAL (03-11-2016 09:35:17)
Running from C:\Users\Matt Murphy\Desktop
Loaded Profiles: Matt Murphy (Available Profiles: Matt Murphy)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
() C:\Windows\System32\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Palit Microsystems Ltd.) C:\Program Files (x86)\Thunder Master\THPanel.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Windows\System\HsMgr64.exe
(CMedia) C:\Program Files\ASUS Xonar DG Audio\Customapp\AsusAudioCenter.exe
() C:\Windows\SysWOW64\HsMgr.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Google, Inc) C:\Users\Matt Murphy\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(G-PANEL) C:\Program Files (x86)\Thunder Master\UI\G-PANEL.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.5220\Agent.e xe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.8098\Battle.net.exe
() C:\Program Files (x86)\Battle.net\Battle.net.8098\Battle.net Helper.exe
(Corsair Components, Inc.) C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
() C:\Program Files (x86)\Battle.net\Battle.net.8098\Battle.net Helper.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0 _x86__8wekyb3d8bbwe\SkypeHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Cmaudio8788GX64] => C:\WINDOWS\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788] => C:\WINDOWS\Syswow64\cmicnfgp.dll [13463552 2014-03-11] (C-Media Corporation)
HKLM\...\Run: [Cmaudio8788GX] => C:\WINDOWS\syswow64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [6637960 2016-07-05] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\nvspcap64.dll [1842624 2016-09-30] (NVIDIA Corporation)
HKLM-x32\...\Run: [Corsair Utility Engine] => C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe [14885552 2016-03-23] (Corsair Components, Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25424008 2016-10-24] (Dropbox, Inc.)
HKU\S-1-5-21-326144773-4190947786-2468376328-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2876192 2016-11-01] (Valve Corporation)
HKU\S-1-5-21-326144773-4190947786-2468376328-1000\...\Run: [Google Photos Backup] => C:\Users\Matt Murphy\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3791176 2015-12-11] (Google, Inc)
HKU\S-1-5-21-326144773-4190947786-2468376328-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [465920 2016-09-07] (Microsoft Corporation)
HKU\S-1-5-21-326144773-4190947786-2468376328-1000\...\Run: [Innkeeper] => C:\Users\Matt Murphy\AppData\Local\Innkeeper\Update.exe --processStart Innkeeper.exe --process-start-args="-startup"
HKU\S-1-5-21-326144773-4190947786-2468376328-1000\...\Run: [Battle.net] => C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe [3122152 2016-06-21] (Blizzard Entertainment)
HKU\S-1-5-21-326144773-4190947786-2468376328-1000\...\Run: [THPanel] => C:\Program Files (x86)\Thunder Master\THPanel.exe [2026840 2016-06-29] (Palit Microsystems Ltd.)
HKU\S-1-5-21-326144773-4190947786-2468376328-1000\...\RunOnce: [Uninstall C:\Users\Matt Murphy\AppData\Local\Microsoft\OneDrive\17.3.5892. 0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Matt Murphy\AppData\Local\Microsoft\OneDrive\17.3.5892. 0626\amd64"
HKU\S-1-5-21-326144773-4190947786-2468376328-1000\...\RunOnce: [Uninstall C:\Users\Matt Murphy\AppData\Local\Microsoft\OneDrive\17.3.6390. 0509\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Matt Murphy\AppData\Local\Microsoft\OneDrive\17.3.6390. 0509\amd64"
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.1.0.dll [2016-10-24] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{351bf577-db50-4ba8-8a5b-33b67eac81b5}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{67033c03-95f3-40d1-a35a-3a8a7260a185}: [DhcpNameServer] 192.168.44.1
Tcpip\..\Interfaces\{7b23a59f-f130-4ce6-a376-bce4c6cbe709}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{f48ea2a1-5140-40a5-ae6e-7a790ad23c34}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_77\bin\ssv.dll [2016-03-25] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-25] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-03-25] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-25] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Matt Murphy\AppData\Roaming\Mozilla\Firefox\Profiles\66 fqliid.default-1458990547744 [2016-11-03]
FF Homepage: Mozilla\Firefox\Profiles\66fqliid.default-1458990547744 -> www.google.co.uk
FF Extension: (Twitch No Cancerino) - C:\Users\Matt Murphy\AppData\Roaming\Mozilla\Firefox\Profiles\66 fqliid.default-1458990547744\Extensions\@worsettv.xpi [2016-11-01]
FF Extension: (Ace Stream Web Extension) - C:\Users\Matt Murphy\AppData\Roaming\Mozilla\Firefox\Profiles\66 fqliid.default-1458990547744\Extensions\acewebextension@acestream .org.xpi [2016-04-17]
FF Extension: (AdBlocker Ultimate) - C:\Users\Matt Murphy\AppData\Roaming\Mozilla\Firefox\Profiles\66 fqliid.default-1458990547744\Extensions\adblockultimate@adblockul timate.net.xpi [2016-04-20]
FF Extension: (Flash Video Downloader - YouTube HD Download [4K]) - C:\Users\Matt Murphy\AppData\Roaming\Mozilla\Firefox\Profiles\66 fqliid.default-1458990547744\Extensions\artur.dubovoy@gmail.com [2016-07-30]
FF Extension: (ZenMate Security, Privacy & Unblock VPN) - C:\Users\Matt Murphy\AppData\Roaming\Mozilla\Firefox\Profiles\66 fqliid.default-1458990547744\Extensions\firefox@zenmate.com.xpi [2016-09-29]
FF Extension: (Webmail Ad Blocker) - C:\Users\Matt Murphy\AppData\Roaming\Mozilla\Firefox\Profiles\66 fqliid.default-1458990547744\Extensions\gmailnoads@mywebber.com.x pi [2016-09-07]
FF Extension: (Twitch.tv Stream Browser) - C:\Users\Matt Murphy\AppData\Roaming\Mozilla\Firefox\Profiles\66 fqliid.default-1458990547744\Extensions\jid0-5q424C3HVeyE2T4d9bkO7CpXNjU@jetpack.xpi [2016-04-27]
FF Extension: (QCLean - Remove Facebook Ads Suggested Pages and Posts) - C:\Users\Matt Murphy\AppData\Roaming\Mozilla\Firefox\Profiles\66 fqliid.default-1458990547744\Extensions\jid0-wpCH2liWmuMjc8AV1VWejWvGjBI@jetpack.xpi [2016-04-27]
FF Extension: (Twitch Now) - C:\Users\Matt Murphy\AppData\Roaming\Mozilla\Firefox\Profiles\66 fqliid.default-1458990547744\Extensions\jid1-jwVSihNsgAw5jA@jetpack.xpi [2016-11-01]
FF Extension: (Sitenable) - C:\Users\Matt Murphy\AppData\Roaming\Mozilla\Firefox\Profiles\66 fqliid.default-1458990547744\Extensions\jid1-s4ZbgaSWrM5j1w@jetpack.xpi [2016-10-31]
FF Extension: (Twitch Live) - C:\Users\Matt Murphy\AppData\Roaming\Mozilla\Firefox\Profiles\66 fqliid.default-1458990547744\Extensions\jid1-SE3gVqeg20464w@jetpack.xpi [2016-06-26]
FF Extension: (WhatsApp™ Desktop) - C:\Users\Matt Murphy\AppData\Roaming\Mozilla\Firefox\Profiles\66 fqliid.default-1458990547744\Extensions\jid1-uqwEAwSca3FXUo@jetpack.xpi [2016-11-02]
FF Extension: (Reddit Enhancement Suite) - C:\Users\Matt Murphy\AppData\Roaming\Mozilla\Firefox\Profiles\66 fqliid.default-1458990547744\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2016-10-16]
FF Extension: (English (GB) Language Pack) - C:\Users\Matt Murphy\AppData\Roaming\Mozilla\Firefox\Profiles\66 fqliid.default-1458990547744\Extensions\langpack-en-GB@firefox.mozilla.org.xpi [2016-09-25]
FF Extension: (British English Dictionary (Marco Pinto)) - C:\Users\Matt Murphy\AppData\Roaming\Mozilla\Firefox\Profiles\66 fqliid.default-1458990547744\Extensions\marcoagpinto@mail.telepac .pt [2016-10-25]
FF Extension: (PageTweak) - C:\Users\Matt Murphy\AppData\Roaming\Mozilla\Firefox\Profiles\66 fqliid.default-1458990547744\Extensions\{15312e9a-4905-48da-aae4-15b24bdc2a24}.xpi [2016-04-27]
FF Extension: (FirefoxAdKiller) - C:\Users\Matt Murphy\AppData\Roaming\Mozilla\Firefox\Profiles\66 fqliid.default-1458990547744\Extensions\{b1df372d-8b32-4c7d-b6b4-9c5b78cf6fb1}.xpi [2016-04-27]
FF Extension: (Adblock Plus) - C:\Users\Matt Murphy\AppData\Roaming\Mozilla\Firefox\Profiles\66 fqliid.default-1458990547744\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-10-29]
FF Extension: (QuickJava) - C:\Users\Matt Murphy\AppData\Roaming\Mozilla\Firefox\Profiles\66 fqliid.default-1458990547744\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2016-10-09]
FF Extension: (Ace Stream Web Extension) - C:\Users\Matt Murphy\AppData\Roaming\ACEStream\extensions\awe\fi refox\acewebextension_unlisted.xpi [2015-12-18]
FF HKU\S-1-5-21-326144773-4190947786-2468376328-1000\...\Firefox\Extensions: [acewebextension_unlisted@acestream.org] - C:\Users\Matt Murphy\AppData\Roaming\ACEStream\extensions\awe\fi refox\acewebextension_unlisted.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_ 205.dll [2016-10-26] ()
FF Plugin: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1. dll [2016-03-25] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-25] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_ 205.dll [2016-10-26] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1. dll [2016-03-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-25] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-07-10] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-07-10] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-326144773-4190947786-2468376328-1000: @acestream.net/acestreamplugin,version=3.1.1 -> C:\Users\Matt Murphy\AppData\Roaming\ACEStream\player\npace_plug in.dll [2015-08-06] (Innovative Digital Technologies)

Chrome:
=======
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Matt Murphy\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.824\_platform_specific\win_ x64\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\Peppe rFlash\pepflashplayer.dll => No File
CHR Profile: C:\Users\Matt Murphy\AppData\Local\Google\Chrome\User Data\Default [2016-11-02]
CHR Extension: (Google Slides) - C:\Users\Matt Murphy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhon fmgoek [2015-11-01]
CHR Extension: (Chess) - C:\Users\Matt Murphy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahdefphnelgcdlmfmfkgdhafob kpkmeh [2015-11-01]
CHR Extension: (The Guardian) - C:\Users\Matt Murphy\AppData\Local\Google\Chrome\User Data\Default\Extensions\amckaikgfcndaokapfcedicfma goghlg [2016-08-28]
CHR Extension: (Google Drive) - C:\Users\Matt Murphy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf [2015-11-01]
CHR Extension: (Rapport) - C:\Users\Matt Murphy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbako bcheof [2016-03-25]
CHR Extension: (Adblock for Youtube™) - C:\Users\Matt Murphy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohm hepckk [2016-03-25]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\Matt Murphy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolok felagl [2016-08-28]
CHR Extension: (Google Search) - C:\Users\Matt Murphy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf [2015-11-01]
CHR Extension: (The Impossible Game Lite) - C:\Users\Matt Murphy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpadmkkgdkdamonojcgghpccdk johfce [2015-11-01]
CHR Extension: (Netflix) - C:\Users\Matt Murphy\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeoh mmeldh [2015-11-01]
CHR Extension: (Dropbox for Gmail) - C:\Users\Matt Murphy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdecka chfbec [2016-01-09]
CHR Extension: (Pong 2 [FREE]) - C:\Users\Matt Murphy\AppData\Local\Google\Chrome\User Data\Default\Extensions\epblchomieaimajjcbjeimpafp mcidem [2015-11-01]
CHR Extension: (Retro Arcade Classic Games) - C:\Users\Matt Murphy\AppData\Local\Google\Chrome\User Data\Default\Extensions\feaiafoeejjihfcjacjfmfboid fhcmam [2015-11-01]
CHR Extension: (Google Docs Offline) - C:\Users\Matt Murphy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdl olhkhi [2016-03-25]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Matt Murphy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfb nlmeio [2016-10-31]
CHR Extension: (NEnhancer) - C:\Users\Matt Murphy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijanohecbcpdgnpiabdfehfjgc apepbm [2016-08-28]
CHR Extension: (Command & Conquer Tiberium Alliances) - C:\Users\Matt Murphy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgaeopgjojikeoiidmfaejkifh gjoooe [2016-08-28]
CHR Extension: (eBay for Chrome) - C:\Users\Matt Murphy\AppData\Local\Google\Chrome\User Data\Default\Extensions\khhckppjhonfmcpegdjdibmnga hahhck [2016-09-15]
CHR Extension: (Movi Kanti Revo) - C:\Users\Matt Murphy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkdkcgeghhfjiglphfppinecpc pnnbne [2015-11-01]
CHR Extension: (Qwop) - C:\Users\Matt Murphy\AppData\Local\Google\Chrome\User Data\Default\Extensions\llabaenancdmlfnibnkgkfooho ppnkol [2015-11-01]
CHR Extension: (Steam Theme) - C:\Users\Matt Murphy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcphcjcjgkjmbphkfjleamgkin aeebnm [2015-11-01]
CHR Extension: (Ace Stream Web Extension) - C:\Users\Matt Murphy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjbepbhonbojpoaenhckjocchg fiaofo [2016-08-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Matt Murphy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2016-05-04]
CHR Extension: (Sitenable) - C:\Users\Matt Murphy\AppData\Local\Google\Chrome\User Data\Default\Extensions\noomjcidgnamogjljgjbamcdgg cnlcjf [2016-09-15]
CHR Extension: (Download Vimeo Videos, Premium) - C:\Users\Matt Murphy\AppData\Local\Google\Chrome\User Data\Default\Extensions\phpaiffimemgakmakpcehgboph kbllkf [2016-08-28]
CHR Extension: (Gmail) - C:\Users\Matt Murphy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia [2015-11-01]
CHR Extension: (Inbox by Gmail) - C:\Users\Matt Murphy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkclgpgponpjmpfokoepglboej dobkpl [2015-11-01]
CHR Extension: (Chrome Media Router) - C:\Users\Matt Murphy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm [2016-10-31]
CHR HKU\S-1-5-21-326144773-4190947786-2468376328-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\ Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-326144773-4190947786-2468376328-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\ Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-11-01] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-11-01] (Dropbox, Inc.)
S2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [41576 2016-10-24] (Dropbox, Inc.)
R2 LDrvSvc; c:\program files (x86)\ostotosoft\drivertalent\LDrvSvc.dll [172200 2016-07-28] ()
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [455616 2016-09-30] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [455616 2016-09-30] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-09-30] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2142728 2016-10-04] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2209296 2016-10-04] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-11-02] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75064 2015-11-02] ()
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2387952 2016-10-06] (IBM Corp.)
S4 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
S4 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3289448 2016-05-11] (Samsung Electronics Co., Ltd.)
S4 vmicvss; C:\WINDOWS\System32\ICSvc.dll [511488 2016-09-07] (Microsoft Corporation)
S4 vncserver; C:\Program Files\RealVNC\VNC Server\vncservice.exe [639808 2015-01-28] (RealVNC Ltd)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364456 2016-09-07] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-09-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 cmudaxp; C:\WINDOWS\system32\drivers\cmudaxp.sys [2735616 2015-06-02] (C-Media Inc)
R3 CorsairVBusDriver; C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [47840 2016-01-20] (Corsair)
R3 CorsairVHidDriver; C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [21728 2016-01-20] (Corsair)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)
S3 monitor; C:\WINDOWS\System32\drivers\monitor.sys [38400 2015-10-30] () [File not signed]
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-09-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [46016 2016-09-02] (NVIDIA Corporation)
R1 RapportCerberus_1609053; C:\ProgramData\Trusteer\Rapport\store\exts\Rapport Cerberus\baseline\RapportCerberus64_1609053.sys [1181672 2016-09-17] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [566248 2016-10-06] (IBM Corp.)
R0 RapportHades64; C:\WINDOWS\System32\Drivers\RapportHades64.sys [235184 2016-10-06] (IBM Corp.)
R0 RapportKE64; C:\WINDOWS\System32\Drivers\RapportKE64.sys [489712 2016-10-06] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [547888 2016-10-06] (IBM Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
S3 RtlWlanu; C:\WINDOWS\System32\drivers\rtwlanu.sys [3764736 2015-10-30] (Realtek Semiconductor Corporation )
S3 SaiU0CCB; C:\WINDOWS\System32\DRIVERS\SaiU0CCB.sys [41096 2010-04-22] (Saitek)
R1 SamsungMonitorFirmware; C:\WINDOWS\system32\drivers\MFWCtwl.sys [21360 2011-12-26] (Samsung Electronics, Inc. ) [File not signed]
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Reply With Quote
  #5  
Old November 3rd, 2016, 10:48 AM
preachy's Avatar
preachy preachy is offline
Senior Member
 
Join Date: Apr 2004
O/S: Windows 10 Home
Posts: 402
==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-03 09:35 - 2016-11-03 09:35 - 00029671 _____ C:\Users\Matt Murphy\Desktop\FRST.txt
2016-11-03 09:35 - 2016-11-03 09:35 - 00000000 ____D C:\FRST
2016-11-03 09:33 - 2016-11-03 09:35 - 02408960 _____ (Farbar) C:\Users\Matt Murphy\Desktop\FRST64.exe
2016-11-02 10:34 - 2016-11-02 10:34 - 00812344 _____ (Trend Micro Inc.) C:\Users\Matt Murphy\Downloads\hijackthis.exe
2016-11-02 10:34 - 2016-11-02 10:34 - 00002166 _____ C:\Users\Matt Murphy\Desktop\HijackThis.lnk
2016-11-02 10:34 - 2016-11-02 10:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
2016-11-02 10:34 - 2016-11-02 10:34 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2016-11-02 10:32 - 2016-11-02 10:32 - 02869536 _____ (Javacool Software LLC ) C:\Users\Matt Murphy\Downloads\spywareblastersetup.exe
2016-11-02 10:32 - 2016-11-02 10:32 - 00001072 _____ C:\Users\Matt Murphy\Desktop\SpywareBlaster.lnk
2016-11-02 10:32 - 2016-11-02 10:32 - 00000000 ____D C:\ProgramData\TEMP
2016-11-02 10:32 - 2016-11-02 10:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2016-11-02 10:32 - 2016-11-02 10:32 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2016-11-02 10:32 - 2005-08-25 19:18 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSSTDFMT.DLL
2016-11-01 22:19 - 2016-11-01 22:19 - 00000000 ___HD C:\$Windows.~BT
2016-11-01 22:18 - 2016-11-01 22:29 - 00000000 _____ C:\Recovery.txt
2016-11-01 22:18 - 2016-11-01 22:22 - 00000000 ___HD C:\$SysReset
2016-11-01 19:02 - 2016-11-01 19:02 - 06761600 _____ (ESET spol. s r.o.) C:\Users\Matt Murphy\Downloads\esetonlinescanner_enu.exe
2016-11-01 19:02 - 2016-11-01 19:02 - 00000000 ____D C:\Users\Matt Murphy\AppData\Local\ESET
2016-11-01 19:01 - 2016-11-01 19:01 - 04479640 _____ (Avira Operations GmbH & Co. KG) C:\Users\Matt Murphy\Downloads\avira_en_av_5818e68f158d7__ws.exe
2016-11-01 13:53 - 2016-11-01 13:53 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask .job
2016-11-01 13:21 - 2016-11-01 13:21 - 00889416 _____ (Microsoft Corporation) C:\Users\Matt Murphy\Downloads\dotNetFx40_Full_setup.exe
2016-11-01 13:02 - 2016-11-01 13:02 - 00000639 _____ C:\Users\Matt Murphy\Downloads\WindowsUpdateDiagnostic.diagcab
2016-10-28 20:34 - 2016-10-28 20:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-10-24 13:06 - 2016-10-24 13:06 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2016-10-24 13:06 - 2016-10-24 13:06 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2016-10-24 13:06 - 2016-10-24 13:06 - 00075888 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2016-10-24 13:06 - 2016-10-24 13:06 - 00041576 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2016-10-21 11:49 - 2016-10-21 11:49 - 00000000 ____D C:\Users\Matt Murphy\AppData\Local\NetworkTiles
2016-10-15 11:06 - 2016-10-15 11:06 - 04761836 _____ C:\Users\Matt Murphy\Downloads\lootcrate_fallout_shelter_digital _pack.zip
2016-10-11 19:21 - 2016-10-05 07:56 - 01644736 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-10-11 19:21 - 2016-10-05 07:56 - 01242304 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-10-11 19:21 - 2016-10-05 07:56 - 00602304 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-10-11 19:21 - 2016-10-05 07:56 - 00591040 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-10-11 19:21 - 2016-10-05 07:56 - 00329920 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-10-11 19:21 - 2016-10-05 07:56 - 00290496 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-10-11 19:21 - 2016-10-05 07:56 - 00144576 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-10-11 19:21 - 2016-10-05 07:56 - 00085696 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-10-11 19:21 - 2016-10-05 07:20 - 01030408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-10-11 19:21 - 2016-10-05 07:20 - 00875480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-10-11 19:21 - 2016-10-05 07:19 - 00129376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2016-10-11 19:21 - 2016-10-05 07:18 - 07468384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-10-11 19:21 - 2016-10-05 07:18 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-10-11 19:21 - 2016-10-05 07:18 - 01142560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-10-11 19:21 - 2016-10-05 07:01 - 01637216 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-10-11 19:21 - 2016-10-05 07:01 - 01337184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2016-10-11 19:21 - 2016-10-05 06:54 - 01297760 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-10-11 19:21 - 2016-10-05 06:17 - 03693064 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-10-11 19:21 - 2016-10-05 06:15 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-10-11 19:21 - 2016-10-05 06:14 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-10-11 19:21 - 2016-10-05 06:09 - 00604920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-10-11 19:21 - 2016-10-05 05:45 - 00987488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-10-11 19:21 - 2016-10-05 05:39 - 01988448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-10-11 19:21 - 2016-10-05 05:39 - 00576856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-10-11 19:21 - 2016-10-05 05:38 - 00636296 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-10-11 19:21 - 2016-10-05 05:38 - 00393056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-10-11 19:21 - 2016-10-05 05:37 - 00640976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-10-11 19:21 - 2016-10-05 05:31 - 00422240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-10-11 19:21 - 2016-10-05 05:25 - 00871776 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvstore.dll
2016-10-11 19:21 - 2016-10-05 05:23 - 00305808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpeffects.dll
2016-10-11 19:21 - 2016-10-05 05:08 - 02937896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-10-11 19:21 - 2016-10-05 05:05 - 00256704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-10-11 19:21 - 2016-10-05 05:01 - 00046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2016-10-11 19:21 - 2016-10-05 05:00 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-10-11 19:21 - 2016-10-05 04:51 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-10-11 19:21 - 2016-10-05 04:50 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2016-10-11 19:21 - 2016-10-05 04:49 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-10-11 19:21 - 2016-10-05 04:47 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2016-10-11 19:21 - 2016-10-05 04:38 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpdxm.dll
2016-10-11 19:21 - 2016-10-05 04:35 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpshell.dll
2016-10-11 19:21 - 2016-10-05 04:34 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2016-10-11 19:21 - 2016-10-05 04:33 - 00546456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-10-11 19:21 - 2016-10-05 04:32 - 00538744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-10-11 19:21 - 2016-10-05 04:30 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2016-10-11 19:21 - 2016-10-05 04:30 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\adsmsext.dll
2016-10-11 19:21 - 2016-10-05 04:29 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2016-10-11 19:21 - 2016-10-05 04:27 - 00370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack_win.dll
2016-10-11 19:21 - 2016-10-05 04:23 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2016-10-11 19:21 - 2016-10-05 04:19 - 00717152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvstore.dll
2016-10-11 19:21 - 2016-10-05 04:18 - 00253080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpeffects.dll
2016-10-11 19:21 - 2016-10-05 04:17 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\das.dll
2016-10-11 19:21 - 2016-10-05 04:17 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2016-10-11 19:21 - 2016-10-05 04:15 - 00458240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dl l
2016-10-11 19:21 - 2016-10-05 04:10 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-10-11 19:21 - 2016-10-05 04:10 - 00602624 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-10-11 19:21 - 2016-10-05 04:07 - 01159168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplicationFrame.dll
2016-10-11 19:21 - 2016-10-05 04:05 - 00841728 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-10-11 19:21 - 2016-10-05 04:04 - 01718272 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-10-11 19:21 - 2016-10-05 04:02 - 01040896 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-10-11 19:21 - 2016-10-05 04:00 - 01661952 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2016-10-11 19:21 - 2016-10-05 04:00 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-10-11 19:21 - 2016-10-05 04:00 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-10-11 19:21 - 2016-10-05 03:57 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2016-10-11 19:21 - 2016-10-05 03:55 - 03549696 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2016-10-11 19:21 - 2016-10-05 03:48 - 02437120 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2016-10-11 19:21 - 2016-10-05 03:40 - 03589120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-10-11 19:21 - 2016-10-05 03:40 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
2016-10-11 19:21 - 2016-10-05 03:37 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2016-10-11 19:21 - 2016-10-05 03:30 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpdxm.dll
2016-10-11 19:21 - 2016-10-05 03:29 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-10-11 19:21 - 2016-10-05 03:29 - 01728000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-10-11 19:21 - 2016-10-05 03:28 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpshell.dll
2016-10-11 19:21 - 2016-10-05 03:24 - 00217600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
2016-10-11 19:21 - 2016-10-05 03:24 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adsmsext.dll
2016-10-11 19:21 - 2016-10-05 03:23 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2016-10-11 19:21 - 2016-10-05 03:15 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2016-10-11 19:21 - 2016-10-05 03:14 - 03585536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFl owUI.dll
2016-10-11 19:21 - 2016-10-05 03:13 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dl l
2016-10-11 19:21 - 2016-10-05 03:10 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-10-11 19:21 - 2016-10-05 03:09 - 00501760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-10-11 19:21 - 2016-10-05 03:05 - 01467904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-10-11 19:21 - 2016-10-05 03:04 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-10-11 19:21 - 2016-10-05 03:04 - 00885248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-10-11 19:21 - 2016-10-05 02:59 - 02362880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2016-10-11 19:21 - 2016-10-05 02:55 - 04895232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-10-11 19:21 - 2016-10-05 02:54 - 01987584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2016-10-11 19:21 - 2016-10-05 02:50 - 22379520 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-10-11 19:21 - 2016-10-05 02:50 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-10-11 19:21 - 2016-10-05 02:40 - 01626112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-10-11 19:21 - 2016-10-05 02:39 - 24611328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-10-11 19:21 - 2016-10-05 02:39 - 13392384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-10-11 19:21 - 2016-10-05 02:39 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-10-11 19:21 - 2016-10-05 02:33 - 14255104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-10-11 19:21 - 2016-10-05 02:27 - 09920512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-10-11 19:21 - 2016-10-05 02:26 - 07836672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-10-11 19:21 - 2016-10-05 02:22 - 03664384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-10-11 19:21 - 2016-10-05 02:13 - 19349504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-10-11 19:21 - 2016-10-05 02:13 - 18675200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-10-11 19:21 - 2016-10-05 02:13 - 12134400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-10-11 19:21 - 2016-10-05 02:06 - 12587008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-10-11 19:21 - 2016-10-05 02:01 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-10-11 19:21 - 2016-09-27 02:39 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-10-11 19:21 - 2016-09-17 07:45 - 02610176 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-10-11 19:21 - 2016-09-17 07:28 - 03077120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-10-11 19:21 - 2016-09-17 06:45 - 06312448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-10-11 19:21 - 2016-09-17 06:43 - 02552832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-10-11 19:21 - 2016-09-17 06:22 - 04405248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-10-11 19:21 - 2016-06-18 04:55 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2016-10-11 19:21 - 2016-06-18 04:51 - 00470528 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2016-10-11 19:21 - 2016-06-18 04:49 - 00175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll
2016-10-11 19:21 - 2016-06-18 04:45 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2016-10-11 19:20 - 2016-10-05 04:49 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnpclean.dll
2016-10-11 19:20 - 2016-10-05 04:47 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevDispItemProvider.dll
2016-10-11 19:20 - 2016-10-05 04:30 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-10-11 19:20 - 2016-10-05 03:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevDispItemProvider.dll
2016-10-11 19:20 - 2016-10-01 02:16 - 00446124 _____ C:\WINDOWS\system32\ApnDatabase.xml
2016-10-11 19:20 - 2016-09-17 08:08 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-10-11 19:20 - 2016-09-17 07:12 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-10-08 18:18 - 2016-10-08 18:18 - 00001485 _____ C:\Users\Public\Desktop\GeForce Experience.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-03 09:31 - 2015-11-01 16:26 - 00000918 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-11-03 09:30 - 2015-11-01 16:54 - 00000000 ____D C:\Users\Matt Murphy\AppData\Local\Battle.net
2016-11-03 09:07 - 2015-11-01 16:25 - 00000000 ____D C:\Program Files (x86)\Steam
2016-11-03 09:05 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-11-03 09:02 - 2016-07-22 17:07 - 00000000 ____D C:\ProgramData\NVIDIA
2016-11-03 09:02 - 2015-11-02 07:47 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-11-03 09:02 - 2015-11-01 16:26 - 00000914 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-11-03 09:02 - 2015-11-01 16:24 - 00000910 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-02 14:38 - 2016-02-22 15:00 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-11-02 13:30 - 2015-10-30 07:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-11-02 10:38 - 2015-11-01 16:46 - 00000000 ____D C:\Users\Matt Murphy\AppData\Roaming\uTorrent
2016-11-02 10:37 - 2016-09-19 12:18 - 00000000 ____D C:\Users\Matt Murphy\AppData\Local\CrashDumps
2016-11-02 10:37 - 2016-07-23 02:06 - 00000000 ___DC C:\WINDOWS\Panther
2016-11-02 10:37 - 2015-10-30 07:21 - 00000000 ____D C:\WINDOWS\INF
2016-11-01 19:02 - 2015-11-01 19:30 - 00000000 ____D C:\ProgramData\Package Cache
2016-11-01 18:59 - 2015-12-28 07:07 - 00000000 ____D C:\Program Files\WhoCrashed
2016-11-01 14:30 - 2016-04-27 06:32 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-11-01 14:07 - 2015-10-30 06:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-11-01 13:54 - 2016-07-15 09:47 - 00000000 ____D C:\Windows10Upgrade
2016-11-01 13:52 - 2016-07-22 17:08 - 00000000 ____D C:\Users\Matt Murphy
2016-11-01 13:15 - 2016-07-22 17:08 - 01009692 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-11-01 13:10 - 2015-11-01 16:39 - 00000000 ____D C:\Users\Matt Murphy\AppData\Local\Steam
2016-11-01 12:59 - 2016-07-22 16:01 - 00001908 _____ C:\WINDOWS\diagwrn.xml
2016-11-01 12:59 - 2016-07-22 16:01 - 00001908 _____ C:\WINDOWS\diagerr.xml
2016-11-01 12:59 - 2016-07-22 15:58 - 00000036 _____ C:\WINDOWS\progress.ini
2016-11-01 12:59 - 2016-06-15 19:03 - 00000000 ___HD C:\$GetCurrent
2016-10-31 22:04 - 2015-12-04 15:22 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-10-31 22:03 - 2015-11-01 16:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-10-31 22:03 - 2015-11-01 16:28 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-10-31 13:19 - 2015-11-09 09:37 - 00000000 ____D C:\Program Files\PeerBlock
2016-10-31 13:06 - 2016-04-29 17:59 - 00000000 ____D C:\Users\Matt Murphy\AppData\Roaming\InnkeeperUI
2016-10-31 13:05 - 2015-11-01 16:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-10-30 12:10 - 2016-07-14 16:32 - 00000000 ____D C:\Users\Matt Murphy\AppData\Local\NVIDIA Corporation
2016-10-28 20:34 - 2015-11-01 16:26 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-10-28 17:20 - 2015-10-30 07:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-10-28 01:22 - 2010-11-21 03:27 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-10-26 20:45 - 2015-11-01 16:45 - 00000000 ____D C:\Users\Matt Murphy\AppData\Roaming\.ACEStream
2016-10-26 20:38 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-10-26 20:38 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-10-25 18:01 - 2015-11-01 19:27 - 00000000 ____D C:\ProgramData\Origin
2016-10-25 16:59 - 2015-11-01 16:45 - 00000000 ____D C:\Users\Matt Murphy\AppData\Roaming\Origin
2016-10-24 21:56 - 2015-10-30 07:26 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-10-24 21:56 - 2015-10-30 07:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-10-24 20:02 - 2016-08-28 14:17 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-10-24 20:02 - 2015-11-01 16:24 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-24 19:19 - 2016-07-16 16:39 - 00000000 ____D C:\Users\Matt Murphy\Documents\Overwatch
2016-10-24 17:48 - 2016-06-10 13:04 - 00000000 ____D C:\Users\Matt Murphy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2016-10-24 17:48 - 2016-06-10 13:04 - 00000000 ____D C:\Users\Matt Murphy\AppData\Roaming\discord
2016-10-24 17:48 - 2016-06-10 13:04 - 00000000 ____D C:\Users\Matt Murphy\AppData\Local\Discord
2016-10-22 11:13 - 2016-06-28 16:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-10-20 18:24 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-10-19 14:47 - 2015-11-02 21:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2016-10-14 20:37 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\rescache
2016-10-14 20:15 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-10-14 05:10 - 2016-04-27 06:39 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-10-14 05:09 - 2016-04-27 06:29 - 00224288 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-10-14 05:09 - 2015-11-02 08:25 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-10-14 05:09 - 2015-11-02 08:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-10-13 21:11 - 2015-10-30 07:24 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2016-10-13 21:11 - 2015-10-30 07:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-10-13 20:46 - 2015-11-02 08:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-10-13 20:45 - 2015-11-02 09:57 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-10-13 20:38 - 2015-11-02 09:57 - 143495576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-10-13 17:00 - 2016-07-27 14:34 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-10-13 17:00 - 2016-07-27 14:34 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-10-08 18:18 - 2016-09-08 13:42 - 00003926 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-10-08 18:18 - 2016-07-22 17:07 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-10-08 18:17 - 2016-09-26 15:43 - 00003738 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-10-08 18:17 - 2016-09-08 13:42 - 00003990 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B 2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-10-08 18:17 - 2016-09-08 13:42 - 00003962 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-10-08 18:17 - 2016-09-08 13:42 - 00003900 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-10-08 18:17 - 2016-09-08 13:42 - 00003696 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_ {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-10-08 18:17 - 2016-07-22 17:07 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-10-08 18:17 - 2016-07-22 17:07 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-10-06 16:49 - 2015-11-02 21:21 - 00489712 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportKE64.sys
2016-10-06 16:49 - 2015-11-02 21:21 - 00235184 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportHades64.sys
2016-10-04 14:20 - 2015-11-01 19:30 - 00000000 ____D C:\Program Files (x86)\Origin
2016-10-04 14:19 - 2015-11-01 16:59 - 00000000 ____D C:\Users\Matt Murphy\AppData\Local\Origin

==================== Files in the root of some directories =======

2015-11-01 16:54 - 2015-05-17 14:25 - 0000038 ___SH () C:\Users\Matt Murphy\AppData\Local\69ff07055291669bb2b218.728211 12
2015-11-01 16:54 - 2014-02-06 11:15 - 0000017 _____ () C:\Users\Matt Murphy\AppData\Local\resmon.resmoncfg

Some files in TEMP:
====================
C:\Users\Matt Murphy\AppData\Local\Temp\Windows10Upgrade.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-10-25 18:25

==================== End of FRST.txt ============================
Reply With Quote
  #6  
Old November 3rd, 2016, 10:49 AM
preachy's Avatar
preachy preachy is offline
Senior Member
 
Join Date: Apr 2004
O/S: Windows 10 Home
Posts: 402
addition log
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-10-2016
Ran by Matt Murphy (03-11-2016 09:36:02)
Running from C:\Users\Matt Murphy\Desktop
Windows 10 Home Version 1511 (X64) (2016-07-22 17:19:55)
Boot Mode: Normal
================================================== ========


==================== Accounts: =============================

Administrator (S-1-5-21-326144773-4190947786-2468376328-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-326144773-4190947786-2468376328-503 - Limited - Disabled)
Guest (S-1-5-21-326144773-4190947786-2468376328-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-326144773-4190947786-2468376328-1003 - Limited - Enabled)
Matt Murphy (S-1-5-21-326144773-4190947786-2468376328-1000 - Administrator - Enabled) => C:\Users\Matt Murphy

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-326144773-4190947786-2468376328-1000\...\uTorrent) (Version: 3.4.9.42606 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Ace Stream Media 3.1.1 (HKU\S-1-5-21-326144773-4190947786-2468376328-1000\...\AceStream) (Version: 3.1.1 - Ace Stream Media) <==== ATTENTION
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20039 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Ansel (Version: 368.81 - NVIDIA Corporation) Hidden
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)
ASUS Xonar DG Audio (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392008788}) (Version: - ASUSTeK Computer Inc.)
ASUS Xonar DG Audio Driver (HKLM\...\C-Media Oxygen HD Audio Driver) (Version: - )
Basic PAYE Tools (HKLM-x32\...\Basic PAYE Tools - Real Time Information) (Version: 16.1.16125.489 - HM Revenue & Customs)
Batman: Arkham City GOTY (HKLM-x32\...\Steam App 200260) (Version: - Rocksteady Studios)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.7.2.45672 - Electronic Arts)
Battlefield: Bad Company™ 2 (HKLM-x32\...\{3AC8457C-0385-4BEA-A959-E095F05D6D67}) (Version: 1.0.1.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version: - Treyarch)
Call of Duty: Black Ops II (HKLM-x32\...\Steam App 202970) (Version: - Treyarch)
Call of Duty: Black Ops III (HKLM-x32\...\Steam App 311210) (Version: - Treyarch)
Canon MG4100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG4100_series) (Version: - Canon Inc.)
Catalyst Control Center Next Localization BR (Version: 2016.0705.2237.38875 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0705.2237.38875 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0705.2237.38875 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0705.2237.38875 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0705.2237.38875 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0705.2237.38875 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0705.2237.38875 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0705.2237.38875 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0705.2237.38875 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0705.2237.38875 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0705.2237.38875 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0705.2237.38875 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0705.2237.38875 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0705.2237.38875 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0705.2237.38875 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0705.2237.38875 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0705.2237.38875 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0705.2237.38875 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0705.2237.38875 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0705.2237.38875 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0705.2237.38875 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.18 - Piriform)
Combined Community Codec Pack 64bit 2015-10-18 (HKLM\...\Combined Community Codec Pack 64bit_is1) (Version: 2015.10.19.0 - CCCP Project)
Corsair Utility Engine (HKLM-x32\...\{46A3EEB3-8F6F-4BC4-9A53-CDE33D089D08}) (Version: 1.16.42 - Corsair)
CPUID HWMonitor 1.29 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
Crysis® 2 (HKLM-x32\...\{6033673D-2530-4587-8AD0-EB059FC263F9}) (Version: 1.9.0.0 - Electronic Arts)
Curse Client - 1 (HKU\S-1-5-21-326144773-4190947786-2468376328-1000\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
DARK SOULS™ II (HKLM-x32\...\Steam App 236430) (Version: - FromSoftware, Inc)
Dead Space (HKLM-x32\...\Steam App 17470) (Version: - EA Redwood Shores)
Dead Space 2 (HKLM-x32\...\Steam App 47780) (Version: - Visceral Games)
Discord (HKU\S-1-5-21-326144773-4190947786-2468376328-1000\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
DOOM (HKLM\...\Steam App 379720) (Version: - id Software)
Dragon Age™: Inquisition (HKLM-x32\...\{DC4C36DC-4E5B-4262-B0C7-157DF534B969}) (Version: 1.0.0.12 - Electronic Arts)
Driver Fusion (HKLM-x32\...\Driver Fusion) (Version: 3.3.0.0 - Treexy)
Driver Talent (HKLM-x32\...\{29FE44D7-BC89-4188-8B0E-F6BA073C15A5}_is1) (Version: 6.4.46.144 - OSToto Co., Ltd.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 13.4.21 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.37 - Dropbox, Inc.) Hidden
Epic Games Launcher (HKLM-x32\...\{16969EF2-23EA-4BD9-B085-4952D95E8A7D}) (Version: 1.1.48.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Fallout 4 (HKLM-x32\...\Steam App 377160) (Version: - Bethesda Game Studios)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.2.2.929 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\{ACABF078-B721-3663-9E6B-D08B47B71431}) (Version: 46.0.2490.80 - Google, Inc.)
Google Drive (HKLM-x32\...\{459CE109-4E46-4340-92BC-054642BC3BC2}) (Version: 1.31.2873.2758 - Google, Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Photos Backup (HKU\S-1-5-21-326144773-4190947786-2468376328-1000\...\Google Photos Backup) (Version: 1.1.1.276 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
GRID 2 (HKLM-x32\...\Steam App 44350) (Version: - Codemasters Racing)
GRID Autosport (HKLM-x32\...\Steam App 255220) (Version: - Codemasters Racing)
Grim Fandango Remastered (HKLM-x32\...\Steam App 316790) (Version: - Double Fine Productions)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
HijackThis 2.0.2 (HKLM-x32\...\HijackThis) (Version: 2.0.2 - TrendMicro)
Innkeeper (HKU\S-1-5-21-326144773-4190947786-2468376328-1000\...\Innkeeper) (Version: 0.3.1 - Curse Inc.)
Insurgency (HKLM\...\Steam App 222880) (Version: - New World Interactive)
Java 8 Update 77 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Java SE Development Kit 7 Update 67 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170670}) (Version: 1.7.0.670 - Oracle)
Java SE Development Kit 7 Update 79 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170790}) (Version: 1.7.0.790 - Oracle)
Java SE Development Kit 8 Update 71 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180710}) (Version: 8.0.710.15 - Oracle Corporation)
Kodi (HKU\S-1-5-21-326144773-4190947786-2468376328-1000\...\Kodi) (Version: - XBMC-Foundation)
Launcher Prerequisites (x64) (x32 Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Mad Max (HKLM-x32\...\Steam App 234140) (Version: - Avalanche Studios)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mass Effect™ (HKLM-x32\...\{AD2E3323-C23B-4ADD-A2F8-3119F54DDAFA}) (Version: 1.2.20608.0 - Electronic Arts)
Mass Effect™ 2 (HKLM-x32\...\{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}) (Version: 1.2.1604.0 - Electronic Arts)
Mass Effect™ 3 (HKLM-x32\...\{534A31BD-20F4-46b0-85CE-09778379663C}) (Version: 1.05.0.0 - Electronic Arts)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Minimal ADB and Fastboot version 1.3.1 (HKLM-x32\...\{26AC9666-A2C6-4D33-8370-A50F50F277C4}_is1) (Version: 1.3.1 - Sam Rodberg)
Mirror's Edge (HKLM-x32\...\Steam App 17410) (Version: - DICE)
Mozilla Firefox 49.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 49.0.2 (x86 en-US)) (Version: 49.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.2.6136 - Mozilla)
Mozilla Thunderbird 38.5.1 (x86 en-GB) (HKLM-x32\...\Mozilla Thunderbird 38.5.1 (x86 en-GB)) (Version: 38.5.1 - Mozilla)
MSI Afterburner 4.2.0 (HKLM-x32\...\Afterburner) (Version: 4.2.0 - MSI Co., LTD)
Need for Speed™ Rivals (HKLM-x32\...\{E0A32336-AA27-4053-99B2-C3380B7B95AC}) (Version: 1.4.0.0 - Electronic Arts)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.61.5 - Black Tree Gaming)
NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 368.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 368.81 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.0.7.34 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.0.7.34 - NVIDIA Corporation)
NVIDIA Graphics Driver 368.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 368.81 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.0.7.34 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 1.0.0.0 - NVIDIA Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice 4.1.2 (HKLM-x32\...\{4E96CB8B-444E-4EA3-8EF4-26060B0B411F}) (Version: 4.12.9782 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 10.1.1.35466 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
Overwatch Test (HKLM-x32\...\Overwatch Test) (Version: - Blizzard Entertainment)
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
Plants vs. Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Plex Media Server (HKLM-x32\...\{24f6f734-f790-479b-bd0f-38409a456508}) (Version: 0.9.1219 - Plex, Inc.)
Plex Media Server (x32 Version: 0.9.1219 - Plex, Inc.) Hidden
Port Forward Network Utilities 2.0.16 (HKLM-x32\...\Port Forward Network Utilities) (Version: 2.0.16 - Portforward.com)
Prototype (HKLM-x32\...\Steam App 10150) (Version: - Radical Entertainment)
PROTOTYPE 2 (HKLM-x32\...\Steam App 115320) (Version: - Radical Entertainment)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.988 - Even Balance, Inc.)
RAGE (HKLM-x32\...\Steam App 9200) (Version: - id Software)
Rapport (x32 Version: 3.5.1609.103 - Trusteer) Hidden
Raptr (HKLM-x32\...\Raptr) (Version: - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek)
RivaTuner Statistics Server 6.4.1 (HKLM-x32\...\RTSS) (Version: 6.4.1 - Unwinder)
Ryse: Son of Rome (HKLM-x32\...\Steam App 302510) (Version: - Crytek)
Samsung Update (HKLM-x32\...\{0BC4AC38-E7C5-4394-A6BD-32CDCE2C8B9D}) (Version: 2.2.36 - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.4.0 - SAMSUNG Electronics Co., Ltd.)
Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
SamsungFirmwareUpdater (HKLM-x32\...\{360AC456-30DD-40AF-B206-01424888587B}) (Version: 1.00.0000 - Samsung)
SHIELD Streaming (Version: 7.1.0320 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.0.7.34 - NVIDIA Corporation) Hidden
Skype™ 7.13 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.13.101 - Skype Technologies S.A.)
SopCast 4.0.0 (HKLM-x32\...\SopCast) (Version: 4.0.0 - www.sopcast.com)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Spotify (HKU\S-1-5-21-326144773-4190947786-2468376328-1000\...\Spotify) (Version: 1.0.20.94.g8f8543b3 - Spotify AB)
SpywareBlaster 4.1 (HKLM-x32\...\SpywareBlaster_is1) (Version: 4.1.0 - Javacool Software LLC)
STAR WARS™ Battlefront™ (HKLM-x32\...\{E402D891-4E45-4ce9-B41F-DD35864EF170}) (Version: 1.0.6.35326 - Electronic Arts)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Steam Controller Database Client (HKU\S-1-5-21-326144773-4190947786-2468376328-1000\...\143ba96d0d39f1c2) (Version: 1.0.0.10 - Flaming Zonkey)
StreamTorrent NE 1.0 (HKLM-x32\...\StreamTorrent NE_is1) (Version: - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version: - CD PROJEKT RED)
Thunder Master v2.20 (HKLM-x32\...\{EE04522C-0814-4B63-AE57-0B63E5A355BB}_is1) (Version: 2.20.0.0 - Palit Microsystems Ltd.)
Titanfall™ (HKLM-x32\...\{347EE0C3-0690-48F6-A231-53853C2A80D6}) (Version: 1.0.10.1 - Electronic Arts)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1609.103 - Trusteer)
Tukui Client (HKLM-x32\...\{BAD6EBBD-A6A9-41C9-898A-8C868A552E4C}) (Version: 2.4.6 - Tukui)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VNC Server 5.2.3 (HKLM\...\{E248D9BE-834C-4BE3-BBE3-E66B2AE39886}) (Version: 5.2.3 - RealVNC Ltd)
VNC Viewer 5.2.3 (HKLM\...\{18B1E36F-0DA3-4FDA-BC57-DD815B0DF3B2}) (Version: 5.2.3 - RealVNC Ltd)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
Warframe (HKLM\...\Steam App 230410) (Version: - Digital Extremes)
WhoCrashed 5.51 (HKLM\...\WhoCrashed_is1) (Version: - Resplendence Software Projects Sp.)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17364 - Microsoft Corporation)
Wolfenstein: The New Order (HKLM-x32\...\Steam App 201810) (Version: - Machine Games)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
Reply With Quote
  #7  
Old November 3rd, 2016, 10:50 AM
preachy's Avatar
preachy preachy is offline
Senior Member
 
Join Date: Apr 2004
O/S: Windows 10 Home
Posts: 402
==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-326144773-4190947786-2468376328-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Matt Murphy\AppData\Local\Microsoft\OneDrive\17.3.6517. 0809\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01BF9E80-15DA-47A0-98E2-64F91A29FC65} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1BFFC960-1D11-48B7-BEE0-9A2582BBA7DF} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {22D93C85-3319-48F5-A547-056267665EBE} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {2826868F-D941-4477-B4E0-931F8ABA0DEB} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2D8C11D4-21F6-4F74-92FD-48528CC52073} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2F6B612E-28EB-4736-95B3-2C39F1493E5C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-06-01] (Piriform Ltd)
Task: {2FF78F63-0682-4C51-A1C3-03448AF25F9D} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-11-01] (Dropbox, Inc.)
Task: {3B349DFF-31B8-4295-8E3A-D4DE59568DD9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [2016-10-26] (Adobe Systems Incorporated)
Task: {3C6D6466-8541-4B94-B4B6-95715EBD3138} - \Microsoft\Windows\Setup\EOONotify -> No File <==== ATTENTION
Task: {3DB8ECF2-D7BC-4708-83FB-999F4EEEE708} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-09-30] (NVIDIA Corporation)
Task: {41038F43-275B-4CDF-8710-048B04303801} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {439C2B4A-93D0-40A6-B509-414B0FA698AE} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {46420C0D-8723-4C5F-9F0B-B64034004A1A} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-09-30] (NVIDIA Corporation)
Task: {4ADD78F4-C5D4-460E-8571-DE4BA3C6062D} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4BCEB13A-7CCF-44EB-8A1C-32555790354B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {53F27723-DC4B-4C65-A9BF-A565CCF54583} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {5EA07EE9-3293-4332-8ACA-AD84C23C47FC} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6AD217E9-C276-4C67-A51A-224C9BD4652A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {747FFECF-B545-4CD2-AC48-2C1F40DF087B} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {80140A5D-2E06-4A38-9656-4B2195F48BE9} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-09-30] (NVIDIA Corporation)
Task: {8A06AF14-F9B3-470E-AFB9-0160A7C4A3DD} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {9132FB56-3992-4078-BB9D-223141A0AC64} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {92DF4D8B-8BBA-4AAC-9122-BC3F81730322} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-09-30] (NVIDIA Corporation)
Task: {A02ECD1B-E6E6-47C7-A5C4-5EE1152F710D} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A755B34E-B027-4F7D-8031-646DBAF341F1} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-09-30] (NVIDIA Corporation)
Task: {A763B9AC-278F-4B2C-A8A3-C9964BAA2B05} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {AE5ED605-A3D1-4A6D-B7E0-003F5E5682FA} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B5ACD4B7-2F4C-4380-BAF1-6F7BA8BA65FF} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgra deReminderTime -> No File <==== ATTENTION
Task: {B9383159-8C02-4051-9EFC-AB64B8D85413} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxcon fig-B -> No File <==== ATTENTION
Task: {BF1135AA-3C32-42C6-9E7E-FA40D9A86E11} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-01] (Google Inc.)
Task: {C10C94C5-51EF-4915-A3EB-D1C2C0304EF6} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C4B222E5-C9B4-4EE7-9863-2CEA3DEF3262} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {C85D4A62-A480-430E-9CC3-D00977A9F46E} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {CAFF2DF2-8429-45BB-9674-D097D113E57A} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Matt Murphy\AppData\Local\Microsoft\OneDrive\17.3.6517. 0809\OneDriveStandaloneUpdater.exe [2016-08-19] (Microsoft Corporation)
Task: {CBFBDBE1-605F-48FD-851A-9F2A089EB2A1} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {CE26984D-6140-4899-9639-2C1F292A2452} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandco ntent -> No File <==== ATTENTION
Task: {D36728F7-6D81-4110-8D2F-FBFE50099297} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-01] (Google Inc.)
Task: {D48ADF82-9B6F-4634-822E-DC52C659398C} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {D728DC06-708B-418C-9BC6-6F37313A3B51} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {D8829F89-B43C-4B5D-B7D0-EAC74C7A56BF} - System32\Tasks\ThunderMaster => C:\Program Files (x86)\Thunder Master\THPanel.exe [2016-06-29] (Palit Microsystems Ltd.)
Task: {DBAC5967-7FCB-4A6E-B27B-39E0F235DDC1} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {E0C4CBF6-A614-4917-BBB0-3104A85906A6} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-09-30] (NVIDIA Corporation)
Task: {E47314F2-FD40-47B1-9800-C4453D1D545A} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-11-01] (Dropbox, Inc.)
Task: {E9AE877D-BB5A-46E0-AC41-57188409256D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)
Task: {F414942D-8F92-481E-93C9-3DC4C0BF628D} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {FB2C15F0-A460-48EE-9802-B85D0C4D06B8} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgra deTime -> No File <==== ATTENTION
Task: {FCF56A21-E0AF-44FD-BDD2-A198A4FADEF6} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FE0BA539-0A7A-4BD1-A6C7-A3F3BF0375B8} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask .job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Matt Murphy\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_pkclgpgponpjmpfokoepglboejdobkpl \Inbox by Gmail.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=pkclgpgponpjmpfokoepglboejdobkpl
ShortcutWithArgument: C:\Users\Matt Murphy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chess.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=ahdefphnelgcdlmfmfkgdhafobkpkmeh
ShortcutWithArgument: C:\Users\Matt Murphy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Inbox by Gmail.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=pkclgpgponpjmpfokoepglboejdobkpl
ShortcutWithArgument: C:\Users\Matt Murphy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Pong 2 [FREE].lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=epblchomieaimajjcbjeimpafpmcidem
ShortcutWithArgument: C:\Users\Matt Murphy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Qwop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=llabaenancdmlfnibnkgkfoohoppnkol
ShortcutWithArgument: C:\Users\Matt Murphy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\The Impossible Game Lite.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=cpadmkkgdkdamonojcgghpccdkjohfce
ShortcutWithArgument: C:\Users\Matt Murphy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Videostream for Google Chromecast™.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=cnciopoikihiagdjbjpnocolokfelagl
ShortcutWithArgument: C:\Users\Matt Murphy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Inbox by Gmail.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=pkclgpgponpjmpfokoepglboejdobkpl

==================== Loaded Modules (Whitelisted) ==============

2016-09-08 13:42 - 2016-09-30 04:24 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-09-08 13:42 - 2016-09-30 04:24 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-09-08 13:43 - 2016-09-30 04:24 - 00418240 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\_nvsps erviceplugin64.dll
2015-11-02 08:41 - 2015-11-02 08:41 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2015-10-30 07:18 - 2015-10-30 07:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-07-22 17:07 - 2016-06-03 03:59 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-09-17 13:30 - 2016-09-07 05:39 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-17 13:30 - 2016-09-07 05:39 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-09-13 17:20 - 2015-06-19 23:36 - 00166400 _____ () Q:\TORRENTS\Softtware torrents\WinRAR 3.93 Final 32Bit and 64Bit(xExcalibur)\rarext.dll
2016-04-27 06:10 - 2016-04-27 06:10 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2t xyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-23 02:02 - 2016-07-23 02:02 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2t xyewy\QuickActions.dll
2016-09-17 13:28 - 2016-09-07 04:15 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\CortanaApi.dll
2016-09-17 13:28 - 2016-09-07 04:10 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\Cortana.Core.dll
2016-09-17 13:28 - 2016-09-07 04:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\Cortana.BackgroundTask.dll
2016-09-17 13:28 - 2016-09-07 04:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw 5n1h2txyewy\RemindersUI.dll
2015-11-01 19:50 - 2008-07-11 16:03 - 00282112 ____N () C:\Windows\System\HsMgr64.exe
2015-11-01 19:50 - 2008-07-11 15:04 - 00200704 ____N () C:\Windows\SysWOW64\HsMgr.exe
2016-10-21 11:48 - 2016-10-21 11:48 - 01484776 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8098\Battle.net Helper.exe
2016-07-22 18:00 - 2016-07-22 18:00 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0 _x86__8wekyb3d8bbwe\SkypeHost.exe
2016-06-19 19:08 - 2016-07-28 08:51 - 00172200 _____ () c:\program files (x86)\ostotosoft\drivertalent\ldrvsvc.dll
2016-06-19 19:08 - 2016-06-17 06:31 - 00186640 _____ () c:\program files (x86)\ostotosoft\drivertalent\CrashCatch.dll
2016-06-19 19:08 - 2016-06-17 06:31 - 00254824 _____ () c:\program files (x86)\ostotosoft\drivertalent\updater\checkupdate. dll
2016-06-19 19:08 - 2016-07-28 08:51 - 00174760 _____ () c:\program files (x86)\ostotosoft\drivertalent\substat.dll
2016-06-19 19:08 - 2016-06-17 06:31 - 00103776 _____ () c:\program files (x86)\ostotosoft\drivertalent\dstudp.dll
2016-06-19 19:08 - 2016-06-17 06:31 - 00117088 _____ () c:\program files (x86)\ostotosoft\drivertalent\udp.dll
2016-09-26 16:28 - 2016-10-04 14:20 - 02493440 _____ () C:\Program Files (x86)\Origin\libGLESv2.dll
2016-09-08 13:42 - 2016-09-30 04:24 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-09-08 13:42 - 2016-09-29 17:20 - 00500792 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-09-08 13:42 - 2016-09-29 17:20 - 00255936 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-09-08 13:42 - 2016-09-29 17:20 - 02801208 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-09-08 13:42 - 2016-09-29 17:20 - 00244672 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-09-08 13:42 - 2016-09-29 17:20 - 00430648 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-09-08 13:42 - 2016-09-29 17:20 - 00336832 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-09-08 13:42 - 2016-09-29 17:20 - 00373696 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2015-06-02 14:51 - 2015-06-02 14:51 - 00545792 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2015-11-06 14:55 - 2012-06-06 08:56 - 00143360 ____N () C:\Program Files\ASUS Xonar DG Audio\Customapp\VmixP8.dll
2016-09-08 13:42 - 2016-09-30 04:23 - 60817344 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2015-11-01 16:39 - 2016-10-20 05:08 - 00788768 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-11-01 16:39 - 2016-09-01 01:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-11-01 16:39 - 2016-11-01 20:07 - 02322720 _____ () C:\Program Files (x86)\Steam\video.dll
2015-11-01 16:39 - 2016-01-27 07:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-11-01 16:39 - 2016-01-27 07:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-11-01 16:39 - 2016-01-27 07:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-11-01 16:39 - 2016-01-27 07:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-11-01 16:39 - 2016-01-27 07:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-11-01 16:39 - 2016-09-01 01:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-11-01 16:39 - 2016-09-01 01:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-11-01 16:39 - 2016-11-01 20:07 - 00836896 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-02-20 10:26 - 2016-07-04 22:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2015-12-11 11:30 - 2015-12-11 11:30 - 03473408 _____ () C:\Users\Matt Murphy\AppData\Local\Programs\Google\Google Photos Backup\gpuploader_i18n.dll
2016-11-01 13:10 - 2016-11-01 02:46 - 67169280 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2015-11-01 16:39 - 2016-11-01 20:07 - 00388384 _____ () C:\Program Files (x86)\Steam\steam.dll
2016-10-21 11:48 - 2016-10-21 11:48 - 37247976 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8098\libcef.dll
2016-10-21 11:48 - 2016-10-21 11:48 - 00540336 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8098\ortp.dll
2016-10-21 11:48 - 2016-10-21 11:48 - 06402560 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8098\battle.net.dll
2016-10-21 11:48 - 2016-10-21 11:48 - 00133632 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8098\libEGL.dll
2016-10-21 11:48 - 2016-10-21 11:48 - 03384832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8098\libGLESv2.dll
2016-08-19 16:51 - 2016-08-19 16:51 - 01383616 _____ () C:\Users\Matt Murphy\AppData\Local\Microsoft\OneDrive\17.3.6517. 0809\ClientTelemetry.dll
2016-08-19 16:51 - 2016-08-19 16:51 - 00118976 _____ () C:\Users\Matt Murphy\AppData\Local\Microsoft\OneDrive\17.3.6517. 0809\FileSyncViews.dll
2016-10-21 11:48 - 2016-10-21 11:48 - 03384832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8098\libglesv2.dll
2016-10-21 11:48 - 2016-10-21 11:48 - 00133632 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8098\libegl.dll
2016-03-23 10:04 - 2016-03-23 10:04 - 00091136 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\LuaQtWrapperLibrary.dll
2016-03-23 10:02 - 2016-03-23 10:02 - 00224256 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\quazip.dll
2016-03-23 10:02 - 2016-03-23 10:02 - 00200704 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\lua52.dll
2015-12-13 06:32 - 2016-10-10 18:19 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-10-28 20:34 - 2016-10-10 18:19 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-10-28 20:34 - 2016-10-10 18:19 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-10-28 20:34 - 2016-10-10 18:19 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2015-12-13 06:32 - 2016-10-10 18:19 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2015-12-13 06:32 - 2016-10-10 18:19 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2015-12-13 06:32 - 2016-10-24 13:16 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2015-12-13 06:32 - 2016-10-10 18:19 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-10-28 20:34 - 2016-10-24 13:15 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings. _constant_time.pyd
2015-12-13 06:32 - 2016-10-10 18:20 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-10-28 20:34 - 2016-10-24 13:15 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings. _openssl.pyd
2016-10-28 20:34 - 2016-10-24 13:15 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings. _padding.pyd
2015-12-13 06:32 - 2016-10-10 18:21 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-08-05 20:32 - 2016-10-24 13:16 - 00021312 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_c rt.pyd
2016-10-28 20:34 - 2016-10-24 13:15 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-10-28 20:34 - 2016-10-24 13:15 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-10-28 20:34 - 2016-10-10 18:19 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2016-10-28 20:34 - 2016-10-10 18:21 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2015-12-13 06:32 - 2016-10-10 18:21 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2015-12-13 06:32 - 2016-10-10 18:21 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2015-12-13 06:32 - 2016-10-24 13:16 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2015-12-13 06:32 - 2016-10-10 18:21 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-08-05 20:32 - 2016-10-24 13:16 - 00025424 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._win ffi_kernel32.pyd
2015-12-13 06:32 - 2016-10-10 18:21 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2015-12-13 06:32 - 2016-10-10 18:21 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2015-12-13 06:32 - 2016-10-10 18:21 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2015-12-13 06:32 - 2016-10-10 18:21 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2015-12-13 06:32 - 2016-10-10 18:21 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2015-12-13 06:32 - 2016-10-10 18:21 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2015-12-13 06:32 - 2016-10-10 18:21 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-10-28 20:34 - 2016-10-24 13:15 - 00246592 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handl er.pyd
2016-10-28 20:34 - 2016-10-24 13:15 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled ._driverinstallation.pyd
2015-10-30 07:18 - 2015-10-30 07:18 - 00020992 _____ () C:\WINDOWS\SYSTEM32\FLTLIB.DLL
2016-08-05 20:32 - 2016-10-10 18:20 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2016-10-28 20:34 - 2016-10-24 13:15 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2015-12-13 06:32 - 2016-10-10 18:21 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2015-12-13 06:32 - 2016-10-24 13:16 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._Captu reScreenshot.pyd
2016-02-21 11:32 - 2016-10-24 13:16 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlp api.pyd
2016-02-21 11:32 - 2016-10-24 13:16 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winer ror.pyd
2016-02-21 11:32 - 2016-10-24 13:16 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_winine t.pyd
2015-12-13 06:32 - 2016-10-10 18:21 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-02-21 11:32 - 2016-10-24 13:16 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._ VerifySignature.pyd
2016-10-28 20:34 - 2016-10-24 13:15 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyn cffi.pyd
2016-10-28 20:34 - 2016-10-10 18:17 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-10-28 20:34 - 2016-10-24 13:15 - 00031568 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._ent erprise_data.pyd
2016-10-28 20:34 - 2016-10-24 13:06 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2016-10-28 20:34 - 2016-10-24 13:15 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-10-28 20:34 - 2016-10-24 13:15 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2015-12-13 06:32 - 2016-10-10 18:19 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-10-28 20:34 - 2016-10-24 13:16 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-10-28 20:34 - 2016-10-24 13:16 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-10-28 20:34 - 2016-10-24 13:15 - 01972528 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-10-28 20:34 - 2016-10-24 13:16 - 00133424 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-10-28 20:34 - 2016-10-24 13:16 - 00224056 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-10-28 20:34 - 2016-10-24 13:16 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-08-05 20:32 - 2016-10-24 13:16 - 00020288 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32._winffi_user32. pyd
2016-10-28 20:34 - 2016-10-10 18:24 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2016-10-28 20:34 - 2016-10-10 18:24 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2015-12-13 06:32 - 2016-10-10 18:21 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2016-04-16 08:32 - 2016-10-24 13:16 - 00037192 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._Dis playToast.pyd
2016-08-05 20:32 - 2016-10-24 13:16 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winf fi_winhttp.pyd
2016-10-21 11:48 - 2016-10-21 11:48 - 00990696 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8098\ffmpegsumo.dll
2016-07-22 18:00 - 2016-07-22 18:00 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0 _x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-07-22 18:00 - 2016-07-22 18:00 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0 _x86__8wekyb3d8bbwe\SkyWrap.dll
Reply With Quote
  #8  
Old November 3rd, 2016, 10:51 AM
preachy's Avatar
preachy preachy is offline
Senior Member
 
Join Date: Apr 2004
O/S: Windows 10 Home
Posts: 402
==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 02:34 - 2016-01-31 14:17 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-326144773-4190947786-2468376328-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Matt Murphy\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: RapportMgmtService => 2
MSCONFIG\Services: RasAuto => 3
MSCONFIG\Services: RasMan => 3
MSCONFIG\Services: RetailDemo => 3
MSCONFIG\Services: RpcLocator => 3
MSCONFIG\Services: SamSs => 2
MSCONFIG\Services: ScDeviceEnum => 3
MSCONFIG\Services: SCPolicySvc => 3
MSCONFIG\Services: SDRSVC => 3
MSCONFIG\Services: seclogon => 3
MSCONFIG\Services: SENS => 2
MSCONFIG\Services: SensorDataService => 3
MSCONFIG\Services: SensorService => 3
MSCONFIG\Services: SensrSvc => 3
MSCONFIG\Services: SessionEnv => 3
MSCONFIG\Services: ShellHWDetection => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: smphost => 3
MSCONFIG\Services: SmsRouter => 3
MSCONFIG\Services: SNMPTRAP => 3
MSCONFIG\Services: Spooler => 2
MSCONFIG\Services: SSDPSRV => 3
MSCONFIG\Services: SstpSvc => 3
MSCONFIG\Services: ss_conn_service => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: stisvc => 2
MSCONFIG\Services: StorSvc => 3
MSCONFIG\Services: svsvc => 3
MSCONFIG\Services: swprv => 3
MSCONFIG\Services: SWUpdateService => 2
MSCONFIG\Services: SysMain => 2
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: TermService => 3
MSCONFIG\Services: Themes => 2
MSCONFIG\Services: TieringEngineService => 3
MSCONFIG\Services: TrkWks => 2
MSCONFIG\Services: TrustedInstaller => 3
MSCONFIG\Services: UI0Detect => 3
MSCONFIG\Services: UmRdpService => 3
MSCONFIG\Services: upnphost => 3
MSCONFIG\Services: UsoSvc => 3
MSCONFIG\Services: VaultSvc => 3
MSCONFIG\Services: vds => 3
MSCONFIG\Services: vmicguestinterface => 3
MSCONFIG\Services: vmicheartbeat => 3
MSCONFIG\Services: vmickvpexchange => 3
MSCONFIG\Services: vmicrdv => 3
MSCONFIG\Services: vmicshutdown => 3
MSCONFIG\Services: vmictimesync => 3
MSCONFIG\Services: vmicvmsession => 3
MSCONFIG\Services: vmicvss => 3
MSCONFIG\Services: vncserver => 3
MSCONFIG\Services: VSS => 3
MSCONFIG\Services: W32Time => 3
MSCONFIG\Services: w3logsvc => 3
MSCONFIG\Services: W3SVC => 2
MSCONFIG\Services: WalletService => 3
MSCONFIG\Services: WAS => 3
MSCONFIG\Services: wbengine => 3
MSCONFIG\Services: WbioSrvc => 2
MSCONFIG\Services: Wcmsvc => 2
MSCONFIG\Services: wcncsvc => 3
MSCONFIG\Services: WcsPlugInService => 3
MSCONFIG\Services: WdiServiceHost => 3
MSCONFIG\Services: WdiSystemHost => 3
MSCONFIG\Services: WebClient => 3
MSCONFIG\Services: Wecsvc => 3
MSCONFIG\Services: WEPHOSTSVC => 3
MSCONFIG\Services: wercplsupport => 3
MSCONFIG\Services: WerSvc => 3
MSCONFIG\Services: WiaRpc => 3
MSCONFIG\Services: WinHttpAutoProxySvc => 3
MSCONFIG\Services: Winmgmt => 2
MSCONFIG\Services: WinRM => 3
MSCONFIG\Services: WlanSvc => 2
MSCONFIG\Services: wlidsvc => 3
MSCONFIG\Services: wmiApSrv => 3
MSCONFIG\Services: WMPNetworkSvc => 3
MSCONFIG\Services: workfolderssvc => 3
MSCONFIG\Services: WPDBusEnum => 3
MSCONFIG\Services: wscsvc => 2
MSCONFIG\Services: WSearch => 2
MSCONFIG\Services: wuauserv => 3
MSCONFIG\Services: wudfsvc => 3
MSCONFIG\Services: WwanSvc => 3
MSCONFIG\Services: XblAuthManager => 3
MSCONFIG\Services: XblGameSave => 3
MSCONFIG\Services: XboxNetApiSvc => 3
MSCONFIG\startupreg: AceStream => C:\Users\Matt Murphy\AppData\Roaming\ACEStream\engine\ace_engine .exe
MSCONFIG\startupreg: AdAwareTray => "C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareTray.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: Dropbox => "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
MSCONFIG\startupreg: Plex Media Server => "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"
MSCONFIG\startupreg: Raptr => "C:\Program Files (x86)\Raptr\raptrstub.exe" --startup
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Matt Murphy\AppData\Roaming\Spotify\SpotifyWebHelper.ex e"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [UDP Query User{408A6EB0-A298-4630-95FA-86D7067951B6}G:\origin\star wars battlefront\starwarsbattlefront.exe] => (Allow) G:\origin\star wars battlefront\starwarsbattlefront.exe
FirewallRules: [TCP Query User{B953B637-B468-49EC-ACFE-9FE3AE212786}G:\origin\star wars battlefront\starwarsbattlefront.exe] => (Allow) G:\origin\star wars battlefront\starwarsbattlefront.exe
FirewallRules: [UDP Query User{4010DCB0-01E7-4F48-8BC4-71B2B1B0F83E}D:\diablo 3\diablo iii\diablo iii.exe] => (Allow) D:\diablo 3\diablo iii\diablo iii.exe
FirewallRules: [TCP Query User{118AAA6B-BC0E-4043-9D1B-7578FD540B57}D:\diablo 3\diablo iii\diablo iii.exe] => (Allow) D:\diablo 3\diablo iii\diablo iii.exe
FirewallRules: [{D8147B14-DDD9-4A1E-9EC3-CC09FAD86CA1}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{AB5E4E13-481E-4B91-BDE9-F8329FDCC365}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [UDP Query User{7C4CEFC6-F598-4929-9989-261084B2AA98}G:\wow\overwatch test\overwatch.exe] => (Allow) G:\wow\overwatch test\overwatch.exe
FirewallRules: [TCP Query User{B475275C-E257-4BC2-AC9F-1B4ABF0645E7}G:\wow\overwatch test\overwatch.exe] => (Allow) G:\wow\overwatch test\overwatch.exe
FirewallRules: [{12FA2219-97E6-47A3-8A07-1BF90083F3B8}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\download\MiniThunder Platform.exe
FirewallRules: [{BA40283B-FF77-4CB0-A5FC-8F46F630A76A}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DTLService.exe
FirewallRules: [{B32C680E-5D09-476C-8D18-3178B5F23DB2}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DriverTalent.exe
FirewallRules: [{8EB1878C-3039-4FED-996C-0D51DDE317EA}] => (Allow) C:\Users\Matt Murphy\AppData\Local\Apps\2.0\GWNHQL4O.THX\N493PQY X.2GK\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944 c2684f5b6c\CurseClient.exe
FirewallRules: [{2D9A30FC-AFD0-4658-8DCC-2D1475C384E4}] => (Allow) C:\Users\Matt Murphy\AppData\Local\Apps\2.0\GWNHQL4O.THX\N493PQY X.2GK\curs..tion_9e9e83ddf3ed3ead_0005.0001_fb8944 c2684f5b6c\CurseClient.exe
FirewallRules: [UDP Query User{CECCC085-6AF1-4D0A-A2D7-DDE1481F49B2}G:\wow\overwatch\overwatch.exe] => (Allow) G:\wow\overwatch\overwatch.exe
FirewallRules: [TCP Query User{C2A6DBD7-B801-4E76-A636-0C3FCDF3CE3E}G:\wow\overwatch\overwatch.exe] => (Allow) G:\wow\overwatch\overwatch.exe
FirewallRules: [{2B8DBE83-339B-4998-A1DD-99F32D2F8B5A}] => (Allow) G:\SteamLibrary\steamapps\common\Call of Duty Black Ops III\BlackOps3.exe
FirewallRules: [{A59F89EF-ED3B-46A5-A0EE-B348E76F1E62}] => (Allow) G:\SteamLibrary\steamapps\common\Call of Duty Black Ops III\BlackOps3.exe
FirewallRules: [UDP Query User{AD8A94A7-77D4-4111-8880-125521079BA7}C:\users\matt murphy\appdata\roaming\acestream\engine\ace_engine .exe] => (Block) C:\users\matt murphy\appdata\roaming\acestream\engine\ace_engine .exe
FirewallRules: [TCP Query User{A8148A18-AC15-4330-8238-F0A6BE3C0CF7}C:\users\matt murphy\appdata\roaming\acestream\engine\ace_engine .exe] => (Block) C:\users\matt murphy\appdata\roaming\acestream\engine\ace_engine .exe
FirewallRules: [{8288A7BC-E239-447F-9DA7-4D1E46C32985}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2460B1F0-BA5D-43AC-9617-EE104E09FCBF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9CBA4839-DC20-485B-B208-6147935CEF0D}] => (Allow) C:\Users\Matt Murphy\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6DB8B089-27F6-4297-94B5-5D1A51AFD6C1}] => (Allow) C:\Users\Matt Murphy\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FD3D606C-94C7-4EC3-9B13-99EAA90ABEEC}] => (Allow) D:\Steam\steamapps\common\left 4 dead 2\bin\SDKLauncher.exe
FirewallRules: [{1B681A7A-6BED-44A7-B2E4-AC8C63187FBA}] => (Allow) D:\Steam\steamapps\common\left 4 dead 2\bin\SDKLauncher.exe
FirewallRules: [{5FC2FD4E-83D7-476C-A65C-53641163388B}] => (Allow) D:\Steam\steamapps\common\This War of Mine\Storyteller.exe
FirewallRules: [{838EBAC5-1A2C-4F1B-9CC9-87BBA5FD7AF3}] => (Allow) D:\Steam\steamapps\common\This War of Mine\Storyteller.exe
FirewallRules: [{A6B12C9A-56AC-4A63-909D-3BD5F8A45726}] => (Allow) D:\Steam\steamapps\common\This War of Mine\This War of Mine.exe
FirewallRules: [{E07B05AA-6543-4C8B-804A-A89FBD76252A}] => (Allow) D:\Steam\steamapps\common\This War of Mine\This War of Mine.exe
FirewallRules: [UDP Query User{DC14ECBA-D45E-4335-92B5-5EB7F672C64D}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{880AFEC2-5C50-4236-B6F4-9B640B4FA152}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{6C9DD045-C983-4CC3-941A-73A9E907136F}] => (Allow) D:\Steam\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{03A97DBA-FCF7-4D85-B892-0B54B735A8EB}] => (Allow) D:\Steam\steamapps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{2F7FE368-82D9-45E2-901A-21FD93087E5F}] => (Allow) K:\Fallout 4\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{2A22961E-D6CA-492C-A0BF-B64F8BD815FC}] => (Allow) K:\Fallout 4\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [UDP Query User{3789D840-F426-4AC2-8E48-E12B2B08727E}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [TCP Query User{8BB0D569-DA35-4550-A970-1C3363C012F5}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [{B3CCEE6F-BBD7-4E45-9254-F0A47F874F2A}] => (Allow) D:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{28AB9FC3-28A8-4CA9-A915-83B35B932498}] => (Allow) D:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [UDP Query User{F3D41EDF-F049-406B-B125-0FB5B86310B6}G:\wow\overwatch\overwatch.exe] => (Allow) G:\wow\overwatch\overwatch.exe
FirewallRules: [TCP Query User{107568BC-1418-44A2-BC2E-004CFEFEAC69}G:\wow\overwatch\overwatch.exe] => (Allow) G:\wow\overwatch\overwatch.exe
FirewallRules: [{1FD1F9D3-F6B1-4FFA-A280-C632E4155946}] => (Allow) D:\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{F2009BB7-6CB0-4F10-9A31-A4A806B85488}] => (Allow) D:\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{9ED1A642-B6B5-4539-916A-8CBF0EFB4681}] => (Allow) F:\STEAM\SteamApps\common\Call of Duty Advanced Warfare\s1_mp64_ship.exe
FirewallRules: [{D9383C6E-02E1-47FB-9B9D-48BC1F1844C2}] => (Allow) F:\STEAM\SteamApps\common\Call of Duty Advanced Warfare\s1_mp64_ship.exe
FirewallRules: [{51345615-F547-4734-AE8A-B77245C4D724}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{202B1D9E-475F-4669-907F-8E3CCC90AAB8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B6BA3B73-6CF9-405F-8ADB-F982B348665E}] => (Allow) G:\Origin\Crysis 2\bin32\Crysis2.exe
FirewallRules: [{F4114F55-AACF-46C2-96A0-539753D3858E}] => (Allow) G:\Origin\Crysis 2\bin32\Crysis2.exe
FirewallRules: [{080338C6-34C4-4BA1-BEAA-00C8DDBB1ED4}] => (Allow) G:\SteamLibrary\steamapps\common\insurgency2\insur gency.exe
FirewallRules: [{6A76D851-3AB3-4AC1-8783-F290D2011183}] => (Allow) G:\SteamLibrary\steamapps\common\insurgency2\insur gency.exe
FirewallRules: [{CD709AC7-E4CA-4B11-B670-E77B12C07781}] => (Allow) G:\SteamLibrary\steamapps\common\Warframe\Warframe .exe
FirewallRules: [{6725470E-0191-4BC2-9EDE-BBDCC5752B59}] => (Allow) G:\SteamLibrary\steamapps\common\Warframe\Warframe .x64.exe
FirewallRules: [{438E5C64-9614-4BF2-918D-9A1AA00A74D9}] => (Allow) G:\SteamLibrary\steamapps\common\Warframe\Warframe .exe
FirewallRules: [{A33A8742-1AFD-4C2A-A888-FDE43C71A5CF}] => (Allow) G:\SteamLibrary\steamapps\common\Warframe\Warframe .x64.exe
FirewallRules: [{E9E8C989-31D5-4CD7-B430-BC3FED067C42}] => (Allow) G:\SteamLibrary\steamapps\common\Warframe\Tools\La uncher.exe
FirewallRules: [{1CCBCB49-4FCE-45B4-9E6C-F46A12BA167B}] => (Allow) G:\SteamLibrary\steamapps\common\Warframe\Tools\Re moteCrashSender.exe
FirewallRules: [{B0DE210B-2463-4750-B84F-8C1D04A9B067}] => (Allow) G:\SteamLibrary\steamapps\common\Warframe\Warframe .exe
FirewallRules: [{579099A3-D9CC-45EE-A07D-8F2EEBA146A0}] => (Allow) G:\SteamLibrary\steamapps\common\Warframe\Warframe .x64.exe
FirewallRules: [{D4BD647E-F57F-4753-AB3A-04B344780321}] => (Allow) G:\SteamLibrary\steamapps\common\Warframe\Warframe .exe
FirewallRules: [{A5671D28-F8EC-4F27-A059-0E1425538BCE}] => (Allow) G:\SteamLibrary\steamapps\common\Warframe\Warframe .x64.exe
FirewallRules: [{94CAA2BB-3C96-41D3-8E41-6F6D5FC5C41D}] => (Allow) G:\SteamLibrary\steamapps\common\Warframe\Tools\La uncher.exe
FirewallRules: [{4FE296A3-7388-40CD-B885-3B261C686767}] => (Allow) G:\SteamLibrary\steamapps\common\Warframe\Tools\Re moteCrashSender.exe
FirewallRules: [TCP Query User{07B3509F-401F-48C8-ABFB-82BB9C847FFD}G:\origin\battlefield 3\bf3.exe] => (Allow) G:\origin\battlefield 3\bf3.exe
FirewallRules: [UDP Query User{20C935DD-1F04-4321-8BFC-3A10142092F0}G:\origin\battlefield 3\bf3.exe] => (Allow) G:\origin\battlefield 3\bf3.exe
FirewallRules: [{2C888FEE-5D27-487C-8924-F830DF4EC532}] => (Allow) F:\EXTENDED ORIGIN\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{9483D274-55E8-4D5B-9865-3F96AE0AC851}] => (Allow) F:\EXTENDED ORIGIN\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{C68F01FC-FFFE-4DD7-9FD8-32E8DAC42132}] => (Allow) F:\STEAM\SteamApps\common\DOOM\DOOMx64.exe
FirewallRules: [{8435A9E5-DDDD-4D5D-9FAE-6B1F49F5264D}] => (Allow) F:\STEAM\SteamApps\common\DOOM\DOOMx64.exe
FirewallRules: [TCP Query User{E7FA8460-D8A9-4900-9790-2D29E39895D9}F:\steam\steamapps\common\doom\doomx6 4vk.exe] => (Allow) F:\steam\steamapps\common\doom\doomx64vk.exe
FirewallRules: [UDP Query User{7FC1C85D-D1B8-437C-B5FC-9588B1AABC58}F:\steam\steamapps\common\doom\doomx6 4vk.exe] => (Allow) F:\steam\steamapps\common\doom\doomx64vk.exe
FirewallRules: [{B58655BC-322F-4CA3-9552-F99260307482}] => (Allow) D:\Steam\steamapps\common\Dying Light\DyingLightGame.exe
FirewallRules: [{72DBA626-2736-4869-A308-21C24FA37C5E}] => (Allow) D:\Steam\steamapps\common\Dying Light\DyingLightGame.exe
FirewallRules: [{44135C6A-1BDF-41C6-A53A-437E9C3268EF}] => (Allow) D:\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{3B732C60-3D79-47CF-8F3F-E02E97EE9EDD}] => (Allow) D:\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{9423C330-96D9-4EBF-BD2A-781DA9ED0FFD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{8C5A1668-99C8-4750-83E1-A349F80E1E43}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{D867B733-26E4-4C2E-A612-F1F13504C5D0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{8E52894A-780B-4245-862C-2A4D17DEB0CD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{43B618FB-4E33-4867-9684-FBE05E14E371}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{715CE046-AB3B-4714-9B14-00D5AE34949F}] => (Allow) D:\Steam\steamapps\common\rocketleague\Binaries\Wi n32\RocketLeague.exe
FirewallRules: [{ECD684E4-6F78-4726-89E5-9945855F19AC}] => (Allow) D:\Steam\steamapps\common\rocketleague\Binaries\Wi n32\RocketLeague.exe
FirewallRules: [{2D3D50A3-BAEC-4155-BAD8-CB06E0C3E309}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{226EC7D8-0266-459E-87BC-CCE7BE9C76F4}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled
Could not list restore points
Check "winmgmt" service or repair WMI.


==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/03/2016 09:22:39 AM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: Application: sdiagnhost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an internal error in the .NET Runtime at IP 00007FFD47382C87 (00007FFD471B0000) with exit code 80131506.

Error: (11/03/2016 09:15:51 AM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: Application: Update.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an internal error in the .NET Runtime at IP 6544F70A (65180000) with exit code 80131506.

Error: (11/03/2016 09:12:38 AM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: Application: sdiagnhost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an internal error in the .NET Runtime at IP 00007FFD47382C87 (00007FFD471B0000) with exit code 80131506.

Error: (11/03/2016 09:12:38 AM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: Application: taskhostw.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an internal error in the .NET Runtime at IP 00007FFD47382C87 (00007FFD471B0000) with exit code 80131506.

Error: (11/03/2016 09:05:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CompatTelRunner.exe, version: 10.0.14913.1002, time stamp: 0x57d1070d
Faulting module name: KERNELBASE.dll, version: 10.0.10586.589, time stamp: 0x57cf948c
Exception code: 0xc06d007e
Fault offset: 0x0000000000071f28
Faulting process id: 0x1128
Faulting application start time: 0x01d235b15ca4a4f8
Faulting application path: C:\WINDOWS\system32\CompatTelRunner.exe
Faulting module path: C:\WINDOWS\system32\KERNELBASE.dll
Report Id: 33d50cf7-e7b1-4993-a0ac-a8a3d5286133
Faulting package full name:
Faulting package-relative application ID:

Error: (11/02/2016 12:13:16 PM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: Application: sdiagnhost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an internal error in the .NET Runtime at IP 00007FFD46B82C87 (00007FFD469B0000) with exit code 80131506.

Error: (11/02/2016 11:49:34 AM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: Application: sdiagnhost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an internal error in the .NET Runtime at IP 00007FFD46B82C87 (00007FFD469B0000) with exit code 80131506.

Error: (11/02/2016 11:31:12 AM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: Application: sdiagnhost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an internal error in the .NET Runtime at IP 00007FFD46B82C87 (00007FFD469B0000) with exit code 80131506.

Error: (11/02/2016 11:09:08 AM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: Application: sdiagnhost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an internal error in the .NET Runtime at IP 00007FFD46B82C87 (00007FFD469B0000) with exit code 80131506.

Error: (11/02/2016 10:59:43 AM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: Application: sdiagnhost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an internal error in the .NET Runtime at IP 00007FFD46B82C87 (00007FFD469B0000) with exit code 80131506.


System errors:
=============
Error: (11/03/2016 09:32:44 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (11/03/2016 09:32:44 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Server service depends on the Security Accounts Manager service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (11/03/2016 09:32:44 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (11/03/2016 09:32:44 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Server service depends on the Security Accounts Manager service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (11/03/2016 09:32:44 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (11/03/2016 09:32:44 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Server service depends on the Security Accounts Manager service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (11/03/2016 09:30:36 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (11/03/2016 09:30:36 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Server service depends on the Security Accounts Manager service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (11/03/2016 09:30:36 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (11/03/2016 09:30:36 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Server service depends on the Security Accounts Manager service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


CodeIntegrity:
===================================
Date: 2016-11-01 13:08:30.984
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dl l because the set of per-page image hashes could not be found on the system.

Date: 2016-11-01 12:55:55.214
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dl l because the set of per-page image hashes could not be found on the system.

Date: 2016-11-01 12:52:10.047
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dl l because the set of per-page image hashes could not be found on the system.

Date: 2016-11-01 12:49:13.063
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dl l because the set of per-page image hashes could not be found on the system.

Date: 2016-11-01 12:36:22.574
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dl l because the set of per-page image hashes could not be found on the system.

Date: 2016-10-31 18:50:48.628
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dl l because the set of per-page image hashes could not be found on the system.

Date: 2016-10-31 18:47:52.422
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dl l because the set of per-page image hashes could not be found on the system.

Date: 2016-10-31 13:12:39.517
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-10-31 13:12:39.498
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-10-31 13:12:39.472
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: AMD FX(tm)-8350 Eight-Core Processor
Percentage of memory in use: 21%
Total physical RAM: 16357.61 MB
Available physical RAM: 12774.7 MB
Total Virtual: 32741.61 MB
Available Virtual: 28516.19 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:59.33 GB) NTFS
Drive d: (games) (Fixed) (Total:465.76 GB) (Free:59.71 GB) NTFS
Drive e: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.02 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (games) (Fixed) (Total:298.09 GB) (Free:89.52 GB) NTFS
Drive g: (Games) (Fixed) (Total:620.12 GB) (Free:72.68 GB) NTFS
Drive i: (Photographs and documents) (Fixed) (Total:488.28 GB) (Free:366.44 GB) NTFS
Drive k: (games) (Fixed) (Total:55.8 GB) (Free:19.43 GB) NTFS
Drive q: (Media Storage) (Fixed) (Total:754.62 GB) (Free:101.78 GB) NTFS

==================== MBR & Partition Table ==================

================================================== ======
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 5C281F7D)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

================================================== ======
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 55.9 GB) (Disk ID: 8E27D9E0)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=55.8 GB) - (Type=07 NTFS)

================================================== ======
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 4FD3132B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)

================================================== ======
Disk: 3 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: 00000001)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=07 NTFS)

================================================== ======
Disk: 4 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 35B4F880)
Partition 1: (Not Active) - (Size=620.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=488.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=754.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
Reply With Quote
  #9  
Old November 3rd, 2016, 10:50 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,000
Quote:
if i try to boot into safe mode via msconfig the pc hangs
Actually, never use that to boot Safe Mode. It runs into a glitch, the system will be stuck in a reboot loop, and a tough one to undo.


Not seeing any infection so far though. This is a 10 upgrade? If so, what was the previous system and when did you upgrade.

Uninstall these:

Mozilla Maintenance Service - No user benefit.
SpywareBlaster - Too outdated to benefit modern systems.

--------------

Use Task Manager - Startups, to re-enable this:

AdAwareTray

Not installed, but need it enabled so we can delete it later.

--------------

Download RogueKiller from here to your desktop.

Close all open programs
Remember to right click -> run as administrator, and click the downloaded file.

Agree to the language prompt, and place a check next to:

Install 32 and 64 bits versions (Recommended for Technicians).

Then click Next until you get to the Finish button, and click it. RogueKiller will then open.

Click the Start Scan button, then again the Start Scan button.

When the scan finishes click the Open Report button. Then click the Open TXT button. Save that report to your desktop, and post it back here please. For now just close RogueKiller.
Reply With Quote
  #10  
Old November 4th, 2016, 02:42 PM
preachy's Avatar
preachy preachy is offline
Senior Member
 
Join Date: Apr 2004
O/S: Windows 10 Home
Posts: 402
Hi.

This is windows 10 upgrade from windows 7 home premium 64bit; i upgraded just a few days before the cut off point ( I was having issues upgrading, turned out to be a conflict with vnc server, once uninstalled it was fine before hand i kept getting display incompatible error messages in the upgrade assistant)
(every time i try to open event viewer i get an mmc.exe error) I thought i would have a look and see if there were any glaring faults in there but its not available at the moment.
I didn't have adaware installed so I've taken the time to install it, however during install it said it was going to be in compatibility mode as 2nd line of defence as I have an incompatible product installed already. However, I am unable to find a program running. MS defender apparently cant run.

ill post this roguekiller when it finishes, but its been going 3 hours 29 minutes and whilst the clock is running it seems stuck on (x86)HKEY_USERS\S-1-5-21-326144773-4190947786-2468376328-1000\Software\Microsoft\Currentversion\Uninstall|A ceStream

edit --- 7 hours havepassed and while the scan appears to be running it hasnt moved at all.

Last edited by preachy; November 4th, 2016 at 06:20 PM. Reason: update
Reply With Quote
  #11  
Old November 4th, 2016, 10:54 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,000
Must be a rootkit hidden there. Reboot the computer.


Click here and download the installer for Gmer to your desktop, then click that file to run Gmer.


Once the opening scan finishes, click on Scan (before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.
Reply With Quote
  #12  
Old November 4th, 2016, 11:57 PM
preachy's Avatar
preachy preachy is offline
Senior Member
 
Join Date: Apr 2004
O/S: Windows 10 Home
Posts: 402
GMER 2.2.19882 - http://www.gmer.net
Rootkit scan 2016-11-04 22:56:48
Windows 6.2.9200 x64 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP0T0L0-0 OCZ-VERTEX3 rev.2.22 111.79GB
Running: fgmlcsij.exe; Driver: C:\Users\MATTMU~1\AppData\Local\Temp\pxldipob.sys


---- Threads - GMER 2.2 ----

Thread C:\WINDOWS\system32\csrss.exe [952:3296] fffff961ccc04030

---- Registry - GMER 2.2 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@ SystemStartTime 0x80 0xA5 0x4E 0x8A ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@ SystemLastStartTime 0xD7 0x71 0x6D 0x75 ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@ CMFStartTime 0x9E 0xF3 0x4E 0x8A ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@ CMFLastStartTime 0x25 0xC0 0x6D 0x75 ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\ BootLanguages@en-US 31
Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDriv ers\Configuration\ACR0450#ASMdh87bHIHd_00_07E0_73^ A17F3AB1FEE502821EBD336B2D37F776@Timestamp 0xA7 0xCB 0xF5 0x8C ...
Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 108
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations \??\C:\Users\MATTMU~1\AppData\Local\Temp\~nsu.tmp\ Au_.exe??\??\C:\Users\MATTMU~1\AppData\Local\Temp\ ~nsu.tmp??\??\C:\Program Files (x86)\Mozilla Maintenance Service\??\??\C:\Users\MATTMU~1\AppData\Local\Temp \_iu14D2N.tmp??\??\C:\Users\MATTMU~1\AppData\Local \Temp\~nsu.tmp\Au_.exe??\??\C:\Users\MATTMU~1\AppD ata\Local\Temp\~nsu.tmp??\??\C:\Users\MATTMU~1\App Data\Local\Temp\~nsu.tmp\Au_.exe??\??\C:\Users\MAT TMU~1\AppData\Local\Temp\~nsu.tmp??\??\C:\WINDOWS\ TEMP\DropboxUpdate.exe.old55fd949??\??\C:\Program Files (x86)\Dropbox\Update\1.3.27.37??\??\C:\WINDOWS\TEM P\DropboxUpdateSetup_1.3.51.1.exe55ff433??
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Executive@UuidSequenceNumber 2910789
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed -2009359646
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BootId 33
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime 488177870
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime 19728
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@FwPOSTTime 19256
Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID e67729af-527a-4b29-87c7-bb9115d
Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@GlassSessionId 2
Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\AutoLogg er\WdiContextLog@FileCounter 3
Reg HKLM\SYSTEM\CurrentControlSet\Services\1394ohci\Pa rameters\Wdf@TimeOfLastTelemetryLog 0x4E 0x5E 0x00 0x89 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\AmdPPM\Para meters\Wdf@TimeOfLastTelemetryLog 0x59 0x7F 0x16 0x89 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BITS\Perfor mance@PerfMMFileName Global\MMF_BITS_s
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Par ameters\Keys\0011b10872ab
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Par ameters\Keys\0011b10872ab@d8c4e98d6923 0xCD 0xB0 0xB5 0x74 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upg rade\LocalRadioSettings
Reg HKLM\SYSTEM\CurrentControlSet\Services\CompositeBu s\Parameters\Wdf@TimeOfLastTelemetryLog 0xC8 0x72 0x98 0x88 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Pa rameters\Probe\{c41e96d5-823c-4521-8f4f-780e92f68922}@LastProbeTime 1478201354
Reg HKLM\SYSTEM\CurrentControlSet\Services\HDAudBus\Pa rameters\Wdf@TimeOfLastTelemetryLog 0x96 0x85 0xAB 0x88 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\msisadrv\Pa rameters\Wdf@TimeOfLastTelemetryLog 0xFB 0x0F 0xF0 0x86 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\NdisVirtual Bus\Parameters\Wdf@TimeOfLastTelemetryLog 0xBF 0x69 0x17 0x89 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\RapportCerb erus_1609053@conf_count 94
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAcces s\Epoch@Epoch 3286
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAcces s\Epoch2@Epoch 761
Reg HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Para meters@MajorSequence 30
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Param eters\Interfaces\{7b23a59f-f130-4ce6-a376-bce4c6cbe709}@LeaseObtainedTime 1478296039
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Param eters\Interfaces\{7b23a59f-f130-4ce6-a376-bce4c6cbe709}@T1 1478339239
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Param eters\Interfaces\{7b23a59f-f130-4ce6-a376-bce4c6cbe709}@T2 1478371639
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Param eters\Interfaces\{7b23a59f-f130-4ce6-a376-bce4c6cbe709}@LeaseTerminatesTime 1478382439
Reg HKLM\SYSTEM\CurrentControlSet\Services\umbus\Param eters\Wdf@TimeOfLastTelemetryLog 0xC8 0x72 0x98 0x88 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\USBHUB3\Par ameters\Wdf@TimeOfLastTelemetryLog 0x4D 0x52 0x2C 0x89 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\USBXHCI\Par ameters\Wdf@TimeOfLastTelemetryLog 0x0D 0x36 0xBC 0x88 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrvroot\Pa rameters\Wdf@TimeOfLastTelemetryLog 0x8B 0x0E 0x0F 0x87 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Sec ureTimeLimits@SecureTimeEstimated 0x2F 0x96 0x7B 0xA5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Sec ureTimeLimits@SecureTimeHigh 0x2F 0xFE 0x3F 0x07 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Sec ureTimeLimits@SecureTimeLow 0x2F 0x2E 0xB7 0x43 ...
Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\App lets\StickyNotes@PROMPT_ON_DELETE 1
Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer@GlobalAssocChangedCounter 130
Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Shutdown@CleanShutdown 1
Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run @RESTART_STICKY_NOTES C:\Windows\System32\StikyNot.exe
Reg HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Sec urity and Maintenance@MessageTime 0x46 0xA3 0xC0 0xB9 ...
Reg HKCU\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Debug@StoreLocation C:\ProgramData\Microsoft\Windows\WER\ReportQueue\N onCritical_WSAutoUpdate_b68a33e9f2bd274d8f351e335d 5af8ccdf1478a_00000000_cab_11d1208b

---- EOF - GMER 2.2 ----
Reply With Quote
  #13  
Old November 5th, 2016, 11:42 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
 
Join Date: Dec 2004
Posts: 52,000
Did you uninstall the Mozilla Maintenance Service, or not reboot after uninstalling it? The Gmer log is referencing it like it is uninstalling.

Most of the log seems to be just Win 10, though that first csrss.exe thread find suggests an unseen "hook".


Run Gmer again. When it finishes it's initial scan, click the >>> at the to. Then click the Processes tab. I know you have seen the processes in Task Manager, so you know it shows a list of files that are running, What I would like you to do with the Gmer list is let me know if it shows any blank spaces (a process is running, but no name shows), or processes that only show as something similar to:

*32.exe

Also click on the Services tab. Then click on Name, to alphabetize the list, and scroll down through it. What you are looking for are remnants of past security programs, since you have tried a few. Sometimes under Description to the right it will even say what they are. Avast services usually start with asw. AVG some a name. Bitdefender a b name, McAfee mc, Norton s, and so forth. Post back what you find please.
Reply With Quote
  #14  
Old November 6th, 2016, 01:13 AM
preachy's Avatar
preachy preachy is offline
Senior Member
 
Join Date: Apr 2004
O/S: Windows 10 Home
Posts: 402
Hi

I'm certain that after uninstalling the Mozilla service i rebooted.
having just started up Gmer again it said that system changes have been made possibly by rootkit activity. The keyboard was unresponsive so i had to reboot again. in teh processes tab there was one entry - a Chinese type symbol/letter followed by *32.
there are also 4 other entrys2 have symbols and 2 have no symbol or writing just and entry with PID/memory/thread fields filled in.

there are no listings of any antivirus in services, apart from lavasoft adware11 that installed at the start of the thread with you guys at cybertechhelp; i think im mentioned previously, no Av software will install or run at east nothing i have tried so far, it all failed, errored or made the pc hang


after the reboot there is now only one entry after gmers's initial scan (previously there was 5 or 6)
C:\WINDOWSststem32\csrss.exe [956:3312]
Reply With Quote
  #15  
Old November 6th, 2016, 12:04 PM
preachy's Avatar
preachy preachy is offline
Senior Member
 
Join Date: Apr 2004
O/S: Windows 10 Home
Posts: 402
Hi, all who have been helping with this problem .
in the last couple of days i have become increasingly concerned about the problems ive been having. from not being able to update windows 10 to being able to make any antivirus program provide real time protection..

at this point I am just going to format this pc and reinstall win 10 from scratch. im confident this will resolve the issues but also i just worry that being unprotected for so long is too risky.

I am extremely grateful for you taking the time to look through the results of tests but feel i need to get this solved as soon as is possible.

many thanks and no doubt ill be here again to beg for your hjelp.

regards

matt
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 02:49 AM.