Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Infected With Cryptowall 3.0

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Infected With Cryptowall 3.0

Unread postby judejenz » October 11th, 2015, 10:02 pm

Hey there!
So around 6 days ago my compute was hit by the dreaded Cryptowall 3.0 ransomware virus.
Trojan.Cryptowall is a Trojan horse that encrypts files on the compromised computer. It then asks the user to pay to have the files decrypted. Once the Trojan is executed on the compromised computer, it creates a number of registry entries to store the path of the encrypted files and run every time the computer restarts. It encrypts files with particular extensions on the computer and creates additional files with instructions on how to obtain the decryption key. Once the files are encrypted, the Trojan displays a text document or HTML page with a message. The message informs the user that their files have been encrypted and gives instructions on how to obtain the decryption key needed to unlock the files. It may also warn users that the decryption key will be deleted after a certain time period to pressure the user into paying sooner. The attacker may demand hundreds of US dollars in payment and the amount may increase after a specified time period.
My computers are filled with files everywhere titled HELP_DECRYPT. Every time I open these, I am given instructions on how to pay the ransom. When I open word documents, images, pdfs and video files, I am informed that they are corrupt.
The files on my computer itself were of not much value... However, I am a member of the cloud service Dropbox. Dropbox downloads a cloud file onto your compute which regularly syncs back with the cloud. What I add to the folder is added to the cloud online. Unfortunately the virus found its way into the folder and now all my cloud data is infected also. I am aware from extensive research that saving your files is difficult without paying... But can someone please help me at least get this damn thing off my computer and out off my life? I have downloaded Bitdefender to do a scan, but other than that nothing.

DDS.txt:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.10240.16412
Run by jenj8590 at 12:43:43 on 2015-10-12
Microsoft Windows 10 Education 10.0.10240.0.1252.61.1033.18.3756.846 [GMT 11:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\svchost.exe -k NetworkService
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\taskeng.exe
C:\WINDOWS\system32\Hpservice.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SysWOW64\rundll32.exe
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\System32\spoolsv.exe
C:\Program Files (x86)\ABTutor\ABClientMonitor.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ABTutor\ABClient.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\PROGRA~2\GFI\GFIBAC~1\GFIFInst.exe
C:\WINDOWS\system32\fpCSEvtSvc.exe
C:\PROGRA~2\GFI\GFIBAC~1\GFIFSC~1.EXE
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\system32\valWBFPolicyService.exe
C:\Users\jenj8590\AppData\Local\Torch\Update\TorchCrashHandler.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\Explorer.EXE
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Users\jenj8590\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\WINDOWS\SysWOW64\msiexec.exe
C:\Windows\System32\regsvr32.exe
C:\WINDOWS\SysWOW64\regsvr32.exe
C:\Windows\SysWOW64\regsvr32.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Users\jenj8590\AppData\Local\UXTmedia\tmp6094.exe
C:\WINDOWS\CCM\CcmExec.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\CCM\RemCtrl\CmRcService.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\CCM\SCNotification.exe
C:\Windows\helppane.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1001.16470.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
C:\WINDOWS\system32\taskhostw.exe
C:\Windows\System32\SystemSettingsBroker.exe
C:\WINDOWS\System32\NetworkUXBroker.exe
C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.13251.0_x64__8wekyb3d8bbwe\Video.UI.exe
C:\Users\jenj8590\AppData\Local\Torch\Application\torch.exe
C:\Users\jenj8590\AppData\Local\Torch\Application\torch.exe
C:\Users\jenj8590\AppData\Local\Torch\Update\42.0.0.10338\TorchUpdate.exe
C:\Users\jenj8590\AppData\Local\Torch\Application\torch.exe
C:\Users\jenj8590\AppData\Local\Torch\Application\torch.exe
C:\Users\jenj8590\AppData\Local\Torch\Application\torch.exe
C:\Users\jenj8590\AppData\Local\Torch\Application\torch.exe
C:\Users\jenj8590\AppData\Local\Torch\Application\torch.exe
C:\Users\jenj8590\AppData\Local\Torch\Application\torch.exe
C:\Users\jenj8590\AppData\Local\Torch\Application\torch.exe
C:\Users\jenj8590\AppData\Local\Torch\Application\torch.exe
C:\Users\jenj8590\AppData\Local\Torch\Application\torch.exe
C:\Users\jenj8590\AppData\Local\Torch\Application\torch.exe
C:\Users\jenj8590\AppData\Local\Torch\Application\torch.exe
C:\Users\jenj8590\AppData\Local\Torch\Application\torch.exe
C:\Users\jenj8590\AppData\Local\Torch\Application\torch.exe
C:\Program Files\Bitdefender Agent\ProductAgentService.exe
C:\Users\jenj8590\AppData\Local\Torch\Application\torch.exe
C:\Users\jenj8590\AppData\Local\Torch\Application\torch.exe
C:\Users\jenj8590\AppData\Local\Torch\Application\torch.exe
C:\Users\jenj8590\AppData\Local\Torch\Application\torch.exe
C:\Users\jenj8590\AppData\Local\Torch\Application\torch.exe
C:\Users\jenj8590\AppData\Local\Torch\Application\torch.exe
C:\Users\jenj8590\AppData\Local\Torch\Application\torch.exe
C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe
C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe
C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe
C:\Program Files\Bitdefender Agent\ProductAgentService.exe
C:\Program Files\Bitdefender Agent\ProductAgentUI.exe
C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe
C:\Users\jenj8590\AppData\Local\Torch\Application\torch.exe
C:\Users\jenj8590\AppData\Local\Torch\Application\torch.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Program Files (x86)\ABTutor\ABClient.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.mackillop.vic.edu.au/ews/Des ... ignin.aspx
uLocal Page = %11%\blank.htm
uProxyServer = ftp=172.16.1.1:8080;http=172.16.1.1:8080;https=172.16.1.1:8080
uProxyOverride = intranet;venus;172.16.0.39;mackilib;saturn;172.16.*;mackilib.mackillop.vic.edu.au;203.221.209.210;tellus;172.16.0.38;www.mackillop.vic.edu.au;mail.mackillop.vic.edu.au;vknowledge.mackillop.vic.edu.au;*.mackillop.vic.edu.au;www.mackillopwerribee.com.au;<local>
BHO: Bitdefender Wallet: {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll
BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
TB: Bitdefender Wallet: {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll
uRun: [OneDrive] "C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Spotify Web Helper] "C:\Users\jenj8590\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
uRun: [Spotify] "C:\Users\jenj8590\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
uRun: [UXTmedia] C:\Users\jenj8590\AppData\Local\UXTmedia\tmp6094.exe
uRun: [Urdbmedia] regsvr32.exe C:\Users\jenj8590\AppData\Local\Urdbmedia\lnjxevwf.dll
uRun: [Ebgdtion] C:\Windows\SysWOW64\regsvr32.exe C:\Users\jenj8590\AppData\Local\UXTmedia\kggvevcs.dll
uRun: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
uExplorerRun: [1] iexplore.exe
mExplorerRun: [1595722358] C:\ProgramData\msWj.exe
StartupFolder: C:\Users\jenj8590\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.HTML
StartupFolder: C:\Users\jenj8590\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.PNG
StartupFolder: C:\Users\jenj8590\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.TXT
StartupFolder: C:\Users\jenj8590\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.URL
StartupFolder: C:\Users\jenj8590\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
uPolicies-Explorer: ForceStartMenuLogOff = dword:1
uPolicies-Explorer: NoSMHelp = dword:1
uPolicies-Explorer: DisallowRun = dword:1
uPolicies-Explorer: NoThemesTab = dword:1
uPolicies-Explorer: NoCloseDragDropBands = dword:1
uPolicies-Explorer: NoMovingBands = dword:1
uPolicies-Explorer: NoToolbarsOnTaskbar = dword:1
uPolicies-Explorer: TaskbarLockAll = dword:1
uPolicies-Explorer: LockTaskbar = dword:1
uPolicies-Explorer: TaskbarNoNotification = dword:1
uPolicies-Explorer: HideSCAHealth = dword:1
uPolicies-DisallowRun: 1 = abc.exe
uPolicies-DisallowRun: 2 = ares.ece
uPolicies-DisallowRun: 3 = azerues.exe
uPolicies-DisallowRun: 4 = bitcomet.exe
uPolicies-DisallowRun: 5 = bitlord.exe
uPolicies-DisallowRun: 6 = bitthief.exe
uPolicies-DisallowRun: 7 = bittornado.exe
uPolicies-DisallowRun: 8 = bittorrent.exe
uPolicies-DisallowRun: 9 = Btdownloadgui.exe
uPolicies-DisallowRun: 10 = deluge.exe
uPolicies-DisallowRun: 11 = emule.exe
uPolicies-DisallowRun: 12 = fdm.exe
uPolicies-DisallowRun: 13 = flashget.exe
uPolicies-DisallowRun: 14 = giftl.exe
uPolicies-DisallowRun: 15 = imesh.exe
uPolicies-DisallowRun: 16 = kget.exe
uPolicies-DisallowRun: 17 = ktorrent.exe
uPolicies-DisallowRun: 18 = limewire.exe
uPolicies-DisallowRun: 19 = mediaget.exe
uPolicies-DisallowRun: 20 = miro.exe
uPolicies-DisallowRun: 21 = mldonkey.exe
uPolicies-DisallowRun: 22 = mp3rocket.exe
uPolicies-DisallowRun: 23 = msohtmed.exe
uPolicies-DisallowRun: 24 = utorrent.exe
uPolicies-DisallowRun: 25 = Utorrent-2-0-beta.exe
uPolicies-DisallowRun: 26 = µTorrent.exe
uPolicies-DisallowRun: 27 = Utorrentportable.exe
uPolicies-DisallowRun: 28 = OneSwarm.exe
uPolicies-DisallowRun: 29 = opera.exe
uPolicies-DisallowRun: 30 = qBittorrent.exe
uPolicies-DisallowRun: 31 = Shareaza.exe
uPolicies-DisallowRun: 32 = Tonido.exe
uPolicies-DisallowRun: 33 = Swapper.exe
uPolicies-DisallowRun: 34 = Tribler.exe
uPolicies-DisallowRun: 35 = Vuze.exe
uPolicies-DisallowRun: 36 = wyzo.exe
uPolicies-DisallowRun: 37 = iceshare.exe
uPolicies-DisallowRun: 38 = peercast.exe
uPolicies-DisallowRun: 39 = pplive.exe
uPolicies-DisallowRun: 40 = tvants.exe
uPolicies-DisallowRun: 41 = ctv.exe
uPolicies-DisallowRun: 42 = coolstreaming.exe
uPolicies-DisallowRun: 43 = tvprunner.exe
uPolicies-DisallowRun: 44 = tvuplayer.exe
uPolicies-DisallowRun: 45 = overnet.exe
uPolicies-DisallowRun: 46 = napigator.exe
uPolicies-DisallowRun: 47 = blubster.exe
uPolicies-DisallowRun: 48 = piolet.exe
uPolicies-DisallowRun: 49 = phex.exe
uPolicies-DisallowRun: 50 = swapper.exe
uPolicies-DisallowRun: 51 = xolox.exe
uPolicies-DisallowRun: 52 = frostwire.exe
uPolicies-DisallowRun: 53 = grokster.exe
uPolicies-DisallowRun: 54 = gnucleus.exe
uPolicies-DisallowRun: 55 = cabos.exe
uPolicies-DisallowRun: 56 = bearshare.exe
uPolicies-DisallowRun: 57 = Acquisition.exe
uPolicies-DisallowRun: 58 = ntropy.exe
uPolicies-DisallowRun: 59 = pruna.exe
uPolicies-DisallowRun: 60 = jubster.exe
uPolicies-DisallowRun: 61 = hydranode.exe
uPolicies-DisallowRun: 62 = strongdc.exe
uPolicies-DisallowRun: 63 = ApexDC++.exe
uPolicies-DisallowRun: 64 = DCPlusPlus.exe
uPolicies-DisallowRun: 65 = qtorrent.exe
uPolicies-DisallowRun: 66 = burst.exe
uPolicies-DisallowRun: 67 = bitspirit.exe
uPolicies-DisallowRun: 68 = warez.exe
uPolicies-DisallowRun: 69 = BCDC++ .exe
uPolicies-DisallowRun: 70 = dc++.exe
uPolicies-DisallowRun: 71 = edonkey2000.exe
uPolicies-DisallowRun: 72 = edonkey.exe
uPolicies-DisallowRun: 73 = aMule.exe
uPolicies-DisallowRun: 74 = gift.exe
uPolicies-DisallowRun: 75 = gnucleus.exe
uPolicies-DisallowRun: 76 = KCeasy.exe
uPolicies-DisallowRun: 77 = kiwialpha.exe
uPolicies-DisallowRun: 78 = mlnet.exe
uPolicies-DisallowRun: 79 = morpheus.exe
uPolicies-DisallowRun: 80 = zultrax.exe
uPolicies-DisallowRun: 81 = kazaa.exe
uPolicies-DisallowRun: 82 = tixati.exe
uPolicies-DisallowRun: 83 = minecraft.jar
uPolicies-DisallowRun: 84 = steam.exe
uPolicies-DisallowRun: 85 = OptimizerPro.exe
uPolicies-DisallowRun: 86 = VuzeLeap.exe
uPolicies-DisallowRun: 87 = googletalk.exe
uPolicies-System: NoColorChoice = dword:1
uPolicies-System: NoVisualStyleChoice = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoWelcomeScreen = dword:1
mPolicies-Explorer: TaskbarNoNotification = dword:1
mPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-System: DSCAutomationHostEnabled = dword:2
mPolicies-System: dontdisplaylastusername = dword:1
mPolicies-System: noconnecteduser = dword:3
mPolicies-System: SoftwareSASGeneration = dword:1
mPolicies-System: RunLogonScriptSync = dword:0
mPolicies-System: EnableFirstLogonAnimation = dword:0
mPolicies-System: HideFastUserSwitching = dword:1
mPolicies-System: MaxGPOScriptWait = dword:10
mPolicies-Windows\System: UserPolicyMode = dword:2
mPolicies-Windows\System: EnableSmartScreen = dword:1
mPolicies-Windows\System: DefaultAssociationsConfiguration = \\mackillop.local\NETLOGON\AppAssoc.xml
mPolicies-Windows\System: GpNetworkStartTimeoutPolicyValue = dword:10
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{c866906e-1125-4ae5-8990-34dbc61002d6} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{c866906e-1125-4ae5-8990-34dbc61002d6}\D41636B696C6C6F6070275962756C656373702E4564777F627B6 : DHCPNameServer = 172.16.0.10 172.16.0.19 172.16.0.81
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = ""
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-BHO: Bitdefender Wallet : {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll
x64-BHO: Skype for Business Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll
x64-TB: Bitdefender Wallet : {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Bdagent] "C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe"
x64-ExplorerRun: [1595722358] C:\ProgramData\msWj.exe
x64-mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
x64-mPolicies-Explorer: NoWelcomeScreen = dword:1
x64-mPolicies-Explorer: TaskbarNoNotification = dword:1
x64-mPolicies-Explorer: HideSCAHealth = dword:1
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-mPolicies-System: dontdisplaylastusername = dword:1
x64-mPolicies-System: noconnecteduser = dword:3
x64-mPolicies-System: SoftwareSASGeneration = dword:1
x64-mPolicies-System: RunLogonScriptSync = dword:0
x64-mPolicies-System: EnableFirstLogonAnimation = dword:0
x64-mPolicies-System: HideFastUserSwitching = dword:1
x64-mPolicies-System: MaxGPOScriptWait = dword:10
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\jenj8590\AppData\Roaming\Mozilla\Firefox\Profiles\1r1zt985.default\
FF - plugin: C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\jenj8590\AppData\Local\Torch\Plugins\Video\VLC\npvlc.dll
.
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;C:\WINDOWS\System32\drivers\avc3.sys [2015-10-12 1369288]
R0 gzflt;gzflt;C:\WINDOWS\System32\drivers\gzflt.sys [2015-10-12 160032]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2015-7-10 106520]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2015-7-10 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2015-9-18 200528]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2015-7-10 215552]
R1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2015-10-12 107080]
R1 BDVEDISK;BDVEDISK;C:\WINDOWS\System32\drivers\bdvedisk.sys [2015-10-12 76944]
R1 dfmirage;dfmirage;C:\WINDOWS\System32\drivers\dfmirage.sys [2008-3-5 36432]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2015-7-10 83968]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2015-7-10 8192]
R2 ABCHelper;Windows Client Helper;C:\Program Files (x86)\ABTutor\ABClientMonitor.exe [2013-7-18 73688]
R2 ABClient;AB Client Manager;C:\Program Files (x86)\ABTutor\ABClient.exe [2013-7-18 2196440]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-9-2 77104]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2015-5-1 1394816]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2015-5-1 1772672]
R2 CmRcService;Configuration Manager Remote Control;C:\Windows\CCM\RemCtrl\CmRcService.exe [2015-4-14 671928]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2015-7-10 39856]
R2 DiagTrack;Diagnostics Tracking Service;C:\WINDOWS\System32\svchost.exe -k utcsvc [2015-7-10 39856]
R2 fpCsEvtSvc;fpCsEvtSvc;C:\WINDOWS\System32\fpCSEvtSvc.exe [2015-9-18 32768]
R2 GFIBckFAtt;GFI BackUp Freeware Attendant Service;C:\PROGRA~2\GFI\GFIBAC~1\GFIFInst.exe [2015-9-18 1011056]
R2 GFIBckFSched;GFI BackUp Freeware Scheduler Service;C:\PROGRA~2\GFI\GFIBAC~1\GFIFSC~1.EXE [2015-9-18 2664816]
R2 hpsrv;HP Service;C:\WINDOWS\System32\hpservice.exe [2015-9-18 54448]
R2 ProductAgentService;Product Agent Service;C:\Program Files\Bitdefender Agent\ProductAgentService.exe [2015-10-12 823840]
R2 SpyHunter 4 Service;SpyHunter 4 Service;C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [2015-10-12 1026944]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2015-7-10 61952]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
R2 TorchCrashHandler;Torch Crash Handler;C:\Users\jenj8590\AppData\Local\Torch\Update\TorchCrashHandler.exe [2015-10-6 1217032]
R2 UPDATESRV;Bitdefender Desktop Update Service;C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe [2015-10-12 124488]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
R2 valWBFPolicyService;Synaptics FP WBF Policy Service;C:\WINDOWS\System32\valWBFPolicyService.exe [2015-9-18 85008]
R3 avchv;avchv Function Driver;C:\WINDOWS\System32\drivers\avchv.sys [2015-10-12 271272]
R3 avckf;avckf;C:\WINDOWS\System32\drivers\avckf.sys [2015-10-12 747120]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\WINDOWS\System32\drivers\BthLEEnum.sys [2015-7-10 237568]
R3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
R3 ibtusb;Intel(R) Wireless Bluetooth(R);C:\WINDOWS\System32\drivers\ibtusb.sys [2015-9-18 263952]
R3 ISCT;Intel(R) Smart Connect Technology Device Driver;C:\WINDOWS\System32\drivers\ISCTD64.sys [2015-9-18 47008]
R3 iwdbus;IWD Bus Enumerator;C:\WINDOWS\System32\drivers\iwdbus.sys [2015-6-27 39480]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2015-7-10 20992]
R3 NETwNb64;___ Intel(R) Wireless Adapter Driver for Windows 8.1 - 64 Bit;C:\WINDOWS\System32\drivers\Netwbw02.sys [2015-7-10 3496216]
R3 rt640x64;Realtek RT640 NT Driver;C:\WINDOWS\System32\drivers\rt640x64.sys [2015-7-10 587264]
R3 RTSPER;Realtek PCIE Card Reader - PER;C:\WINDOWS\System32\drivers\RtsPer.sys [2015-9-18 772336]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
S2 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2015-7-10 39856]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-7-9 327296]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2015-7-10 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2015-7-10 39856]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-7-10 39856]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2015-7-10 17624]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2015-7-10 39856]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2015-10-7 36352]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2015-7-10 116736]
S3 CDPSvc;CDPSvc;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-7-10 39856]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2015-7-10 27136]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 embeddedmode;embeddedmode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
S3 EsgScanner;EsgScanner;C:\WINDOWS\System32\drivers\EsgScanner.sys [2015-10-12 22704]
S3 fcvsc;fcvsc;C:\WINDOWS\System32\drivers\fcvsc.sys [2015-7-10 31232]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2015-7-10 20992]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2015-7-10 50016]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2015-7-10 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2015-7-10 122608]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2015-7-10 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2015-7-10 424800]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-7-10 39856]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\WINDOWS\System32\ieetwcollector.exe [2015-7-10 115200]
S3 igfxCUIService1.0.0.0;igfxCUIService1.0.0.0;C:\WINDOWS\System32\igfxCUIService.exe [2015-9-18 319080]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\WINDOWS\System32\drivers\intelaud.sys [2015-6-27 50232]
S3 IntcDAud;Intel(R) Display Audio;C:\WINDOWS\System32\drivers\IntcDAud.sys [2014-9-9 454416]
S3 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2015-7-10 43872]
S3 IoQos;IoQos;C:\WINDOWS\System32\drivers\ioqos.sys [2015-7-10 26624]
S3 lpasvc;Microsoft Policy Platform Local Authority;C:\Program Files\Microsoft Policy Platform\policyHost.exe [2012-8-2 50280]
S3 lppsvc;Microsoft Policy Platform Processor;C:\Program Files\Microsoft Policy Platform\policyHost.exe [2012-8-2 50280]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2015-7-10 104800]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2015-7-10 99168]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2015-7-10 705376]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2015-7-10 76128]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc.sys [2015-7-10 94720]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-7-10 39856]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\lsass.exe [2015-7-10 56344]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2015-7-10 58208]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2015-7-10 58720]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2015-9-18 934752]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 rtsuvc;HP Universal Camera Driver;C:\WINDOWS\System32\drivers\rtsuvc.sys [2015-9-18 3074816]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2015-9-18 1031680]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2015-7-10 155488]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2015-7-10 39856]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2015-9-18 80720]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2015-7-10 40288]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2015-7-10 61952]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2015-9-18 46080]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2015-7-10 44032]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2015-7-10 28512]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2015-7-10 245088]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2015-7-10 94048]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2015-7-10 127840]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2015-7-10 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2015-7-10 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2015-7-10 27488]
S3 USBAAPL64;Apple Mobile USB Driver;C:\WINDOWS\System32\drivers\usbaapl64.sys [2015-6-17 54784]
S3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2015-7-10 31744]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 vmicvmsession;Hyper-V VM Session Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2015-9-18 685568]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2015-7-10 119648]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2015-7-10 39856]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2015-7-10 26976]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2015-7-10 59232]
S3 WirelessButtonDriver64;HP Wireless Button Driver Service;C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [2015-9-18 30544]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
S3 WpnService;Windows Push Notifications Service;C:\WINDOWS\System32\svchost.exe -k wswpnservice [2015-7-10 39856]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2015-7-10 222720]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2015-7-10 25600]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2015-10-12 01:36:49 666232 ----a-w- C:\ProgramData\1444612802.bdinstall.bin
2015-10-12 01:35:30 -------- d-----w- C:\ProgramData\BDLogging
2015-10-12 01:35:29 511328 ----a-w- C:\WINDOWS\capicom.dll
2015-10-12 01:35:27 76944 ----a-w- C:\WINDOWS\System32\drivers\bdvedisk.sys
2015-10-12 01:35:26 747120 ----a-w- C:\WINDOWS\System32\drivers\avckf.sys
2015-10-12 01:35:26 271272 ----a-w- C:\WINDOWS\System32\drivers\avchv.sys
2015-10-12 01:35:26 1369288 ----a-w- C:\WINDOWS\System32\drivers\avc3.sys
2015-10-12 01:35:24 270248 ----a-w- C:\WINDOWS\System32\drivers\ignis.sys
2015-10-12 01:21:40 -------- d-----w- C:\Users\jenj8590\AppData\Roaming\Bitdefender
2015-10-12 01:21:35 3271472 ---ha-w- C:\bdr-bz01
2015-10-12 01:20:27 477272 ----a-w- C:\WINDOWS\System32\drivers\trufos.sys
2015-10-12 01:20:27 160032 ----a-w- C:\WINDOWS\System32\drivers\gzflt.sys
2015-10-12 01:20:27 -------- d-----w- C:\ProgramData\Bitdefender
2015-10-12 01:20:27 -------- d-----w- C:\Program Files\Bitdefender
2015-10-12 01:20:02 -------- d-----w- C:\Users\jenj8590\AppData\Roaming\QuickScan
2015-10-12 01:20:00 -------- d-----w- C:\Program Files\Common Files\Bitdefender
2015-10-12 00:56:59 -------- d-----w- C:\ProgramData\Bitdefender Agent
2015-10-12 00:56:59 -------- d-----w- C:\Program Files\Bitdefender Agent
2015-10-12 00:44:38 16148 ----a-w- C:\WINDOWS\System32\2014JENNINGS_jenj8590_HistoryPrediction.bin
2015-10-11 23:03:41 -------- d-----w- C:\Users\jenj8590\AppData\Roaming\Enigma Software Group
2015-10-11 23:03:27 -------- d-----w- C:\sh4ldr
2015-10-11 23:02:21 22704 ----a-w- C:\WINDOWS\System32\drivers\EsgScanner.sys
2015-10-11 23:02:12 -------- d-----w- C:\Program Files\Enigma Software Group
2015-10-10 11:45:34 595456 --sha-r- C:\WINDOWS\SysWow64\slcextd.dll
2015-10-10 11:29:11 481852 ----a-w- C:\ProgramData\Microsoft\Performance\Monitor\temp\tmp4306.exe
2015-10-10 10:52:44 -------- d-----w- C:\Users\jenj8590\AppData\Local\Urdbmedia
2015-10-10 10:52:27 -------- d-----w- C:\Users\jenj8590\AppData\Local\UXTmedia
2015-10-10 10:51:58 122880 ----a-w- C:\ProgramData\Microsoft\Performance\Monitor\temp\tmp6094.exe
2015-10-10 10:51:38 2216448 ----a-w- C:\ProgramData\Microsoft\Performance\Monitor\SecurityHelper.dll
2015-10-07 03:18:58 784136 ----a-w- C:\WINDOWS\System32\mfsvr.dll
2015-10-06 23:24:08 -------- d-----w- C:\Users\jenj8590\AppData\Local\Adobe
2015-10-06 22:12:17 -------- d-----w- C:\Users\jenj8590\AppData\Local\Deployment
2015-10-06 22:12:17 -------- d-----w- C:\Users\jenj8590\AppData\Local\assembly
2015-10-06 22:12:17 -------- d-----w- C:\Users\jenj8590\AppData\Local\Apps
2015-10-06 17:49:21 -------- d-----w- C:\Users\jenj8590\AppData\Local\NetworkTiles
2015-10-06 06:15:25 -------- d-----w- C:\Users\jenj8590\AppData\Local\Spotify
2015-10-06 06:15:25 -------- d-----w- C:\Users\jenj8590\AppData\Local\CEF
2015-10-06 06:13:15 -------- d-----w- C:\Users\jenj8590\AppData\Roaming\Spotify
2015-10-06 05:56:24 -------- d-----r- C:\Users\jenj8590\Dropbox
2015-10-06 05:54:47 -------- d-----w- C:\Users\jenj8590\Tracing
2015-10-06 05:54:26 -------- d-----w- C:\Users\jenj8590\AppData\Roaming\Dropbox
2015-10-06 05:54:20 -------- d-----w- C:\Users\jenj8590\AppData\Local\Skype
2015-10-06 05:54:15 -------- d-----r- C:\Program Files (x86)\Skype
2015-10-06 05:50:03 -------- d-----w- C:\Program Files (x86)\Dropbox
2015-10-06 05:50:01 -------- d-----w- C:\Users\jenj8590\AppData\Local\Dropbox
2015-10-06 05:50:01 -------- d-----w- C:\ProgramData\Dropbox
2015-10-06 05:19:46 -------- d-----w- C:\Users\jenj8590\AppData\Local\MicrosoftEdge
2015-10-06 05:17:10 -------- d-----w- C:\ProgramData\TorchCrashHandler
2015-10-06 05:16:58 -------- d-----w- C:\Users\jenj8590\AppData\Local\PeerDistRepub
2015-10-06 05:13:18 -------- d-----w- C:\Users\jenj8590\AppData\Local\Torch
2015-10-06 04:21:33 223 ----a-w- C:\WINDOWS\System32\{8A694AF2-286D-429D-867A-3F95898EE308}.bat
2015-10-06 03:43:11 16148 ----a-w- C:\WINDOWS\System32\2014JENNINGS_Administrator_HistoryPrediction.bin
2015-10-06 03:11:11 -------- d-----w- C:\Program Files (x86)\ClickView
2015-10-06 03:05:08 -------- d-----w- C:\WINDOWS\ms
2015-09-23 04:58:20 16148 ----a-w- C:\WINDOWS\System32\TESTING10EDU_Administrator_HistoryPrediction.bin
2015-09-23 02:53:36 -------- d-----w- C:\WINDOWS\System32\{3DA228BE-34DA-49f4-A081-66465B077429}
2015-09-23 00:05:38 16148 ----a-w- C:\WINDOWS\System32\DESKTOP-1I7R45S_Administrator_HistoryPrediction.bin
2015-09-22 23:40:37 16148 ----a-w- C:\WINDOWS\System32\DESKTOP-1I7R45S_Test_HistoryPrediction.bin
2015-09-22 23:33:43 110688 ----a-w- C:\WINDOWS\System32\WindowsAccessBridge-64.dll
2015-09-22 23:33:28 -------- d-----w- C:\ProgramData\Oracle
2015-09-22 23:25:27 -------- d-----w- C:\Program Files (x86)\Office Mix
2015-09-22 01:45:21 16148 ----a-w- C:\WINDOWS\System32\DESKTOP-1I7R45S_defaultuser0_HistoryPrediction.bin
2015-09-22 00:45:45 16148 ----a-w- C:\WINDOWS\System32\DESKTOP-OS9ROI6_Administrator_HistoryPrediction.bin
2015-09-21 23:57:35 -------- d-----w- C:\WINDOWS\Profile
2015-09-21 23:49:10 16148 ----a-w- C:\WINDOWS\System32\DESKTOP-OS9ROI6_test_HistoryPrediction.bin
2015-09-21 22:19:07 16148 ----a-w- C:\WINDOWS\System32\DESKTOP-OS9ROI6_defaultuser0_HistoryPrediction.bin
2015-09-21 05:17:50 16148 ----a-w- C:\WINDOWS\System32\DESKTOP-U3UOIK6_Administrator_HistoryPrediction.bin
2015-09-21 05:14:39 -------- d-----w- C:\WINDOWS\deafultProf
2015-09-21 05:02:43 16148 ----a-w- C:\WINDOWS\System32\DESKTOP-U3UOIK6_test_HistoryPrediction.bin
2015-09-20 23:42:50 16148 ----a-w- C:\WINDOWS\System32\DESKTOP-U3UOIK6_defaultuser0_HistoryPrediction.bin
2015-09-20 23:38:21 200 ----a-w- C:\WINDOWS\System32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2015-09-20 22:54:58 16148 ----a-w- C:\WINDOWS\System32\WINDOWS10BUILD_Administrator_HistoryPrediction.bin
2015-09-20 06:20:59 1190000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A6E21A30-4836-4C76-93FD-B57213822EBD}\gapaengine.dll
2015-09-20 06:20:51 11062400 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4A68AADE-61D9-4D06-8983-7CD73D3A543D}\mpengine.dll
2015-09-18 16:54:16 -------- d-sh--w- C:\Recovery
2015-09-18 05:13:51 16148 ----a-w- C:\WINDOWS\System32\WINDOWS10BUILD_Build_HistoryPrediction.bin
2015-09-18 05:08:58 -------- d-----w- C:\Program Files\MPC-HC
2015-09-18 05:07:49 -------- d-----w- C:\Program Files\DivX
2015-09-18 05:07:33 -------- d-----w- C:\Program Files (x86)\Common Files\DivX Shared
2015-09-18 05:06:44 -------- d-----w- C:\Program Files (x86)\DivX
2015-09-18 05:06:19 -------- d-----w- C:\ProgramData\DivX
2015-09-18 05:01:35 -------- d-----w- C:\Program Files (x86)\Common Files\MSSoap
2015-09-18 05:01:05 -------- d-----w- C:\ProgramData\LabOra Worship TLC
2015-09-18 05:01:05 -------- d-----w- C:\Program Files (x86)\Duplo Data as
2015-09-18 04:59:54 -------- d-----w- C:\Program Files (x86)\Jasc Software Inc
2015-09-18 04:47:39 -------- d-----w- C:\Program Files (x86)\GeoGebra 4.2
2015-09-18 04:38:57 -------- d-----w- C:\Program Files (x86)\Inspiration 8 IE
2015-09-18 04:37:30 90112 ----a-w- C:\WINDOWS\unvise32.exe
2015-09-18 04:37:20 -------- d-----w- C:\Program Files (x86)\InspireData
2015-09-18 04:34:59 -------- d-----w- C:\ProgramData\Rising Software
2015-09-18 04:34:59 -------- d-----w- C:\Program Files (x86)\Rising Software
2015-09-18 04:33:01 -------- d-----w- C:\ProgramData\Austhink Software
2015-09-18 04:32:48 -------- d-----w- C:\Program Files (x86)\Rationale 2
2015-09-18 04:31:55 -------- d-----w- C:\Program Files (x86)\EclipseCrossword
2015-09-18 04:29:27 -------- d-----w- C:\Program Files (x86)\plasq
2015-09-18 04:29:22 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2015-09-18 04:26:38 -------- d-----w- C:\Program Files\IrfanView
2015-09-18 04:24:02 -------- d-----w- C:\Program Files (x86)\Photo Story 3 for Windows
2015-09-18 04:21:04 -------- d-----w- C:\Program Files (x86)\Common Files\supportsoft
2015-09-18 04:21:00 3833856 ----a-w- C:\WINDOWS\SysWow64\cdintf300.dll
2015-09-18 04:20:00 -------- d-----w- C:\WINDOWS\Intuit
2015-09-18 04:19:49 -------- d-----w- C:\Program Files (x86)\Common Files\AnswerWorks 4.0
2015-09-18 04:19:42 -------- d-----w- C:\ProgramData\Intuit
2015-09-18 04:19:42 -------- d-----w- C:\Program Files (x86)\Intuit
2015-09-18 04:19:42 -------- d-----w- C:\Program Files (x86)\Common Files\Intuit
2015-09-18 04:17:06 -------- d-----w- C:\ProgramData\COMMON FILES
2015-09-18 04:11:47 -------- d-----w- C:\WINDOWS\SysWow64\URTTEMP
2015-09-18 04:07:37 -------- d---a-w- C:\ProgramData\Reprise
2015-09-18 04:07:13 -------- d-----w- C:\ProgramData\SketchUp
2015-09-18 04:07:13 -------- d-----w- C:\Program Files\SketchUp
2015-09-18 04:02:16 -------- d-----w- C:\WINDOWS\en
2015-09-18 04:02:05 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-09-18 03:59:55 -------- d-----w- C:\Program Files (x86)\Graphmatica
2015-09-18 03:58:11 5425496 ----a-w- C:\WINDOWS\System32\D3DX9_41.dll
2015-09-18 03:58:11 4178264 ----a-w- C:\WINDOWS\SysWow64\D3DX9_41.dll
2015-09-18 03:58:03 -------- d-----w- C:\Program Files\Microsoft Mathematics
2015-09-18 03:54:39 778936 ----a-w- C:\WINDOWS\SysWow64\PresentationNative_v0300.dll
2015-09-18 03:54:39 35480 ----a-w- C:\WINDOWS\SysWow64\TsWpfWrp.exe
2015-09-18 03:54:39 102608 ----a-w- C:\WINDOWS\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-09-18 03:54:36 35480 ----a-w- C:\WINDOWS\System32\TsWpfWrp.exe
2015-09-18 03:54:36 124112 ----a-w- C:\WINDOWS\System32\PresentationCFFRasterizerNative_v0300.dll
2015-09-18 03:54:36 1166520 ----a-w- C:\WINDOWS\System32\PresentationNative_v0300.dll
2015-09-18 03:32:24 -------- d-----w- C:\ProgramData\Efofex
2015-09-18 03:32:22 -------- d-----w- C:\Program Files (x86)\Efofex
2015-09-18 03:28:20 -------- d-----w- C:\Program Files\iPod
2015-09-18 03:28:20 -------- d-----w- C:\Program Files (x86)\iTunes
2015-09-18 03:28:19 -------- d-----w- C:\Program Files\iTunes
2015-09-18 03:27:57 -------- d-----w- C:\Program Files\Bonjour
2015-09-18 03:27:57 -------- d-----w- C:\Program Files (x86)\Bonjour
2015-09-18 03:24:24 -------- d-----w- C:\Program Files (x86)\Audacity
2015-09-18 02:39:56 -------- d-----w- C:\ProgramData\AB Tutor
2015-09-18 02:39:54 -------- d-----w- C:\Program Files (x86)\ABTutor
2015-09-18 02:39:47 -------- d-----w- C:\Program Files (x86)\Pivot Stickfigure Animator
2015-09-18 02:35:55 -------- d-----w- C:\WINDOWS\GFIBckFUnwise
2015-09-18 02:35:55 -------- d-----w- C:\Program Files (x86)\GFI
2015-09-18 02:30:13 -------- d-----w- C:\Program Files (x86)\VideoLAN
2015-09-18 01:54:00 1234944 ----a-w- C:\WINDOWS\System32\aitstatic.exe
2015-09-18 01:52:52 497664 ----a-w- C:\WINDOWS\System32\WlanMediaManager.dll
2015-09-18 01:41:49 1190000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\NisBackup\gapaengine.dll
2015-09-18 01:41:40 11062400 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2015-09-18 01:38:30 270496 ----a-w- C:\WINDOWS\System32\MpSigStub.exe
2015-09-18 00:38:46 -------- d-----w- C:\MacKillop Programs
2015-09-18 00:23:53 -------- d-----w- C:\ProgramData\Synaptics
2015-09-18 00:23:49 679240 ----a-w- C:\WINDOWS\System32\ValEFIResDll.dll
2015-09-18 00:12:20 -------- d-----w- C:\WINDOWS\PCHEALTH
2015-09-18 00:12:20 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server
2015-09-18 00:11:36 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2015-09-18 00:06:51 263952 ----a-w- C:\WINDOWS\System32\drivers\ibtusb.sys
2015-09-18 00:06:51 242448 ----a-w- C:\WINDOWS\System32\ibtproppage.dll
2015-09-18 00:06:49 99856 ----a-w- C:\WINDOWS\System32\OpenCL.DLL
2015-09-18 00:06:49 -------- d-----w- C:\Intel
2015-09-18 00:06:12 -------- d-----w- C:\Program Files (x86)\Common Files\Intel
2015-09-18 00:06:05 192312 ----a-w- C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys
2015-09-18 00:05:59 -------- d-----w- C:\ProgramData\Microsoft OneDrive
2015-09-18 00:05:01 -------- d-----w- C:\ProgramData\Validity
2015-09-18 00:05:00 85008 ----a-w- C:\WINDOWS\System32\valWBFPolicyService.exe
2015-09-18 00:05:00 32768 ----a-w- C:\WINDOWS\System32\fpCSEvtSvc.exe
2015-09-18 00:05:00 3115336 ----a-w- C:\WINDOWS\System32\vcsAPIFORWBF.dll
2015-09-18 00:05:00 236856 ----a-w- C:\WINDOWS\System32\drivers\UMDF\wbf_vfs_003f_adv.dll
2015-09-18 00:03:15 -------- d-----w- C:\WINDOWS\System32\SRSLabs
2015-09-18 00:03:13 -------- d-----w- C:\WINDOWS\SysWow64\RTCOM
2015-09-18 00:03:13 -------- d-----w- C:\Program Files\Realtek
2015-09-18 00:03:04 479992 ----a-w- C:\WINDOWS\System32\SRAPO64.dll
2015-09-18 00:03:04 393488 ----a-w- C:\WINDOWS\System32\SRCOM64.dll
2015-09-18 00:03:04 352904 ----a-w- C:\WINDOWS\SysWow64\SRCOM.dll
2015-09-18 00:03:04 352904 ----a-w- C:\WINDOWS\System32\SRCOM.dll
2015-09-18 00:03:04 1456472 ----a-w- C:\WINDOWS\System32\SRRPTR64.dll
2015-09-18 00:03:02 1626264 ----a-w- C:\WINDOWS\System32\CX64APO.dll
2015-09-17 23:58:48 -------- d-----w- C:\WINDOWS\System32\wbem\Performance
2015-09-17 23:58:23 -------- d-----w- C:\WINDOWS\SysWow64\CCM
2015-09-17 23:58:23 -------- d-----w- C:\WINDOWS\ccmcache
2015-09-17 23:58:23 -------- d-----w- C:\WINDOWS\CCM
2015-09-17 23:57:41 -------- d-----w- C:\Program Files\Microsoft Policy Platform
2015-09-17 23:56:44 -------- d-----w- C:\ProgramData\Package Cache
2015-09-17 23:56:41 -------- d-----w- C:\WINDOWS\SysWow64\%LOCALAPPDATA%
2015-09-17 23:56:39 -------- d-----w- C:\WINDOWS\ccmsetup
2015-09-17 23:55:44 2718208 ----a-w- C:\WINDOWS\SysWow64\PrintConfig.dll
2015-09-17 23:51:49 -------- d-----w- C:\WINDOWS\panther
.
==================== Find3M ====================
.
2015-10-08 14:19:49 646947 ----a-w- C:\WINDOWS\System32\drivers\rtkhdasetting.zip
2015-10-06 04:21:33 180 ----a-w- C:\WINDOWS\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-09-25 00:35:02 257024 ----a-w- C:\WINDOWS\System32\UserDataAccountApis.dll
2015-09-25 00:34:58 223232 ----a-w- C:\WINDOWS\System32\PhoneCallHistoryApis.dll
2015-09-25 00:13:23 1276416 ----a-w- C:\WINDOWS\System32\wifinetworkmanager.dll
2015-09-24 23:34:42 195584 ----a-w- C:\WINDOWS\SysWow64\UserDataAccountApis.dll
2015-09-24 23:34:35 172032 ----a-w- C:\WINDOWS\SysWow64\PhoneCallHistoryApis.dll
2015-09-24 23:24:32 796160 ----a-w- C:\WINDOWS\System32\TokenBroker.dll
2015-09-24 23:24:24 689152 ----a-w- C:\WINDOWS\System32\Windows.Security.Authentication.Web.Core.dll
2015-09-24 23:23:48 579072 ----a-w- C:\WINDOWS\System32\winlogon.exe
2015-09-24 23:17:38 2178560 ----a-w- C:\WINDOWS\System32\AppXDeploymentServer.dll
2015-09-24 23:08:37 3586560 ----a-w- C:\WINDOWS\System32\win32kfull.sys
2015-09-24 23:07:45 1382400 ----a-w- C:\WINDOWS\System32\win32kbase.sys
2015-09-24 23:06:12 1423872 ----a-w- C:\WINDOWS\System32\UserDataService.dll
2015-09-24 23:05:14 288256 ----a-w- C:\WINDOWS\System32\PimIndexMaintenance.dll
2015-09-24 23:01:28 685568 ----a-w- C:\WINDOWS\System32\AppointmentApis.dll
2015-09-24 23:01:04 856576 ----a-w- C:\WINDOWS\System32\ContactApis.dll
2015-09-24 23:00:55 720896 ----a-w- C:\WINDOWS\System32\EmailApis.dll
2015-09-24 23:00:33 752640 ----a-w- C:\WINDOWS\System32\ChatApis.dll
2015-09-24 23:00:19 1205248 ----a-w- C:\WINDOWS\System32\Unistore.dll
2015-09-24 23:00:05 163840 ----a-w- C:\WINDOWS\System32\CallHistoryClient.dll
2015-09-24 22:53:13 590336 ----a-w- C:\WINDOWS\System32\MessagingDataModel2.dll
2015-09-24 22:43:30 613376 ----a-w- C:\WINDOWS\SysWow64\TokenBroker.dll
2015-09-24 22:43:14 480256 ----a-w- C:\WINDOWS\SysWow64\Windows.Security.Authentication.Web.Core.dll
2015-09-24 22:42:19 1795072 ----a-w- C:\WINDOWS\System32\AppXDeploymentExtensions.dll
2015-09-24 22:25:44 579584 ----a-w- C:\WINDOWS\SysWow64\AppointmentApis.dll
2015-09-24 22:25:34 625152 ----a-w- C:\WINDOWS\SysWow64\ContactApis.dll
2015-09-24 22:25:15 557568 ----a-w- C:\WINDOWS\SysWow64\ChatApis.dll
2015-09-24 22:25:02 928256 ----a-w- C:\WINDOWS\SysWow64\Unistore.dll
2015-09-24 22:25:00 525312 ----a-w- C:\WINDOWS\SysWow64\EmailApis.dll
2015-09-24 22:24:45 131072 ----a-w- C:\WINDOWS\SysWow64\CallHistoryClient.dll
2015-09-24 22:19:24 466432 ----a-w- C:\WINDOWS\SysWow64\MessagingDataModel2.dll
2015-09-19 05:14:37 102304 ----a-w- C:\WINDOWS\System32\omadmapi.dll
2015-09-18 00:23:49 980648 ----a-w- C:\WINDOWS\System32\msvcr120.dll
2015-09-18 00:04:52 608664 ----a-w- C:\WINDOWS\System32\IntelCpHDCPSvc.exe
2015-09-17 06:50:17 99664 ----a-w- C:\WINDOWS\System32\drivers\pdc.sys
2015-09-17 06:50:10 2464216 ----a-w- C:\WINDOWS\System32\mfcore.dll
2015-09-17 06:50:05 1563392 ----a-w- C:\WINDOWS\System32\winmde.dll
2015-09-17 06:50:02 88384 ----a-w- C:\WINDOWS\System32\remoteaudioendpoint.dll
2015-09-17 06:49:33 1563472 ----a-w- C:\WINDOWS\System32\wmpmde.dll
2015-09-17 06:49:11 6487248 ----a-w- C:\WINDOWS\System32\windows.storage.dll
2015-09-17 06:49:11 501008 ----a-w- C:\WINDOWS\System32\AudioEng.dll
2015-09-17 06:49:10 894256 ----a-w- C:\WINDOWS\System32\drivers\Wdf01000.sys
2015-09-17 06:49:05 8020816 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2015-09-17 06:49:01 553808 ----a-w- C:\WINDOWS\System32\SettingSyncHost.exe
2015-09-17 06:47:11 1397088 ----a-w- C:\WINDOWS\System32\LicenseManager.dll
2015-09-17 06:44:22 781976 ----a-w- C:\WINDOWS\System32\mfds.dll
2015-09-17 06:43:40 966416 ----a-w- C:\WINDOWS\System32\twinapi.appcore.dll
2015-09-17 06:39:29 81488 ----a-w- C:\WINDOWS\System32\acmigration.dll
2015-09-17 06:37:20 1168736 ----a-w- C:\WINDOWS\System32\drivers\ndis.sys
2015-09-17 06:37:19 1295712 ----a-w- C:\WINDOWS\System32\wpx.dll
2015-09-17 06:28:43 2154808 ----a-w- C:\WINDOWS\SysWow64\mfcore.dll
2015-09-17 06:28:40 5120056 ----a-w- C:\WINDOWS\SysWow64\windows.storage.dll
2015-09-17 06:28:38 74880 ----a-w- C:\WINDOWS\SysWow64\remoteaudioendpoint.dll
2015-09-17 06:28:36 1357888 ----a-w- C:\WINDOWS\SysWow64\winmde.dll
2015-09-17 06:28:29 441168 ----a-w- C:\WINDOWS\SysWow64\SettingSyncHost.exe
2015-09-17 06:28:21 407608 ----a-w- C:\WINDOWS\SysWow64\AudioSes.dll
2015-09-17 06:27:29 1766952 ----a-w- C:\WINDOWS\SysWow64\CoreUIComponents.dll
2015-09-17 06:27:16 454512 ----a-w- C:\WINDOWS\SysWow64\directmanipulation.dll
2015-09-17 06:26:49 434376 ----a-w- C:\WINDOWS\SysWow64\MFCaptureEngine.dll
2015-09-17 06:26:41 1895568 ----a-w- C:\WINDOWS\SysWow64\hevcdecoder.dll
2015-09-17 06:26:39 2446648 ----a-w- C:\WINDOWS\SysWow64\msmpeg2vdec.dll
2015-09-17 06:26:38 646672 ----a-w- C:\WINDOWS\SysWow64\mfsvr.dll
2015-09-17 06:26:32 508248 ----a-w- C:\WINDOWS\SysWow64\mf.dll
2015-09-17 06:26:31 428128 ----a-w- C:\WINDOWS\SysWow64\WWanAPI.dll
2015-09-17 06:25:10 962400 ----a-w- C:\WINDOWS\SysWow64\LicenseManager.dll
2015-09-17 06:21:38 658528 ----a-w- C:\WINDOWS\SysWow64\mfds.dll
2015-09-17 06:20:25 764416 ----a-w- C:\WINDOWS\SysWow64\twinapi.appcore.dll
2015-09-17 06:12:18 16708608 ----a-w- C:\WINDOWS\System32\Windows.UI.Xaml.dll
2015-09-17 06:11:07 160256 ----a-w- C:\WINDOWS\System32\enrollmentapi.dll
2015-09-17 06:10:35 169984 ----a-w- C:\WINDOWS\System32\mdmregistration.dll
2015-09-17 06:09:54 269312 ----a-w- C:\WINDOWS\System32\provengine.dll
2015-09-17 06:09:50 143360 ----a-w- C:\WINDOWS\System32\provops.dll
2015-09-17 06:08:23 494592 ----a-w- C:\WINDOWS\System32\StoreAgent.dll
2015-09-17 06:08:03 26624 ----a-w- C:\WINDOWS\System32\LicenseManagerShellext.exe
2015-09-17 06:08:01 53760 ----a-w- C:\WINDOWS\System32\Windows.Speech.Pal.dll
2015-09-17 06:07:53 21875712 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2015-09-17 06:06:11 467968 ----a-w- C:\WINDOWS\System32\MBMediaManager.dll
2015-09-17 06:06:10 690688 ----a-w- C:\WINDOWS\System32\CellularAPI.dll
2015-09-17 06:06:04 149504 ----a-w- C:\WINDOWS\System32\tetheringservice.dll
2015-09-17 06:05:53 2226688 ----a-w- C:\WINDOWS\System32\NetworkMobileSettings.dll
2015-09-17 06:05:02 483328 ----a-w- C:\WINDOWS\System32\OneDriveSettingSyncProvider.dll
2015-09-17 06:04:55 504320 ----a-w- C:\WINDOWS\System32\DataSenseHandlers.dll
2015-09-17 06:04:41 910848 ----a-w- C:\WINDOWS\System32\SharedStartModel.dll
2015-09-17 06:04:22 7569408 ----a-w- C:\WINDOWS\System32\mos.dll
2015-09-17 06:03:52 88064 ----a-w- C:\WINDOWS\System32\ngckeyenum.dll
2015-09-17 06:03:28 267776 ----a-w- C:\WINDOWS\System32\Windows.Internal.Management.dll
2015-09-17 06:03:02 83968 ----a-w- C:\WINDOWS\System32\DeviceEnroller.exe
2015-09-17 06:03:02 154624 ----a-w- C:\WINDOWS\System32\dmcertinst.exe
2015-09-17 06:03:00 187904 ----a-w- C:\WINDOWS\System32\provisioningcsp.dll
2015-09-17 06:02:59 68096 ----a-w- C:\WINDOWS\System32\EnterpriseDesktopAppMgmtCSP.dll
2015-09-17 06:02:59 168960 ----a-w- C:\WINDOWS\System32\mdmmigrator.dll
2015-09-17 06:00:51 106496 ----a-w- C:\WINDOWS\System32\KeywordDetectorMsftSidAdapter.dll
2015-09-17 06:00:46 3248640 ----a-w- C:\WINDOWS\System32\Windows.Media.dll
2015-09-17 06:00:18 2417664 ----a-w- C:\WINDOWS\System32\MFMediaEngine.dll
2015-09-17 06:00:11 446976 ----a-w- C:\WINDOWS\System32\MapConfiguration.dll
2015-09-17 05:58:01 503808 ----a-w- C:\WINDOWS\System32\tileobjserver.dll
2015-09-17 05:57:49 281600 ----a-w- C:\WINDOWS\System32\VEEventDispatcher.dll
2015-09-17 05:57:45 2228736 ----a-w- C:\WINDOWS\System32\wlansvc.dll
2015-09-17 05:57:42 137728 ----a-w- C:\WINDOWS\System32\VEStoreEventHandlers.dll
.
============= FINISH: 12:44:11.45 ===============

Attach:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 10 Education
Boot Device: \Device\HarddiskVolume1
Install Date: 6/10/2015 2:11:16 PM
System Uptime: 11/10/2015 11:43:13 PM (13 hours ago)
.
Motherboard: Acer | | Polaris_HW
Processor: Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz | U3E1 | 1600/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 119 GiB total, 72.994 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
7-Zip 9.20
AB Tutor v7
Adobe Acrobat Reader DC
Adobe Refresh Manager
Apple Application Support (32-bit)
Apple Application Support (64-bit)
Apple Mobile Device Support
Apple Software Update
Audacity 2.1.0
Auralia 4 Cloud
Bitdefender Agent
Bitdefender Total Security 2016
Bonjour
ClickView Player
Comic Life
Configuration Manager Client
D3DX10
Definition Update for Microsoft Office 2013 (KB3085499) 32-Bit Edition
DivX Setup
EclipseCrossword
FX Chem 2.000
FX ChemStruct 1
FX Draw 3
FX Equation 4
GeoGebra 4.2
GFI BackUp Freeware
Google Chrome
Google Earth
Google Update Helper
Graphmatica
Inspiration 8 IE
InspireData
Intel(R) Processor Graphics
IrfanView (remove only)
IrfanView 64 (remove only)
iTunes
Java 8 Update 60 (64-bit)
Java Auto Updater
LabOra Worship
Microsoft .NET Framework 1.1
Microsoft Access MUI (English) 2013
Microsoft Access Setup Metadata MUI (English) 2013
Microsoft Application Error Reporting
Microsoft DCF MUI (English) 2013
Microsoft Excel MUI (English) 2013
Microsoft Groove MUI (English) 2013
Microsoft InfoPath MUI (English) 2013
Microsoft Lync MUI (English) 2013
Microsoft Mathematics (64-bit)
Microsoft Office 64-bit Components 2013
Microsoft Office OSM MUI (English) 2013
Microsoft Office OSM UX MUI (English) 2013
Microsoft Office Professional Plus 2013
Microsoft Office Proofing (English) 2013
Microsoft Office Proofing Tools 2013 - English
Microsoft Office Proofing Tools 2013 - Español
Microsoft Office Shared 64-bit MUI (English) 2013
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013
Microsoft Office Shared MUI (English) 2013
Microsoft Office Shared Setup Metadata MUI (English) 2013
Microsoft OneNote MUI (English) 2013
Microsoft Outlook MUI (English) 2013
Microsoft Policy Platform
Microsoft PowerPoint MUI (English) 2013
Microsoft Publisher MUI (English) 2013
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Microsoft Word MUI (English) 2013
Movie Maker
Mozilla Firefox 40.0.3 (x86 en-US)
Mozilla Maintenance Service
MPC-HC 1.6.4.6052 (64-bit)
MSVCRT
MSVCRT110
MSVCRT110_amd64
Musition 4 Cloud
Office Mix
Office Mix 32-bit
Outils de vérification linguistique 2013 de Microsoft Office - Français
Paint Shop Pro 7
Photo Common
Photo Gallery
Photo Story 3 for Windows
Pivot Stickfigure Animator
QuickBooks Premier: Student Edition V19
Rationale 2
Realtek High Definition Audio Driver
Security Update for Microsoft Excel 2013 (KB3085502) 32-Bit Edition
Security Update for Microsoft Office 2013 (KB2880502) 32-Bit Edition
Security Update for Microsoft Office 2013 (KB2910941) 32-Bit Edition
Security Update for Microsoft Office 2013 (KB3039734) 32-Bit Edition
Security Update for Microsoft Office 2013 (KB3039798) 32-Bit Edition
Security Update for Microsoft Office 2013 (KB3054816) 32-Bit Edition
Security Update for Microsoft Office 2013 (KB3054932) 32-Bit Edition
Security Update for Skype for Business 2015 (KB3085500) 32-Bit Edition
Service Pack 1 for Microsoft Office 2013 (KB2817430) 32-Bit Edition
SketchUp 2015
Skype Click to Call
Skype™ 7.12
Spotify
SpyHunter 4
SupportSoft Assisted Service
Torch
Update for Microsoft Access 2013 (KB3085503) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760344) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760371) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760544) 32-Bit Edition
Update for Microsoft Office 2013 (KB2837654) 32-Bit Edition
Update for Microsoft Office 2013 (KB2880487) 32-Bit Edition
Update for Microsoft Office 2013 (KB2881076) 32-Bit Edition
Update for Microsoft Office 2013 (KB2883036) 32-Bit Edition
Update for Microsoft Office 2013 (KB2883095) 32-Bit Edition
Update for Microsoft Office 2013 (KB2889863) 32-Bit Edition
Update for Microsoft Office 2013 (KB2899522) 32-Bit Edition
Update for Microsoft Office 2013 (KB2956152) 32-Bit Edition
Update for Microsoft Office 2013 (KB2965271) 32-Bit Edition
Update for Microsoft Office 2013 (KB2975869) 32-Bit Edition
Update for Microsoft Office 2013 (KB3023052) 32-Bit Edition
Update for Microsoft Office 2013 (KB3039718) 32-Bit Edition
Update for Microsoft Office 2013 (KB3039739) 32-Bit Edition
Update for Microsoft Office 2013 (KB3039762) 32-Bit Edition
Update for Microsoft Office 2013 (KB3039766) 32-Bit Edition
Update for Microsoft Office 2013 (KB3054774) 32-Bit Edition
Update for Microsoft Office 2013 (KB3054783) 32-Bit Edition
Update for Microsoft Office 2013 (KB3054856) 32-Bit Edition
Update for Microsoft Office 2013 (KB3054923) 32-Bit Edition
Update for Microsoft Office 2013 (KB3054935) 32-Bit Edition
Update for Microsoft Office 2013 (KB3055010) 32-Bit Edition
Update for Microsoft Office 2013 (KB3055011) 32-Bit Edition
Update for Microsoft Office 2013 (KB3085479) 32-Bit Edition
Update for Microsoft Office 2013 (KB3085480) 32-Bit Edition
Update for Microsoft Office 2013 (KB3085493) 32-Bit Edition
Update for Microsoft Office 2013 (KB3085504) 32-Bit Edition
Update for Microsoft Office 2013 (KB3085506) 32-Bit Edition
Update for Microsoft OneDrive for Business (KB3055020) 32-Bit Edition
Update for Microsoft OneNote 2013 (KB3085491) 32-Bit Edition
Update for Microsoft Outlook 2013 (KB3085495) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2013 (KB3054854) 32-Bit Edition
Update for Microsoft PowerPoint 2013 (KB3085478) 32-Bit Edition
Update for Microsoft Project 2013 (KB3085510) 32-Bit Edition
Update for Microsoft Publisher 2013 (KB3023050) 32-Bit Edition
Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition
Update for Microsoft Word 2013 (KB2878319) 32-Bit Edition
Update for Microsoft Word 2013 (KB3085490) 32-Bit Edition
Update for Skype for Business 2015 (KB2889853) 32-Bit Edition
VC80CRTRedist - 8.0.50727.6195
VLC media player
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
.
==== Event Viewer Messages From Past Week ========
.
9/10/2015 1:58:17 PM, Error: Microsoft-Windows-GroupPolicy [1130] - Startup script failed. GPO Name : Default Computers Policy 1to1 GPO File System Path : \\mackillop.local\sysvol\mackillop.local\Policies\{445836CE-2B37-4EED-A7D2-2D3799C27C7A}\Machine Script Name: turnoffservices.bat
9/10/2015 1:58:17 PM, Error: Microsoft-Windows-GroupPolicy [1130] - Startup script failed. GPO Name : ClickView GPO File System Path : \\mackillop.local\SysVol\mackillop.local\Policies\{5EF4E18B-DD73-432C-9472-B76CDB413658}\Machine Script Name: Clickview IP change.vbs
9/10/2015 1:20:07 AM, Error: Microsoft-Windows-GroupPolicy [1130] - Startup script failed. GPO Name : Default Computers Policy 1to1 GPO File System Path : \\mackillop.local\sysvol\mackillop.local\Policies\{445836CE-2B37-4EED-A7D2-2D3799C27C7A}\Machine Script Name: turnoffservices.bat
9/10/2015 1:20:07 AM, Error: Microsoft-Windows-GroupPolicy [1130] - Startup script failed. GPO Name : ClickView GPO File System Path : \\mackillop.local\SysVol\mackillop.local\Policies\{5EF4E18B-DD73-432C-9472-B76CDB413658}\Machine Script Name: Clickview IP change.vbs
9/10/2015 1:19:32 AM, Error: Service Control Manager [7031] - The Sync Host_Session1 service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
9/10/2015 1:14:49 AM, Error: Microsoft-Windows-GroupPolicy [1055] - The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
8/10/2015 5:56:22 AM, Error: Microsoft-Windows-GroupPolicy [1130] - Startup script failed. GPO Name : Default Computers Policy 1to1 GPO File System Path : \\mackillop.local\sysvol\mackillop.local\Policies\{445836CE-2B37-4EED-A7D2-2D3799C27C7A}\Machine Script Name: turnoffservices.bat
8/10/2015 5:56:22 AM, Error: Microsoft-Windows-GroupPolicy [1130] - Startup script failed. GPO Name : ClickView GPO File System Path : \\mackillop.local\SysVol\mackillop.local\Policies\{5EF4E18B-DD73-432C-9472-B76CDB413658}\Machine Script Name: Clickview IP change.vbs
7/10/2015 4:33:21 PM, Error: Microsoft-Windows-GroupPolicy [1130] - Startup script failed. GPO Name : Default Computers Policy 1to1 GPO File System Path : \\mackillop.local\sysvol\mackillop.local\Policies\{445836CE-2B37-4EED-A7D2-2D3799C27C7A}\Machine Script Name: turnoffservices.bat
7/10/2015 4:33:21 PM, Error: Microsoft-Windows-GroupPolicy [1130] - Startup script failed. GPO Name : ClickView GPO File System Path : \\mackillop.local\SysVol\mackillop.local\Policies\{5EF4E18B-DD73-432C-9472-B76CDB413658}\Machine Script Name: Clickview IP change.vbs
7/10/2015 11:22:32 AM, Error: Microsoft-Windows-GroupPolicy [1058] - The processing of Group Policy failed. Windows attempted to read the file \\mackillop.local\sysvol\mackillop.local\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following: a) Name Resolution/Network Connectivity to the current domain controller. b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller). c) The Distributed File System (DFS) client has been disabled.
7/10/2015 11:22:17 AM, Error: Microsoft-Windows-GroupPolicy [1130] - Startup script failed. GPO Name : Default Computers Policy 1to1 GPO File System Path : \\mackillop.local\sysvol\mackillop.local\Policies\{445836CE-2B37-4EED-A7D2-2D3799C27C7A}\Machine Script Name: turnoffservices.bat
7/10/2015 11:22:17 AM, Error: Microsoft-Windows-GroupPolicy [1130] - Startup script failed. GPO Name : ClickView GPO File System Path : \\mackillop.local\SysVol\mackillop.local\Policies\{5EF4E18B-DD73-432C-9472-B76CDB413658}\Machine Script Name: Clickview IP change.vbs
7/10/2015 11:22:16 AM, Error: Microsoft-Windows-GroupPolicy [1058] - The processing of Group Policy failed. Windows attempted to read the file \\mackillop.local\SysVol\mackillop.local\Policies\{55F5DB21-FA58-4A1E-ACA4-4C3C9ED50EC6}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following: a) Name Resolution/Network Connectivity to the current domain controller. b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller). c) The Distributed File System (DFS) client has been disabled.
7/10/2015 11:21:49 AM, Error: Service Control Manager [7031] - The User Data Storage_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
7/10/2015 11:21:49 AM, Error: Service Control Manager [7031] - The User Data Access_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
7/10/2015 11:21:49 AM, Error: Service Control Manager [7031] - The Contact Data_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
6/10/2015 5:01:16 PM, Error: Service Control Manager [7023] - The Interactive Services Detection service terminated with the following error: Incorrect function.
6/10/2015 4:17:10 PM, Error: Service Control Manager [7030] - The Torch Crash Handler service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
6/10/2015 3:22:17 PM, Error: Microsoft-Windows-GroupPolicy [1130] - Startup script failed. GPO Name : Default Computers Policy 1to1 GPO File System Path : \\mackillop.local\sysvol\mackillop.local\Policies\{445836CE-2B37-4EED-A7D2-2D3799C27C7A}\Machine Script Name: turnoffservices.bat
6/10/2015 3:22:17 PM, Error: Microsoft-Windows-GroupPolicy [1130] - Startup script failed. GPO Name : ClickView GPO File System Path : \\mackillop.local\SysVol\mackillop.local\Policies\{5EF4E18B-DD73-432C-9472-B76CDB413658}\Machine Script Name: Clickview IP change.vbs
6/10/2015 2:44:11 PM, Error: Microsoft-Windows-GroupPolicy [1130] - Startup script failed. GPO Name : Default Computers Policy 1to1 GPO File System Path : \\mackillop.local\sysvol\mackillop.local\Policies\{445836CE-2B37-4EED-A7D2-2D3799C27C7A}\Machine Script Name: turnoffservices.bat
6/10/2015 2:44:11 PM, Error: Microsoft-Windows-GroupPolicy [1130] - Startup script failed. GPO Name : ClickView GPO File System Path : \\mackillop.local\SysVol\mackillop.local\Policies\{5EF4E18B-DD73-432C-9472-B76CDB413658}\Machine Script Name: Clickview IP change.vbs
6/10/2015 2:24:50 PM, Error: Microsoft-Windows-GroupPolicy [1130] - Startup script failed. GPO Name : Default Computers Policy 1to1 GPO File System Path : \\mackillop.local\sysvol\mackillop.local\Policies\{445836CE-2B37-4EED-A7D2-2D3799C27C7A}\Machine Script Name: turnoffservices.bat
6/10/2015 2:24:50 PM, Error: Microsoft-Windows-GroupPolicy [1130] - Startup script failed. GPO Name : ClickView GPO File System Path : \\mackillop.local\SysVol\mackillop.local\Policies\{5EF4E18B-DD73-432C-9472-B76CDB413658}\Machine Script Name: Clickview IP change.vbs
6/10/2015 2:05:41 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {5179B48C-C9FB-4CE1-B0EA-C3BF0E68C04C} and APPID {AD65A69D-3831-40D7-9629-9B0B50A93843} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
6/10/2015 2:02:53 PM, Error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with the following service-specific error: A system shutdown is in progress.
6/10/2015 2:02:53 PM, Error: Microsoft-Windows-Bits-Client [16392] - The BITS service failed to start. Error 0x8007045B.
6/10/2015 2:02:52 PM, Error: Service Control Manager [7043] - The Diagnostics Tracking Service service did not shut down properly after receiving a preshutdown control.
6/10/2015 2:01:50 PM, Error: Service Control Manager [7023] - The Windows Time service terminated with the following error: An attempt was made to logon, but the network logon service was not started.
6/10/2015 2:01:50 PM, Error: Service Control Manager [7023] - The IP Helper service terminated with the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
6/10/2015 2:01:50 PM, Error: Service Control Manager [7001] - The Network Connectivity Assistant service depends on the IP Helper service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
6/10/2015 2:01:50 PM, Error: NetJoin [4097] - The machine 2014JENNINGS attempted to join the domain mackillop.local\MCDC03.mackillop.local but failed. The error code was 2224.
6/10/2015 2:01:50 PM, Error: Microsoft-Windows-Time-Service [46] - The time service encountered an error and was forced to shut down. The error was: 0x80070700: An attempt was made to logon, but the network logon service was not started.
6/10/2015 2:00:53 PM, Error: Service Control Manager [7023] - The Network List Service service terminated with the following error: The device is not ready.
12/10/2015 11:37:34 AM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator.
12/10/2015 10:08:20 AM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain MACKILLOP due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
11/10/2015 11:45:23 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {B019CAE0-D910-410F-AD15-5AFA0E58DF61} and APPID {AD65A69D-3831-40D7-9629-9B0B50A93843} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
11/10/2015 11:45:23 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {05D1D5D8-18D1-4B83-85ED-A0F99D53C885} and APPID {AD65A69D-3831-40D7-9629-9B0B50A93843} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
11/10/2015 11:43:33 PM, Error: Microsoft-Windows-GroupPolicy [1130] - Startup script failed. GPO Name : Default Computers Policy 1to1 GPO File System Path : \\mackillop.local\sysvol\mackillop.local\Policies\{445836CE-2B37-4EED-A7D2-2D3799C27C7A}\Machine Script Name: turnoffservices.bat
11/10/2015 11:43:33 PM, Error: Microsoft-Windows-GroupPolicy [1130] - Startup script failed. GPO Name : ClickView GPO File System Path : \\mackillop.local\SysVol\mackillop.local\Policies\{5EF4E18B-DD73-432C-9472-B76CDB413658}\Machine Script Name: Clickview IP change.vbs
11/10/2015 11:42:37 PM, Error: Service Control Manager [7031] - The Sync Host_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
10/10/2015 9:39:11 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {1CCB96F4-B8AD-4B43-9688-B273F58E0910} and APPID {AD65A69D-3831-40D7-9629-9B0B50A93843} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
10/10/2015 9:38:46 PM, Error: Microsoft-Windows-GroupPolicy [1130] - Startup script failed. GPO Name : Default Computers Policy 1to1 GPO File System Path : \\mackillop.local\sysvol\mackillop.local\Policies\{445836CE-2B37-4EED-A7D2-2D3799C27C7A}\Machine Script Name: turnoffservices.bat
10/10/2015 9:38:46 PM, Error: Microsoft-Windows-GroupPolicy [1130] - Startup script failed. GPO Name : ClickView GPO File System Path : \\mackillop.local\SysVol\mackillop.local\Policies\{5EF4E18B-DD73-432C-9472-B76CDB413658}\Machine Script Name: Clickview IP change.vbs
10/10/2015 1:21:15 PM, Error: Microsoft-Windows-GroupPolicy [1130] - Startup script failed. GPO Name : Default Computers Policy 1to1 GPO File System Path : \\mackillop.local\sysvol\mackillop.local\Policies\{445836CE-2B37-4EED-A7D2-2D3799C27C7A}\Machine Script Name: turnoffservices.bat
10/10/2015 1:21:15 PM, Error: Microsoft-Windows-GroupPolicy [1130] - Startup script failed. GPO Name : ClickView GPO File System Path : \\mackillop.local\SysVol\mackillop.local\Policies\{5EF4E18B-DD73-432C-9472-B76CDB413658}\Machine Script Name: Clickview IP change.vbs
.
==== End Of File ===========================
judejenz
Active Member
 
Posts: 1
Joined: October 11th, 2015, 9:36 pm
Advertisement
Register to Remove

Re: Infected With Cryptowall 3.0

Unread postby Gary R » October 13th, 2015, 3:53 am

Connected to Educational Network
I see you are posting for help for a computer connected to an "Educational" Network.

May I draw your attention to ALL USERS OF THIS FORUM MUST READ THIS FIRST topic, which you should have read before posting for help.

The section here, explains why we do not offer help for such computers.


This topic is now closed


If the technicians for your school/college/university need more information on Cryptowall 3, then the following article covers that infection in some depth ... http://www.bleepingcomputer.com/virus-r ... nformation
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 46 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware