Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Defender found malware, defender now won't run

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Defender found malware, defender now won't run

Unread postby askjacob » July 4th, 2016, 6:45 pm

Hi there,

--
Having been rightly chastised by Gary R for "Bumping" (I was putting in more info that I omitted in the original post, and I can't see where you can edit a post), I humbly shall try again and hope for help. The response was brutal and swift, but I get it and understand. I even promise I read all the pre-post information, but I must be like a lot of people and assume it does not apply to me - and I made a few blunders anyway...
--

I have a newish (less than 2 months old) Windows 10 laptop that had an as supplied trial of Macafee installed, once that expired after 30 days I decided what the heck I will try out MS's Defender, and what do you know, a lot of malware had gone under the radar. I should have known better, but I thought I'd use it during the free trial, but now I am paying the price.

Anyway, Defender said it had "fixed" the problems, but I digress, here we are: After rebooting the laptod seemed rougher than ever. I tried to run Defender to gets the message " This App has been turned off and isn't monitoring your computer" and even trying to "turn on" in "Security and Maintenance" gives the same helpful advice. I now find myself a happy owner of a win 10 system that now refuses to start defender, and I don't trust it a bit. If I could get it up again, perhaps I could tell you the malware and trojan it found - as far as I can find the win 10 "notifications" area does not have a persistent history, nor do I know where to begin in even viewer these days, even after doing a few feeble searches...


There are no major issues with browsing, or popups or redirects, however some applications can't phone home and I have had the machine restart several times now with no warning, error messages or anything.

I used to be a reasonable bug hunter back and worked under the bonnet in the XP days, but time has passed, I work in other fields now and Win 10 has me beat and feeling old. You may see stuff in the logs from a bit of fun with Trovi search redirect a few months ago - which for all I know could have been the beginning of all of this...

Please help if you can. The Addition.txt is attached as it all got too long for 1 post.

Kind regards,
Jacob
....................

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-07-2016
Ran by Jacob (administrator) on MOBILELABMAX (04-07-2016 18:16:05)
Running from C:\Users\Jacob\Downloads
Loaded Profiles: Jacob (Available Profiles: Jacob)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(ASUSTeK) C:\Program Files (x86)\ASUS\ROG Game First III\AsusGameFirstService.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Windows\System32\igfxTray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Flux Software LLC) C:\Users\Jacob\AppData\Local\FluxSoftware\Flux\flux.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
() C:\Program Files (x86)\EitherMouse\EitherMouse.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ROG Gaming Center\ROGGamingKey.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.2.8.559\AsusWSPanel.exe
() C:\Program Files (x86)\ASUS\WebStorage\2.2.8.559\AsusWSService.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-15] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.2.8.559\ASUSWSLoader.exe [62944 2016-05-04] ()
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24105936 2016-06-14] (Dropbox, Inc.)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [104128 2015-10-18] (VMware, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1000113554-1559343911-2160561676-1001\...\Run: [f.lux] => C:\Users\Jacob\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-1000113554-1559343911-2160561676-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
HKU\S-1-5-21-1000113554-1559343911-2160561676-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [5915776 2016-03-21] (Safer-Networking Ltd.)
HKU\S-1-5-21-1000113554-1559343911-2160561676-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2917456 2016-06-15] (Valve Corporation)
HKU\S-1-5-21-1000113554-1559343911-2160561676-1001\...\MountPoints2: {1aebcffa-2d26-11e6-9be6-185e0f1c3f17} - "F:\TL-BootStrap.exe"
HKU\S-1-5-21-1000113554-1559343911-2160561676-1001\...\MountPoints2: {c33e669c-2d07-11e6-9be5-185e0f1c3f17} - "F:\TL-BootStrap.exe"
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-06-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.2.8.559\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.2.8.559\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.2.8.559\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-06-14] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Heimdal.lnk [2016-06-06]
ShortcutTarget: Heimdal.lnk -> C:\Program Files (x86)\Heimdal\Client\HeimdalAgent.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks 2014 Fast Start.lnk [2016-06-09]
ShortcutTarget: SolidWorks 2014 Fast Start.lnk -> C:\Windows\Installer\{4FFA60C4-9A8B-4C9E-8265-2241B266304C}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera Software LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks Background Downloader.lnk [2016-06-09]
ShortcutTarget: SolidWorks Background Downloader.lnk -> C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe (Dassault Systèmes SolidWorks Corp.)
Startup: C:\Users\Jacob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EitherMouse.lnk [2016-06-19]
ShortcutTarget: EitherMouse.lnk -> C:\Program Files (x86)\EitherMouse\EitherMouse.exe ()
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4 10.1.1.1
Tcpip\..\Interfaces\{f07a1244-cca8-4c31-842b-e76aab81d8dc}: [DhcpNameServer] 8.8.8.8 8.8.4.4 10.1.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1000113554-1559343911-2160561676-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1000113554-1559343911-2160561676-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-1000113554-1559343911-2160561676-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://follow.toshiba.ca/toshiba/id-ss
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-06-10] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-06-10] (Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-05-01] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-10] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Jacob\AppData\Roaming\Mozilla\Firefox\Profiles\tfg0qaaa.default
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-06-10] (Microsoft Corporation)
FF Extension: TinEye Reverse Image Search - C:\Users\Jacob\AppData\Roaming\Mozilla\Firefox\Profiles\tfg0qaaa.default\extensions\tineye@ideeinc.com.xpi [2016-06-05]
FF Extension: Ant Video Downloader - C:\Users\Jacob\AppData\Roaming\Mozilla\Firefox\Profiles\tfg0qaaa.default\extensions\anttoolbar@ant.com [2016-06-29]
FF Extension: Reddit Enhancement Suite - C:\Users\Jacob\AppData\Roaming\Mozilla\Firefox\Profiles\tfg0qaaa.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2016-06-04]
FF Extension: uBlock Origin - C:\Users\Jacob\AppData\Roaming\Mozilla\Firefox\Profiles\tfg0qaaa.default\Extensions\uBlock0@raymondhill.net.xpi [2016-06-24]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.2.2.524\AsusWSWinService.exe [71168 2015-06-01] (ASUS Cloud Corporation) [File not signed]
R2 AsusGameFirstService; C:\Program Files (x86)\ASUS\ROG Game First III\AsusGameFirstService.exe [356664 2015-02-03] (ASUSTeK)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2944768 2016-06-10] (Microsoft Corporation)
S3 cplspcon; C:\Windows\system32\IntelCpHDCPSvc.exe [431088 2016-06-17] (Intel Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-06-02] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-06-02] (Dropbox, Inc.)
R2 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [1385640 2015-08-17] (Intel Corporation)
S3 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-03-09] ()
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-15] (NVIDIA Corporation)
R2 ibtsiva; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [165104 2015-08-08] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [356336 2016-06-17] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-20] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-20] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2015-08-07] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2016-02-08] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-15] (NVIDIA Corporation)
S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-15] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-15] (NVIDIA Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-15] ()
S3 ROGGamingCenterService; C:\Program Files (x86)\ASUS\ROG Gaming Center\ROGGamingCenterService.exe [76032 2015-08-13] (ASUSTeK COMPUTER INC.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2016-06-09] (SolidWorks) [File not signed]
S2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [118424 2016-03-09] ()
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-03-09] ()
S2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12465856 2015-10-18] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe [19192 2015-08-13] (Intel(R) Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3833248 2016-02-08] (Intel® Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AsusSGDrv; C:\Windows\system32\DRIVERS\AsusSGDrv.sys [138744 2015-08-18] (ASUS Corporation)
R3 dptf_acpi; C:\Windows\System32\drivers\dptf_acpi.sys [55816 2015-08-17] (Intel Corporation)
R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [53752 2015-08-17] (Intel Corporation)
R3 esif_lf; C:\Windows\system32\DRIVERS\esif_lf.sys [261624 2015-08-17] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [259824 2015-08-08] (Intel Corporation)
R2 iocbios2; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [30224 2015-08-13] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [184608 2015-07-29] (Intel Corporation)
S3 Netwtw02; C:\Windows\System32\drivers\Netwtw02.sys [7075568 2015-08-24] (Intel Corporation)
R3 Netwtw04; C:\Windows\System32\drivers\Netwtw04.sys [7135504 2016-02-27] (Intel Corporation)
R1 NFC_Driver; C:\Windows\System32\drivers\NFC_Driver.sys [53440 2015-01-06] (Titan ARC Corp.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [887552 2015-07-15] (Realtek )
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [753368 2015-06-15] (Realsil Semiconductor Corporation)
S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2016-03-09] ()
R0 vsock; C:\Windows\System32\drivers\vsock.sys [75512 2015-10-18] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [34520 2015-07-09] (VMware, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-04 18:16 - 2016-07-04 18:16 - 00023298 _____ C:\Users\Jacob\Downloads\FRST.txt
2016-07-04 18:15 - 2016-07-04 18:16 - 00000000 ____D C:\FRST
2016-07-04 18:15 - 2016-07-04 18:15 - 00000194 _____ C:\Users\Jacob\Downloads\ckfiles.txt
2016-07-04 18:14 - 2016-07-04 18:15 - 02390016 _____ (Farbar) C:\Users\Jacob\Downloads\FRST64.exe
2016-07-04 18:07 - 2016-07-04 18:09 - 00468480 _____ () C:\Users\Jacob\Downloads\CKScanner.exe
2016-07-04 17:37 - 2016-07-04 17:38 - 00400276 _____ C:\WINDOWS\Minidump\070416-25625-01.dmp
2016-07-02 12:26 - 2016-07-04 12:00 - 00003550 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
2016-07-02 09:50 - 2016-07-02 09:51 - 03471190 _____ C:\Users\Jacob\Downloads\Aquaria_update_win32.zip
2016-07-01 21:27 - 2016-07-01 21:37 - 00000000 ____D C:\Users\Jacob\Desktop\Slic3r
2016-07-01 20:27 - 2016-07-01 20:29 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2016-07-01 20:25 - 2016-06-05 11:50 - 00452678 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20160701-202502.backup
2016-07-01 20:13 - 2016-06-16 06:40 - 00484008 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-07-01 17:44 - 2016-07-02 18:58 - 357198621 _____ C:\Users\Jacob\Downloads\Doctor_Who_S09E08_720p.[Nightsdl.Com].mkv
2016-06-30 22:22 - 2016-06-30 22:24 - 25591572 _____ C:\Users\Jacob\Downloads\0b3c019a2feeab4d1b6862df959a837c3d9718fa.zip
2016-06-29 22:36 - 2016-06-29 22:36 - 00028152 _____ C:\Users\Jacob\Downloads\Time-master.zip
2016-06-29 22:30 - 2016-06-29 22:31 - 00006201 _____ C:\Users\Jacob\Downloads\DS1307RTC-master.zip
2016-06-29 21:57 - 2016-06-29 21:58 - 00008055 _____ C:\Users\Jacob\Downloads\DS1307(2).zip
2016-06-29 15:14 - 2016-06-29 15:14 - 00007935 _____ C:\Users\Jacob\Downloads\DS1307(1).zip
2016-06-29 14:58 - 2016-06-29 14:59 - 00382603 _____ C:\Users\Jacob\Downloads\DS1307.zip
2016-06-29 12:45 - 2016-06-29 12:45 - 00000000 ____D C:\Users\Jacob\.jssc
2016-06-29 12:39 - 2016-06-29 12:39 - 00413538 _____ C:\Users\Jacob\Downloads\Fat16-master.zip
2016-06-28 17:08 - 2016-06-29 22:39 - 00000194 _____ C:\Users\Jacob\Documents\My Youtube API.txt
2016-06-28 16:56 - 2016-06-28 17:25 - 00000600 _____ C:\Users\Jacob\AppData\Local\PUTTY.RND
2016-06-28 16:55 - 2016-06-28 16:55 - 00531368 _____ (Simon Tatham) C:\Users\Jacob\Downloads\putty (1).exe
2016-06-28 16:15 - 2016-06-28 16:32 - 115404912 _____ (Microsoft Corporation) C:\Users\Jacob\Downloads\windowsxp-kb936929-sp3-x86-enu_c81472f7eeea2eca421e116cd4c03e2300ebfde4.exe.part
2016-06-27 01:44 - 2016-06-27 01:44 - 02364385 _____ C:\Users\Jacob\Downloads\1449873229419.webm
2016-06-27 01:43 - 2016-06-27 01:43 - 01232821 _____ C:\Users\Jacob\Downloads\1457927206934.webm
2016-06-26 19:08 - 2016-06-26 19:08 - 03827357 _____ C:\Users\Jacob\Downloads\The_Amazing_Gyroscopic_Cube_Gears_.zip
2016-06-26 17:09 - 2016-06-26 17:09 - 02809574 _____ C:\Users\Jacob\Downloads\Steampunk_cube_gears.zip
2016-06-26 00:11 - 2016-06-26 00:11 - 00000000 ____D C:\Users\Jacob\AppData\Local\Lazy 8 Studios
2016-06-25 23:58 - 2016-06-25 23:58 - 00000137 _____ C:\Users\Jacob\Desktop\Lone Survivor The Director's Cut.url
2016-06-25 23:58 - 2016-06-25 23:58 - 00000136 _____ C:\Users\Jacob\Desktop\Super Meat Boy.url
2016-06-25 23:57 - 2016-06-25 23:57 - 00000137 _____ C:\Users\Jacob\Desktop\Her Story.url
2016-06-25 23:57 - 2016-06-25 23:57 - 00000137 _____ C:\Users\Jacob\Desktop\Cortex Command.url
2016-06-25 23:57 - 2016-06-25 23:57 - 00000136 _____ C:\Users\Jacob\Desktop\Hammerfight.url
2016-06-25 23:57 - 2016-06-25 23:57 - 00000136 _____ C:\Users\Jacob\Desktop\Atom Zombie Smasher.url
2016-06-25 23:57 - 2016-06-25 23:57 - 00000136 _____ C:\Users\Jacob\Desktop\Amnesia The Dark Descent.url
2016-06-25 23:56 - 2016-06-25 23:56 - 00000137 _____ C:\Users\Jacob\Desktop\Superbrothers Sword & Sworcery EP.url
2016-06-25 23:56 - 2016-06-25 23:56 - 00000137 _____ C:\Users\Jacob\Desktop\80 Days.url
2016-06-25 23:56 - 2016-06-25 23:56 - 00000136 _____ C:\Users\Jacob\Desktop\VVVVVV.url
2016-06-25 23:56 - 2016-06-25 23:56 - 00000136 _____ C:\Users\Jacob\Desktop\Steel Storm Burning Retribution.url
2016-06-25 21:47 - 2016-06-25 21:47 - 00000137 _____ C:\Users\Jacob\Desktop\Read Only Memories.url
2016-06-25 21:46 - 2016-06-25 21:46 - 00000137 _____ C:\Users\Jacob\Desktop\Samorost 3.url
2016-06-25 21:46 - 2016-06-25 21:46 - 00000136 _____ C:\Users\Jacob\Desktop\Samorost 2.url
2016-06-25 21:46 - 2016-06-25 21:46 - 00000136 _____ C:\Users\Jacob\Desktop\Penumbra Overture.url
2016-06-25 21:46 - 2016-06-25 21:46 - 00000136 _____ C:\Users\Jacob\Desktop\Lugaru HD.url
2016-06-25 21:45 - 2016-06-25 21:45 - 00000136 _____ C:\Users\Jacob\Desktop\Cogs.url
2016-06-25 21:45 - 2016-06-25 21:45 - 00000135 _____ C:\Users\Jacob\Desktop\Gish.url
2016-06-25 21:44 - 2016-06-25 21:44 - 00000137 _____ C:\Users\Jacob\Desktop\Cibele.url
2016-06-25 21:44 - 2016-06-25 21:44 - 00000137 _____ C:\Users\Jacob\Desktop\Broken Age.url
2016-06-25 21:43 - 2016-06-25 21:43 - 00000136 _____ C:\Users\Jacob\Desktop\Aquaria.url
2016-06-25 21:43 - 2016-06-25 21:43 - 00000136 _____ C:\Users\Jacob\Desktop\And Yet It Moves.url
2016-06-25 21:24 - 2016-06-25 21:24 - 00000222 _____ C:\Users\Jacob\Desktop\Sorcery! Parts 1 & 2.url
2016-06-25 21:20 - 2016-06-25 21:20 - 00000221 _____ C:\Users\Jacob\Desktop\LIMBO.url
2016-06-25 21:18 - 2016-06-25 21:18 - 00000220 _____ C:\Users\Jacob\Desktop\Psychonauts.url
2016-06-25 07:22 - 2016-06-25 07:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-06-22 22:14 - 2016-06-22 22:14 - 00466456 _____ (Creative Labs) C:\WINDOWS\system32\wrap_oal.dll
2016-06-22 22:14 - 2016-06-22 22:14 - 00444952 _____ (Creative Labs) C:\WINDOWS\SysWOW64\wrap_oal.dll
2016-06-22 22:14 - 2016-06-22 22:14 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\system32\OpenAL32.dll
2016-06-22 22:14 - 2016-06-22 22:14 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\SysWOW64\OpenAL32.dll
2016-06-22 22:14 - 2016-06-22 22:14 - 00000000 ____D C:\Users\Jacob\Documents\Zaccaria_Pinball
2016-06-22 22:14 - 2016-06-22 22:14 - 00000000 ____D C:\Program Files (x86)\OpenAL
2016-06-22 21:26 - 2016-06-22 21:26 - 00000000 ____D C:\Users\Jacob\AppData\Local\2DBoy
2016-06-22 21:26 - 2016-06-22 21:26 - 00000000 ____D C:\ProgramData\2DBoy
2016-06-22 21:17 - 2016-06-22 21:17 - 00000221 _____ C:\Users\Jacob\Desktop\Crayon Physics Deluxe.url
2016-06-22 19:52 - 2016-06-22 22:28 - 00000222 _____ C:\Users\Jacob\Desktop\Zaccaria Pinball.url
2016-06-22 19:41 - 2016-06-22 19:41 - 00000221 _____ C:\Users\Jacob\Desktop\World of Goo.url
2016-06-22 19:40 - 2016-06-22 19:40 - 00000221 _____ C:\Users\Jacob\Desktop\Braid.url
2016-06-22 18:50 - 2016-06-25 23:58 - 00000000 ____D C:\Users\Jacob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-06-22 18:50 - 2016-06-22 18:50 - 00000219 _____ C:\Users\Jacob\Desktop\Portal.url
2016-06-22 18:40 - 2016-06-22 18:40 - 00000000 ____D C:\Users\Jacob\AppData\Local\Steam
2016-06-22 18:40 - 2016-06-22 18:40 - 00000000 ____D C:\Users\Jacob\AppData\Local\CEF
2016-06-22 18:34 - 2016-07-04 17:41 - 00000000 ____D C:\Program Files (x86)\Steam
2016-06-22 18:34 - 2016-06-22 18:34 - 00001038 _____ C:\Users\Public\Desktop\Steam.lnk
2016-06-22 18:34 - 2016-06-22 18:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2016-06-22 18:33 - 2016-06-22 18:34 - 01380712 _____ C:\Users\Jacob\Downloads\SteamSetup.exe
2016-06-22 12:39 - 2016-06-22 12:39 - 00000000 ____D C:\Users\Jacob\AppData\Roaming\com.stateofplaygames.LuminoCity
2016-06-22 01:47 - 2016-06-22 01:47 - 01148964 _____ C:\Users\Jacob\Downloads\U8glib_Arduino-1.19.1.zip
2016-06-21 17:32 - 2016-06-21 17:32 - 00000000 ____D C:\Users\Jacob\Downloads\New folder
2016-06-21 17:29 - 2016-06-21 17:29 - 00000000 ___HD C:\OneDriveTemp
2016-06-20 23:50 - 2016-06-30 22:04 - 00000000 ____D C:\Users\Jacob\Documents\Arduino
2016-06-20 23:50 - 2016-06-29 23:00 - 00000000 ____D C:\Users\Jacob\AppData\Local\Arduino15
2016-06-20 23:50 - 2016-06-20 23:50 - 00000000 ____D C:\Users\Jacob\.oracle_jre_usage
2016-06-19 21:38 - 2016-06-19 21:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EitherMouse
2016-06-19 21:38 - 2016-06-19 21:38 - 00000000 ____D C:\Program Files (x86)\EitherMouse
2016-06-19 21:36 - 2016-06-19 21:37 - 02747904 _____ C:\Users\Jacob\Downloads\EitherMouse Setup.exe
2016-06-19 18:02 - 2016-06-19 18:02 - 00006729 _____ C:\Users\Jacob\Downloads\iNq5zmg.gifv
2016-06-17 00:23 - 2016-06-17 00:23 - 01009648 _____ C:\WINDOWS\system32\igfxSDK.exe
2016-06-17 00:23 - 2016-06-17 00:23 - 00949232 _____ (Intel Corporation) C:\WINDOWS\system32\Gfxv4_0.exe
2016-06-17 00:23 - 2016-06-17 00:23 - 00945648 _____ (Intel Corporation) C:\WINDOWS\system32\Gfxv2_0.exe
2016-06-17 00:23 - 2016-06-17 00:23 - 00519152 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiUMS64.exe
2016-06-17 00:23 - 2016-06-17 00:23 - 00449520 _____ (Intel Corporation) C:\WINDOWS\system32\GfxUIEx.exe
2016-06-17 00:23 - 2016-06-17 00:23 - 00431088 _____ (Intel Corporation) C:\WINDOWS\system32\IntelCpHDCPSvc.exe
2016-06-17 00:23 - 2016-06-17 00:23 - 00219632 _____ (Intel Corporation) C:\WINDOWS\system32\igfxext.exe
2016-06-17 00:23 - 2016-06-17 00:23 - 00215024 _____ (Intel Corporation) C:\WINDOWS\system32\DPTopologyApp.exe
2016-06-17 00:23 - 2016-06-17 00:23 - 00214512 _____ (Intel Corporation) C:\WINDOWS\system32\DPTopologyAppv2_0.exe
2016-06-17 00:23 - 2016-06-17 00:23 - 00157680 _____ (Intel Corporation) C:\WINDOWS\system32\difx64.exe
2016-06-17 00:16 - 2016-06-17 00:16 - 39861840 _____ (Intel Corporation) C:\WINDOWS\system32\igdumdim64.dll
2016-06-17 00:16 - 2016-06-17 00:16 - 34820304 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igd11dxva32.dll
2016-06-17 00:16 - 2016-06-17 00:16 - 29101592 _____ (Intel Corporation) C:\WINDOWS\system32\common_clang64.dll
2016-06-17 00:16 - 2016-06-17 00:16 - 19861528 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\common_clang32.dll
2016-06-17 00:16 - 2016-06-17 00:16 - 13618200 _____ (Intel Corporation) C:\WINDOWS\system32\ig9icd64.dll
2016-06-17 00:16 - 2016-06-17 00:16 - 11856624 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igd10iumd32.dll
2016-06-17 00:16 - 2016-06-17 00:16 - 10314776 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\ig9icd32.dll
2016-06-17 00:16 - 2016-06-17 00:16 - 06647056 _____ (Intel Corporation) C:\WINDOWS\system32\igdusc64.dll
2016-06-17 00:16 - 2016-06-17 00:16 - 05688856 _____ (Intel Corporation) C:\WINDOWS\system32\igdmcl64.dll
2016-06-17 00:16 - 2016-06-17 00:16 - 05262872 _____ (Intel Corporation) C:\WINDOWS\system32\GfxResources.dll
2016-06-17 00:16 - 2016-06-17 00:16 - 05101736 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdusc32.dll
2016-06-17 00:16 - 2016-06-17 00:16 - 04927000 _____ (Intel Corporation) C:\WINDOWS\system32\igdrcl64.dll
2016-06-17 00:16 - 2016-06-17 00:16 - 04358168 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdrcl32.dll
2016-06-17 00:16 - 2016-06-17 00:16 - 04246568 _____ (Intel Corporation) C:\WINDOWS\system32\igd12umd64.dll
2016-06-17 00:16 - 2016-06-17 00:16 - 04214056 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igd12umd32.dll
2016-06-17 00:16 - 2016-06-17 00:16 - 03971608 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdmcl32.dll
2016-06-17 00:16 - 2016-06-17 00:16 - 01896480 _____ (Intel Corporation) C:\WINDOWS\system32\igdmd64.dll
2016-06-17 00:16 - 2016-06-17 00:16 - 01816736 _____ (Intel Corporation) C:\WINDOWS\system32\iglhsip64.dll
2016-06-17 00:16 - 2016-06-17 00:16 - 01814080 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\iglhsip32.dll
2016-06-17 00:16 - 2016-06-17 00:16 - 01590808 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcmjit64.dll
2016-06-17 00:16 - 2016-06-17 00:16 - 01469920 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdmd32.dll
2016-06-17 00:16 - 2016-06-17 00:16 - 01178648 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxcmjit32.dll
2016-06-17 00:16 - 2016-06-17 00:16 - 00818898 _____ C:\WINDOWS\system32\DisplayAudiox64.cab
2016-06-17 00:16 - 2016-06-17 00:16 - 00632856 _____ (Intel Corporation) C:\WINDOWS\system32\MetroIntelGenericUIFramework.dll
2016-06-17 00:16 - 2016-06-17 00:16 - 00438808 _____ (Intel Corporation) C:\WINDOWS\system32\igdbcl64.dll
2016-06-17 00:16 - 2016-06-17 00:16 - 00416280 _____ (Intel Corporation) C:\WINDOWS\system32\IntelOpenCL64.dll
2016-06-17 00:16 - 2016-06-17 00:16 - 00390168 _____ (Intel Corporation) C:\WINDOWS\system32\igfxOSP.dll
2016-06-17 00:16 - 2016-06-17 00:16 - 00388632 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdbcl32.dll
2016-06-17 00:16 - 2016-06-17 00:16 - 00350200 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiMCComp64.dll
2016-06-17 00:16 - 2016-06-17 00:16 - 00318488 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\IntelOpenCL32.dll
2016-06-17 00:16 - 2016-06-17 00:16 - 00312320 _____ (Intel Corporation) C:\WINDOWS\system32\igd10idpp64.dll
2016-06-17 00:16 - 2016-06-17 00:16 - 00297184 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igd10idpp32.dll
2016-06-17 00:16 - 2016-06-17 00:16 - 00273432 _____ C:\WINDOWS\system32\igfxCPL.cpl
2016-06-17 00:16 - 2016-06-17 00:16 - 00266264 _____ (Intel Corporation) C:\WINDOWS\system32\igdfcl64.dll
2016-06-17 00:16 - 2016-06-17 00:16 - 00255000 _____ (Intel Corporation) C:\WINDOWS\system32\igfxDTCM.dll
2016-06-17 00:16 - 2016-06-17 00:16 - 00242176 _____ (Intel Corporation) C:\WINDOWS\system32\iglhcp64.dll
2016-06-17 00:16 - 2016-06-17 00:16 - 00225304 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdfcl32.dll
2016-06-17 00:16 - 2016-06-17 00:16 - 00223264 _____ (Intel Corporation) C:\WINDOWS\system32\igdde64.dll
2016-06-17 00:16 - 2016-06-17 00:16 - 00207896 _____ (Intel Corporation) C:\WINDOWS\system32\igfxCoIn_v4463.dll
2016-06-17 00:16 - 2016-06-17 00:16 - 00205376 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\iglhcp32.dll
2016-06-17 00:16 - 2016-06-17 00:16 - 00193048 _____ (Intel Corporation) C:\WINDOWS\system32\igdail64.dll
2016-06-17 00:16 - 2016-06-17 00:16 - 00184000 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcmrt64.dll
2016-06-17 00:16 - 2016-06-17 00:16 - 00182976 _____ (Intel Corporation) C:\WINDOWS\system32\igfx11cmrt64.dll
2016-06-17 00:16 - 2016-06-17 00:16 - 00181856 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdde32.dll
2016-06-17 00:16 - 2016-06-17 00:16 - 00173592 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdail32.dll
2016-06-17 00:16 - 2016-06-17 00:16 - 00160288 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxcmrt32.dll
2016-06-17 00:16 - 2016-06-17 00:16 - 00160288 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfx11cmrt32.dll
2016-06-17 00:16 - 2016-06-17 00:16 - 00111640 _____ ( ) C:\WINDOWS\system32\igfxSDKLibv2_0.dll
2016-06-17 00:16 - 2016-06-17 00:16 - 00103960 _____ (Khronos Group) C:\WINDOWS\SysWOW64\Intel_OpenCL_ICD32.dll
2016-06-17 00:16 - 2016-06-17 00:16 - 00103448 _____ C:\WINDOWS\system32\igfxCUIServicePS.dll
2016-06-17 00:16 - 2016-06-17 00:16 - 00100888 _____ ( ) C:\WINDOWS\system32\igfxSDKLib.dll
2016-06-17 00:16 - 2016-06-17 00:16 - 00099864 _____ (Khronos Group) C:\WINDOWS\system32\Intel_OpenCL_ICD64.dll
2016-06-17 00:16 - 2016-06-17 00:16 - 00095256 _____ ( ) C:\WINDOWS\system32\igfxDHLibv2_0.dll
2016-06-17 00:16 - 2016-06-17 00:16 - 00084504 _____ ( ) C:\WINDOWS\system32\igfxDHLib.dll
2016-06-17 00:16 - 2016-06-17 00:16 - 00056088 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxexps32.dll
2016-06-17 00:16 - 2016-06-17 00:16 - 00055264 _____ (Intel Corporation) C:\WINDOWS\system32\igfxexps.dll
2016-06-17 00:16 - 2016-06-17 00:16 - 00029208 _____ ( ) C:\WINDOWS\system32\igfxDILibv2_0.dll
2016-06-17 00:16 - 2016-06-17 00:16 - 00029208 _____ ( ) C:\WINDOWS\system32\igfxDILib.dll
2016-06-17 00:16 - 2016-06-17 00:16 - 00027672 _____ ( ) C:\WINDOWS\system32\igfxEMLibv2_0.dll
2016-06-17 00:16 - 2016-06-17 00:16 - 00027672 _____ ( ) C:\WINDOWS\system32\igfxEMLib.dll
2016-06-17 00:16 - 2016-06-17 00:16 - 00022552 _____ ( ) C:\WINDOWS\system32\igfxLHMLibv2_0.dll
2016-06-17 00:16 - 2016-06-17 00:16 - 00022552 _____ ( ) C:\WINDOWS\system32\igfxLHMLib.dll
2016-06-17 00:16 - 2016-06-17 00:16 - 00004842 _____ C:\WINDOWS\system32\iglhxs64.vp
2016-06-16 22:01 - 2016-07-01 10:24 - 00033792 ___SH C:\Users\Jacob\Downloads\Thumbs.db
2016-06-15 11:43 - 2016-05-28 16:13 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-06-15 11:43 - 2016-05-28 16:13 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-06-15 11:43 - 2016-05-28 14:57 - 01594416 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-06-15 11:43 - 2016-05-28 14:57 - 01372312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-06-15 11:43 - 2016-05-28 14:35 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-06-15 11:43 - 2016-05-28 14:35 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-06-15 11:43 - 2016-05-28 14:31 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-06-15 11:43 - 2016-05-28 14:29 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-06-15 11:43 - 2016-05-28 14:29 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-06-15 11:43 - 2016-05-28 14:28 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-06-15 11:43 - 2016-05-28 14:27 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-06-15 11:43 - 2016-05-28 14:27 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-06-15 11:43 - 2016-05-28 14:26 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-06-15 11:43 - 2016-05-28 14:26 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-06-15 11:43 - 2016-05-28 14:24 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-06-15 11:43 - 2016-05-28 14:22 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-06-15 11:43 - 2016-05-28 14:22 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-06-15 11:43 - 2016-05-28 14:22 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-06-15 11:43 - 2016-05-28 14:19 - 24605696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-06-15 11:43 - 2016-05-28 14:18 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-06-15 11:43 - 2016-05-28 14:18 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-06-15 11:43 - 2016-05-28 14:17 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-06-15 11:43 - 2016-05-28 14:15 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-06-15 11:43 - 2016-05-28 14:15 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-06-15 11:43 - 2016-05-28 14:15 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-06-15 11:43 - 2016-05-28 14:14 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-06-15 11:43 - 2016-05-28 14:14 - 00606208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-06-15 11:43 - 2016-05-28 14:14 - 00499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-06-15 11:43 - 2016-05-28 14:13 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-06-15 11:43 - 2016-05-28 14:12 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-06-15 11:43 - 2016-05-28 14:11 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-06-15 11:43 - 2016-05-28 14:11 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-06-15 11:43 - 2016-05-28 14:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-06-15 11:43 - 2016-05-28 14:08 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-06-15 11:43 - 2016-05-28 14:06 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-06-15 11:43 - 2016-05-28 14:04 - 06973952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-06-15 11:43 - 2016-05-28 14:03 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-06-15 11:43 - 2016-05-28 14:03 - 02609664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-06-15 11:43 - 2016-05-28 14:00 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-06-15 11:43 - 2016-05-28 13:58 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-06-15 11:42 - 2016-05-28 16:13 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-06-15 11:42 - 2016-05-28 16:13 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-06-15 11:42 - 2016-05-28 16:13 - 00290496 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-06-15 11:42 - 2016-05-28 16:13 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-06-15 11:42 - 2016-05-28 15:25 - 04268880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2016-06-15 11:42 - 2016-05-28 15:23 - 00388384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ws2_32.dll
2016-06-15 11:42 - 2016-05-28 15:23 - 00312160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswsock.dll
2016-06-15 11:42 - 2016-05-28 15:22 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-06-15 11:42 - 2016-05-28 15:22 - 04387680 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2016-06-15 11:42 - 2016-05-28 15:22 - 00428896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2016-06-15 11:42 - 2016-05-28 15:22 - 00211296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2016-06-15 11:42 - 2016-05-28 15:22 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-06-15 11:42 - 2016-05-28 15:20 - 00430312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ws2_32.dll
2016-06-15 11:42 - 2016-05-28 15:18 - 00357216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mswsock.dll
2016-06-15 11:42 - 2016-05-28 15:16 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-06-15 11:42 - 2016-05-28 15:09 - 00501600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-06-15 11:42 - 2016-05-28 15:09 - 00170848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.exe
2016-06-15 11:42 - 2016-05-28 15:09 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-06-15 11:42 - 2016-05-28 15:08 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-06-15 11:42 - 2016-05-28 15:08 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-06-15 11:42 - 2016-05-28 15:08 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-06-15 11:42 - 2016-05-28 15:07 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-06-15 11:42 - 2016-05-28 15:07 - 02921880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-06-15 11:42 - 2016-05-28 15:07 - 01322248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-06-15 11:42 - 2016-05-28 15:07 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-06-15 11:42 - 2016-05-28 15:07 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-06-15 11:42 - 2016-05-28 15:07 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-06-15 11:42 - 2016-05-28 15:07 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-06-15 11:42 - 2016-05-28 15:06 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-06-15 11:42 - 2016-05-28 15:06 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-06-15 11:42 - 2016-05-28 15:06 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-06-15 11:42 - 2016-05-28 15:06 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-06-15 11:42 - 2016-05-28 15:06 - 00254656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-06-15 11:42 - 2016-05-28 15:05 - 04515264 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-06-15 11:42 - 2016-05-28 15:04 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-06-15 11:42 - 2016-05-28 15:04 - 00431296 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2016-06-15 11:42 - 2016-05-28 15:04 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2016-06-15 11:42 - 2016-05-28 15:04 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-06-15 11:42 - 2016-05-28 15:04 - 00111064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2016-06-15 11:42 - 2016-05-28 15:04 - 00097096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2016-06-15 11:42 - 2016-05-28 15:03 - 00131248 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2016-06-15 11:42 - 2016-05-28 14:58 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-06-15 11:42 - 2016-05-28 14:58 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-06-15 11:42 - 2016-05-28 14:57 - 02548944 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-06-15 11:42 - 2016-05-28 14:57 - 02195632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-06-15 11:42 - 2016-05-28 14:57 - 00649792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-06-15 11:42 - 2016-05-28 14:57 - 00636304 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-06-15 11:42 - 2016-05-28 14:57 - 00577376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-06-15 11:42 - 2016-05-28 14:57 - 00546456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-06-15 11:42 - 2016-05-28 14:57 - 00521664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-06-15 11:42 - 2016-05-28 14:57 - 00316256 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-06-15 11:42 - 2016-05-28 14:35 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsdport.sys
2016-06-15 11:42 - 2016-05-28 14:31 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-06-15 11:42 - 2016-05-28 14:31 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-06-15 11:42 - 2016-05-28 14:29 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2016-06-15 11:42 - 2016-05-28 14:29 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxp.dll
2016-06-15 11:42 - 2016-05-28 14:28 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-06-15 11:42 - 2016-05-28 14:28 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\FwRemoteSvr.dll
2016-06-15 11:42 - 2016-05-28 14:26 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-06-15 11:42 - 2016-05-28 14:26 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2016-06-15 11:42 - 2016-05-28 14:26 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2016-06-15 11:42 - 2016-05-28 14:25 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-06-15 11:42 - 2016-05-28 14:25 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-06-15 11:42 - 2016-05-28 14:24 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-06-15 11:42 - 2016-05-28 14:24 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Ndu.sys
2016-06-15 11:42 - 2016-05-28 14:24 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-06-15 11:42 - 2016-05-28 14:24 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-06-15 11:42 - 2016-05-28 14:24 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-06-15 11:42 - 2016-05-28 14:24 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll
2016-06-15 11:42 - 2016-05-28 14:24 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FwRemoteSvr.dll
2016-06-15 11:42 - 2016-05-28 14:23 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-06-15 11:42 - 2016-05-28 14:23 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll
2016-06-15 11:42 - 2016-05-28 14:22 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-06-15 11:42 - 2016-05-28 14:22 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-06-15 11:42 - 2016-05-28 14:22 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2016-06-15 11:42 - 2016-05-28 14:22 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2016-06-15 11:42 - 2016-05-28 14:22 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-06-15 11:42 - 2016-05-28 14:22 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptsvc.dll
2016-06-15 11:42 - 2016-05-28 14:21 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-06-15 11:42 - 2016-05-28 14:21 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrokerLib.dll
2016-06-15 11:42 - 2016-05-28 14:21 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-06-15 11:42 - 2016-05-28 14:21 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-06-15 11:42 - 2016-05-28 14:20 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-06-15 11:42 - 2016-05-28 14:20 - 00511488 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.dll
2016-06-15 11:42 - 2016-05-28 14:20 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\system32\polstore.dll
2016-06-15 11:42 - 2016-05-28 14:20 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2016-06-15 11:42 - 2016-05-28 14:20 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GnssAdapter.dll
2016-06-15 11:42 - 2016-05-28 14:20 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Privacy.dll
2016-06-15 11:42 - 2016-05-28 14:20 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll
2016-06-15 11:42 - 2016-05-28 14:19 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-06-15 11:42 - 2016-05-28 14:19 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2016-06-15 11:42 - 2016-05-28 14:19 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-06-15 11:42 - 2016-05-28 14:19 - 00355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2016-06-15 11:42 - 2016-05-28 14:19 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll
2016-06-15 11:42 - 2016-05-28 14:18 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-06-15 11:42 - 2016-05-28 14:18 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-06-15 11:42 - 2016-05-28 14:18 - 00591360 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2016-06-15 11:42 - 2016-05-28 14:18 - 00392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPSECSVC.DLL
2016-06-15 11:42 - 2016-05-28 14:18 - 00380416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2016-06-15 11:42 - 2016-05-28 14:18 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-06-15 11:42 - 2016-05-28 14:17 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-06-15 11:42 - 2016-05-28 14:17 - 00963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2016-06-15 11:42 - 2016-05-28 14:17 - 00485888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\newdev.dll
2016-06-15 11:42 - 2016-05-28 14:17 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-06-15 11:42 - 2016-05-28 14:17 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-06-15 11:42 - 2016-05-28 14:17 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2016-06-15 11:42 - 2016-05-28 14:17 - 00173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-06-15 11:42 - 2016-05-28 14:16 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-06-15 11:42 - 2016-05-28 14:16 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-06-15 11:42 - 2016-05-28 14:16 - 00684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2016-06-15 11:42 - 2016-05-28 14:16 - 00592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2016-06-15 11:42 - 2016-05-28 14:16 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-06-15 11:42 - 2016-05-28 14:16 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2016-06-15 11:42 - 2016-05-28 14:16 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\polstore.dll
2016-06-15 11:42 - 2016-05-28 14:16 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2016-06-15 11:42 - 2016-05-28 14:15 - 00794624 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-06-15 11:42 - 2016-05-28 14:15 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2016-06-15 11:42 - 2016-05-28 14:15 - 00293888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2016-06-15 11:42 - 2016-05-28 14:15 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2016-06-15 11:42 - 2016-05-28 14:14 - 18674176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-06-15 11:42 - 2016-05-28 14:14 - 01716736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-06-15 11:42 - 2016-05-28 14:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-06-15 11:42 - 2016-05-28 14:14 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-06-15 11:42 - 2016-05-28 14:14 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-06-15 11:42 - 2016-05-28 14:14 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2016-06-15 11:42 - 2016-05-28 14:13 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-06-15 11:42 - 2016-05-28 14:13 - 00990208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-06-15 11:42 - 2016-05-28 14:13 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-06-15 11:42 - 2016-05-28 14:13 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-06-15 11:42 - 2016-05-28 14:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-06-15 11:42 - 2016-05-28 14:13 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll
2016-06-15 11:42 - 2016-05-28 14:13 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-06-15 11:42 - 2016-05-28 14:12 - 00614400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-06-15 11:42 - 2016-05-28 14:12 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2016-06-15 11:42 - 2016-05-28 14:11 - 01445888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-06-15 11:42 - 2016-05-28 14:11 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2016-06-15 11:42 - 2016-05-28 14:11 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-06-15 11:42 - 2016-05-28 14:11 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-06-15 11:42 - 2016-05-28 14:11 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2016-06-15 11:42 - 2016-05-28 14:09 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-06-15 11:42 - 2016-05-28 14:08 - 13385728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-06-15 11:42 - 2016-05-28 14:06 - 12128256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-06-15 11:42 - 2016-05-28 14:06 - 01339904 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2016-06-15 11:42 - 2016-05-28 14:05 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-06-15 11:42 - 2016-05-28 14:05 - 03664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-06-15 11:42 - 2016-05-28 14:05 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-06-15 11:42 - 2016-05-28 14:05 - 01797120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-06-15 11:42 - 2016-05-28 14:04 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-06-15 11:42 - 2016-05-28 14:04 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-06-15 11:42 - 2016-05-28 14:03 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-06-15 11:42 - 2016-05-28 14:03 - 01185280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationFramework.dll
2016-06-15 11:42 - 2016-05-28 14:03 - 00693760 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2016-06-15 11:42 - 2016-05-28 14:03 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-06-15 11:42 - 2016-05-28 14:02 - 03590144 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-06-15 11:42 - 2016-05-28 14:02 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-06-15 11:42 - 2016-05-28 14:02 - 01534464 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2016-06-15 11:42 - 2016-05-28 14:02 - 00103424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-06-15 11:42 - 2016-05-28 14:01 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-06-15 11:42 - 2016-05-28 14:01 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-06-15 11:42 - 2016-05-28 14:01 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-06-15 11:42 - 2016-05-28 14:01 - 00111104 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-06-15 11:42 - 2016-05-28 14:00 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-06-15 11:42 - 2016-05-28 14:00 - 03585536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-06-15 11:42 - 2016-05-28 14:00 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-06-15 11:42 - 2016-05-28 14:00 - 02230272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-06-15 11:42 - 2016-05-28 14:00 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-06-15 11:42 - 2016-05-28 14:00 - 01730560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-06-15 11:42 - 2016-05-28 14:00 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-06-15 11:42 - 2016-05-28 14:00 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-06-15 11:42 - 2016-05-28 14:00 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-06-15 11:42 - 2016-05-28 13:59 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-06-15 11:42 - 2016-05-28 13:58 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-06-15 11:42 - 2016-05-28 13:58 - 04896256 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-06-15 11:42 - 2016-05-28 13:58 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-06-15 11:42 - 2016-05-28 13:58 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-06-15 11:42 - 2016-05-28 13:57 - 02281472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-06-15 11:42 - 2016-05-28 13:55 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-06-15 11:42 - 2016-05-28 13:53 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2016-06-14 18:06 - 2016-06-14 18:06 - 00001118 _____ C:\Users\Jacob\Desktop\iViewRipper.lnk
2016-06-14 18:06 - 2016-06-14 18:06 - 00000000 ____D C:\Users\Jacob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iViewRipper
2016-06-14 18:06 - 2016-06-14 18:06 - 00000000 ____D C:\Users\Jacob\AppData\Roaming\iViewRipper
2016-06-14 18:06 - 2016-06-14 18:06 - 00000000 ____D C:\Program Files (x86)\iViewRipper
2016-06-14 18:05 - 2016-06-14 18:06 - 04675269 _____ C:\Users\Jacob\Downloads\iViewRipper_Setup_13NOV2015.exe
2016-06-14 11:54 - 2016-06-14 11:54 - 01008990 _____ C:\Users\Jacob\Documents\FBT Declaration_2016-2017.pdf
2016-06-14 11:35 - 2016-06-14 11:52 - 00000000 ____D C:\Users\Jacob\AppData\Roaming\Foxit Software
2016-06-14 11:35 - 2016-06-14 11:35 - 00000000 ____D C:\Users\Public\Foxit Software
2016-06-14 11:34 - 2016-06-14 11:34 - 00001430 _____ C:\Users\Public\Desktop\Foxit Reader.lnk
2016-06-14 11:34 - 2016-06-14 11:34 - 00000000 ____D C:\Users\Jacob\AppData\Roaming\Foxit AgentInformation
2016-06-14 11:34 - 2016-06-14 11:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2016-06-14 11:34 - 2016-06-14 11:34 - 00000000 ____D C:\ProgramData\Foxit ContentPlatform
2016-06-14 11:34 - 2016-06-14 11:34 - 00000000 ____D C:\Program Files (x86)\Foxit Software
2016-06-14 11:33 - 2016-06-14 11:33 - 43155584 _____ (Foxit Software Inc. ) C:\Users\Jacob\Downloads\FoxitReader734_enu_Setup_Prom.exe
2016-06-14 11:31 - 2016-06-14 11:31 - 00000000 ____D C:\ProgramData\Brother
2016-06-14 11:00 - 2016-06-14 11:00 - 00660122 _____ C:\Users\Jacob\Downloads\FBT Declaration_2016-2017.pdf
2016-06-12 11:21 - 2016-06-12 11:21 - 00000000 ____D C:\Users\Jacob\AppData\Roaming\MPC-HC
2016-06-12 11:15 - 2016-06-12 11:15 - 00001747 _____ C:\Users\Public\Desktop\MPC-HC x64.lnk
2016-06-12 11:15 - 2016-06-12 11:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64
2016-06-12 11:15 - 2016-06-12 11:15 - 00000000 ____D C:\Program Files\MPC-HC
2016-06-12 11:13 - 2016-06-12 11:14 - 13395440 _____ (MPC-HC Team ) C:\Users\Jacob\Downloads\MPC-HC.1.7.10.x64.exe
2016-06-10 13:46 - 2016-06-16 03:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-06-10 11:47 - 2016-06-10 12:00 - 00000000 ____D C:\Users\Jacob\AppData\Roaming\Slic3r
2016-06-10 11:12 - 2016-06-10 11:14 - 17928050 _____ C:\Users\Jacob\Downloads\slic3r-mswin-x64-1-2-9a-stable.zip
2016-06-10 00:18 - 2016-06-10 00:18 - 00000000 ____D C:\Users\Jacob\AppData\Roaming\NVIDIA
2016-06-09 23:35 - 2016-06-20 23:15 - 00000000 ____D C:\Users\Jacob\AppData\Local\TempSWBackupDirectory
2016-06-09 23:32 - 2016-06-09 23:32 - 00000000 ____D C:\Users\Jacob\AppData\Local\SolidWorks
2016-06-09 23:12 - 2016-06-09 23:12 - 00000000 ____D C:\ProgramData\Simpoe
2016-06-09 23:11 - 2016-06-09 23:11 - 00000000 ____D C:\Users\Jacob\Documents\SolidWorksComposer
2016-06-09 23:10 - 2016-06-09 23:10 - 00000000 ____D C:\Program Files (x86)\SolidWorks Corp
2016-06-09 23:06 - 2016-06-09 23:06 - 00000000 ____D C:\Users\Jacob\AppData\Roaming\help_images_otherUI
2016-06-09 23:06 - 2016-06-09 23:06 - 00000000 _____ C:\WINDOWS\eDrawingOfficeAutomator.INI
2016-06-09 23:04 - 2016-06-09 23:04 - 00000000 ____D C:\Users\Jacob\AppData\Roaming\DassaultSystemes
2016-06-09 23:04 - 2016-06-09 23:04 - 00000000 ____D C:\Users\Jacob\AppData\Local\DassaultSystemes
2016-06-09 23:04 - 2016-06-09 23:04 - 00000000 ____D C:\ProgramData\DassaultSystemes
2016-06-09 22:55 - 2016-06-09 23:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SolidWorks 2014
2016-06-09 22:55 - 2016-06-09 22:55 - 00002743 _____ C:\Users\Public\Desktop\SolidWorks 2014 x64 Edition.lnk
2016-06-09 22:55 - 2016-06-09 22:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SolidWorks Tools 2014
2016-06-09 22:51 - 2016-06-09 23:12 - 00000000 ____D C:\Program Files\SolidWorks Corp
2016-06-09 22:51 - 2016-06-09 23:11 - 00000000 ____D C:\Program Files\Common Files\SolidWorks Shared
2016-06-09 22:51 - 2016-06-09 22:51 - 00000000 ____D C:\ProgramData\SolidWorks
2016-06-09 22:51 - 2016-06-09 22:51 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared
2016-06-09 22:50 - 2016-06-09 22:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2005
2016-06-09 22:50 - 2016-06-09 22:50 - 00000000 ____D C:\ProgramData\Apple
2016-06-09 22:50 - 2016-06-09 22:50 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 8
2016-06-09 22:50 - 2016-06-09 22:50 - 00000000 ____D C:\Program Files\Bonjour
2016-06-09 22:50 - 2016-06-09 22:50 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-06-09 22:49 - 2016-06-09 22:49 - 00000000 ____D C:\Program Files (x86)\MSECache
2016-06-09 22:48 - 2016-06-09 22:56 - 00000000 ____D C:\SolidWorks Data
2016-06-09 22:48 - 2016-06-09 22:48 - 00000000 ____D C:\ProgramData\FLEXnet
2016-06-09 22:47 - 2016-06-09 22:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SolidWorks Installation Manager
2016-06-09 22:46 - 2016-06-09 23:32 - 00000000 ____D C:\Users\Jacob\AppData\Roaming\SolidWorks
2016-06-09 22:46 - 2016-06-09 22:48 - 00000000 ____D C:\WINDOWS\SolidWorks
2016-06-09 22:46 - 2016-06-09 22:48 - 00000000 ____D C:\Users\Jacob\Documents\SolidWorks Downloads
2016-06-09 18:18 - 2016-06-09 18:18 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-06-09 18:18 - 2016-05-04 12:23 - 00129824 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2016-06-09 18:18 - 2016-05-04 12:22 - 00130848 _____ C:\WINDOWS\system32\vulkan-1.dll
2016-06-09 18:18 - 2016-05-04 12:22 - 00045344 _____ C:\WINDOWS\system32\vulkaninfo.exe
2016-06-09 18:18 - 2016-05-04 12:22 - 00040224 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2016-06-09 18:16 - 2016-06-03 17:22 - 39977920 _____ C:\WINDOWS\system32\nvcompiler.dll
2016-06-09 18:16 - 2016-06-03 17:22 - 35115968 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2016-06-09 18:16 - 2016-06-03 17:22 - 31641656 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2016-06-09 18:16 - 2016-06-03 17:22 - 25404864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2016-06-09 18:16 - 2016-06-03 17:22 - 21812056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2016-06-09 18:16 - 2016-06-03 17:22 - 21355464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2016-06-09 18:16 - 2016-06-03 17:22 - 20375488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2016-06-09 18:16 - 2016-06-03 17:22 - 18151128 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2016-06-09 18:16 - 2016-06-03 17:22 - 17746664 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2016-06-09 18:16 - 2016-06-03 17:22 - 17729184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2016-06-09 18:16 - 2016-06-03 17:22 - 17432544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2016-06-09 18:16 - 2016-06-03 17:22 - 14462536 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2016-06-09 18:16 - 2016-06-03 17:22 - 10643240 _____ C:\WINDOWS\system32\nvptxJitCompiler.dll
2016-06-09 18:16 - 2016-06-03 17:22 - 08733792 _____ C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2016-06-09 18:16 - 2016-06-03 17:22 - 02844608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2016-06-09 18:16 - 2016-06-03 17:22 - 02470336 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2016-06-09 18:16 - 2016-06-03 17:22 - 01920960 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6436839.dll
2016-06-09 18:16 - 2016-06-03 17:22 - 01571776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6436839.dll
2016-06-09 18:16 - 2016-06-03 17:22 - 00983488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2016-06-09 18:16 - 2016-06-03 17:22 - 00910392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2016-06-09 18:16 - 2016-06-03 17:22 - 00787384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2016-06-09 18:16 - 2016-06-03 17:22 - 00769984 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2016-06-09 18:16 - 2016-06-03 17:22 - 00707520 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2016-06-09 18:16 - 2016-06-03 17:22 - 00669952 _____ C:\WINDOWS\system32\nvfatbinaryLoader.dll
2016-06-09 18:16 - 2016-06-03 17:22 - 00632848 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2016-06-09 18:16 - 2016-06-03 17:22 - 00565208 _____ C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2016-06-09 18:16 - 2016-06-03 17:22 - 00425016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2016-06-09 18:16 - 2016-06-03 17:22 - 00379808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2016-06-09 18:16 - 2016-06-03 17:22 - 00379448 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2016-06-09 18:16 - 2016-06-03 17:22 - 00316632 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2016-06-09 18:16 - 2016-06-03 17:22 - 00177952 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2016-06-09 18:16 - 2016-06-03 17:22 - 00155768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2016-06-09 15:14 - 2016-06-09 15:15 - 00000000 ____D C:\Users\Jacob\Downloads\WinDirStatPortable
2016-06-09 15:14 - 2016-06-09 15:14 - 00970568 _____ (PortableApps.com) C:\Users\Jacob\Downloads\WinDirStatPortable_1.1.2.80_Rev_3.paf.exe
2016-06-09 12:21 - 2016-06-09 12:21 - 00000600 _____ C:\Users\Jacob\AppData\Roaming\winscp.rnd
2016-06-09 11:19 - 2016-06-09 11:19 - 00001116 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk
2016-06-09 11:19 - 2016-06-09 11:19 - 00001054 _____ C:\Users\Public\Desktop\WinSCP.lnk
2016-06-09 11:19 - 2016-06-09 11:19 - 00000000 ____D C:\Program Files (x86)\WinSCP
2016-06-09 11:15 - 2016-06-09 11:15 - 05915464 _____ (Martin Prikryl ) C:\Users\Jacob\Downloads\winscp577setup.exe
2016-06-09 11:11 - 2016-06-09 11:11 - 00531368 _____ (Simon Tatham) C:\Users\Jacob\Downloads\putty.exe
2016-06-08 20:24 - 2016-06-08 20:24 - 00002495 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-06-08 20:24 - 2016-06-08 20:24 - 00002494 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2016-06-08 20:24 - 2016-06-08 20:24 - 00002458 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2016-06-08 20:24 - 2016-06-08 20:24 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2016-06-08 20:24 - 2016-06-08 20:24 - 00002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2016-06-08 20:24 - 2016-06-08 20:24 - 00002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2016-06-08 20:24 - 2016-06-08 20:24 - 00002437 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-06-08 20:24 - 2016-06-08 20:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2016-06-08 20:06 - 2016-06-08 20:06 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-06-08 20:05 - 2016-06-08 20:05 - 03479752 _____ (Microsoft Corporation) C:\Users\Jacob\Downloads\Setup.X86.en-US_O365HomePremRetail_0331860b-1af4-4ea0-93d6-d70331e93a05_TX_SG_.exe
2016-06-08 19:36 - 2016-06-08 19:37 - 00001280 _____ C:\Users\Jacob\Desktop\cmd.lnk
2016-06-08 15:45 - 2016-06-08 15:45 - 00000000 ____D C:\Users\Jacob\New folder
2016-06-08 15:36 - 2016-06-08 15:36 - 00001218 _____ C:\Users\Jacob\Desktop\DiskInternals Research.lnk
2016-06-08 15:36 - 2016-06-08 15:36 - 00000000 ____D C:\Users\Jacob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DiskInternals
2016-06-08 15:35 - 2016-06-08 15:35 - 00000000 ____D C:\Program Files (x86)\DiskInternals
2016-06-08 15:33 - 2016-06-08 15:35 - 21402985 _____ (DiskInternals Research) C:\Users\Jacob\Downloads\Linux_Reader.exe
2016-06-08 14:12 - 2016-07-04 17:37 - 978780462 _____ C:\WINDOWS\MEMORY.DMP
2016-06-08 14:12 - 2016-07-04 17:37 - 00000000 ____D C:\WINDOWS\Minidump
2016-06-08 14:12 - 2016-06-08 14:12 - 00378868 _____ C:\WINDOWS\Minidump\060816-31453-01.dmp
2016-06-08 12:58 - 2016-06-08 12:59 - 18768896 _____ C:\Users\Jacob\Downloads\CASIO USB Driver V1.6.2.0.msi
2016-06-08 12:33 - 2016-06-08 12:35 - 15648768 _____ C:\Users\Jacob\Downloads\UniversalAdbDriverSetup.msi
2016-06-08 12:32 - 2016-06-08 12:32 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2016-06-08 12:30 - 2016-06-08 12:30 - 00000000 ____D C:\Users\Jacob\.android
2016-06-06 18:20 - 2016-06-06 18:20 - 04177016 _____ (CSIS Security Group) C:\Users\Jacob\Downloads\HeimdalSetup.exe
2016-06-06 18:20 - 2016-06-06 18:20 - 00000000 ____D C:\ProgramData\CSIS
2016-06-06 18:06 - 2016-06-06 18:08 - 24125512 _____ C:\Users\Jacob\Downloads\RogueKillerX64.exe
2016-06-06 18:02 - 2016-06-06 18:05 - 19868744 _____ C:\Users\Jacob\Downloads\RogueKiller(1).exe
2016-06-06 17:54 - 2016-06-06 17:55 - 05659224 _____ (Swearware) C:\Users\Jacob\Downloads\ComboFix.exe
2016-06-05 15:35 - 2016-06-05 15:35 - 00000000 ____D C:\Program Files\Common Files\Intel
2016-06-05 15:35 - 2016-06-05 15:35 - 00000000 ____D C:\Program Files (x86)\Cisco
2016-06-05 15:04 - 2016-07-01 20:29 - 00000716 _____ C:\Users\Public\Desktop\Intel(R) HD Graphics Control Panel.lnk
2016-06-05 15:04 - 2016-06-05 15:04 - 00000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2016-06-05 14:56 - 2016-06-05 14:56 - 00000000 ____D C:\ProgramData\IntelDLM
2016-06-05 14:51 - 2016-07-01 20:20 - 00000000 ____D C:\Users\Jacob\Downloads\Intel Components
2016-06-05 14:50 - 2016-06-05 14:50 - 00000000 ____D C:\Users\Jacob\AppData\Local\Intel
2016-06-05 14:49 - 2016-07-01 20:30 - 00000000 ____D C:\WINDOWS\System32\Tasks\Intel
2016-06-05 14:49 - 2016-06-05 14:53 - 00002170 _____ C:\WINDOWS\System32\Tasks\USER_ESRV_SVC_WILLAMETTE
2016-06-05 14:49 - 2016-06-05 14:49 - 06525488 _____ (Intel) C:\Users\Jacob\Downloads\Intel Driver Update Utility Installer.exe
2016-06-05 14:49 - 2016-06-05 14:49 - 00001241 _____ C:\Users\Public\Desktop\Intel(R) Driver Update Utility 2.5.lnk
2016-06-05 14:49 - 2016-06-05 14:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility
2016-06-05 14:49 - 2016-06-05 14:49 - 00000000 ____D C:\Program Files (x86)\Intel Driver Update Utility
2016-06-05 14:49 - 2016-03-09 20:43 - 00021984 _____ C:\WINDOWS\system32\Drivers\semav6msr64.sys
2016-06-05 14:28 - 2016-07-04 14:47 - 00000000 ____D C:\Users\Jacob\AppData\Local\CrashDumps
2016-06-05 13:55 - 2016-06-05 13:55 - 00000903 _____ C:\Users\Jacob\Desktop\JRT.txt
2016-06-05 13:38 - 2016-06-06 18:08 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-06-05 13:37 - 2016-06-05 13:53 - 00000000 ____D C:\ProgramData\RogueKiller
2016-06-05 13:30 - 2016-06-05 13:32 - 00000000 ____D C:\AdwCleaner
2016-06-05 13:29 - 2016-06-06 17:56 - 19868744 _____ C:\Users\Jacob\Downloads\RogueKiller.exe
2016-06-05 13:29 - 2016-06-05 13:29 - 03677248 _____ C:\Users\Jacob\Downloads\AdwCleaner.exe
2016-06-05 13:29 - 2016-06-05 13:29 - 01610816 _____ (Malwarebytes) C:\Users\Jacob\Downloads\JRT.exe
2016-06-05 13:28 - 2016-06-05 13:28 - 00388608 _____ (Trend Micro Inc.) C:\Users\Jacob\Downloads\HijackThis.exe
2016-06-05 12:22 - 2016-06-05 12:22 - 00000000 ____D C:\Users\Jacob\Documents\ProcAlyzer Dumps
2016-06-05 12:09 - 2016-06-05 12:09 - 00003292 _____ C:\WINDOWS\System32\Tasks\{10DF89F9-96D3-4335-A085-74D59C6064D6}
2016-06-05 11:50 - 2015-07-10 21:02 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20160605-115035.backup
2016-06-05 11:08 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2016-06-05 11:03 - 2016-06-05 11:46 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-06-05 11:03 - 2016-06-05 11:13 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-06-05 11:03 - 2016-06-05 11:03 - 00001466 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-06-05 11:03 - 2016-06-05 11:03 - 00001454 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2016-06-05 11:03 - 2016-06-05 11:03 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2016-06-05 11:03 - 2016-06-05 11:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-06-05 11:03 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2016-06-05 10:59 - 2016-06-05 11:00 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Jacob\Downloads\spybot-2.4.exe
2016-06-05 09:57 - 2016-06-05 09:57 - 00000000 _____ C:\autoexec.bat
2016-06-05 09:47 - 2016-06-05 09:47 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\Jacob\Downloads\sh-remover.exe
2016-06-05 00:15 - 2016-06-06 22:21 - 00000000 ____D C:\Users\Jacob\AppData\Roaming\CDisplayEx
2016-06-05 00:13 - 2016-07-04 16:32 - 00000000 ____D C:\Users\Jacob\Downloads\Ant Videos
2016-06-05 00:13 - 2016-06-05 00:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDisplayEx
2016-06-05 00:13 - 2016-06-05 00:13 - 00000000 ____D C:\Program Files\CDisplayEx
2016-06-05 00:12 - 2016-06-05 09:16 - 00000000 ____D C:\Users\Jacob\AppData\Local\bvyvbvyb
2016-06-04 21:42 - 2016-06-04 21:42 - 00001004 _____ C:\Users\Jacob\Desktop\WinWget.lnk
2016-06-04 21:42 - 2016-06-04 21:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinWget
2016-06-04 21:42 - 2016-06-04 21:42 - 00000000 ____D C:\Program Files (x86)\WinWget
2016-06-04 21:25 - 2016-06-04 21:25 - 00000000 ____D C:\Users\Jacob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
2016-06-04 21:25 - 2016-06-04 21:25 - 00000000 ____D C:\Users\Jacob\AppData\Local\FluxSoftware
2016-06-04 21:08 - 2016-06-04 21:08 - 00000000 ____D C:\Users\Jacob\AppData\Roaming\WinRAR
2016-06-04 21:07 - 2016-06-04 21:07 - 00000000 ____D C:\Users\Jacob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-06-04 21:07 - 2016-06-04 21:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-06-04 21:07 - 2016-06-04 21:07 - 00000000 ____D C:\Program Files\WinRAR
2016-06-04 18:45 - 2016-06-04 18:45 - 00001078 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Arduino.lnk
2016-06-04 18:45 - 2016-06-04 18:45 - 00001066 _____ C:\Users\Public\Desktop\Arduino.lnk
2016-06-04 18:43 - 2016-06-04 18:44 - 00000000 ____D C:\Program Files (x86)\Arduino
2016-06-04 18:34 - 2016-06-05 21:12 - 00000000 ____D C:\Users\Jacob\Downloads\vwget-2.5a2-wget-1.11.4-bin
2016-06-04 18:34 - 2016-06-04 18:40 - 00000000 ____D C:\Users\Jacob\AppData\Local\Mozilla
2016-06-04 18:34 - 2016-06-04 18:34 - 00000000 ____D C:\Users\Jacob\AppData\Roaming\Mozilla
2016-06-04 18:33 - 2016-06-16 03:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-06-04 18:33 - 2016-06-04 18:33 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-06-04 18:33 - 2016-06-04 18:33 - 00001222 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-04 18:04 - 2016-06-02 15:59 - 00000938 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-07-04 17:48 - 2016-06-02 15:39 - 00000165 _____ C:\Users\Jacob\AppData\Roaming\sp_data.sys
2016-07-04 17:46 - 2016-06-02 16:01 - 00000000 ___RD C:\Users\Jacob\Dropbox
2016-07-04 17:46 - 2016-06-02 15:39 - 00000000 ____D C:\Users\Jacob\AppData\Roaming\WebStorage
2016-07-04 17:40 - 2016-06-02 22:38 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-07-04 17:40 - 2016-06-02 15:39 - 00000000 __SHD C:\Users\Jacob\IntelGraphicsProfiles
2016-07-04 17:39 - 2016-06-02 22:42 - 00000000 ____D C:\Users\Jacob
2016-07-04 17:39 - 2016-06-02 15:59 - 00000934 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-07-04 17:38 - 2016-04-27 16:32 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-07-04 12:00 - 2015-11-29 17:32 - 00003540 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
2016-07-04 08:49 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-07-03 05:23 - 2015-10-30 17:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-07-02 17:20 - 2016-06-02 22:39 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-07-01 22:32 - 2015-10-30 16:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-07-01 20:31 - 2015-11-29 17:19 - 00018826 _____ C:\WINDOWS\system32\results.xml
2016-07-01 20:30 - 2016-06-02 22:38 - 00000000 ____D C:\Program Files\Intel
2016-07-01 20:29 - 2016-06-02 22:38 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2016-07-01 20:29 - 2015-11-29 17:18 - 00000728 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel(R) HD Graphics Control Panel.lnk
2016-07-01 20:29 - 2015-10-30 17:21 - 00000000 ____D C:\WINDOWS\INF
2016-07-01 20:16 - 2015-11-29 17:36 - 00000000 ____D C:\ProgramData\McAfee
2016-07-01 20:13 - 2015-10-30 17:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-07-01 20:13 - 2015-10-30 16:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-07-01 20:12 - 2015-07-10 19:05 - 00000000 ____D C:\Users\Default.migrated
2016-06-29 12:50 - 2015-08-18 22:36 - 00883432 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-06-25 07:22 - 2015-08-18 22:47 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-06-22 22:47 - 2016-06-02 15:39 - 00000000 ____D C:\Users\Jacob\AppData\Local\Packages
2016-06-22 22:14 - 2015-11-29 17:12 - 00000000 ____D C:\ProgramData\Package Cache
2016-06-22 18:37 - 2015-10-30 17:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-06-22 18:35 - 2015-08-18 22:47 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-06-22 18:16 - 2016-06-02 15:43 - 00000000 ___RD C:\Users\Jacob\OneDrive
2016-06-21 17:34 - 2016-06-02 16:36 - 00000000 ____D C:\Users\Jacob\AppData\Roaming\VMware
2016-06-21 17:30 - 2016-06-03 13:26 - 00000000 ____D C:\Users\Jacob\AppData\Local\VMware
2016-06-18 17:39 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\rescache
2016-06-17 08:16 - 2015-10-30 17:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-06-17 00:23 - 2015-09-10 17:42 - 00384496 _____ C:\WINDOWS\system32\igfxTray.exe
2016-06-17 00:23 - 2015-09-10 17:42 - 00356336 _____ (Intel Corporation) C:\WINDOWS\system32\igfxCUIService.exe
2016-06-17 00:23 - 2015-09-10 17:42 - 00337392 _____ (Intel Corporation) C:\WINDOWS\system32\igfxEM.exe
2016-06-17 00:23 - 2015-09-10 17:42 - 00284144 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\IntelCpHeciSvc.exe
2016-06-17 00:23 - 2015-09-10 17:42 - 00251376 _____ (Intel Corporation) C:\WINDOWS\system32\igfxHK.exe
2016-06-17 00:16 - 2016-06-02 22:38 - 00103960 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2016-06-17 00:16 - 2016-06-02 22:38 - 00099864 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2016-06-17 00:16 - 2015-09-10 17:42 - 38901264 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdumdim32.dll
2016-06-17 00:16 - 2015-09-10 17:42 - 33476304 _____ (Intel Corporation) C:\WINDOWS\system32\igd11dxva64.dll
2016-06-17 00:16 - 2015-09-10 17:42 - 15487920 _____ (Intel Corporation) C:\WINDOWS\system32\igc64.dll
2016-06-17 00:16 - 2015-09-10 17:42 - 14576720 _____ (Intel Corporation) C:\WINDOWS\system32\igd10iumd64.dll
2016-06-17 00:16 - 2015-09-10 17:42 - 13482608 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igc32.dll
2016-06-17 00:16 - 2015-09-10 17:42 - 07940608 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\igdkmd64.sys
2016-06-17 00:16 - 2015-09-10 17:42 - 02062872 _____ (Intel Corporation) C:\WINDOWS\system32\igfxLHM.dll
2016-06-17 00:16 - 2015-09-10 17:42 - 00757272 _____ (Intel Corporation) C:\WINDOWS\system32\igfxDH.dll
2016-06-17 00:16 - 2015-09-10 17:42 - 00394776 _____ (Intel Corporation) C:\WINDOWS\system32\igfxDI.dll
2016-06-16 07:53 - 2016-04-27 16:39 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-06-16 03:35 - 2016-04-27 16:29 - 00369432 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-06-16 03:31 - 2015-10-30 17:24 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2016-06-16 03:31 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-06-16 03:31 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-06-15 17:34 - 2016-06-02 17:06 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-06-15 17:30 - 2016-06-02 18:02 - 142482544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-06-15 06:01 - 2016-06-02 15:43 - 00112216 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2016-06-15 06:01 - 2015-11-29 17:21 - 01767944 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2016-06-15 06:01 - 2015-11-29 17:21 - 01756424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2016-06-15 06:01 - 2015-11-29 17:21 - 01377800 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2016-06-15 06:01 - 2015-11-29 17:21 - 01316184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2016-06-15 04:33 - 2015-10-30 17:26 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-06-15 04:33 - 2015-10-30 17:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-09 22:50 - 2015-10-30 17:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-06-09 18:21 - 2015-11-29 17:21 - 00000000 ____D C:\ProgramData\NVIDIA
2016-06-08 12:21 - 2015-11-29 17:32 - 00003976 _____ C:\WINDOWS\System32\Tasks\Update Checker
2016-06-08 12:21 - 2015-08-18 22:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2016-06-08 12:21 - 2015-08-18 22:46 - 00000000 ____D C:\Program Files (x86)\ASUS
2016-06-05 23:13 - 2016-04-27 16:20 - 00000000 ____D C:\Program Files\Windows Journal
2016-06-05 23:13 - 2016-04-27 16:06 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2016-06-05 23:13 - 2016-04-27 16:06 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2016-06-05 23:13 - 2016-04-27 16:06 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2016-06-05 23:13 - 2016-04-27 16:06 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2016-06-05 23:13 - 2016-04-27 16:06 - 00000000 ____D C:\WINDOWS\system32\winrm
2016-06-05 23:13 - 2016-04-27 16:06 - 00000000 ____D C:\WINDOWS\system32\WCN
2016-06-05 23:13 - 2016-04-27 16:06 - 00000000 ____D C:\WINDOWS\system32\slmgr
2016-06-05 23:13 - 2016-04-27 16:06 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2016-06-05 23:13 - 2015-10-30 17:24 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2016-06-05 23:13 - 2015-10-30 17:24 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2016-06-05 23:13 - 2015-10-30 17:24 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-06-05 23:13 - 2015-10-30 17:24 - 00000000 ___SD C:\WINDOWS\system32\dsc
2016-06-05 23:13 - 2015-10-30 17:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-06-05 23:13 - 2015-10-30 17:24 - 00000000 ___RD C:\WINDOWS\MiracastView
2016-06-05 23:13 - 2015-10-30 17:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-06-05 23:13 - 2015-10-30 17:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2016-06-05 23:13 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2016-06-05 23:13 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2016-06-05 23:13 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Com
2016-06-05 23:13 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-06-05 23:13 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\system32\MUI
2016-06-05 23:13 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-06-05 23:13 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\system32\Com
2016-06-05 23:13 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-06-05 23:13 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\IME
2016-06-05 23:13 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\Help
2016-06-05 23:13 - 2015-10-30 17:24 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-06-05 23:13 - 2015-10-30 17:24 - 00000000 ____D C:\Program Files\Windows Defender
2016-06-05 23:13 - 2015-10-30 17:24 - 00000000 ____D C:\Program Files\Common Files\System
2016-06-05 23:13 - 2015-10-30 17:24 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-06-05 23:13 - 2015-10-30 17:24 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-06-05 23:13 - 2015-10-30 16:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-06-05 23:13 - 2015-10-30 16:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-06-05 23:13 - 2015-10-30 16:28 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-06-05 23:13 - 2015-10-30 16:28 - 00000000 ____D C:\WINDOWS\servicing
2016-06-05 15:36 - 2015-11-29 17:14 - 00000000 ____D C:\ProgramData\Intel
2016-06-05 15:35 - 2016-06-02 22:38 - 00000000 ____D C:\Program Files (x86)\Intel
2016-06-05 13:57 - 2016-06-02 15:39 - 00000000 ____D C:\Users\Jacob\AppData\Local\VirtualStore
2016-06-04 10:51 - 2016-06-02 15:57 - 13553096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys

==================== Files in the root of some directories =======

2016-06-02 15:39 - 2016-07-04 17:48 - 0000165 _____ () C:\Users\Jacob\AppData\Roaming\sp_data.sys
2016-06-09 12:21 - 2016-06-09 12:21 - 0000600 _____ () C:\Users\Jacob\AppData\Roaming\winscp.rnd
2016-06-28 16:56 - 2016-06-28 17:25 - 0000600 _____ () C:\Users\Jacob\AppData\Local\PUTTY.RND
2016-06-02 22:39 - 2016-06-02 22:39 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Jacob\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Jacob\AppData\Local\Temp\libeay32.dll
C:\Users\Jacob\AppData\Local\Temp\msvcr120.dll
C:\Users\Jacob\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-06-26 17:27

==================== End of FRST.txt ============================

askjacob
Active Member

Posts: 3
Joined: July 4th, 2016, 7:12 pm
You do not have the required permissions to view the files attached to this post.
askjacob
Active Member
 
Posts: 12
Joined: July 4th, 2016, 4:12 am
Advertisement
Register to Remove

Re: Defender found malware, defender now won't run

Unread postby capnkrunch » July 5th, 2016, 1:19 pm

Warning!
The steps presented in these posts are for this person and machine ONLY. Do not apply these steps to your own system, without the guidance of a trained malware removal helper. Doing so, may possibly damage your system, preventing it from starting.

Hello askjacob and welcome to the Malware Removal Forums :)

My name is capnkrunch and I will be helping you with your malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  • The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  • You must have Administrator rights, permissions for this computer.
  • DO NOT run any other fix or removal tools unless instructed to do so.
  • DO NOT install any other software (or hardware) during the cleaning process.
  • Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  • Print each set of instructions, if possible. Your Internet connection will not be available during some fix processes.
  • Only reply to this thread, do not start another ... Please, continue responding, until I give you the "All Clean".
    Remember, absence of symptoms does mean the infection is all gone.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Failure to respond for 3 days, will result in your topic being closed.

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care, not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


For your safety and protection, I would advise backing up all your important documents, personal data files and photos to a CD or DVD drive as some infections may render your computer unbootable during or before the disinfection process. The safest practice is not to backup any files with the following file extensions:
exe, .scr, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.

User avatar
capnkrunch
MRU Master
MRU Master
 
Posts: 793
Joined: March 20th, 2015, 6:41 pm
Location: Chicago

Re: Defender found malware, defender now won't run

Unread postby capnkrunch » July 5th, 2016, 1:21 pm

I see that you ran CKScanner earlier. For what reason did you run it? Also please post the log it produced:
C:\Users\Jacob\Downloads\ckfiles.txt


Second, is this computer used for business purposes, including home or small business?

Regards,
capnkrunch
User avatar
capnkrunch
MRU Master
MRU Master
 
Posts: 793
Joined: March 20th, 2015, 6:41 pm
Location: Chicago

Re: Defender found malware, defender now won't run

Unread postby askjacob » July 5th, 2016, 8:43 pm

Hi Capnkrunch,

1st, thanks for taking the time to help out. much appreciated. I also understand that having someone fiddle prior makes things worse - sorry.

I ran CKScanner about a month ago when I was dealing with a trovi browser rediect problem. I am obviously over my head as I doubt I got the system anywhere near clean back then.

My laptop is a home machine, also being recently retrenched I am not currently employed. is there software that is of concern? I am licenced for vmware - but the version I have is not happy with Win 10 and once this fiasco is sorted it is going to be either upgraded or an alternative package found, and i was using a the 30 day trial of solidworks which expired weeks ago and now only acts as a viewer. I am on the fence on buying it, I get along great with the interface, but the cost is - well, I hope they go to a by the month subscription like adobe. Until then I'm likely to have to stick to open source with their oddball UIs...

If there is anything of concern let me know, this is a new machine and I have been setting this up and being well behaved, including finding my old steam account with lots of indie bundles I bought but never claimed :) (it even made me go an buy a few more)

Sorry about the rant, it's just great to have someone reply.


NOTE: just checking the ckfiles.txt and it is dated 4/7/2016 - so the same date that I ran farbar scan tool!?! I promise you, as per the "read before submitting" I did nothing other than run that scan. I have done no other scans nor installed or uninstalled anything since before that date. So why the date is the same is beyond me. Copied below is the single entry inside:

-----------------

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\asus\atk package\atk hotkey\atkmsgctrl.exe
scanner sequence 3.NA.11.GSAPXZ
----- EOF -----


Regards
Jacob
askjacob
Active Member
 
Posts: 12
Joined: July 4th, 2016, 4:12 am

Re: Defender found malware, defender now won't run

Unread postby capnkrunch » July 6th, 2016, 6:27 pm

Hello Jacob :)

1st, thanks for taking the time to help out. much appreciated.

You're welcome.

is there software that is of concern?

Nope. It all looks OK.

For VMs I like VirtualBox. But like I said in my first post don't install anything I don't tell you to; especially VMs since they hook very deep into the OS.

Alright, first things first we need to get you an antivirus. Since Defender is not working, please download and install Avast Free. We will look closer at Defender later but it is too dangerous to be on the internet without an antivirus in the meantime.

Step one...

Install Avast Free Antivirus
  • Please download Avast Free Antivirus.
  • Double-click avast_free_antivirus_setup_offline.exe to start the installer.
  • Click Install.
  • Reboot your computer when finished.

Step two...

Create a Backup With Tweaking.com Registry Backup (TCRB)
There is also a tutorial with pictures available HERE.
  • Download TCRB from HERE and save it to your Desktop.
  • Double-click on tweaking.com_registry_backup_setup.exe and follow the prompts to install TCRB.
  • Launch TCRB.
  • Click the Backup Registry tab and make sure all the boxes are checked.
  • Click on Backup Now.
  • Once the backup is finished you can now exit the program.

Step three...

Uninstall Programs
  • Press the Windows Key + R.
  • Enter appwiz.cpl into the text box and click OK.
  • Locate the following programs:
    Spybot - Search & Destroy
  • Press the Uninstall or Uninstall/Change button and carefully follow any prompts to uninstall the program.
    • Take care to read through any prompts completely! Some uninstallers may attempt to trick you into keeping the program.
    • Do this for every program listed.
    • Don't worry if you can't find one of the programs. Just be sure to let me know in your reply.
  • Once finished reboot your computer.

If you have problems/questions on any of the steps stop and let me know/ask. Otherwise tell me when you've completed all three steps.
User avatar
capnkrunch
MRU Master
MRU Master
 
Posts: 793
Joined: March 20th, 2015, 6:41 pm
Location: Chicago

Re: Defender found malware, defender now won't run

Unread postby askjacob » July 6th, 2016, 10:02 pm

capnkrunch wrote:
Step one...

Install Avast Free Antivirus


Done.

capnkrunch wrote:Step two...

Create a Backup With Tweaking.com Registry Backup (TCRB)


Done.


capnkrunch wrote:Uninstall Programs

Spybot - Search & Destroy


Done. SDD was keen to just make me reverse changes rather than uninstall - but I was able to get around that wording :). When it uninstalls does it back out all it's "immunisations" which I now know is just a fat hosts file? Not all apps can parse a huge hosts file efficiently...

Avast has changed a lot since I last used it a few years ago, seems it wants to wear a lot of hats now. It also installed chrome, not the end of the world. The 'smart scan' it started which did not seem very thorough on the virus front listed only "outdated software" and "performance issues" as the only items with a red x mark, I said to leave them alone for now. Everything else passed with a tick.

Just as a side note, while I was just finishing typing this I saw a green dialog flash up for an instant, and disappear. Hmm. Way too fast to see anything at all... Maybe it is related to the avast plugin, or something else...

Cheers
Jacob
askjacob
Active Member
 
Posts: 12
Joined: July 4th, 2016, 4:12 am

Re: Defender found malware, defender now won't run

Unread postby capnkrunch » July 7th, 2016, 5:43 pm

Hello Jacob :)

When it uninstalls does it back out all it's "immunisations" which I now know is just a fat hosts file?

I believe so. This FRST fix will reset the HOSTS file regardless. Spybot also adds sites to IE's restricted zone which has a similar effect just specific to IE.

The HOSTS file can be useful to blocking known malicious sites. I personally use MVPS Hosts on my computer but many of my colleagues believe there is no reason to use a blocking HOSTS file.

Avast has changed a lot since I last used it a few years ago, seems it wants to wear a lot of hats now. It also installed chrome, not the end of the world. The 'smart scan' it started which did not seem very thorough on the virus front listed only "outdated software" and "performance issues" as the only items with a red x mark, I said to leave them alone for now. Everything else passed with a tick.

Unfortunately, they seem to be recently suffering feature bloat that has rendered many otherwise serviceable products unusable. I'm not terribly surprised by the scan results, there wasn't much in your logs either.

About Chrome, I'm curious did it install actual Chrome or was it their SafeZone Browser which I believe is a Chrome based browser (don't use it by the way). The reason I ask is that I know the online installer has optional offers (sometimes Chrome, sometimes Dropbox) but when I tested the offline one it didn't include any offers.

Step one...

FRST Fix
  • You should still have FRST64.exe in your Downloads folder. If not please download it HERE.
  • Press the Windows Key + R.
  • Type notepad.exe into the text box and click OK.
  • A blank Notepad page should open.
    • Copy and Paste the following script into Notepad, Do not include the words Code: Select all.
    • (Click the Select all button next to Code: to select the entire script).
    Code: Select all
    CreateRestorePoint:
    
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-21-1000113554-1559343911-2160561676-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
    HKU\S-1-5-21-1000113554-1559343911-2160561676-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [5915776 2016-03-21] (Safer-Networking Ltd.)
    HKU\S-1-5-21-1000113554-1559343911-2160561676-1001\...\MountPoints2: {1aebcffa-2d26-11e6-9be6-185e0f1c3f17} - "F:\TL-BootStrap.exe"
    HKU\S-1-5-21-1000113554-1559343911-2160561676-1001\...\MountPoints2: {c33e669c-2d07-11e6-9be5-185e0f1c3f17} - "F:\TL-BootStrap.exe"
    BootExecute: autocheck autochk * sdnclean64.exe
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
    2016-06-05 00:12 - 2016-06-05 09:16 - 00000000 ____D C:\Users\Jacob\AppData\Local\bvyvbvyb
    2016-06-05 11:08 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
    2016-06-05 11:03 - 2016-06-05 11:46 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
    2016-06-05 11:03 - 2016-06-05 11:13 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
    2016-06-05 11:03 - 2016-06-05 11:03 - 00001466 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    2016-06-05 11:03 - 2016-06-05 11:03 - 00001454 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    2016-06-05 11:03 - 2016-06-05 11:03 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
    2016-06-05 11:03 - 2016-06-05 11:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    2016-06-05 11:03 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
    C:\Program Files\Common Files\AV\Spybot - Search and Destroy
    Task: {3527C467-B677-44B3-8BF8-0C68DEEE4593} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
    Task: {ADEAA690-A594-48E8-AD74-D0117110C6E5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
    Task: {BE5C4A16-EA43-47A9-B395-F3F90A960D5E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
    Task: {FECEF549-4C32-465A-BBC0-DED2477A0C3C} - System32\Tasks\{10DF89F9-96D3-4335-A085-74D59C6064D6} => pcalua.exe -a "C:\Program Files (x86)\Spybot - Search & Destroy 2\unins000.exe"
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
    
    Powershell: Get-MpThreatDetection
    Hosts:
    EmptyTemp:
    CMD: ipconfig /flushdns
  • Save it next to FRST64.exe as fixlist.txt.
    Important! fixlist.txt must be saved in the same directory as FRST64.exe to work.
  • Right click on FRST64.exe and select Run as administrator.
  • Press the Fix button one time only and wait.
  • When FRST finishes you will be prompted to reboot your computer. Click OK.
  • Your computer should now restart. On reboot navigate to your Desktop where you should find Fixlog.txt. Copy and paste the contents in your reply.

Step two...

AdwCleaner - Scan Only
  • Please download AdwCleaner by Xplode save it to your Desktop.
  • Close all open programs and windows so that you are at your Desktop.
  • Right click on adwcleaner.exe and click Run as administrator.
  • Click on the Scan button.
    When the scan finishes, you'll see a message in the AdwCleaner window: "Waiting for action. Please uncheck elements you want to keep."
  • Do not attempt to clean anything at this point.
  • Click on the Logfile button.
  • This will open a file, AdwCleaner[Sx].txt (where x is the number of time's it's been run). Copy and paste the contents of that logfile in your reply.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

In your next reply please include:
  • Did you have any problems with the instructions?
  • Fixlog.txt
  • AdwCleaner[Sx].txt
  • Are there any changes in computer behavior?
User avatar
capnkrunch
MRU Master
MRU Master
 
Posts: 793
Joined: March 20th, 2015, 6:41 pm
Location: Chicago

Re: Defender found malware, defender now won't run

Unread postby askjacob » July 10th, 2016, 10:18 am

Step one...

FRST Fix

[*]Your computer should now restart. On reboot navigate to your Desktop where you should find Fixlog.txt. Copy and paste the contents in your reply.[/list]

[/quote]

Done with no issues running it. Log attached:

Fix result of Farbar Recovery Scan Tool (x64) Version: 09-07-2016
Ran by Jacob (2016-07-10 23:54:32) Run:1
Running from C:\Users\Jacob\Downloads
Loaded Profiles: Jacob (Available Profiles: Jacob)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:

HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1000113554-1559343911-2160561676-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
HKU\S-1-5-21-1000113554-1559343911-2160561676-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [5915776 2016-03-21] (Safer-Networking Ltd.)
HKU\S-1-5-21-1000113554-1559343911-2160561676-1001\...\MountPoints2: {1aebcffa-2d26-11e6-9be6-185e0f1c3f17} - "F:\TL-BootStrap.exe"
HKU\S-1-5-21-1000113554-1559343911-2160561676-1001\...\MountPoints2: {c33e669c-2d07-11e6-9be5-185e0f1c3f17} - "F:\TL-BootStrap.exe"
BootExecute: autocheck autochk * sdnclean64.exe
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
2016-06-05 00:12 - 2016-06-05 09:16 - 00000000 ____D C:\Users\Jacob\AppData\Local\bvyvbvyb
2016-06-05 11:08 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2016-06-05 11:03 - 2016-06-05 11:46 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-06-05 11:03 - 2016-06-05 11:13 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-06-05 11:03 - 2016-06-05 11:03 - 00001466 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-06-05 11:03 - 2016-06-05 11:03 - 00001454 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2016-06-05 11:03 - 2016-06-05 11:03 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2016-06-05 11:03 - 2016-06-05 11:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-06-05 11:03 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
C:\Program Files\Common Files\AV\Spybot - Search and Destroy
Task: {3527C467-B677-44B3-8BF8-0C68DEEE4593} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {ADEAA690-A594-48E8-AD74-D0117110C6E5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {BE5C4A16-EA43-47A9-B395-F3F90A960D5E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {FECEF549-4C32-465A-BBC0-DED2477A0C3C} - System32\Tasks\{10DF89F9-96D3-4335-A085-74D59C6064D6} => pcalua.exe -a "C:\Program Files (x86)\Spybot - Search & Destroy 2\unins000.exe"
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

Powershell: Get-MpThreatDetection
Hosts:
EmptyTemp:
CMD: ipconfig /flushdns
*****************

Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SDTray => value not found.
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon => key not found.
HKU\S-1-5-21-1000113554-1559343911-2160561676-1001\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotPostWindows10UpgradeReInstall => value removed successfully
HKU\S-1-5-21-1000113554-1559343911-2160561676-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Spybot-S&D Cleaning => value not found.
"HKU\S-1-5-21-1000113554-1559343911-2160561676-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1aebcffa-2d26-11e6-9be6-185e0f1c3f17}" => key removed successfully
HKCR\CLSID\{1aebcffa-2d26-11e6-9be6-185e0f1c3f17} => key not found.
"HKU\S-1-5-21-1000113554-1559343911-2160561676-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c33e669c-2d07-11e6-9be5-185e0f1c3f17}" => key removed successfully
HKCR\CLSID\{c33e669c-2d07-11e6-9be5-185e0f1c3f17} => key not found.
hklm\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfully
SDScannerService => service not found.
SDUpdateService => service not found.
SDWSCService => service not found.
C:\Users\Jacob\AppData\Local\bvyvbvyb => moved successfully
C:\Users\Public\Desktop\Post Win10 Spybot-install.exe => moved successfully
C:\ProgramData\Spybot - Search & Destroy => moved successfully
C:\Program Files (x86)\Spybot - Search & Destroy 2 => moved successfully
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk" => not found.
"C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk" => not found.
C:\WINDOWS\System32\Tasks\Safer-Networking => moved successfully
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2" => not found.
"C:\WINDOWS\system32\sdnclean64.exe" => not found.
"C:\Program Files\Common Files\AV\Spybot - Search and Destroy" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3527C467-B677-44B3-8BF8-0C68DEEE4593} => key not found.
C:\WINDOWS\System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ADEAA690-A594-48E8-AD74-D0117110C6E5} => key not found.
C:\WINDOWS\System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Scan the system => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE5C4A16-EA43-47A9-B395-F3F90A960D5E} => key not found.
C:\WINDOWS\System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Check for updates => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FECEF549-4C32-465A-BBC0-DED2477A0C3C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FECEF549-4C32-465A-BBC0-DED2477A0C3C}" => key removed successfully
C:\WINDOWS\System32\Tasks\{10DF89F9-96D3-4335-A085-74D59C6064D6} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{10DF89F9-96D3-4335-A085-74D59C6064D6}" => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe => value not found.

========= Get-MpThreatDetection =========


========= End of Powershell: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 2235365 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 42207468 B
Java, Flash, Steam htmlcache => 96964897 B
Windows/system/drivers => 4256795 B
Edge => 87516563 B
Chrome => 9977667 B
Firefox => 383470557 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 32239904 B
NetworkService => 55979038 B
Jacob => 1473089310 B

RecycleBin => 510549881 B
EmptyTemp: => 2.5 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 23:56:56 ====
askjacob
Active Member
 
Posts: 12
Joined: July 4th, 2016, 4:12 am

Re: Defender found malware, defender now won't run

Unread postby askjacob » July 10th, 2016, 10:37 am

Step two...

[*]This will open a file, AdwCleaner[Sx].txt (where x is the number of time's it's been run). Copy and paste the contents of that logfile in your reply.[/list]

Again, completed with no problems performing the steps. I don't seem to be showing any issues with the machine directly in these logs. I do hear the machine poll the optical drive now and then, even though there is nothing there (I have never used it actually). Not sure if that is suspicious or not to be honest :)

Other than that. it is still just performing badly on boot. If I look in event viewer it looks rather messy regarding failed events but these days I don't know what is what in there... If we finish up here and it is still out of whack I will have to refresh or repave I guess. I would still like to see if we can find anything though...

As you can see, I had run this previously when I was trying to get rid of the annoying trovi homepage/search annoyance about a month ago - as well as the ant tool bar (although that was not a real issue but removed it anyway). For completeness, I will attach those logs below as well.

# AdwCleaner v5.201 - Logfile created 11/07/2016 at 00:07:44
# Updated 30/06/2016 by ToolsLib
# Database : 2016-07-10.1 [Server]
# Operating system : Windows 10 Home (X64)
# Username : Jacob - MOBILELABMAX
# Running from : C:\Users\Jacob\Desktop\adwcleaner_5.201.exe
# Option : Scan
# Support : https://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

Folder Found : C:\Users\Jacob\AppData\Roaming\tencent
Folder Found : C:\Users\Jacob\AppData\Roaming\Mozilla\Firefox\Profiles\tfg0qaaa.default\extensions\anttoolbar@ant.com

***** [ Files ] *****


***** [ DLL ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [2266 bytes] - [05/06/2016 13:32:33]
C:\AdwCleaner\AdwCleaner[S1].txt - [2245 bytes] - [05/06/2016 13:30:38]
C:\AdwCleaner\AdwCleaner[S2].txt - [950 bytes] - [11/07/2016 00:07:44]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1022 bytes] ##########



OLD LOGS of past runs added for completeness...

# AdwCleaner v5.119 - Logfile created 05/06/2016 at 13:30:38
# Updated 30/05/2016 by Xplode
# Database : 2016-06-03.1 [Server]
# Operating system : Windows 10 Home (X64)
# Username : Jacob - MOBILELABMAX
# Running from : C:\Users\Jacob\Downloads\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

Folder Found : C:\Users\Jacob\AppData\Roaming\Mozilla\Firefox\Profiles\tfg0qaaa.default\extensions\anttoolbar@ant.com

***** [ Files ] *****

File Found : C:\WINDOWS\apppatch\apppatch64\vcldr64.dll
File Found : C:\WINDOWS\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
File Found : C:\WINDOWS\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb
File Found : C:\WINDOWS\AppPatch\nbin\VC32Loader.dll

***** [ DLL ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\SearchProtect
Key Found : HKLM\SOFTWARE\SPPDCOM
Key Found : HKU\S-1-5-21-1000113554-1559343911-2160561676-1001\Software\SearchProtect
Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll

***** [ Web browsers ] *****

[C:\Users\Jacob\AppData\Roaming\Mozilla\Firefox\Profiles\tfg0qaaa.default\prefs.js] Found : user_pref("browser.newtab.url", "hxxp://www.trovi.com/?gd=&ctid=CT3321848&octid=EB_ORIGINAL_CTID&ISID=M9937B95D-26E8-4413-8D7C-FBA5768A248F&SearchSource=69&CUI=&SSPV=&Lay=1&UM=8&UP=SPE68E6DFC-A5D8-4A7[...]
[C:\Users\Jacob\AppData\Roaming\Mozilla\Firefox\Profiles\tfg0qaaa.default\prefs.js] Found : user_pref("browser.startup.homepage", "hxxp://www.trovi.com/?gd=&ctid=CT3321848&octid=EB_ORIGINAL_CTID&ISID=M9937B95D-26E8-4413-8D7C-FBA5768A248F&SearchSource=55&CUI=&UM=8&UP=SPE68E6DFC-A5D8-4A7B-B2B8[...]

*************************

C:\AdwCleaner\AdwCleaner[S1].txt - [2089 bytes] - [05/06/2016 13:30:38]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2162 bytes] ##########



# AdwCleaner v5.119 - Logfile created 05/06/2016 at 13:32:33
# Updated 30/05/2016 by Xplode
# Database : 2016-06-03.1 [Server]
# Operating system : Windows 10 Home (X64)
# Username : Jacob - MOBILELABMAX
# Running from : C:\Users\Jacob\Downloads\AdwCleaner.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Users\Jacob\AppData\Roaming\Mozilla\Firefox\Profiles\tfg0qaaa.default\extensions\anttoolbar@ant.com

***** [ Files ] *****

[-] File Deleted : C:\WINDOWS\apppatch\apppatch64\vcldr64.dll
[-] File Deleted : C:\WINDOWS\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
[-] File Deleted : C:\WINDOWS\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb
[-] File Deleted : C:\WINDOWS\AppPatch\nbin\VC32Loader.dll

***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\SearchProtect
[-] Key Deleted : HKLM\SOFTWARE\SPPDCOM
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs]

***** [ Web browsers ] *****

[-] [C:\Users\Jacob\AppData\Roaming\Mozilla\Firefox\Profiles\tfg0qaaa.default\prefs.js] Deleted : user_pref("browser.newtab.url", "hxxp://www.trovi.com/?gd=&ctid=CT3321848&octid=EB_ORIGINAL_CTID&ISID=M9937B95D-26E8-4413-8D7C-FBA5768A248F&SearchSource=69&CUI=&SSPV=&Lay=1&UM=8&UP=SPE68E6DFC-A5D8-4A7[...]
[-] [C:\Users\Jacob\AppData\Roaming\Mozilla\Firefox\Profiles\tfg0qaaa.default\prefs.js] Deleted : user_pref("browser.startup.homepage", "hxxp://www.trovi.com/?gd=&ctid=CT3321848&octid=EB_ORIGINAL_CTID&ISID=M9937B95D-26E8-4413-8D7C-FBA5768A248F&SearchSource=55&CUI=&UM=8&UP=SPE68E6DFC-A5D8-4A7B-B2B8[...]

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [2037 bytes] - [05/06/2016 13:32:33]
C:\AdwCleaner\AdwCleaner[S1].txt - [2245 bytes] - [05/06/2016 13:30:38]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2183 bytes] ##########
askjacob
Active Member
 
Posts: 12
Joined: July 4th, 2016, 4:12 am

Re: Defender found malware, defender now won't run

Unread postby capnkrunch » July 11th, 2016, 6:36 pm

Hello Jacob :)

There's nothing major in your logs so far. Let's do some more general purpose scans to see if there's anything we missed.

Step one...

AdwCleaner - Scan Only
  • You should still have adwcleaner.exe on your Desktop. If not please download it HERE.
  • Close all open programs and windows so that you are at your Desktop.
  • Right click on adwcleaner.exe and click Run as administrator.
  • Click on the Scan button.
    When the scan finishes, you'll see a message in the AdwCleaner window: "Waiting for action. Please uncheck elements you want to keep."
  • Ant Toolbar is a false positive. If you would like to keep it, uncheck the following entry from the Folders tab:
    C:\Users\Jacob\AppData\Roaming\Mozilla\Firefox\Profiles\tfg0qaaa.default\extensions\anttoolbar@ant.com
  • Click on Cleaning.
  • Once finished AdwCleaner will prompt you to reboot. Please allow it to do so.
  • On reboot a log will open AdwCleaner[Cx].txt. Copy and paste the contents of that logfile in your reply.

Step two...

Malwarebytes Anti-Malware (MBAM) Scan
  • Please download Malwarebytes Anti-Malware.
  • Double-click the mbam-setup-*version*.exe file and follow any prompts to install MBAM. Before you click Finish ensure that Lauch Malwarebytes Anti-Malware is checked.
  • When MBAM launches all it to update its databases if prompted. You will need to be connected to the internet for this.
  • Click Scan Now. MBAM will proceed to scan your computer.
  • If prompted to allow a reboot please do so.
    Failing to reboot when asked can prevent MBAM from removing all the malware it finds.
  • Once the scan is finished click Save Results >> in the bottom right corner and select Copy to Clipboard. Paste the results in your next reply.
  • If MBAM required a reboot please do the following to get the report:
    • On reboot reopen MBAM.
    • Click History and then click the most recent Scan Log.
    • Click Export and then click Copy to Clipboard. Paste the results in your next reply.

Step three...

ESET Online Scanner
NOTE: ESET Online Scanner can be run from Internet Explorer, Firefox, or Chrome.
  • First please disable any antivirus you have active, as shown in this topic.
  • Close all open programs and windows.
  • Open your browser.
  • Go to the ESET Online Scanner site.
  • Click on the green Run Scanner button.
    • If using Firefox or Chrome, you will need to download a small utility.
    • Double-click esetsmartinstaller_enu.exe to run it.
  • Check the box to agree to the terms of use and click Start.
    • If using Internet Explorer, click Install when prompted to install the add-on.
  • Check Enable detection of of potentially unwanted applications.
  • Click Advanced settings.
  • UNCHECK Remove found threats.
  • Ensure the following are checked:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start.
  • ESET Online Scanner will download its virus signature database then automatically start the scan.
    The scan will take a while. Please be patient and do not use your computer during the scan. Some people find it best to let the scan run overnight.
  • When the scan completes click Copy to clipboard. Paste the results into your reply.
  • You can now exit the program using the X in the top-right.
    Note: If no threats are found, there is no option to create a log. Just report back to me there was nothing found.
IMPORTANT: Do not forget to re-enable your antivirus software.
User avatar
capnkrunch
MRU Master
MRU Master
 
Posts: 793
Joined: March 20th, 2015, 6:41 pm
Location: Chicago

Re: Defender found malware, defender now won't run

Unread postby askjacob » July 13th, 2016, 9:20 pm

Step 1. AdwCleaner.

All Done. I might add that Win10 decided to also do some Updates during the reboot process (hooray).

Pasting the log below, then moving on to step 2

# AdwCleaner v5.201 - Logfile created 14/07/2016 at 11:05:36
# Updated 30/06/2016 by ToolsLib
# Database : 2016-07-13.1 [Server]
# Operating system : Windows 10 Home (X64)
# Username : Jacob - MOBILELABMAX
# Running from : C:\Users\Jacob\Desktop\adwcleaner_5.201.exe
# Option : Clean
# Support : https://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Users\Jacob\AppData\Roaming\tencent
[-] Folder Deleted : C:\Users\Jacob\AppData\Roaming\Mozilla\Firefox\Profiles\tfg0qaaa.default\extensions\anttoolbar@ant.com

***** [ Files ] *****


***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [2266 bytes] - [05/06/2016 13:32:33]
C:\AdwCleaner\AdwCleaner[C2].txt - [978 bytes] - [14/07/2016 11:05:36]
C:\AdwCleaner\AdwCleaner[S1].txt - [2245 bytes] - [05/06/2016 13:30:38]
C:\AdwCleaner\AdwCleaner[S2].txt - [1101 bytes] - [11/07/2016 00:07:44]
C:\AdwCleaner\AdwCleaner[S3].txt - [1175 bytes] - [14/07/2016 11:01:53]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1269 bytes] ##########
askjacob
Active Member
 
Posts: 12
Joined: July 4th, 2016, 4:12 am

Re: Defender found malware, defender now won't run

Unread postby askjacob » July 13th, 2016, 9:42 pm

Step 2. Malwarebytes:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 14/07/2016
Scan Time: 11:28 AM
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.07.13.13
Rootkit Database: v2016.05.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Jacob

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 310761
Time Elapsed: 11 min, 32 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 3
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\LAYERS\VC32LDR , , [5a3777ac7624ef47a1f6dcddbe45916f],
PUP.Optional.SearchProtect.AppFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, , [b1e0ea39970374c2a0cf24ba1ae943bd],
PUP.Optional.SearchProtect.AppFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, , [c2cf4ed5e0ba80b65719b42ad42f857b],

Registry Values: 8
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\chrome.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 131095660480880382, , [a6eb4dd665353501870f596053b0e51b]
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\explorer.xxx|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 131095660480880382, , [6b26da49396158dec8ce9623669da55b]
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\firefox.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 131095660480880382, , [aee3de45b7e3a195b7df1e9b4bb8c43c]
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\iexplore.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 131095660480880382, , [0190ca59b9e1be78861009b00300bc44]
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\software_removal_tool.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 131095660480880382, , [1e7341e20c8ead89c2d48d2c659e6b95]
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\software_reporter_tool.exe|{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 131095660480880382, , [d7bac95ad0cafd39276f5960966d3bc5]
PUP.Optional.Trovi, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\CUSTOM\LAYERS\VC32Ldr |{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb, 131095660480880382, , [5a3777ac7624ef47a1f6dcddbe45916f]
PUP.Optional.Conduit, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SVCHOST|ORBTR, Orbiter^^, , [abe63de6fd9df93d493a8d46738f817f]

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
askjacob
Active Member
 
Posts: 12
Joined: July 4th, 2016, 4:12 am

Re: Defender found malware, defender now won't run

Unread postby askjacob » July 14th, 2016, 3:06 am

Step 3 - Eset Online Scanner

This one is - Interesting. It gets about 80 percent done. It finds 10 threats on the way up to here, when it finds the 11th one, the eset dialog goes wonky and it eset crashes. I rebooted and tried again with the same result, although I took a screenshot this time before it crashed out just in case...

The way eset crashes is it just sits there with the dialogue looking like the screenshot I showed, it does not progress any further (I left it for over an hour just in case it was just some graphical glitch and it was still chugging along) and as soon as you click anywhere on the app it does the usual windows "this application has stopped responding" business...

Didn't want to wing it from here, so am waiting to hear from you. I was tempted to download the trial version but held back :)

Cheers
Jacob
You do not have the required permissions to view the files attached to this post.
askjacob
Active Member
 
Posts: 12
Joined: July 4th, 2016, 4:12 am

Re: Defender found malware, defender now won't run

Unread postby capnkrunch » July 14th, 2016, 1:56 pm

Hello Jacob :)

There's definitely some junk left over from Trovi. Strange that ESET is crashing though, I don't think that would be the cause. Anyways, please run the following:

Step one...

FRST - Search Registry
  • You should still have FRST64.exe in your Downloads folder. If not please download it HERE.
  • Right click FRST64.exe and select Run as administrator.
  • Copy and paste the following into the Search box:
    trovi;searchprotect;conduit;bvyvbvyb;VC32L;ORBTR;Orbiter;NextSearch;NSCltmng;avaavaxvyy;spro;CltMngSvc;sonocontrol;SPPD
  • Click Search Registry. The scan can take 10 minutes or more to complete.
  • You will get a popup telling you when the search has completed. Click OK.
  • This will open a file Search.txt. Please copy and paste the contents in your reply.
    Search.txt can also be found in the same folder FRST was run from.

Step two...

Sophos Virus Removal Tool Install
  • Please download the [url='http://downloads.sophos.com/tools/withides/Sophos%20Virus%20Removal%20Tool.exe']Sophos Virus Removal Tool[/url] and save it to your Desktop.
  • Right click on Sophos Virus Removal Tool.exe and select Run as administrator.
  • Click Next.
  • Select I accept the terms in the license agreement to accept the EULA and click Next.
  • Click Next then Install. Once the install finishes click Finish.

Sophos Virus Removal Tool Scan and Clean
  • Click Start.
  • Type Sophos Virus Removal Tool into the search box and select it from the results.
  • Once the tool finishes updating click Start scanning.
  • If any threats are found click Start cleanup.
    • If prompted to allow a reboot please do so.
    • After the cleanup is finish and the computer is rebooted (if required) click Details then View log file....
    • Copy and paste the contents in your reply.
  • If no threats were found just let me know.


Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

In your next reply please include:
  • Did you have any problems with the instructions?
  • Search.txt
  • The Sophos log
  • Are there any changes in computer behavior?
User avatar
capnkrunch
MRU Master
MRU Master
 
Posts: 793
Joined: March 20th, 2015, 6:41 pm
Location: Chicago

Re: Defender found malware, defender now won't run

Unread postby askjacob » July 16th, 2016, 9:22 am

Here we go :)

Step 1. Search.txt from FRST. No Problems running it. I am having trouble posting it though. It would end up needing to be broken up into 3 posts, so I am going to bend the rules and just attach it I'm afraid.

Step 2. Ran fine. Found 2 things - however these were in a folder that has a backup copy of a family member's failing harddrive, nothing that has been executed or run on the machine. I cleaned it up anyway. Log below:

2016-07-15 12:57:56.484 Sophos Virus Removal Tool version 2.5.5
2016-07-15 12:57:56.484 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2016-07-15 12:57:56.484 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2016-07-15 12:57:56.484 Windows version 6.2 SP 0.0 build 9200 SM=0x300 PT=0x1 WOW64
2016-07-15 12:57:56.484 Checking for updates...
2016-07-15 12:57:56.497 Update progress: proxy server not available
2016-07-15 12:58:34.847 Option all = no
2016-07-15 12:58:34.847 Option recurse = yes
2016-07-15 12:58:34.930 Option archive = no
2016-07-15 12:58:34.930 Option service = yes
2016-07-15 12:58:34.930 Option confirm = yes
2016-07-15 12:58:34.930 Option sxl = yes
2016-07-15 12:58:34.930 Option max-data-age = 35
2016-07-15 12:58:34.930 Option EnableSafeClean = yes
2016-07-15 12:58:37.723 Option vdl-logging = yes
2016-07-15 12:58:37.726 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2016-07-15 12:58:37.726 Machine ID: 37bad7ae53994fe894ba48d79f257e2d
2016-07-15 12:58:37.727 Component SVRTcli.exe version 2.5.5
2016-07-15 12:58:37.727 Component control.dll version 2.5.5
2016-07-15 12:58:37.728 Component SVRTservice.exe version 2.5.5
2016-07-15 12:58:37.728 Component engine\osdp.dll version 1.44.1.2250
2016-07-15 12:58:37.728 Component engine\veex.dll version 3.65.0.2250
2016-07-15 12:58:37.728 Component engine\savi.dll version 9.0.1.2250
2016-07-15 12:58:37.728 Component rkdisk.dll version 1.5.30.0
2016-07-15 12:58:37.728 Version info: Product version 2.5.5
2016-07-15 12:58:37.729 Version info: Detection engine 3.65.0
2016-07-15 12:58:37.729 Version info: Detection data 5.26
2016-07-15 12:58:37.729 Version info: Build date 5/04/2016
2016-07-15 12:58:37.729 Version info: Data files added 633
2016-07-15 12:58:37.729 Version info: Last successful update (not yet updated)
2016-07-15 12:59:53.652 Downloading updates...
2016-07-15 12:59:53.678 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2016-07-15 12:59:53.678 Update progress: [I49502] Found supplement SAVIW32 LATEST
2016-07-15 12:59:53.678 Update progress: [I49502] Found supplement IDE527 LATEST
2016-07-15 12:59:53.678 Update progress: [I49502] Found supplement IDE528 LATEST
2016-07-15 12:59:53.678 Update progress: [I49502] Found supplement IDE529 LATEST
2016-07-15 12:59:53.678 Update progress: [I49502] Found supplement IDE530 LATEST
2016-07-15 12:59:53.678 Update progress: [I49502] Found supplement IDE531 LATEST
2016-07-15 12:59:53.678 Update progress: [I49502] Found supplement IDE532 LATEST
2016-07-15 12:59:53.678 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2016-07-15 12:59:53.678 Update progress: [I19463] Syncing product SAVIW32 70
2016-07-15 13:00:28.509 Update progress: [I19463] Syncing product IDE527 142
2016-07-15 13:00:30.250 Installing updates...
2016-07-15 13:00:30.856 Error level 1
2016-07-15 13:00:31.189 Update progress: [I19463] Syncing product IDE528 127
2016-07-15 13:00:31.189 Update progress: [I19463] Syncing product IDE529 135
2016-07-15 13:00:31.189 Update progress: [I19463] Syncing product IDE530 214
2016-07-15 13:00:31.189 Update progress: [I19463] Syncing product IDE531 22
2016-07-15 13:00:31.189 Update progress: [I19463] Syncing product IDE532 1
2016-07-15 13:00:53.458 Update successful
2016-07-15 13:01:09.240 Option all = no
2016-07-15 13:01:09.240 Option recurse = yes
2016-07-15 13:01:09.240 Option archive = no
2016-07-15 13:01:09.240 Option service = yes
2016-07-15 13:01:09.240 Option confirm = yes
2016-07-15 13:01:09.240 Option sxl = yes
2016-07-15 13:01:09.241 Option max-data-age = 35
2016-07-15 13:01:09.241 Option EnableSafeClean = yes
2016-07-15 13:01:09.709 Option vdl-logging = yes
2016-07-15 13:01:09.711 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2016-07-15 13:01:09.711 Machine ID: 37bad7ae53994fe894ba48d79f257e2d
2016-07-15 13:01:09.712 Component SVRTcli.exe version 2.5.5
2016-07-15 13:01:09.712 Component control.dll version 2.5.5
2016-07-15 13:01:09.712 Component SVRTservice.exe version 2.5.5
2016-07-15 13:01:09.712 Component engine\osdp.dll version 1.44.1.2250
2016-07-15 13:01:09.712 Component engine\veex.dll version 3.65.0.2250
2016-07-15 13:01:09.712 Component engine\savi.dll version 9.0.1.2250
2016-07-15 13:01:09.712 Component rkdisk.dll version 1.5.30.0
2016-07-15 13:01:09.712 Version info: Product version 2.5.5
2016-07-15 13:01:09.713 Version info: Detection engine 3.65.0
2016-07-15 13:01:09.713 Version info: Detection data 5.26
2016-07-15 13:01:09.713 Version info: Build date 5/04/2016
2016-07-15 13:01:09.713 Version info: Data files added 633
2016-07-15 13:01:09.713 Version info: Last successful update 15/07/2016 11:00:53 PM

2016-07-15 13:15:30.277 Could not open C:\hiberfil.sys
2016-07-15 13:15:32.554 Could not open C:\pagefile.sys
2016-07-15 13:35:12.374 Could not open C:\swapfile.sys
2016-07-15 13:35:12.551 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-07-15 13:35:12.551 Could not open C:\System Volume Information\{3e8379c6-4a77-11e6-9bf5-185e0f1c3f17}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-07-15 13:35:12.551 Could not open C:\System Volume Information\{e00c384b-4894-11e6-9bf4-185e0f1c3f17}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-07-15 13:57:31.115 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2016-07-15 13:57:31.116 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2016-07-15 13:57:36.073 Could not open C:\Windows\System32\config\BBI
2016-07-15 13:57:36.270 Could not open C:\Windows\System32\config\RegBack\DEFAULT
2016-07-15 13:57:36.270 Could not open C:\Windows\System32\config\RegBack\SAM
2016-07-15 13:57:36.271 Could not open C:\Windows\System32\config\RegBack\SECURITY
2016-07-15 13:57:36.279 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2016-07-15 13:57:36.280 Could not open C:\Windows\System32\config\RegBack\SYSTEM
2016-07-15 14:21:43.340 >>> Virus 'Mal/FakeAvCn-C' found in file D:\Recover\Bakers\AppData\Local\0hm8dAmI30gA
2016-07-15 14:25:32.918 >>> Virus 'Troj/FakeCfg-A' found in file D:\Recover\Bakers\AppData\Roaming\B8131B0C2E91BC72554EB6CAC617B5FE\local.ini
2016-07-15 14:25:36.008 Could not check D:\Recover\Bakers\AppData\Roaming\Microsoft\Templates\Normal.dot (corrupt)
2016-07-15 14:25:41.433 >>> Virus 'Mal/FakeAvCn-C' found in file D:\Recover\Bakers\AppData\Roaming\Microsoft\Windows\Templates\0hm8dAmI30gA
2016-07-15 14:39:40.997 The following items will be cleaned up:
2016-07-15 14:39:40.997 Mal/FakeAvCn-C
2016-07-15 14:39:40.997 Troj/FakeCfg-A
2016-07-16 13:15:21.931 Threat 'Mal/FakeAvCn-C' has been cleaned up.
2016-07-16 13:15:21.953 File "D:\Recover\Bakers\AppData\Local\0hm8dAmI30gA" belongs to malware 'Mal/FakeAvCn-C'.
2016-07-16 13:15:21.953 File "D:\Recover\Bakers\AppData\Local\0hm8dAmI30gA" has been cleaned up.
2016-07-16 13:15:21.953 File "D:\Recover\Bakers\AppData\Roaming\Microsoft\Windows\Templates\0hm8dAmI30gA" belongs to malware 'Mal/FakeAvCn-C'.
2016-07-16 13:15:21.953 File "D:\Recover\Bakers\AppData\Roaming\Microsoft\Windows\Templates\0hm8dAmI30gA" has been cleaned up.
2016-07-16 13:15:21.953 Removal successful
2016-07-16 13:15:26.410 Threat 'Troj/FakeCfg-A' has been cleaned up.
2016-07-16 13:15:26.410 File "D:\Recover\Bakers\AppData\Roaming\B8131B0C2E91BC72554EB6CAC617B5FE\local.ini" belongs to 'Troj/FakeCfg-A'.
2016-07-16 13:15:26.410 File "D:\Recover\Bakers\AppData\Roaming\B8131B0C2E91BC72554EB6CAC617B5FE\local.ini" has been cleaned up.
2016-07-16 13:15:26.410 Removal successful
2016-07-16 13:15:26.666 Contents of SafeClean bin directory:
2016-07-16 13:15:26.699 {
2016-07-16 13:15:26.699 RecordID : "0000000000000001",
2016-07-16 13:15:26.699 ItemType : "1",
2016-07-16 13:15:26.699 Location : "D:\Recover\Bakers\AppData\Local\",
2016-07-16 13:15:26.699 FileName : "0hm8dAmI30gA",
2016-07-16 13:15:26.699 ThreatName : "Mal/FakeAvCn-C",
2016-07-16 13:15:26.699 Checksum : "f1fad2e9f2328c5f699d9dcec2ee9fb0670010c3a4781b4c67f6743b25c46e02",
2016-07-16 13:15:26.699 TimeStamp : "Sat Jul 16 23:15:09 2016"
2016-07-16 13:15:26.699 }
2016-07-16 13:15:26.699 {
2016-07-16 13:15:26.699 RecordID : "0000000000000002",
2016-07-16 13:15:26.699 ItemType : "1",
2016-07-16 13:15:26.699 Location : "D:\Recover\Bakers\AppData\Roaming\Microsoft\Windows\Templates\",
2016-07-16 13:15:26.699 FileName : "0hm8dAmI30gA",
2016-07-16 13:15:26.699 ThreatName : "Mal/FakeAvCn-C",
2016-07-16 13:15:26.699 Checksum : "f1fad2e9f2328c5f699d9dcec2ee9fb0670010c3a4781b4c67f6743b25c46e02",
2016-07-16 13:15:26.699 TimeStamp : "Sat Jul 16 23:15:09 2016"
2016-07-16 13:15:26.699 }
2016-07-16 13:15:26.699 {
2016-07-16 13:15:26.699 RecordID : "0000000000000003",
2016-07-16 13:15:26.699 ItemType : "1",
2016-07-16 13:15:26.699 Location : "D:\Recover\Bakers\AppData\Roaming\B8131B0C2E91BC72554EB6CAC617B5FE\",
2016-07-16 13:15:26.699 FileName : "local.ini",
2016-07-16 13:15:26.699 ThreatName : "Troj/FakeCfg-A",
2016-07-16 13:15:26.699 Checksum : "3c4444727653981125d017ade4c20c5241521b124abb74e611e200d304d99e09",
2016-07-16 13:15:26.699 TimeStamp : "Sat Jul 16 23:15:21 2016"
2016-07-16 13:15:26.699 }
2016-07-16 13:15:27.377 Error level 0
You do not have the required permissions to view the files attached to this post.
askjacob
Active Member
 
Posts: 12
Joined: July 4th, 2016, 4:12 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 129 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware