TechSpot

Trackers/Adware/general malware/can't install MBAM

By MatCauthon
Dec 19, 2015
  1. So I accidentally ran a program that loaded some malware and has been causing system bogging down and appears to be blocking me from accessing certain sites, especially malware removal sites. I get "internal server error" for bleepingcomputer and cannot access it to download FRST.
    And before I tried that stuff and came here, it's been blocking me from running the installer for MBAM.
    I've already backed up the registry with Tweaking.com's tool, and besides running spybot Home Edition to try and clean up whatever it's catching, I've not run any other tools. Please help? As I said, I don't seem to be able to access FRST through bleepingcomputer's site.

    Thanks in advance!
     
  2. MatCauthon

    MatCauthon TS Rookie Topic Starter Posts: 20

    Okay. So after searching and trying, I've managed to find, download and run FRST through a softpedia link. Logs are as follows:

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-11-2015
    Ran by Matt (administrator) on ONEPUTER (19-12-2015 12:43:53)
    Running from C:\Users\Matt\Desktop\Downloads
    Loaded Profiles: Matt (Available Profiles: Matt & Sarah)
    Platform: Windows 8.1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (ASUS) C:\Program Files\ASUS\ASUS FlipLock\FlipService.exe
    (ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe
    () C:\Program Files\ASUS\ASUS FlipLock\FlipController.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe
    (Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
    (Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
    (Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
    (Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
    (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
    (sturdy) C:\Windows\wandering.exe
    (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
    (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    () C:\Program Files\ASUS\ASUS FlipLock\FlipController.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
    (ASUSTek Computer INC.) C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe
    (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    () C:\Program Files (x86)\field\difficult.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    () C:\Program Files (x86)\calculate\blink.exe
    (windows 99) C:\Program Files (x86)\calculate\relation.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
    (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
    (Nico Mak Computing) C:\Program Files\WinZip\FAH\FAHWindow64.exe
    (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
    (BitTorrent Inc.) C:\Users\Matt\AppData\Roaming\uTorrent\uTorrent.exe
    (BitTorrent Inc.) C:\Users\Matt\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe
    (BitTorrent Inc.) C:\Users\Matt\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
    HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe [114048 2013-10-17] (Intel Corporation)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-09] (Apple Inc.)
    HKLM\...\Run: [cutoauto] => C:\Program Files (x86)\calculate\blink.exe [42739 2015-12-18] ()
    HKLM\...\Run: [interpee] => C:\Program Files (x86)\calculate\relation.exe [33792 2015-12-18] (windows 99)
    HKLM\...\Run: [autoauto] => C:\Program Files (x86)\calculate\relation.exe [33792 2015-12-18] (windows 99)
    HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24952456 2015-12-08] (Dropbox, Inc.)
    HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [74752 2015-09-01] ()
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
    HKLM-x32\...\Run: [cutoauto] => C:\Program Files (x86)\calculate\blink.exe [42739 2015-12-18] ()
    HKLM-x32\...\Run: [interpee] => C:\Program Files (x86)\calculate\relation.exe [33792 2015-12-18] (windows 99)
    HKLM-x32\...\Run: [autoauto] => C:\Program Files (x86)\calculate\relation.exe [33792 2015-12-18] (windows 99)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.)
    HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-10-21] (Apple Inc.)
    HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [103696 2015-10-21] (Apple Inc.)
    HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\Run: [GoogleChromeAutoLaunch_952AA941B71FA68F2EFC80A225B9EE63] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [741704 2015-12-10] (Google Inc.)
    HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22790776 2015-11-04] (Google)
    HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\Run: [rutoauto] => C:\Program Files (x86)\calculate\relation.exe [33792 2015-12-18] (windows 99)
    HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\Run: [dutoauto] => C:\Program Files (x86)\calculate\blink.exe [42739 2015-12-18] ()
    HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\Run: [interpee] => C:\Program Files (x86)\calculate\relation.exe [33792 2015-12-18] (windows 99)
    HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\Run: [tslwll] => rundll32.exe "C:\Users\Matt\AppData\Local\tslwll.dll",tslwll <===== ATTENTION
    HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [349680 2014-03-08] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
    ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.2.0.496\ASUSWSShellExt64.dll [2014-11-18] (ASUS Cloud Corporation.)
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.2.0.496\ASUSWSShellExt64.dll [2014-11-18] (ASUS Cloud Corporation.)
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.2.0.496\ASUSWSShellExt64.dll [2014-11-18] (ASUS Cloud Corporation.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-09-21]
    ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2015-09-21]
    ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
    Startup: C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\intr.lnk [2015-12-18]
    ShortcutTarget: intr.lnk -> C:\Program Files (x86)\calculate\relation.exe (windows 99)
    BootExecute: autocheck autochk * sdnclean64.exebddel.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 1 <======= ATTENTION (Restriction - ProxySettings)
    ProxyEnable: [HKLM] => Proxy is enabled.
    ProxyEnable: [HKLM-x32] => Proxy is enabled.
    ProxyServer: [HKLM] => http=127.0.0.1:8877;https=127.0.0.1:8877
    ProxyServer: [HKLM-x32] => http=127.0.0.1:8877;https=127.0.0.1:8877
    AutoConfigURL: [HKLM] => http=127.0.0.1:8877;https=127.0.0.1:8877
    ProxyEnable: [S-1-5-21-3521546551-3123563252-608694627-1001] => Proxy is enabled.
    ProxyServer: [S-1-5-21-3521546551-3123563252-608694627-1001] => http=127.0.0.1:8877;https=127.0.0.1:8877
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    Tcpip\..\Interfaces\{AE6BC52A-FEAC-49D8-AB5D-FDE9F836AD83}: [DhcpNameServer] 192.168.1.254
    Tcpip\..\Interfaces\{BC48F90C-37A5-4AD2-AD2E-8127DC1EAB34}: [DhcpNameServer] 192.168.1.254

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-3521546551-3123563252-608694627-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-28] (Oracle Corporation)
    BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-28] (Oracle Corporation)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
    Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)

    FireFox:
    ========
    FF ProfilePath: C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\ymvdel8q.default
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-10-23] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-10-23] (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-28] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-28] (Oracle Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] ()
    FF Plugin HKU\S-1-5-21-3521546551-3123563252-608694627-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Matt\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-07-08] (Citrix Online)

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.google.com/
    CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://search.conduit.com/?ctid=CT3321972&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP1DEBDCBC-CD28-4322-B325-1D501BE2EF03&SSPV=","hxxp://search.yahoo.com/?type=599486&fr=spigot-yhp-ch"
    CHR Session Restore: Default -> is enabled.
    CHR Profile: C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Entanglement Web App) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2015-06-14]
    CHR Extension: (Google Drive) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-18]
    CHR Extension: (Adblock Plus) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-11-26]
    CHR Extension: (Netflix) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh [2015-06-14]
    CHR Extension: (Pandora) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2015-06-14]
    CHR Extension: (iCloud Bookmarks) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2015-07-26]
    CHR Extension: (Google Docs Offline) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-23]
    CHR Extension: (Skype) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-12-18]
    CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-11-18]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-26]
    CHR HKU\S-1-5-21-3521546551-3123563252-608694627-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Matt\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-11-15]
    CHR HKU\S-1-5-21-3521546551-3123563252-608694627-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
    R2 ASUS Flip Service; C:\Program Files\ASUS\ASUS FlipLock\FlipService.exe [8704 2014-04-15] (ASUS) [File not signed]
    R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe [71680 2014-02-24] (ASUS Cloud Corporation) [File not signed]
    R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
    R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
    R2 DACoreService; C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe [432528 2013-05-02] (Nuance Communications, Inc.)
    S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-07] (Dropbox, Inc.)
    S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-07] (Dropbox, Inc.)
    R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [117704 2013-10-17] (Intel Corporation)
    R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [116680 2013-10-17] (Intel Corporation)
    R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [148160 2013-10-17] (Intel Corporation)
    R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [126952 2013-10-17] (Intel Corporation)
    R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-27] (WildTangent)
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [827392 2013-09-02] (Intel(R) Corporation) [File not signed]
    R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-10-23] (Intel Corporation)
    R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [200168 2013-12-04] ()
    R2 jelly; C:\Windows\wandering.exe [16896 2015-12-18] (sturdy) [File not signed]
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-10-23] (Intel Corporation)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-17] ()
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
    R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-17] (Intel® Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [71952 2014-03-31] (ASUS Corporation)
    R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
    R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
    R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1408824 2013-10-18] (Motorola Solutions, Inc.)
    R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [145640 2013-10-17] (Intel Corporation)
    R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [116752 2013-10-17] (Intel Corporation)
    R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [289744 2013-10-17] (Intel Corporation)
    R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [494296 2013-10-17] (Intel Corporation)
    S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
    R3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [24568 2013-08-08] (Intel Corporation)
    R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [99320 2013-08-08] (Intel Corporation)
    R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [142280 2013-10-18] (Intel Corporation)
    R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-13] ()
    R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-13] ()
    R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-13] ()
    R3 INVN_MotionApps; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-30] (Microsoft Corporation)
    R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-13] ()
    R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-05] ( )
    R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-10-23] (Intel Corporation)
    R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3434464 2014-03-13] (Intel Corporation)
    R1 SDHookDriver; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [64160 2014-04-25] ()
    R3 SensorsAlsDriver; C:\Windows\System32\drivers\WUDFRd.sys [227840 2014-05-30] (Microsoft Corporation)
    R3 SensorsServiceDriver; C:\Windows\System32\drivers\WUDFRd.sys [227840 2014-05-30] (Microsoft Corporation)
    S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44024 2015-02-03] (Microsoft Corporation)
    S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [264000 2015-02-03] (Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
    S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
    U0 msahci; system32\drivers\msahci.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-12-19 12:43 - 2015-12-19 12:43 - 00000000 ____D C:\FRST
    2015-12-19 12:07 - 2015-12-19 12:07 - 00000000 ____D C:\Users\Matt\AppData\LocalLow\uTorrent
    2015-12-19 11:35 - 2015-11-02 18:22 - 00000035 _____ C:\Windows\system32\Drivers\etc\hosts.20151219-113523.backup
    2015-12-18 22:12 - 2015-12-18 22:13 - 22908888 _____ (Malwarebytes ) C:\Users\Matt\Desktop\mbam-setup-2.2.0.1024.exe
    2015-12-18 20:37 - 2015-12-18 20:43 - 00000000 ____D C:\Users\Matt\AppData\Local\Mozilla
    2015-12-18 20:37 - 2015-12-18 20:37 - 00001173 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2015-12-18 20:37 - 2015-12-18 20:37 - 00001161 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2015-12-18 20:37 - 2015-12-18 20:37 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Mozilla
    2015-12-18 20:36 - 2015-12-18 20:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2015-12-18 18:24 - 2015-12-18 18:24 - 00000000 ____D C:\Program Files (x86)\satisfy
    2015-12-18 17:56 - 2015-12-18 17:56 - 00000000 ____D C:\RegBackup
    2015-12-18 17:55 - 2015-12-19 09:54 - 00002310 _____ C:\Users\Matt\Desktop\Google Chrome.lnk
    2015-12-18 17:55 - 2015-12-18 17:55 - 00000000 ____D C:\Users\Matt\AppData\Local\yuntnani
    2015-12-18 12:16 - 2015-12-18 12:16 - 00009216 _____ C:\Users\Matt\AppData\Local\tslwll.dll
    2015-12-18 12:16 - 2015-12-18 12:16 - 00002560 _____ C:\Users\Matt\AppData\Local\uninstall.exe
    2015-12-18 12:15 - 2015-12-18 23:55 - 00003662 _____ C:\Windows\System32\Tasks\8841584884158488415848841584
    2015-12-18 12:14 - 2015-12-19 12:44 - 00004374 _____ C:\Windows\System32\Tasks\489059866771480292
    2015-12-18 12:14 - 2015-12-18 18:23 - 00003812 _____ C:\Windows\System32\Tasks\Grapyy46759876Updates
    2015-12-18 12:14 - 2015-12-18 18:23 - 00003652 _____ C:\Windows\System32\Tasks\MySyy46759876ytemy
    2015-12-18 12:14 - 2015-12-18 17:56 - 00003814 _____ C:\Windows\System32\Tasks\KBnBW4SghhZJI2gx4Twq-ni-2015-12-18-ni-10924
    2015-12-18 12:14 - 2015-12-18 12:14 - 00003812 _____ C:\Windows\System32\Tasks\70960291
    2015-12-18 12:14 - 2015-12-18 12:14 - 00000115 _____ C:\Users\Matt\AppData\Local\dottmpfile.txt
    2015-12-18 12:14 - 2015-12-18 12:14 - 00000050 _____ C:\Windows\key.ini
    2015-12-18 12:14 - 2015-12-18 12:14 - 00000000 ____D C:\Users\Matt\AppData\Local\CEF
    2015-12-18 12:14 - 2015-12-18 12:14 - 00000000 ____D C:\Users\Matt\AppData\Local\26070387
    2015-12-18 12:14 - 2015-12-18 12:14 - 00000000 ____D C:\Users\Matt\AppData\Local\10681602
    2015-12-18 12:14 - 2015-12-18 12:14 - 00000000 ____D C:\Program Files (x86)\field
    2015-12-18 12:14 - 2015-12-18 12:14 - 00000000 ____D C:\Program Files (x86)\calculate
    2015-12-18 12:14 - 2015-12-18 12:14 - 00000000 ____D C:\a
    2015-12-18 12:12 - 2015-12-18 18:16 - 00000000 ____D C:\Program Files (x86)\winwebuse
    2015-12-18 12:05 - 2015-12-19 12:43 - 00000000 ____D C:\Users\Matt\AppData\Roaming\uTorrent
    2015-12-18 11:51 - 2015-12-18 11:51 - 02026520 _____ (BitTorrent Inc.) C:\Users\Matt\Desktop\uTorrent.exe
    2015-12-18 10:59 - 2015-12-18 10:59 - 00042739 _____ C:\Windows\thrill.exe
    2015-12-18 10:59 - 2015-12-18 10:59 - 00033792 _____ (windows 99) C:\Windows\railway.exe
    2015-12-18 10:59 - 2015-12-18 10:59 - 00016896 _____ (sturdy) C:\Windows\wandering.exe
    2015-12-18 10:59 - 2015-12-18 10:59 - 00009216 _____ (forgetful) C:\Windows\behave.exe
    2015-12-18 10:59 - 2015-12-18 10:59 - 00000019 _____ C:\Windows\SysWOW64\83271868.bat
    2015-12-17 22:44 - 2015-12-17 22:44 - 00001767 _____ C:\Users\Public\Desktop\iTunes.lnk
    2015-12-17 22:44 - 2015-12-17 22:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2015-12-17 22:43 - 2015-12-17 22:44 - 00000000 ____D C:\Program Files\iTunes
    2015-12-17 22:43 - 2015-12-17 22:43 - 00000000 ____D C:\Program Files\iPod
    2015-12-17 22:43 - 2015-12-17 22:43 - 00000000 ____D C:\Program Files (x86)\iTunes
    2015-12-17 22:33 - 2015-12-17 22:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
    2015-12-17 22:00 - 2015-12-17 22:00 - 00000000 ____D C:\Users\Matt\Desktop\FamilyPictures'15
    2015-12-11 12:12 - 2015-12-11 12:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
    2015-12-07 13:34 - 2015-12-07 13:34 - 00006144 _____ C:\Users\Matt\AppData\Local\installer.exe
    2015-12-07 13:33 - 2015-12-07 13:33 - 00006656 _____ C:\Users\Matt\AppData\Local\installer4.exe
    2015-12-05 00:00 - 2015-12-05 00:00 - 00000000 ____D C:\Users\Default\AppData\Local\Google
    2015-12-05 00:00 - 2015-12-05 00:00 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
    2015-11-26 22:26 - 2015-12-04 23:03 - 00001339 _____ C:\Users\Matt\Desktop\Shannara Reading List.txt
    2015-11-21 22:42 - 2015-11-21 22:42 - 00001405 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    2015-11-21 22:42 - 2015-11-21 22:42 - 00001393 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    2015-11-21 22:42 - 2015-11-21 22:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    2015-11-21 22:42 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-12-19 12:08 - 2015-07-07 21:57 - 00000922 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
    2015-12-19 12:00 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\system32\sru
    2015-12-19 10:06 - 2015-02-27 12:41 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3521546551-3123563252-608694627-1001
    2015-12-19 09:51 - 2015-02-27 12:39 - 00000000 ___DO C:\Users\Matt\Desktop\OneDrive
    2015-12-19 09:50 - 2015-02-27 12:44 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{EDBD8DFB-6D84-4E3D-B9AD-7E72DA0E9CF5}
    2015-12-19 09:49 - 2015-07-07 22:04 - 00000000 ___RD C:\Users\Matt\Dropbox
    2015-12-19 09:49 - 2015-07-07 21:57 - 00000000 ____D C:\Users\Matt\AppData\Local\Dropbox
    2015-12-19 09:48 - 2015-11-15 18:24 - 00000000 ___RD C:\Users\Matt\Google Drive
    2015-12-19 09:48 - 2015-11-03 21:38 - 00000093 _____ C:\Users\Matt\AppData\Roaming\sp_data.sys
    2015-12-19 09:48 - 2015-06-02 11:23 - 00000000 ___RD C:\Users\Matt\iCloudDrive
    2015-12-19 09:47 - 2015-07-07 21:57 - 00000918 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
    2015-12-19 09:47 - 2015-02-26 22:21 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-12-18 22:18 - 2015-02-28 11:51 - 00000000 ____D C:\Users\Matt\AppData\Local\CrashDumps
    2015-12-18 18:04 - 2014-08-14 08:37 - 01460037 _____ C:\Windows\WindowsUpdate.log
    2015-12-18 18:02 - 2014-03-18 02:03 - 00863596 _____ C:\Windows\system32\PerfStringBackup.INI
    2015-12-18 17:55 - 2015-02-26 22:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2015-12-18 17:53 - 2014-03-18 01:54 - 00660900 _____ C:\Windows\PFRO.log
    2015-12-18 17:53 - 2013-08-22 06:46 - 00084192 _____ C:\Windows\setupact.log
    2015-12-18 17:53 - 2013-08-22 06:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2015-12-18 17:52 - 2013-08-22 05:25 - 00524288 ___SH C:\Windows\system32\config\BBI
    2015-12-17 22:43 - 2015-02-27 15:47 - 00000000 ____D C:\Program Files\Common Files\Apple
    2015-12-11 12:12 - 2015-07-07 21:57 - 00000000 ____D C:\Program Files (x86)\Dropbox
    2015-12-06 23:00 - 2015-09-13 16:59 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Skype
    2015-12-06 20:35 - 2015-02-28 11:35 - 00000000 ____D C:\Users\Matt\Desktop\Images
    2015-12-05 00:00 - 2015-11-15 18:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
    2015-12-04 23:49 - 2015-02-26 22:21 - 00003896 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2015-12-04 23:49 - 2015-02-26 22:21 - 00003660 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2015-12-04 23:49 - 2015-02-26 22:21 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-11-23 21:43 - 2015-03-03 17:51 - 00482816 ___SH C:\Users\Matt\Desktop\Thumbs.db
    2015-11-22 18:03 - 2015-02-27 19:26 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
    2015-11-21 22:42 - 2015-02-27 19:35 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy

    ==================== Files in the root of some directories =======

    2015-11-03 21:38 - 2015-12-19 09:48 - 0000093 _____ () C:\Users\Matt\AppData\Roaming\sp_data.sys
    2015-12-18 12:14 - 2015-12-18 12:14 - 0000115 _____ () C:\Users\Matt\AppData\Local\dottmpfile.txt
    2015-12-07 13:34 - 2015-12-07 13:34 - 0006144 _____ () C:\Users\Matt\AppData\Local\installer.exe
    2015-12-07 13:33 - 2015-12-07 13:33 - 0006656 _____ () C:\Users\Matt\AppData\Local\installer4.exe
    2015-06-08 21:24 - 2015-06-12 17:18 - 0007605 _____ () C:\Users\Matt\AppData\Local\Resmon.ResmonCfg
    2015-12-18 12:16 - 2015-12-18 12:16 - 0009216 _____ () C:\Users\Matt\AppData\Local\tslwll.dll
    2015-09-10 05:09 - 2015-09-10 05:09 - 0008192 _____ () C:\Users\Matt\AppData\Local\uid.exe
    2015-12-18 12:16 - 2015-12-18 12:16 - 0002560 _____ () C:\Users\Matt\AppData\Local\uninstall.exe
    2014-08-14 08:52 - 2014-08-14 08:52 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
    2014-08-14 09:14 - 2014-03-25 17:11 - 0000137 _____ () C:\ProgramData\RefreshReg.vbs
    2014-05-14 20:43 - 2014-03-26 12:50 - 0000124 _____ () C:\ProgramData\SetStretch.cmd
    2014-05-14 20:43 - 2009-07-22 02:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
    2014-05-14 20:43 - 2012-09-07 03:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS

    Files to move or delete:
    ====================
    C:\ProgramData\RefreshReg.vbs


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-12-17 22:18

    ==================== End of FRST.txt ============================
     
  3. MatCauthon

    MatCauthon TS Rookie Topic Starter Posts: 20

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-11-2015
    Ran by Matt (2015-12-19 12:44:53)
    Running from C:\Users\Matt\Desktop\Downloads
    Windows 8.1 (X64) (2015-02-27 20:35:37)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3521546551-3123563252-608694627-500 - Administrator - Disabled)
    Guest (S-1-5-21-3521546551-3123563252-608694627-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3521546551-3123563252-608694627-1003 - Limited - Enabled)
    Matt (S-1-5-21-3521546551-3123563252-608694627-1001 - Administrator - Enabled) => C:\Users\Matt
    Sarah (S-1-5-21-3521546551-3123563252-608694627-1004 - Administrator - Enabled) => C:\Users\Sarah

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Spybot - Search and Destroy (Enabled - Up to date) {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
    AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
    Apple Application Support (32-bit) (HKLM-x32\...\{C5815ACF-FD34-4553-8A22-C7411B7E662B}) (Version: 4.1.1 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{CBF12D2F-CF64-4CB7-858B-2C1F21068E5F}) (Version: 4.1.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
    ASUS FlipLock (HKLM\...\{7C7F8DAC-8ADA-4B86-BCB6-48B6FFB673DD}) (Version: 1.0.2 - ASUS)
    ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.8 - ASUS)
    ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.14 - ASUS)
    ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.01.0003 - ASUS)
    ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.9 - ASUS)
    ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0034 - ASUS)
    Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    Citrix Online Launcher (HKLM-x32\...\{DB014C85-A264-4BCA-A66F-6DD1FCF8EC36}) (Version: 1.0.335 - Citrix)
    CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
    dBpoweramp DSP Effects (HKLM-x32\...\dBpoweramp DSP Effects) (Version: Release 7 - Illustrate)
    dBpoweramp Music Converter (HKLM-x32\...\dBpoweramp Music Converter) (Version: Release 14.2 - Illustrate)
    Dragon Assistant Application en-US version 1.5.7 (HKLM-x32\...\{1CCBE73F-4948-4711-8D12-22E2FD65D706}_is1) (Version: 1.5.7 - Nuance Communications, Inc.)
    Dragon Assistant Core Recognition Service version 1.1.10 (HKLM-x32\...\{E97BA7A6-46FC-4EBF-B24A-B8362948C696}_is1) (Version: 1.1.10 - Nuance Communications, Inc.)
    Dragon Assistant Language Data en-US version 1.1.3 (HKLM-x32\...\{4C0C1E4E-D3B1-4496-98EC-DA14D45EC855}_is1) (Version: 1.1.3 - Nuance Communications, Inc.)
    Dragon Assistant version 1.5.7 (HKLM-x32\...\{D57A8269-3BE5-4D10-B882-64D0F2D448BF}_is1) (Version: 1.5.7 - Nuance Communications, Inc.)
    Dropbox (HKLM-x32\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)
    Dropbox Update Helper (x32 Version: 1.3.27.33 - Dropbox, Inc.) Hidden
    FLAC To MP3 V4.1 (HKLM-x32\...\FLAC To MP3_is1) (Version: - FLAC To MP3, Inc.)
    Freemake Video Converter version 4.1.7 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.7 - Ellora Assets Corporation)
    Game Explorer Categories - casual (HKLM-x32\...\WildTangentGameProvider-asus-casual) (Version: 3.2.0.6 - WildTangent, Inc.)
    Game Explorer Categories - enthusiast (HKLM-x32\...\WildTangentGameProvider-asus-enthusiast) (Version: 3.2.0.6 - WildTangent, Inc.)
    Game Explorer Categories - family (HKLM-x32\...\WildTangentGameProvider-asus-family) (Version: 3.2.0.6 - WildTangent, Inc.)
    Game Explorer Categories - kids (HKLM-x32\...\WildTangentGameProvider-asus-kids) (Version: 3.2.0.6 - WildTangent, Inc.)
    Game Explorer Categories - touch (HKLM-x32\...\WildTangentGameProvider-asus-touch) (Version: 3.2.0.6 - WildTangent, Inc.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
    Google Drive (HKLM-x32\...\{1C3D2F92-D25E-4D98-B810-3F3B0857BF26}) (Version: 1.26.0707.2863 - Google, Inc.)
    Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
    Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
    iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
    Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.1.0.2105 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.6.0.1038 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
    Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 3.0.1342.2) (HKLM\...\{302600C1-6BDF-4FD1-1311-148929CC1385}) (Version: 3.1.1311.0402 - Intel Corporation)
    Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.165.0 - Intel Corporation)
    Intel(R) Smart Connect Technology (HKLM\...\{51AC86D3-C431-48AD-9195-0D6C930D07CD}) (Version: 4.2.41.2710 - Intel Corporation)
    Intel® PROSet/Wireless Software (HKLM-x32\...\{b9007812-6a61-4dfc-8a0c-4c726c7dc43f}) (Version: 17.0.1 - Intel Corporation)
    iTunes (HKLM\...\{0D44E3A4-6C3D-45D7-B443-079509E5BE5D}) (Version: 12.3.2.35 - Apple Inc.)
    Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
    LG ODD Auto Firmware Update (HKLM-x32\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 10.01.0712.01 - )
    Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Mozilla Firefox 43.0.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 en-GB)) (Version: 43.0.1 - Mozilla)
    NetStream 1.0 (HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\NetStream 1.0) (Version: - )
    NewInternet (HKLM\...\FastIn) (Version: - yoyo)
    QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39048 - Realtek Semiconductor Corp.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.29.314.2014 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7231 - Realtek Semiconductor Corp.)
    Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
    Skype™ 7.10 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.10.101 - Skype Technologies S.A.)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
    Spybot Anti-Beacon (HKLM-x32\...\{419A7FCF-93E1-474D-BFE9-987CF3F90C88}_is1) (Version: 1.4 - Safer-Networking Ltd.)
    System Requirements Lab Detection (HKLM-x32\...\{CC656969-7AE7-415C-A3EB-BA687F3AB03F}) (Version: 6.1.6.0 - Husdawg, LLC)
    Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 2.2.0 - Tweaking.com)
    Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
    WebStorage (HKLM-x32\...\WebStorage) (Version: 2.2.0.496 - ASUS Cloud Corporation)
    WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.0.11.2 - WildTangent)
    Windows Driver Package - ASUS (ATP) Mouse (03/17/2014 1.0.0.207) (HKLM\...\AA2CC56D4BBEE037DC99871F5F6551133D2A0CC3) (Version: 03/17/2014 1.0.0.207 - ASUS)
    WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
    WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240ED}) (Version: 19.5.11532 - WinZip Computing, S.L. )
    YNAB 4 version 4.3.729 (HKLM-x32\...\com.ynab.YNAB4.LiveCaptive_is1) (Version: 4.3.729 - YouNeedABudget.com)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Restore Points =========================

    26-11-2015 21:24:18 Scheduled Checkpoint
    05-12-2015 00:04:14 Scheduled Checkpoint
    17-12-2015 22:33:18 Scheduled Checkpoint

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 05:25 - 2015-12-19 11:35 - 00449982 ____R C:\Windows\system32\Drivers\etc\hosts

    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 www.123haustiereundmehr.com
    127.0.0.1 123moviedownload.com
    127.0.0.1 www.123moviedownload.com

    There are 15463 more lines.


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0CD9A718-7769-42ED-A1E9-419C94BF79E6} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
    Task: {1DB43B80-2764-4039-99AF-8590A1E01B3E} - System32\Tasks\8841584884158488415848841584 => C:\Program Files (x86)\calculate\relation.exe [2015-12-18] (windows 99) <==== ATTENTION
    Task: {2435A1F2-FC3A-456C-BC02-8D182D59AD04} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86) [2015-12-18] ()
    Task: {24A0BD95-2087-417F-BBA6-F3D508D95A27} - System32\Tasks\ASUS Patch for Touch Panel => C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe [2013-01-09] (ASUSTek Computer INC.)
    Task: {2BEEF34C-45F9-4B4C-A48F-EC56E272B3B5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
    Task: {351DAD53-AA32-4624-AF85-9896C179051F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
    Task: {451A682B-E5A9-4E74-92E5-665A0F62477F} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-04-14] (Realtek Semiconductor)
    Task: {45CC27D6-7D5B-4DF7-9333-9290DE8502A7} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86) [2015-12-18] ()
    Task: {4D3CBEF1-974C-4CA1-A5BB-DD41A8EE04D1} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-07] (Dropbox, Inc.)
    Task: {4E94B278-A383-4EB1-BD76-38027ADFC74E} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-07] (Dropbox, Inc.)
    Task: {632E5C78-6BAE-4D48-A906-D95223FA5850} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2014-03-27] (ASUSTek Computer Inc.)
    Task: {708DADE6-0A79-478F-8CEB-D528FBAC2867} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-26] (Google Inc.)
    Task: {73EBB677-2BDE-4AC5-8158-47913CD4753F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan most recently used file in the background => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe [2014-06-24] (Safer-Networking Ltd.)
    Task: {82B8E927-55E0-42A5-BC19-2BB9CE7A9C42} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2014-03-11] ()
    Task: {8B140BF5-35A3-4D4B-9A4A-44BCF1EA0278} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
    Task: {B8A3C6E4-6BC0-4A51-AEC6-6848BCE4D942} - System32\Tasks\MySyy46759876ytemy => C:\Program Files (x86)\satisfy\ground.exe
    Task: {B9154A87-E514-4632-BFB7-BF0038C0AEAE} - System32\Tasks\KBnBW4SghhZJI2gx4Twq-ni-2015-12-18-ni-10924 => C:\Program Files (x86)\calculate\relation.exe [2015-12-18] (windows 99)
    Task: {C033A7A0-C213-46B7-871F-ED858E78AD31} - System32\Tasks\489059866771480292 => C:\Program Files (x86)\calculate\relation.exe [2015-12-18] (windows 99) <==== ATTENTION
    Task: {D95E1D65-8FB1-4E31-91C4-692BBE3A040F} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2014-04-02] (ASUS)
    Task: {E3C7E82D-A594-4911-AECE-B09DF1C6B31A} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2014-01-14] (ASUSTek Computer Inc.)
    Task: {E8627CC4-BCB2-48FE-ACE4-3F39CB96B7FD} - System32\Tasks\Grapyy46759876Updates => C:\Program Files (x86)\satisfy\ground.exe
    Task: {ECC7EE87-28FB-4390-A463-40BF93A6AE79} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2014-03-31] (AsusTek)
    Task: {EDB36471-01F6-42EE-B9C7-A025B4A09664} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-26] (Google Inc.)
    Task: {EFC10CC2-9655-47BC-867D-3551C92B7E04} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-04-10] (Realtek Semiconductor)
    Task: {F87C9618-38C5-4516-B324-FFF50EDC200C} - System32\Tasks\70960291 => C:\Program Files (x86)\field\difficult.exe [2015-12-18] () <==== ATTENTION

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-10-13 04:45 - 2015-10-13 04:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-04-15 16:36 - 2014-04-15 16:36 - 00016384 _____ () C:\Program Files\ASUS\ASUS FlipLock\FlipController.exe
    2013-12-04 07:44 - 2013-12-04 07:44 - 00200168 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
    2013-12-04 07:44 - 2013-12-04 07:44 - 00054760 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
    2013-12-04 07:44 - 2013-12-04 07:44 - 00034792 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
    2015-12-18 10:59 - 2015-12-18 10:59 - 00012288 _____ () C:\Program Files (x86)\field\difficult.exe
    2015-12-18 10:59 - 2015-12-18 10:59 - 00042739 _____ () C:\Program Files (x86)\calculate\blink.exe
    2014-04-15 16:36 - 2014-04-15 16:36 - 00009216 _____ () C:\Program Files\ASUS\ASUS FlipLock\WMIProc.dll
    2014-08-14 09:12 - 2013-05-02 10:26 - 00387984 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\fl_core.dll
    2014-08-14 09:12 - 2013-05-02 10:26 - 01165712 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_asr.dll
    2014-08-14 09:12 - 2013-05-02 10:26 - 00199056 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_base.dll
    2014-08-14 09:12 - 2013-05-02 10:26 - 01132944 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_pron.dll
    2014-08-14 09:12 - 2013-05-02 10:26 - 00035216 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_platform.dll
    2014-08-14 09:12 - 2013-05-02 10:26 - 00229264 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\sdxg.dll
    2014-08-14 09:12 - 2013-05-02 10:25 - 00027648 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\WASAPIResamplingStreamCOMServer.dll
    2015-11-21 22:42 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2015-11-21 22:42 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2015-11-21 22:42 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
    2015-11-21 22:42 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
    2015-11-21 22:42 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
    2014-08-14 08:47 - 2013-10-23 12:44 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
    2014-04-02 13:46 - 2014-04-02 13:46 - 00117248 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
    2014-04-02 13:46 - 2014-04-02 13:46 - 00037936 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
    2014-04-02 13:46 - 2014-04-02 13:46 - 00018992 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDColorEnhance.dll
    2014-04-02 13:46 - 2014-04-02 13:46 - 00020528 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDRegammaAndGamut.dll
    2015-12-19 09:48 - 2015-12-19 09:48 - 00011264 _____ () C:\Users\Matt\AppData\Local\Temp\nso9FA1.tmp\System.dll
    2015-10-13 04:46 - 2015-10-13 04:46 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2015-02-13 04:20 - 2015-02-13 04:20 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-10-13 04:45 - 2015-10-13 04:45 - 00237328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
    2015-12-18 12:16 - 2015-12-18 12:16 - 00009216 _____ () C:\Users\Matt\AppData\Local\tslwll.dll
    2015-12-19 09:48 - 2015-12-19 09:48 - 00098816 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1294482\win32api.pyd
    2015-12-19 09:48 - 2015-12-19 09:48 - 00110080 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1294482\pywintypes27.dll
    2015-12-19 09:48 - 2015-12-19 09:48 - 00364544 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1294482\pythoncom27.dll
    2015-12-19 09:48 - 2015-12-19 09:48 - 00046080 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1294482\_socket.pyd
    2015-12-19 09:48 - 2015-12-19 09:48 - 01208320 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1294482\_ssl.pyd
    2015-12-19 09:48 - 2015-12-19 09:48 - 00320512 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1294482\win32com.shell.shell.pyd
    2015-12-19 09:48 - 2015-12-19 09:48 - 00776704 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1294482\_hashlib.pyd
    2015-12-19 09:48 - 2015-12-19 09:48 - 01176576 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1294482\wx._core_.pyd
    2015-12-19 09:48 - 2015-12-19 09:48 - 00806400 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1294482\wx._gdi_.pyd
    2015-12-19 09:48 - 2015-12-19 09:48 - 00816128 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1294482\wx._windows_.pyd
    2015-12-19 09:48 - 2015-12-19 09:48 - 01067008 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1294482\wx._controls_.pyd
    2015-12-19 09:48 - 2015-12-19 09:48 - 00733184 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1294482\wx._misc_.pyd
    2015-12-19 09:48 - 2015-12-19 09:48 - 00682496 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1294482\pysqlite2._sqlite.pyd
    2015-12-19 09:48 - 2015-12-19 09:48 - 00088064 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1294482\_ctypes.pyd
    2015-12-19 09:48 - 2015-12-19 09:48 - 00119808 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1294482\win32file.pyd
    2015-12-19 09:48 - 2015-12-19 09:48 - 00108544 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1294482\win32security.pyd
    2015-12-19 09:48 - 2015-12-19 09:48 - 00007168 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1294482\hashobjs_ext.pyd
    2015-12-19 09:48 - 2015-12-19 09:48 - 00017920 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1294482\thumbnails_ext.pyd
    2015-12-19 09:48 - 2015-12-19 09:48 - 00079360 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1294482\usb_ext.pyd
    2015-12-19 09:48 - 2015-12-19 09:48 - 00167936 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1294482\win32gui.pyd
    2015-12-19 09:48 - 2015-12-19 09:48 - 00018432 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1294482\win32event.pyd
    2015-12-19 09:48 - 2015-12-19 09:48 - 00128512 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1294482\_elementtree.pyd
    2015-12-19 09:48 - 2015-12-19 09:48 - 00127488 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1294482\pyexpat.pyd
    2015-12-19 09:48 - 2015-12-19 09:48 - 00013824 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1294482\common.time34.pyd
    2015-12-19 09:48 - 2015-12-19 09:48 - 00036864 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1294482\_psutil_windows.pyd
    2015-12-19 09:48 - 2015-12-19 09:48 - 00038912 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1294482\win32inet.pyd
    2015-12-19 09:48 - 2015-12-19 09:48 - 00525640 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1294482\windows._lib_cacheinvalidation.pyd
    2015-12-19 09:48 - 2015-12-19 09:48 - 00011264 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1294482\win32crypt.pyd
    2015-12-19 09:48 - 2015-12-19 09:48 - 00077312 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1294482\wx._html2.pyd
    2015-12-19 09:48 - 2015-12-19 09:48 - 00027136 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1294482\_multiprocessing.pyd
    2015-12-19 09:48 - 2015-12-19 09:48 - 00020480 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1294482\_yappi.pyd
    2015-12-19 09:48 - 2015-12-19 09:48 - 00035840 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1294482\win32process.pyd
    2015-12-19 09:48 - 2015-12-19 09:48 - 00686080 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1294482\unicodedata.pyd
    2015-12-19 09:48 - 2015-12-19 09:48 - 00123392 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1294482\wx._wizard.pyd
    2015-12-19 09:48 - 2015-12-19 09:48 - 00024064 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1294482\win32pipe.pyd
    2015-12-19 09:48 - 2015-12-19 09:48 - 00010240 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1294482\select.pyd
    2015-12-19 09:48 - 2015-12-19 09:48 - 00025600 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1294482\win32pdh.pyd
    2015-12-19 09:48 - 2015-12-19 09:48 - 00017408 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1294482\win32profile.pyd
    2015-12-19 09:48 - 2015-12-19 09:48 - 00022528 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1294482\win32ts.pyd
    2015-12-19 09:48 - 2015-12-19 09:48 - 00078848 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1294482\wx._animate.pyd
    2015-12-11 12:11 - 2015-10-30 16:59 - 00034768 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
    2015-12-11 12:11 - 2015-10-30 17:00 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
    2015-12-11 12:11 - 2015-12-08 13:36 - 00022848 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Random.OSRNG.winrandom.pyd
    2015-12-11 12:11 - 2015-12-08 13:36 - 00023352 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Util._counter.pyd
    2015-12-11 12:11 - 2015-12-08 13:36 - 00042296 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Cipher._AES.pyd
    2015-12-11 12:11 - 2015-10-30 16:59 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
    2015-12-11 12:11 - 2015-10-30 16:59 - 00093640 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
    2015-12-11 12:11 - 2015-10-30 16:59 - 00018376 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
    2015-12-11 12:11 - 2015-12-08 13:36 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
    2015-12-11 12:11 - 2015-10-30 17:00 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
    2015-12-11 12:11 - 2015-10-30 16:59 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
    2015-12-11 12:11 - 2015-12-08 13:36 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
    2015-12-11 12:11 - 2015-10-30 16:59 - 00692688 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
    2015-12-11 12:11 - 2015-12-08 13:36 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
    2015-12-11 12:11 - 2015-10-30 17:00 - 00109520 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
    2015-12-11 12:11 - 2015-12-08 13:36 - 01737032 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
    2015-12-11 12:11 - 2015-12-08 13:36 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
    2015-12-11 12:11 - 2015-12-08 13:36 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_python_x66cf7a7cx17a72769.pyd
    2015-12-11 12:11 - 2015-12-08 13:36 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
    2015-12-11 12:11 - 2015-12-08 13:36 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
    2015-12-11 12:11 - 2015-10-30 17:00 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
    2015-12-11 12:11 - 2015-10-30 17:00 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
    2015-12-11 12:11 - 2015-10-30 17:00 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
    2015-12-11 12:11 - 2015-12-08 13:36 - 00021320 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_xde9e4433x360333f0.pyd
    2015-12-11 12:11 - 2015-10-30 17:00 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
    2015-12-11 12:11 - 2015-10-30 17:00 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
    2015-12-11 12:11 - 2015-10-30 17:00 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
    2015-12-11 12:11 - 2015-10-30 17:00 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
    2015-12-11 12:11 - 2015-10-30 17:00 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
    2015-12-11 12:11 - 2015-10-30 17:00 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
    2015-12-11 12:11 - 2015-10-30 17:00 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
    2015-12-11 12:11 - 2015-12-08 13:36 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
    2015-12-11 12:11 - 2015-10-30 17:00 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
    2015-12-11 12:11 - 2015-10-30 17:00 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
    2015-12-11 12:11 - 2015-12-08 13:36 - 00117056 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
    2015-12-11 12:11 - 2015-12-08 13:36 - 00023376 _____ () C:\Program Files
     
  4. MatCauthon

    MatCauthon TS Rookie Topic Starter Posts: 20

    Part two of ADDITION.TXT:

    (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
    2015-12-11 12:11 - 2015-10-30 16:59 - 00134608 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd
    2015-12-11 12:11 - 2015-10-30 16:59 - 00134088 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
    2015-12-11 12:11 - 2015-10-30 17:00 - 00240584 _____ () C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd
    2015-12-11 12:11 - 2015-12-08 13:36 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
    2015-12-11 12:11 - 2015-12-08 13:36 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
    2015-12-11 12:11 - 2015-12-08 13:36 - 00021304 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Util.strxor.pyd
    2015-12-11 12:11 - 2015-10-30 17:00 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
    2015-12-11 12:11 - 2015-12-08 13:36 - 00084792 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
    2015-12-11 12:11 - 2015-12-08 13:36 - 01826608 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
    2015-12-11 12:11 - 2015-10-30 17:00 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
    2015-12-11 12:11 - 2015-12-08 13:36 - 03891504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
    2015-12-11 12:11 - 2015-12-08 13:36 - 01950000 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
    2015-12-11 12:11 - 2015-12-08 13:36 - 00519984 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
    2015-12-11 12:11 - 2015-12-08 13:36 - 00133936 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
    2015-12-11 12:11 - 2015-12-08 13:36 - 00225080 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
    2015-12-11 12:11 - 2015-12-08 13:36 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
    2015-12-11 12:11 - 2015-12-08 13:36 - 00486704 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
    2015-12-11 12:11 - 2015-12-08 13:36 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
    2015-07-07 22:02 - 2015-10-30 17:01 - 00019920 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick.2\qtquick2plugin.dll
    2015-07-07 22:02 - 2015-10-30 17:00 - 00786904 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll
    2015-08-01 18:45 - 2015-10-30 17:00 - 00063448 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Layouts\qquicklayoutsplugin.dll
    2015-07-07 22:02 - 2015-10-30 17:00 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Window.2\windowplugin.dll
    2015-12-16 12:55 - 2015-12-10 19:54 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libglesv2.dll
    2015-12-16 12:55 - 2015-12-10 19:54 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libegl.dll
    2015-12-16 12:55 - 2015-12-10 19:54 - 16573256 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\PepperFlash\pepflashplayer.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

    There are 7866 more sites.

    IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\123simsen.com -> www.123simsen.com

    There are 7866 more sites.


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3521546551-3123563252-608694627-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Matt\Desktop\Galactica\carina.jpg
    DNS Servers: 192.168.1.254
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    HKLM\...\StartupApproved\Run32: => "LGODDFU"
    HKLM\...\StartupApproved\Run32: => "FlashGamesRockstar"
    HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\StartupApproved\Run: => "iCloudServices"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [{99653552-2740-4A0A-8B29-7EE97257AA12}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    FirewallRules: [{0F757B8E-21C2-43B9-B86C-4463B66FF786}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
    FirewallRules: [{B33362BB-E669-4EEF-9C38-FC49092CF823}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
    FirewallRules: [{5D1F7E76-D2E6-4F55-A128-44E2EA2EA06C}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
    FirewallRules: [{301DCFD4-F980-4FAD-A9B1-45A160697CB8}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
    FirewallRules: [{E3D22119-1654-42AF-BCD0-B3F697269BB1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{72FCB0D1-2CC8-4820-AEC4-5BC889A4F102}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{125066DC-67E5-411F-B621-8A6903D5B67B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{DCD9183A-2943-4697-A704-A7666A1388CB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [TCP Query User{0D258B23-1380-43BD-96F3-5069C4BF449A}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [UDP Query User{626CEFE1-EE00-4D03-B60A-9507AE49DDB2}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [TCP Query User{5403D72F-ABC9-4B24-AA0B-A6373F41DED8}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [UDP Query User{A5B3357A-EC7A-4B49-BB0B-090A277B3F21}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [{AFD50EB2-E97B-4FB6-ABFD-1AFC1DC5ED97}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{AED42A45-8ACA-4DAC-9040-93AEEAF4F16D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{ED7DE36D-3689-48A4-BD3A-06ACD3E8261D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{DBF4C46A-75B4-42E6-80E3-25387C028192}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{E84C8596-68E2-4205-A56E-1E799D9D3A5D}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
    FirewallRules: [{6C851627-93D6-4981-ADA4-5BB1FB1E65AD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{70AEE643-67FE-41F2-BAB2-5ACA8CC2AC2E}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{36A7B471-4FB0-4E6E-ADD5-6B68B47DC113}] => (Allow) C:\Users\Matt\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{C5E93559-A61D-4C71-B52E-02FB102D2F20}] => (Allow) C:\Users\Matt\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{47CDAA15-4A7A-4138-9427-C729964B34FF}] => (Allow) C:\Users\Matt\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{09C04060-406B-48D9-B2D0-DAE05F649F5D}] => (Allow) C:\Users\Matt\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{8929B2EB-6A31-460F-9F47-3EB596238A79}] => (Allow) C:\Users\Matt\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{1D149978-8EA9-4BE3-AF17-2D012EE8A306}] => (Allow) C:\Users\Matt\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{118B5C0F-EF9B-4F29-ACCB-5440B7051885}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩敷畢敳睜湩敷畢敳攮數
    FirewallRules: [{C12C6DC4-996D-4C21-A951-6BF37147B41C}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩敷畢敳睜湩敷畢敳⹟硥e
    FirewallRules: [{A59CAA58-7F65-46DC-ABA6-19B3059FA233}] => (Allow) C:\Program Files (x86)\calculate\relation.exe
    FirewallRules: [{E5DB80F6-62F8-4D3C-8F9A-C95D0B5E489D}] => (Allow) C:\Program Files (x86)\calculate\relation.exe
    FirewallRules: [{57558705-8C00-4965-BEAB-C34768411C49}] => (Allow) C:\Program Files (x86)\calculate\getcap.exe
    FirewallRules: [{66F8F495-A939-4337-8848-2D8C518E5545}] => (Allow) C:\Program Files (x86)\calculate\getcap.exe
    FirewallRules: [{3FD19737-FC44-4E2E-AA2A-81FB9963D8FF}] => (Allow) C:\a\winonit.exe
    FirewallRules: [{91BBDE58-7572-4B51-9FAF-6E8ECCC360BF}] => (Allow) C:\a\winonit.exe
    FirewallRules: [{E877F890-6467-4361-A83A-25F23D424BB0}] => (Allow) C:\Program Files (x86)\calculate\blink.exe
    FirewallRules: [{30F4AB01-7994-4661-BE6C-CA9CB8003DE0}] => (Allow) C:\Program Files (x86)\calculate\blink.exe
    FirewallRules: [{EDFBE892-7AB5-4104-9101-C975B7D34F6B}] => (Allow) C:\a\vchk.exe
    FirewallRules: [{7564A95A-4E87-4929-975A-0EF951133572}] => (Allow) C:\a\vchk.exe
    FirewallRules: [{0F41E5AC-6028-432B-855E-5A48BC929748}] => (Allow) C:\a\KBnBW4SghhZJI2gx4Twq-ni-2015-12-18-ni-10924.exe
    FirewallRules: [{B5529140-8682-46F4-A9D3-3FFBE97EACBC}] => (Allow) C:\a\KBnBW4SghhZJI2gx4Twq-ni-2015-12-18-ni-10924.exe
    FirewallRules: [{648FE4A0-6142-4BDE-B503-634A63F9311E}] => (Allow) C:\Program Files (x86)\satisfy\ground.exe
    FirewallRules: [{0DB47783-14CC-45B1-BBD8-1285C1400A2D}] => (Allow) C:\Program Files (x86)\satisfy\ground.exe
    FirewallRules: [{0703132A-D707-404C-83F9-3B25738FAB66}] => (Allow) C:\Program Files (x86)\field\difficult.exe
    FirewallRules: [{D5EABF6F-DE73-4008-8006-A01FCB9AE3A0}] => (Allow) C:\Program Files (x86)\field\difficult.exe
    FirewallRules: [{E7654E57-4CC4-436A-AC36-51C41B923AC3}] => (Allow) C:\Windows\system32\rundll32.exe
    FirewallRules: [{B23C2F55-35BA-4D09-8358-A067299A3748}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{3F9B992B-8072-4A98-958E-88CA25D9F2EF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (12/19/2015 00:46:15 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: mpcmdrun.exe, version: 4.7.205.0, time stamp: 0x54cb5af5
    Faulting module name: KERNELBASE.dll, version: 6.3.9600.17736, time stamp: 0x550f4336
    Exception code: 0xc0000142
    Fault offset: 0x00000000000ec180
    Faulting process id: 0x3d8bc
    Faulting application start time: 0xmpcmdrun.exe0
    Faulting application path: mpcmdrun.exe1
    Faulting module path: mpcmdrun.exe2
    Report Id: mpcmdrun.exe3
    Faulting package full name: mpcmdrun.exe4
    Faulting package-relative application ID: mpcmdrun.exe5

    Error: (12/19/2015 00:46:13 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: mpcmdrun.exe, version: 4.7.205.0, time stamp: 0x54cb5af5
    Faulting module name: KERNELBASE.dll, version: 6.3.9600.17736, time stamp: 0x550f4336
    Exception code: 0xc0000142
    Fault offset: 0x00000000000ec180
    Faulting process id: 0x3d818
    Faulting application start time: 0xmpcmdrun.exe0
    Faulting application path: mpcmdrun.exe1
    Faulting module path: mpcmdrun.exe2
    Report Id: mpcmdrun.exe3
    Faulting package full name: mpcmdrun.exe4
    Faulting package-relative application ID: mpcmdrun.exe5

    Error: (12/19/2015 00:46:12 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: mpcmdrun.exe, version: 4.7.205.0, time stamp: 0x54cb5af5
    Faulting module name: KERNELBASE.dll, version: 6.3.9600.17736, time stamp: 0x550f4336
    Exception code: 0xc0000142
    Fault offset: 0x00000000000ec180
    Faulting process id: 0x3db7c
    Faulting application start time: 0xmpcmdrun.exe0
    Faulting application path: mpcmdrun.exe1
    Faulting module path: mpcmdrun.exe2
    Report Id: mpcmdrun.exe3
    Faulting package full name: mpcmdrun.exe4
    Faulting package-relative application ID: mpcmdrun.exe5

    Error: (12/19/2015 00:46:10 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: mpcmdrun.exe, version: 4.7.205.0, time stamp: 0x54cb5af5
    Faulting module name: KERNELBASE.dll, version: 6.3.9600.17736, time stamp: 0x550f4336
    Exception code: 0xc0000142
    Fault offset: 0x00000000000ec180
    Faulting process id: 0x3c8fc
    Faulting application start time: 0xmpcmdrun.exe0
    Faulting application path: mpcmdrun.exe1
    Faulting module path: mpcmdrun.exe2
    Report Id: mpcmdrun.exe3
    Faulting package full name: mpcmdrun.exe4
    Faulting package-relative application ID: mpcmdrun.exe5

    Error: (12/19/2015 00:46:08 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: mpcmdrun.exe, version: 4.7.205.0, time stamp: 0x54cb5af5
    Faulting module name: KERNELBASE.dll, version: 6.3.9600.17736, time stamp: 0x550f4336
    Exception code: 0xc0000142
    Fault offset: 0x00000000000ec180
    Faulting process id: 0x3d5d0
    Faulting application start time: 0xmpcmdrun.exe0
    Faulting application path: mpcmdrun.exe1
    Faulting module path: mpcmdrun.exe2
    Report Id: mpcmdrun.exe3
    Faulting package full name: mpcmdrun.exe4
    Faulting package-relative application ID: mpcmdrun.exe5

    Error: (12/19/2015 00:46:07 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: mpcmdrun.exe, version: 4.7.205.0, time stamp: 0x54cb5af5
    Faulting module name: KERNELBASE.dll, version: 6.3.9600.17736, time stamp: 0x550f4336
    Exception code: 0xc0000142
    Fault offset: 0x00000000000ec180
    Faulting process id: 0x3d884
    Faulting application start time: 0xmpcmdrun.exe0
    Faulting application path: mpcmdrun.exe1
    Faulting module path: mpcmdrun.exe2
    Report Id: mpcmdrun.exe3
    Faulting package full name: mpcmdrun.exe4
    Faulting package-relative application ID: mpcmdrun.exe5

    Error: (12/19/2015 00:46:05 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: mpcmdrun.exe, version: 4.7.205.0, time stamp: 0x54cb5af5
    Faulting module name: KERNELBASE.dll, version: 6.3.9600.17736, time stamp: 0x550f4336
    Exception code: 0xc0000142
    Fault offset: 0x00000000000ec180
    Faulting process id: 0x3d548
    Faulting application start time: 0xmpcmdrun.exe0
    Faulting application path: mpcmdrun.exe1
    Faulting module path: mpcmdrun.exe2
    Report Id: mpcmdrun.exe3
    Faulting package full name: mpcmdrun.exe4
    Faulting package-relative application ID: mpcmdrun.exe5

    Error: (12/19/2015 00:46:03 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: mpcmdrun.exe, version: 4.7.205.0, time stamp: 0x54cb5af5
    Faulting module name: KERNELBASE.dll, version: 6.3.9600.17736, time stamp: 0x550f4336
    Exception code: 0xc0000142
    Fault offset: 0x00000000000ec180
    Faulting process id: 0x3d864
    Faulting application start time: 0xmpcmdrun.exe0
    Faulting application path: mpcmdrun.exe1
    Faulting module path: mpcmdrun.exe2
    Report Id: mpcmdrun.exe3
    Faulting package full name: mpcmdrun.exe4
    Faulting package-relative application ID: mpcmdrun.exe5

    Error: (12/19/2015 00:46:01 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: mpcmdrun.exe, version: 4.7.205.0, time stamp: 0x54cb5af5
    Faulting module name: KERNELBASE.dll, version: 6.3.9600.17736, time stamp: 0x550f4336
    Exception code: 0xc0000142
    Fault offset: 0x00000000000ec180
    Faulting process id: 0x3db88
    Faulting application start time: 0xmpcmdrun.exe0
    Faulting application path: mpcmdrun.exe1
    Faulting module path: mpcmdrun.exe2
    Report Id: mpcmdrun.exe3
    Faulting package full name: mpcmdrun.exe4
    Faulting package-relative application ID: mpcmdrun.exe5

    Error: (12/19/2015 00:46:00 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: mpcmdrun.exe, version: 4.7.205.0, time stamp: 0x54cb5af5
    Faulting module name: KERNELBASE.dll, version: 6.3.9600.17736, time stamp: 0x550f4336
    Exception code: 0xc0000142
    Fault offset: 0x00000000000ec180
    Faulting process id: 0x3d87c
    Faulting application start time: 0xmpcmdrun.exe0
    Faulting application path: mpcmdrun.exe1
    Faulting module path: mpcmdrun.exe2
    Report Id: mpcmdrun.exe3
    Faulting package full name: mpcmdrun.exe4
    Faulting package-relative application ID: mpcmdrun.exe5


    System errors:
    =============
    Error: (12/19/2015 09:47:53 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
    %%2147942405

    Error: (12/19/2015 09:47:53 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Function Discovery Resource Publication service terminated with the following error:
    %%2147942405

    Error: (12/19/2015 09:47:39 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
    %%2147942405

    Error: (12/19/2015 09:47:39 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Function Discovery Resource Publication service terminated with the following error:
    %%2147942405

    Error: (12/18/2015 08:30:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
    %%2147942405

    Error: (12/18/2015 08:30:29 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Function Discovery Resource Publication service terminated with the following error:
    %%2147942405

    Error: (12/18/2015 08:30:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
    %%2147942405

    Error: (12/18/2015 08:30:29 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Function Discovery Resource Publication service terminated with the following error:
    %%2147942405

    Error: (12/18/2015 05:56:42 PM) (Source: WMPNetworkSvc) (EventID: 14349) (User: )
    Description: 0x80070005

    Error: (12/18/2015 05:56:42 PM) (Source: WMPNetworkSvc) (EventID: 14353) (User: )
    Description: 00x80070005http://+:10243/WMPNSSv4/1257424468/


    CodeIntegrity:
    ===================================
    Date: 2015-12-19 12:41:13.401
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-12-19 12:07:09.958
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-12-19 11:53:55.899
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-12-19 11:27:32.704
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-12-19 11:22:19.207
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-12-19 10:15:17.893
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-12-18 23:55:29.641
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-12-18 23:09:32.159
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-12-18 22:29:12.154
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-12-18 22:10:30.578
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz
    Percentage of memory in use: 53%
    Total physical RAM: 8075.16 MB
    Available physical RAM: 3781.16 MB
    Total Virtual: 9355.16 MB
    Available Virtual: 4557.62 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:910.4 GB) (Free:674.91 GB) NTFS ==>[system with boot components (obtained from drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: B118416D)

    Partition: GPT.

    ==================== End of Addition.txt ============================
     
  5. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =================================

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  6. MatCauthon

    MatCauthon TS Rookie Topic Starter Posts: 20

    Fix result of Farbar Recovery Scan Tool (x64) Version:18-11-2015
    Ran by Matt (2015-12-19 17:06:19) Run:1
    Running from C:\Users\Matt\Desktop
    Loaded Profiles: Matt (Available Profiles: Matt & Sarah)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\Run: [tslwll] => rundll32.exe "C:\Users\Matt\AppData\Local\tslwll.dll",tslwll <===== ATTENTION
    C:\Users\Matt\AppData\Local\tslwll.dll
    HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 1 <======= ATTENTION (Restriction - ProxySettings)
    ProxyEnable: [HKLM] => Proxy is enabled.
    ProxyEnable: [HKLM-x32] => Proxy is enabled.
    ProxyServer: [HKLM] => http=127.0.0.1:8877;https=127.0.0.1:8877
    ProxyServer: [HKLM-x32] => http=127.0.0.1:8877;https=127.0.0.1:8877
    AutoConfigURL: [HKLM] => http=127.0.0.1:8877;https=127.0.0.1:8877
    ProxyEnable: [S-1-5-21-3521546551-3123563252-608694627-1001] => Proxy is enabled.
    ProxyServer: [S-1-5-21-3521546551-3123563252-608694627-1001] => http=127.0.0.1:8877;https=127.0.0.1:8877
    RemoveProxy:
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-3521546551-3123563252-608694627-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://search.conduit.com/?ctid=CT3321972&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP1DEBDCBC-CD28-4322-B325-1D501BE2EF03&SSPV=","hxxp://search.yahoo.com/?type=599486&fr=spigot-yhp-ch"
    S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
    U0 msahci; system32\drivers\msahci.sys [X]
    2015-11-03 21:38 - 2015-12-19 09:48 - 0000093 _____ () C:\Users\Matt\AppData\Roaming\sp_data.sys
    2015-12-18 12:14 - 2015-12-18 12:14 - 0000115 _____ () C:\Users\Matt\AppData\Local\dottmpfile.txt
    2015-12-07 13:34 - 2015-12-07 13:34 - 0006144 _____ () C:\Users\Matt\AppData\Local\installer.exe
    2015-12-07 13:33 - 2015-12-07 13:33 - 0006656 _____ () C:\Users\Matt\AppData\Local\installer4.exe
    2015-06-08 21:24 - 2015-06-12 17:18 - 0007605 _____ () C:\Users\Matt\AppData\Local\Resmon.ResmonCfg
    2015-12-18 12:16 - 2015-12-18 12:16 - 0009216 _____ () C:\Users\Matt\AppData\Local\tslwll.dll
    2015-09-10 05:09 - 2015-09-10 05:09 - 0008192 _____ () C:\Users\Matt\AppData\Local\uid.exe
    2015-12-18 12:16 - 2015-12-18 12:16 - 0002560 _____ () C:\Users\Matt\AppData\Local\uninstall.exe
    2014-08-14 08:52 - 2014-08-14 08:52 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
    2014-08-14 09:14 - 2014-03-25 17:11 - 0000137 _____ () C:\ProgramData\RefreshReg.vbs
    2014-05-14 20:43 - 2014-03-26 12:50 - 0000124 _____ () C:\ProgramData\SetStretch.cmd
    2014-05-14 20:43 - 2009-07-22 02:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
    2014-05-14 20:43 - 2012-09-07 03:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
    C:\ProgramData\RefreshReg.vbs
    Task: {1DB43B80-2764-4039-99AF-8590A1E01B3E} - System32\Tasks\8841584884158488415848841584 => C:\Program Files (x86)\calculate\relation.exe [2015-12-18] (windows 99) <==== ATTENTION
    C:\Program Files (x86)\calculate\relation.exe
    Task: {C033A7A0-C213-46B7-871F-ED858E78AD31} - System32\Tasks\489059866771480292 => C:\Program Files (x86)\calculate\relation.exe [2015-12-18] (windows 99) <==== ATTENTION
    Task: {F87C9618-38C5-4516-B324-FFF50EDC200C} - System32\Tasks\70960291 => C:\Program Files (x86)\field\difficult.exe [2015-12-18] () <==== ATTENTION
    C:\Program Files (x86)\calculate
    C:\Program Files (x86)\field

    *****************

    "HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => key removed successfully
    HKU\S-1-5-21-3521546551-3123563252-608694627-1001\Software\Microsoft\Windows\CurrentVersion\Run\\tslwll => value removed successfully
    C:\Users\Matt\AppData\Local\tslwll.dll => moved successfully
    HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxySettingsPerUser => value removed successfully
    HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
    HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
    HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
    HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL => value not found.
    HKU\S-1-5-21-3521546551-3123563252-608694627-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
    HKU\S-1-5-21-3521546551-3123563252-608694627-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully

    ========= RemoveProxy: =========

    "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
    "HKU\S-1-5-21-3521546551-3123563252-608694627-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => value removed successfully
    HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
    HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
    HKU\S-1-5-21-3521546551-3123563252-608694627-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
    HKU\S-1-5-21-3521546551-3123563252-608694627-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


    ========= End of RemoveProxy: =========

    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
    HKU\S-1-5-21-3521546551-3123563252-608694627-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
    Chrome StartupUrls => removed successfully
    MBAMSwissArmy => service removed successfully
    msahci => service removed successfully
    C:\Users\Matt\AppData\Roaming\sp_data.sys => moved successfully
    C:\Users\Matt\AppData\Local\dottmpfile.txt => moved successfully
    C:\Users\Matt\AppData\Local\installer.exe => moved successfully
    C:\Users\Matt\AppData\Local\installer4.exe => moved successfully
    C:\Users\Matt\AppData\Local\Resmon.ResmonCfg => moved successfully
    "C:\Users\Matt\AppData\Local\tslwll.dll" => not found.
    C:\Users\Matt\AppData\Local\uid.exe => moved successfully
    C:\Users\Matt\AppData\Local\uninstall.exe => moved successfully
    C:\ProgramData\DP45977C.lfl => moved successfully
    C:\ProgramData\RefreshReg.vbs => moved successfully
    C:\ProgramData\SetStretch.cmd => moved successfully
    C:\ProgramData\SetStretch.exe => moved successfully
    C:\ProgramData\SetStretch.VBS => moved successfully
    "C:\ProgramData\RefreshReg.vbs" => not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1DB43B80-2764-4039-99AF-8590A1E01B3E}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1DB43B80-2764-4039-99AF-8590A1E01B3E}" => key removed successfully
    C:\Windows\System32\Tasks\8841584884158488415848841584 => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\8841584884158488415848841584" => key removed successfully
    C:\Program Files (x86)\calculate\relation.exe => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C033A7A0-C213-46B7-871F-ED858E78AD31}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C033A7A0-C213-46B7-871F-ED858E78AD31}" => key removed successfully
    C:\Windows\System32\Tasks\489059866771480292 => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\489059866771480292" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F87C9618-38C5-4516-B324-FFF50EDC200C}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F87C9618-38C5-4516-B324-FFF50EDC200C}" => key removed successfully
    C:\Windows\System32\Tasks\70960291 => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\70960291" => key removed successfully

    "C:\Program Files (x86)\calculate" folder move:

    Could not move "C:\Program Files (x86)\calculate" => Scheduled to move on reboot.


    "C:\Program Files (x86)\field" folder move:

    Could not move "C:\Program Files (x86)\field" => Scheduled to move on reboot.


    Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-12-19 17:08:51)

    C:\Program Files (x86)\calculate => moved successfully
    C:\Program Files (x86)\field => Is moved successfully

    ==== End of Fixlog 17:08:52 ====
     
  7. MatCauthon

    MatCauthon TS Rookie Topic Starter Posts: 20

    I should add that the system is still acting up. While using Chrome(regular browser), I am getting proxy errors and the option to change the setting in Chrome was greyed out(unusable). I also was unable to post this in Chrome the first time the page did load. This page loaded, I copied-pasted the fixlog, then when I would click "post reply", it would do nothing, the other two options would grey out briefly, then return to usability with no reply being posted. To finish, this was all posted from Firefox.
    Thanks.
     
  8. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.
    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    If you already have MBAM 2.0 installed:
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    How to get logs:
    (Export log to save as txt)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.
    (Copy to clipboard for pasting into forum replies or tickets)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.
    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  9. MatCauthon

    MatCauthon TS Rookie Topic Starter Posts: 20

    RogueKiller V11.0.3.0 [Dec 14 2015] (Free) by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/software/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 8.1 (6.3.9600) 64 bits version
    Started in : Normal mode
    User : Matt [Administrator]
    Started from : C:\Users\Matt\Desktop\RogueKiller.exe
    Mode : Delete -- Date : 12/20/2015 14:42:12

    ¤¤¤ Processes : 1 ¤¤¤
    [Suspicious.Path|VT.Unknown] wandering.exe(2104) -- C:\Windows\wandering.exe[-] -> Killed [TermProc]

    ¤¤¤ Registry : 2 ¤¤¤
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-3521546551-3123563252-608694627-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8877;https=127.0.0.1:8877 -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-3521546551-3123563252-608694627-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8877;https=127.0.0.1:8877 -> Not selected

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: HGST HTS541010A9E680 +++++
    --- User ---
    [MBR] b97d5d3bcb1fe844cce70fd2f7d531e7
    [BSP] 3c89f8f171eec30db6b0d5ca3a0ac618 : Empty MBR Code
    Partition table:
    0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 100 MB
    1 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 206848 | Size: 900 MB
    2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 2050048 | Size: 128 MB
    3 - Basic data partition | Offset (sectors): 2312192 | Size: 932250 MB
    4 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1911560192 | Size: 20490 MB
    User = LL1 ... OK
    User = LL2 ... OK

    RogueKiller V11.0.3.0 [Dec 14 2015] (Free) by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/software/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 8.1 (6.3.9600) 64 bits version
    Started in : Normal mode
    User : Matt [Administrator]
    Started from : C:\Users\Matt\Desktop\RogueKiller.exe
    Mode : Delete -- Date : 12/20/2015 14:42:12

    ¤¤¤ Processes : 1 ¤¤¤
    [Suspicious.Path|VT.Unknown] wandering.exe(2104) -- C:\Windows\wandering.exe[-] -> Killed [TermProc]

    ¤¤¤ Registry : 2 ¤¤¤
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-3521546551-3123563252-608694627-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8877;https=127.0.0.1:8877 -> Not selected
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-3521546551-3123563252-608694627-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:8877;https=127.0.0.1:8877 -> Not selected

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: HGST HTS541010A9E680 +++++
    --- User ---
    [MBR] b97d5d3bcb1fe844cce70fd2f7d531e7
    [BSP] 3c89f8f171eec30db6b0d5ca3a0ac618 : Empty MBR Code
    Partition table:
    0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 100 MB
    1 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 206848 | Size: 900 MB
    2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 2050048 | Size: 128 MB
    3 - Basic data partition | Offset (sectors): 2312192 | Size: 932250 MB
    4 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1911560192 | Size: 20490 MB
    User = LL1 ... OK
    User = LL2 ... OK
     
  10. MatCauthon

    MatCauthon TS Rookie Topic Starter Posts: 20

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 12/20/2015
    Scan Time: 4:01 PM
    Logfile:
    Administrator: Yes

    Version: 2.2.0.1024
    Malware Database: v2015.12.20.05
    Rootkit Database: v2015.12.18.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 8.1
    CPU: x64
    File System: NTFS
    User: Matt

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 398688
    Time Elapsed: 24 min, 13 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 2
    PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{0E02C3DE-FDA9-4381-99E6-7ED76A518504}, Quarantined, [bc99eeb9414a78be5a4cf079ca3829d7],
    PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{0E02C3DE-FDA9-4381-99E6-7ED76A518504}, Quarantined, [bc99eeb9414a78be5a4cf079ca3829d7],

    Registry Values: 1
    PUP.Optional.IEAudioAds, HKU\S-1-5-21-3521546551-3123563252-608694627-1001\SOFTWARE\INSTALLPATH\STATUS|NuvisionDataRemarketer, R, Quarantined, [ef660f986c1fd95d42dfb4ee2bd833cd]

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     

    Attached Files:

  11. MatCauthon

    MatCauthon TS Rookie Topic Starter Posts: 20

    # AdwCleaner v5.025 - Logfile created 20/12/2015 at 17:18:19
    # Updated 13/12/2015 by Xplode
    # Database : 2015-12-13.2 [Server]
    # Operating system : Windows 8.1 (x64)
    # Username : Matt - ONEPUTER
    # Running from : C:\Users\Matt\Desktop\adwcleaner_5.025.exe
    # Option : Scan
    # Support : http://toolslib.net/forum

    ***** [ Services ] *****


    ***** [ Folders ] *****


    ***** [ Files ] *****


    ***** [ DLL ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****


    ***** [ Web browsers ] *****

    [C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask search
    [C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
    [C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : conduit.search
    [C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com_
    [C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : toolbar.ask.com
    [C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
    [C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Found : hxxp://search.conduit.com/?ctid=CT3321972&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP1DEBDCBC-CD28-4322-B325-1D501BE2EF03&SSPV=
    [C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Found : hxxp://search.yahoo.com/?type=599486&fr=spigot-yhp-ch

    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1619 bytes] ##########

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.1 (11.24.2015)
    Operating System: Windows 8.1 x64
    Ran by Matt (Administrator) on Sun 12/20/2015 at 17:41:58.89
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 7

    Successfully deleted: C:\Users\Matt\AppData\Local\yuntnani (Folder)
    Successfully deleted: C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\intr.lnk (Shortcut)
    Successfully deleted: C:\Users\Matt\AppData\Roaming\sp_data.sys (File)
    Successfully deleted: C:\Windows\wininit.ini (File)
    Successfully deleted: C:\a\58118918.bat (File)
    Successfully deleted: C:\a\winonit.exe (File)
    Successfully deleted: C:\Windows\SysWOW64\83271868.bat (File)

    Deleted the following from C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\ymvdel8q.default\prefs.js
    user_pref(browser.urlbar.suggest.searches, true);



    Registry: 7

    Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\dutoauto (Registry Value)
    Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_952AA941B71FA68F2EFC80A225B9EE63 (Registry Value)
    Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\interpee (Registry Value)
    Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\rutoauto (Registry Value)
    Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\autoauto (Registry Value)
    Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\cutoauto (Registry Value)
    Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\interpee (Registry Value)




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sun 12/20/2015 at 20:35:16.09
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Things seem much better. Though, the touchpad on my laptop has stopped allowing me to scroll in a window with two fingers on the pad. I had yet to try and restart, as that may fix it, I'd imagine.
     
  12. MatCauthon

    MatCauthon TS Rookie Topic Starter Posts: 20

    I also appear to still be having proxy error issues inside of Chrome and the "change proxy settings" button is still greyed out.
     
  13. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

    • Double click to run it.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
     
  14. MatCauthon

    MatCauthon TS Rookie Topic Starter Posts: 20

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-12-2015
    Ran by Matt (administrator) on ONEPUTER (21-12-2015 18:04:18)
    Running from C:\Users\Matt\Desktop
    Loaded Profiles: Matt (Available Profiles: Matt & Sarah)
    Platform: Windows 8.1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (ASUS) C:\Program Files\ASUS\ASUS FlipLock\FlipService.exe
    (ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe
    (Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
    (Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe
    (Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
    (Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
    (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
    (sturdy) C:\Windows\wandering.exe
    (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
    (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    () C:\Program Files\ASUS\ASUS FlipLock\FlipController.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    () C:\Program Files\ASUS\ASUS FlipLock\FlipController.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
    (ASUSTek Computer INC.) C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe
    (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
    (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
    (WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
    (Nico Mak Computing) C:\Program Files\WinZip\FAH\FAHWindow64.exe
    (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
    HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe [114048 2013-10-17] (Intel Corporation)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-09] (Apple Inc.)
    HKLM\...\Run: [cutoauto] => C:\Program Files (x86)\calculate\blink.exe
    HKLM\...\Run: [interpee] => C:\Program Files (x86)\calculate\relation.exe
    HKLM\...\Run: [autoauto] => C:\Program Files (x86)\calculate\relation.exe
    HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24952456 2015-12-08] (Dropbox, Inc.)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.)
    HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-10-21] (Apple Inc.)
    HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [103696 2015-10-21] (Apple Inc.)
    HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22790776 2015-11-04] (Google)
    HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [349680 2014-03-08] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
    ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
    ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.2.0.496\ASUSWSShellExt64.dll [2014-11-18] (ASUS Cloud Corporation.)
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.2.0.496\ASUSWSShellExt64.dll [2014-11-18] (ASUS Cloud Corporation.)
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.2.0.496\ASUSWSShellExt64.dll [2014-11-18] (ASUS Cloud Corporation.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-09-21]
    ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2015-09-21]
    ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
    BootExecute: autocheck autochk * sdnclean64.exebddel.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    ProxyServer: [S-1-5-21-3521546551-3123563252-608694627-1001] => http=127.0.0.1:8877;https=127.0.0.1:8877
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    Tcpip\..\Interfaces\{AE6BC52A-FEAC-49D8-AB5D-FDE9F836AD83}: [DhcpNameServer] 192.168.1.254
    Tcpip\..\Interfaces\{BC48F90C-37A5-4AD2-AD2E-8127DC1EAB34}: [DhcpNameServer] 192.168.1.254

    Internet Explorer:
    ==================
    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-28] (Oracle Corporation)
    BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-28] (Oracle Corporation)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
    Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)

    FireFox:
    ========
    FF ProfilePath: C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\ymvdel8q.default
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-10-23] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-10-23] (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-28] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-28] (Oracle Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] ()
    FF Plugin HKU\S-1-5-21-3521546551-3123563252-608694627-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Matt\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-07-08] (Citrix Online)

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.google.com/
    CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://search.conduit.com/?ctid=CT3321972&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP1DEBDCBC-CD28-4322-B325-1D501BE2EF03&SSPV=","hxxp://search.yahoo.com/?type=599486&fr=spigot-yhp-ch"
    CHR Session Restore: Default -> is enabled.
    CHR Profile: C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Entanglement Web App) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2015-06-14]
    CHR Extension: (Google Drive) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-18]
    CHR Extension: (Adblock Plus) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-11-26]
    CHR Extension: (Netflix) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh [2015-06-14]
    CHR Extension: (Pandora) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2015-06-14]
    CHR Extension: (iCloud Bookmarks) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2015-07-26]
    CHR Extension: (Google Docs Offline) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-23]
    CHR Extension: (Skype) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-12-18]
    CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-11-18]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-26]
    CHR HKU\S-1-5-21-3521546551-3123563252-608694627-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Matt\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-11-15]
    CHR HKU\S-1-5-21-3521546551-3123563252-608694627-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
    R2 ASUS Flip Service; C:\Program Files\ASUS\ASUS FlipLock\FlipService.exe [8704 2014-04-15] (ASUS) [File not signed]
    R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe [71680 2014-02-24] (ASUS Cloud Corporation) [File not signed]
    R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
    R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
    R2 DACoreService; C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe [432528 2013-05-02] (Nuance Communications, Inc.)
    S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-07] (Dropbox, Inc.)
    S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-07] (Dropbox, Inc.)
    R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [117704 2013-10-17] (Intel Corporation)
    R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [116680 2013-10-17] (Intel Corporation)
    R2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [148160 2013-10-17] (Intel Corporation)
    R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [126952 2013-10-17] (Intel Corporation)
    R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-27] (WildTangent)
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [827392 2013-09-02] (Intel(R) Corporation) [File not signed]
    R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-10-23] (Intel Corporation)
    R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [200168 2013-12-04] ()
    R2 jelly; C:\Windows\wandering.exe [16896 2015-12-18] (sturdy) [File not signed]
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-10-23] (Intel Corporation)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-17] ()
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
    R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-17] (Intel® Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [71952 2014-03-31] (ASUS Corporation)
    R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
    R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1408824 2013-10-18] (Motorola Solutions, Inc.)
    R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [145640 2013-10-17] (Intel Corporation)
    R3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [116752 2013-10-17] (Intel Corporation)
    R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [289744 2013-10-17] (Intel Corporation)
    R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [494296 2013-10-17] (Intel Corporation)
    S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
    R3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [24568 2013-08-08] (Intel Corporation)
    R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [99320 2013-08-08] (Intel Corporation)
    R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [142280 2013-10-18] (Intel Corporation)
    R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-13] ()
    R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-13] ()
    R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-13] ()
    R3 INVN_MotionApps; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-30] (Microsoft Corporation)
    R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-13] ()
    R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-05] ( )
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-21] (Malwarebytes)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
    R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-10-23] (Intel Corporation)
    R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3434464 2014-03-13] (Intel Corporation)
    R1 SDHookDriver; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [64160 2014-04-25] ()
    R3 SensorsAlsDriver; C:\Windows\System32\drivers\WUDFRd.sys [227840 2014-05-30] (Microsoft Corporation)
    R3 SensorsServiceDriver; C:\Windows\System32\drivers\WUDFRd.sys [227840 2014-05-30] (Microsoft Corporation)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [30848 2015-12-20] ()
    S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44024 2015-02-03] (Microsoft Corporation)
    S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [264000 2015-02-03] (Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-12-21 18:03 - 2015-12-21 18:03 - 00000000 ____D C:\Users\Matt\Desktop\FRST-OlderVersion
    2015-12-21 17:58 - 2015-12-21 17:58 - 00000093 _____ C:\Users\Matt\AppData\Roaming\sp_data.sys
    2015-12-20 21:31 - 2015-12-20 21:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
    2015-12-20 20:35 - 2015-12-20 20:35 - 00001987 _____ C:\Users\Matt\Desktop\JRT.txt
    2015-12-20 17:33 - 2015-12-20 17:33 - 01599336 _____ (Malwarebytes) C:\Users\Matt\Desktop\JRT.exe
    2015-12-20 17:18 - 2015-12-20 17:23 - 00000000 ____D C:\AdwCleaner
    2015-12-20 17:11 - 2015-12-20 17:11 - 01740288 _____ C:\Users\Matt\Desktop\adwcleaner_5.025.exe
    2015-12-20 17:00 - 2015-12-20 17:00 - 00001479 _____ C:\Users\Matt\Desktop\12.20.15.txt
    2015-12-20 15:36 - 2015-12-21 18:03 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-12-20 15:36 - 2015-12-20 15:36 - 00001116 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-12-20 15:36 - 2015-12-20 15:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-12-20 15:35 - 2015-12-20 15:36 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-12-20 15:35 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-12-20 15:35 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2015-12-20 15:35 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
    2015-12-20 15:29 - 2015-12-20 15:33 - 22908888 _____ (Malwarebytes ) C:\Users\Matt\Desktop\mbam-setup-2.2.0.1024.exe
    2015-12-20 14:47 - 2015-12-20 14:47 - 00003682 _____ C:\Users\Matt\Desktop\rk_59CE.tmp.txt
    2015-12-20 14:47 - 2015-12-20 14:47 - 00003682 _____ C:\Users\Matt\Desktop\rk_523B.tmp.txt
    2015-12-20 12:04 - 2015-12-20 14:47 - 00000000 ____D C:\ProgramData\RogueKiller
    2015-12-20 12:04 - 2015-12-20 12:04 - 00030848 _____ C:\Windows\system32\Drivers\TrueSight.sys
    2015-12-20 12:02 - 2015-12-20 12:03 - 20834376 _____ C:\Users\Matt\Desktop\RogueKiller.exe
    2015-12-19 17:08 - 2015-12-21 18:04 - 00004374 _____ C:\Windows\System32\Tasks\489059866771480292
    2015-12-19 17:06 - 2015-12-19 17:08 - 00009166 _____ C:\Users\Matt\Desktop\Fixlog.txt
    2015-12-19 12:44 - 2015-12-19 12:46 - 00056197 _____ C:\Users\Matt\Desktop\Addition.txt
    2015-12-19 12:43 - 2015-12-21 18:05 - 00025721 _____ C:\Users\Matt\Desktop\FRST.txt
    2015-12-19 12:43 - 2015-12-21 18:04 - 00000000 ____D C:\FRST
    2015-12-19 12:42 - 2015-12-21 18:03 - 02370560 _____ (Farbar) C:\Users\Matt\Desktop\FRST64.exe
    2015-12-19 11:35 - 2015-11-02 18:22 - 00000035 _____ C:\Windows\system32\Drivers\etc\hosts.20151219-113523.backup
    2015-12-18 20:37 - 2015-12-18 20:43 - 00000000 ____D C:\Users\Matt\AppData\Local\Mozilla
    2015-12-18 20:37 - 2015-12-18 20:37 - 00001173 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2015-12-18 20:37 - 2015-12-18 20:37 - 00001161 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2015-12-18 20:37 - 2015-12-18 20:37 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Mozilla
    2015-12-18 20:36 - 2015-12-18 20:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2015-12-18 18:24 - 2015-12-18 18:24 - 00000000 ____D C:\Program Files (x86)\satisfy
    2015-12-18 17:56 - 2015-12-18 17:56 - 00000000 ____D C:\RegBackup
    2015-12-18 17:55 - 2015-12-19 09:54 - 00002310 _____ C:\Users\Matt\Desktop\Google Chrome.lnk
    2015-12-18 12:15 - 2015-12-19 17:07 - 00003662 _____ C:\Windows\System32\Tasks\8841584884158488415848841584
    2015-12-18 12:14 - 2015-12-20 17:45 - 00000000 ____D C:\a
    2015-12-18 12:14 - 2015-12-18 18:23 - 00003812 _____ C:\Windows\System32\Tasks\Grapyy46759876Updates
    2015-12-18 12:14 - 2015-12-18 18:23 - 00003652 _____ C:\Windows\System32\Tasks\MySyy46759876ytemy
    2015-12-18 12:14 - 2015-12-18 17:56 - 00003814 _____ C:\Windows\System32\Tasks\KBnBW4SghhZJI2gx4Twq-ni-2015-12-18-ni-10924
    2015-12-18 12:14 - 2015-12-18 12:14 - 00000050 _____ C:\Windows\key.ini
    2015-12-18 12:14 - 2015-12-18 12:14 - 00000000 ____D C:\Users\Matt\AppData\Local\CEF
    2015-12-18 12:14 - 2015-12-18 12:14 - 00000000 ____D C:\Users\Matt\AppData\Local\26070387
    2015-12-18 12:14 - 2015-12-18 12:14 - 00000000 ____D C:\Users\Matt\AppData\Local\10681602
    2015-12-18 12:12 - 2015-12-18 18:16 - 00000000 ____D C:\Program Files (x86)\winwebuse
    2015-12-18 12:05 - 2015-12-19 15:46 - 00000000 ____D C:\Users\Matt\AppData\Roaming\uTorrent
    2015-12-18 11:51 - 2015-12-18 11:51 - 02026520 _____ (BitTorrent Inc.) C:\Users\Matt\Desktop\uTorrent.exe
    2015-12-18 10:59 - 2015-12-18 10:59 - 00042739 _____ C:\Windows\thrill.exe
    2015-12-18 10:59 - 2015-12-18 10:59 - 00033792 _____ (windows 99) C:\Windows\railway.exe
    2015-12-18 10:59 - 2015-12-18 10:59 - 00016896 _____ (sturdy) C:\Windows\wandering.exe
    2015-12-18 10:59 - 2015-12-18 10:59 - 00009216 _____ (forgetful) C:\Windows\behave.exe
    2015-12-17 22:44 - 2015-12-17 22:44 - 00001767 _____ C:\Users\Public\Desktop\iTunes.lnk
    2015-12-17 22:44 - 2015-12-17 22:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2015-12-17 22:43 - 2015-12-17 22:44 - 00000000 ____D C:\Program Files\iTunes
    2015-12-17 22:43 - 2015-12-17 22:43 - 00000000 ____D C:\Program Files\iPod
    2015-12-17 22:43 - 2015-12-17 22:43 - 00000000 ____D C:\Program Files (x86)\iTunes
    2015-12-17 22:33 - 2015-12-17 22:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
    2015-12-11 12:12 - 2015-12-11 12:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
    2015-12-05 00:00 - 2015-12-05 00:00 - 00000000 ____D C:\Users\Default\AppData\Local\Google
    2015-12-05 00:00 - 2015-12-05 00:00 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
    2015-11-26 22:26 - 2015-12-04 23:03 - 00001339 _____ C:\Users\Matt\Desktop\Shannara Reading List.txt
    2015-11-21 22:42 - 2015-11-21 22:42 - 00001405 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    2015-11-21 22:42 - 2015-11-21 22:42 - 00001393 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    2015-11-21 22:42 - 2015-11-21 22:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    2015-11-21 22:42 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-12-21 18:03 - 2015-02-27 12:39 - 00000000 __RDO C:\Users\Matt\Desktop\OneDrive
    2015-12-21 18:03 - 2013-08-22 05:36 - 00000000 ____D C:\Windows
    2015-12-21 18:02 - 2015-02-27 12:44 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{EDBD8DFB-6D84-4E3D-B9AD-7E72DA0E9CF5}
    2015-12-21 18:02 - 2015-02-27 12:41 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3521546551-3123563252-608694627-1001
    2015-12-21 18:00 - 2015-11-15 18:24 - 00000000 ___RD C:\Users\Matt\Google Drive
    2015-12-21 18:00 - 2015-07-07 22:04 - 00000000 ___RD C:\Users\Matt\Dropbox
    2015-12-21 18:00 - 2015-07-07 21:57 - 00000000 ____D C:\Users\Matt\AppData\Local\Dropbox
    2015-12-21 17:58 - 2015-06-02 11:23 - 00000000 ___RD C:\Users\Matt\iCloudDrive
    2015-12-21 17:58 - 2015-02-26 22:21 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-12-21 17:57 - 2015-07-07 21:57 - 00000918 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
    2015-12-20 22:09 - 2015-07-07 21:57 - 00000922 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
    2015-12-20 20:52 - 2015-02-28 11:35 - 00000000 ____D C:\Users\Matt\Desktop\Images
    2015-12-20 20:36 - 2014-03-18 02:03 - 00863596 _____ C:\Windows\system32\PerfStringBackup.INI
    2015-12-20 20:36 - 2013-08-22 05:36 - 00000000 ____D C:\Windows\Inf
    2015-12-20 17:25 - 2013-08-22 06:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2015-12-20 16:46 - 2015-09-07 18:34 - 00000000 ____D C:\ProgramData\Freemake
    2015-12-20 16:46 - 2015-09-07 18:33 - 00000000 ____D C:\Program Files (x86)\Freemake
    2015-12-20 16:40 - 2013-08-22 05:25 - 00524288 ___SH C:\Windows\system32\config\BBI
    2015-12-20 11:56 - 2015-05-09 18:09 - 00000000 ____D C:\Users\Matt\AppData\Roaming\vlc
    2015-12-19 18:51 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\system32\NDF
    2015-12-18 22:18 - 2015-02-28 11:51 - 00000000 ____D C:\Users\Matt\AppData\Local\CrashDumps
    2015-12-18 17:55 - 2015-02-26 22:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2015-12-17 22:43 - 2015-02-27 15:47 - 00000000 ____D C:\Program Files\Common Files\Apple
    2015-12-17 22:19 - 2015-04-17 19:14 - 00000000 ____D C:\Users\Matt\AppData\Local\ElevatedDiagnostics
    2015-12-11 12:12 - 2015-07-07 21:57 - 00000000 ____D C:\Program Files (x86)\Dropbox
    2015-12-06 23:00 - 2015-09-13 16:59 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Skype
    2015-12-05 00:00 - 2015-11-15 18:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
    2015-12-04 23:49 - 2015-02-26 22:21 - 00003896 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2015-12-04 23:49 - 2015-02-26 22:21 - 00003660 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2015-12-04 23:49 - 2015-02-26 22:21 - 00000924 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-11-23 21:43 - 2015-03-03 17:51 - 00482816 ___SH C:\Users\Matt\Desktop\Thumbs.db
    2015-11-22 18:03 - 2015-02-27 19:26 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
    2015-11-21 22:42 - 2015-02-27 19:35 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy

    ==================== Files in the root of some directories =======

    2015-12-21 17:58 - 2015-12-21 17:58 - 0000093 _____ () C:\Users\Matt\AppData\Roaming\sp_data.sys

    Some files in TEMP:
    ====================
    C:\Users\Matt\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\Matt\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-12-17 22:18

    ==================== End of FRST.txt ============================
     
  15. MatCauthon

    MatCauthon TS Rookie Topic Starter Posts: 20

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:20-12-2015
    Ran by Matt (2015-12-21 18:05:21)
    Running from C:\Users\Matt\Desktop
    Windows 8.1 (X64) (2015-02-27 20:35:37)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3521546551-3123563252-608694627-500 - Administrator - Disabled)
    Guest (S-1-5-21-3521546551-3123563252-608694627-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3521546551-3123563252-608694627-1003 - Limited - Enabled)
    Matt (S-1-5-21-3521546551-3123563252-608694627-1001 - Administrator - Enabled) => C:\Users\Matt
    Sarah (S-1-5-21-3521546551-3123563252-608694627-1004 - Administrator - Enabled) => C:\Users\Sarah

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Spybot - Search and Destroy (Enabled - Up to date) {20A26C15-1AF0-7CA3-9380-FAB824A7EE0D}
    AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
    Apple Application Support (32-bit) (HKLM-x32\...\{C5815ACF-FD34-4553-8A22-C7411B7E662B}) (Version: 4.1.1 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{CBF12D2F-CF64-4CB7-858B-2C1F21068E5F}) (Version: 4.1.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
    ASUS FlipLock (HKLM\...\{7C7F8DAC-8ADA-4B86-BCB6-48B6FFB673DD}) (Version: 1.0.2 - ASUS)
    ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.8 - ASUS)
    ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.14 - ASUS)
    ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.01.0003 - ASUS)
    ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.9 - ASUS)
    ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0034 - ASUS)
    Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    Citrix Online Launcher (HKLM-x32\...\{DB014C85-A264-4BCA-A66F-6DD1FCF8EC36}) (Version: 1.0.335 - Citrix)
    CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
    dBpoweramp DSP Effects (HKLM-x32\...\dBpoweramp DSP Effects) (Version: Release 7 - Illustrate)
    dBpoweramp Music Converter (HKLM-x32\...\dBpoweramp Music Converter) (Version: Release 14.2 - Illustrate)
    Dragon Assistant Application en-US version 1.5.7 (HKLM-x32\...\{1CCBE73F-4948-4711-8D12-22E2FD65D706}_is1) (Version: 1.5.7 - Nuance Communications, Inc.)
    Dragon Assistant Core Recognition Service version 1.1.10 (HKLM-x32\...\{E97BA7A6-46FC-4EBF-B24A-B8362948C696}_is1) (Version: 1.1.10 - Nuance Communications, Inc.)
    Dragon Assistant Language Data en-US version 1.1.3 (HKLM-x32\...\{4C0C1E4E-D3B1-4496-98EC-DA14D45EC855}_is1) (Version: 1.1.3 - Nuance Communications, Inc.)
    Dragon Assistant version 1.5.7 (HKLM-x32\...\{D57A8269-3BE5-4D10-B882-64D0F2D448BF}_is1) (Version: 1.5.7 - Nuance Communications, Inc.)
    Dropbox (HKLM-x32\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)
    Dropbox Update Helper (x32 Version: 1.3.27.33 - Dropbox, Inc.) Hidden
    FLAC To MP3 V4.1 (HKLM-x32\...\FLAC To MP3_is1) (Version: - FLAC To MP3, Inc.)
    Game Explorer Categories - casual (HKLM-x32\...\WildTangentGameProvider-asus-casual) (Version: 3.2.0.6 - WildTangent, Inc.)
    Game Explorer Categories - enthusiast (HKLM-x32\...\WildTangentGameProvider-asus-enthusiast) (Version: 3.2.0.6 - WildTangent, Inc.)
    Game Explorer Categories - family (HKLM-x32\...\WildTangentGameProvider-asus-family) (Version: 3.2.0.6 - WildTangent, Inc.)
    Game Explorer Categories - kids (HKLM-x32\...\WildTangentGameProvider-asus-kids) (Version: 3.2.0.6 - WildTangent, Inc.)
    Game Explorer Categories - touch (HKLM-x32\...\WildTangentGameProvider-asus-touch) (Version: 3.2.0.6 - WildTangent, Inc.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
    Google Drive (HKLM-x32\...\{1C3D2F92-D25E-4D98-B810-3F3B0857BF26}) (Version: 1.26.0707.2863 - Google, Inc.)
    Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
    Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
    iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
    Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.1.0.2105 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.6.0.1038 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
    Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 3.0.1342.2) (HKLM\...\{302600C1-6BDF-4FD1-1311-148929CC1385}) (Version: 3.1.1311.0402 - Intel Corporation)
    Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.165.0 - Intel Corporation)
    Intel(R) Smart Connect Technology (HKLM\...\{51AC86D3-C431-48AD-9195-0D6C930D07CD}) (Version: 4.2.41.2710 - Intel Corporation)
    Intel® PROSet/Wireless Software (HKLM-x32\...\{b9007812-6a61-4dfc-8a0c-4c726c7dc43f}) (Version: 17.0.1 - Intel Corporation)
    iTunes (HKLM\...\{0D44E3A4-6C3D-45D7-B443-079509E5BE5D}) (Version: 12.3.2.35 - Apple Inc.)
    Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
    LG ODD Auto Firmware Update (HKLM-x32\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 10.01.0712.01 - )
    Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
    Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Mozilla Firefox 43.0.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 en-GB)) (Version: 43.0.1 - Mozilla)
    NetStream 1.0 (HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\NetStream 1.0) (Version: - )
    NewInternet (HKLM\...\FastIn) (Version: - yoyo)
    QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39048 - Realtek Semiconductor Corp.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.29.314.2014 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7231 - Realtek Semiconductor Corp.)
    Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
    Skype™ 7.10 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.10.101 - Skype Technologies S.A.)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
    Spybot Anti-Beacon (HKLM-x32\...\{419A7FCF-93E1-474D-BFE9-987CF3F90C88}_is1) (Version: 1.4 - Safer-Networking Ltd.)
    System Requirements Lab Detection (HKLM-x32\...\{CC656969-7AE7-415C-A3EB-BA687F3AB03F}) (Version: 6.1.6.0 - Husdawg, LLC)
    Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 2.2.0 - Tweaking.com)
    Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
    WebStorage (HKLM-x32\...\WebStorage) (Version: 2.2.0.496 - ASUS Cloud Corporation)
    WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.0.11.2 - WildTangent)
    Windows Driver Package - ASUS (ATP) Mouse (03/17/2014 1.0.0.207) (HKLM\...\AA2CC56D4BBEE037DC99871F5F6551133D2A0CC3) (Version: 03/17/2014 1.0.0.207 - ASUS)
    WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
    WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240ED}) (Version: 19.5.11532 - WinZip Computing, S.L. )
    YNAB 4 version 4.3.729 (HKLM-x32\...\com.ynab.YNAB4.LiveCaptive_is1) (Version: 4.3.729 - YouNeedABudget.com)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Restore Points =========================

    26-11-2015 21:24:18 Scheduled Checkpoint
    05-12-2015 00:04:14 Scheduled Checkpoint
    17-12-2015 22:33:18 Scheduled Checkpoint
    20-12-2015 17:42:07 JRT Pre-Junkware Removal

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 05:25 - 2015-12-19 11:35 - 00449982 ____R C:\Windows\system32\Drivers\etc\hosts

    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 www.123haustiereundmehr.com
    127.0.0.1 123moviedownload.com
    127.0.0.1 www.123moviedownload.com

    There are 15463 more lines.


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {02E6B53B-D297-4715-A6E5-C76A9AF33172} - System32\Tasks\8841584884158488415848841584 => C:\Program Files (x86)\calculate\relation.exe <==== ATTENTION
    Task: {0CD9A718-7769-42ED-A1E9-419C94BF79E6} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
    Task: {2435A1F2-FC3A-456C-BC02-8D182D59AD04} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86) [2015-12-20] ()
    Task: {24A0BD95-2087-417F-BBA6-F3D508D95A27} - System32\Tasks\ASUS Patch for Touch Panel => C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe [2013-01-09] (ASUSTek Computer INC.)
    Task: {2BEEF34C-45F9-4B4C-A48F-EC56E272B3B5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
    Task: {351DAD53-AA32-4624-AF85-9896C179051F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
    Task: {451A682B-E5A9-4E74-92E5-665A0F62477F} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-04-14] (Realtek Semiconductor)
    Task: {45CC27D6-7D5B-4DF7-9333-9290DE8502A7} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86) [2015-12-20] ()
    Task: {4D3CBEF1-974C-4CA1-A5BB-DD41A8EE04D1} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-07] (Dropbox, Inc.)
    Task: {4E94B278-A383-4EB1-BD76-38027ADFC74E} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-07] (Dropbox, Inc.)
    Task: {632E5C78-6BAE-4D48-A906-D95223FA5850} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2014-03-27] (ASUSTek Computer Inc.)
    Task: {708DADE6-0A79-478F-8CEB-D528FBAC2867} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-26] (Google Inc.)
    Task: {73EBB677-2BDE-4AC5-8158-47913CD4753F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan most recently used file in the background => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe [2014-06-24] (Safer-Networking Ltd.)
    Task: {82B8E927-55E0-42A5-BC19-2BB9CE7A9C42} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2014-03-11] ()
    Task: {8B140BF5-35A3-4D4B-9A4A-44BCF1EA0278} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
    Task: {95038D2C-6502-49C8-9A3C-47C69BECFCE6} - System32\Tasks\489059866771480292 => C:\Program Files (x86)\calculate\relation.exe <==== ATTENTION
    Task: {B8A3C6E4-6BC0-4A51-AEC6-6848BCE4D942} - System32\Tasks\MySyy46759876ytemy => C:\Program Files (x86)\satisfy\ground.exe
    Task: {B9154A87-E514-4632-BFB7-BF0038C0AEAE} - System32\Tasks\KBnBW4SghhZJI2gx4Twq-ni-2015-12-18-ni-10924 => C:\Program Files (x86)\calculate\relation.exe
    Task: {D95E1D65-8FB1-4E31-91C4-692BBE3A040F} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2014-04-02] (ASUS)
    Task: {E3C7E82D-A594-4911-AECE-B09DF1C6B31A} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2014-01-14] (ASUSTek Computer Inc.)
    Task: {E8627CC4-BCB2-48FE-ACE4-3F39CB96B7FD} - System32\Tasks\Grapyy46759876Updates => C:\Program Files (x86)\satisfy\ground.exe
    Task: {ECC7EE87-28FB-4390-A463-40BF93A6AE79} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2014-03-31] (AsusTek)
    Task: {EDB36471-01F6-42EE-B9C7-A025B4A09664} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-26] (Google Inc.)
    Task: {EFC10CC2-9655-47BC-867D-3551C92B7E04} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-04-10] (Realtek Semiconductor)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-10-13 04:45 - 2015-10-13 04:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2013-12-04 07:44 - 2013-12-04 07:44 - 00200168 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
    2013-12-04 07:44 - 2013-12-04 07:44 - 00054760 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
    2013-12-04 07:44 - 2013-12-04 07:44 - 00034792 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
    2014-04-15 16:36 - 2014-04-15 16:36 - 00016384 _____ () C:\Program Files\ASUS\ASUS FlipLock\FlipController.exe
    2014-08-14 09:12 - 2013-05-02 10:26 - 00387984 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\fl_core.dll
    2014-08-14 09:12 - 2013-05-02 10:26 - 01165712 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_asr.dll
    2014-08-14 09:12 - 2013-05-02 10:26 - 00199056 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_base.dll
    2014-08-14 09:12 - 2013-05-02 10:26 - 01132944 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_pron.dll
    2014-08-14 09:12 - 2013-05-02 10:26 - 00035216 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_platform.dll
    2014-08-14 09:12 - 2013-05-02 10:26 - 00229264 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\sdxg.dll
    2014-08-14 09:12 - 2013-05-02 10:25 - 00027648 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\WASAPIResamplingStreamCOMServer.dll
    2015-11-21 22:42 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2015-11-21 22:42 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2015-11-21 22:42 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
    2015-11-21 22:42 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
    2015-11-21 22:42 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
    2014-08-14 08:47 - 2013-10-23 12:44 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
    2014-04-15 16:36 - 2014-04-15 16:36 - 00009216 _____ () C:\Program Files\ASUS\ASUS FlipLock\WMIProc.dll
    2014-04-02 13:46 - 2014-04-02 13:46 - 00117248 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
    2014-04-02 13:46 - 2014-04-02 13:46 - 00037936 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
    2014-04-02 13:46 - 2014-04-02 13:46 - 00018992 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDColorEnhance.dll
    2014-04-02 13:46 - 2014-04-02 13:46 - 00020528 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDRegammaAndGamut.dll
    2015-10-13 04:46 - 2015-10-13 04:46 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2015-02-13 04:20 - 2015-02-13 04:20 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-10-13 04:45 - 2015-10-13 04:45 - 00237328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
    2015-12-21 17:58 - 2015-12-21 17:58 - 00098816 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1516522\win32api.pyd
    2015-12-21 17:58 - 2015-12-21 17:58 - 00110080 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1516522\pywintypes27.dll
    2015-12-21 17:58 - 2015-12-21 17:58 - 00364544 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1516522\pythoncom27.dll
    2015-12-21 17:58 - 2015-12-21 17:58 - 00046080 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1516522\_socket.pyd
    2015-12-21 17:58 - 2015-12-21 17:58 - 01208320 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1516522\_ssl.pyd
    2015-12-21 17:58 - 2015-12-21 17:58 - 00320512 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1516522\win32com.shell.shell.pyd
    2015-12-21 17:58 - 2015-12-21 17:58 - 00776704 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1516522\_hashlib.pyd
    2015-12-21 17:58 - 2015-12-21 17:58 - 01176576 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1516522\wx._core_.pyd
    2015-12-21 17:58 - 2015-12-21 17:58 - 00806400 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1516522\wx._gdi_.pyd
    2015-12-21 17:58 - 2015-12-21 17:58 - 00816128 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1516522\wx._windows_.pyd
    2015-12-21 17:58 - 2015-12-21 17:58 - 01067008 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1516522\wx._controls_.pyd
    2015-12-21 17:58 - 2015-12-21 17:58 - 00733184 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1516522\wx._misc_.pyd
    2015-12-21 17:58 - 2015-12-21 17:58 - 00682496 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1516522\pysqlite2._sqlite.pyd
    2015-12-21 17:58 - 2015-12-21 17:58 - 00088064 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1516522\_ctypes.pyd
    2015-12-21 17:58 - 2015-12-21 17:58 - 00119808 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1516522\win32file.pyd
    2015-12-21 17:58 - 2015-12-21 17:58 - 00108544 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1516522\win32security.pyd
    2015-12-21 17:58 - 2015-12-21 17:58 - 00007168 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1516522\hashobjs_ext.pyd
    2015-12-21 17:58 - 2015-12-21 17:58 - 00017920 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1516522\thumbnails_ext.pyd
    2015-12-21 17:58 - 2015-12-21 17:58 - 00079360 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1516522\usb_ext.pyd
    2015-12-21 17:58 - 2015-12-21 17:58 - 00167936 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1516522\win32gui.pyd
    2015-12-21 17:58 - 2015-12-21 17:58 - 00018432 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1516522\win32event.pyd
    2015-12-21 17:58 - 2015-12-21 17:58 - 00128512 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1516522\_elementtree.pyd
    2015-12-21 17:58 - 2015-12-21 17:58 - 00127488 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1516522\pyexpat.pyd
    2015-12-21 17:58 - 2015-12-21 17:58 - 00013824 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1516522\common.time34.pyd
    2015-12-21 17:58 - 2015-12-21 17:58 - 00036864 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1516522\_psutil_windows.pyd
    2015-12-21 17:58 - 2015-12-21 17:58 - 00038912 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1516522\win32inet.pyd
    2015-12-21 17:58 - 2015-12-21 17:58 - 00525640 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1516522\windows._lib_cacheinvalidation.pyd
    2015-12-21 17:58 - 2015-12-21 17:58 - 00011264 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1516522\win32crypt.pyd
    2015-12-21 17:58 - 2015-12-21 17:58 - 00077312 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1516522\wx._html2.pyd
    2015-12-21 17:58 - 2015-12-21 17:58 - 00027136 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1516522\_multiprocessing.pyd
    2015-12-21 17:58 - 2015-12-21 17:58 - 00020480 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1516522\_yappi.pyd
    2015-12-21 17:58 - 2015-12-21 17:58 - 00035840 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1516522\win32process.pyd
    2015-12-21 17:58 - 2015-12-21 17:58 - 00686080 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1516522\unicodedata.pyd
    2015-12-21 17:58 - 2015-12-21 17:58 - 00123392 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1516522\wx._wizard.pyd
    2015-12-21 17:58 - 2015-12-21 17:58 - 00024064 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1516522\win32pipe.pyd
    2015-12-21 17:58 - 2015-12-21 17:58 - 00010240 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1516522\select.pyd
    2015-12-21 17:58 - 2015-12-21 17:58 - 00025600 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1516522\win32pdh.pyd
    2015-12-21 17:58 - 2015-12-21 17:58 - 00017408 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1516522\win32profile.pyd
    2015-12-21 17:58 - 2015-12-21 17:58 - 00022528 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1516522\win32ts.pyd
    2015-12-21 17:58 - 2015-12-21 17:58 - 00078848 _____ () C:\Users\Matt\AppData\Local\Temp\_MEI1516522\wx._animate.pyd
    2015-12-11 12:11 - 2015-10-30 16:59 - 00034768 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
    2015-12-11 12:11 - 2015-10-30 17:00 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
    2015-12-11 12:11 - 2015-12-08 13:36 - 00022848 _____ () C:\Program Files (x86)\Dropbox\Client
     
  16. MatCauthon

    MatCauthon TS Rookie Topic Starter Posts: 20

    ADDITION CONT'D:

    \Crypto.Random.OSRNG.winrandom.pyd
    2015-12-11 12:11 - 2015-12-08 13:36 - 00023352 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Util._counter.pyd
    2015-12-11 12:11 - 2015-12-08 13:36 - 00042296 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Cipher._AES.pyd
    2015-12-11 12:11 - 2015-10-30 16:59 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
    2015-12-11 12:11 - 2015-10-30 16:59 - 00093640 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
    2015-12-11 12:11 - 2015-10-30 16:59 - 00018376 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
    2015-12-11 12:11 - 2015-12-08 13:36 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
    2015-12-11 12:11 - 2015-10-30 17:00 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
    2015-12-11 12:11 - 2015-10-30 16:59 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
    2015-12-11 12:11 - 2015-12-08 13:36 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
    2015-12-11 12:11 - 2015-10-30 16:59 - 00692688 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
    2015-12-11 12:11 - 2015-12-08 13:36 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
    2015-12-11 12:11 - 2015-10-30 17:00 - 00109520 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
    2015-12-11 12:11 - 2015-12-08 13:36 - 01737032 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
    2015-12-11 12:11 - 2015-12-08 13:36 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
    2015-12-11 12:11 - 2015-12-08 13:36 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_python_x66cf7a7cx17a72769.pyd
    2015-12-11 12:11 - 2015-12-08 13:36 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
    2015-12-11 12:11 - 2015-12-08 13:36 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
    2015-12-11 12:11 - 2015-10-30 17:00 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
    2015-12-11 12:11 - 2015-10-30 17:00 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
    2015-12-11 12:11 - 2015-10-30 17:00 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
    2015-12-11 12:11 - 2015-12-08 13:36 - 00021320 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_xde9e4433x360333f0.pyd
    2015-12-11 12:11 - 2015-10-30 17:00 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
    2015-12-11 12:11 - 2015-10-30 17:00 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
    2015-12-11 12:11 - 2015-10-30 17:00 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
    2015-12-11 12:11 - 2015-10-30 17:00 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
    2015-12-11 12:11 - 2015-10-30 17:00 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
    2015-12-11 12:11 - 2015-10-30 17:00 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
    2015-12-11 12:11 - 2015-10-30 17:00 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
    2015-12-11 12:11 - 2015-12-08 13:36 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
    2015-12-11 12:11 - 2015-10-30 17:00 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
    2015-12-11 12:11 - 2015-10-30 17:00 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
    2015-12-11 12:11 - 2015-12-08 13:36 - 00117056 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
    2015-12-11 12:11 - 2015-12-08 13:36 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
    2015-12-11 12:11 - 2015-10-30 16:59 - 00134608 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd
    2015-12-11 12:11 - 2015-10-30 16:59 - 00134088 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
    2015-12-11 12:11 - 2015-10-30 17:00 - 00240584 _____ () C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd
    2015-12-11 12:11 - 2015-12-08 13:36 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
    2015-12-11 12:11 - 2015-12-08 13:36 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
    2015-12-11 12:11 - 2015-12-08 13:36 - 00021304 _____ () C:\Program Files (x86)\Dropbox\Client\Crypto.Util.strxor.pyd
    2015-12-11 12:11 - 2015-10-30 17:00 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
    2015-12-11 12:11 - 2015-12-08 13:36 - 00084792 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
    2015-12-11 12:11 - 2015-12-08 13:36 - 01826608 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
    2015-12-11 12:11 - 2015-10-30 17:00 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
    2015-12-11 12:11 - 2015-12-08 13:36 - 03891504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
    2015-12-11 12:11 - 2015-12-08 13:36 - 01950000 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
    2015-12-11 12:11 - 2015-12-08 13:36 - 00519984 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
    2015-12-11 12:11 - 2015-12-08 13:36 - 00133936 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
    2015-12-11 12:11 - 2015-12-08 13:36 - 00225080 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
    2015-12-11 12:11 - 2015-12-08 13:36 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
    2015-12-11 12:11 - 2015-12-08 13:36 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
    2015-12-11 12:11 - 2015-12-08 13:36 - 00486704 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
    2015-12-11 12:11 - 2015-12-08 13:36 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
    2015-07-07 22:02 - 2015-10-30 17:01 - 00019920 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick.2\qtquick2plugin.dll
    2015-07-07 22:02 - 2015-10-30 17:00 - 00786904 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll
    2015-08-01 18:45 - 2015-10-30 17:00 - 00063448 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Layouts\qquicklayoutsplugin.dll
    2015-07-07 22:02 - 2015-10-30 17:00 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Window.2\windowplugin.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

    There are 7866 more sites.

    IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\123simsen.com -> www.123simsen.com

    There are 7866 more sites.


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3521546551-3123563252-608694627-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Matt\Desktop\Galactica\carina.jpg
    DNS Servers: 192.168.1.254
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    HKLM\...\StartupApproved\Run32: => "LGODDFU"
    HKLM\...\StartupApproved\Run32: => "FlashGamesRockstar"
    HKU\S-1-5-21-3521546551-3123563252-608694627-1001\...\StartupApproved\Run: => "iCloudServices"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [{99653552-2740-4A0A-8B29-7EE97257AA12}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    FirewallRules: [{0F757B8E-21C2-43B9-B86C-4463B66FF786}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
    FirewallRules: [{B33362BB-E669-4EEF-9C38-FC49092CF823}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
    FirewallRules: [{5D1F7E76-D2E6-4F55-A128-44E2EA2EA06C}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
    FirewallRules: [{301DCFD4-F980-4FAD-A9B1-45A160697CB8}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
    FirewallRules: [{E3D22119-1654-42AF-BCD0-B3F697269BB1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{72FCB0D1-2CC8-4820-AEC4-5BC889A4F102}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{125066DC-67E5-411F-B621-8A6903D5B67B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{DCD9183A-2943-4697-A704-A7666A1388CB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [TCP Query User{0D258B23-1380-43BD-96F3-5069C4BF449A}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [UDP Query User{626CEFE1-EE00-4D03-B60A-9507AE49DDB2}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [TCP Query User{5403D72F-ABC9-4B24-AA0B-A6373F41DED8}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [UDP Query User{A5B3357A-EC7A-4B49-BB0B-090A277B3F21}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
    FirewallRules: [{AFD50EB2-E97B-4FB6-ABFD-1AFC1DC5ED97}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{AED42A45-8ACA-4DAC-9040-93AEEAF4F16D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{ED7DE36D-3689-48A4-BD3A-06ACD3E8261D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{DBF4C46A-75B4-42E6-80E3-25387C028192}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{E84C8596-68E2-4205-A56E-1E799D9D3A5D}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
    FirewallRules: [{6C851627-93D6-4981-ADA4-5BB1FB1E65AD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{70AEE643-67FE-41F2-BAB2-5ACA8CC2AC2E}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{36A7B471-4FB0-4E6E-ADD5-6B68B47DC113}] => (Allow) C:\Users\Matt\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{C5E93559-A61D-4C71-B52E-02FB102D2F20}] => (Allow) C:\Users\Matt\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{47CDAA15-4A7A-4138-9427-C729964B34FF}] => (Allow) C:\Users\Matt\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{09C04060-406B-48D9-B2D0-DAE05F649F5D}] => (Allow) C:\Users\Matt\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{8929B2EB-6A31-460F-9F47-3EB596238A79}] => (Allow) C:\Users\Matt\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{1D149978-8EA9-4BE3-AF17-2D012EE8A306}] => (Allow) C:\Users\Matt\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{118B5C0F-EF9B-4F29-ACCB-5440B7051885}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩敷畢敳睜湩敷畢敳攮數
    FirewallRules: [{C12C6DC4-996D-4C21-A951-6BF37147B41C}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶睜湩敷畢敳睜湩敷畢敳⹟硥e
    FirewallRules: [{A59CAA58-7F65-46DC-ABA6-19B3059FA233}] => (Allow) C:\Program Files (x86)\calculate\relation.exe
    FirewallRules: [{E5DB80F6-62F8-4D3C-8F9A-C95D0B5E489D}] => (Allow) C:\Program Files (x86)\calculate\relation.exe
    FirewallRules: [{57558705-8C00-4965-BEAB-C34768411C49}] => (Allow) C:\Program Files (x86)\calculate\getcap.exe
    FirewallRules: [{66F8F495-A939-4337-8848-2D8C518E5545}] => (Allow) C:\Program Files (x86)\calculate\getcap.exe
    FirewallRules: [{3FD19737-FC44-4E2E-AA2A-81FB9963D8FF}] => (Allow) C:\a\winonit.exe
    FirewallRules: [{91BBDE58-7572-4B51-9FAF-6E8ECCC360BF}] => (Allow) C:\a\winonit.exe
    FirewallRules: [{E877F890-6467-4361-A83A-25F23D424BB0}] => (Allow) C:\Program Files (x86)\calculate\blink.exe
    FirewallRules: [{30F4AB01-7994-4661-BE6C-CA9CB8003DE0}] => (Allow) C:\Program Files (x86)\calculate\blink.exe
    FirewallRules: [{EDFBE892-7AB5-4104-9101-C975B7D34F6B}] => (Allow) C:\a\vchk.exe
    FirewallRules: [{7564A95A-4E87-4929-975A-0EF951133572}] => (Allow) C:\a\vchk.exe
    FirewallRules: [{0F41E5AC-6028-432B-855E-5A48BC929748}] => (Allow) C:\a\KBnBW4SghhZJI2gx4Twq-ni-2015-12-18-ni-10924.exe
    FirewallRules: [{B5529140-8682-46F4-A9D3-3FFBE97EACBC}] => (Allow) C:\a\KBnBW4SghhZJI2gx4Twq-ni-2015-12-18-ni-10924.exe
    FirewallRules: [{648FE4A0-6142-4BDE-B503-634A63F9311E}] => (Allow) C:\Program Files (x86)\satisfy\ground.exe
    FirewallRules: [{0DB47783-14CC-45B1-BBD8-1285C1400A2D}] => (Allow) C:\Program Files (x86)\satisfy\ground.exe
    FirewallRules: [{0703132A-D707-404C-83F9-3B25738FAB66}] => (Allow) C:\Program Files (x86)\field\difficult.exe
    FirewallRules: [{D5EABF6F-DE73-4008-8006-A01FCB9AE3A0}] => (Allow) C:\Program Files (x86)\field\difficult.exe
    FirewallRules: [{E7654E57-4CC4-436A-AC36-51C41B923AC3}] => (Allow) C:\Windows\system32\rundll32.exe
    FirewallRules: [{B23C2F55-35BA-4D09-8358-A067299A3748}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{3F9B992B-8072-4A98-958E-88CA25D9F2EF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (12/20/2015 09:47:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program SystemSettings.exe version 6.3.9600.17324 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 1155c

    Start Time: 01d13bb0ab39ce42

    Termination Time: 4294967295

    Application Path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe

    Report Id: 42af908c-a7a6-11e5-82a6-f81654531587

    Faulting package full name: windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy

    Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel

    Error: (12/20/2015 09:46:41 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: ONEPUTER)
    Description: Package windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy+microsoft.windows.immersivecontrolpanel was terminated because it took too long to suspend.

    Error: (12/20/2015 04:39:37 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Application: Explorer.EXE
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: exception code c0000005, exception address 00007FFC342CF5DD

    Error: (12/20/2015 02:45:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: a470

    Start Time: 01d13b6e90187c76

    Termination Time: 4294967295

    Application Path: C:\Windows\system32\backgroundTaskHost.exe

    Report Id: 54876da5-a76b-11e5-82a4-f81654531587

    Faulting package full name: Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nnt

    Faulting package-relative application ID: App

    Error: (12/20/2015 02:40:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 50047

    Error: (12/20/2015 02:40:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 50047

    Error: (12/20/2015 02:40:56 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (12/20/2015 02:39:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 899250

    Error: (12/20/2015 02:39:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 899250

    Error: (12/20/2015 02:39:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second


    System errors:
    =============
    Error: (12/20/2015 05:28:25 PM) (Source: WMPNetworkSvc) (EventID: 14349) (User: )
    Description: 0x80070005

    Error: (12/20/2015 05:28:25 PM) (Source: WMPNetworkSvc) (EventID: 14353) (User: )
    Description: 00x80070005http://+:10243/WMPNSSv4/1257424468/

    Error: (12/20/2015 05:28:25 PM) (Source: WMPNetworkSvc) (EventID: 14349) (User: )
    Description: 0x80070005

    Error: (12/20/2015 05:28:25 PM) (Source: WMPNetworkSvc) (EventID: 14353) (User: )
    Description: 00x80070005http://+:10243/WMPNSSv4/1257424456/

    Error: (12/20/2015 05:28:25 PM) (Source: WMPNetworkSvc) (EventID: 14349) (User: )
    Description: 0x80070005

    Error: (12/20/2015 05:28:25 PM) (Source: WMPNetworkSvc) (EventID: 14353) (User: )
    Description: 00x80070005http://+:10243/WMPNSSv4/1257424468/

    Error: (12/20/2015 05:28:25 PM) (Source: WMPNetworkSvc) (EventID: 14349) (User: )
    Description: 0x80070005

    Error: (12/20/2015 05:28:25 PM) (Source: WMPNetworkSvc) (EventID: 14353) (User: )
    Description: 00x80070005http://+:10243/WMPNSSv4/1257424456/

    Error: (12/20/2015 05:24:55 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has stopped unexpectedly.

    Module Path: C:\Windows\System32\IWMSSvc.dll

    Error: (12/20/2015 05:24:55 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has stopped unexpectedly.

    Module Path: C:\Windows\System32\IWMSSvc.dll


    CodeIntegrity:
    ===================================
    Date: 2015-12-21 18:02:59.970
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-12-20 21:47:04.550
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\ImmersiveControlPanel\SystemSettings.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe that did not meet the Microsoft signing level requirements.

    Date: 2015-12-20 21:28:33.012
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-12-20 20:53:49.311
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-12-20 20:48:04.956
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-12-20 17:41:32.001
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-12-20 17:22:53.882
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-12-20 17:15:53.396
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-12-20 16:59:58.975
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-12-20 16:53:10.455
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz
    Percentage of memory in use: 40%
    Total physical RAM: 8075.16 MB
    Available physical RAM: 4783.19 MB
    Total Virtual: 9355.16 MB
    Available Virtual: 5761.82 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:910.4 GB) (Free:664.17 GB) NTFS ==>[system with boot components (obtained from drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: B118416D)

    Partition: GPT.

    ==================== End of Addition.txt ============================
     
  17. MatCauthon

    MatCauthon TS Rookie Topic Starter Posts: 20

    Also, I forgot to ask: does any of this show why my windows update is non-functioning?
     
  18. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    I'll take a look in our later scans.

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  19. MatCauthon

    MatCauthon TS Rookie Topic Starter Posts: 20

    Fix result of Farbar Recovery Scan Tool (x64) Version:20-12-2015
    Ran by Matt (2015-12-22 17:53:19) Run:2
    Running from C:\Users\Matt\Desktop
    Loaded Profiles: Matt & (Available Profiles: Matt & Sarah)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    ProxyServer: [S-1-5-21-3521546551-3123563252-608694627-1001] => http=127.0.0.1:8877;https=127.0.0.1:8877
    RemoveProxy:
    CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://search.conduit.com/?ctid=CT3321972&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP1DEBDCBC-CD28-4322-B325-1D501BE2EF03&SSPV=","hxxp://search.yahoo.com/?type=599486&fr=spigot-yhp-ch"
    2015-12-21 17:58 - 2015-12-21 17:58 - 0000093 _____ () C:\Users\Matt\AppData\Roaming\sp_data.sys
    C:\Users\Matt\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\Matt\AppData\Local\Temp\sqlite3.dll
    Task: {02E6B53B-D297-4715-A6E5-C76A9AF33172} - System32\Tasks\8841584884158488415848841584 => C:\Program Files (x86)\calculate\relation.exe <==== ATTENTION
    C:\Program Files (x86)\calculate
    Task: {95038D2C-6502-49C8-9A3C-47C69BECFCE6} - System32\Tasks\489059866771480292 => C:\Program Files (x86)\calculate\relation.exe <==== ATTENTION


    *****************

    HKU\S-1-5-21-3521546551-3123563252-608694627-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully

    ========= RemoveProxy: =========

    HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
    HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
    HKU\S-1-5-21-3521546551-3123563252-608694627-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
    HKU\S-1-5-21-3521546551-3123563252-608694627-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
    HKU\S-1-5-21-3521546551-3123563252-608694627-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
    HKU\S-1-5-21-3521546551-3123563252-608694627-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
    HKU\S-1-5-21-3521546551-3123563252-608694627-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
    HKU\S-1-5-21-3521546551-3123563252-608694627-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
    HKU\S-1-5-21-3521546551-3123563252-608694627-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


    ========= End of RemoveProxy: =========

    Chrome StartupUrls => removed successfully
    C:\Users\Matt\AppData\Roaming\sp_data.sys => moved successfully
    C:\Users\Matt\AppData\Local\Temp\dllnt_dump.dll => moved successfully
    C:\Users\Matt\AppData\Local\Temp\sqlite3.dll => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{02E6B53B-D297-4715-A6E5-C76A9AF33172}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02E6B53B-D297-4715-A6E5-C76A9AF33172}" => key removed successfully
    C:\Windows\System32\Tasks\8841584884158488415848841584 => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\8841584884158488415848841584" => key removed successfully
    "C:\Program Files (x86)\calculate" => not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{95038D2C-6502-49C8-9A3C-47C69BECFCE6}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{95038D2C-6502-49C8-9A3C-47C69BECFCE6}" => key removed successfully
    C:\Windows\System32\Tasks\489059866771480292 => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\489059866771480292" => key removed successfully

    ==== End of Fixlog 17:53:25 ====
     
  20. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services

    Press "Scan".
    It will create a log (FSS.txt) in the same directory the tool is run.
    Please copy and paste the log to your reply.


    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    [​IMG] Download Sophos Free Virus Removal Tool and save it to your desktop.
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
     
  21. MatCauthon

    MatCauthon TS Rookie Topic Starter Posts: 20

    Results of screen317's Security Check version 1.009
    x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Spybot - Search and Destroy
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    MVPS Hosts File
    Spybot Anti-Beacon
    Spybot - Search & Destroy
    Java 8 Update 31
    Java version 32-bit out of Date!
    Mozilla Firefox (43.0.1)
    Google Chrome (47.0.2526.106)
    Google Chrome (47.0.2526.80)
    ````````Process Check: objlist.exe by Laurent````````
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbam.exe
    Spybot Teatimer.exe is disabled!
    Malwarebytes Anti-Malware mbamscheduler.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: %
    ````````````````````End of Log``````````````````````


    Farbar Service Scanner Version: 10-06-2014
    Ran by Matt (administrator) on 22-12-2015 at 22:14:01
    Running from "C:\Users\Matt\Desktop"
    Microsoft Windows 8.1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============


    Windows Update:
    ============
    wuauserv Service is not running. Checking service configuration:
    The start type of wuauserv service is OK.
    The ImagePath of wuauserv service is OK.
    The ServiceDll of wuauserv: "C:\Windows\system32\wuaueng.dll".


    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => File is digitally signed
    C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\System32\dhcpcore.dll => File is digitally signed
    C:\Windows\System32\drivers\afd.sys => File is digitally signed
    C:\Windows\System32\drivers\tdx.sys => File is digitally signed
    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\System32\dnsrslvr.dll => File is digitally signed
    C:\Windows\System32\mpssvc.dll => File is digitally signed
    C:\Windows\System32\bfe.dll => File is digitally signed
    C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\System32\wscsvc.dll => File is digitally signed
    C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\System32\wuaueng.dll => File is digitally signed
    C:\Windows\System32\qmgr.dll => File is digitally signed
    C:\Windows\System32\es.dll => File is digitally signed
    C:\Windows\System32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
    C:\Windows\System32\ipnathlp.dll => File is digitally signed
    C:\Windows\System32\iphlpsvc.dll => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed


    **** End of log ****

    Sophos read as clean.
     
  22. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Update your Java version here: http://www.java.com/en/download/manual.jsp
    Alternate download: http://www.filehippo.com/search?q=java

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
    Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

    =====================================

    Your computer is clean [​IMG]

    1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download [​IMG]DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:
    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.

    2. Make sure Windows Updates are current.

    3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    4. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    11. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
    About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

    12. Please, let me know, how your computer is doing.
     
  23. MatCauthon

    MatCauthon TS Rookie Topic Starter Posts: 20

    Forgive the delay in reply... busy time, of course.
    Everything appears to be running well now. Thank you so much for your time and effort! I have successfully removed all old cleaning materials and re-acquired the above mentioned cleaners and checkers.
    However, my windows update is still non-functioning/existent. From my reasonably informed googling, I appear to have a missing or corrupt .dll of some sort. I have, in the past tried the internal troubleshooting fixer and downloaded the windows tools as well, to no avail. I will be attempting to work on this the remainder of the evening. I have also joined the group over at SmartestComputing and hope to learn more in general there.
    Thanks!
     
  24. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Download Windows Repair (All in One) from this site

    Install the program then run it.

    NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
    NOTE 2. Disable your antivirus program before running Windows Repair.


    Go to Step 3 and click on Check button next to 1. See If Check Disk Is Needed.
    If the tool that the Check Disk is needed click on Do It button next to 2. Check Disk.
    In that case make sure you restart computer.

    [​IMG]


    Once the above is done go to Step 4 and allow it to run System File Check by clicking on Do It button:

    [​IMG]


    Go to Step 5 and under "System Restore" click on Create button:

    [​IMG]


    Go to Repairs tab and click Open Repairs button.

    [​IMG]

    In next window....
    Leave all checkmarks as they're.
    Click on Start Repairs button.

    [​IMG]

    Post Windows Repair log which is located in the following folder:
    64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
    32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs

    Post fresh FSS log as well.
     
  25. MatCauthon

    MatCauthon TS Rookie Topic Starter Posts: 20

    Tweaking.com - Windows Repair v3.7.3
    --------------------------------------------------------------------------------

    System Variables
    --------------------------------------------------------------------------------
    OS: Windows 8.1
    OS Architecture: 64-bit
    OS Version: 6.3.9600
    OS Service Pack:
    Computer Name: ONEPUTER
    Windows Drive: C:\
    Windows Path: C:\Windows
    Program Files: C:\Program Files
    Program Files (x86): C:\Program Files (x86)
    Current Profile: C:\Users\Matt
    Current Profile SID: S-1-5-21-3521546551-3123563252-608694627-1001
    Current Profile Classes: S-1-5-21-3521546551-3123563252-608694627-1001_Classes
    Profiles Location: C:\Users
    Profiles Location 2: C:\Windows\ServiceProfiles
    Local Settings AppData: C:\Users\Matt\AppData\Local
    --------------------------------------------------------------------------------

    System Information
    --------------------------------------------------------------------------------
    System Up Time: 0 Days 00:10:26

    Process Count: 112
    Commit Total: 2.78 GB
    Commit Limit: 9.14 GB
    Commit Peak: 2.97 GB
    Handle Count: 38255
    Kernel Total: 387.41 MB
    Kernel Paged: 227.58 MB
    Kernel Non Paged: 159.83 MB
    System Cache: 3.81 GB
    Thread Count: 1328
    --------------------------------------------------------------------------------

    Memory Before Cleaning with CleanMem
    --------------------------------------------------------------------------------
    Memory Total: 7.89 GB
    Memory Used: 2.41 GB(30.5294%)
    Memory Avail.: 5.48 GB
    --------------------------------------------------------------------------------

    Cleaning Memory Before Starting Repairs...

    Memory After Cleaning with CleanMem
    --------------------------------------------------------------------------------
    Memory Total: 7.89 GB
    Memory Used: 1.95 GB(24.7756%)
    Memory Avail.: 5.93 GB
    --------------------------------------------------------------------------------

    Starting Repairs...
    Started at (12/26/2015 9:18:16 AM)

    Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
    Total Missing 'InstallDate' Fixed: 61
    01 - Reset Registry Permissions
    Restore Windows 7/8/10 Default Registry Permissions
    Start (12/26/2015 9:18:54 AM)


    Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\8\hku.7z
    Done, 0.27 seconds.


    Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\8\hklm.7z
    Done, 2.66 seconds.

    Running Repair Under System Account
    Done (12/26/2015 9:22:45 AM)

    02 - Reset File Permissions: C:
    C: & Sub Folders
    Start (12/26/2015 9:22:45 AM)

    Running Repair Under Current User Account
    Done (12/26/2015 9:37:17 AM)

    02 - Reset File Permissions
    Restore Windows 7/8/10 Default File Permissions
    Start (12/26/2015 9:37:17 AM)


    Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\8\default.7z
    Done, 0.14 seconds.


    Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\8\profile.7z
    Done, 0.18 seconds.


    Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\8\program_files.7z
    Done, 0.32 seconds.


    Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\8\program_files_x86.7z
    Done, 0.14 seconds.


    Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\8\programdata.7z
    Done, 0.21 seconds.


    Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\8\windows.7z
    Done, 2.0 seconds.

    Running Repair Under Current User Account
    Done (12/26/2015 9:43:33 AM)

    02 - Reset File Permissions: Cleanup
    Repairing Restricted Folders Permissions To Avoid Infinite Loops
    Start (12/26/2015 9:43:33 AM)

    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (12/26/2015 9:43:56 AM)

    03 - Reset Service Permissions
    Start (12/26/2015 9:43:56 AM)

    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (12/26/2015 9:55:00 AM)

    04 - Register System Files
    Start (12/26/2015 9:55:01 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (12/26/2015 10:30:26 AM)

    05 - Repair WMI
    Start (12/26/2015 10:30:26 AM)

    Starting Security Center So We Can Export The Security Info.

    Exporting Antivirus Info...
    Spybot - Search and Destroy Exported.

    Exporting AntiSpyware Info...
    Spybot - Search and Destroy Exported.

    Exporting 3rd Party Firewall Info...
    No Firewall Products Reported.

    Running Repair Under Current User Account
    Done (12/26/2015 10:52:55 AM)

    06 - Repair Windows Firewall
    Start (12/26/2015 10:52:55 AM)

    Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\8\services.7z
    Done, 0.27 seconds.

    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (12/26/2015 10:54:57 AM)

    07 - Repair Internet Explorer
    Start (12/26/2015 10:54:57 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (12/26/2015 11:35:04 AM)

    08 - Repair MDAC/MS Jet
    Start (12/26/2015 11:35:04 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (12/26/2015 11:41:50 AM)

    09 - Repair Hosts File
    Start (12/26/2015 11:41:50 AM)
    Running Repair Under System Account
    Done (12/26/2015 11:41:57 AM)

    10 - Remove Policies Set By Infections
    Start (12/26/2015 11:41:57 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (12/26/2015 11:44:49 AM)

    11 - Repair Start Menu Icons Removed By Infections
    Start (12/26/2015 11:44:49 AM)
    Running Repair Under System Account
    Done (12/26/2015 11:45:09 AM)

    12 - Repair Icons
    Start (12/26/2015 11:45:09 AM)
    Running Repair Under Current User Account
    Done (12/26/2015 11:45:23 AM)

    13 - Repair Network
    Start (12/26/2015 11:45:23 AM)

    Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\8\services.7z
    Done, 0.25 seconds.

    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (12/26/2015 11:47:15 AM)

    14 - Remove Temp Files
    Start (12/26/2015 11:47:15 AM)
    Running Repair Under System Account
    Done (12/26/2015 11:47:24 AM)

    15 - Repair Proxy Settings
    Start (12/26/2015 11:47:24 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (12/26/2015 11:47:38 AM)

    17 - Repair Windows Updates
    Start (12/26/2015 11:47:38 AM)

    Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\8\services.7z
    Done, 0.16 seconds.

    Running Repair Under Current User Account
    Running Repair Under System Account
    Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
    Done (12/26/2015 12:02:44 PM)

    18 - Repair CD/DVD Missing/Not Working
    Start (12/26/2015 12:02:44 PM)
    iTunes and GEARAspiWDM.sys was found, adding UpperFilters for iTunes Reg Key
    UpperFilters added?: True
    Done (12/26/2015 12:02:44 PM)

    19 - Repair Volume Shadow Copy Service
    Start (12/26/2015 12:02:44 PM)

    Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\8\services.7z
    Done, 0.18 seconds.

    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (12/26/2015 12:05:51 PM)

    20 - Repair Windows Sidebar/Gadgets
    Start (12/26/2015 12:05:51 PM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (12/26/2015 12:06:43 PM)

    21 - Repair MSI (Windows Installer)
    Start (12/26/2015 12:06:43 PM)

    Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\8\services.7z
    Done, 0.16 seconds.

    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (12/26/2015 12:07:53 PM)

    22 - Repair Windows Snipping Tool
    Start (12/26/2015 12:07:53 PM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (12/26/2015 12:08:04 PM)

    23.01 - Repair bat Association
    Start (12/26/2015 12:08:04 PM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (12/26/2015 12:08:16 PM)

    23.02 - Repair cmd Association
    Start (12/26/2015 12:08:16 PM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (12/26/2015 12:08:29 PM)

    23.03 - Repair com Association
    Start (12/26/2015 12:08:30 PM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (12/26/2015 12:08:42 PM)

    23.04 - Repair Directory Association
    Start (12/26/2015 12:08:42 PM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (12/26/2015 12:08:56 PM)

    23.05 - Repair Drive Association
    Start (12/26/2015 12:08:56 PM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (12/26/2015 12:09:08 PM)

    23.06 - Repair exe Association
    Start (12/26/2015 12:09:08 PM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (12/26/2015 12:09:20 PM)

    23.07 - Repair Folder Association
    Start (12/26/2015 12:09:20 PM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (12/26/2015 12:09:33 PM)

    23.08 - Repair inf Association
    Start (12/26/2015 12:09:33 PM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (12/26/2015 12:09:44 PM)

    23.09 - Repair lnk (Shortcuts) Association
    Start (12/26/2015 12:09:44 PM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (12/26/2015 12:10:00 PM)

    23.10 - Repair msc Association
    Start (12/26/2015 12:10:00 PM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (12/26/2015 12:10:11 PM)

    23.11 - Repair reg Association
    Start (12/26/2015 12:10:11 PM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (12/26/2015 12:10:23 PM)

    23.12 - Repair scr Association
    Start (12/26/2015 12:10:23 PM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (12/26/2015 12:10:36 PM)

    24 - Repair Windows Safe Mode
    Start (12/26/2015 12:10:36 PM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (12/26/2015 12:10:50 PM)

    25 - Repair Print Spooler
    Start (12/26/2015 12:10:50 PM)

    Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\8\services.7z
    Done, 0.16 seconds.

    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (12/26/2015 12:11:44 PM)

    26 - Restore Important Windows Services
    Start (12/26/2015 12:11:44 PM)

    Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\8\services.7z
    Done, 0.17 seconds.

    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (12/26/2015 12:17:13 PM)

    27 - Set Windows Services To Default Startup
    Start (12/26/2015 12:17:14 PM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (12/26/2015 12:27:30 PM)

    28.01 - Repair Windows 8/10 App Store
    Start (12/26/2015 12:27:30 PM)

    Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\8\hku.7z
    Done, 0.25 seconds.

    Running Repair Under Current User Account
    Done (12/26/2015 12:33:33 PM)

    29 - Repair Windows 8/10 Component Store
    Start (12/26/2015 12:33:33 PM)
    Running Repair Under Current User Account
    Done (12/26/2015 1:07:03 PM)

    30 - Restore Windows 8/10 COM+ Unmarshalers
    Start (12/26/2015 1:07:03 PM)
    Running Repair Under System Account
    [X] -----Job Complete----- Items Done: 1
    Done (12/26/2015 1:07:22 PM)

    31 - Repair Windows 'New' Submenu
    Start (12/26/2015 1:07:22 PM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (12/26/2015 1:07:34 PM)

    32 - Restore UAC (User Account Control) Settings
    Start (12/26/2015 1:07:34 PM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (12/26/2015 1:07:47 PM)

    33 - Repair Performance Counters
    Start (12/26/2015 1:07:47 PM)
    Running Repair Under Current User Account
    Done (12/26/2015 1:07:56 PM)

    Cleaning up empty logs...

    All Selected Repairs Done.
    Done at (12/26/2015 1:07:56 PM)
    Total Repair Time: 03:49:43


    ...YOU MUST RESTART YOUR SYSTEM...

    Farbar Service Scanner Version: 10-06-2014
    Ran by Matt (administrator) on 26-12-2015 at 13:23:06
    Running from "C:\Users\Matt\Desktop"
    Microsoft Windows 8.1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is OK.
    The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => File is digitally signed
    C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\System32\dhcpcore.dll => File is digitally signed
    C:\Windows\System32\drivers\afd.sys => File is digitally signed
    C:\Windows\System32\drivers\tdx.sys => File is digitally signed
    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\System32\dnsrslvr.dll => File is digitally signed
    C:\Windows\System32\mpssvc.dll => File is digitally signed
    C:\Windows\System32\bfe.dll => File is digitally signed
    C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\System32\wscsvc.dll => File is digitally signed
    C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\System32\wuaueng.dll => File is digitally signed
    C:\Windows\System32\qmgr.dll => File is digitally signed
    C:\Windows\System32\es.dll => File is digitally signed
    C:\Windows\System32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
    C:\Windows\System32\ipnathlp.dll => File is digitally signed
    C:\Windows\System32\iphlpsvc.dll => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed


    **** End of log ****
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...