Jump to content


Photo

Windows 10 laptop can't seem to get clean and stay clean


  • Please log in to reply
6 replies to this topic

#1 webbrian

webbrian

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 25 January 2017 - 11:25 PM

My son appears to have gotten his laptop infected. I've been able to find and quarantine multiple problems using Malwarebytes, ESET, Spybot S&D, etc. However, new issues keep coming back. Hoping you guys can help me find the open window and get it clean once and for all. The computer is occasionally sluggish and sometimes produces unwanted pop-ups. The symptoms vary as different threats come and go. Thank you for your help! I've read the FAQ and believe I've taken the requested steps below:

 

Malware Bytes log (note, I just ran MB again tonight and it found 0 threats. But this is the log from yesterday where I did find new threats):

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 1/24/2017
Scan Time: 8:32 PM
Logfile: mbam.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2017.01.25.01
Rootkit Database: v2016.11.20.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: Cummins
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 360034
Time Elapsed: 21 min, 8 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 3
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E, Quarantined, [2aeb99e78a1e40f6f16bbeeb9172d729], 
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E, Quarantined, [d63f344ca800bb7bd8849d0cf60dcf31], 
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{CE1DF3BF}, Quarantined, [868f4c349d0b2511a2bc684143c0b64a], 
 
Registry Values: 5
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{ce1df3bf}|1, 1485296451, Quarantined, [868f4c349d0b2511a2bc684143c0b64a]
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{1616c5c1-3f1d-4e8a-a77d-035a251955dd}|NameServer, 82.163.143.176 82.163.142.178, Quarantined, [5db86917c8e080b69ab6b8f1a45fd32d]
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{b9f7ddab-b31d-4ccb-8ddf-df6cdcd9a7a2}|NameServer, 82.163.143.176 82.163.142.178, Quarantined, [15003f413e6ace68440ce2c7719234cc]
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{bb8cef29-c31b-4f6f-8b6c-665c4b3289ad}|NameServer, 82.163.143.176 82.163.142.178, Quarantined, [bd58eb95684088ae79d70d9cd231af51]
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{e4cf5d15-ee7a-436c-91dd-7281fc95da49}|NameServer, 82.163.143.176 82.163.142.178, Quarantined, [32e3fb85198f9a9ce56b2a7f709307f9]
 
Registry Data: 1
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NameServer, 82.163.143.176 82.163.142.178, Good: (8.8.8.8), Bad: (82.163.143.176 82.163.142.178),Replaced,[57beccb4218706304b2124d751b234cc]
 
Folders: 0
(No malicious items detected)
 
Files: 3
Adware.DNSUnlocker.ACMB2, C:\Users\Cummins\AppData\Local\Temp\{00089d4b}, Quarantined, [34e1b6cac5e324120f71a815de22cd33], 
Adware.Adposhel, C:\ProgramData\ce1df3bf\d25a9d6e.dll, Quarantined, [4acb17699e0aed493fe0944c03fd916f], 
Adware.Adposhel, C:\ProgramData\{3D5C6E15-8AF7-D9BE-83C3-88512914F5AE}\168A4DAA-A121-FA01-8161-24BE0C99D47F.exe, Delete-on-Reboot, [64b1d7a9b0f83bfb07fd354ed03024dc], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
FRST log:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-01-2017 01
Ran by Cummins (administrator) on REIDS-LAPPY-TAP (25-01-2017 22:14:49)
Running from C:\Users\Cummins\Downloads
Loaded Profiles: Cummins &  (Available Profiles: Cummins & umbel)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
() C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Scarlet.Crush Productions) C:\Program Files\Scarlet.Crush Productions\ScpServer\bin\ScpService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(© 2015 Microsoft Corporation) C:\Users\Cummins\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\CastSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26142864 2017-01-18] (Dropbox, Inc.)
HKLM-x32\...\Run: [Adobe Photo Downloader] => C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe [67488 2007-09-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-12-09] (Apple Inc.)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [] => 0
HKU\S-1-5-21-3262500836-2734221747-2499848716-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-18] (Valve Corporation)
HKU\S-1-5-21-3262500836-2734221747-2499848716-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27230168 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-3262500836-2734221747-2499848716-1001\...\Run: [BingSvc] => C:\Users\Cummins\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2016-02-05] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-3262500836-2734221747-2499848716-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-18] (Valve Corporation)
HKU\S-1-5-21-3262500836-2734221747-2499848716-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27230168 2016-11-15] (Skype Technologies S.A.)
HKU\S-1-5-21-3262500836-2734221747-2499848716-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [BingSvc] => C:\Users\Cummins\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2016-02-05] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-3262500836-2734221747-2499848716-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [] => 0
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-08-19]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{b9f7ddab-b31d-4ccb-8ddf-df6cdcd9a7a2}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{bb8cef29-c31b-4f6f-8b6c-665c4b3289ad}: [DhcpNameServer] 82.163.143.176
Tcpip\..\Interfaces\{e4cf5d15-ee7a-436c-91dd-7281fc95da49}: [DhcpNameServer] 82.163.143.176
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3262500836-2734221747-2499848716-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3262500836-2734221747-2499848716-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131184319527371608&GUID=78FFE4BF-0C73-4019-BA9B-117D20E4AA2E
HKU\S-1-5-21-3262500836-2734221747-2499848716-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SK2D&ocid=SK2DDHP&osmkt=en-us
HKU\S-1-5-21-3262500836-2734221747-2499848716-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SK2D&ocid=SK2DDHP&osmkt=en-us
HKU\S-1-5-21-3262500836-2734221747-2499848716-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-12-10] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-10] (Oracle Corporation)
 
FireFox:
========
FF DefaultProfile: mdrubs6p.default
FF ProfilePath: C:\Users\Cummins\AppData\Roaming\Mozilla\Firefox\Profiles\mdrubs6p.default [2017-01-25]
FF NewTab: Mozilla\Firefox\Profiles\mdrubs6p.default -> about:newtab
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\mdrubs6p.default -> Bing 
FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\mdrubs6p.default -> Bing 
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\mdrubs6p.default -> Bing 
FF Homepage: Mozilla\Firefox\Profiles\mdrubs6p.default -> hxxp://www.msn.com/?pc=SK2D&ocid=SK2DDHP&osmkt=en-us
www.google.com
FF Keyword.URL: Mozilla\Firefox\Profiles\mdrubs6p.default -> hxxp://www.bing.com/search?FORM=SK2DDF&PC=SK2D&q=
FF Extension: (Bing Search) - C:\Users\Cummins\AppData\Roaming\Mozilla\Firefox\Profiles\mdrubs6p.default\Extensions\bingsearch.full@microsoft.com.xpi [2016-02-05]
FF Extension: (Firefox Hotfix) - C:\Users\Cummins\AppData\Roaming\Mozilla\Firefox\Profiles\mdrubs6p.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-12-23]
FF SearchPlugin: C:\Users\Cummins\AppData\Roaming\Mozilla\Firefox\Profiles\mdrubs6p.default\searchplugins\bing-.xml [2016-02-05]
FF Extension: (Skype) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-04-29]
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-12-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-10] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-3262500836-2734221747-2499848716-1001: @nsroblox.roblox.com/launcher -> C:\Users\Cummins\AppData\Local\Roblox\Versions\version-26a546068c9d4f7a\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-3262500836-2734221747-2499848716-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\Cummins\AppData\Local\Roblox\Versions\version-26a546068c9d4f7a\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-3262500836-2734221747-2499848716-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @nsroblox.roblox.com/launcher -> C:\Users\Cummins\AppData\Local\Roblox\Versions\version-26a546068c9d4f7a\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-3262500836-2734221747-2499848716-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @nsroblox.roblox.com/launcher64 -> C:\Users\Cummins\AppData\Local\Roblox\Versions\version-26a546068c9d4f7a\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR Profile: C:\Users\Cummins\AppData\Local\Google\Chrome\User Data\Default [2017-01-25]
CHR Extension: (Google Slides) - C:\Users\Cummins\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-16]
CHR Extension: (Pro Mode for YouTube Video Editor) - C:\Users\Cummins\AppData\Local\Google\Chrome\User Data\Default\Extensions\aenmbapdfjdkanhfppdmmdipakgacanp [2016-12-18]
CHR Extension: (Google Docs) - C:\Users\Cummins\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-16]
CHR Extension: (Google Drive) - C:\Users\Cummins\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-25]
CHR Extension: (YouTube) - C:\Users\Cummins\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Google Search) - C:\Users\Cummins\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02]
CHR Extension: (Google Sheets) - C:\Users\Cummins\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-16]
CHR Extension: (Google Docs Offline) - C:\Users\Cummins\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]
CHR Extension: (Pixlr Editor) - C:\Users\Cummins\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmaknaampgiegkcjlimdiidlhopknpk [2017-01-21]
CHR Extension: (Google Street View Movie Maker) - C:\Users\Cummins\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpbfkbjcggfcdooobdfpacdabodogedh [2017-01-10]
CHR Extension: (Star Trek USS ENTERPRISE NCC 1701-E) - C:\Users\Cummins\AppData\Local\Google\Chrome\User Data\Default\Extensions\lojcphfdgpombpjbaphohhfalnbpjlpf [2017-01-10]
CHR Extension: (CatBlock) - C:\Users\Cummins\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdcgnhlfpnbeieiiccmebgkfdebafodo [2017-01-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Cummins\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Gmail) - C:\Users\Cummins\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-16]
CHR Extension: (Chrome Media Router) - C:\Users\Cummins\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-17]
CHR Profile: C:\Users\Cummins\AppData\Local\Google\Chrome\User Data\System Profile [2017-01-14]
CHR HKU\S-1-5-21-3262500836-2734221747-2499848716-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3262500836-2734221747-2499848716-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeActiveFileMonitor6.0; C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [124832 2007-09-10] ()
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46400 2017-01-03] (Dropbox, Inc.)
R2 Ds3Service; C:\Program Files\Scarlet.Crush Productions\ScpServer\bin\ScpService.exe [381952 2014-03-13] (Scarlet.Crush Productions) [File not signed]
R2 esifsvc; C:\WINDOWS\SysWoW64\esif_uf.exe [1394360 2015-08-12] (Intel Corporation)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2015-07-21] (Macrovision Europe Ltd.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ATP; C:\WINDOWS\System32\drivers\AsusTP.sys [101368 2015-12-14] (ASUS Corporation)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [55816 2015-08-12] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [53752 2015-08-12] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [261624 2015-08-12] (Intel Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2017-01-25] (Malwarebytes)
R1 MpKsl51952e40; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EB7E1693-0B63-417A-BFC7-E3CC10F0D788}\MpKsl51952e40.sys [44928 2017-01-25] (Microsoft Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 XSplit_Dummy; C:\WINDOWS\system32\drivers\xspltspk.sys [26200 2015-05-25] (SplitmediaLabs Limited)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-01-10] (Zemana Ltd.)
S3 dbx; system32\DRIVERS\dbx.sys [X]
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-25 22:14 - 2017-01-25 22:15 - 00022242 _____ C:\Users\Cummins\Downloads\FRST.txt
2017-01-25 22:14 - 2017-01-25 22:14 - 00000000 ____D C:\FRST
2017-01-25 22:08 - 2017-01-25 22:08 - 00899072 _____ C:\Users\Cummins\Downloads\RGSA.exe
2017-01-25 22:07 - 2017-01-25 22:14 - 02420736 _____ (Farbar) C:\Users\Cummins\Downloads\FRST64.exe
2017-01-25 22:07 - 2017-01-25 22:07 - 00003155 _____ C:\Users\Cummins\Desktop\mbam.txt
2017-01-25 16:03 - 2017-01-25 16:04 - 01991485 _____ C:\Users\Cummins\Downloads\OptiFine_1.11.2_HD_U_B6.jar
2017-01-25 15:27 - 2017-01-25 19:43 - 00001081 _____ C:\Users\Cummins\Desktop\nativelog.txt
2017-01-24 16:21 - 2017-01-25 15:26 - 00000000 ____D C:\ProgramData\{3D5C6E15-8AF7-D9BE-83C3-88512914F5AE}
2017-01-24 16:21 - 2017-01-24 16:21 - 00003976 _____ C:\WINDOWS\System32\Tasks\{A5A5DE2C-120E-6987-7E3F-3F017597896B}
2017-01-24 15:15 - 2017-01-24 15:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-01-22 20:23 - 2017-01-22 20:23 - 05916672 _____ C:\Users\Cummins\Documents\stuff is cool.mpg
2017-01-22 20:23 - 2017-01-22 20:23 - 00002933 _____ C:\Users\Cummins\Documents\stuff is cool.xmp
2017-01-22 13:04 - 2017-01-22 13:04 - 00000000 ____D C:\Users\Cummins\Documents\Adobe
2017-01-22 12:58 - 2017-01-22 12:58 - 00002230 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Elements 4.0.lnk
2017-01-22 12:58 - 2017-01-22 12:58 - 00002218 _____ C:\Users\Public\Desktop\Adobe Premiere Elements 4.0.lnk
2017-01-22 12:58 - 2017-01-22 12:58 - 00000000 ____D C:\Users\Public\Documents\Adobe PDF
2017-01-21 19:54 - 2017-01-21 19:54 - 00000085 _____ C:\WINDOWS\wininit.ini
2017-01-21 19:32 - 2017-01-21 19:32 - 00000166 _____ C:\Users\Cummins\Downloads\cc_20170121_193159.reg
2017-01-21 19:31 - 2017-01-21 19:31 - 00071136 _____ C:\Users\Cummins\Downloads\cc_20170121_193101.reg
2017-01-21 18:12 - 2017-01-21 18:12 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2017-01-21 17:59 - 2017-01-21 18:17 - 00000000 ____D C:\ProgramData\HitmanPro
2017-01-21 17:55 - 2017-01-21 17:58 - 11581544 _____ (SurfRight B.V.) C:\Users\Cummins\Downloads\hitmanpro_x64.exe
2017-01-21 17:47 - 2017-01-21 19:18 - 00000000 ____D C:\Users\Cummins\AppData\Local\ESET
2017-01-21 17:47 - 2017-01-21 17:47 - 06771840 _____ (ESET spol. s r.o.) C:\Users\Cummins\Downloads\esetonlinescanner_enu.exe
2017-01-21 16:20 - 2017-01-21 19:12 - 00000000 ____D C:\ProgramData\{8F1C4E42-38B7-F9E9-9275-0EF6757A29E1}
2017-01-21 16:20 - 2017-01-21 16:20 - 00003976 _____ C:\WINDOWS\System32\Tasks\{87BFDAC0-3014-6D6B-9DEF-5A364B8EF065}
2017-01-21 08:28 - 2017-01-21 19:12 - 00000000 ____D C:\ProgramData\{6E31BBE4-D99A-0C4F-3C14-EC61FE64457B}
2017-01-21 08:28 - 2017-01-21 08:28 - 00003976 _____ C:\WINDOWS\System32\Tasks\{DB54C500-6CFF-72AB-0737-DA72A5E75ECE}
2017-01-21 00:20 - 2017-01-21 19:12 - 00000000 ____D C:\ProgramData\{FC4851B6-4BE3-E61D-FDDC-448044F1AD46}
2017-01-21 00:20 - 2017-01-21 00:20 - 00003976 _____ C:\WINDOWS\System32\Tasks\{E63E20A4-5195-970F-3015-21E1BDD4234F}
2017-01-20 15:00 - 2017-01-20 15:07 - 00001291 _____ C:\Users\Cummins\Desktop\ROBLOX Studio.lnk
2017-01-20 15:00 - 2015-08-27 18:23 - 07942144 _____ (ChbShoot.me) C:\Users\Cummins\Desktop\TerrariaInvEdit.572.exe
2017-01-20 15:00 - 2015-08-25 19:02 - 00000222 _____ C:\Users\Cummins\Desktop\Terraria.url
2017-01-20 14:58 - 2016-06-29 16:58 - 01247624 _____ (Mojang) C:\Users\Cummins\Desktop\Minecraft - Copy.exe
2017-01-20 14:57 - 2017-01-25 15:27 - 00000000 ____D C:\Users\Cummins\Desktop\game
2017-01-20 11:28 - 2017-01-20 16:21 - 00000000 ____D C:\Users\Cummins\Desktop\GAMES NOT FOR SCHOOL!
2017-01-19 20:51 - 2013-08-22 07:25 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170119-205157.backup
2017-01-14 22:07 - 2016-12-21 02:08 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-01-14 22:07 - 2016-12-21 02:08 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-01-14 22:07 - 2016-12-21 02:04 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-01-14 22:07 - 2016-12-21 01:49 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-01-14 22:07 - 2016-12-21 01:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-01-14 22:07 - 2016-12-21 01:43 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-01-14 22:07 - 2016-12-21 01:43 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-01-14 22:07 - 2016-12-21 01:43 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-01-14 22:07 - 2016-12-21 01:43 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-01-14 22:07 - 2016-12-21 01:42 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-01-14 22:07 - 2016-12-21 01:42 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-01-14 22:07 - 2016-12-21 01:42 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-01-14 22:07 - 2016-12-21 01:42 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-01-14 22:07 - 2016-12-21 01:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-01-14 22:07 - 2016-12-21 01:41 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-14 22:07 - 2016-12-21 01:37 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-01-14 22:07 - 2016-12-21 01:15 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-14 22:07 - 2016-12-21 01:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-01-14 22:07 - 2016-12-21 01:13 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2017-01-14 22:07 - 2016-12-21 01:12 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2017-01-14 22:07 - 2016-12-21 01:10 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2017-01-14 22:07 - 2016-12-21 01:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-01-14 22:07 - 2016-12-21 01:09 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-01-14 22:07 - 2016-12-21 01:08 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-01-14 22:07 - 2016-12-21 01:08 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-01-14 22:07 - 2016-12-21 01:08 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-01-14 22:07 - 2016-12-21 01:08 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-01-14 22:07 - 2016-12-21 01:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-14 22:07 - 2016-12-21 01:08 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-01-14 22:07 - 2016-12-21 01:07 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-01-14 22:07 - 2016-12-21 01:06 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-01-14 22:07 - 2016-12-21 01:06 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-01-14 22:07 - 2016-12-21 01:06 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-01-14 22:07 - 2016-12-21 01:06 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-01-14 22:07 - 2016-12-21 01:05 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-01-14 22:07 - 2016-12-21 01:05 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-01-14 22:07 - 2016-12-21 01:05 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-01-14 22:07 - 2016-12-21 01:01 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-01-14 22:07 - 2016-12-21 01:00 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2017-01-14 22:07 - 2016-12-21 00:59 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-01-14 22:07 - 2016-12-21 00:59 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-01-14 22:07 - 2016-12-21 00:58 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-01-14 22:07 - 2016-12-21 00:57 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2017-01-14 22:07 - 2016-12-21 00:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-01-14 22:07 - 2016-12-21 00:56 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-01-14 22:07 - 2016-12-21 00:55 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-14 22:07 - 2016-12-21 00:55 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-01-14 22:07 - 2016-12-21 00:54 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2017-01-14 22:07 - 2016-12-21 00:53 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-01-14 22:07 - 2016-12-21 00:53 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-01-14 22:07 - 2016-12-21 00:53 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-01-14 22:07 - 2016-12-21 00:51 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-01-14 22:07 - 2016-12-21 00:51 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-01-14 22:07 - 2016-12-21 00:51 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-01-14 22:07 - 2016-12-21 00:50 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-01-14 22:07 - 2016-12-21 00:49 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-01-14 22:07 - 2016-12-21 00:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-01-14 22:07 - 2016-12-21 00:49 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-01-14 22:07 - 2016-12-21 00:47 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-01-14 22:07 - 2016-12-20 23:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2017-01-14 22:07 - 2016-12-20 23:09 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-01-14 22:07 - 2016-12-20 23:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-01-14 22:07 - 2016-12-20 23:02 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-01-14 22:07 - 2016-12-20 23:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-01-14 22:07 - 2016-12-20 23:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-01-14 22:07 - 2016-12-20 23:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-01-14 22:07 - 2016-12-20 23:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-01-14 22:07 - 2016-12-20 23:01 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-01-14 22:07 - 2016-12-20 22:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2017-01-14 22:07 - 2016-12-20 22:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-01-14 22:07 - 2016-12-20 22:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2017-01-14 22:07 - 2016-12-20 22:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-14 22:07 - 2016-12-20 22:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-01-14 22:07 - 2016-12-20 22:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2017-01-14 22:07 - 2016-12-20 22:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-01-14 22:07 - 2016-12-20 22:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-01-14 22:07 - 2016-12-20 22:39 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-01-14 22:07 - 2016-12-20 22:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-01-14 22:07 - 2016-12-20 22:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2017-01-14 22:07 - 2016-12-20 22:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-01-14 22:07 - 2016-12-20 22:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-01-14 22:07 - 2016-12-20 22:34 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-01-14 22:07 - 2016-12-20 22:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-01-14 22:07 - 2016-12-20 22:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-01-14 22:07 - 2016-12-20 22:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2017-01-14 22:07 - 2016-12-20 22:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-01-14 22:07 - 2016-12-20 22:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-01-14 22:07 - 2016-12-20 22:26 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2017-01-14 22:07 - 2016-12-20 22:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-01-14 22:07 - 2016-12-20 22:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-01-14 22:07 - 2016-12-20 22:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-01-14 22:07 - 2016-12-20 22:24 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-01-14 22:07 - 2016-12-20 22:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-01-14 22:07 - 2016-12-20 22:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-01-14 22:07 - 2016-12-20 22:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-01-14 22:07 - 2016-12-20 22:22 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-01-14 22:07 - 2016-12-13 23:41 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-01-14 22:07 - 2016-12-13 23:41 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-01-14 22:07 - 2016-12-13 23:34 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-01-14 22:07 - 2016-12-13 23:33 - 01356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-01-14 22:07 - 2016-12-13 23:23 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-01-14 22:07 - 2016-12-13 23:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2017-01-14 22:07 - 2016-12-13 23:19 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-01-14 22:07 - 2016-12-13 23:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-01-14 22:07 - 2016-12-13 23:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-01-14 22:07 - 2016-12-13 23:17 - 00319288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-01-14 22:07 - 2016-12-13 23:14 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-01-14 22:07 - 2016-12-13 23:14 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2017-01-14 22:07 - 2016-12-13 23:14 - 00089416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-01-14 22:07 - 2016-12-13 23:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-01-14 22:07 - 2016-12-13 23:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-01-14 22:07 - 2016-12-13 23:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-01-14 22:07 - 2016-12-13 23:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2017-01-14 22:07 - 2016-12-13 23:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2017-01-14 22:07 - 2016-12-13 22:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-01-14 22:07 - 2016-12-13 22:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-01-14 22:07 - 2016-12-13 22:46 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-01-14 22:07 - 2016-12-13 22:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-01-14 22:07 - 2016-12-13 22:43 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-01-14 22:07 - 2016-12-13 22:42 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-01-14 22:07 - 2016-12-13 22:42 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-01-14 22:07 - 2016-12-13 22:42 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-14 22:07 - 2016-12-13 22:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-01-14 22:07 - 2016-12-13 22:41 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-01-14 22:07 - 2016-12-13 22:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-01-14 22:07 - 2016-12-13 22:40 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2017-01-14 22:07 - 2016-12-13 22:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-01-14 22:07 - 2016-12-13 22:40 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-01-14 22:07 - 2016-12-13 22:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-14 22:07 - 2016-12-13 22:39 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-01-14 22:07 - 2016-12-13 22:39 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-01-14 22:07 - 2016-12-13 22:39 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-01-14 22:07 - 2016-12-13 22:38 - 17188864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-01-14 22:07 - 2016-12-13 22:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-01-14 22:07 - 2016-12-13 22:38 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-01-14 22:07 - 2016-12-13 22:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
2017-01-14 22:07 - 2016-12-13 22:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-01-14 22:07 - 2016-12-13 22:36 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-01-14 22:07 - 2016-12-13 22:36 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-01-14 22:07 - 2016-12-13 22:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-01-14 22:07 - 2016-12-13 22:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-01-14 22:07 - 2016-12-13 22:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-01-14 22:07 - 2016-12-13 22:35 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-01-14 22:07 - 2016-12-13 22:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2017-01-14 22:07 - 2016-12-13 22:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2017-01-14 22:07 - 2016-12-13 22:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-01-14 22:07 - 2016-12-13 22:26 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-01-14 22:07 - 2016-12-13 22:26 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-01-14 22:07 - 2016-12-13 22:25 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2017-01-14 22:07 - 2016-12-13 22:24 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2017-01-14 22:07 - 2016-12-13 22:24 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-01-14 22:07 - 2016-12-13 22:23 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-01-14 22:07 - 2016-12-13 22:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-01-14 22:07 - 2016-12-13 22:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-01-14 22:07 - 2016-12-13 22:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2017-01-14 22:07 - 2016-12-13 22:22 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-01-14 22:07 - 2016-12-13 22:22 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-01-14 22:07 - 2016-12-13 22:22 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-01-14 22:07 - 2016-12-13 22:22 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-01-14 22:07 - 2016-12-13 22:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-01-14 22:07 - 2016-11-02 06:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-01-14 22:07 - 2016-11-02 05:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-01-14 22:07 - 2016-11-02 04:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-01-14 22:07 - 2016-11-02 04:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-01-14 22:07 - 2016-11-02 04:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-01-14 22:07 - 2016-08-01 22:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-01-14 22:03 - 2017-01-21 21:16 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-01-14 21:59 - 2017-01-14 21:59 - 00000000 ____D C:\Users\Cummins\Downloads\New folder
2017-01-14 21:59 - 2017-01-14 21:59 - 00000000 ____D C:\Users\Cummins\Downloads\MBAR
2017-01-14 21:58 - 2017-01-14 21:59 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Cummins\Downloads\mbar-1.09.3.1001.exe
2017-01-14 21:15 - 2017-01-14 21:15 - 00000000 ____D C:\Program Files\Common Files\AV
2017-01-14 21:07 - 2017-01-14 21:07 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2017-01-14 21:06 - 2017-01-22 12:25 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-01-14 21:06 - 2017-01-21 19:54 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-01-14 20:59 - 2017-01-14 21:04 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Cummins\Downloads\spybot-2.4.exe
2017-01-14 15:03 - 2017-01-14 15:03 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-01-14 15:03 - 2017-01-14 15:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-01-12 13:14 - 2017-01-12 13:14 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-01-12 13:14 - 2017-01-12 13:14 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-01-12 13:14 - 2017-01-12 13:14 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-01-10 21:53 - 2017-01-25 22:14 - 00048293 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-01-10 21:53 - 2017-01-14 21:01 - 00460840 _____ C:\WINDOWS\ZAM.krnl.trace
2017-01-10 21:52 - 2017-01-14 21:22 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-01-10 21:52 - 2017-01-10 21:52 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-01-10 21:52 - 2017-01-10 21:52 - 00000000 ____D C:\Users\Cummins\AppData\Local\Zemana
2017-01-10 21:05 - 2017-01-10 21:59 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-01-07 13:11 - 2017-01-14 15:21 - 00000000 ____D C:\WINDOWS\Minidump
2017-01-03 23:25 - 2017-01-03 23:25 - 00046400 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2016-12-29 18:22 - 2016-12-29 18:22 - 00000000 ____D C:\Users\Cummins\AppData\Roaming\fltk.org
2016-12-29 18:22 - 2016-12-29 18:22 - 00000000 ____D C:\ProgramData\fltk.org
2016-12-29 18:20 - 2016-12-29 18:20 - 00000000 ____D C:\WINDOWS\Panther
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-25 22:05 - 2016-02-01 22:00 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-01-25 22:00 - 2016-09-30 02:53 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-25 19:52 - 2016-09-30 02:55 - 00000000 ____D C:\Users\Cummins
2017-01-25 19:48 - 2016-07-30 07:08 - 02338650 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-25 19:45 - 2016-07-30 14:43 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2017-01-25 19:45 - 2015-07-16 13:35 - 00000000 __SHD C:\Users\Cummins\IntelGraphicsProfiles
2017-01-25 19:44 - 2016-09-30 03:05 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-25 19:44 - 2016-07-16 00:04 - 01310720 _____ C:\WINDOWS\system32\config\BBI
2017-01-25 19:43 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-01-25 16:49 - 2015-07-17 15:11 - 00000000 ____D C:\Users\Cummins\AppData\Roaming\.minecraft
2017-01-25 15:26 - 2016-07-16 08:14 - 00000000 ____D C:\WINDOWS\DigitalLocker
2017-01-25 15:26 - 2016-07-16 05:45 - 00000000 ____D C:\WINDOWS\INF
2017-01-25 15:25 - 2016-06-22 07:19 - 00000000 ____D C:\ProgramData\ce1df3bf
2017-01-24 20:38 - 2016-07-13 08:37 - 00000000 ____D C:\ProgramData\EPSON
2017-01-24 20:34 - 2015-07-16 19:58 - 00000000 ___RD C:\Users\Cummins\OneDrive
2017-01-24 20:24 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2017-01-24 20:08 - 2016-12-20 08:32 - 00000000 ____D C:\Users\Cummins\AppData\Roaming\obs-studio
2017-01-24 18:31 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-24 16:21 - 2016-09-30 03:05 - 00003886 _____ C:\WINDOWS\System32\Tasks\{65330896-5C8A-5DBE-A43C-0AB44D2FE32B}
2017-01-24 15:46 - 2016-09-30 02:55 - 00000000 ____D C:\Users\umbel
2017-01-24 15:15 - 2015-07-16 21:08 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-01-23 18:21 - 2016-07-16 05:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-22 15:14 - 2015-08-25 18:48 - 00000000 ____D C:\Program Files (x86)\Steam
2017-01-22 13:04 - 2016-09-30 02:53 - 00227720 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-22 13:04 - 2015-07-15 21:33 - 00000000 ____D C:\Users\Cummins\AppData\Roaming\Adobe
2017-01-22 12:57 - 2015-07-21 13:17 - 00000000 ____D C:\ProgramData\Adobe
2017-01-22 12:57 - 2015-07-21 13:17 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-01-21 21:31 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-01-21 19:54 - 2016-07-16 00:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-01-21 19:43 - 2016-02-01 21:59 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-01-21 18:49 - 2015-08-25 19:02 - 00000000 ____D C:\Users\Cummins\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-01-20 15:07 - 2015-09-13 09:01 - 00000000 ____D C:\Users\Cummins\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2017-01-19 19:08 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\rescache
2017-01-15 12:49 - 2016-04-27 00:39 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-15 12:40 - 2016-07-16 05:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-15 12:40 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-01-15 12:40 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-15 12:40 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-01-15 12:40 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-01-14 22:12 - 2016-07-16 05:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-14 21:22 - 2012-07-26 02:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2017-01-14 15:26 - 2015-07-15 21:33 - 00000000 ____D C:\Users\Cummins\AppData\Local\Packages
2017-01-13 18:38 - 2015-07-16 02:10 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-13 18:35 - 2015-07-16 02:10 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-13 17:28 - 2016-12-09 18:12 - 00003286 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-01-13 17:28 - 2016-07-30 07:12 - 00002414 _____ C:\Users\Cummins\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-10 22:00 - 2016-02-01 21:59 - 00001118 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2017-01-10 21:05 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\IME
2017-01-07 10:55 - 2015-07-23 19:22 - 00000000 ____D C:\Users\Cummins\AppData\Local\ElevatedDiagnostics
 
==================== Files in the root of some directories =======
 
2015-08-30 13:29 - 2015-08-30 13:29 - 0000000 ___RH () C:\Users\Cummins\AppData\Roaming\6e2474fcd1a975e3b2a7cebf278962dc2
2016-12-18 18:24 - 2016-12-18 18:24 - 0000128 ____H () C:\Users\Cummins\AppData\Roaming\ecf00c38dc807e105d881c433a6b455dd2c606b6
2015-08-02 17:03 - 2016-03-05 20:03 - 6583864 _____ () C:\Users\Cummins\AppData\Roaming\paint.net.4.0.6.install.exe
2015-08-16 12:58 - 2016-12-22 14:27 - 0010240 _____ () C:\Users\Cummins\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-12-18 18:24 - 2016-12-18 18:24 - 0000128 ____H () C:\ProgramData\ecf00c38dc807e105d881c433a6b455dd2c606b6
2015-07-23 18:37 - 2015-08-20 08:24 - 0006148 _____ () C:\ProgramData\hpzinstall.log
 
Files to move or delete:
====================
C:\Windows\Tasks\{050C0847-0C09-080B-7E11-0509787E110F}.job
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-01-19 15:22
 
==================== End of FRST.txt ============================
 
Addition Log:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-01-2017 01
Ran by Cummins (25-01-2017 22:15:30)
Running from C:\Users\Cummins\Downloads
Windows 10 Home Version 1607 (X64) (2016-09-30 09:07:51)
Boot Mo

#2 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,159 posts

Posted 26 January 2017 - 08:49 AM

Hello, Welcome to SpywareInfoForum.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

ATTENTION: System Restore is disabled
Turn System Restore On for Drives in Windows 10
http://www.tenforums...ndows-10-a.html
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(© 2015 Microsoft Corporation) C:\Users\Cummins\AppData\Local\Microsoft\BingSvc\BingSvc.exe
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [] => 0
HKU\S-1-5-21-3262500836-2734221747-2499848716-1001\...\Run: [BingSvc] => C:\Users\Cummins\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2016-02-05] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-3262500836-2734221747-2499848716-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [BingSvc] => C:\Users\Cummins\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2016-02-05] (© 2015 Microsoft Corporation)
HKU\S-1-5-18\...\Run: [] => 0
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3262500836-2734221747-2499848716-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3262500836-2734221747-2499848716-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
CHR Extension: (Chrome Web Store Payments) - C:\Users\Cummins\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Chrome Media Router) - C:\Users\Cummins\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-17]
CHR HKU\S-1-5-21-3262500836-2734221747-2499848716-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3262500836-2734221747-2499848716-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
S3 dbx; system32\DRIVERS\dbx.sys [X]
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys 
Task: {08E68E9E-0257-41AD-B59E-ED55AAF016CA} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {1A1C5709-A6C1-46CE-B3E3-45008C4C484D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {36A0D7D0-1F75-4418-A413-66306C7BE9C7} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {484D1B7D-EB2F-457B-B55E-39595A8B11C8} - System32\Tasks\{65330896-5C8A-5DBE-A43C-0AB44D2FE32B} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\ce1df3bf\d25a9d6e.dll" <==== ATTENTION
Task: {5134DFA5-3A2D-49D4-A315-7DED3C959A07} - \{23222A0F-92C6-4AA8-9E4F-FAE7E8F50075} -> No File <==== ATTENTION
Task: {5CEB3E22-6E70-4FC9-8A79-6D656A1E0294} - System32\Tasks\{87BFDAC0-3014-6D6B-9DEF-5A364B8EF065} => C:\ProgramData\{8F1C4E42-38B7-F9E9-9275-0EF6757A29E1}\09AC47C5-BE07-F06E-AA3D-3940AA862720.exe <==== ATTENTION
Task: {6DF67CA8-505E-41EE-8B7D-8D1FF54F2DD8} - \{FF9BE2B2-4830-5519-5F2A-D0C4087E0092} -> No File <==== ATTENTION
Task: {7335F7FA-6856-4CA7-A7FD-799BDB8B57BF} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {765BA5A1-02B3-4CA1-B75D-AFB0094F0552} - System32\Tasks\{A5A5DE2C-120E-6987-7E3F-3F017597896B} => C:\ProgramData\{3D5C6E15-8AF7-D9BE-83C3-88512914F5AE}\168A4DAA-A121-FA01-8161-24BE0C99D47F.exe <==== ATTENTION
Task: {8837148E-2E81-4B0B-8907-72AFA3A8ACE0} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {8B0B3B3E-D806-430C-A12E-ABD98DE7A0F6} - System32\Tasks\{DB54C500-6CFF-72AB-0737-DA72A5E75ECE} => C:\ProgramData\{6E31BBE4-D99A-0C4F-3C14-EC61FE64457B}\CF883B1F-7823-8CB4-A2A4-B2045AB3B2DF.exe <==== ATTENTION
Task: {B378C6E1-1271-48BB-AD84-3335221850D6} - \{CCD31CF8-7B78-AB53-92DF-057E571DEF3D} -> No File <==== ATTENTION
Task: {D1D2A5AA-0089-4933-8C1A-EAE25CDDE990} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {E02D52CD-D23E-4C93-9DB4-8B6C38B9FDFC} - System32\Tasks\{E63E20A4-5195-970F-3015-21E1BDD4234F} => C:\ProgramData\{FC4851B6-4BE3-E61D-FDDC-448044F1AD46}\96A24E3C-2109-F997-539A-070F1BC33D79.exe <==== ATTENTION
Task: {E14F3485-D2AE-45BE-8448-FD74AC51B5DE} - \{050C0847-0C09-080B-7E11-0509787E110F} -> No File <==== ATTENTION
Task: {E2FEB211-62D5-45AD-B3B2-FFFC5A656C58} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {E3863B77-5EDE-4A1B-9751-B1079B261F19} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\{050C0847-0C09-080B-7E11-0509787E110F}.job => powershell exe
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
AlternateDataStreams: C:\ProgramData:iSpring Solutions [128]
AlternateDataStreams: C:\Users\All Users:iSpring Solutions [128]
AlternateDataStreams: C:\ProgramData\Application Data:iSpring Solutions [128]
AlternateDataStreams: C:\Users\Cummins\Application Data:iSpring Solutions [128]
AlternateDataStreams: C:\Users\Cummins\AppData\Roaming:iSpring Solutions [128]
C:\PROGRA~3\ce1df3bf
C:\ProgramData\{8F1C4E42-38B7-F9E9-9275-0EF6757A29E1}
C:\ProgramData\{3D5C6E15-8AF7-D9BE-83C3-88512914F5AE}
C:\ProgramData\{6E31BBE4-D99A-0C4F-3C14-EC61FE64457B}
C:\ProgramData\{FC4851B6-4BE3-E61D-FDDC-448044F1AD46}
C:\WINDOWS\Tasks\{050C0847-0C09-080B-7E11-0509787E110F}.job

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please post the log and let me know what problem persists.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#3 webbrian

webbrian

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 26 January 2017 - 09:39 PM

Thanks Nasdaq. I'll let you know if we experience any more issues.

 

Here's the FRST log:

Fix result of Farbar Recovery Scan Tool (x64) Version: 25-01-2017 01
Ran by Cummins (26-01-2017 20:30:20) Run:1
Running from C:\Users\Cummins\Downloads
Loaded Profiles: Cummins & umbel (Available Profiles: Cummins & umbel)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
(© 2015 Microsoft Corporation) C:\Users\Cummins\AppData\Local\Microsoft\BingSvc\BingSvc.exe
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [] => 0
HKU\S-1-5-21-3262500836-2734221747-2499848716-1001\...\Run: [BingSvc] => C:\Users\Cummins\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2016-02-05] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-3262500836-2734221747-2499848716-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [BingSvc] => C:\Users\Cummins\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2016-02-05] (© 2015 Microsoft Corporation)
HKU\S-1-5-18\...\Run: [] => 0
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3262500836-2734221747-2499848716-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3262500836-2734221747-2499848716-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
CHR Extension: (Chrome Web Store Payments) - C:\Users\Cummins\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Chrome Media Router) - C:\Users\Cummins\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-17]
CHR HKU\S-1-5-21-3262500836-2734221747-2499848716-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3262500836-2734221747-2499848716-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
S3 dbx; system32\DRIVERS\dbx.sys [X]
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys 
Task: {08E68E9E-0257-41AD-B59E-ED55AAF016CA} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {1A1C5709-A6C1-46CE-B3E3-45008C4C484D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {36A0D7D0-1F75-4418-A413-66306C7BE9C7} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {484D1B7D-EB2F-457B-B55E-39595A8B11C8} - System32\Tasks\{65330896-5C8A-5DBE-A43C-0AB44D2FE32B} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\ce1df3bf\d25a9d6e.dll" <==== ATTENTION
Task: {5134DFA5-3A2D-49D4-A315-7DED3C959A07} - \{23222A0F-92C6-4AA8-9E4F-FAE7E8F50075} -> No File <==== ATTENTION
Task: {5CEB3E22-6E70-4FC9-8A79-6D656A1E0294} - System32\Tasks\{87BFDAC0-3014-6D6B-9DEF-5A364B8EF065} => C:\ProgramData\{8F1C4E42-38B7-F9E9-9275-0EF6757A29E1}\09AC47C5-BE07-F06E-AA3D-3940AA862720.exe <==== ATTENTION
Task: {6DF67CA8-505E-41EE-8B7D-8D1FF54F2DD8} - \{FF9BE2B2-4830-5519-5F2A-D0C4087E0092} -> No File <==== ATTENTION
Task: {7335F7FA-6856-4CA7-A7FD-799BDB8B57BF} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {765BA5A1-02B3-4CA1-B75D-AFB0094F0552} - System32\Tasks\{A5A5DE2C-120E-6987-7E3F-3F017597896B} => C:\ProgramData\{3D5C6E15-8AF7-D9BE-83C3-88512914F5AE}\168A4DAA-A121-FA01-8161-24BE0C99D47F.exe <==== ATTENTION
Task: {8837148E-2E81-4B0B-8907-72AFA3A8ACE0} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {8B0B3B3E-D806-430C-A12E-ABD98DE7A0F6} - System32\Tasks\{DB54C500-6CFF-72AB-0737-DA72A5E75ECE} => C:\ProgramData\{6E31BBE4-D99A-0C4F-3C14-EC61FE64457B}\CF883B1F-7823-8CB4-A2A4-B2045AB3B2DF.exe <==== ATTENTION
Task: {B378C6E1-1271-48BB-AD84-3335221850D6} - \{CCD31CF8-7B78-AB53-92DF-057E571DEF3D} -> No File <==== ATTENTION
Task: {D1D2A5AA-0089-4933-8C1A-EAE25CDDE990} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {E02D52CD-D23E-4C93-9DB4-8B6C38B9FDFC} - System32\Tasks\{E63E20A4-5195-970F-3015-21E1BDD4234F} => C:\ProgramData\{FC4851B6-4BE3-E61D-FDDC-448044F1AD46}\96A24E3C-2109-F997-539A-070F1BC33D79.exe <==== ATTENTION
Task: {E14F3485-D2AE-45BE-8448-FD74AC51B5DE} - \{050C0847-0C09-080B-7E11-0509787E110F} -> No File <==== ATTENTION
Task: {E2FEB211-62D5-45AD-B3B2-FFFC5A656C58} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {E3863B77-5EDE-4A1B-9751-B1079B261F19} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\{050C0847-0C09-080B-7E11-0509787E110F}.job => powershell exe
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
AlternateDataStreams: C:\ProgramData:iSpring Solutions [128]
AlternateDataStreams: C:\Users\All Users:iSpring Solutions [128]
AlternateDataStreams: C:\ProgramData\Application Data:iSpring Solutions [128]
AlternateDataStreams: C:\Users\Cummins\Application Data:iSpring Solutions [128]
AlternateDataStreams: C:\Users\Cummins\AppData\Roaming:iSpring Solutions [128]
C:\PROGRA~3\ce1df3bf
C:\ProgramData\{8F1C4E42-38B7-F9E9-9275-0EF6757A29E1}
C:\ProgramData\{3D5C6E15-8AF7-D9BE-83C3-88512914F5AE}
C:\ProgramData\{6E31BBE4-D99A-0C4F-3C14-EC61FE64457B}
C:\ProgramData\{FC4851B6-4BE3-E61D-FDDC-448044F1AD46}
C:\WINDOWS\Tasks\{050C0847-0C09-080B-7E11-0509787E110F}.job
 
End
*****************
 
Error: (0) Failed to create a restore point.
Processes closed successfully.
C:\Users\Cummins\AppData\Local\Microsoft\BingSvc\BingSvc.exe => No running process found
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully


#4 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,159 posts

Posted 27 January 2017 - 07:44 AM



Your Fixlog was truncated. I hope all is well..

We should take care of this Error: (0) Failed to create a restore point.

If you have set it to ON as I previously requested I suggest you try again and then restart the computer.

Let me know if it's ON now.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#5 webbrian

webbrian

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 27 January 2017 - 11:47 PM

I turned on System Restore and restarted then reran. FRST runs but never finishes fixing. Not seeing any other signs of trouble so far.

#6 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,159 posts

Posted 28 January 2017 - 08:47 AM

Download Delfix from this site.
https://www.bleeping...ownload/delfix/

DelFix is a tool developed by Xplode, the makers of AdwCleaner, which can remove all portable virus cleaning and disinfection tools youve ever used. It will also reset the restore points of your computer systems making it even safer.

The program makes some other adjustments to your PC too which include:

Activate UAC: It activates the user account control after cleaning the log files and the unnecessary clutter in your PC.
Remove disinfection tools: Removes the tool youve ever used to disinfect your PC.
Create registry backup: The program creates a registry backup and stores it under % windir% \ ERUNT \ DelFix.
Purge system restore: Deletes all your older restore points and creates a fresh one.
Reset system settings: It resets the system settings after the removal process is completed.


Just download the program and run it on your computer system.
There is a default check-mark on feature Remove disinfection tools and you need to check other feature manually before running the program should you wish to.
Wait for a few minutes and your computer system will be free of all unnecessary files.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#7 webbrian

webbrian

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 28 January 2017 - 09:14 AM

Thanks, all done! Appreciate all the help




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of

Support SpywareInfo Forum - click the button
PayPal - The safer, easier way to pay online!