WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Possible Malware [Solved]

Started by BlackListed , Apr 16 2016 05:09 PM

This topic is locked

32 replies to this topic

#1 BlackListed

Authentic Member

Authentic Member
33 posts

Posted 16 April 2016 - 05:09 PM

Ok so I downloaded a file recently and ran it. It worked just fine, but since I'm paranoid I ran mbam It showed the program and Trojan.dropper. I fixed the issues and re-ran it. Nothing came up am I clear to continue? or shall we inspect in more detail.

Advertisements

Register to Remove

#2 BlackListed

Authentic Member

Authentic Member
33 posts

Posted 16 April 2016 - 05:19 PM

I will post the logs in a bit

#3 BlackListed

Authentic Member

Authentic Member
33 posts

Posted 16 April 2016 - 05:29 PM

Here is my mbam log

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/16/2016
Scan Time: 5:20 PM
Logfile: mbamlog.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.04.16.05
Rootkit Database: v2016.04.09.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Alta

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 364479
Time Elapsed: 17 min, 43 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
Trojan.Dropper.MSIL, C:\Users\Alta\AppData\Local\Temp\WindowsApplication6.exe, Quarantined, [96efdcd37b1e4beba00fd133927333cd],

Physical Sectors: 0
(No malicious items detected)

(end)

I am about to run FRST. If you want a different log from a different program ask me

#4 BlackListed

Authentic Member

Authentic Member
33 posts

Posted 16 April 2016 - 05:57 PM

Here is the FRST log

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-04-2016
Ran by Alta (administrator) on IDEA-PC (16-04-2016 19:49:07)
Running from C:\Users\Alta\Desktop
Loaded Profiles: Alta (Available Profiles: Alta)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
() C:\Windows\jmesoft\Service.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Microsoft) C:\Program Files (x86)\Lenovo\Lenovo Dashboard\DdMgr.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft) C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Microsoft) C:\Program Files (x86)\Lenovo\GamePortal\Services\IdeaTouch.LocalDataServer.Game.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Bogdan Sharkov) C:\Program Files (x86)\Clownfish\Clownfish.exe
(BitTorrent Inc.) C:\Users\Alta\AppData\Roaming\uTorrent\uTorrent.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Curse, Inc) C:\Users\Alta\AppData\Roaming\Curse Client\Bin\Curse.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Lenovo) C:\Windows\jmesoft\hotkey.exe
() C:\Windows\jmesoft\ServiceLoader.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
() C:\Windows\jmesoft\JME_LOAD.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(BitTorrent Inc.) C:\Users\Alta\AppData\Roaming\uTorrent\updates\3.4.6_42094\utorrentie.exe
(BitTorrent Inc.) C:\Users\Alta\AppData\Roaming\uTorrent\updates\3.4.6_42094\utorrentie.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Joyent, Inc) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Curse, Inc.) C:\Users\Alta\AppData\Roaming\Curse Client\Bin\Electron\CurseUI.exe
(Curse, Inc.) C:\Users\Alta\AppData\Roaming\Curse Client\Bin\Electron\CurseUI.exe
(Curse, Inc.) C:\Users\Alta\AppData\Roaming\Curse Client\Bin\Electron\CurseUI.exe
(Curse, Inc.) C:\Users\Alta\AppData\Roaming\Curse Client\Bin\Electron\CurseUI.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.8.267.0\McCSPServiceHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
() C:\Users\Alta\Desktop\MM\DS4Windows.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13286472 2013-02-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1277000 2013-02-18] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink Corp.)
HKLM-x32\...\Run: [Lenovo Dynamic Brightness System] => C:\Program Files\Lenovo\Lenovo Brightness System\RunLDBS.exe [1753432 2012-09-18] (Lenovo)
HKLM-x32\...\Run: [Lenovo Eye Distance System] => C:\Program Files\Lenovo\Lenovo Eye Distance System\RunLEDS.exe [1752920 2012-09-18] (Lenovo)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2015-10-08] (Power Software Ltd)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2312896 2016-02-12] (Adobe Systems Incorporated)
HKU\S-1-5-21-282325405-1474076517-3493579889-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3077712 2016-03-31] (Valve Corporation)
HKU\S-1-5-21-282325405-1474076517-3493579889-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50670720 2016-03-01] (Skype Technologies S.A.)
HKU\S-1-5-21-282325405-1474076517-3493579889-1001\...\Run: [Clownfish] => C:\Program Files (x86)\Clownfish\Clownfish.exe [1366256 2016-02-19] (Bogdan Sharkov)
HKU\S-1-5-21-282325405-1474076517-3493579889-1001\...\Run: [AutoTyperMurGee] => C:\Program Files (x86)\Auto Typer by MurGee\AutoTyper.exe [79016 2016-03-05] (MurGee.com)
HKU\S-1-5-21-282325405-1474076517-3493579889-1001\...\Run: [uTorrent] => C:\Users\Alta\AppData\Roaming\uTorrent\uTorrent.exe [1959424 2016-04-08] (BitTorrent Inc.)
HKU\S-1-5-21-282325405-1474076517-3493579889-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [797328 2016-02-26] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-282325405-1474076517-3493579889-1001\...\RunOnce: [Adobe Speed Launcher] => 1460845920
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-01-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-01-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-01-22] ()
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
Startup: C:\Users\Alta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk [2016-01-06]
ShortcutTarget: Curse.lnk -> C:\Users\Alta\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{739b3c5f-11f3-422b-b2b4-1462db0c5789}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{a66df7ce-97c7-41e8-8684-b323124fb3da}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKU\S-1-5-21-282325405-1474076517-3493579889-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {fcd9f10e-0daa-405f-bca0-0dd3f37c59d9} URL =
SearchScopes: HKU\S-1-5-21-282325405-1474076517-3493579889-1001 -> DefaultScope {C11569A6-E5CB-4FDE-A09C-D7CA190B1961} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-563448c1&q={searchTerms}
SearchScopes: HKU\S-1-5-21-282325405-1474076517-3493579889-1001 -> {C11569A6-E5CB-4FDE-A09C-D7CA190B1961} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-563448c1&q={searchTerms}
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2016-01-08] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2016-01-08] (Oracle Corporation)
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-04-12] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-04-12] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-04-12] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-04-12] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2016-03-03] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2016-03-03] (McAfee, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Alta\AppData\Roaming\Mozilla\Firefox\Profiles\s6fomh1y.default
FF DefaultSearchEngine.US: Secure Search
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-07] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-03-03] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-02-12] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-07] ()
FF Plugin-x32: @exent.com/npExentControl,version=7.1.0.1 -> C:\Program Files (x86)\FreeRide Games\npExentControl.dll [2010-10-18] (Exent Technologies Ltd.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2016-01-08] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2016-01-08] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-03-03] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2012-12-14] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-02-12] (Adobe Systems)
FF Plugin HKU\S-1-5-21-282325405-1474076517-3493579889-1001: @nsroblox.roblox.com/launcher -> C:\Users\Alta\AppData\Local\Roblox\Versions\version-3334c46e6d704f6d\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-282325405-1474076517-3493579889-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\Alta\AppData\Local\Roblox\Versions\version-3334c46e6d704f6d\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF SearchPlugin: C:\Users\Alta\AppData\Roaming\Mozilla\Firefox\Profiles\s6fomh1y.default\searchplugins\McSiteAdvisor.xml [2016-03-01]
FF SearchPlugin: C:\Users\Alta\AppData\Roaming\Mozilla\Firefox\Profiles\s6fomh1y.default\searchplugins\yahoo-ysp.xml [2016-01-08]
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-12-29]
FF Extension: NoScript - C:\Users\Alta\AppData\Roaming\Mozilla\Firefox\Profiles\s6fomh1y.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-04-16]
FF Extension: Malware Search - C:\Users\Alta\AppData\Roaming\Mozilla\Firefox\Profiles\s6fomh1y.default\extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}.xpi [2016-04-16]
FF Extension: Dr.Web Anti-Virus Link Checker - C:\Users\Alta\AppData\Roaming\Mozilla\Firefox\Profiles\s6fomh1y.default\Extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}.xpi [2016-04-11]
FF Extension: Adblock Plus - C:\Users\Alta\AppData\Roaming\Mozilla\Firefox\Profiles\s6fomh1y.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-23]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2016-02-25] [not signed]

Chrome:
=======
CHR HomePage: Default -> search.mpc.am
CHR StartupUrls: Default -> "search.mpc.am"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=C211US0D19700101&p={searchTerms}
CHR DefaultSearchKeyword: Default -> McAfee
CHR Profile: C:\Users\Alta\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Alta\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-26]
CHR Extension: (SiteAdvisor) - C:\Users\Alta\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2016-03-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Alta\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-26]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-04-16]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-04-16]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated)
R2 Dashboard Service; C:\Program Files (x86)\Lenovo\Lenovo Dashboard\DdMgr.exe [24880 2013-01-15] (Microsoft) [File not signed]
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [143872 2014-10-24] (Microsoft Corporation) [File not signed]
R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-03-14] (Hi-Rez Studios) [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 IdeaTouch.LocalDataServer.Education; C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe [7680 2012-05-17] (Microsoft) [File not signed]
R2 IdeaTouch.LocalDataServer.Game; C:\Program Files (x86)\Lenovo\GamePortal\Services\IdeaTouch.LocalDataServer.Game.exe [7680 2012-05-17] (Microsoft) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-03-15] () [File not signed]
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [163592 2016-04-12] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [863448 2016-03-03] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.8.267.0\McCSPServiceHost.exe [1696712 2016-02-23] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [681680 2016-02-26] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [234192 2015-11-18] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [380896 2016-01-21] (McAfee, Inc.)
R3 mfevtp; C:\WINDOWS\system32\mfevtps.exe [275368 2015-11-18] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-14] (Nitro PDF Software)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [902112 2015-12-14] (Intel Security, Inc.)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [187024 2016-02-26] (Sandboxie Holdings, LLC)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [122368 2015-02-26] (Microsoft Corporation) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [79248 2015-11-25] (McAfee, Inc.)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45680 2015-11-12] (LogMeIn Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-04-16] (Malwarebytes)
R2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [76064 2015-12-01] (McAfee, Inc.)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419624 2015-11-25] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [351144 2015-11-25] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [83096 2015-11-25] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496368 2015-11-25] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [846080 2015-11-25] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [539496 2015-11-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109480 2015-11-20] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [45728 2016-03-15] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [245096 2015-11-25] (McAfee, Inc.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-03] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [204944 2016-02-26] (Sandboxie Holdings, LLC)
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-04-09] ()
R3 VMC412; C:\Windows\System32\Drivers\VMC412.sys [232576 2012-09-24] (Vimicro Corporation)
R3 vmuacflt; C:\Windows\System32\Drivers\vmuacflt.sys [13696 2012-05-02] (Vimicro Corporation)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [75512 2015-11-05] (VMware, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R0 WinI2C-DDC; C:\Windows\System32\drivers\DDCDrv.sys [20832 2008-04-08] (Nicomsoft Ltd.)
R0 WinI2C-DDC; C:\Windows\SysWOW64\drivers\DDCDrv.sys [15712 2010-03-22] (Nicomsoft Ltd.)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
R2 X5XSEx_Pr148; C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [56136 2012-08-02] (Exent Technologies Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-16 19:49 - 2016-04-16 19:50 - 00027037 _____ C:\Users\Alta\Desktop\FRST.txt
2016-04-16 19:49 - 2016-04-16 19:49 - 00000000 ____D C:\FRST
2016-04-16 19:48 - 2016-04-16 19:48 - 02375168 _____ (Farbar) C:\Users\Alta\Desktop\FRST64.exe
2016-04-16 19:26 - 2016-04-16 19:26 - 00001139 _____ C:\Users\Alta\Desktop\mbamlog.txt
2016-04-16 19:25 - 2016-04-16 19:25 - 00001292 _____ C:\mbamlog1.txt
2016-04-16 17:53 - 2016-04-16 17:53 - 560775458 _____ C:\WINDOWS\MEMORY.DMP
2016-04-16 17:53 - 2016-04-16 17:53 - 01407756 _____ C:\WINDOWS\Minidump\041616-24062-01.dmp
2016-04-16 17:53 - 2016-04-16 17:53 - 00000000 ____D C:\WINDOWS\Minidump
2016-04-16 17:50 - 2016-04-16 17:50 - 00000000 ___HD C:\OneDriveTemp
2016-04-16 17:12 - 2016-04-16 17:12 - 00000000 ____D C:\Users\Alta\Documents\My Cheat Tables
2016-04-16 16:54 - 2016-04-16 17:04 - 00001534 _____ C:\WINDOWS\Sandboxie.ini
2016-04-16 16:54 - 2016-04-16 16:54 - 00000000 ___RD C:\Sandbox
2016-04-16 16:54 - 2016-04-16 16:53 - 00000948 _____ C:\Users\Alta\Desktop\Sandboxed Web Browser.lnk
2016-04-16 16:53 - 2016-04-16 16:53 - 08584848 _____ (Sandboxie Holdings, LLC) C:\Users\Alta\Downloads\SandboxieInstall.exe
2016-04-16 16:53 - 2016-04-16 16:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2016-04-16 16:53 - 2016-04-16 16:53 - 00000000 ____D C:\Program Files\Sandboxie
2016-04-16 16:14 - 2016-04-13 22:01 - 00003331 ____N C:\Users\Alta\Desktop\Training #1.txt
2016-04-16 16:14 - 2016-04-13 21:05 - 00002131 ____N C:\Users\Alta\Desktop\Training #2.txt
2016-04-11 22:54 - 2016-04-12 18:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-04-11 21:05 - 2016-04-11 21:05 - 02757864 _____ C:\Users\Alta\Desktop\maxresdefault.psd
2016-04-11 20:47 - 2016-04-11 21:52 - 00000000 ____D C:\Users\Alta\Documents\VirtualDJ
2016-04-11 20:47 - 2016-04-11 20:47 - 00001106 _____ C:\Users\Alta\Desktop\VirtualDJ 8.lnk
2016-04-11 20:47 - 2016-04-11 20:47 - 00000000 ____D C:\Users\Alta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ
2016-04-11 20:47 - 2016-04-11 20:47 - 00000000 ____D C:\Program Files (x86)\VirtualDJ
2016-04-11 20:44 - 2016-04-11 20:45 - 38871040 _____ C:\Users\Alta\Downloads\install_virtualdj_pc_v8.1.2857.msi
2016-04-11 09:39 - 2016-04-16 18:31 - 00000000 ____D C:\Users\Alta\AppData\LocalLow\uTorrent
2016-04-10 18:57 - 2016-04-10 18:58 - 00001390 _____ C:\DelFix.txt
2016-04-10 18:06 - 2016-04-10 18:06 - 55550688 ____N (Microsoft Corporation) C:\Users\Alta\Desktop\Windows-KB890830-x64-V5.34.exe
2016-04-10 17:16 - 2016-04-16 18:32 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-04-10 14:19 - 2016-04-10 14:19 - 00000000 ____D C:\WINDOWS\system32\McAfee File Lock
2016-04-10 12:05 - 2016-04-10 12:05 - 00001780 _____ C:\Users\Alta\Downloads\fixlist(2).txt
2016-04-09 18:27 - 2016-04-09 18:27 - 00001780 _____ C:\Users\Alta\Downloads\fixlist(1).txt
2016-04-09 16:11 - 2016-04-09 16:11 - 00001778 _____ C:\Users\Alta\Downloads\fixlist.txt
2016-04-08 21:36 - 2016-04-14 17:44 - 00000000 ____D C:\Users\Alta\AppData\Local\CrashDumps
2016-04-08 19:11 - 2016-04-09 13:38 - 00024688 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-04-08 19:11 - 2016-04-09 01:05 - 00000000 ____D C:\ProgramData\RogueKiller
2016-04-08 17:27 - 2016-04-08 17:27 - 00001182 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-08 17:27 - 2016-04-08 17:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-08 17:27 - 2016-04-08 17:27 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-08 17:27 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-04-08 17:27 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-04-08 17:27 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-04-08 17:26 - 2016-04-08 17:23 - 22851472 ____N (Malwarebytes ) C:\Users\Alta\Desktop\mbam-setup-2.2.1.1043.exe
2016-04-08 17:14 - 2016-04-08 17:12 - 00321848 ____N (Malwarebytes Corporation) C:\Users\Alta\Desktop\mbam-clean-2.1.1.1001.exe
2016-04-08 15:13 - 2016-04-08 15:13 - 01106888 _____ (Bleeping Computer, LLC) C:\Users\Alta\Desktop\eXplorer64.exe
2016-04-07 16:47 - 2016-04-08 17:27 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-04-07 16:47 - 2016-04-07 16:47 - 22851472 _____ (Malwarebytes ) C:\Users\Alta\Downloads\mbam-setup-2.2.1.1043.exe
2016-04-07 15:31 - 2016-04-16 18:29 - 01823006 _____ C:\WINDOWS\ntbtlog.txt
2016-04-07 12:34 - 2016-04-07 12:34 - 05934784 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2016-04-07 12:29 - 2016-04-07 12:29 - 00000000 ____D C:\Users\Alta\Documents\Curse
2016-04-07 07:51 - 2016-04-07 09:21 - 00000000 ____D C:\WINDOWS\SysWOW64\databases-incognito
2016-04-07 00:19 - 2016-04-07 00:19 - 00000000 ____D C:\Users\Alta\AppData\Roaming\MCorp
2016-04-07 00:03 - 2016-04-07 00:27 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2016-04-06 23:57 - 2016-04-06 23:57 - 00002560 _____ C:\Users\Alta\AppData\Local\uninstall.exe
2016-04-06 23:57 - 2016-04-06 23:57 - 00000000 ____D C:\Users\Alta\AppData\Roaming\vnlgp
2016-04-06 23:56 - 2016-04-06 23:56 - 00000034 ___SH C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
2016-04-06 22:33 - 2016-04-06 22:33 - 00000000 ____D C:\WINDOWS\system32\SSL
2016-04-05 18:11 - 2016-04-05 18:11 - 00000452 _____ C:\Users\Alta\Desktop\.env
2016-04-03 19:59 - 2016-04-03 19:59 - 00247603 _____ C:\Users\Alta\Downloads\ALTAGRACIA B.docx new resume.pdf
2016-04-03 12:57 - 2016-04-03 12:57 - 00003075 _____ C:\Users\Alta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ultimate Online Bot 1.0.lnk
2016-04-03 12:57 - 2016-04-03 12:57 - 00000000 ____D C:\Program Files (x86)\Shivinder Singh Narr
2016-04-03 12:47 - 2016-04-03 12:47 - 00001466 _____ C:\Users\Alta\Desktop\Cok Free Auto Typer.lnk
2016-04-03 12:47 - 2016-04-03 12:47 - 00000000 ____D C:\ProgramData\Cok Free Auto Typer
2016-04-03 12:47 - 2016-04-03 12:47 - 00000000 ____D C:\Program Files (x86)\Cok Software
2016-04-02 14:37 - 2016-04-02 14:37 - 00000000 ____H C:\Users\Alta\Documents\Default.rdp
2016-04-02 12:15 - 2016-04-02 23:03 - 00000000 ____D C:\Users\Alta\Desktop\Habbo RP
2016-03-31 16:05 - 2016-04-07 07:57 - 00000000 ____D C:\Users\Alta\AppData\Local\LogMeIn Hamachi
2016-03-31 14:24 - 2016-03-31 02:13 - 18452996 _____ C:\Users\Alta\Desktop\retaliation.sql
2016-03-30 20:53 - 2016-03-30 21:04 - 00000000 ____D C:\Users\Alta\Desktop\New folder
2016-03-30 16:39 - 2016-03-30 16:39 - 00006274 _____ C:\Users\Alta\Desktop\Cerberus Queries.sql
2016-03-30 16:31 - 2016-03-30 16:31 - 00005755 _____ C:\Users\Alta\Desktop\Retaliation 2.0.sql
2016-03-30 01:13 - 2016-03-30 20:35 - 00000000 ____D C:\Users\Alta\Desktop\cerberus
2016-03-29 17:38 - 2016-03-29 17:38 - 00000000 ____D C:\Users\Alta\Documents\NBGI
2016-03-29 17:28 - 2016-03-29 17:28 - 00000000 ____D C:\Users\Alta\Documents\Games for Windows - LIVE Demos
2016-03-29 17:27 - 2011-09-28 17:45 - 15453832 _____ (Microsoft Corporation) C:\WINDOWS\system32\xlive.dll
2016-03-29 17:27 - 2011-09-28 17:45 - 13642888 _____ (Microsoft Corporation) C:\WINDOWS\system32\xlivefnt.dll
2016-03-29 17:27 - 2011-09-28 17:44 - 00179271 _____ C:\WINDOWS\system32\xlive.dll.cat
2016-03-29 17:27 - 2010-04-27 14:45 - 00187544 _____ (Microsoft Corporation) C:\WINDOWS\system32\xliveinstall.dll
2016-03-29 17:19 - 2016-03-29 17:19 - 00000000 ____D C:\WINDOWS\SysWOW64\xlive
2016-03-29 17:19 - 2016-03-29 17:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
2016-03-29 17:19 - 2016-03-29 17:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2016-03-29 16:39 - 2015-08-16 23:50 - 00003437 _____ C:\Users\Alta\Desktop\sql.txt
2016-03-29 15:54 - 2016-03-29 15:54 - 00001267 _____ C:\Users\Public\Desktop\Dark Souls III.lnk
2016-03-27 14:00 - 2016-03-29 15:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dark Souls Prepare To Die Edition
2016-03-27 13:09 - 2016-03-29 15:54 - 00000000 ____D C:\Program Files (x86)\Dark Souls Prepare To Die Edition
2016-03-27 12:10 - 2016-03-27 12:10 - 00000000 ____D C:\Users\Alta\AppData\Roaming\PowerISO
2016-03-27 12:07 - 2011-08-16 14:07 - 00378128 _____ (Microsoft Corporation) C:\Users\Alta\Desktop\setup.exe
2016-03-26 23:57 - 2016-03-26 23:57 - 00007927 _____ C:\Users\Alta\Desktop\create_tables.sql
2016-03-26 17:43 - 2016-03-26 17:43 - 00000000 ____D C:\Users\Alta\AppData\Local\NBGI
2016-03-26 16:28 - 2016-03-26 16:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dark Souls
2016-03-26 15:53 - 2016-03-27 00:05 - 00000000 ____D C:\Games
2016-03-25 11:11 - 2016-03-25 11:11 - 00001076 _____ C:\Users\Public\Desktop\Navicat for MySQL.lnk
2016-03-25 11:11 - 2016-03-25 11:11 - 00000000 ____D C:\Users\Alta\Documents\Navicat
2016-03-25 11:11 - 2016-03-25 11:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PremiumSoft
2016-03-25 11:11 - 2016-03-25 11:11 - 00000000 ____D C:\Program Files\PremiumSoft
2016-03-24 23:38 - 2016-03-25 11:42 - 00000000 ____D C:\Users\Alta\Desktop\EMU
2016-03-24 23:35 - 2016-03-24 23:35 - 00000000 ____D C:\Users\Alta\Desktop\Chat
2016-03-24 17:10 - 2016-03-24 17:10 - 01634892 _____ C:\Users\Alta\Desktop\Residential_Lease_for_Single_Family_Home_and_Duplex.pdf
2016-03-22 14:00 - 2016-03-22 14:01 - 00000000 ____D C:\Users\Alta\AppData\Roaming\Notepad++
2016-03-22 14:00 - 2016-03-22 14:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2016-03-22 14:00 - 2016-03-22 14:00 - 00000000 ____D C:\Program Files (x86)\Notepad++
2016-03-22 13:41 - 2016-03-26 23:57 - 00007927 _____ C:\Users\Alta\Desktop\New Text Document.txt
2016-03-22 13:40 - 2016-03-22 13:40 - 00000000 _____ C:\Users\Alta\Desktop\Index.php.txt
2016-03-22 12:57 - 2016-03-22 12:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XAMPP
2016-03-22 12:34 - 2016-03-22 13:33 - 00000000 ____D C:\xampp
2016-03-21 23:20 - 2016-03-22 11:50 - 00000000 ____D C:\Users\Alta\Downloads\NARUTO.SHIPPUDEN.Ultimate.Ninja.STORM.4-CODEX
2016-03-21 15:06 - 2016-03-21 15:06 - 00000000 ____D C:\Users\Alta\AppData\Roaming\Naruto Shippuden Ultimate Ninja Storm Revolution
2016-03-21 15:06 - 2016-03-21 15:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2016-03-21 14:54 - 2016-03-21 14:54 - 00000000 ____D C:\Program Files (x86)\R.G. Mechanics
2016-03-21 14:17 - 2016-03-21 14:48 - 00000000 ____D C:\Users\Alta\Downloads\[R.G. Mechanics] Naruto Shippuden - Ultimate Ninja Storm Revolution
2016-03-17 18:57 - 2016-03-17 18:57 - 00000000 ____D C:\Users\Alta\AppData\Local\UnrealEngine
2016-03-17 18:57 - 2016-03-17 18:57 - 00000000 ____D C:\Users\Alta\AppData\Local\AtlanticIslandPark
2016-03-17 18:53 - 2016-03-17 18:53 - 00001530 _____ C:\Users\Alta\Desktop\The Park.lnk
==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-16 19:35 - 2016-01-03 20:53 - 00000000 ____D C:\Users\Alta\AppData\Local\Packages
2016-04-16 19:35 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-16 19:35 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-16 19:33 - 2016-01-11 21:07 - 00004148 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C183FE5D-6EDB-4C9E-9C57-83F9B54A21E4}
2016-04-16 19:33 - 2016-01-05 17:52 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-04-16 19:32 - 2016-02-27 00:07 - 00000000 ____D C:\Users\Alta\AppData\Roaming\Skype
2016-04-16 19:27 - 2016-01-31 19:07 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-16 19:27 - 2016-01-31 19:07 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-16 18:59 - 2015-10-30 03:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-16 18:55 - 2016-02-12 18:51 - 00000000 ____D C:\Users\Alta\AppData\Roaming\DS4Windows
2016-04-16 18:39 - 2016-01-06 20:56 - 00000000 ____D C:\Users\Alta\AppData\Roaming\Curse Client
2016-04-16 18:34 - 2016-01-11 17:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2016-04-16 18:32 - 2016-01-11 18:29 - 00000000 ___RD C:\Users\Alta\OneDrive
2016-04-16 18:32 - 2016-01-03 21:19 - 00000000 __RSD C:\Users\Alta\Documents\McAfee Vaults
2016-04-16 18:31 - 2016-01-13 16:07 - 00000000 ____D C:\ProgramData\VMware
2016-04-16 18:31 - 2016-01-11 18:22 - 00000000 __SHD C:\Users\Alta\IntelGraphicsProfiles
2016-04-16 18:31 - 2016-01-05 21:54 - 00000000 ____D C:\Program Files (x86)\Steam
2016-04-16 18:30 - 2016-01-13 19:28 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-16 18:30 - 2015-10-30 02:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-04-16 18:15 - 2016-01-13 19:16 - 00000000 ____D C:\Users\Alta
2016-04-16 17:51 - 2016-01-05 17:52 - 00000000 ____D C:\Users\Alta\AppData\Local\Adobe
2016-04-16 17:44 - 2016-01-13 19:28 - 00883432 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-16 17:44 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF
2016-04-16 17:41 - 2015-10-30 02:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-04-16 17:39 - 2016-01-13 19:10 - 00206568 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-04-16 17:39 - 2016-01-04 18:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-16 17:39 - 2016-01-03 21:17 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-04-16 15:36 - 2016-01-27 13:09 - 00280064 ___SH C:\Users\Alta\Desktop\Thumbs.db
2016-04-13 20:15 - 2016-01-05 17:59 - 00000000 ____D C:\Users\Alta\Desktop\MM
2016-04-13 08:33 - 2016-01-14 15:01 - 00000000 ____D C:\ProgramData\tmp
2016-04-11 20:03 - 2016-01-24 14:51 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-04-11 18:55 - 2016-01-05 17:50 - 00000000 ____D C:\Users\Alta\AppData\Roaming\.minecraft
2016-04-11 15:52 - 2016-01-24 14:41 - 00000000 ___RD C:\Users\Alta\Creative Cloud Files
2016-04-11 09:41 - 2016-01-24 14:41 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-04-10 18:06 - 2016-01-04 10:04 - 143659408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-09 16:35 - 2016-01-03 21:18 - 00003122 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2016-04-09 16:35 - 2016-01-03 21:18 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2016-04-09 16:22 - 2013-06-03 15:55 - 00000000 ____D C:\WINDOWS\System32\Tasks\Lenovo
2016-04-08 18:51 - 2016-01-18 18:35 - 00000000 ____D C:\Users\Alta\AppData\LocalLow\Temp
2016-04-07 17:11 - 2013-06-03 16:13 - 00000000 ____D C:\Program Files (x86)\Amazon
2016-04-07 15:58 - 2016-01-06 19:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
2016-04-06 23:56 - 2013-06-03 15:49 - 00000000 ____D C:\ProgramData\Intel
2016-04-06 17:26 - 2016-01-23 14:58 - 00000000 ____D C:\Users\Alta\AppData\Roaming\FileZilla
2016-04-05 08:34 - 2016-01-19 13:38 - 00000000 ____D C:\Credit-Aid_HOME
2016-04-03 13:28 - 2016-01-23 14:57 - 00000000 ____D C:\Users\Alta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2016-04-03 13:28 - 2016-01-23 14:57 - 00000000 ____D C:\Program Files\FileZilla FTP Client
2016-04-02 21:50 - 2013-06-03 16:04 - 00000000 ____D C:\Program Files\Lenovo
2016-03-28 18:16 - 2016-01-06 20:34 - 00000000 ____D C:\Users\Alta\Documents\My Games
2016-03-28 17:31 - 2016-01-31 19:08 - 00002283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-26 01:54 - 2016-01-31 19:07 - 00000000 ____D C:\Users\Alta\AppData\Local\Google
2016-03-23 23:33 - 2016-01-05 17:52 - 00003816 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-03-22 12:56 - 2016-01-06 19:48 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-21 23:04 - 2016-01-05 18:07 - 00000000 ____D C:\Users\Alta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2016-03-21 23:04 - 2016-01-05 18:07 - 00000000 ____D C:\Users\Alta\AppData\LocalLow\RbxLogs
2016-03-19 11:49 - 2016-01-16 18:35 - 00000000 ____D C:\Users\Alta\BrawlhallaReplays
2016-03-17 23:27 - 2016-02-27 00:07 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-03-17 23:27 - 2016-02-27 00:06 - 00000000 ____D C:\ProgramData\Skype
2016-03-17 23:26 - 2016-01-04 18:37 - 00001239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-03-17 23:26 - 2016-01-04 18:37 - 00001227 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk

==================== Files in the root of some directories =======

2016-04-06 23:57 - 2016-04-06 23:57 - 0002560 _____ () C:\Users\Alta\AppData\Local\uninstall.exe
2013-06-03 15:52 - 2013-06-03 15:52 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-04-08 15:27

==================== End of FRST.txt ============================

Heres the additions log from FRST

Additional scan result of Farbar Recovery Scan Tool (x64) Version:17-04-2016
Ran by Alta (2016-04-16 19:51:18)
Running from C:\Users\Alta\Desktop
Windows 10 Home Version 1511 (X64) (2016-01-13 23:42:27)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-282325405-1474076517-3493579889-500 - Administrator - Disabled)
Alta (S-1-5-21-282325405-1474076517-3493579889-1001 - Administrator - Enabled) => C:\Users\Alta
DefaultAccount (S-1-5-21-282325405-1474076517-3493579889-503 - Limited - Disabled)
Guest (S-1-5-21-282325405-1474076517-3493579889-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-282325405-1474076517-3493579889-1008 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.5.1.209 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.1.2 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{F564317A-AB84-BEE8-A670-B6C09BC08AFB}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AngryBirds (HKLM-x32\...\{20CE0033-8F3D-464B-8BA2-A08EB0F27FD3}) (Version: 1.01.0618 - Rovio)
Application Verifier x64 External Package (Version: 8.100.26936 - Microsoft) Hidden
Archeblade (HKLM-x32\...\Steam App 207230) (Version: - CodeBrush Games)
Aura Kingdom (HKLM-x32\...\Steam App 268420) (Version: - X-Legend)
Auto Typer by MurGee v1.12 (HKLM-x32\...\{D04D8636-FB60-47FD-8F8C-18D475C52456}_is1) (Version: 1.12 - MurGee.com)
Brawlhalla (HKLM-x32\...\Steam App 291550) (Version: - Blue Mammoth Games)
Bridge Designer 2016 (2nd Edition) (remove only) (HKLM-x32\...\Bridge Designer 2016 (2nd Edition)) (Version: - )
Clownfish for Skype (HKLM-x32\...\Clownfish) (Version: - )
Cok Free Auto Typer 3.0 (HKLM-x32\...\Cok Free Auto Typer_is1) (Version: 3.0 - Cok Free Software)
Comparing (HKLM-x32\...\InstallShield_{233EE2F2-EDA8-4C70-ABC3-D656D67D2CD5}) (Version: 1.00.2012.0921 - Tong child Research & Planning Co.,Ltd)
Comparing (x32 Version: 1.00.2012.0921 - Tong child Research & Planning Co.,Ltd) Hidden
Credit-Aid_HOME 9.0.0 (HKLM-x32\...\Credit-Aid_HOME) (Version: 9.0.0 - Credit Aid Software)
Credit-Aid_HOME_DEMO 9.0.0 (HKLM-x32\...\Credit-Aid_HOME_DEMO) (Version: 9.0.0 - Credit Aid Software)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
Dark Souls (HKLM-x32\...\Dark Souls_is1) (Version: - Martin)
Dark Souls II Crown of the Ivory King (HKLM-x32\...\Dark Souls II Crown of the Ivory King_is1) (Version: - )
Dark Souls Prepare to Die Edition (HKLM-x32\...\GFWL_{4E4D0FA1-F880-4CCB-999A-501000008200}) (Version: 1.0.0000.130 - NAMCO BANDAI Games Europe S.A.S.)
Dark Souls Prepare to Die Edition (x32 Version: 1.0.0000.130 - NAMCO BANDAI Games Europe S.A.S.) Hidden
Dark Souls Prepare To Die Edition version 5.1 (HKLM-x32\...\{B810D852-DFD6-DRKSPTD-89A5-CC4D47756DAF}_is1) (Version: 5.1 - Black_Box)
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.12.0911 - Lenovo)
EducationPortal (HKLM-x32\...\{65487538-FF20-421B-91DB-F6634B8D264C}) (Version: 5.00.012.0617 - Lenovo)
EMSC (x32 Version: 0.0.0.24C - Compal Electronics, Inc.) Hidden
ENE CIR Receiver Driver (HKLM\...\418374E8BD1F08FCA12E6AEC5F8FD985D836DC4B) (Version: 4.0.0.0 - ENE)
Fallout 4 (HKLM-x32\...\Fallout 4_is1) (Version: - )
FileZilla Client 3.16.1 (HKU\S-1-5-21-282325405-1474076517-3493579889-1001\...\FileZilla Client) (Version: 3.16.1 - Tim Kosse)
Find the Differences (HKLM-x32\...\InstallShield_{EAA04F6D-6E10-4267-B824-C35D3B9E0155}) (Version: 1.00.2012.0920 - Tong child Research & Planning Co.,Ltd)
Find the Differences (x32 Version: 1.00.2012.0920 - Tong child Research & Planning Co.,Ltd) Hidden
Finding the Letters (HKLM-x32\...\InstallShield_{535FB733-FFCF-4460-8694-664A2F6C53B4}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd)
Finding the Letters (x32 Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd) Hidden
FreeRide Games (HKLM-x32\...\{6C26A305-4549-4A8A-9F03-25719C03B0FB}) (Version: 07.05.80.00 - Exent Technologies)
Fruits (HKLM-x32\...\InstallShield_{AA39BFDE-71E5-46A6-A10B-44C2F45A341E}) (Version: 1.00.2012.0809 - Tong child Research & Planning Co.,Ltd)
Fruits (x32 Version: 1.00.2012.0809 - Tong child Research & Planning Co.,Ltd) Hidden
GamePortal (HKLM-x32\...\{530A0CD0-4158-45BE-AD45-8DC7019C597F}) (Version: 5.00.012.0605 - Lenovo)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.110 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
GunZ 2: The Second Duel (HKLM-x32\...\Steam App 242720) (Version: - Masangsoft, Inc.)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Kits Configuration Installer (x32 Version: 8.100.25984 - Microsoft) Hidden
Lenovo Assistant (HKLM-x32\...\{B2DE4F30-B8C7-49C0-85B9-2F37A5290F00}) (Version: 2.0.0.27 - Lenovo)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.4.11.0608 - Lenovo)
Lenovo Dashboard (HKLM-x32\...\{FEF1833C-244C-4DF2-AB67-1E1D26921ED8}) (Version: 2.0.0.9 - Lenovo)
Lenovo Dynamic Brightness System (HKLM-x32\...\{D9ED6D06-6002-495E-A7BC-46E6AE386996}) (Version: 4.0.01.44180 - Lenovo)
Lenovo Eye Distance System (HKLM-x32\...\{5183D7AB-D09B-411F-A74E-BBAEA61C6505}) (Version: 4.0.01.44180 - Lenovo)
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.6917 - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.6917 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4521.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4521.52 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1511 - CyberLink Corp.)
Lenovo Rescue System (Version: 4.0.0.1511 - CyberLink Corp.) Hidden
Lenovo USB2.0 UVC Camera (HKLM-x32\...\{70D2C5B8-EB22-45B1-9EAA-5E8C1C408A3B}) (Version: 1.00.0000 - Vimicro Corporation)
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden
Lenovo_Wireless_Driver (HKLM-x32\...\{FF1194C3-E958-442E-A074-D532608A9370}) (Version: 10.00.75 - Lenovo)
LVT (HKLM-x32\...\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}) (Version: 5.00.0914 - Lenovo)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Mammals (HKLM-x32\...\InstallShield_{ACA58CEB-2F74-4095-ADB6-4C1BFB170F64}) (Version: 1.00.2012.0809 - Tong child Research & Planning Co.,Ltd)
Mammals (x32 Version: 1.00.2012.0809 - Tong child Research & Planning Co.,Ltd) Hidden
Matching Roles (HKLM-x32\...\InstallShield_{92736E44-7608-4D80-9333-E40C82B7E8B3}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd)
Matching Roles (x32 Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd) Hidden
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.187 - McAfee, Inc.)
McAfee® Total Protection (HKLM-x32\...\MSC) (Version: 14.0.7086 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{D1D37853-0004-3E36-A7AA-74F4EEA35F64}) (Version: 4.5.50930 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 45.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.2 (x86 en-US)) (Version: 45.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.2.5941 - Mozilla)
MSI Development Tools (x32 Version: 8.100.26898 - Microsoft Corporation) Hidden
Naruto Shippuden Ultimate Ninja Storm Revolution (HKLM-x32\...\Naruto Shippuden Ultimate Ninja Storm Revolution~C68AC28E_is1) (Version: - R.G. Mechanics, ProZorg_tm)
NetStream 1.0 (HKU\S-1-5-21-282325405-1474076517-3493579889-1001\...\NetStream 1.0) (Version: - )
Nitro Pro 8 (HKLM\...\{34BE77EE-B563-49D7-A8A0-FFD76D29BBD3}) (Version: 8.0.10.7 - Nitro)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
Paladins (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF402}) (Version: 0.19.899.6 - Hi-Rez Studios)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.4 - Power Software Ltd)
PremiumSoft Navicat 11.2 for MySQL (HKLM\...\PremiumSoft Navicat for MySQL_is1) (Version: 11.2.6 - PremiumSoft CyberTech Ltd.)
Puzzle (HKLM-x32\...\InstallShield_{6EB7ECE3-E3BE-481D-821B-F1AFFA244D64}) (Version: 1.00.2012.0807 - Tong child Research & Planning Co.,Ltd)
Puzzle (x32 Version: 1.00.2012.0807 - Tong child Research & Planning Co.,Ltd) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6844 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
ROBLOX Player for Alta (HKU\S-1-5-21-282325405-1474076517-3493579889-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version: - ROBLOX Corporation)
Sandboxie 5.10 (64-bit) (HKLM\...\Sandboxie) (Version: 5.10 - Sandboxie Holdings, LLC)
SDK Debuggers (x32 Version: 8.100.26936 - Microsoft Corporation) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 7.21 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.21.100 - Skype Technologies S.A.)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 3.6.3347.0 - Hi-Rez Studios)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
sudoku (HKLM-x32\...\InstallShield_{8C4715DF-8AC9-4F0A-8E35-F9B4CF318FF1}) (Version: 1.00.2012.0807 - Tong child Research & Planning Co.,Ltd)
sudoku (x32 Version: 1.00.2012.0807 - Tong child Research & Planning Co.,Ltd) Hidden
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
The Park (HKLM-x32\...\The Park_is1) (Version: - )
timer (HKLM-x32\...\InstallShield_{9CC4B8EE-A96B-4800-B674-0CF8B4560F45}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd)
timer (x32 Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd) Hidden
Ultimate Bot Setup (HKLM-x32\...\{E3FBF14B-C777-4737-9C49-197FB2C50A30}) (Version: 1.0.0 - Shivinder Singh Narr)
VirtualDJ 8 (HKLM-x32\...\{68A952A1-F666-4A5F-98C9-03EE9625B2E2}) (Version: 8.1.2857.0 - Atomix Productions)
VMware Player (HKLM\...\{57AA4E8A-E2C9-4F1C-B3F1-762C36E34472}) (Version: 12.1.0 - VMware, Inc.)
Wajam (HKLM\...\WajaInterEn Browser Enhancer) (Version: 0.1.56.5 (i1.0) - Wajam) <==== ATTENTION
Warframe (HKLM-x32\...\Steam App 230410) (Version: - Digital Extremes)
Windows Software Development Kit for Windows 8.1 (HKLM-x32\...\{ed3a6e6d-9661-4357-abe4-fcc03dc57a07}) (Version: 8.100.26936 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.31 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.1 - win.rar GmbH)
Wireshark 2.0.2 (64-bit) (HKLM-x32\...\Wireshark) (Version: 2.0.2 - The Wireshark developer community, hxxps://www.wireshark.org)
Wizard101 (HKU\S-1-5-21-282325405-1474076517-3493579889-1001\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
WPT Redistributables (x32 Version: 8.100.26936 - Microsoft) Hidden
WPTx64 (x32 Version: 8.100.26936 - Microsoft) Hidden
XAMPP (HKLM-x32\...\xampp) (Version: 7.0.4-0 - Bitnami)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-282325405-1474076517-3493579889-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Alta\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-282325405-1474076517-3493579889-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-282325405-1474076517-3493579889-1001_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Alta\AppData\Local\Roblox\Versions\version-3334c46e6d704f6d\RobloxProxy64.dll (ROBLOX Corporation)
CustomCLSID: HKU\S-1-5-21-282325405-1474076517-3493579889-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {4E9E5B92-073A-496D-855F-6E077941D5BD} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {53AA39D3-3168-4165-A009-58667F1EB44C} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-altagraciad21@gmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-01-07] (Adobe Systems Incorporated)
Task: {7577C948-41AF-4DD2-B36B-1CEBC9462FEC} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {7CDACD9F-5B93-4A3C-B20E-89EF9223E115} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-31] (Google Inc.)
Task: {7E1243AD-69E3-4816-80E1-0012B650F3A8} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-04-10] (Microsoft Corporation)
Task: {A894CFF4-3642-438F-9B85-46ABFEDC20AF} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-07] (Adobe Systems Incorporated)
Task: {C52B30F2-1B7E-4755-B898-1F1A733C2BA9} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {CF1F43C1-F533-4F11-923B-3EF83FA20BFE} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2016-01-03] (McAfee, Inc.)
Task: {CF7F6395-BEE3-42E4-9BBB-A78EB5DB7BFC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-31] (Google Inc.)
Task: {D9146533-8650-410D-BA29-54300559C073} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {EB3AF1FE-273B-4AAD-8A61-92BF4A381C07} - System32\Tasks\OFFICE2013ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] ()
Task: {FBF7B369-74E1-4EC8-AE10-CE284F0F6981} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-11-03] (McAfee, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Alta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KingsIsle Entertainment\Wizard101\Report a bug.lnk -> C:\ProgramData\KingsIsle Entertainment\Wizard101\Bin\BugReporter.bat (No File)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2013-06-03 15:52 - 2011-03-15 23:47 - 00032768 _____ () C:\Windows\jmesoft\Service.exe
2016-03-01 23:39 - 2016-02-23 07:27 - 02654872 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-03-01 23:39 - 2016-02-23 07:27 - 02654872 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-02-14 11:51 - 2016-01-22 14:55 - 00553136 ____N () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-02-21 17:38 - 2016-02-21 17:38 - 00230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2016-01-13 22:23 - 2015-12-07 00:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-03-01 23:38 - 2016-02-23 04:36 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-01-13 22:26 - 2016-01-04 21:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-13 22:24 - 2016-01-04 21:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-28 14:48 - 2016-01-16 01:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-28 14:48 - 2016-01-16 01:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2013-06-03 15:52 - 2011-03-15 23:49 - 00028672 _____ () C:\Windows\jmesoft\ServiceLoader.exe
2013-06-03 15:52 - 2011-05-17 16:54 - 00024576 _____ () C:\Windows\jmesoft\JME_LOAD.exe
2016-02-14 11:51 - 2016-01-22 14:54 - 31420080 ____N () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2016-02-12 18:50 - 2016-02-12 18:51 - 03214848 _____ () C:\Users\Alta\Desktop\MM\DS4Windows.exe
2015-11-25 22:10 - 2015-11-25 22:10 - 01301696 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
2016-01-05 21:55 - 2016-03-10 20:56 - 00783360 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-01-05 21:55 - 2015-07-03 12:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-01-05 21:55 - 2016-03-31 16:55 - 02549840 _____ () C:\Program Files (x86)\Steam\video.dll
2016-01-05 21:55 - 2015-07-03 12:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-01-05 21:55 - 2015-07-03 12:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-01-05 21:55 - 2016-02-08 19:14 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-01-05 21:55 - 2016-02-08 19:14 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-01-05 21:55 - 2016-02-08 19:14 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-01-05 21:55 - 2016-02-08 19:14 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-01-05 21:55 - 2016-02-08 19:14 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-01-05 21:55 - 2016-03-31 16:55 - 00829008 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-09 08:33 - 2016-02-17 18:25 - 00281088 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2015-10-30 03:17 - 2015-10-30 03:17 - 01021792 _____ () C:\Windows\SYSTEM32\speech\engines\tts\MSTTSEngine.dll
2015-10-30 03:17 - 2015-10-30 03:17 - 00528384 _____ () C:\Windows\SYSTEM32\speech\engines\tts\MSTTSLoc.DLL
2015-12-23 13:23 - 2015-12-23 13:23 - 00393608 _____ () C:\Users\Alta\AppData\Roaming\Curse Client\Bin\opus.dll
2015-12-23 17:15 - 2016-04-11 11:41 - 00525192 _____ () C:\Users\Alta\AppData\Roaming\Curse Client\Bin\Curse.Presto.Interface.dll
2013-06-03 15:52 - 2011-05-17 16:27 - 00028672 _____ () C:\Windows\jmesoft\hidhook.dll
2009-12-04 19:59 - 2009-12-04 19:59 - 00619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
2009-12-04 20:04 - 2009-12-04 20:04 - 00013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
2016-02-14 11:51 - 2016-01-28 13:32 - 40523456 ____N () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2016-02-14 11:51 - 2016-01-28 13:32 - 01365696 ____N () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libglesv2.dll
2016-02-14 11:51 - 2016-01-28 13:32 - 00219328 ____N () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libegl.dll
2016-01-05 21:55 - 2016-02-08 21:33 - 48400672 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2016-01-21 01:22 - 2016-01-21 01:22 - 00124416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2016-01-21 01:22 - 2016-01-21 01:22 - 00188416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2016-01-21 01:23 - 2016-01-21 01:23 - 00121344 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2016-01-21 01:23 - 2016-01-21 01:23 - 00129536 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2016-02-12 11:24 - 2016-02-12 11:24 - 00158400 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\native\ProxyResolverWin.dll
2016-01-21 01:22 - 2016-01-21 01:22 - 00081408 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2016-03-24 12:35 - 2016-03-24 12:34 - 01690504 _____ () C:\Users\Alta\AppData\Roaming\Curse Client\Bin\Electron\libglesv2.dll
2016-03-24 12:35 - 2016-03-24 12:34 - 00018312 _____ () C:\Users\Alta\AppData\Roaming\Curse Client\Bin\Electron\libegl.dll
2013-06-03 15:48 - 2012-06-24 22:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2016-04-08 17:55 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-282325405-1474076517-3493579889-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Alta\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\lenovowallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{C3F2DB39-04E5-4260-92A5-BB20EDA2800B}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{BC7D927E-0E84-4A79-918A-2A86A489170E}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{7DA9D0AF-2BFB-42CC-9218-488C07A6D87B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GunZ 2 The Second Duel\Gunz2_Steam.exe
FirewallRules: [{07DEE51E-7BE0-4848-B00B-85E3DE10BD1B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GunZ 2 The Second Duel\Gunz2_Steam.exe
FirewallRules: [{5215A7EA-BC64-4AB1-82F4-B8EE83623205}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{7855F735-56D3-4AF6-ABC4-50EF24E99779}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{DB8E487E-D26F-49E4-A289-F74D3775F915}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{7AD526A8-6F31-4EC5-A777-BE5800AB422B}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{3979A36D-61F3-4690-9E69-F4045EEA449E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B39309CA-278B-48DC-8D64-C946D1A40EC4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CE285CD7-F1BB-4FEF-99CB-FF671625B1EA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{266D3773-37CD-4546-BB49-6018587584F3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{0543AB4E-EECA-4B14-B3B3-A99A149C09B3}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{6D760B13-8971-4499-968E-0D9026DCADE4}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{3A3AB2CC-BA3D-4C15-8481-8D01BCE70E4A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{E9C15413-794D-4D84-9079-983FF76ADFA2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{CD8A923D-C967-4F21-9041-E0566DA536F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{84A54BAE-F148-4108-B08A-2FE3D21A9EB7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{D47A43E7-D32F-4113-B0D4-DEB7EED1FF05}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{EB30A14D-3217-4AC9-8A00-46163C1762CF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{7EF79FBB-D38D-4E4C-A795-5ECBAEDB434B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{51622897-7D9D-4853-9937-A2ACEA9350D6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{A865664F-6338-4E03-A675-AABC988B0EF0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{2962CC96-6458-47B7-A01B-F19CBB716CC0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{6249E786-051F-484E-905E-B6F3998B751E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{FDA6E028-64F8-4A51-BE49-D98ECA49B119}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{DCAC1A04-80F9-40C9-8E06-2B8A3B9866BC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{80FE1114-133D-4762-9459-71034F14081E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{463AA68D-BF7D-4773-8FC8-C22FA705229F}] => (Allow) C:\Credit-Aid_HOME\Credit-Aid Home.exe
FirewallRules: [{E3E9E7BB-C780-4991-89EF-401ED9B27B0F}] => (Allow) C:\Credit-Aid_HOME\Credit-Aid Home.exe
FirewallRules: [{AFA2F38A-1111-4A3F-B74A-1E3CDBCAEAA7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Aura Kingdom\Launcher.exe
FirewallRules: [{7B227985-8797-43FF-AC7F-EC0921759194}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Aura Kingdom\Launcher.exe
FirewallRules: [{8587E638-3DE5-4B87-978C-F9371FD1B2F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Aura Kingdom\game.bin
FirewallRules: [{4D86D816-B21B-4081-A5E7-0506EBFEDBF3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Aura Kingdom\game.bin
FirewallRules: [{A370814B-F2D9-4274-ACCE-6C7D7A25038E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Aura Kingdom\game.bin
FirewallRules: [{E9EF9B14-0668-46D6-8109-715401945509}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Aura Kingdom\game.bin
FirewallRules: [{90B9C751-071E-4041-BA25-44C98746F2C5}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{4F93BB54-5F33-4924-912B-8107542F1EA0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ArcheBlade\Binaries\Win32\Archeblade.exe
FirewallRules: [{5EA4AADA-3849-4D3B-8742-31CAEBF7DB93}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ArcheBlade\Binaries\Win32\Archeblade.exe
FirewallRules: [{D7C11135-DD99-4C21-BF8B-9FC1A22CB7D7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{50A7093E-4248-4D83-8004-B0CF84ECA56F}] => (Allow) C:\WINDOWS\system32\rundll32.exe

==================== Restore Points =========================

10-04-2016 18:57:30 End of disinfection
11-04-2016 20:46:05 Removed VirtualDJ PRO Full

==================== Faulty Device Manager Devices =============

Name: Unknown USB Device (Device Descriptor Request Failed)
Description: Unknown USB Device (Device Descriptor Request Failed)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.

Name: COMPAL Embedded System Control
Description: COMPAL Embedded System Control
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: COMPAL
Service: EMSC
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

==================== Event log errors: =========================

Application errors:
==================
Error: (04/16/2016 07:47:20 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: IDEA-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (04/16/2016 07:47:15 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: IDEA-PC)
Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (04/16/2016 07:42:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: IDEA-PC)
Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (04/16/2016 07:42:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: IDEA-PC)
Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (04/16/2016 07:42:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: IDEA-PC)
Description: Activation of app Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (04/16/2016 07:42:26 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: IDEA-PC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!microsoft.windowslive.calendar failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (04/16/2016 07:36:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: IDEA-PC)
Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (04/16/2016 07:33:15 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: IDEA-PC)
Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (04/16/2016 07:32:44 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4

Error: (04/16/2016 07:31:03 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: IDEA-PC)
Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

System errors:
=============
Error: (04/16/2016 06:35:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%1053

Error: (04/16/2016 06:35:24 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

Error: (04/16/2016 06:35:23 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Delivery Optimization service hung on starting.

Error: (04/16/2016 06:32:22 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the JME Keyboard service.

Error: (04/16/2016 06:30:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The luafv service failed to start due to the following error:
%%1275

Error: (04/16/2016 06:30:25 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/16/2016 06:30:17 PM) (Source: DCOM) (EventID: 10005) (User: IDEA-PC)
Description: 1084WSearchUnavailable{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (04/16/2016 06:30:14 PM) (Source: DCOM) (EventID: 10005) (User: IDEA-PC)
Description: 1084WSearchUnavailable{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (04/16/2016 06:29:16 PM) (Source: DCOM) (EventID: 10005) (User: IDEA-PC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (04/16/2016 06:29:16 PM) (Source: DCOM) (EventID: 10005) (User: IDEA-PC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

CodeIntegrity:
===================================
Date: 2016-04-07 00:06:41.707
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Sound+\SoundP.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-04-07 00:06:41.678
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Sound+\SoundP.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-04-04 20:05:45.880
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\VimicroAPOX64.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-04-04 18:36:51.139
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\VimicroAPOX64.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-28 17:07:05.892
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\VimicroAPOX64.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-28 17:06:53.346
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\VimicroAPOX64.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-28 17:06:24.838
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\VimicroAPOX64.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-25 16:13:55.857
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\VimicroAPOX64.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-24 15:22:55.181
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-17 17:20:56.100
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\VimicroAPOX64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Pentium® CPU G2030 @ 3.00GHz
Percentage of memory in use: 83%
Total physical RAM: 3992.27 MB
Available physical RAM: 657.98 MB
Total Virtual: 6040.27 MB
Available Virtual: 2360.05 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:904.47 GB) (Free:689.07 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: EEB940CA)

Partition: GPT.

==================== End of Addition.txt ============================

There you go.

#5 BlackListed

Authentic Member

Authentic Member
33 posts

Posted 16 April 2016 - 06:02 PM

By the way I see in my logs that I have "uTorrent" how can I remove that.

#6 LiquidTension

SuperMember

Retired Classroom Teacher
2,566 posts

Posted 16 April 2016 - 07:58 PM

Hello BlackListed,

Before proceeding, I would like to make it abundantly clear on our views associated with P2P filesharing and cracked software. The inherent dangers of such practices pose a significant risk to your computer. At WhatTheTech, we do not tolerate usage of cracked software - especially by those representing this site.

Naruto Shippuden Ultimate Ninja Storm Revolution, and any other cracked software must be removed immediately from your computer. The script below will address uTorrent and the aforementioned programme - you must remove any other cracked software you have installed as well. Please refer to the following links on the dangers of P2P file sharing and cracked software.

Please carry out the instructions below, and provide the generated log.

STEP 1
Uninstall Software

Press the Windows Key + r on your keyboard at the same time. Type appwiz.cpl and click OK.
Search for the following programme(s), right-click and click Uninstall.
- Naruto Shippuden Ultimate Ninja Storm Revolution
- Wajam
Follow the prompts.
Note: If you are offered the choice to install additional software, ensure you decline.
Reboot your computer.
Please let me know if uninstallation was successful.

STEP 2
Farbar Recovery Scan Tool (FRST) Script

Press the Windows Key + r on your keyboard at the same time. Type Notepad and click OK.

Copy the entire contents of the codebox below and paste into the Notepad document.

start
CreateRestorePoint:
(BitTorrent Inc.) C:\Users\Alta\AppData\Roaming\uTorrent\uTorrent.exe
(BitTorrent Inc.) C:\Users\Alta\AppData\Roaming\uTorrent\updates\3.4.6_42094\utorrentie.exe
(BitTorrent Inc.) C:\Users\Alta\AppData\Roaming\uTorrent\updates\3.4.6_42094\utorrentie.exe
HKU\S-1-5-21-282325405-1474076517-3493579889-1001\...\Run: [uTorrent] => C:\Users\Alta\AppData\Roaming\uTorrent\uTorrent.exe [1959424 2016-04-08] (BitTorrent Inc.)
2016-04-11 09:39 - 2016-04-16 18:31 - 00000000 ____D C:\Users\Alta\AppData\LocalLow\uTorrent
C:\Users\Alta\AppData\Roaming\uTorrent
SearchScopes: HKLM -> {fcd9f10e-0daa-405f-bca0-0dd3f37c59d9} URL =
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}
FF DefaultSearchEngine.US: Secure Search
CHR HomePage: Default -> search.mpc.am
CHR StartupUrls: Default -> "search.mpc.am"
2016-04-07 00:19 - 2016-04-07 00:19 - 00000000 ____D C:\Users\Alta\AppData\Roaming\MCorp
2016-04-06 23:57 - 2016-04-06 23:57 - 00002560 _____ C:\Users\Alta\AppData\Local\uninstall.exe
2016-04-06 23:57 - 2016-04-06 23:57 - 00000000 ____D C:\Users\Alta\AppData\Roaming\vnlgp
2016-04-06 23:56 - 2016-04-06 23:56 - 00000034 ___SH C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
2016-04-11 09:41 - 2016-01-24 14:41 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-03-21 23:20 - 2016-03-22 11:50 - 00000000 ____D C:\Users\Alta\Downloads\NARUTO.SHIPPUDEN.Ultimate.Ninja.STORM.4-CODEX
2016-03-21 15:06 - 2016-03-21 15:06 - 00000000 ____D C:\Users\Alta\AppData\Roaming\Naruto Shippuden Ultimate Ninja Storm Revolution
2016-03-21 15:06 - 2016-03-21 15:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2016-03-21 14:54 - 2016-03-21 14:54 - 00000000 ____D C:\Program Files (x86)\R.G. Mechanics
2016-03-21 14:17 - 2016-03-21 14:48 - 00000000 ____D C:\Users\Alta\Downloads\[R.G. Mechanics] Naruto Shippuden - Ultimate Ninja Storm Revolution
Folder: C:\WINDOWS\system32\SSL
Folder: C:\ProgramData\tmp
CMD: ipconfig /flushdns
Reboot:
end

Click File, Save As and type fixlist.txt as the File Name.
Important: The file must be saved in the same location as FRST64.exe.

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

Right-click FRST64.exe and select Run as administrator to run the programme.
Click Fix.
A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.

Would you like to help others with malware removal? Join our Classroom and learn how!

#7 BlackListed

Authentic Member

Authentic Member
33 posts

Posted 16 April 2016 - 08:06 PM

Erm, Wajam is not on my computer it says and it's been a while since I use utorrent and I was not aware of this. Sorry for the inconvenience.

#8 LiquidTension

SuperMember

Retired Classroom Teacher
2,566 posts

Posted 16 April 2016 - 08:11 PM

Hello BlackListed,

Pleas skip uninstallation of Wajam - we will return to this in due course. Ensure the other programme is uninstalled, and proceed with the FRST Script.

Thank you.

Would you like to help others with malware removal? Join our Classroom and learn how!

#9 BlackListed

Authentic Member

Authentic Member
33 posts

Posted 16 April 2016 - 08:15 PM

Ok here is the fixlog files

Fix result of Farbar Recovery Scan Tool (x64) Version:17-04-2016
Ran by Alta (2016-04-16 22:07:29) Run:1
Running from C:\Users\Alta\Desktop
Loaded Profiles: Alta (Available Profiles: Alta)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
(BitTorrent Inc.) C:\Users\Alta\AppData\Roaming\uTorrent\uTorrent.exe
(BitTorrent Inc.) C:\Users\Alta\AppData\Roaming\uTorrent\updates\3.4.6_42094\utorrentie.exe
(BitTorrent Inc.) C:\Users\Alta\AppData\Roaming\uTorrent\updates\3.4.6_42094\utorrentie.exe
HKU\S-1-5-21-282325405-1474076517-3493579889-1001\...\Run: [uTorrent] => C:\Users\Alta\AppData\Roaming\uTorrent\uTorrent.exe [1959424 2016-04-08] (BitTorrent Inc.)
2016-04-11 09:39 - 2016-04-16 18:31 - 00000000 ____D C:\Users\Alta\AppData\LocalLow\uTorrent
C:\Users\Alta\AppData\Roaming\uTorrent
SearchScopes: HKLM -> {fcd9f10e-0daa-405f-bca0-0dd3f37c59d9} URL =
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}
FF DefaultSearchEngine.US: Secure Search
CHR HomePage: Default -> search.mpc.am
CHR StartupUrls: Default -> "search.mpc.am"
2016-04-07 00:19 - 2016-04-07 00:19 - 00000000 ____D C:\Users\Alta\AppData\Roaming\MCorp
2016-04-06 23:57 - 2016-04-06 23:57 - 00002560 _____ C:\Users\Alta\AppData\Local\uninstall.exe
2016-04-06 23:57 - 2016-04-06 23:57 - 00000000 ____D C:\Users\Alta\AppData\Roaming\vnlgp
2016-04-06 23:56 - 2016-04-06 23:56 - 00000034 ___SH C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
2016-04-11 09:41 - 2016-01-24 14:41 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-03-21 23:20 - 2016-03-22 11:50 - 00000000 ____D C:\Users\Alta\Downloads\NARUTO.SHIPPUDEN.Ultimate.Ninja.STORM.4-CODEX
2016-03-21 15:06 - 2016-03-21 15:06 - 00000000 ____D C:\Users\Alta\AppData\Roaming\Naruto Shippuden Ultimate Ninja Storm Revolution
2016-03-21 15:06 - 2016-03-21 15:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2016-03-21 14:54 - 2016-03-21 14:54 - 00000000 ____D C:\Program Files (x86)\R.G. Mechanics
2016-03-21 14:17 - 2016-03-21 14:48 - 00000000 ____D C:\Users\Alta\Downloads\[R.G. Mechanics] Naruto Shippuden - Ultimate Ninja Storm Revolution
Folder: C:\WINDOWS\system32\SSL
Folder: C:\ProgramData\tmp
CMD: ipconfig /flushdns
Reboot:
end
*****************

Restore point was successfully created.
[6632] C:\Users\Alta\AppData\Roaming\uTorrent\uTorrent.exe => process closed successfully.
[4536] C:\Users\Alta\AppData\Roaming\uTorrent\updates\3.4.6_42094\utorrentie.exe => process closed successfully.
[6820] C:\Users\Alta\AppData\Roaming\uTorrent\updates\3.4.6_42094\utorrentie.exe => process closed successfully.
HKU\S-1-5-21-282325405-1474076517-3493579889-1001\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent => value removed successfully
C:\Users\Alta\AppData\LocalLow\uTorrent => moved successfully
C:\Users\Alta\AppData\Roaming\uTorrent => moved successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{fcd9f10e-0daa-405f-bca0-0dd3f37c59d9}" => key removed successfully
HKCR\CLSID\{fcd9f10e-0daa-405f-bca0-0dd3f37c59d9} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{4FF78044-96B4-4312-A5B7-FDA3CB328095}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{4FF78044-96B4-4312-A5B7-FDA3CB328095}" => key removed successfully
Firefox DefaultSearchEngine.US removed successfully
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
C:\Users\Alta\AppData\Roaming\MCorp => moved successfully
C:\Users\Alta\AppData\Local\uninstall.exe => moved successfully
C:\Users\Alta\AppData\Roaming\vnlgp => moved successfully
C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE} => moved successfully
C:\ProgramData\boost_interprocess => moved successfully
C:\Users\Alta\Downloads\NARUTO.SHIPPUDEN.Ultimate.Ninja.STORM.4-CODEX => moved successfully
"C:\Users\Alta\AppData\Roaming\Naruto Shippuden Ultimate Ninja Storm Revolution" => not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics" => not found.
C:\Program Files (x86)\R.G. Mechanics => moved successfully
C:\Users\Alta\Downloads\[R.G. Mechanics] Naruto Shippuden - Ultimate Ninja Storm Revolution => moved successfully

========================= Folder: C:\WINDOWS\system32\SSL ========================

2016-04-06 22:33 - 2016-04-06 22:33 - 0000858 _____ () C:\WINDOWS\system32\SSL\1a01ed58e6645ac7.cer
2016-04-06 22:33 - 2016-04-06 22:34 - 0007206 _____ () C:\WINDOWS\system32\SSL\cert.db

====== End of Folder: ======

========================= Folder: C:\ProgramData\tmp ========================

2016-01-14 15:01 - 2016-04-13 08:33 - 0002058 _____ () C:\ProgramData\tmp\rwstjg.tmp
2016-04-13 08:33 - 2016-04-13 08:33 - 0000000 ____D () C:\ProgramData\tmp\hps212985093_19208_SafeRegion

====== End of Folder: ======

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

The system needed a reboot.

==== End of Fixlog 22:08:14 ====

#10 LiquidTension

SuperMember

Retired Classroom Teacher
2,566 posts

Posted 16 April 2016 - 08:33 PM

Hello BlackListed,

I would like to take a look at the file detected by Malwarebytes Anti-Malware. Please provide the file in you next reply.

Disconnect your computer from the Internet.
Open Malwarebytes Anti-Malware.
Click History.
Click WindowsApplication6.exe, followed by Restore.
Press the Windows Key + r on your keyboard at the same time. Type %temp% and click OK.
Right-click WindowsApplication6.exe and click Send to, followed by Zipped (compressed) folder.
Delete WindowsApplication6.exe and empty your Recycle Bin afterwards.
Reconnect to the Internet.
Upload the .zip file in your %temp% folder to SendSpace, and provide a download link in your next reply.

Please proceed with the following instructions below.

SystemLook

Please download SystemLook (x64) and save the file to your Desktop.
Right-click SystemLook_x64.exe and select Run as administrator to run the programme.

Copy the entire contents of the codebox below and paste into the textfield.

:filefind
*wajam*
*naruto*
*torrent*

:folderfind
*wajam*
*naruto*
*torrent*

:regfind
wajam
naruto
torrent

Click the button to start the scan.
Upon completion, a log (SystemLook.txt) will open. Copy the contents of the log and paste in your next reply.
Click the button.

Would you like to help others with malware removal? Join our Classroom and learn how!

Advertisements

Register to Remove

#11 BlackListed

Authentic Member

Authentic Member
33 posts

Posted 16 April 2016 - 08:39 PM

Are you sure about this restore?

#12 BlackListed

Authentic Member

Authentic Member
33 posts

Posted 16 April 2016 - 08:41 PM

Is it for research purposes or?

#13 LiquidTension

SuperMember

Retired Classroom Teacher
2,566 posts

Posted 16 April 2016 - 08:43 PM

Yes, I would like to ascertain the nature of the detected file.

Providing you do not execute the file (double-click), there will be no negative consequences for restoring, zipping and deleting the file as per my instructions. There are no loading points, or automated means for execution of the file.

Would you like to help others with malware removal? Join our Classroom and learn how!

#14 BlackListed

Authentic Member

Authentic Member
33 posts

Posted 16 April 2016 - 08:45 PM

Alright just being cautious. And would uploading to Dropbox be fine as well?

#15 LiquidTension

SuperMember

Retired Classroom Teacher
2,566 posts

Posted 16 April 2016 - 08:52 PM

There's no harm in exercising caution. SendSpace would be my preferred method of hosting.

Would you like to help others with malware removal? Join our Classroom and learn how!

Body Background

skin color theme