Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bsdriver Win10


  • This topic is locked This topic is locked
37 replies to this topic

#1 gregafish

gregafish

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Location:norfolk engalnd
  • Local time:07:38 PM

Posted 06 September 2015 - 05:44 AM

Hi, I believe this is the file infecting my computer and periodically installing more adware programs Some of these programs I have managed to remove but I think some remain. Any help would be great, I have run out of ideas, as the file itself is in system and I don't know to to delete it. I hope these log files are as you need.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-09-2015
Ran by gregtinder1988 (administrator) on WIN-JB8A7APJU9F (06-09-2015 10:42:46)
Running from C:\Users\gregtinder1988\Downloads
Loaded Profiles: gregtinder1988 (Available Profiles: gregtinder1988)
Platform: Windows 10 Pro (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\00000011-1440783126-0000-0000-BCEE7BB93103\knswAB8B.tmpfs
() C:\Program Files (x86)\00000011-1440783126-0000-0000-BCEE7BB93103\jnsg74CD.tmp
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
() C:\Program Files (x86)\00000011-1440783126-0000-0000-BCEE7BB93103\hnskA5E1.tmp
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
(Microsoft Corporation) C:\Windows\System32\wermgr.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161728 2015-08-09] (IvoSoft)
HKLM-x32\...\Run: [gmsd_gb_005010074] => [X]
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [gmsd_gb_005010078] => C:\Program Files (x86)\gmsd_gb_005010078\gmsd_gb_005010078.exe [3981968 2015-09-02] ()
HKU\S-1-5-21-1997882694-1096448110-3519574286-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-1997882694-1096448110-3519574286-1000\...\Run: [Super Optimizer] => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe [676400 2015-08-19] ()
HKU\S-1-5-21-1997882694-1096448110-3519574286-1000\...\RunOnce: [Uninstall C:\Users\gregtinder1988\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\gregtinder1988\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-1997882694-1096448110-3519574286-1000\...\RunOnce: [Uninstall C:\Users\gregtinder1988\AppData\Local\Microsoft\OneDrive\17.3.5892.0626] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\gregtinder1988\AppData\Local\Microsoft\OneDrive\17.3.5892.0626"
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => No File
AppInit_DLLs:  C:\ProgramData\FlashBeat\FlashBeat64.dll => No File
AppInit_DLLs:  C:\ProgramData\ExtTag\Tempfax.dll => No File
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => No File
AppInit_DLLs-x32:  C:\ProgramData\FlashBeat\FlashBeat32.dll => No File
AppInit_DLLs-x32:  C:\ProgramData\ExtTag\Rundom.dll => No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09] (IvoSoft)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicyScripts: Group Policy detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{be285ae5-0c11-431d-90f2-d0c51a7b3f43}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{be285ae5-0c11-431d-90f2-d0c51a7b3f43}: [DhcpNameServer] 8.8.8.8
 
Internet Explorer:
==================
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
HKU\S-1-5-21-1997882694-1096448110-3519574286-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByQRrdKFhHaQC0VZxEnkH8bvc85UNNFpMPINzVs57abe4eWCByQOjar1taAu919hXRXi1wG3o7d08f6lBNd3OoQVW2_NqjEG5CFvvTIELLhT0_8M52C37qYduojlio-VC409JDuRCjqxypVEoZwRkz9GqtpSG&q={searchTerms}
HKU\S-1-5-21-1997882694-1096448110-3519574286-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByQRrdKFhHaQC0VZxEnkH8bvc85UNNFpMPINzVs57abe4eWCByQOjar1taAu919hXRXi1wG3o7d08f6lBNd3OoQVW2_NqjEG5CFvvTIELLhT0_8M52C37qYduojlio-VC409JDuRCjqxypVEoZwRkz9GqtpSG&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2013-11-15] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09] (IvoSoft)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2013-11-02] (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2015-08-09] (IvoSoft)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2013-11-15] (Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09] (IvoSoft)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2013-11-02] (Microsoft Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2015-08-09] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09] (IvoSoft)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @iqiyi.com/npclient -> C:\IQIYI Video\LStyle\npclient.dll [No File]
FF Plugin: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [No File]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2013-11-15] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-28] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2013-11-15] (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [{0420BEC0-F2C1-4578-8F19-471B9E5C63A5}] - C:\Program Files\shopperz240820151333\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{0420BEC0-F2C1-4578-8F19-471B9E5C63A5}] - C:\Program Files\shopperz240820151333\Firefox
 
Chrome: 
=======
CHR Profile: C:\Users\gregtinder1988\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\gregtinder1988\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-28]
CHR Extension: (Google Drive) - C:\Users\gregtinder1988\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-28]
CHR Extension: (YouTube) - C:\Users\gregtinder1988\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-28]
CHR Extension: (Google Search) - C:\Users\gregtinder1988\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-28]
CHR Extension: (Google Docs Offline) - C:\Users\gregtinder1988\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-06]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\gregtinder1988\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\gregtinder1988\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-28]
CHR Extension: (Gmail) - C:\Users\gregtinder1988\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-28]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-03] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 jimocoso; C:\Program Files (x86)\00000011-1440783126-0000-0000-BCEE7BB93103\jnsg74CD.tmp [227328 2015-08-28] () [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 totyseku; C:\Program Files (x86)\00000011-1440783126-0000-0000-BCEE7BB93103\hnskA5E1.tmp [137728 2015-08-28] () [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
R2 cocokuse; C:\Program Files (x86)\00000011-1440783126-0000-0000-BCEE7BB93103\knswAB8B.tmpfs [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4325544 2015-08-28] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-08-28] (Advanced Micro Devices)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [100776 2015-08-23] (ASUS Corporation)
R1 bsdriver; C:\WINDOWS\system32\drivers\bsdriver.sys [34720 2015-08-28] ()
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [895256 2015-08-28] (Realtek                                            )
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
S1 {f4cb9340-0dd7-4463-b9a3-827f5fa2a8ee}Gw64; system32\drivers\{f4cb9340-0dd7-4463-b9a3-827f5fa2a8ee}Gw64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-06 10:46 - 2015-09-06 10:46 - 00016148 _____ C:\Windows\system32\WIN-JB8A7APJU9F_gregtinder1988_HistoryPrediction.bin
2015-09-06 10:42 - 2015-09-06 10:47 - 00015332 _____ C:\Users\gregtinder1988\Downloads\FRST.txt
2015-09-06 10:36 - 2015-09-06 10:46 - 00000000 ____D C:\FRST
2015-09-06 10:36 - 2015-09-06 10:36 - 01654272 _____ C:\Users\gregtinder1988\Downloads\AdwCleaner (1).exe
2015-09-06 10:35 - 2015-09-06 10:36 - 01654272 _____ C:\Users\gregtinder1988\Downloads\AdwCleaner.exe
2015-09-06 10:34 - 2015-09-06 10:36 - 02188800 _____ (Farbar) C:\Users\gregtinder1988\Downloads\FRST64.exe
2015-09-06 10:20 - 2015-09-06 10:22 - 00000000 ____D C:\Users\gregtinder1988\Documents\To Sort
2015-09-06 09:56 - 2015-09-06 09:56 - 00000000 ____D C:\Windows\system32\Drivers\some folder
2015-09-06 09:15 - 2015-09-06 09:15 - 00003414 _____ C:\Windows\System32\Tasks\Super Optimizer Schedule
2015-09-06 09:15 - 2015-09-06 09:15 - 00000000 ____D C:\Users\gregtinder1988\AppData\Roaming\Super Optimizer
2015-09-06 09:10 - 2015-09-06 09:10 - 00001161 _____ C:\Users\gregtinder1988\Desktop\Super Optimizer.lnk
2015-09-06 09:10 - 2015-09-06 09:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Optimizer
2015-09-06 09:09 - 2015-09-06 09:10 - 00000000 ____D C:\Program Files (x86)\Super Optimizer
2015-09-06 08:36 - 2015-09-06 08:36 - 00000538 _____ C:\Windows\PFRO.log
2015-09-06 08:21 - 2015-09-06 08:21 - 00000405 _____ C:\Users\gregtinder1988\AppData\Roaming\Microsoft\Windows\Start Menu\Control Panel.lnk
2015-09-06 08:08 - 2015-09-06 10:17 - 00000000 ____D C:\Users\gregtinder1988\AppData\Local\ClassicShell
2015-09-06 08:08 - 2015-09-06 08:08 - 00000000 ____D C:\ProgramData\ClassicShell
2015-09-06 08:08 - 2015-09-06 08:06 - 00002140 _____ C:\Users\gregtinder1988\AppData\Roaming\Microsoft\Windows\Start Menu\startscreen.lnk
2015-09-06 08:06 - 2015-09-06 08:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
2015-09-06 08:06 - 2015-09-06 08:06 - 00000000 ____D C:\Program Files\Classic Shell
2015-09-06 08:05 - 2015-09-06 08:06 - 06946544 _____ (IvoSoft) C:\Users\gregtinder1988\Downloads\ClassicShellSetup_4_2_4.exe
2015-09-06 06:45 - 2015-09-06 08:55 - 00000275 _____ C:\Windows\WindowsUpdate.log
2015-09-06 05:27 - 2015-09-06 05:43 - 00000000 ____D C:\Users\gregtinder1988\AppData\Roaming\Apple Computer
2015-09-06 05:27 - 2015-09-06 05:27 - 00001824 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-09-06 05:27 - 2015-09-06 05:27 - 00000000 ____D C:\Users\gregtinder1988\AppData\Local\Apple Computer
2015-09-06 05:27 - 2015-09-06 05:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-09-06 05:27 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2015-09-06 05:26 - 2015-09-06 05:27 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-09-06 05:26 - 2015-09-06 05:27 - 00000000 ____D C:\Program Files\iTunes
2015-09-06 05:26 - 2015-09-06 05:26 - 00000000 ____D C:\ProgramData\Apple Computer
2015-09-06 05:26 - 2015-09-06 05:26 - 00000000 ____D C:\Program Files\iPod
2015-09-06 05:26 - 2015-09-06 05:26 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-09-06 05:25 - 2015-09-06 05:25 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-09-06 05:25 - 2015-09-06 05:25 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2015-09-06 05:25 - 2015-09-06 05:25 - 00000000 ____D C:\Users\gregtinder1988\AppData\Local\Apple
2015-09-06 05:25 - 2015-09-06 05:25 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-09-06 05:24 - 2015-09-06 05:24 - 00000000 ____D C:\Program Files\Bonjour
2015-09-06 05:24 - 2015-09-06 05:24 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-09-06 05:23 - 2015-09-06 05:26 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-09-06 05:22 - 2015-09-06 05:25 - 00000000 ____D C:\ProgramData\Apple
2015-09-06 02:04 - 2015-08-26 09:43 - 909815746 _____ C:\Users\gregtinder1988\Documents\Mad Max Fury Road (2015).mp4
2015-09-05 21:35 - 2015-09-05 21:35 - 00001154 _____ C:\Users\gregtinder1988\Desktop\Free Alarm Clock.lnk
2015-09-05 21:35 - 2015-09-05 21:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Alarm Clock
2015-09-05 21:34 - 2015-09-05 21:35 - 00000000 ____D C:\Program Files (x86)\FreeAlarmClock
2015-09-02 17:31 - 2015-09-02 17:31 - 00000000 ____D C:\Program Files\NixSrv
2015-09-02 17:11 - 2015-09-02 17:11 - 00613255 _____ (CMI Limited) C:\Users\gregtinder1988\AppData\Local\nsfD22.tmp
2015-09-02 17:07 - 2015-09-02 17:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-09-02 17:05 - 2015-09-02 17:05 - 00000000 ____D C:\Users\gregtinder1988\AppData\Local\gmsd_gb_005010078
2015-09-02 17:05 - 2015-09-02 17:05 - 00000000 ____D C:\Program Files (x86)\gmsd_gb_005010078
2015-09-02 17:03 - 2015-09-06 09:13 - 00000392 ____H C:\Windows\Tasks\DDGCUAFQONYARCNQ.job
2015-09-02 17:03 - 2015-09-06 08:55 - 00000380 _____ C:\Windows\Tasks\KGZON1.job
2015-09-02 17:03 - 2015-09-02 17:03 - 00003486 _____ C:\Windows\System32\Tasks\DDGCUAFQONYARCNQ
2015-09-02 17:03 - 2015-09-02 17:03 - 00002942 _____ C:\Windows\System32\Tasks\KGZON1
2015-09-02 17:03 - 2015-09-02 17:03 - 00000000 ____D C:\ProgramData\Service1291
2015-09-02 16:39 - 2015-09-06 05:25 - 00004186 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{392E4C4D-8C4C-496C-959A-ED3A09BD50F6}
2015-08-31 14:17 - 2015-08-31 14:17 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-08-31 11:24 - 2015-08-31 11:24 - 00000000 ____D C:\Windows\system32\SleepStudy
2015-08-31 11:16 - 2015-09-06 05:41 - 00005286 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for WIN-JB8A7APJU9F-gregtinder1988 WIN-JB8A7APJU9F
2015-08-30 21:39 - 2015-09-06 05:31 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-30 20:59 - 2015-08-30 20:59 - 00003338 _____ C:\Windows\System32\Tasks\psv_iztw4nzb
2015-08-30 20:33 - 2015-08-30 21:56 - 00003808 _____ C:\Windows\System32\Tasks\AutoKMS
2015-08-30 20:32 - 2015-09-06 06:40 - 00000000 ____D C:\Windows\Minidump
2015-08-30 19:45 - 2015-09-06 08:31 - 00000000 ____D C:\Users\gregtinder1988\AppData\Roaming\Panda Security
2015-08-30 19:43 - 2015-09-06 08:36 - 00000000 ____D C:\Program Files (x86)\Panda Security
2015-08-30 19:32 - 2015-09-06 08:33 - 00000000 ____D C:\ProgramData\Panda Security
2015-08-30 19:24 - 2015-08-30 20:00 - 00000000 ____D C:\Windows\AutoKMS
2015-08-30 19:06 - 2015-08-30 19:06 - 00000000 ____D C:\Users\gregtinder1988\AppData\Roaming\Mozilla
2015-08-30 19:05 - 2015-08-30 19:05 - 00002377 _____ C:\Windows\SysWOW64\findit.xml
2015-08-28 22:33 - 2015-09-06 08:55 - 00001064 _____ C:\Windows\Tasks\biQfrLT2d54u.job
2015-08-28 22:32 - 2015-08-28 22:32 - 00000000 ____D C:\Users\gregtinder1988\AppData\Roaming\Macromedia
2015-08-28 22:20 - 2015-08-30 21:41 - 00000000 ____D C:\Program Files\shopperz240820151333
2015-08-28 22:20 - 2015-08-20 10:46 - 00056736 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\cherimoya.sys
2015-08-28 22:18 - 2015-08-28 22:18 - 00000217 _____ C:\task.vbs
2015-08-28 21:37 - 2015-08-28 21:40 - 00030624 _____ C:\Windows\wininit.ini
2015-08-28 20:01 - 2015-08-28 20:01 - 00034720 _____ () C:\Windows\system32\Drivers\bsdriver.sys
2015-08-28 19:58 - 2015-08-28 22:20 - 00000045 _____ C:\user.js
2015-08-28 19:58 - 2015-08-28 19:58 - 00000000 ____D C:\Windows\system32\abis
2015-08-28 19:54 - 2015-08-28 19:54 - 04577024 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2015-08-28 19:54 - 2015-08-28 19:54 - 03271912 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2015-08-28 19:54 - 2015-08-28 19:54 - 02946304 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2015-08-28 19:54 - 2015-08-28 19:54 - 02711296 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2015-08-28 19:54 - 2015-08-28 19:54 - 01382240 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2015-08-28 19:54 - 2015-08-28 19:54 - 01331336 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2015-08-28 19:54 - 2015-08-28 19:54 - 00965032 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2015-08-28 19:54 - 2015-08-28 19:54 - 00873472 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2015-08-28 19:54 - 2015-08-28 19:54 - 00645456 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2015-08-28 19:54 - 2015-08-28 19:54 - 00532384 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2015-08-28 19:54 - 2015-08-28 19:54 - 00387320 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2015-08-28 19:54 - 2015-08-28 19:54 - 00343712 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2015-08-28 19:54 - 2015-08-28 19:54 - 00231920 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2015-08-28 19:54 - 2015-08-28 19:54 - 00221976 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2015-08-28 19:54 - 2015-08-28 19:54 - 00214840 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2015-08-28 19:54 - 2015-08-28 19:54 - 00209544 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2015-08-28 19:54 - 2015-08-28 19:54 - 00195192 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2015-08-28 19:54 - 2015-08-28 19:54 - 00171082 _____ C:\Windows\system32\Drivers\RTWAVES40.dat
2015-08-28 19:54 - 2015-08-28 19:54 - 00166208 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2015-08-28 19:54 - 2015-08-28 19:54 - 00158704 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2015-08-28 19:54 - 2015-08-28 19:54 - 00110992 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2015-08-28 19:54 - 2015-08-28 19:54 - 00090920 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2015-08-28 19:54 - 2015-08-28 19:54 - 00088352 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2015-08-28 19:54 - 2015-08-28 19:54 - 00088328 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2015-08-28 19:54 - 2015-08-28 19:54 - 00083632 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2015-08-28 19:54 - 2015-08-28 19:54 - 00075544 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2015-08-28 19:54 - 2015-08-28 19:54 - 00023704 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2015-08-28 19:54 - 2015-08-28 19:54 - 00006786 _____ C:\Windows\system32\Drivers\rtwavesEFX.dat
2015-08-28 19:54 - 2015-08-28 19:54 - 00002626 _____ C:\Windows\system32\Drivers\rtwavesMFX.dat
2015-08-28 19:54 - 2015-08-28 19:54 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2015-08-28 19:54 - 2015-08-28 19:54 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2015-08-28 19:54 - 2015-08-28 19:54 - 00000000 ____D C:\Program Files\Realtek
2015-08-28 19:53 - 2015-08-28 19:54 - 31085611 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2015-08-28 19:53 - 2015-08-28 19:53 - 72121872 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2015-08-28 19:53 - 2015-08-28 19:53 - 07172920 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2015-08-28 19:53 - 2015-08-28 19:53 - 07096192 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2015-08-28 19:53 - 2015-08-28 19:53 - 03232960 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2015-08-28 19:53 - 2015-08-28 19:53 - 02984208 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2015-08-28 19:53 - 2015-08-28 19:53 - 02050184 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2015-08-28 19:53 - 2015-08-28 19:53 - 01965816 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2015-08-28 19:53 - 2015-08-28 19:53 - 01780624 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2015-08-28 19:53 - 2015-08-28 19:53 - 01759488 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2015-08-28 19:53 - 2015-08-28 19:53 - 01591064 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2015-08-28 19:53 - 2015-08-28 19:53 - 01508936 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2015-08-28 19:53 - 2015-08-28 19:53 - 01164336 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
2015-08-28 19:53 - 2015-08-28 19:53 - 00743968 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2015-08-28 19:53 - 2015-08-28 19:53 - 00727440 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2015-08-28 19:53 - 2015-08-28 19:53 - 00708320 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2015-08-28 19:53 - 2015-08-28 19:53 - 00678192 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2015-08-28 19:53 - 2015-08-28 19:53 - 00677680 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2015-08-28 19:53 - 2015-08-28 19:53 - 00618192 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll
2015-08-28 19:53 - 2015-08-28 19:53 - 00574760 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2015-08-28 19:53 - 2015-08-28 19:53 - 00514528 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll
2015-08-28 19:53 - 2015-08-28 19:53 - 00504312 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2015-08-28 19:53 - 2015-08-28 19:53 - 00500560 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll
2015-08-28 19:53 - 2015-08-28 19:53 - 00447728 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2015-08-28 19:53 - 2015-08-28 19:53 - 00445408 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2015-08-28 19:53 - 2015-08-28 19:53 - 00441272 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2015-08-28 19:53 - 2015-08-28 19:53 - 00428232 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll
2015-08-28 19:53 - 2015-08-28 19:53 - 00330568 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2015-08-28 19:53 - 2015-08-28 19:53 - 00327464 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2015-08-28 19:53 - 2015-08-28 19:53 - 00321720 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2015-08-28 19:53 - 2015-08-28 19:53 - 00321720 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2015-08-28 19:53 - 2015-08-28 19:53 - 00272720 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2015-08-28 19:53 - 2015-08-28 19:53 - 00253904 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2015-08-28 19:53 - 2015-08-28 19:53 - 00253872 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2015-08-28 19:53 - 2015-08-28 19:53 - 00252880 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2015-08-28 19:53 - 2015-08-28 19:53 - 00151792 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2015-08-28 19:53 - 2015-08-28 19:53 - 00134208 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2015-08-28 19:53 - 2015-08-28 19:53 - 00122328 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2015-08-28 19:53 - 2015-08-28 19:53 - 00118600 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2015-08-28 19:53 - 2015-08-28 19:53 - 00084624 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2015-08-28 19:44 - 2015-08-28 19:44 - 00103424 _____ (Advanced Micro Devices) C:\Windows\system32\DelayAPO.dll
2015-08-28 19:44 - 2015-08-28 19:44 - 00102912 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\AtihdWT6.sys
2015-08-28 19:40 - 2015-08-31 13:35 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-08-28 19:40 - 2015-08-28 19:40 - 00001466 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-08-28 19:40 - 2015-08-28 19:40 - 00001454 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-08-28 19:40 - 2015-08-28 19:40 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2015-08-28 19:40 - 2015-08-28 19:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-08-28 19:40 - 2013-09-20 09:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-08-28 19:39 - 2015-08-28 20:00 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-08-28 19:17 - 2015-08-28 19:17 - 04325544 _____ (Qualcomm Atheros Communications, Inc.) C:\Windows\system32\Drivers\athw10x.sys
2015-08-28 19:03 - 2015-08-28 21:52 - 00000000 ____D C:\Users\gregtinder1988\AppData\Local\Unity
2015-08-28 19:03 - 2015-08-28 19:03 - 00000000 ____D C:\ppsfile
2015-08-28 19:02 - 2015-08-28 19:02 - 00000000 ____D C:\Users\Public\QiYi
2015-08-28 19:01 - 2015-09-06 06:34 - 00000000 ____D C:\AdwCleaner
2015-08-28 19:01 - 2015-07-10 12:00 - 00032200 _____ C:\Windows\Professional.xml
2015-08-28 19:00 - 2015-08-28 19:00 - 00000000 __SHD C:\Windows\BitLockerDiscoveryVolumeContents
2015-08-28 19:00 - 2015-08-28 17:10 - 00000000 ____D C:\Windows\CSC
2015-08-28 18:58 - 2015-09-06 06:40 - 00000000 ___DC C:\Windows\Panther
2015-08-28 18:58 - 2015-08-31 11:20 - 00000000 ____D C:\Windows.old
2015-08-28 18:57 - 2015-08-28 18:57 - 00008192 _____ C:\Windows\system32\config\userdiff
2015-08-28 18:51 - 2015-08-28 18:51 - 00000000 _____ C:\Windows\SysWOW64\Number of results
2015-08-28 18:50 - 2015-09-06 08:56 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2015-08-28 18:45 - 2015-08-28 19:20 - 00000000 ____D C:\Users\gregtinder1988\AppData\Roaming\Opera Software
2015-08-28 18:45 - 2015-08-28 19:20 - 00000000 ____D C:\Users\gregtinder1988\AppData\Local\Opera Software
2015-08-28 18:44 - 2015-08-28 18:44 - 00061037 _____ C:\Windows\SysWOW64\CCCInstall_201508281944179800.log
2015-08-28 18:43 - 2015-08-28 18:43 - 00000000 ____D C:\Users\gregtinder1988\AppData\Roaming\ATI
2015-08-28 18:43 - 2015-08-28 18:43 - 00000000 ____D C:\Users\gregtinder1988\AppData\Local\ATI
2015-08-28 18:42 - 2015-08-28 18:42 - 00000865 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-08-28 18:42 - 2015-08-28 18:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-08-28 18:42 - 2015-08-28 18:42 - 00000000 ____D C:\Program Files\CCleaner
2015-08-28 18:41 - 2015-08-28 18:42 - 00000000 ____D C:\ProgramData\IcyCarje
2015-08-28 18:39 - 2015-09-06 08:55 - 00001094 _____ C:\Windows\Tasks\iBRuGWM7XjibzYKtKtSHoczLgc0.job
2015-08-28 18:36 - 2015-08-30 19:59 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-08-28 18:34 - 2015-08-28 21:49 - 00000000 ____D C:\ProgramData\ToolsUpdatePlatform
2015-08-28 18:33 - 2015-08-30 21:41 - 00000000 ____D C:\Program Files (x86)\00000011-1440783194-0000-0000-BCEE7BB93103
2015-08-28 18:33 - 2015-08-28 18:33 - 00000000 ____D C:\Users\Public\Documents\Guid
2015-08-28 18:33 - 2015-07-10 12:02 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-08-28 18:32 - 2015-09-06 08:33 - 00000000 ____D C:\Program Files (x86)\00000011-1440783126-0000-0000-BCEE7BB93103
2015-08-28 18:32 - 2015-08-28 18:32 - 00000000 ____D C:\Users\Public\Documents\Baidu
2015-08-28 18:22 - 2015-08-28 18:22 - 00000000 ____D C:\Program Files\DIFX
2015-08-28 18:20 - 2015-08-28 18:20 - 00056944 _____ C:\Windows\system32\ASGCoInstaller_x64.dll
2015-08-28 18:20 - 2015-08-28 18:20 - 00000000 ____D C:\ProgramData\SetupTPDriver
2015-08-28 18:20 - 2015-08-28 18:20 - 00000000 ____D C:\Program Files (x86)\ASUS
2015-08-28 18:16 - 2015-09-06 10:29 - 00000938 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-28 18:16 - 2015-09-06 08:55 - 00000934 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-28 18:16 - 2015-09-05 21:54 - 00000000 ____D C:\Users\gregtinder1988\AppData\Roaming\vlc
2015-08-28 18:16 - 2015-08-28 18:20 - 00000000 ____D C:\Users\gregtinder1988\AppData\Local\Google
2015-08-28 18:16 - 2015-08-28 18:19 - 00000000 ____D C:\Program Files (x86)\Google
2015-08-28 18:16 - 2015-08-28 18:16 - 00001145 _____ C:\Users\Public\Desktop\VLC media player.lnk
2015-08-28 18:16 - 2015-08-28 18:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-08-28 18:15 - 2015-08-28 18:15 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2015-08-28 18:13 - 2015-08-28 18:13 - 00000000 ____D C:\Users\gregtinder1988\AppData\Local\PeerDistRepub
2015-08-28 18:12 - 2015-08-28 18:12 - 00000000 ____D C:\ProgramData\Microsoft Toolkit
2015-08-28 18:11 - 2015-08-28 18:11 - 00000000 ____D C:\ProgramData\AMD
2015-08-28 18:11 - 2015-08-28 18:11 - 00000000 ____D C:\Program Files\ATI Technologies
2015-08-28 18:10 - 2015-08-28 18:45 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2015-08-28 18:09 - 2015-08-28 18:09 - 00000000 ___HD C:\OneDriveTemp
2015-08-28 18:03 - 2015-08-28 18:55 - 00000000 ____D C:\ProgramData\Package Cache
2015-08-28 18:03 - 2015-08-28 18:03 - 00895256 _____ (Realtek ) C:\Windows\system32\Drivers\rt640x64.sys
2015-08-28 18:03 - 2015-08-28 18:03 - 00091272 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2015-08-28 18:02 - 2015-09-06 08:54 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2015-08-28 18:02 - 2015-08-28 18:02 - 00000000 _____ C:\Windows\ativpsrm.bin
2015-08-28 18:01 - 2015-08-28 18:01 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2015-08-28 18:01 - 2015-08-28 18:01 - 00000000 ____D C:\Program Files\AMD
2015-08-28 17:59 - 2015-08-28 17:59 - 47795680 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 39723504 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 30760944 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 27544560 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl12cl64.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 25308656 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 22328800 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl12cl.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 21632992 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2015-08-28 17:59 - 2015-08-28 17:59 - 15727072 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 14312416 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 12062040 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 10191264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 09191312 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdxc64.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 08979760 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 08865496 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 08009344 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 07575664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdxc32.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 07482560 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 06486000 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 05076976 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 03471376 _____ C:\Windows\SysWOW64\atiumdva.cap
2015-08-28 17:59 - 2015-08-28 17:59 - 03437632 _____ C:\Windows\system32\atiumd6a.cap
2015-08-28 17:59 - 2015-08-28 17:59 - 01468224 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 01257952 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 01213192 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 01196032 _____ C:\Windows\system32\amdocl_as64.exe
2015-08-28 17:59 - 2015-08-28 17:59 - 01070592 _____ C:\Windows\system32\amdocl_ld64.exe
2015-08-28 17:59 - 2015-08-28 17:59 - 01005552 _____ C:\Windows\SysWOW64\amdocl_as32.exe
2015-08-28 17:59 - 2015-08-28 17:59 - 00936928 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00936928 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00874480 _____ (AMD) C:\Windows\system32\coinst_15.20.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00833798 _____ C:\Windows\system32\amdicdxx.dat
2015-08-28 17:59 - 2015-08-28 17:59 - 00807424 _____ C:\Windows\SysWOW64\amdocl_ld32.exe
2015-08-28 17:59 - 2015-08-28 17:59 - 00737410 _____ C:\Windows\system32\atiicdxx.dat
2015-08-28 17:59 - 2015-08-28 17:59 - 00681456 _____ (AMD) C:\Windows\system32\atieclxx.exe
2015-08-28 17:59 - 2015-08-28 17:59 - 00675296 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2015-08-28 17:59 - 2015-08-28 17:59 - 00660928 _____ C:\Windows\SysWOW64\atiapfxx.blb
2015-08-28 17:59 - 2015-08-28 17:59 - 00660928 _____ C:\Windows\system32\atiapfxx.blb
2015-08-28 17:59 - 2015-08-28 17:59 - 00472832 _____ C:\Windows\system32\amdmiracast.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00452576 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00377312 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
2015-08-28 17:59 - 2015-08-28 17:59 - 00341488 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIODE.exe
2015-08-28 17:59 - 2015-08-28 17:59 - 00322868 _____ C:\Windows\system32\ativvaxy_vi.dat
2015-08-28 17:59 - 2015-08-28 17:59 - 00321200 _____ C:\Windows\system32\ativvaxy_vi_nd.dat
2015-08-28 17:59 - 2015-08-28 17:59 - 00256992 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2015-08-28 17:59 - 2015-08-28 17:59 - 00255808 _____ C:\Windows\system32\ativvaxy_cz_nd.dat
2015-08-28 17:59 - 2015-08-28 17:59 - 00250884 _____ C:\Windows\system32\ativvaxy_FJ.dat
2015-08-28 17:59 - 2015-08-28 17:59 - 00249088 _____ C:\Windows\system32\ativvaxy_FJ_nd.dat
2015-08-28 17:59 - 2015-08-28 17:59 - 00243696 _____ C:\Windows\system32\clinfo.exe
2015-08-28 17:59 - 2015-08-28 17:59 - 00234420 _____ C:\Windows\system32\ativvaxy_cik.dat
2015-08-28 17:59 - 2015-08-28 17:59 - 00232752 _____ C:\Windows\system32\ativvaxy_cik_nd.dat
2015-08-28 17:59 - 2015-08-28 17:59 - 00213488 _____ C:\Windows\system32\amdgfxinfo64.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00204952 _____ C:\Windows\SysWOW64\ativvsvl.dat
2015-08-28 17:59 - 2015-08-28 17:59 - 00204952 _____ C:\Windows\system32\ativvsvl.dat
2015-08-28 17:59 - 2015-08-28 17:59 - 00201184 _____ (AMD) C:\Windows\system32\atitmm64.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00198640 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00170464 _____ C:\Windows\system32\atieah64.exe
2015-08-28 17:59 - 2015-08-28 17:59 - 00169152 _____ C:\Windows\system32\ativce03.dat
2015-08-28 17:59 - 2015-08-28 17:59 - 00167456 _____ C:\Windows\system32\amde31a.dat
2015-08-28 17:59 - 2015-08-28 17:59 - 00165360 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00162240 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00157144 _____ C:\Windows\SysWOW64\ativvsva.dat
2015-08-28 17:59 - 2015-08-28 17:59 - 00157144 _____ C:\Windows\system32\ativvsva.dat
2015-08-28 17:59 - 2015-08-28 17:59 - 00153456 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdhcp64.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00152560 _____ C:\Windows\SysWOW64\atieah32.exe
2015-08-28 17:59 - 2015-08-28 17:59 - 00152032 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00143344 _____ C:\Windows\system32\amdhdl64.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00143048 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00140240 _____ C:\Windows\system32\samu_krnl_ci.sbin
2015-08-28 17:59 - 2015-08-28 17:59 - 00138832 _____ C:\Windows\system32\samu_krnl_isv_ci.sbin
2015-08-28 17:59 - 2015-08-28 17:59 - 00138384 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdhcp32.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00136176 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00132080 _____ C:\Windows\SysWOW64\amdhdl32.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00131592 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00122352 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00117600 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00113880 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00111832 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00111600 _____ C:\Windows\system32\hsa-thunk64.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00111088 _____ C:\Windows\SysWOW64\hsa-thunk.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00102384 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00100816 _____ C:\Windows\system32\ativce02.dat
2015-08-28 17:59 - 2015-08-28 17:59 - 00099296 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00095216 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00091104 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00089520 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00088000 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00085472 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00082680 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00081160 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00078320 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00078320 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00073712 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00071152 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00069600 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00064496 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00062432 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00061408 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIODCLI.exe
2015-08-28 17:59 - 2015-08-28 17:59 - 00059376 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00059360 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00052208 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00049632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00047664 _____ C:\Windows\system32\kapp_ci.sbin
2015-08-28 17:59 - 2015-08-28 17:59 - 00043408 _____ C:\Windows\system32\kapp_si.sbin
2015-08-28 17:59 - 2015-08-28 17:59 - 00039904 _____ (AMD) C:\Windows\system32\atimuixx.dll
  • 2015-08-28 17:59 - 2015-08-28 17:59 - 00012784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\detoured.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00012784 _____ (Microsoft Corporation) C:\Windows\system32\detoured.dll
2015-08-28 17:43 - 2015-08-28 17:43 - 00000000 _____ C:\Recovery.txt
2015-08-28 17:42 - 2015-08-28 18:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-08-28 17:41 - 2015-08-28 17:41 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2015-08-28 17:40 - 2015-08-28 17:40 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2015-08-28 17:38 - 2015-08-28 17:40 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2015-08-28 17:38 - 2015-08-28 17:38 - 00000000 ____D C:\Windows\PCHEALTH
2015-08-28 17:35 - 2015-08-28 17:35 - 00000000 ____D C:\Users\gregtinder1988\AppData\Local\NetworkTiles
2015-08-28 17:34 - 2015-08-28 17:36 - 00002367 _____ C:\Users\gregtinder1988\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-08-28 17:32 - 2015-08-28 17:52 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-28 17:32 - 2015-08-28 17:38 - 00000000 ____D C:\Program Files\Microsoft Office
2015-08-28 17:32 - 2015-08-28 17:32 - 00000000 ____D C:\Users\gregtinder1988\AppData\Local\Microsoft Help
2015-08-28 17:32 - 2015-08-28 17:32 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2015-08-28 17:32 - 2015-08-28 17:32 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-08-28 17:32 - 2015-08-28 17:32 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2015-08-28 17:30 - 2015-08-28 17:30 - 00027872 _____ (ASUS) C:\Windows\system32\Drivers\AsHIDSwitch64.sys
2015-08-28 17:29 - 2015-08-28 17:29 - 00000420 _____ C:\Users\gregtinder1988\Desktop\This PC - Shortcut.lnk
2015-08-28 17:27 - 2015-08-28 17:27 - 00000000 ____D C:\Users\gregtinder1988\AppData\Local\MicrosoftEdge
2015-08-28 17:27 - 2015-08-28 17:27 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2015-08-28 17:26 - 2015-08-28 17:28 - 00000000 ____D C:\Users\gregtinder1988\AppData\Local\Comms
2015-08-28 17:25 - 2015-08-28 17:47 - 00000000 ____D C:\Users\gregtinder1988\AppData\Local\PackageStaging
2015-08-28 17:23 - 2015-08-28 17:23 - 00000020 ___SH C:\Users\gregtinder1988\ntuser.ini
2015-08-28 17:23 - 2015-08-28 17:23 - 00000000 ____D C:\Users\gregtinder1988\AppData\Roaming\Adobe
2015-08-28 17:23 - 2015-08-28 17:23 - 00000000 ____D C:\Users\gregtinder1988\AppData\Local\VirtualStore
2015-08-28 17:23 - 2015-08-28 17:23 - 00000000 ____D C:\Users\gregtinder1988\AppData\Local\TileDataLayer
2015-08-28 17:18 - 2015-08-30 21:54 - 00830266 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-28 17:13 - 2015-08-28 17:13 - 00001833 _____ C:\Users\gregtinder1988\AppData\Local\Application.xml
2015-08-28 17:11 - 2015-09-06 06:27 - 00000000 ____D C:\Users\gregtinder1988
2015-08-28 17:11 - 2015-08-28 17:23 - 00000000 ___RD C:\Users\gregtinder1988\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-28 17:11 - 2015-08-28 17:13 - 00013338 _____ C:\Windows\diagwrn.xml
2015-08-28 17:11 - 2015-08-28 17:13 - 00013338 _____ C:\Windows\diagerr.xml
2015-08-28 17:11 - 2015-07-10 12:04 - 00000000 __RSD C:\Users\gregtinder1988\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-08-28 17:11 - 2015-07-10 12:04 - 00000000 ___RD C:\Users\gregtinder1988\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-28 17:11 - 2015-07-10 12:04 - 00000000 ___RD C:\Users\gregtinder1988\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-08-28 17:11 - 2015-07-10 12:04 - 00000000 ____D C:\Users\gregtinder1988\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-08-28 17:07 - 2015-07-10 11:59 - 02718208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2015-08-28 17:05 - 2015-08-28 17:05 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-08-28 17:04 - 2015-08-28 17:04 - 00000000 ____D C:\Windows\system32\config\bbimigrate
2015-08-28 15:45 - 2015-08-28 22:08 - 00000000 ___HD C:\$SysReset
2015-08-23 16:08 - 2015-08-23 16:08 - 00862664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr110.dll
2015-08-23 16:08 - 2015-08-23 16:08 - 00534480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp110.dll
2015-08-23 16:08 - 2015-08-23 16:08 - 00251864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vccorlib110.dll
2015-08-23 16:08 - 2015-08-23 16:08 - 00100776 _____ (ASUS Corporation) C:\Windows\system32\Drivers\AsusTP.sys
2015-08-09 09:32 - 2015-08-09 09:32 - 00289216 _____ (IvoSoft) C:\Windows\system32\StartMenuHelper64.dll
2015-08-09 09:32 - 2015-08-09 09:32 - 00247744 _____ (IvoSoft) C:\Windows\SysWOW64\StartMenuHelper32.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-06 10:34 - 2015-06-19 04:10 - 00000000 ____D C:\Users\gregtinder1988\Desktop\TV to watch
2015-09-06 09:56 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\system32\sru
2015-09-06 08:59 - 2015-07-10 11:55 - 00000000 ____D C:\Windows\CbsTemp
2015-09-06 08:55 - 2015-07-10 13:21 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-06 08:54 - 2015-07-10 10:05 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-09-06 08:36 - 2015-07-10 13:20 - 00341400 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-06 06:42 - 2015-07-10 12:04 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-09-05 18:19 - 2015-05-22 20:23 - 00060833 _____ C:\Users\gregtinder1988\Documents\Life Planner.xlsx
2015-09-02 16:47 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\AppReadiness
2015-09-02 16:43 - 2015-02-23 09:17 - 00000000 ____D C:\Users\gregtinder1988\AppData\Local\Packages
2015-08-30 19:08 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\appcompat
2015-08-28 19:58 - 2015-07-10 12:00 - 00680256 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2015-08-28 19:58 - 2015-07-10 12:00 - 00534064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2015-08-28 19:27 - 2015-07-10 12:04 - 00000269 _____ C:\Windows\win.ini
2015-08-28 19:01 - 2015-06-18 19:33 - 00000000 ____D C:\Recovery
2015-08-28 19:00 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\SysWOW64\en-GB
2015-08-28 19:00 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\system32\en-GB
2015-08-28 19:00 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\security
2015-08-28 19:00 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-08-28 18:59 - 2015-07-10 12:01 - 00577536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpprefcl.dll
2015-08-28 18:59 - 2015-07-10 12:01 - 00475648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrptadm.dll
2015-08-28 18:59 - 2015-07-10 12:01 - 00453120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AdmTmpl.dll
2015-08-28 18:59 - 2015-07-10 12:01 - 00372224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appmgr.dll
2015-08-28 18:59 - 2015-07-10 12:01 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PeerDistSh.dll
2015-08-28 18:59 - 2015-07-10 12:01 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SrpUxNativeSnapIn.dll
2015-08-28 18:59 - 2015-07-10 12:01 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppIdPolicyEngineApi.dll
2015-08-28 18:59 - 2015-07-10 12:01 - 00220672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AuditNativeSnapIn.dll
2015-08-28 18:59 - 2015-07-10 12:01 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PeerDist.dll
2015-08-28 18:59 - 2015-07-10 12:01 - 00165376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appmgmts.dll
2015-08-28 18:59 - 2015-07-10 12:01 - 00147439 _____ C:\Windows\SysWOW64\gpedit.msc
2015-08-28 18:59 - 2015-07-10 12:01 - 00096256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpolmsg.dll
2015-08-28 18:59 - 2015-07-10 12:01 - 00058368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AuditPolicyGPInterop.dll
2015-08-28 18:59 - 2015-07-10 12:01 - 00043566 _____ C:\Windows\SysWOW64\rsop.msc
2015-08-28 18:59 - 2015-07-10 12:01 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpscript.dll
2015-08-28 18:59 - 2015-07-10 12:01 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpscript.exe
2015-08-28 18:59 - 2015-07-10 12:00 - 01977856 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistSvc.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 01359872 _____ (Microsoft Corporation) C:\Windows\system32\srmclient.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00957440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srmclient.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00833536 _____ (Microsoft Corporation) C:\Windows\system32\pmcsnap.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00815104 _____ (Microsoft Corporation) C:\Windows\system32\fvewiz.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00785408 _____ (Microsoft Corporation) C:\Windows\system32\cscui.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00733184 _____ (Microsoft Corporation) C:\Windows\system32\cscsvc.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00682496 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistCacheProvider.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00677376 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\srmscan.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00567808 _____ (Microsoft Corporation) C:\Windows\system32\AdmTmpl.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00561152 _____ (Microsoft Corporation) C:\Windows\system32\scrptadm.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00544768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\csc.sys
2015-08-28 18:59 - 2015-07-10 12:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srmscan.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\appmgr.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00431104 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistSh.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\AppIdPolicyEngineApi.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00361472 _____ (Microsoft Corporation) C:\Windows\system32\bdechangepin.exe
2015-08-28 18:59 - 2015-07-10 12:00 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\fvecpl.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00314368 _____ (Microsoft Corporation) C:\Windows\system32\SrpUxNativeSnapIn.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\cscobj.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00286208 _____ (Microsoft Corporation) C:\Windows\system32\srmstormod.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00280064 _____ (Microsoft Corporation) C:\Windows\system32\srm.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srm.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00272384 _____ (Microsoft Corporation) C:\Windows\system32\ddputils.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00269824 _____ (Microsoft Corporation) C:\Windows\system32\ppcsnap.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\ddpchunk.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\tscfgwmi.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\AuditNativeSnapIn.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\PeerDist.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\PresentationSettings.exe
2015-08-28 18:59 - 2015-07-10 12:00 - 00214528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscobj.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srmstormod.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00200192 _____ (Microsoft Corporation) C:\Windows\system32\appmgmts.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistWSDDiscoProv.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00175616 _____ (Microsoft Corporation) C:\Windows\system32\srmshell.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistCleaner.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\fveprompt.exe
2015-08-28 18:59 - 2015-07-10 12:00 - 00147439 _____ C:\Windows\system32\gpedit.msc
2015-08-28 18:59 - 2015-07-10 12:00 - 00147296 _____ (Microsoft Corporation) C:\Windows\system32\CscMig.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00146389 _____ C:\Windows\system32\printmanagement.msc
2015-08-28 18:59 - 2015-07-10 12:00 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\ddptrace.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00137728 _____ (Microsoft Corporation) C:\Windows\system32\adrclient.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\BdeHdCfg.exe
2015-08-28 18:59 - 2015-07-10 12:00 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srmshell.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00120458 _____ C:\Windows\system32\secpol.msc
2015-08-28 18:59 - 2015-07-10 12:00 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\baaupdate.exe
2015-08-28 18:59 - 2015-07-10 12:00 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\BdeHdCfgLib.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00102912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adrclient.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\BitLockerWizardElev.exe
2015-08-28 18:59 - 2015-07-10 12:00 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\BitLockerWizard.exe
2015-08-28 18:59 - 2015-07-10 12:00 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\auditpolmsg.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srmlib.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\srmlib.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\srmtrace.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\AuditPolicyGPInterop.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\PrintBrmUi.exe
2015-08-28 18:59 - 2015-07-10 12:00 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srmtrace.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistHttpTrans.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\ddp_ps.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00052576 _____ (Microsoft Corporation) C:\Windows\system32\embeddedapplauncher.exe
2015-08-28 18:59 - 2015-07-10 12:00 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.exe
2015-08-28 18:59 - 2015-07-10 12:00 - 00043566 _____ C:\Windows\system32\rsop.msc
2015-08-28 18:59 - 2015-07-10 12:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistAD.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00041312 _____ (Microsoft Corporation) C:\Windows\system32\EmbeddedAppLauncherConfig.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\srm_ps.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\qwinsta.exe
2015-08-28 18:59 - 2015-07-10 12:00 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\qprocess.exe
2015-08-28 18:59 - 2015-07-10 12:00 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\msg.exe
2015-08-28 18:59 - 2015-07-10 12:00 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\quser.exe
2015-08-28 18:59 - 2015-07-10 12:00 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\chgport.exe
2015-08-28 18:59 - 2015-07-10 12:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\qappsrv.exe
2015-08-28 18:59 - 2015-07-10 12:00 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\tskill.exe
2015-08-28 18:59 - 2015-07-10 12:00 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\tsdiscon.exe
2015-08-28 18:59 - 2015-07-10 12:00 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\tscon.exe
2015-08-28 18:59 - 2015-07-10 12:00 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\rwinsta.exe
2015-08-28 18:59 - 2015-07-10 12:00 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\logoff.exe
2015-08-28 18:59 - 2015-07-10 12:00 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\chgusr.exe
2015-08-28 18:59 - 2015-07-10 12:00 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\chglogon.exe
2015-08-28 18:59 - 2015-07-10 12:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\reset.exe
2015-08-28 18:59 - 2015-07-10 12:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\change.exe
2015-08-28 18:59 - 2015-07-10 12:00 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srm_ps.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\query.exe
2015-08-28 18:59 - 2015-07-10 12:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\BdeSysprep.dll
2015-08-28 18:58 - 2015-07-10 12:04 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2015-08-28 18:19 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\system32\WinBioDatabase
2015-08-28 18:17 - 2015-02-23 09:20 - 00000000 ___RD C:\Users\gregtinder1988\OneDrive
2015-08-28 18:02 - 2015-02-23 12:16 - 00000000 ____D C:\AMD
2015-08-28 17:42 - 2015-07-10 17:29 - 00000000 ____D C:\Windows\ShellNew
2015-08-28 17:41 - 2015-07-10 12:04 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-08-28 17:34 - 2015-07-10 12:04 - 00000000 ____D C:\Program Files\Common Files\System
2015-08-28 17:32 - 2015-06-19 04:10 - 00000000 ___RD C:\Users\gregtinder1988\Desktop\Films to watch
2015-08-28 17:30 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\system32\restore
2015-08-28 17:25 - 2015-07-10 12:04 - 00000000 ___RD C:\Windows\PurchaseDialog
2015-08-28 17:24 - 2015-07-10 12:04 - 00000000 ___RD C:\Windows\PrintDialog
2015-08-28 17:24 - 2015-07-10 12:04 - 00000000 ___RD C:\Windows\MiracastView
2015-08-28 17:24 - 2015-07-10 12:04 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2015-08-28 17:18 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\rescache
2015-08-28 17:12 - 2015-07-10 12:04 - 00000000 __RHD C:\Users\Public\Libraries
2015-08-28 17:12 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\system32\Recovery
2015-08-28 17:09 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\system32\spool
2015-08-28 17:09 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-08-28 17:05 - 2015-07-10 10:05 - 00000000 ____D C:\Windows\system32\Sysprep
2015-08-28 17:02 - 2015-07-10 10:05 - 00000000 __RHD C:\Users\Default
2015-08-15 00:21 - 2014-10-26 22:38 - 00000000 ____D C:\Users\gregtinder1988\Documents\Personal
 
==================== Files in the root of some directories =======
 
2015-04-19 13:20 - 2015-04-19 13:20 - 0005872 _____ () C:\Users\gregtinder1988\AppData\Roaming\biQfrLT2d54u
2015-04-20 15:05 - 2015-04-20 15:05 - 1579520 _____ () C:\Users\gregtinder1988\AppData\Roaming\biQfrLT2d54u.exe
2015-04-19 13:20 - 2015-04-19 13:20 - 0005872 _____ () C:\Users\gregtinder1988\AppData\Roaming\iBRuGWM7XjibzYKtKtSHoczLgc0
2015-04-20 15:05 - 2015-04-20 15:05 - 1579520 _____ () C:\Users\gregtinder1988\AppData\Roaming\iBRuGWM7XjibzYKtKtSHoczLgc0.exe
2015-08-28 17:13 - 2015-08-28 17:13 - 0001833 _____ () C:\Users\gregtinder1988\AppData\Local\Application.xml
2015-09-02 17:11 - 2015-09-02 17:11 - 0613255 _____ (CMI Limited) C:\Users\gregtinder1988\AppData\Local\nsfD22.tmp
2015-08-28 18:43 - 2015-08-28 18:43 - 0000187 _____ () C:\Users\gregtinder1988\AppData\Local\Techitrax.exe.config
2015-08-28 19:54 - 2015-08-28 19:54 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\gregtinder1988\AppData\Local\Temp\DVQAF31.exe
C:\Users\gregtinder1988\AppData\Local\Temp\sqlite3.dll
C:\Users\gregtinder1988\AppData\Local\Temp\supoptsetup.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll
[2015-07-10 12:00] - [2015-08-28 19:58] - 0680256 ____A (Microsoft Corporation) D72F00D038CAF288009C8A7FC3BA2B11
 
C:\Windows\SysWOW64\dnsapi.dll
[2015-07-10 12:00] - [2015-08-28 19:58] - 0534064 ____A (Microsoft Corporation) 4111492514CD8085E67C844E9C9FD74D
 
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-08-28 17:02
 
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-09-2015
Ran by gregtinder1988 (2015-09-06 11:06:52)
Running from C:\Users\gregtinder1988\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1997882694-1096448110-3519574286-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1997882694-1096448110-3519574286-503 - Limited - Disabled)
gregtinder1988 (S-1-5-21-1997882694-1096448110-3519574286-1000 - Administrator - Enabled) => C:\Users\gregtinder1988
Guest (S-1-5-21-1997882694-1096448110-3519574286-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.5 - ASUS)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.03 - Piriform)
Classic Shell (HKLM\...\{E289B7DD-6732-4333-A47A-75A145D23EE3}) (Version: 4.2.4 - IvoSoft)
Free Alarm Clock 3.1.0 (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 3.1 - Comfort Software Group)
GamesDesktop 013.005010078 (HKLM-x32\...\gmsd_gb_005010078_is1) (Version:  - GAMESDESKTOP) <==== ATTENTION
globalupdate Helper (x32 Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7571 - Realtek Semiconductor Corp.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Super Optimizer v3.2 (HKLM-x32\...\Super Optimizer_is1) (Version: 3.2.0.1 - Super PC Tools ltd) <==== ATTENTION
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Driver Package - ASUS (ATP) Mouse  (06/17/2015 1.0.0.262) (HKLM\...\14588A15B66655338DBCC021FFA81E31DC281859) (Version: 06/17/2015 1.0.0.262 - ASUS)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1997882694-1096448110-3519574286-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1997882694-1096448110-3519574286-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\gregtinder1988\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1997882694-1096448110-3519574286-1000_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\gregtinder1988\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1997882694-1096448110-3519574286-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\gregtinder1988\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1997882694-1096448110-3519574286-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\gregtinder1988\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1997882694-1096448110-3519574286-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\gregtinder1988\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1997882694-1096448110-3519574286-1000_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\gregtinder1988\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1997882694-1096448110-3519574286-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\gregtinder1988\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1997882694-1096448110-3519574286-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\gregtinder1988\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1997882694-1096448110-3519574286-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\gregtinder1988\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1997882694-1096448110-3519574286-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\gregtinder1988\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points =========================
 
Could not list restore points
Check "winmgmt" service or repair WMI.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-07-10 12:04 - 2015-07-10 12:02 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {00EEBA9C-F9EF-4272-B793-C830FBADD359} - System32\Tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup => C:\Windows\system32\dstokenclean.exe [2015-07-10] (Microsoft Corporation)
Task: {0C70CE90-3408-4D1C-A07C-EC0236A51FC0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {0CCA7916-2916-4F12-BD32-1E3BE31E1269} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join => C:\Windows\System32\dsregcmd.exe [2015-07-10] (Microsoft Corporation)
Task: {19865544-CE08-40BE-8B8C-87C47681433D} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sihboot => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation)
Task: {24443E04-53F6-4C09-B2C0-B5FCEEA34340} - \RtHDVBg -> No File <==== ATTENTION
Task: {2650F76B-A804-45C4-83C0-83D5C320D9AA} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {3F6E048D-6404-433B-8F5F-CFF4D89BF89E} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Rundll32.exe generaltel.dll,RunTelemetryW
Task: {41160EA0-208B-4C3E-B4DB-805BBABC6B93} - System32\Tasks\Microsoft\Windows\Feedback\Siuf\DmClient => C:\Windows\system32\dmclient.exe [2015-07-10] (Microsoft Corporation)
Task: {44CDB481-981D-499E-AD08-92C575F12843} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {46083DF4-8B1C-40FD-9072-35FB777A32FC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {57B42E65-B233-4803-823B-4D2EC14D9E1A} - \biQfrLT2d54u -> No File <==== ATTENTION
Task: {585309DE-9383-4969-8689-3293B906CD5B} - System32\Tasks\psv_iztw4nzb => cmd.exe /c regedit.exe /s "C:\ProgramData\ExtTag\jo0pmnre.pby.reg" &amp; del "C:\ProgramData\ExtTag\jo0pmnre.pby.reg" &amp; SCHTASKS /Delete /TN "psv_iztw4nzb" /F
Task: {5AE2CA1F-ED8A-413F-B6F7-468C5D5E9D7F} - \RtHDVBg_ListenToDevice -> No File <==== ATTENTION
Task: {61B45923-6622-4BB7-B1A4-AF7879C9F3A6} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {6F5B45F0-7A64-4C8F-BFF9-73BE40701287} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {73551810-E5F4-433E-9494-0D00B55C855E} - System32\Tasks\Microsoft\Windows\Maps\MapsToastTask
Task: {78B77FA3-9D97-441D-97B6-68CEA40B4F74} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe generaltel.dll,RunTelemetry -maintenance
Task: {8DF84CB3-D8E0-4307-A35B-CA74E21786DB} - System32\Tasks\Microsoft\Windows\Clip\License Validation => C:\Windows\system32\ClipUp.exe [2015-07-10] (Microsoft Corporation)
Task: {A5B6CD85-1B57-49B9-BA80-5D5D65F02826} - System32\Tasks\Microsoft\Windows\AppID\EDP Policy Manager
Task: {A82DFC0C-9209-4A52-AED3-CB98073A52DF} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe [2015-08-30] ()
Task: {B03D56A2-2733-4D0F-86E1-ECCD1F26103A} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {B9DAD549-29AD-4D7A-9649-748AD211F0EC} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {BE38AD20-B46E-4CF2-9287-E96AAE398998} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {C56AFFD3-06B8-4A16-AF7E-F7A6EB3FAE9E} - System32\Tasks\Microsoft\Windows\TPM\Tpm-HASCertRetr
Task: {C5EE2EA2-5312-4D1F-B9D0-41B18DF31B78} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sih => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation)
Task: {C7A236B2-12E1-46DC-9501-3B1B0209CC09} - System32\Tasks\Microsoft\Windows\Location\WindowsActionDialog => C:\Windows\System32\WindowsActionDialog.exe [2015-07-10] (Microsoft Corporation)
Task: {CBED6E84-9AD7-494E-BC1C-7DE2B776EBEC} - System32\Tasks\Super Optimizer Schedule => C:\Program Files (x86)\Super Optimizer\SupOptLauncher.exe [2015-08-19] () <==== ATTENTION
Task: {CD0A9FA7-095F-422C-9747-DC0D24B1C3AA} - System32\Tasks\DDGCUAFQONYARCNQ => C:\ProgramData\Service1291\Service1291.exe [2015-09-02] () <==== ATTENTION
Task: {CE88BB54-C440-4891-AB36-3E9043F43367} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {D43210C1-7C66-4606-A0D0-B970D0F93FB5} - System32\Tasks\Microsoft Office 15 Sync Maintenance for WIN-JB8A7APJU9F-gregtinder1988 WIN-JB8A7APJU9F => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation)
Task: {DDC99E79-74AB-47A3-99DD-BAEA4AC78F60} - System32\Tasks\KGZON1 => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
Task: {E7AC45B6-41FA-493A-901B-228CDDCF7947} - \iBRuGWM7XjibzYKtKtSHoczLgc0 -> No File <==== ATTENTION
Task: {E7C6EA8D-8693-4239-A9C9-B6A60AC34F30} - \RTKCPL -> No File <==== ATTENTION
Task: {F25F03D9-D3B6-45E6-AE9C-A962B1E644CF} - \ASUS Smart Gesture Launcher -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\biQfrLT2d54u.job => C:\Users\gregtinder1988\AppData\Roaming\biQfrLT2d54u.exe <==== ATTENTION
Task: C:\Windows\Tasks\DDGCUAFQONYARCNQ.job => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\iBRuGWM7XjibzYKtKtSHoczLgc0.job => C:\Users\gregtinder1988\AppData\Roaming\iBRuGWM7XjibzYKtKtSHoczLgc0.exe <==== ATTENTION
Task: C:\Windows\Tasks\KGZON1.job => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-07-10 12:00 - 2015-07-10 12:00 - 00032768 _____ () C:\Windows\SYSTEM32\licensemanagerapi.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-08-03 14:59 - 2015-08-03 14:59 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2015-08-28 15:00 - 2015-08-28 15:00 - 01248768 _____ () C:\Program Files (x86)\00000011-1440783126-0000-0000-BCEE7BB93103\knswAB8B.tmpfs
2015-07-10 11:59 - 2015-07-10 11:59 - 00403968 _____ () C:\Windows\System32\diagtrack_wininternal.dll
2015-08-28 18:33 - 2015-08-28 18:33 - 00227328 _____ () C:\Program Files (x86)\00000011-1440783126-0000-0000-BCEE7BB93103\jnsg74CD.tmp
2015-08-28 18:33 - 2015-08-28 18:33 - 00137728 _____ () C:\Program Files (x86)\00000011-1440783126-0000-0000-BCEE7BB93103\hnskA5E1.tmp
2015-07-10 12:00 - 2015-07-10 12:00 - 02498296 _____ () C:\Windows\system32\CoreUIComponents.dll
2015-07-10 12:00 - 2015-07-10 12:00 - 02498296 _____ () C:\Windows\System32\CoreUIComponents.dll
2013-10-17 10:25 - 2013-10-17 10:25 - 08866472 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-07-10 11:59 - 2015-07-10 11:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-10 12:00 - 2015-07-10 17:28 - 06579712 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-07-10 12:00 - 2015-07-10 17:28 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-07-10 12:00 - 2015-07-10 17:28 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 12:00 - 2015-07-10 12:00 - 00215352 _____ () c:\windows\system32\WerEtw.dll
2015-08-28 19:39 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-08-28 19:39 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-08-28 19:39 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-08-28 19:39 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-08-28 19:39 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-08-28 19:39 - 2014-04-25 13:11 - 02972112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\NotificationSpreader.dll
2015-09-06 05:30 - 2015-08-28 01:17 - 01501512 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\libglesv2.dll
2015-09-06 05:30 - 2015-08-28 01:17 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\gregtinder1988\OneDrive:ms-properties
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TileDataModelSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1997882694-1096448110-3519574286-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\gregtinder1988\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\shantel-vansanten-27454-1366x768.jpg
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "gmsd_gb_005010074"
HKLM\...\StartupApproved\Run32: => "upgmsd_gb_005010074.exe"
HKLM\...\StartupApproved\Run32: => "IOPROTECT"
HKLM\...\StartupApproved\Run32: => "gmsd_gb_005010078"
HKU\S-1-5-21-1997882694-1096448110-3519574286-1000\...\StartupApproved\Run: => "Uninstall C:\Users\gregtinder1988\AppData\Local\Microsoft\OneDrive\17.3.5892.0626"
HKU\S-1-5-21-1997882694-1096448110-3519574286-1000\...\StartupApproved\Run: => "Uninstall C:\Users\gregtinder1988\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-1997882694-1096448110-3519574286-1000\...\StartupApproved\Run: => "apphide"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [{93767CF7-58DC-4FCE-AD9B-F4F07C127A14}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{7D5875B6-F254-452D-9732-6B8B677F5EED}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{F3731062-302E-46A8-A8B7-253C2256484C}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{87587780-5B34-4BEE-8A6E-E300E1FC66E8}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{C39D458C-60F0-496A-a783-FA7A390BAFA9}] => (Allow) C:\ProgramData\IcyCarje\gigoamaw.exe
FirewallRules: [{8A61ECC7-A2C0-43A8-A8DD-EA03743E79D9}] => (Allow) C:\ProgramData\IcyCarje\gigoamaw.exe
FirewallRules: [{327798A4-D9B5-4CBB-A8E2-2914C8ECC66F}] => (Allow) C:\ProgramData\IcyCarje\gigoamaw.exe
FirewallRules: [{71CC9D29-6A74-4B44-A823-4473291514EB}] => (Allow) C:\ProgramData\IcyCarje\gigoamaw.exe
FirewallRules: [{6A8AA82A-E580-4EE2-959E-F606C1E6ED54}] => (Allow) C:\ProgramData\IcyCarje\gigoamaw.exe
FirewallRules: [{EE085FBF-F6BA-4A9D-AEAB-B8FF2D130F65}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2CB29470-3A44-4A06-9154-E59A703357DD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C013BEB1-F4BC-4E16-9EF2-52E69E19FA6A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C57FAE14-8925-48C0-BE11-38B7C12824D0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{38525023-4724-4A01-BD48-EC141C23C34B}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{4A018204-19F0-4CA2-A241-F89285A1887E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Faulty Device Manager Devices =============
 
Could not list Devices. Check "winmgmt" service or repair WMI.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/06/2015 10:39:33 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program CCleaner64.exe version 4.3.0.4151 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 118c
 
Start Time: 01d0e886aa0fa6d7
 
Termination Time: 9914
 
Application Path: C:\Program Files\CCleaner\CCleaner64.exe
 
Report Id: 23762610-547b-11e5-9bf1-bcee7bb93103
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (09/06/2015 09:00:19 AM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (3556) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
Error: (09/06/2015 09:00:19 AM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (3556) An attempt to create the file "C:\Windows\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).
 
Error: (09/06/2015 09:00:09 AM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (3556) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
Error: (09/06/2015 09:00:09 AM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (3556) An attempt to create the file "C:\Windows\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).
 
Error: (09/06/2015 08:59:58 AM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (3556) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
Error: (09/06/2015 08:59:58 AM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (3556) An attempt to create the file "C:\Windows\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).
 
Error: (09/06/2015 08:59:48 AM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (3556) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
Error: (09/06/2015 08:59:48 AM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (3556) An attempt to create the file "C:\Windows\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).
 
Error: (09/06/2015 08:59:38 AM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (3556) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
 
System errors:
=============
Error: (09/06/2015 09:17:24 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Ozerkeyhold service terminated unexpectedly. It has done this 1 time(s).
 
Error: (09/06/2015 08:57:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Security Center service depends on the Windows Management Instrumentation service which failed to start because of the following error: 
%%1058
 
Error: (09/06/2015 08:55:11 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Spybot-S&D 2 Security Center Service service depends on the Security Center service which failed to start because of the following error: 
%%1068
 
Error: (09/06/2015 08:55:11 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Security Center service depends on the Windows Management Instrumentation service which failed to start because of the following error: 
%%1058
 
Error: (09/06/2015 08:55:10 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The IP Helper service depends on the Windows Management Instrumentation service which failed to start because of the following error: 
%%1058
 
Error: (09/06/2015 08:54:18 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (09/06/2015 08:54:18 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (09/06/2015 08:54:18 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (09/06/2015 08:54:18 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (09/06/2015 08:40:52 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Security Center service depends on the Windows Management Instrumentation service which failed to start because of the following error: 
%%1058
 
 
Microsoft Office:
=========================
Error: (09/06/2015 10:39:33 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: CCleaner64.exe4.3.0.4151118c01d0e886aa0fa6d79914C:\Program Files\CCleaner\CCleaner64.exe23762610-547b-11e5-9bf1-bcee7bb93103
 
Error: (09/06/2015 09:00:19 AM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost3556-1032
 
Error: (09/06/2015 09:00:19 AM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost3556C:\Windows\system32\edbtmp.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.
 
Error: (09/06/2015 09:00:09 AM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost3556-1032
 
Error: (09/06/2015 09:00:09 AM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost3556C:\Windows\system32\edbtmp.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.
 
Error: (09/06/2015 08:59:58 AM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost3556-1032
 
Error: (09/06/2015 08:59:58 AM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost3556C:\Windows\system32\edbtmp.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.
 
Error: (09/06/2015 08:59:48 AM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost3556-1032
 
Error: (09/06/2015 08:59:48 AM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost3556C:\Windows\system32\edbtmp.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.
 
Error: (09/06/2015 08:59:38 AM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost3556-1032
 
 
CodeIntegrity:
===================================
  Date: 2015-09-06 10:55:49.830
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-09-06 10:55:49.557
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: AMD A4-1200 APU with Radeon™ HD Graphics 
Percentage of memory in use: 70%
Total physical RAM: 3524.5 MB
Available physical RAM: 1052.02 MB
Total Virtual: 4164.5 MB
Available Virtual: 733.61 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:186.3 GB) (Free:65.02 GB) NTFS
Drive d: (Data) (Fixed) (Total:258.34 GB) (Free:46.3 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 0FE4DC0A)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


m

#2 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:07:38 PM

Posted 06 September 2015 - 06:21 AM

Hello and welcome to the Malware Removal Logs area :)

My name is Alexstrasza and I will assist you with your problem. You can call me Alex :)

Please allow me some time to look at your logs and I will be back with instructions.

#3 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:07:38 PM

Posted 08 September 2015 - 03:42 PM

Hello there,

Before we begin, there are a few things I want to make sure you know:
  • I am currently in training, so my responses might be delayed. I will generally reply within 48 hours - if this is not possible, I will let you know.
  • Please do not run any tools without being instructed to, as this makes my job much harder in trying to figure out what you have done.
  • Make sure to read my instructions fully before attempting a step.
  • If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
  • Please follow the topic by clicking on the Follow this topic button, and make sure a tick is in the receive notifications and is set to Instantly. Any replies should be made in this topic by clicking the Reply to this topic button.
  • Important information in my posts will often be in bold, make sure to take note of these.
  • I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. Please inform me if you need more time.
Shall we begin then?

===

:step1: Fix with Farbar Recovery Scan Tool
  • Please download the attached fixlist.txt and save it to your Desktop.
    Note: It's important that both FRST64.exe and fixlist.txt are in the same location or the fix will not work!
    WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system!
  • Run FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log named Fixlog.txt on the Desktop, please post it to your reply
===

:step2: Uninstalling Programs

Click the Start orb on the taskbar, and then click the Control Panel button.
  • If you use Category mode, click on Uninstall a Program.
  • If you use Icons mode, click on Program and Features.
A list of programs installed will be "populated" (this may take a bit of time).
If they exist, uninstall the following by clicking on the below entries and selecting Remove:

GamesDesktop 013.005010078
globalupdate Helper
Spybot - Search & Destroy
Super Optimizer v3.2


Additional instructions can be found here if needed.

If you run into any issues, please let me know.

To recap, in your next reply I will need the contents of fixlog.txt and confirmation that you have uninstalled the aforementioned applications.

Regards,
Alex

#4 gregafish

gregafish
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Location:norfolk engalnd
  • Local time:07:38 PM

Posted 08 September 2015 - 07:58 PM

Hi Alex,

 

Thank you for you help much appreciated. 

 

Fix log as follows:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:07-09-2015
Ran by gregtinder1988 (2015-09-09 01:29:44) Run:1
Running from C:\Users\gregtinder1988\Desktop
Loaded Profiles: gregtinder1988 (Available Profiles: gregtinder1988)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
globalupdate Helper (x32 Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION
*****************
 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}\\SystemComponent => value removed successfully
 
==== End of Fixlog 01:29:44 ====
 
Program's removed apart from games desktop, it seems to freeze during uninstall and starts a number of setup applications running in background. 
 
Thanks again
 
Greg


#5 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:07:38 PM

Posted 09 September 2015 - 11:25 AM

Hello Greg,

Let's try another way to remove the stubborn program.

:step1: Revo Uninstaller

Note: Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.
Note: If the program you want to uninstall is not listed by Revo, let me know and we will try an altenate method of removal.
  • Please download and install Revo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s), or anything similar, to remove it:
    GamesDesktop 013.005010078
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish
===

:step2: Enabling startup items
  • Press the Windows key + R to bring up the Run dialog box.
  • Type in taskmgr and press Enter.
  • Switch to Startup tab.
  • Select the following items and click Enable:
    gmsd_gb_005010074
    upgmsd_gb_005010074.exe
    IOPROTECT
    gmsd_gb_005010078
  • Close Task Manager when done.
===
 
:step3: AdwCleaner by Xplode

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on I agree button.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • DO NOT CLEAN ANYTHING! Removal will be done after analysis of the log.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[S#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
To recap, in your next reply I will need the following:
  • Whether you succeeded in removing GamesDesktop with Revo Uninstaller or not;
  • Confirmation that you have enabled the aforementioned startup items;
  • Contents of the scan log from AdwCleaner.
Regards,
Alex

#6 gregafish

gregafish
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Location:norfolk engalnd
  • Local time:07:38 PM

Posted 09 September 2015 - 07:37 PM

Hi Again Alex,

 

Games desktop removed although did install some tool bar on the desktop in the process.

None of the items you mentioned appear in the startup tab.

 

Thanks again

 

log from adware:

 

# AdwCleaner v5.005 - Logfile created 10/09/2015 at 01:31:34
# Updated 31/08/2015 by Xplode
# Database : 2015-09-08.2 [Server]
# Operating system : Windows 10 Pro  (x64)
# Username : gregtinder1988 - WIN-JB8A7APJU9F
# Running from : C:\Users\gregtinder1988\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
Service Found : bsdriver
Service Found : wbsvc
Service Found : ppfd_vw_1_10_0_24
Service Found : ppsvc_1.10.0.24
 
***** [ Folders ] *****
 
Folder Found : C:\Program Files\WebBar
Folder Found : C:\Program Files\NixSrv
Folder Found : C:\Program Files (x86)\predm
Folder Found : C:\Program Files (x86)\PhraseProfessor_1.10.0.24
Folder Found : C:\ProgramData\InstallSightSDK
Folder Found : C:\Users\gregtinder1988\AppData\Local\WebBar
 
***** [ Files ] *****
 
File Found : C:\Users\gregtinder1988\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage
File Found : C:\Users\gregtinder1988\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage-journal
File Found : C:\Windows\Sysnative\drivers\bsdriver.sys
File Found : C:\Windows\Sysnative\drivers\cherimoya.sys
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
Task Found : WebBarLaunchTask
Task Found : WebBarUpdateTask
Task Found : PhraseProfessor Auto Updater 1.10.0.24 Core
Task Found : PhraseProfessor Auto Updater 1.10.0.24 Pending Update
 
***** [ Registry ] *****
 
Key Found : HKU\.DEFAULT\Software\{9A1539FD-88FC-46C6-8B92-E6DF763A8168}
Key Found : HKCU\Software\Super Optimizer
Key Found : HKCU\Software\DAILYPCCLEAN
Key Found : HKCU\Software\{9A1539FD-88FC-46C6-8B92-E6DF763A8168}
Key Found : HKCU\Software\OB
Key Found : HKLM\SOFTWARE\PhraseProfessor_1.10.0.24
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PhraseProfessor_1.10.0.24
Key Found : [x64] HKCU\Software\Super Optimizer
Key Found : [x64] HKCU\Software\DAILYPCCLEAN
Key Found : [x64] HKCU\Software\{9A1539FD-88FC-46C6-8B92-E6DF763A8168}
Key Found : [x64] HKCU\Software\OB
Key Found : [x64] HKLM\SOFTWARE\WebBar
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0BCE8B0A-1E76-44E5-9909-3CF804D92E4D}_is1
Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll C:\ProgramData\FlashBeat\FlashBeat32.dll C:\ProgramData\ExtTag\Rundom.dll
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll C:\ProgramData\FlashBeat\FlashBeat64.dll C:\ProgramData\ExtTag\Tempfax.dll
 
***** [ Web browsers ] *****
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S16].txt - [2841 bytes] ##########


#7 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:07:38 PM

Posted 10 September 2015 - 11:26 AM

Hi Greg,

AdwCleaner - Scan & Clean

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

===

Please create a new set of FRST logs for me - remember to checkmark Addition.txt!

To recap, in your next reply I will need the contents of the cleaning log from AdwCleaner and a new set of FRST logs (FRST.txt and Addition.txt).

Regards,
Alex 



#8 gregafish

gregafish
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Location:norfolk engalnd
  • Local time:07:38 PM

Posted 10 September 2015 - 07:28 PM

# AdwCleaner v5.007 - Logfile created 11/09/2015 at 01:21:54
# Updated 08/09/2015 by Xplode
# Database : 2015-09-10.1 [Server]
# Operating system : Windows 10 Pro  (x64)
# Username : gregtinder1988 - WIN-JB8A7APJU9F
# Running from : C:\Users\gregtinder1988\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
[-] Service Deleted : bsdriver
[-] Service Deleted : wbsvc
[-] Service Deleted : cocokuse
[-] Service Deleted : jimocoso
[-] Service Deleted : totyseku
[-] Service Deleted : ppfd_vw_1_10_0_24
[-] Service Deleted : ppsvc_1.10.0.24
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files\WebBar
[-] Folder Deleted : C:\Program Files\NixSrv
[#] Folder Deleted : C:\Program Files\shopperz240820151333
[-] Folder Deleted : C:\Program Files (x86)\predm
[-] Folder Deleted : C:\Program Files (x86)\00000011-1440783126-0000-0000-BCEE7BB93103
[-] Folder Deleted : C:\Program Files (x86)\00000011-1440783194-0000-0000-BCEE7BB93103
[-] Folder Deleted : C:\Program Files (x86)\PhraseProfessor_1.10.0.24
[-] Folder Deleted : C:\ProgramData\InstallSightSDK
[-] Folder Deleted : C:\Users\gregtinder1988\AppData\Local\WebBar
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\gregtinder1988\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage
[-] File Deleted : C:\Users\gregtinder1988\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage-journal
[-] File Deleted : C:\Users\gregtinder1988\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.boostsaves.com_0.localstorage
[-] File Deleted : C:\Users\gregtinder1988\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.boostsaves.com_0.localstorage-journal
[-] File Deleted : C:\Users\gregtinder1988\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage
[-] File Deleted : C:\Users\gregtinder1988\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage-journal
[-] File Deleted : C:\Windows\Sysnative\drivers\bsdriver.sys
[-] File Deleted : C:\Windows\Sysnative\drivers\cherimoya.sys
[-] File Deleted : C:\Windows\Sysnative\drivers\ppfd_vt_1_10_0_24.sys
[-] File Deleted : C:\Windows\Sysnative\drivers\ppfd_vw_1_10_0_24.sys
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
[-] Task Deleted : WebBarLaunchTask
[-] Task Deleted : WebBarUpdateTask
[-] Task Deleted : PhraseProfessor Auto Updater 1.10.0.24 Core
[-] Task Deleted : PhraseProfessor Auto Updater 1.10.0.24 Pending Update
 
***** [ Registry ] *****
 
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [gmsd_gb_005010074]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [gmsd_gb_005010078]
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{159CD053-7D38-499A-856D-18C4BDC9D244}
[-] Key Deleted : HKU\.DEFAULT\Software\{9A1539FD-88FC-46C6-8B92-E6DF763A8168}
[!] Key Not Deleted : HKU\.DEFAULT\Software\{9A1539FD-88FC-46C6-8B92-E6DF763A8168}
[-] Key Deleted : HKCU\Software\Super Optimizer
[-] Key Deleted : HKCU\Software\DAILYPCCLEAN
[-] Key Deleted : HKCU\Software\{9A1539FD-88FC-46C6-8B92-E6DF763A8168}
[-] Key Deleted : HKCU\Software\OB
[!] Key Not Deleted : HKCU\Software\{9A1539FD-88FC-46C6-8B92-E6DF763A8168}
[-] Key Deleted : HKLM\SOFTWARE\PhraseProfessor_1.10.0.24
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PhraseProfessor_1.10.0.24
[!] Key Not Deleted : [x64] HKCU\Software\Super Optimizer
[!] Key Not Deleted : [x64] HKCU\Software\DAILYPCCLEAN
[!] Key Not Deleted : [x64] HKCU\Software\{9A1539FD-88FC-46C6-8B92-E6DF763A8168}
[!] Key Not Deleted : [x64] HKCU\Software\OB
[!] Key Not Deleted : [x64] HKCU\Software\{9A1539FD-88FC-46C6-8B92-E6DF763A8168}
[-] Key Deleted : [x64] HKLM\SOFTWARE\WebBar
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0BCE8B0A-1E76-44E5-9909-3CF804D92E4D}_is1
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs]
 
***** [ Web browsers ] *****
 
 
*************************
 
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C9].txt - [4442 bytes] ##########


#9 gregafish

gregafish
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Location:norfolk engalnd
  • Local time:07:38 PM

Posted 10 September 2015 - 07:37 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-09-2015 01
Ran by gregtinder1988 (administrator) on WIN-JB8A7APJU9F (11-09-2015 01:30:30)
Running from C:\Users\gregtinder1988\Desktop
Loaded Profiles: gregtinder1988 (Available Profiles: gregtinder1988)
Platform: Windows 10 Pro (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Microsoft Corporation) C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10240.16464_none_116100d161f6ab1d\TiWorker.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161728 2015-08-09] (IvoSoft)
HKU\S-1-5-21-1997882694-1096448110-3519574286-1000\...\RunOnce: [Uninstall C:\Users\gregtinder1988\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\gregtinder1988\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-1997882694-1096448110-3519574286-1000\...\RunOnce: [Uninstall C:\Users\gregtinder1988\AppData\Local\Microsoft\OneDrive\17.3.5892.0626] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\gregtinder1988\AppData\Local\Microsoft\OneDrive\17.3.5892.0626"
AppInit_DLLs: C:\ProgramData\ExtTag\Tempfax.dll => No File
AppInit_DLLs-x32: C:\ProgramData\ExtTag\Rundom.dll => No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09] (IvoSoft)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicyScripts: Group Policy detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{be285ae5-0c11-431d-90f2-d0c51a7b3f43}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{be285ae5-0c11-431d-90f2-d0c51a7b3f43}: [DhcpNameServer] 8.8.8.8
 
Internet Explorer:
==================
HKU\S-1-5-21-1997882694-1096448110-3519574286-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByQRrdKFhHaQC0VZxEnkH8bvc85UNNFpMPINzVs57abe4eWCByQOjar1taAu919hXRXi1wG3o7d08f6lBNd3OoQVW2_NqjEG5CFvvTIELLhT0_8M52C37qYduojlio-VC409JDuRCjqxypVEoZwRkz9GqtpSG&q={searchTerms}
HKU\S-1-5-21-1997882694-1096448110-3519574286-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_ByQRrdKFhHaQC0VZxEnkH8bvc85UNNFpMPINzVs57abe4eWCByQOjar1taAu919hXRXi1wG3o7d08f6lBNd3OoQVW2_NqjEG5CFvvTIELLhT0_8M52C37qYduojlio-VC409JDuRCjqxypVEoZwRkz9GqtpSG&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2013-11-15] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09] (IvoSoft)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2013-11-02] (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2015-08-09] (IvoSoft)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2013-11-15] (Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09] (IvoSoft)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2013-11-02] (Microsoft Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2015-08-09] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09] (IvoSoft)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @iqiyi.com/npclient -> C:\IQIYI Video\LStyle\npclient.dll [No File]
FF Plugin: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [No File]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2013-11-15] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-28] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2013-11-15] (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [{0420BEC0-F2C1-4578-8F19-471B9E5C63A5}] - C:\Program Files\shopperz240820151333\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{0420BEC0-F2C1-4578-8F19-471B9E5C63A5}] - C:\Program Files\shopperz240820151333\Firefox
 
Chrome: 
=======
CHR Profile: C:\Users\gregtinder1988\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\gregtinder1988\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-28]
CHR Extension: (Google Drive) - C:\Users\gregtinder1988\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-28]
CHR Extension: (YouTube) - C:\Users\gregtinder1988\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-28]
CHR Extension: (Google Search) - C:\Users\gregtinder1988\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-28]
CHR Extension: (Google Docs Offline) - C:\Users\gregtinder1988\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-06]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\gregtinder1988\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\gregtinder1988\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-28]
CHR Extension: (Gmail) - C:\Users\gregtinder1988\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-28]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-03] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4325544 2015-08-28] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-08-28] (Advanced Micro Devices)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [100776 2015-08-23] (ASUS Corporation)
R1 bsdriver; C:\WINDOWS\system32\drivers\bsdriver.sys [34720 2015-08-28] ()
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [895256 2015-08-28] (Realtek                                            )
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
S1 {f4cb9340-0dd7-4463-b9a3-827f5fa2a8ee}Gw64; system32\drivers\{f4cb9340-0dd7-4463-b9a3-827f5fa2a8ee}Gw64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-11 01:30 - 2015-09-11 01:31 - 00012614 _____ C:\Users\gregtinder1988\Desktop\FRST.txt
2015-09-11 01:30 - 2015-09-11 01:30 - 00000000 ____D C:\Users\gregtinder1988\Desktop\FRST-OlderVersion
2015-09-11 01:24 - 2015-09-11 01:24 - 00016148 _____ C:\Windows\system32\WIN-JB8A7APJU9F_gregtinder1988_HistoryPrediction.bin
2015-09-11 01:16 - 2015-09-11 01:17 - 01660416 _____ C:\Users\gregtinder1988\Desktop\AdwCleaner.exe
2015-09-10 01:14 - 2015-09-10 01:14 - 00001343 _____ C:\Users\gregtinder1988\Desktop\Revo Uninstaller.lnk
2015-09-10 01:13 - 2015-09-10 01:13 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-09-10 01:12 - 2015-09-10 01:12 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\gregtinder1988\Downloads\revosetup.exe
2015-09-09 02:06 - 2015-09-09 02:16 - 00000390 _____ C:\Users\gregtinder1988\Documents\ToDo.txt
2015-09-09 01:30 - 2015-09-09 01:30 - 00000000 ____D C:\Windows\system32\appmgmt
2015-09-09 01:28 - 2015-09-11 01:30 - 02190848 _____ (Farbar) C:\Users\gregtinder1988\Desktop\FRST64.exe
2015-09-08 21:52 - 2015-09-08 21:52 - 00000464 _____ C:\9B6E.tmp
2015-09-08 19:52 - 2015-09-08 19:52 - 00000464 _____ C:\B882.tmp
2015-09-08 19:43 - 2015-09-08 19:48 - 00000000 ____D C:\Windows\system32\MRT
2015-09-08 19:43 - 2015-07-28 10:59 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-09-08 17:52 - 2015-09-08 17:52 - 00000464 _____ C:\D6DD.tmp
2015-09-08 15:52 - 2015-09-08 15:52 - 00000464 _____ C:\F6BF.tmp
2015-09-08 13:52 - 2015-09-08 13:52 - 00000464 _____ C:\15E6.tmp
2015-09-08 11:52 - 2015-09-08 11:52 - 00000464 _____ C:\34CE.tmp
2015-09-08 09:52 - 2015-09-08 09:52 - 00000464 _____ C:\53E5.tmp
2015-09-08 07:37 - 2015-07-05 11:08 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-09-07 17:10 - 2015-09-07 17:10 - 00000000 ____H C:\Users\gregtinder1988\AppData\Local\BIT71C6.tmp
2015-09-07 17:10 - 2015-09-07 17:10 - 00000000 _____ C:\Users\gregtinder1988\AppData\Local\{F5E6B930-0A31-4080-B830-54755D8BF0C5}
2015-09-06 10:36 - 2015-09-11 01:30 - 00000000 ____D C:\FRST
2015-09-06 09:56 - 2015-09-06 09:56 - 00000000 ____D C:\Windows\system32\Drivers\some folder
2015-09-06 08:36 - 2015-09-11 01:23 - 00004878 _____ C:\Windows\PFRO.log
2015-09-06 08:21 - 2015-09-06 08:21 - 00000405 _____ C:\Users\gregtinder1988\AppData\Roaming\Microsoft\Windows\Start Menu\Control Panel.lnk
2015-09-06 08:08 - 2015-09-11 01:26 - 00000000 ____D C:\Users\gregtinder1988\AppData\Local\ClassicShell
2015-09-06 08:08 - 2015-09-06 08:08 - 00000000 ____D C:\ProgramData\ClassicShell
2015-09-06 08:08 - 2015-09-06 08:06 - 00002140 _____ C:\Users\gregtinder1988\AppData\Roaming\Microsoft\Windows\Start Menu\startscreen.lnk
2015-09-06 08:06 - 2015-09-06 08:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
2015-09-06 08:06 - 2015-09-06 08:06 - 00000000 ____D C:\Program Files\Classic Shell
2015-09-06 06:45 - 2015-09-11 01:25 - 00000275 _____ C:\Windows\WindowsUpdate.log
2015-09-06 05:27 - 2015-09-06 05:43 - 00000000 ____D C:\Users\gregtinder1988\AppData\Roaming\Apple Computer
2015-09-06 05:27 - 2015-09-06 05:27 - 00001824 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-09-06 05:27 - 2015-09-06 05:27 - 00000000 ____D C:\Users\gregtinder1988\AppData\Local\Apple Computer
2015-09-06 05:27 - 2015-09-06 05:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-09-06 05:27 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2015-09-06 05:26 - 2015-09-06 05:27 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-09-06 05:26 - 2015-09-06 05:27 - 00000000 ____D C:\Program Files\iTunes
2015-09-06 05:26 - 2015-09-06 05:26 - 00000000 ____D C:\ProgramData\Apple Computer
2015-09-06 05:26 - 2015-09-06 05:26 - 00000000 ____D C:\Program Files\iPod
2015-09-06 05:26 - 2015-09-06 05:26 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-09-06 05:25 - 2015-09-06 05:25 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-09-06 05:25 - 2015-09-06 05:25 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2015-09-06 05:25 - 2015-09-06 05:25 - 00000000 ____D C:\Users\gregtinder1988\AppData\Local\Apple
2015-09-06 05:25 - 2015-09-06 05:25 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-09-06 05:24 - 2015-09-06 05:24 - 00000000 ____D C:\Program Files\Bonjour
2015-09-06 05:24 - 2015-09-06 05:24 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-09-06 05:23 - 2015-09-06 05:26 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-09-06 05:22 - 2015-09-06 05:25 - 00000000 ____D C:\ProgramData\Apple
2015-09-05 21:35 - 2015-09-05 21:35 - 00001154 _____ C:\Users\gregtinder1988\Desktop\Free Alarm Clock.lnk
2015-09-05 21:35 - 2015-09-05 21:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Alarm Clock
2015-09-05 21:34 - 2015-09-05 21:35 - 00000000 ____D C:\Program Files (x86)\FreeAlarmClock
2015-09-02 17:11 - 2015-09-02 17:11 - 00613255 _____ (CMI Limited) C:\Users\gregtinder1988\AppData\Local\nsfD22.tmp
2015-09-02 17:07 - 2015-09-02 17:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-09-02 17:03 - 2015-09-11 01:24 - 00000392 ____H C:\Windows\Tasks\DDGCUAFQONYARCNQ.job
2015-09-02 17:03 - 2015-09-11 01:24 - 00000380 _____ C:\Windows\Tasks\KGZON1.job
2015-09-02 17:03 - 2015-09-02 17:03 - 00003486 _____ C:\Windows\System32\Tasks\DDGCUAFQONYARCNQ
2015-09-02 17:03 - 2015-09-02 17:03 - 00002942 _____ C:\Windows\System32\Tasks\KGZON1
2015-09-02 17:03 - 2015-09-02 17:03 - 00000000 ____D C:\ProgramData\Service1291
2015-09-02 16:48 - 2015-07-22 04:52 - 00988672 _____ (Microsoft Corporation) C:\Windows\system32\RDXService.dll
2015-09-02 16:43 - 2015-08-19 05:50 - 00609592 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-09-02 16:43 - 2015-07-25 07:29 - 04532304 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2015-09-02 16:43 - 2015-07-25 05:54 - 04047288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2015-09-02 16:39 - 2015-09-11 01:27 - 00004186 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{392E4C4D-8C4C-496C-959A-ED3A09BD50F6}
2015-08-31 14:17 - 2015-08-31 14:17 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-08-31 11:24 - 2015-08-31 11:24 - 00000000 ____D C:\Windows\system32\SleepStudy
2015-08-31 11:16 - 2015-09-09 13:24 - 00005286 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for WIN-JB8A7APJU9F-gregtinder1988 WIN-JB8A7APJU9F
2015-08-30 21:39 - 2015-09-06 05:31 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-30 20:59 - 2015-08-30 20:59 - 00003338 _____ C:\Windows\System32\Tasks\psv_iztw4nzb
2015-08-30 20:33 - 2015-08-30 21:56 - 00003808 _____ C:\Windows\System32\Tasks\AutoKMS
2015-08-30 20:32 - 2015-09-06 06:40 - 00000000 ____D C:\Windows\Minidump
2015-08-30 19:45 - 2015-09-06 08:31 - 00000000 ____D C:\Users\gregtinder1988\AppData\Roaming\Panda Security
2015-08-30 19:43 - 2015-09-06 08:36 - 00000000 ____D C:\Program Files (x86)\Panda Security
2015-08-30 19:32 - 2015-09-06 08:33 - 00000000 ____D C:\ProgramData\Panda Security
2015-08-30 19:24 - 2015-08-30 20:00 - 00000000 ____D C:\Windows\AutoKMS
2015-08-30 19:06 - 2015-08-30 19:06 - 00000000 ____D C:\Users\gregtinder1988\AppData\Roaming\Mozilla
2015-08-30 19:05 - 2015-08-30 19:05 - 00002377 _____ C:\Windows\SysWOW64\findit.xml
2015-08-28 22:33 - 2015-09-11 01:24 - 00001064 _____ C:\Windows\Tasks\biQfrLT2d54u.job
2015-08-28 22:32 - 2015-08-28 22:32 - 00000000 ____D C:\Users\gregtinder1988\AppData\Roaming\Macromedia
2015-08-28 22:20 - 2015-09-11 01:21 - 00000000 ____D C:\Program Files\shopperz240820151333
2015-08-28 22:20 - 2015-08-20 10:46 - 00056736 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\cherimoya.sys
2015-08-28 22:18 - 2015-08-28 22:18 - 00000217 _____ C:\task.vbs
2015-08-28 21:37 - 2015-09-09 01:39 - 00030674 _____ C:\Windows\wininit.ini
2015-08-28 20:01 - 2015-08-28 20:01 - 00034720 _____ () C:\Windows\system32\Drivers\bsdriver.sys
2015-08-28 19:58 - 2015-08-28 22:20 - 00000045 _____ C:\user.js
2015-08-28 19:58 - 2015-08-28 19:58 - 00000000 ____D C:\Windows\system32\abis
2015-08-28 19:54 - 2015-08-28 19:54 - 04577024 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2015-08-28 19:54 - 2015-08-28 19:54 - 03271912 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2015-08-28 19:54 - 2015-08-28 19:54 - 02946304 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2015-08-28 19:54 - 2015-08-28 19:54 - 02711296 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2015-08-28 19:54 - 2015-08-28 19:54 - 01382240 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2015-08-28 19:54 - 2015-08-28 19:54 - 01331336 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2015-08-28 19:54 - 2015-08-28 19:54 - 00965032 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2015-08-28 19:54 - 2015-08-28 19:54 - 00873472 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2015-08-28 19:54 - 2015-08-28 19:54 - 00645456 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2015-08-28 19:54 - 2015-08-28 19:54 - 00532384 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2015-08-28 19:54 - 2015-08-28 19:54 - 00387320 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2015-08-28 19:54 - 2015-08-28 19:54 - 00343712 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2015-08-28 19:54 - 2015-08-28 19:54 - 00231920 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2015-08-28 19:54 - 2015-08-28 19:54 - 00221976 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2015-08-28 19:54 - 2015-08-28 19:54 - 00214840 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2015-08-28 19:54 - 2015-08-28 19:54 - 00209544 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2015-08-28 19:54 - 2015-08-28 19:54 - 00195192 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2015-08-28 19:54 - 2015-08-28 19:54 - 00171082 _____ C:\Windows\system32\Drivers\RTWAVES40.dat
2015-08-28 19:54 - 2015-08-28 19:54 - 00166208 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2015-08-28 19:54 - 2015-08-28 19:54 - 00158704 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2015-08-28 19:54 - 2015-08-28 19:54 - 00110992 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2015-08-28 19:54 - 2015-08-28 19:54 - 00090920 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2015-08-28 19:54 - 2015-08-28 19:54 - 00088352 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2015-08-28 19:54 - 2015-08-28 19:54 - 00088328 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2015-08-28 19:54 - 2015-08-28 19:54 - 00083632 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2015-08-28 19:54 - 2015-08-28 19:54 - 00075544 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2015-08-28 19:54 - 2015-08-28 19:54 - 00023704 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2015-08-28 19:54 - 2015-08-28 19:54 - 00006786 _____ C:\Windows\system32\Drivers\rtwavesEFX.dat
2015-08-28 19:54 - 2015-08-28 19:54 - 00002626 _____ C:\Windows\system32\Drivers\rtwavesMFX.dat
2015-08-28 19:54 - 2015-08-28 19:54 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2015-08-28 19:54 - 2015-08-28 19:54 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2015-08-28 19:54 - 2015-08-28 19:54 - 00000000 ____D C:\Program Files\Realtek
2015-08-28 19:53 - 2015-08-28 19:54 - 31085611 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2015-08-28 19:53 - 2015-08-28 19:53 - 72121872 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2015-08-28 19:53 - 2015-08-28 19:53 - 07172920 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2015-08-28 19:53 - 2015-08-28 19:53 - 07096192 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2015-08-28 19:53 - 2015-08-28 19:53 - 03232960 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2015-08-28 19:53 - 2015-08-28 19:53 - 02984208 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2015-08-28 19:53 - 2015-08-28 19:53 - 02050184 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2015-08-28 19:53 - 2015-08-28 19:53 - 01965816 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2015-08-28 19:53 - 2015-08-28 19:53 - 01780624 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2015-08-28 19:53 - 2015-08-28 19:53 - 01759488 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2015-08-28 19:53 - 2015-08-28 19:53 - 01591064 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2015-08-28 19:53 - 2015-08-28 19:53 - 01508936 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2015-08-28 19:53 - 2015-08-28 19:53 - 01164336 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
2015-08-28 19:53 - 2015-08-28 19:53 - 00743968 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2015-08-28 19:53 - 2015-08-28 19:53 - 00727440 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2015-08-28 19:53 - 2015-08-28 19:53 - 00708320 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2015-08-28 19:53 - 2015-08-28 19:53 - 00678192 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2015-08-28 19:53 - 2015-08-28 19:53 - 00677680 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2015-08-28 19:53 - 2015-08-28 19:53 - 00618192 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll
2015-08-28 19:53 - 2015-08-28 19:53 - 00574760 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2015-08-28 19:53 - 2015-08-28 19:53 - 00514528 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll
2015-08-28 19:53 - 2015-08-28 19:53 - 00504312 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2015-08-28 19:53 - 2015-08-28 19:53 - 00500560 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll
2015-08-28 19:53 - 2015-08-28 19:53 - 00447728 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2015-08-28 19:53 - 2015-08-28 19:53 - 00445408 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2015-08-28 19:53 - 2015-08-28 19:53 - 00441272 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2015-08-28 19:53 - 2015-08-28 19:53 - 00428232 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll
2015-08-28 19:53 - 2015-08-28 19:53 - 00330568 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2015-08-28 19:53 - 2015-08-28 19:53 - 00327464 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2015-08-28 19:53 - 2015-08-28 19:53 - 00321720 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2015-08-28 19:53 - 2015-08-28 19:53 - 00321720 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2015-08-28 19:53 - 2015-08-28 19:53 - 00272720 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2015-08-28 19:53 - 2015-08-28 19:53 - 00253904 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2015-08-28 19:53 - 2015-08-28 19:53 - 00253872 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2015-08-28 19:53 - 2015-08-28 19:53 - 00252880 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2015-08-28 19:53 - 2015-08-28 19:53 - 00151792 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2015-08-28 19:53 - 2015-08-28 19:53 - 00134208 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2015-08-28 19:53 - 2015-08-28 19:53 - 00122328 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2015-08-28 19:53 - 2015-08-28 19:53 - 00118600 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2015-08-28 19:53 - 2015-08-28 19:53 - 00084624 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2015-08-28 19:44 - 2015-08-28 19:44 - 00103424 _____ (Advanced Micro Devices) C:\Windows\system32\DelayAPO.dll
2015-08-28 19:44 - 2015-08-28 19:44 - 00102912 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\AtihdWT6.sys
2015-08-28 19:40 - 2015-09-09 01:39 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-08-28 19:40 - 2015-08-28 19:40 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2015-08-28 19:39 - 2015-09-09 01:41 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-08-28 19:17 - 2015-08-28 19:17 - 04325544 _____ (Qualcomm Atheros Communications, Inc.) C:\Windows\system32\Drivers\athw10x.sys
2015-08-28 19:03 - 2015-08-28 21:52 - 00000000 ____D C:\Users\gregtinder1988\AppData\Local\Unity
2015-08-28 19:03 - 2015-08-28 19:03 - 00000000 ____D C:\ppsfile
2015-08-28 19:02 - 2015-08-28 19:02 - 00000000 ____D C:\Users\Public\QiYi
2015-08-28 19:01 - 2015-09-11 01:21 - 00000000 ____D C:\AdwCleaner
2015-08-28 19:01 - 2015-07-10 12:00 - 00032200 _____ C:\Windows\Professional.xml
2015-08-28 19:00 - 2015-08-28 19:00 - 00000000 __SHD C:\Windows\BitLockerDiscoveryVolumeContents
2015-08-28 19:00 - 2015-08-28 17:10 - 00000000 ____D C:\Windows\CSC
2015-08-28 18:58 - 2015-09-06 06:40 - 00000000 ___DC C:\Windows\Panther
2015-08-28 18:58 - 2015-08-31 11:20 - 00000000 ____D C:\Windows.old
2015-08-28 18:57 - 2015-08-28 18:57 - 00008192 _____ C:\Windows\system32\config\userdiff
2015-08-28 18:51 - 2015-08-28 18:51 - 00000000 _____ C:\Windows\SysWOW64\Number of results
2015-08-28 18:50 - 2015-09-11 01:25 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2015-08-28 18:45 - 2015-08-28 19:20 - 00000000 ____D C:\Users\gregtinder1988\AppData\Roaming\Opera Software
2015-08-28 18:45 - 2015-08-28 19:20 - 00000000 ____D C:\Users\gregtinder1988\AppData\Local\Opera Software
2015-08-28 18:44 - 2015-08-28 18:44 - 00061037 _____ C:\Windows\SysWOW64\CCCInstall_201508281944179800.log
2015-08-28 18:43 - 2015-08-28 18:43 - 00000000 ____D C:\Users\gregtinder1988\AppData\Roaming\ATI
2015-08-28 18:43 - 2015-08-28 18:43 - 00000000 ____D C:\Users\gregtinder1988\AppData\Local\ATI
2015-08-28 18:42 - 2015-08-28 18:42 - 00000865 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-08-28 18:42 - 2015-08-28 18:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-08-28 18:42 - 2015-08-28 18:42 - 00000000 ____D C:\Program Files\CCleaner
2015-08-28 18:41 - 2015-08-28 18:42 - 00000000 ____D C:\ProgramData\IcyCarje
2015-08-28 18:39 - 2015-09-11 01:24 - 00001094 _____ C:\Windows\Tasks\iBRuGWM7XjibzYKtKtSHoczLgc0.job
2015-08-28 18:36 - 2015-08-30 19:59 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-08-28 18:34 - 2015-08-28 21:49 - 00000000 ____D C:\ProgramData\ToolsUpdatePlatform
2015-08-28 18:33 - 2015-08-28 18:33 - 00000000 ____D C:\Users\Public\Documents\Guid
2015-08-28 18:33 - 2015-07-10 12:02 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-08-28 18:32 - 2015-08-28 18:32 - 00000000 ____D C:\Users\Public\Documents\Baidu
2015-08-28 18:22 - 2015-08-28 18:22 - 00000000 ____D C:\Program Files\DIFX
2015-08-28 18:20 - 2015-08-28 18:20 - 00056944 _____ C:\Windows\system32\ASGCoInstaller_x64.dll
2015-08-28 18:20 - 2015-08-28 18:20 - 00000000 ____D C:\ProgramData\SetupTPDriver
2015-08-28 18:20 - 2015-08-28 18:20 - 00000000 ____D C:\Program Files (x86)\ASUS
2015-08-28 18:16 - 2015-09-11 01:29 - 00000938 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-28 18:16 - 2015-09-11 01:24 - 00000934 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-28 18:16 - 2015-09-11 01:09 - 00000000 ____D C:\Users\gregtinder1988\AppData\Roaming\vlc
2015-08-28 18:16 - 2015-08-28 18:20 - 00000000 ____D C:\Users\gregtinder1988\AppData\Local\Google
2015-08-28 18:16 - 2015-08-28 18:19 - 00000000 ____D C:\Program Files (x86)\Google
2015-08-28 18:16 - 2015-08-28 18:16 - 00001145 _____ C:\Users\Public\Desktop\VLC media player.lnk
2015-08-28 18:16 - 2015-08-28 18:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-08-28 18:15 - 2015-08-28 18:15 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2015-08-28 18:13 - 2015-08-28 18:13 - 00000000 ____D C:\Users\gregtinder1988\AppData\Local\PeerDistRepub
2015-08-28 18:12 - 2015-08-28 18:12 - 00000000 ____D C:\ProgramData\Microsoft Toolkit
2015-08-28 18:11 - 2015-08-28 18:11 - 00000000 ____D C:\ProgramData\AMD
2015-08-28 18:11 - 2015-08-28 18:11 - 00000000 ____D C:\Program Files\ATI Technologies
2015-08-28 18:10 - 2015-08-28 18:45 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2015-08-28 18:09 - 2015-08-28 18:09 - 00000000 ___HD C:\OneDriveTemp
2015-08-28 18:03 - 2015-08-28 18:55 - 00000000 ____D C:\ProgramData\Package Cache
2015-08-28 18:03 - 2015-08-28 18:03 - 00895256 _____ (Realtek ) C:\Windows\system32\Drivers\rt640x64.sys
2015-08-28 18:03 - 2015-08-28 18:03 - 00091272 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2015-08-28 18:02 - 2015-09-11 01:23 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2015-08-28 18:02 - 2015-08-28 18:02 - 00000000 _____ C:\Windows\ativpsrm.bin
2015-08-28 18:01 - 2015-08-28 18:01 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2015-08-28 18:01 - 2015-08-28 18:01 - 00000000 ____D C:\Program Files\AMD
2015-08-28 17:59 - 2015-08-28 17:59 - 47795680 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 39723504 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 30760944 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 27544560 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl12cl64.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 25308656 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 22328800 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl12cl.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 21632992 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2015-08-28 17:59 - 2015-08-28 17:59 - 15727072 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 14312416 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 12062040 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 10191264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 09191312 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdxc64.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 08979760 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 08865496 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 08009344 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 07575664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdxc32.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 07482560 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 06486000 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 05076976 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 03471376 _____ C:\Windows\SysWOW64\atiumdva.cap
2015-08-28 17:59 - 2015-08-28 17:59 - 03437632 _____ C:\Windows\system32\atiumd6a.cap
2015-08-28 17:59 - 2015-08-28 17:59 - 01468224 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 01257952 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 01213192 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 01196032 _____ C:\Windows\system32\amdocl_as64.exe
2015-08-28 17:59 - 2015-08-28 17:59 - 01070592 _____ C:\Windows\system32\amdocl_ld64.exe
2015-08-28 17:59 - 2015-08-28 17:59 - 01005552 _____ C:\Windows\SysWOW64\amdocl_as32.exe
2015-08-28 17:59 - 2015-08-28 17:59 - 00936928 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00936928 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00874480 _____ (AMD) C:\Windows\system32\coinst_15.20.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00833798 _____ C:\Windows\system32\amdicdxx.dat
2015-08-28 17:59 - 2015-08-28 17:59 - 00807424 _____ C:\Windows\SysWOW64\amdocl_ld32.exe
2015-08-28 17:59 - 2015-08-28 17:59 - 00737410 _____ C:\Windows\system32\atiicdxx.dat
2015-08-28 17:59 - 2015-08-28 17:59 - 00681456 _____ (AMD) C:\Windows\system32\atieclxx.exe
2015-08-28 17:59 - 2015-08-28 17:59 - 00675296 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2015-08-28 17:59 - 2015-08-28 17:59 - 00660928 _____ C:\Windows\SysWOW64\atiapfxx.blb
2015-08-28 17:59 - 2015-08-28 17:59 - 00660928 _____ C:\Windows\system32\atiapfxx.blb
2015-08-28 17:59 - 2015-08-28 17:59 - 00472832 _____ C:\Windows\system32\amdmiracast.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00452576 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00377312 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
2015-08-28 17:59 - 2015-08-28 17:59 - 00341488 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIODE.exe
2015-08-28 17:59 - 2015-08-28 17:59 - 00322868 _____ C:\Windows\system32\ativvaxy_vi.dat
2015-08-28 17:59 - 2015-08-28 17:59 - 00321200 _____ C:\Windows\system32\ativvaxy_vi_nd.dat
2015-08-28 17:59 - 2015-08-28 17:59 - 00256992 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2015-08-28 17:59 - 2015-08-28 17:59 - 00255808 _____ C:\Windows\system32\ativvaxy_cz_nd.dat
2015-08-28 17:59 - 2015-08-28 17:59 - 00250884 _____ C:\Windows\system32\ativvaxy_FJ.dat
2015-08-28 17:59 - 2015-08-28 17:59 - 00249088 _____ C:\Windows\system32\ativvaxy_FJ_nd.dat
2015-08-28 17:59 - 2015-08-28 17:59 - 00243696 _____ C:\Windows\system32\clinfo.exe
2015-08-28 17:59 - 2015-08-28 17:59 - 00234420 _____ C:\Windows\system32\ativvaxy_cik.dat
2015-08-28 17:59 - 2015-08-28 17:59 - 00232752 _____ C:\Windows\system32\ativvaxy_cik_nd.dat
2015-08-28 17:59 - 2015-08-28 17:59 - 00213488 _____ C:\Windows\system32\amdgfxinfo64.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00204952 _____ C:\Windows\SysWOW64\ativvsvl.dat
2015-08-28 17:59 - 2015-08-28 17:59 - 00204952 _____ C:\Windows\system32\ativvsvl.dat
2015-08-28 17:59 - 2015-08-28 17:59 - 00201184 _____ (AMD) C:\Windows\system32\atitmm64.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00198640 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00170464 _____ C:\Windows\system32\atieah64.exe
2015-08-28 17:59 - 2015-08-28 17:59 - 00169152 _____ C:\Windows\system32\ativce03.dat
2015-08-28 17:59 - 2015-08-28 17:59 - 00167456 _____ C:\Windows\system32\amde31a.dat
2015-08-28 17:59 - 2015-08-28 17:59 - 00165360 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00162240 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00157144 _____ C:\Windows\SysWOW64\ativvsva.dat
2015-08-28 17:59 - 2015-08-28 17:59 - 00157144 _____ C:\Windows\system32\ativvsva.dat
2015-08-28 17:59 - 2015-08-28 17:59 - 00153456 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdhcp64.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00152560 _____ C:\Windows\SysWOW64\atieah32.exe
2015-08-28 17:59 - 2015-08-28 17:59 - 00152032 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00143344 _____ C:\Windows\system32\amdhdl64.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00143048 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00140240 _____ C:\Windows\system32\samu_krnl_ci.sbin
2015-08-28 17:59 - 2015-08-28 17:59 - 00138832 _____ C:\Windows\system32\samu_krnl_isv_ci.sbin
2015-08-28 17:59 - 2015-08-28 17:59 - 00138384 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdhcp32.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00136176 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00132080 _____ C:\Windows\SysWOW64\amdhdl32.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00131592 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00122352 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00117600 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00113880 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00111832 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00111600 _____ C:\Windows\system32\hsa-thunk64.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00111088 _____ C:\Windows\SysWOW64\hsa-thunk.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00102384 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00100816 _____ C:\Windows\system32\ativce02.dat
2015-08-28 17:59 - 2015-08-28 17:59 - 00099296 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00095216 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00091104 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00089520 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00088000 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00085472 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00082680 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00081160 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00078320 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00078320 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00073712 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00071152 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00069600 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00064496 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00062432 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00061408 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIODCLI.exe
2015-08-28 17:59 - 2015-08-28 17:59 - 00059376 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00059360 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00052208 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00049632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00047664 _____ C:\Windows\system32\kapp_ci.sbin
2015-08-28 17:59 - 2015-08-28 17:59 - 00043408 _____ C:\Windows\system32\kapp_si.sbin
2015-08-28 17:59 - 2015-08-28 17:59 - 00039904 _____ (AMD) C:\Windows\system32\atimuixx.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00012784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\detoured.dll
2015-08-28 17:59 - 2015-08-28 17:59 - 00012784 _____ (Microsoft Corporation) C:\Windows\system32\detoured.dll
2015-08-28 17:43 - 2015-08-28 17:43 - 00000000 _____ C:\Recovery.txt
2015-08-28 17:42 - 2015-08-28 18:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-08-28 17:41 - 2015-08-28 17:41 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2015-08-28 17:40 - 2015-08-28 17:40 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2015-08-28 17:38 - 2015-08-28 17:40 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2015-08-28 17:38 - 2015-08-28 17:38 - 00000000 ____D C:\Windows\PCHEALTH
2015-08-28 17:35 - 2015-08-28 17:35 - 00000000 ____D C:\Users\gregtinder1988\AppData\Local\NetworkTiles
2015-08-28 17:34 - 2015-08-28 17:36 - 00002367 _____ C:\Users\gregtinder1988\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-08-28 17:32 - 2015-08-28 17:52 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-28 17:32 - 2015-08-28 17:38 - 00000000 ____D C:\Program Files\Microsoft Office
2015-08-28 17:32 - 2015-08-28 17:32 - 00000000 ____D C:\Users\gregtinder1988\AppData\Local\Microsoft Help
2015-08-28 17:32 - 2015-08-28 17:32 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2015-08-28 17:32 - 2015-08-28 17:32 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-08-28 17:32 - 2015-08-28 17:32 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2015-08-28 17:30 - 2015-08-28 17:30 - 00027872 _____ (ASUS) C:\Windows\system32\Drivers\AsHIDSwitch64.sys
2015-08-28 17:29 - 2015-08-28 17:29 - 00000420 _____ C:\Users\gregtinder1988\Desktop\This PC - Shortcut.lnk
2015-08-28 17:27 - 2015-08-28 17:27 - 00000000 ____D C:\Users\gregtinder1988\AppData\Local\MicrosoftEdge
2015-08-28 17:27 - 2015-08-28 17:27 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2015-08-28 17:26 - 2015-08-28 17:28 - 00000000 ____D C:\Users\gregtinder1988\AppData\Local\Comms
2015-08-28 17:25 - 2015-08-28 17:47 - 00000000 ____D C:\Users\gregtinder1988\AppData\Local\PackageStaging
2015-08-28 17:23 - 2015-08-28 17:23 - 00000020 ___SH C:\Users\gregtinder1988\ntuser.ini
2015-08-28 17:23 - 2015-08-28 17:23 - 00000000 ____D C:\Users\gregtinder1988\AppData\Roaming\Adobe
2015-08-28 17:23 - 2015-08-28 17:23 - 00000000 ____D C:\Users\gregtinder1988\AppData\Local\VirtualStore
2015-08-28 17:23 - 2015-08-28 17:23 - 00000000 ____D C:\Users\gregtinder1988\AppData\Local\TileDataLayer
2015-08-28 17:18 - 2015-08-30 21:54 - 00830266 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-28 17:13 - 2015-08-28 17:13 - 00001833 _____ C:\Users\gregtinder1988\AppData\Local\Application.xml
2015-08-28 17:11 - 2015-09-09 01:11 - 00000000 ____D C:\Users\gregtinder1988
2015-08-28 17:11 - 2015-08-28 17:23 - 00000000 ___RD C:\Users\gregtinder1988\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-28 17:11 - 2015-08-28 17:13 - 00013338 _____ C:\Windows\diagwrn.xml
2015-08-28 17:11 - 2015-08-28 17:13 - 00013338 _____ C:\Windows\diagerr.xml
2015-08-28 17:11 - 2015-07-10 12:04 - 00000000 __RSD C:\Users\gregtinder1988\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-08-28 17:11 - 2015-07-10 12:04 - 00000000 ___RD C:\Users\gregtinder1988\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-28 17:11 - 2015-07-10 12:04 - 00000000 ___RD C:\Users\gregtinder1988\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-08-28 17:11 - 2015-07-10 12:04 - 00000000 ____D C:\Users\gregtinder1988\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-08-28 17:07 - 2015-07-10 11:59 - 02718208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2015-08-28 17:05 - 2015-08-28 17:05 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-08-28 17:04 - 2015-08-28 17:04 - 00000000 ____D C:\Windows\system32\config\bbimigrate
2015-08-28 15:45 - 2015-08-28 22:08 - 00000000 ___HD C:\$SysReset
2015-08-23 16:08 - 2015-08-23 16:08 - 00862664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr110.dll
2015-08-23 16:08 - 2015-08-23 16:08 - 00534480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp110.dll
2015-08-23 16:08 - 2015-08-23 16:08 - 00251864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vccorlib110.dll
2015-08-23 16:08 - 2015-08-23 16:08 - 00100776 _____ (ASUS Corporation) C:\Windows\system32\Drivers\AsusTP.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-11 01:26 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\system32\sru
2015-09-11 01:23 - 2015-07-10 13:21 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-11 01:23 - 2015-07-10 10:05 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-09-10 08:07 - 2015-06-19 04:10 - 00000000 ____D C:\Users\gregtinder1988\Desktop\TV to watch
2015-09-10 04:41 - 2015-07-10 11:55 - 00000000 ____D C:\Windows\CbsTemp
2015-09-10 01:09 - 2015-05-22 20:23 - 00060811 _____ C:\Users\gregtinder1988\Documents\Life Planner.xlsx
2015-09-06 08:36 - 2015-07-10 13:20 - 00341400 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-06 06:42 - 2015-07-10 12:04 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-09-02 16:47 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\AppReadiness
2015-09-02 16:43 - 2015-02-23 09:17 - 00000000 ____D C:\Users\gregtinder1988\AppData\Local\Packages
2015-08-30 19:08 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\appcompat
2015-08-28 19:58 - 2015-07-10 12:00 - 00680256 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2015-08-28 19:58 - 2015-07-10 12:00 - 00534064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2015-08-28 19:27 - 2015-07-10 12:04 - 00000269 _____ C:\Windows\win.ini
2015-08-28 19:01 - 2015-06-18 19:33 - 00000000 ____D C:\Recovery
2015-08-28 19:00 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\SysWOW64\en-GB
2015-08-28 19:00 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\system32\en-GB
2015-08-28 19:00 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\security
2015-08-28 19:00 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-08-28 18:59 - 2015-07-10 12:01 - 00577536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpprefcl.dll
2015-08-28 18:59 - 2015-07-10 12:01 - 00475648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrptadm.dll
2015-08-28 18:59 - 2015-07-10 12:01 - 00453120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AdmTmpl.dll
2015-08-28 18:59 - 2015-07-10 12:01 - 00372224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appmgr.dll
2015-08-28 18:59 - 2015-07-10 12:01 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PeerDistSh.dll
2015-08-28 18:59 - 2015-07-10 12:01 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SrpUxNativeSnapIn.dll
2015-08-28 18:59 - 2015-07-10 12:01 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppIdPolicyEngineApi.dll
2015-08-28 18:59 - 2015-07-10 12:01 - 00220672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AuditNativeSnapIn.dll
2015-08-28 18:59 - 2015-07-10 12:01 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PeerDist.dll
2015-08-28 18:59 - 2015-07-10 12:01 - 00165376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appmgmts.dll
2015-08-28 18:59 - 2015-07-10 12:01 - 00147439 _____ C:\Windows\SysWOW64\gpedit.msc
2015-08-28 18:59 - 2015-07-10 12:01 - 00096256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpolmsg.dll
2015-08-28 18:59 - 2015-07-10 12:01 - 00058368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AuditPolicyGPInterop.dll
2015-08-28 18:59 - 2015-07-10 12:01 - 00043566 _____ C:\Windows\SysWOW64\rsop.msc
2015-08-28 18:59 - 2015-07-10 12:01 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpscript.dll
2015-08-28 18:59 - 2015-07-10 12:01 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpscript.exe
2015-08-28 18:59 - 2015-07-10 12:00 - 01977856 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistSvc.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 01359872 _____ (Microsoft Corporation) C:\Windows\system32\srmclient.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00957440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srmclient.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00833536 _____ (Microsoft Corporation) C:\Windows\system32\pmcsnap.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00815104 _____ (Microsoft Corporation) C:\Windows\system32\fvewiz.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00785408 _____ (Microsoft Corporation) C:\Windows\system32\cscui.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00733184 _____ (Microsoft Corporation) C:\Windows\system32\cscsvc.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00682496 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistCacheProvider.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00677376 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\srmscan.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00567808 _____ (Microsoft Corporation) C:\Windows\system32\AdmTmpl.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00561152 _____ (Microsoft Corporation) C:\Windows\system32\scrptadm.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00544768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\csc.sys
2015-08-28 18:59 - 2015-07-10 12:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srmscan.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\appmgr.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00431104 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistSh.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\AppIdPolicyEngineApi.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00361472 _____ (Microsoft Corporation) C:\Windows\system32\bdechangepin.exe
2015-08-28 18:59 - 2015-07-10 12:00 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\fvecpl.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00314368 _____ (Microsoft Corporation) C:\Windows\system32\SrpUxNativeSnapIn.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\cscobj.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00286208 _____ (Microsoft Corporation) C:\Windows\system32\srmstormod.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00280064 _____ (Microsoft Corporation) C:\Windows\system32\srm.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srm.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00272384 _____ (Microsoft Corporation) C:\Windows\system32\ddputils.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00269824 _____ (Microsoft Corporation) C:\Windows\system32\ppcsnap.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\ddpchunk.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\tscfgwmi.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\AuditNativeSnapIn.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\PeerDist.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\PresentationSettings.exe
2015-08-28 18:59 - 2015-07-10 12:00 - 00214528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscobj.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srmstormod.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00200192 _____ (Microsoft Corporation) C:\Windows\system32\appmgmts.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistWSDDiscoProv.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00175616 _____ (Microsoft Corporation) C:\Windows\system32\srmshell.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistCleaner.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\fveprompt.exe
2015-08-28 18:59 - 2015-07-10 12:00 - 00147439 _____ C:\Windows\system32\gpedit.msc
2015-08-28 18:59 - 2015-07-10 12:00 - 00147296 _____ (Microsoft Corporation) C:\Windows\system32\CscMig.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00146389 _____ C:\Windows\system32\printmanagement.msc
2015-08-28 18:59 - 2015-07-10 12:00 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\ddptrace.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00137728 _____ (Microsoft Corporation) C:\Windows\system32\adrclient.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\BdeHdCfg.exe
2015-08-28 18:59 - 2015-07-10 12:00 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srmshell.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00120458 _____ C:\Windows\system32\secpol.msc
2015-08-28 18:59 - 2015-07-10 12:00 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\baaupdate.exe
2015-08-28 18:59 - 2015-07-10 12:00 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\BdeHdCfgLib.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00102912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adrclient.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\BitLockerWizardElev.exe
2015-08-28 18:59 - 2015-07-10 12:00 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\BitLockerWizard.exe
2015-08-28 18:59 - 2015-07-10 12:00 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\auditpolmsg.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srmlib.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\srmlib.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\srmtrace.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\AuditPolicyGPInterop.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\PrintBrmUi.exe
2015-08-28 18:59 - 2015-07-10 12:00 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srmtrace.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistHttpTrans.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\ddp_ps.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00052576 _____ (Microsoft Corporation) C:\Windows\system32\embeddedapplauncher.exe
2015-08-28 18:59 - 2015-07-10 12:00 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.exe
2015-08-28 18:59 - 2015-07-10 12:00 - 00043566 _____ C:\Windows\system32\rsop.msc
2015-08-28 18:59 - 2015-07-10 12:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\PeerDistAD.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00041312 _____ (Microsoft Corporation) C:\Windows\system32\EmbeddedAppLauncherConfig.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\srm_ps.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\qwinsta.exe
2015-08-28 18:59 - 2015-07-10 12:00 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\qprocess.exe
2015-08-28 18:59 - 2015-07-10 12:00 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\msg.exe
2015-08-28 18:59 - 2015-07-10 12:00 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\quser.exe
2015-08-28 18:59 - 2015-07-10 12:00 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\chgport.exe
2015-08-28 18:59 - 2015-07-10 12:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\qappsrv.exe
2015-08-28 18:59 - 2015-07-10 12:00 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\tskill.exe
2015-08-28 18:59 - 2015-07-10 12:00 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\tsdiscon.exe
2015-08-28 18:59 - 2015-07-10 12:00 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\tscon.exe
2015-08-28 18:59 - 2015-07-10 12:00 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\rwinsta.exe
2015-08-28 18:59 - 2015-07-10 12:00 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\logoff.exe
2015-08-28 18:59 - 2015-07-10 12:00 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\chgusr.exe
2015-08-28 18:59 - 2015-07-10 12:00 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\chglogon.exe
2015-08-28 18:59 - 2015-07-10 12:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\reset.exe
2015-08-28 18:59 - 2015-07-10 12:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\change.exe
2015-08-28 18:59 - 2015-07-10 12:00 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srm_ps.dll
2015-08-28 18:59 - 2015-07-10 12:00 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\query.exe
2015-08-28 18:59 - 2015-07-10 12:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\BdeSysprep.dll
2015-08-28 18:58 - 2015-07-10 12:04 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2015-08-28 18:19 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\system32\WinBioDatabase
2015-08-28 18:17 - 2015-02-23 09:20 - 00000000 ___RD C:\Users\gregtinder1988\OneDrive
2015-08-28 18:02 - 2015-02-23 12:16 - 00000000 ____D C:\AMD
2015-08-28 17:42 - 2015-07-10 17:29 - 00000000 ____D C:\Windows\ShellNew
2015-08-28 17:41 - 2015-07-10 12:04 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-08-28 17:34 - 2015-07-10 12:04 - 00000000 ____D C:\Program Files\Common Files\System
2015-08-28 17:32 - 2015-06-19 04:10 - 00000000 ___RD C:\Users\gregtinder1988\Desktop\Films to watch
2015-08-28 17:30 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\system32\restore
2015-08-28 17:25 - 2015-07-10 12:04 - 00000000 ___RD C:\Windows\PurchaseDialog
2015-08-28 17:24 - 2015-07-10 12:04 - 00000000 ___RD C:\Windows\PrintDialog
2015-08-28 17:24 - 2015-07-10 12:04 - 00000000 ___RD C:\Windows\MiracastView
2015-08-28 17:24 - 2015-07-10 12:04 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2015-08-28 17:18 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\rescache
2015-08-28 17:12 - 2015-07-10 12:04 - 00000000 __RHD C:\Users\Public\Libraries
2015-08-28 17:12 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\system32\Recovery
2015-08-28 17:09 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\system32\spool
2015-08-28 17:09 - 2015-07-10 12:04 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-08-28 17:05 - 2015-07-10 10:05 - 00000000 ____D C:\Windows\system32\Sysprep
2015-08-28 17:02 - 2015-07-10 10:05 - 00000000 __RHD C:\Users\Default
2015-08-15 00:21 - 2014-10-26 22:38 - 00000000 ____D C:\Users\gregtinder1988\Documents\Personal
 
==================== Files in the root of some directories =======
 
2015-04-19 13:20 - 2015-04-19 13:20 - 0005872 _____ () C:\Users\gregtinder1988\AppData\Roaming\biQfrLT2d54u
2015-04-20 15:05 - 2015-04-20 15:05 - 1579520 _____ () C:\Users\gregtinder1988\AppData\Roaming\biQfrLT2d54u.exe
2015-04-19 13:20 - 2015-04-19 13:20 - 0005872 _____ () C:\Users\gregtinder1988\AppData\Roaming\iBRuGWM7XjibzYKtKtSHoczLgc0
2015-04-20 15:05 - 2015-04-20 15:05 - 1579520 _____ () C:\Users\gregtinder1988\AppData\Roaming\iBRuGWM7XjibzYKtKtSHoczLgc0.exe
2015-08-28 17:13 - 2015-08-28 17:13 - 0001833 _____ () C:\Users\gregtinder1988\AppData\Local\Application.xml
2015-09-07 17:10 - 2015-09-07 17:10 - 0000000 ____H () C:\Users\gregtinder1988\AppData\Local\BIT71C6.tmp
2015-09-02 17:11 - 2015-09-02 17:11 - 0613255 _____ (CMI Limited) C:\Users\gregtinder1988\AppData\Local\nsfD22.tmp
2015-08-28 18:43 - 2015-08-28 18:43 - 0000187 _____ () C:\Users\gregtinder1988\AppData\Local\Techitrax.exe.config
2015-09-07 17:10 - 2015-09-07 17:10 - 0000000 _____ () C:\Users\gregtinder1988\AppData\Local\{F5E6B930-0A31-4080-B830-54755D8BF0C5}
2015-08-28 19:54 - 2015-08-28 19:54 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\gregtinder1988\AppData\Local\Temp\DVQAF31.exe
C:\Users\gregtinder1988\AppData\Local\Temp\sqlite3.dll
C:\Users\gregtinder1988\AppData\Local\Temp\supoptsetup.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll
[2015-07-10 12:00] - [2015-08-28 19:58] - 0680256 ____A (Microsoft Corporation) D72F00D038CAF288009C8A7FC3BA2B11
 
C:\Windows\SysWOW64\dnsapi.dll
[2015-07-10 12:00] - [2015-08-28 19:58] - 0534064 ____A (Microsoft Corporation) 4111492514CD8085E67C844E9C9FD74D
 
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-09-08 06:48
 
==================== End of FRST.txt ============================


#10 gregafish

gregafish
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Location:norfolk engalnd
  • Local time:07:38 PM

Posted 10 September 2015 - 07:39 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-09-2015 01
Ran by gregtinder1988 (2015-09-11 01:34:38)
Running from C:\Users\gregtinder1988\Desktop
Windows 10 Pro (X64) (2015-08-28 16:15:14)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1997882694-1096448110-3519574286-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1997882694-1096448110-3519574286-503 - Limited - Disabled)
gregtinder1988 (S-1-5-21-1997882694-1096448110-3519574286-1000 - Administrator - Enabled) => C:\Users\gregtinder1988
Guest (S-1-5-21-1997882694-1096448110-3519574286-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.5 - ASUS)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.03 - Piriform)
Classic Shell (HKLM\...\{E289B7DD-6732-4333-A47A-75A145D23EE3}) (Version: 4.2.4 - IvoSoft)
Free Alarm Clock 3.1.0 (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 3.1 - Comfort Software Group)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7571 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Driver Package - ASUS (ATP) Mouse  (06/17/2015 1.0.0.262) (HKLM\...\14588A15B66655338DBCC021FFA81E31DC281859) (Version: 06/17/2015 1.0.0.262 - ASUS)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1997882694-1096448110-3519574286-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1997882694-1096448110-3519574286-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\gregtinder1988\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1997882694-1096448110-3519574286-1000_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\gregtinder1988\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1997882694-1096448110-3519574286-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\gregtinder1988\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1997882694-1096448110-3519574286-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\gregtinder1988\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1997882694-1096448110-3519574286-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\gregtinder1988\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1997882694-1096448110-3519574286-1000_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\gregtinder1988\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1997882694-1096448110-3519574286-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\gregtinder1988\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1997882694-1096448110-3519574286-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\gregtinder1988\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1997882694-1096448110-3519574286-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\gregtinder1988\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1997882694-1096448110-3519574286-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\gregtinder1988\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points =========================
 
Could not list restore points
Check "winmgmt" service or repair WMI.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-07-10 12:04 - 2015-07-10 12:02 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {00EEBA9C-F9EF-4272-B793-C830FBADD359} - System32\Tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup => C:\Windows\system32\dstokenclean.exe [2015-07-10] (Microsoft Corporation)
Task: {0C70CE90-3408-4D1C-A07C-EC0236A51FC0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {0CCA7916-2916-4F12-BD32-1E3BE31E1269} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join => C:\Windows\System32\dsregcmd.exe [2015-07-10] (Microsoft Corporation)
Task: {19865544-CE08-40BE-8B8C-87C47681433D} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sihboot => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation)
Task: {24443E04-53F6-4C09-B2C0-B5FCEEA34340} - \RtHDVBg -> No File <==== ATTENTION
Task: {2650F76B-A804-45C4-83C0-83D5C320D9AA} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {3F6E048D-6404-433B-8F5F-CFF4D89BF89E} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Rundll32.exe generaltel.dll,RunTelemetryW
Task: {41160EA0-208B-4C3E-B4DB-805BBABC6B93} - System32\Tasks\Microsoft\Windows\Feedback\Siuf\DmClient => C:\Windows\system32\dmclient.exe [2015-07-10] (Microsoft Corporation)
Task: {44CDB481-981D-499E-AD08-92C575F12843} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {57B42E65-B233-4803-823B-4D2EC14D9E1A} - \biQfrLT2d54u -> No File <==== ATTENTION
Task: {585309DE-9383-4969-8689-3293B906CD5B} - System32\Tasks\psv_iztw4nzb => cmd.exe /c regedit.exe /s "C:\ProgramData\ExtTag\jo0pmnre.pby.reg" &amp; del "C:\ProgramData\ExtTag\jo0pmnre.pby.reg" &amp; SCHTASKS /Delete /TN "psv_iztw4nzb" /F
Task: {5AE2CA1F-ED8A-413F-B6F7-468C5D5E9D7F} - \RtHDVBg_ListenToDevice -> No File <==== ATTENTION
Task: {73551810-E5F4-433E-9494-0D00B55C855E} - System32\Tasks\Microsoft\Windows\Maps\MapsToastTask
Task: {78B77FA3-9D97-441D-97B6-68CEA40B4F74} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe generaltel.dll,RunTelemetry -maintenance
Task: {8DF84CB3-D8E0-4307-A35B-CA74E21786DB} - System32\Tasks\Microsoft\Windows\Clip\License Validation => C:\Windows\system32\ClipUp.exe [2015-07-10] (Microsoft Corporation)
Task: {A5B6CD85-1B57-49B9-BA80-5D5D65F02826} - System32\Tasks\Microsoft\Windows\AppID\EDP Policy Manager
Task: {A82DFC0C-9209-4A52-AED3-CB98073A52DF} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe [2015-08-30] ()
Task: {B03D56A2-2733-4D0F-86E1-ECCD1F26103A} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {B9DAD549-29AD-4D7A-9649-748AD211F0EC} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {BE38AD20-B46E-4CF2-9287-E96AAE398998} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {C56AFFD3-06B8-4A16-AF7E-F7A6EB3FAE9E} - System32\Tasks\Microsoft\Windows\TPM\Tpm-HASCertRetr
Task: {C5EE2EA2-5312-4D1F-B9D0-41B18DF31B78} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sih => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation)
Task: {C7A236B2-12E1-46DC-9501-3B1B0209CC09} - System32\Tasks\Microsoft\Windows\Location\WindowsActionDialog => C:\Windows\System32\WindowsActionDialog.exe [2015-07-10] (Microsoft Corporation)
Task: {CD0A9FA7-095F-422C-9747-DC0D24B1C3AA} - System32\Tasks\DDGCUAFQONYARCNQ => C:\ProgramData\Service1291\Service1291.exe [2015-09-02] () <==== ATTENTION
Task: {CE88BB54-C440-4891-AB36-3E9043F43367} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {D43210C1-7C66-4606-A0D0-B970D0F93FB5} - System32\Tasks\Microsoft Office 15 Sync Maintenance for WIN-JB8A7APJU9F-gregtinder1988 WIN-JB8A7APJU9F => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2012-10-01] (Microsoft Corporation)
Task: {DDC99E79-74AB-47A3-99DD-BAEA4AC78F60} - System32\Tasks\KGZON1 => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
Task: {E1BCE21F-3C2A-4772-837D-B2B80B588810} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-07-28] (Microsoft Corporation)
Task: {E7AC45B6-41FA-493A-901B-228CDDCF7947} - \iBRuGWM7XjibzYKtKtSHoczLgc0 -> No File <==== ATTENTION
Task: {E7C6EA8D-8693-4239-A9C9-B6A60AC34F30} - \RTKCPL -> No File <==== ATTENTION
Task: {F25F03D9-D3B6-45E6-AE9C-A962B1E644CF} - \ASUS Smart Gesture Launcher -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\biQfrLT2d54u.job => C:\Users\gregtinder1988\AppData\Roaming\biQfrLT2d54u.exe <==== ATTENTION
Task: C:\Windows\Tasks\DDGCUAFQONYARCNQ.job => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\iBRuGWM7XjibzYKtKtSHoczLgc0.job => C:\Users\gregtinder1988\AppData\Roaming\iBRuGWM7XjibzYKtKtSHoczLgc0.exe <==== ATTENTION
Task: C:\Windows\Tasks\KGZON1.job => C:\ProgramData\FlashBeat\FlashBeat.exe <==== ATTENTION
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-07-10 12:00 - 2015-07-10 12:00 - 00032768 _____ () C:\Windows\SYSTEM32\licensemanagerapi.dll
2015-08-03 14:59 - 2015-08-03 14:59 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-07-10 11:59 - 2015-07-10 11:59 - 00403968 _____ () C:\Windows\System32\diagtrack_wininternal.dll
2015-07-10 12:00 - 2015-07-10 12:00 - 02498296 _____ () C:\Windows\system32\CoreUIComponents.dll
2015-07-10 12:00 - 2015-07-10 12:00 - 02498296 _____ () C:\Windows\System32\CoreUIComponents.dll
2013-10-17 10:25 - 2013-10-17 10:25 - 08866472 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-07-10 11:59 - 2015-07-10 11:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-10 12:00 - 2015-07-10 17:28 - 06579712 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-07-10 12:00 - 2015-07-10 17:28 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-07-10 12:00 - 2015-07-10 17:28 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-09-06 05:30 - 2015-08-28 01:17 - 01501512 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\libglesv2.dll
2015-09-06 05:30 - 2015-08-28 01:17 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\gregtinder1988\OneDrive:ms-properties
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TileDataModelSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1997882694-1096448110-3519574286-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\gregtinder1988\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\shantel-vansanten-27454-1366x768.jpg
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "gmsd_gb_005010074"
HKLM\...\StartupApproved\Run32: => "upgmsd_gb_005010074.exe"
HKLM\...\StartupApproved\Run32: => "IOPROTECT"
HKLM\...\StartupApproved\Run32: => "gmsd_gb_005010078"
HKU\S-1-5-21-1997882694-1096448110-3519574286-1000\...\StartupApproved\Run: => "Uninstall C:\Users\gregtinder1988\AppData\Local\Microsoft\OneDrive\17.3.5892.0626"
HKU\S-1-5-21-1997882694-1096448110-3519574286-1000\...\StartupApproved\Run: => "Uninstall C:\Users\gregtinder1988\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-1997882694-1096448110-3519574286-1000\...\StartupApproved\Run: => "apphide"
HKU\S-1-5-21-1997882694-1096448110-3519574286-1000\...\StartupApproved\Run: => "Super Optimizer"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [{93767CF7-58DC-4FCE-AD9B-F4F07C127A14}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{7D5875B6-F254-452D-9732-6B8B677F5EED}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{F3731062-302E-46A8-A8B7-253C2256484C}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{87587780-5B34-4BEE-8A6E-E300E1FC66E8}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{C39D458C-60F0-496A-a783-FA7A390BAFA9}] => (Allow) C:\ProgramData\IcyCarje\gigoamaw.exe
FirewallRules: [{8A61ECC7-A2C0-43A8-A8DD-EA03743E79D9}] => (Allow) C:\ProgramData\IcyCarje\gigoamaw.exe
FirewallRules: [{327798A4-D9B5-4CBB-A8E2-2914C8ECC66F}] => (Allow) C:\ProgramData\IcyCarje\gigoamaw.exe
FirewallRules: [{71CC9D29-6A74-4B44-A823-4473291514EB}] => (Allow) C:\ProgramData\IcyCarje\gigoamaw.exe
FirewallRules: [{6A8AA82A-E580-4EE2-959E-F606C1E6ED54}] => (Allow) C:\ProgramData\IcyCarje\gigoamaw.exe
FirewallRules: [{EE085FBF-F6BA-4A9D-AEAB-B8FF2D130F65}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2CB29470-3A44-4A06-9154-E59A703357DD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C013BEB1-F4BC-4E16-9EF2-52E69E19FA6A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C57FAE14-8925-48C0-BE11-38B7C12824D0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{38525023-4724-4A01-BD48-EC141C23C34B}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{4A018204-19F0-4CA2-A241-F89285A1887E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Could not list Devices. Check "winmgmt" service or repair WMI.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/11/2015 01:24:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AutoKMS.exe, version: 2.6.0.0, time stamp: 0x55bfbc92
Faulting module name: KERNELBASE.dll, version: 10.0.10240.16384, time stamp: 0x559f38c3
Exception code: 0xe0434352
Fault offset: 0x000000000002a1c8
Faulting process ID: 0x454
Faulting application start time: 0xAutoKMS.exe0
Faulting application path: AutoKMS.exe1
Faulting module path: AutoKMS.exe2
Report ID: AutoKMS.exe3
Faulting package full name: AutoKMS.exe4
Faulting package-relative application ID: AutoKMS.exe5
 
Error: (09/11/2015 01:24:21 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: AutoKMS.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Runtime.InteropServices.COMException
Stack:
   at System.Management.ThreadDispatch.Start()
   at System.Management.ManagementScope.Initialize()
   at System.Management.ManagementObjectSearcher.Initialize()
   at System.Management.ManagementObjectSearcher.Get()
   at ..(System.String)
   at ..(.)
   at ..(.)
   at ..()
 
Error: (09/11/2015 01:09:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 22681031
 
Error: (09/11/2015 01:09:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 22681031
 
Error: (09/11/2015 01:09:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/10/2015 02:53:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3156
 
Error: (09/10/2015 02:53:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3156
 
Error: (09/10/2015 02:53:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/10/2015 02:11:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SettingSyncHost.exe, version: 10.0.10240.16384, time stamp: 0x559f39f4
Faulting module name: ESENT.dll, version: 10.0.10240.16384, time stamp: 0x559f3b3e
Exception code: 0xc0000005
Fault offset: 0x0000000000085126
Faulting process ID: 0xb68
Faulting application start time: 0xSettingSyncHost.exe0
Faulting application path: SettingSyncHost.exe1
Faulting module path: SettingSyncHost.exe2
Report ID: SettingSyncHost.exe3
Faulting package full name: SettingSyncHost.exe4
Faulting package-relative application ID: SettingSyncHost.exe5
 
Error: (09/10/2015 02:11:26 AM) (Source: ESENT) (EventID: 455) (User: )
Description: SettingSyncHost (2920) {6B201E9E-BC09-49E9-BCBB-E59D56B549A5}: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Users\gregtinder1988\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb.log.
 
 
System errors:
=============
Error: (09/11/2015 01:26:12 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Security Center service depends on the Windows Management Instrumentation service which failed to start because of the following error: 
%%1058
 
Error: (09/11/2015 01:24:04 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The IP Helper service depends on the Windows Management Instrumentation service which failed to start because of the following error: 
%%1058
 
Error: (09/11/2015 01:23:12 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Delivery Optimization service did not shut down properly after receiving a pre-shutdown control.
 
Error: (09/11/2015 01:22:22 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
%%1056
 
Error: (09/11/2015 01:22:07 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (09/11/2015 01:22:07 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (09/11/2015 01:22:07 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (09/11/2015 01:22:07 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (09/11/2015 01:21:54 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for DeleteFlag with the following error: 
%%5
 
Error: (09/11/2015 01:21:53 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The PP 1.10.0.24 Client Service service terminated unexpectedly. It has done this 1 time(s).
 
 
Microsoft Office:
=========================
Error: (09/11/2015 01:24:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: AutoKMS.exe2.6.0.055bfbc92KERNELBASE.dll10.0.10240.16384559f38c3e0434352000000000002a1c845401d0ec2827315a66C:\WINDOWS\AutoKMS\AutoKMS.exeC:\Windows\system32\KERNELBASE.dllbb09bc2b-1c90-460a-bcba-6538f3cddc0a
 
Error: (09/11/2015 01:24:21 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: AutoKMS.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Runtime.InteropServices.COMException
Stack:
   at System.Management.ThreadDispatch.Start()
   at System.Management.ManagementScope.Initialize()
   at System.Management.ManagementObjectSearcher.Initialize()
   at System.Management.ManagementObjectSearcher.Get()
   at ..(System.String)
   at ..(.)
   at ..(.)
   at ..()
 
Error: (09/11/2015 01:09:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 22681031
 
Error: (09/11/2015 01:09:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 22681031
 
Error: (09/11/2015 01:09:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/10/2015 02:53:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3156
 
Error: (09/10/2015 02:53:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3156
 
Error: (09/10/2015 02:53:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/10/2015 02:11:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: SettingSyncHost.exe10.0.10240.16384559f39f4ESENT.dll10.0.10240.16384559f3b3ec00000050000000000085126b6801d0ea9859df2755C:\Windows\system32\SettingSyncHost.exeC:\Windows\system32\ESENT.dll6bcee513-e6ce-4229-9a60-7d9122d762ef
 
Error: (09/10/2015 02:11:26 AM) (Source: ESENT) (EventID: 455) (User: )
Description: SettingSyncHost2920{6B201E9E-BC09-49E9-BCBB-E59D56B549A5}: C:\Users\gregtinder1988\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb.log-1032 (0xfffffbf8)
 
 
CodeIntegrity:
===================================
  Date: 2015-09-11 01:20:07.933
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-09-11 01:20:07.585
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-09-09 13:43:35.049
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-09-09 13:43:34.752
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-09-09 13:43:31.022
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-09-09 13:43:30.730
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-09-09 13:43:30.297
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-09-09 13:43:29.968
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-09-09 13:23:12.432
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-09-08 09:36:30.677
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: AMD A4-1200 APU with Radeon™ HD Graphics 
Percentage of memory in use: 37%
Total physical RAM: 3524.5 MB
Available physical RAM: 2189.07 MB
Total Virtual: 4164.5 MB
Available Virtual: 2757.76 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:186.3 GB) (Free:75.57 GB) NTFS
Drive d: (Data) (Fixed) (Total:258.34 GB) (Free:45.84 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 0FE4DC0A)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#11 gregafish

gregafish
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Location:norfolk engalnd
  • Local time:07:38 PM

Posted 11 September 2015 - 05:52 AM

Super optimiser reinstalled since last post just so you are aware

Thanks
Again
Greg

#12 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:07:38 PM

Posted 12 September 2015 - 05:40 AM

Hello Greg,

:step1: Fix with Farbar Recovery Scan Tool

  • Please download the attached fixlist.txt and save it to your Desktop.
    Note: It's important that both FRST64.exe and fixlist.txt are in the same location or the fix will not work!
    WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system!
  • Run FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log named Fixlog.txt on the Desktop, please post it to your reply

===

:step2: Emsisoft Emergency Kit

Please download Emsisoft Emergency Kit and save it to your desktop. Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click the Extract button at the bottom. A folder named EEK will be created in the root of the drive (usually c:\).

  • After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.
  • The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates. Please click Yes so that it downloads the latest database updates.
  • When update is complete, click Malware Scan. When asked if you want the scanner to scan for Potentially Unwanted Programs, click Yes. Emsisoft Emergency Kit will start scanning.
  • When the scan is completed click Quarantine selected objectsNote, this option is only available if malicious objects were detected during the scan.
  • When the threats have been quarantined, click the View report button in the lower-right corner, and the scan log will be opened in Notepad.
  • Please save the log in Notepad on your desktop and post the contents in your next reply.
  • When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.

To recap, in your next post I will need the contents of fixlog.txt and the log from Emsisoft Emergency Kit.

Regards,
Alex 



#13 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:07:38 PM

Posted 15 September 2015 - 12:16 PM

Hello Greg,

Are you still with me? It's been three days since my last post.

Regards,
Alex

#14 gregafish

gregafish
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Location:norfolk engalnd
  • Local time:07:38 PM

Posted 15 September 2015 - 01:02 PM

Sorry Alex,

 

Been away from an of any speed to download the emergency kit. Will post logs soon

 

Thanks again

 

Greg



#15 gregafish

gregafish
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Location:norfolk engalnd
  • Local time:07:38 PM

Posted 15 September 2015 - 01:45 PM

bsdriver => Unable to stop service.
bsdriver => service could not remove
{f4cb9340-0dd7-4463-b9a3-827f5fa2a8ee}Gw64 => service not found.
"C:\Users\gregtinder1988\AppData\Roaming\Panda Security" => File/Folder not found.
"C:\Program Files (x86)\Panda Security" => File/Folder not found.
"C:\ProgramData\Panda Security" => File/Folder not found.
"C:\Program Files\shopperz240820151333" => File/Folder not found.
 
========================= Folder: C:\Windows\system32\abis ========================
 
2015-08-28 19:58 - 2015-08-28 19:58 - 0000000 ____D () C:\Windows\system32\abis\cuuf
2015-08-28 19:58 - 2015-08-28 22:20 - 0001021 _____ () C:\Windows\system32\abis\cuuf\fah.dat
 
====== End of Folder: ======
 
"C:\ProgramData\Spybot - Search & Destroy" => File/Folder not found.
"C:\Windows\System32\Tasks\Safer-Networking" => File/Folder not found.
"C:\Program Files (x86)\Spybot - Search & Destroy 2" => File/Folder not found.
 
========================= Folder: C:\Windows\SysWOW64\Number of results ========================
 
C:\Windows\SysWOW64\Number of results => File
 
====== End of Folder: ======
 
"C:\Users\gregtinder1988\AppData\Roaming\biQfrLT2d54u" => File/Folder not found.
"C:\Users\gregtinder1988\AppData\Roaming\biQfrLT2d54u.exe" => File/Folder not found.
"C:\Users\gregtinder1988\AppData\Roaming\iBRuGWM7XjibzYKtKtSHoczLgc0" => File/Folder not found.
"C:\Users\gregtinder1988\AppData\Roaming\iBRuGWM7XjibzYKtKtSHoczLgc0.exe" => File/Folder not found.
 
=========  sfc /scannow =========
 
 
 
 
 B e g i n n i n g   s y s t e m   s c a n .     T h i s   p r o c e s s   w i l l   t a k e   s o m e   t i m e . 
 
 
 
 
 
 B e g i n n i n g   v e r i f i c a t i o n   p h a s e   o f   s y s t e m   s c a n . 
 
 
 V e r i f i c a t i o n   0 %   c o m p l e t e . V e r i f i c a t i o n   1 %   c o m p l e t e . V e r i f i c a t i o n   1 %   c o m p l e t e . V e r i f i c a t i o n   2 %   c o m p l e t e . V e r i f i c a t i o n   3 %   c o m p l e t e . V e r i f i c a t i o n   3 %   c o m p l e t e . V e r i f i c a t i o n   4 %   c o m p l e t e . V e r i f i c a t i o n   4 %   c o m p l e t e . V e r i f i c a t i o n   5 %   c o m p l e t e . V e r i f i c a t i o n   6 %   c o m p l e t e . V e r i f i c a t i o n   6 %   c o m p l e t e . V e r i f i c a t i o n   7 %   c o m p l e t e . V e r i f i c a t i o n   7 %   c o m p l e t e . V e r i f i c a t i o n   8 %   c o m p l e t e . V e r i f i c a t i o n   9 %   c o m p l e t e . V e r i f i c a t i o n   9 %   c o m p l e t e . V e r i f i c a t i o n   1 0 %   c o m p l e t e . V e r i f i c a t i o n   1 0 %   c o m p l e t e . V e r i f i c a t i o n   1 1 %   c o m p l e t e . V e r i f i c a t i o n   1 2 %   c o m p l e t e . V e r i f i c a t i o n   1 2 %   c o m p l e t e . V e r i f i c a t i o n   1 3 %   c o m p l e t e . V e r i f i c a t i o n   1 3 %   c o m p l e t e . V e r i f i c a t i o n   1 4 %   c o m p l e t e . V e r i f i c a t i o n   1 5 %   c o m p l e t e . V e r i f i c a t i o n   1 5 %   c o m p l e t e . V e r i f i c a t i o n   1 6 %   c o m p l e t e . V e r i f i c a t i o n   1 6 %   c o m p l e t e . V e r i f i c a t i o n   1 7 %   c o m p l e t e . V e r i f i c a t i o n   1 8 %   c o m p l e t e . V e r i f i c a t i o n   1 8 %   c o m p l e t e . V e r i f i c a t i o n   1 9 %   c o m p l e t e . V e r i f i c a t i o n   1 9 %   c o m p l e t e . V e r i f i c a t i o n   2 0 %   c o m p l e t e . V e r i f i c a t i o n   2 1 %   c o m p l e t e . V e r i f i c a t i o n   2 1 %   c o m p l e t e . V e r i f i c a t i o n   2 2 %   c o m p l e t e . V e r i f i c a t i o n   2 2 %   c o m p l e t e . V e r i f i c a t i o n   2 3 %   c o m p l e t e . V e r i f i c a t i o n   2 4 %   c o m p l e t e . V e r i f i c a t i o n   2 4 %   c o m p l e t e . V e r i f i c a t i o n   2 5 %   c o m p l e t e . V e r i f i c a t i o n   2 5 %   c o m p l e t e . V e r i f i c a t i o n   2 6 %   c o m p l e t e . V e r i f i c a t i o n   2 7 %   c o m p l e t e . V e r i f i c a t i o n   2 7 %   c o m p l e t e . V e r i f i c a t i o n   2 8 %   c o m p l e t e . V e r i f i c a t i o n   2 8 %   c o m p l e t e . V e r i f i c a t i o n   2 9 %   c o m p l e t e . V e r i f i c a t i o n   3 0 %   c o m p l e t e . V e r i f i c a t i o n   3 0 %   c o m p l e t e . V e r i f i c a t i o n   3 1 %   c o m p l e t e . V e r i f i c a t i o n   3 1 %   c o m p l e t e . V e r i f i c a t i o n   3 2 %   c o m p l e t e . V e r i f i c a t i o n   3 3 %   c o m p l e t e . V e r i f i c a t i o n   3 3 %   c o m p l e t e . V e r i f i c a t i o n   3 4 %   c o m p l e t e . V e r i f i c a t i o n   3 4 %   c o m p l e t e . V e r i f i c a t i o n   3 5 %   c o m p l e t e . V e r i f i c a t i o n   3 6 %   c o m p l e t e . V e r i f i c a t i o n   3 6 %   c o m p l e t e . V e r i f i c a t i o n   3 7 %   c o m p l e t e . V e r i f i c a t i o n   3 7 %   c o m p l e t e . V e r i f i c a t i o n   3 8 %   c o m p l e t e . V e r i f i c a t i o n   3 9 %   c o m p l e t e . V e r i f i c a t i o n   3 9 %   c o m p l e t e . V e r i f i c a t i o n   4 0 %   c o m p l e t e . V e r i f i c a t i o n   4 0 %   c o m p l e t e . V e r i f i c a t i o n   4 1 %   c o m p l e t e . V e r i f i c a t i o n   4 2 %   c o m p l e t e . V e r i f i c a t i o n   4 2 %   c o m p l e t e . V e r i f i c a t i o n   4 3 %   c o m p l e t e . V e r i f i c a t i o n   4 3 %   c o m p l e t e . V e r i f i c a t i o n   4 4 %   c o m p l e t e . V e r i f i c a t i o n   4 5 %   c o m p l e t e . V e r i f i c a t i o n   4 5 %   c o m p l e t e . V e r i f i c a t i o n   4 6 %   c o m p l e t e . V e r i f i c a t i o n   4 6 %   c o m p l e t e . V e r i f i c a t i o n   4 7 %   c o m p l e t e . V e r i f i c a t i o n   4 8 %   c o m p l e t e . V e r i f i c a t i o n   4 8 %   c o m p l e t e . V e r i f i c a t i o n   4 9 %   c o m p l e t e . V e r i f i c a t i o n   4 9 %   c o m p l e t e . V e r i f i c a t i o n   5 0 %   c o m p l e t e . V e r i f i c a t i o n   5 1 %   c o m p l e t e . V e r i f i c a t i o n   5 1 %   c o m p l e t e . V e r i f i c a t i o n   5 2 %   c o m p l e t e . V e r i f i c a t i o n   5 2 %   c o m p l e t e . V e r i f i c a t i o n   5 3 %   c o m p l e t e . V e r i f i c a t i o n   5 4 %   c o m p l e t e . V e r i f i c a t i o n   5 4 %   c o m p l e t e . V e r i f i c a t i o n   5 5 %   c o m p l e t e . V e r i f i c a t i o n   5 5 %   c o m p l e t e . V e r i f i c a t i o n   5 6 %   c o m p l e t e . V e r i f i c a t i o n   5 7 %   c o m p l e t e . V e r i f i c a t i o n   5 7 %   c o m p l e t e . V e r i f i c a t i o n   5 8 %   c o m p l e t e . V e r i f i c a t i o n   5 8 %   c o m p l e t e . V e r i f i c a t i o n   5 9 %   c o m p l e t e . V e r i f i c a t i o n   6 0 %   c o m p l e t e . V e r i f i c a t i o n   6 0 %   c o m p l e t e . V e r i f i c a t i o n   6 1 %   c o m p l e t e . V e r i f i c a t i o n   6 1 %   c o m p l e t e . V e r i f i c a t i o n   6 2 %   c o m p l e t e . V e r i f i c a t i o n   6 3 %   c o m p l e t e . V e r i f i c a t i o n   6 3 %   c o m p l e t e . V e r i f i c a t i o n   6 4 %   c o m p l e t e . V e r i f i c a t i o n   6 5 %   c o m p l e t e . V e r i f i c a t i o n   6 5 %   c o m p l e t e . V e r i f i c a t i o n   6 6 %   c o m p l e t e . V e r i f i c a t i o n   6 6 %   c o m p l e t e . V e r i f i c a t i o n   6 7 %   c o m p l e t e . V e r i f i c a t i o n   6 8 %   c o m p l e t e . V e r i f i c a t i o n   6 8 %   c o m p l e t e . V e r i f i c a t i o n   6 9 %   c o m p l e t e . V e r i f i c a t i o n   6 9 %   c o m p l e t e . V e r i f i c a t i o n   7 0 %   c o m p l e t e . V e r i f i c a t i o n   7 1 %   c o m p l e t e . V e r i f i c a t i o n   7 1 %   c o m p l e t e . V e r i f i c a t i o n   7 2 %   c o m p l e t e . V e r i f i c a t i o n   7 2 %   c o m p l e t e . V e r i f i c a t i o n   7 3 %   c o m p l e t e . V e r i f i c a t i o n   7 4 %   c o m p l e t e . V e r i f i c a t i o n   7 4 %   c o m p l e t e . V e r i f i c a t i o n   7 5 %   c o m p l e t e . V e r i f i c a t i o n   7 5 %   c o m p l e t e . V e r i f i c a t i o n   7 6 %   c o m p l e t e . V e r i f i c a t i o n   7 7 %   c o m p l e t e . V e r i f i c a t i o n   7 7 %   c o m p l e t e . V e r i f i c a t i o n   7 8 %   c o m p l e t e . V e r i f i c a t i o n   7 8 %   c o m p l e t e . V e r i f i c a t i o n   7 9 %   c o m p l e t e . V e r i f i c a t i o n   8 0 %   c o m p l e t e . V e r i f i c a t i o n   8 0 %   c o m p l e t e . V e r i f i c a t i o n   8 1 %   c o m p l e t e . V e r i f i c a t i o n   8 1 %   c o m p l e t e . V e r i f i c a t i o n   8 2 %   c o m p l e t e . V e r i f i c a t i o n   8 3 %   c o m p l e t e . V e r i f i c a t i o n   8 3 %   c o m p l e t e . V e r i f i c a t i o n   8 4 %   c o m p l e t e . V e r i f i c a t i o n   8 4 %   c o m p l e t e . V e r i f i c a t i o n   8 5 %   c o m p l e t e . V e r i f i c a t i o n   8 6 %   c o m p l e t e . V e r i f i c a t i o n   8 6 %   c o m p l e t e . V e r i f i c a t i o n   8 7 %   c o m p l e t e . V e r i f i c a t i o n   8 7 %   c o m p l e t e . V e r i f i c a t i o n   8 8 %   c o m p l e t e . V e r i f i c a t i o n   8 9 %   c o m p l e t e . V e r i f i c a t i o n   8 9 %   c o m p l e t e . V e r i f i c a t i o n   9 0 %   c o m p l e t e . V e r i f i c a t i o n   9 0 %   c o m p l e t e . V e r i f i c a t i o n   9 1 %   c o m p l e t e . V e r i f i c a t i o n   9 2 %   c o m p l e t e . V e r i f i c a t i o n   9 2 %   c o m p l e t e . V e r i f i c a t i o n   9 3 %   c o m p l e t e . V e r i f i c a t i o n   9 3 %   c o m p l e t e . V e r i f i c a t i o n   9 4 %   c o m p l e t e . V e r i f i c a t i o n   9 5 %   c o m p l e t e . V e r i f i c a t i o n   9 5 %   c o m p l e t e . V e r i f i c a t i o n   9 6 %   c o m p l e t e . V e r i f i c a t i o n   9 6 %   c o m p l e t e . V e r i f i c a t i o n   9 7 %   c o m p l e t e . V e r i f i c a t i o n   9 8 %   c o m p l e t e . V e r i f i c a t i o n   9 8 %   c o m p l e t e . V e r i f i c a t i o n   9 9 %   c o m p l e t e . V e r i f i c a t i o n   9 9 %   c o m p l e t e . V e r i f i c a t i o n   1 0 0 %   c o m p l e t e . 
 
 
 
 
 W i n d o w s   R e s o u r c e   P r o t e c t i o n   f o u n d   c o r r u p t   f i l e s   a n d   s u c c e s s f u l l y   r e p a i r e d   
 
 
 t h e m .   D e t a i l s   a r e   i n c l u d e d   i n   t h e   C B S . L o g   w i n d i r \ L o g s \ C B S \ C B S . l o g .   F o r   
 
 
 e x a m p l e   C : \ W i n d o w s \ L o g s \ C B S \ C B S . l o g .   N o t e   t h a t   l o g g i n g   i s   c u r r e n t l y   n o t   
 
 
 s u p p o r t e d   i n   o f f l i n e   s e r v i c i n g   s c e n a r i o s . 
 
 
 
 
 
 T h e   s y s t e m   f i l e   r e p a i r   c h a n g e s   w i l l   t a k e   e f f e c t   a f t e r   t h e   n e x t   r e b o o t . 
 
 
  
 
 = = = = = = = = =   E n d   o f   C M D :   = = = = = = = = = 
 
 
 
 " H K L M \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s   N T \ C u r r e n t V e r s i o n \ S c h e d u l e \ T a s k C a c h e \ L o g o n \ { 2 4 4 4 3 E 0 4 - 5 3 F 6 - 4 C 0 9 - B 2 C 0 - B 5 F C E E A 3 4 3 4 0 } "   = >   k e y   r e m o v e d   s u c c e s s f u l l y 
 
 " H K L M \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s   N T \ C u r r e n t V e r s i o n \ S c h e d u l e \ T a s k C a c h e \ T a s k s \ { 2 4 4 4 3 E 0 4 - 5 3 F 6 - 4 C 0 9 - B 2 C 0 - B 5 F C E E A 3 4 3 4 0 } "   = >   k e y   r e m o v e d   s u c c e s s f u l l y 
 
 " H K L M \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s   N T \ C u r r e n t V e r s i o n \ S c h e d u l e \ T a s k C a c h e \ T r e e \ R t H D V B g "   = >   k e y   r e m o v e d   s u c c e s s f u l l y 
 
 " H K L M \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s   N T \ C u r r e n t V e r s i o n \ S c h e d u l e \ T a s k C a c h e \ L o g o n \ { 2 6 5 0 F 7 6 B - A 8 0 4 - 4 5 C 4 - 8 3 C 0 - 8 3 D 5 C 3 2 0 D 9 A A } "   = >   k e y   r e m o v e d   s u c c e s s f u l l y 
 
 " H K L M \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s   N T \ C u r r e n t V e r s i o n \ S c h e d u l e \ T a s k C a c h e \ T a s k s \ { 2 6 5 0 F 7 6 B - A 8 0 4 - 4 5 C 4 - 8 3 C 0 - 8 3 D 5 C 3 2 0 D 9 A A } "   = >   k e y   r e m o v e d   s u c c e s s f u l l y 
 
 " H K L M \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s   N T \ C u r r e n t V e r s i o n \ S c h e d u l e \ T a s k C a c h e \ T r e e \ G o o g l e U p d a t e T a s k M a c h i n e C o r e "   = >   k e y   r e m o v e d   s u c c e s s f u l l y 
 
 " H K L M \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s   N T \ C u r r e n t V e r s i o n \ S c h e d u l e \ T a s k C a c h e \ L o g o n \ { 5 7 B 4 2 E 6 5 - B 2 3 3 - 4 8 0 3 - 8 2 3 B - 4 D 2 E C 1 4 D 9 E 1 A } "   = >   k e y   r e m o v e d   s u c c e s s f u l l y 
 
 " H K L M \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s   N T \ C u r r e n t V e r s i o n \ S c h e d u l e \ T a s k C a c h e \ T a s k s \ { 5 7 B 4 2 E 6 5 - B 2 3 3 - 4 8 0 3 - 8 2 3 B - 4 D 2 E C 1 4 D 9 E 1 A } "   = >   k e y   r e m o v e d   s u c c e s s f u l l y 
 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\biQfrLT2d54u" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{585309DE-9383-4969-8689-3293B906CD5B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{585309DE-9383-4969-8689-3293B906CD5B}" => key removed successfully
C:\Windows\System32\Tasks\psv_iztw4nzb => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psv_iztw4nzb" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5AE2CA1F-ED8A-413F-B6F7-468C5D5E9D7F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5AE2CA1F-ED8A-413F-B6F7-468C5D5E9D7F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RtHDVBg_ListenToDevice" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B03D56A2-2733-4D0F-86E1-ECCD1F26103A}" => key removed successfully
 " H K L M \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s   N T \ C u r r e n t V e r s i o n \ S c h e d u l e \ T a s k C a c h e \ T a s k s \ { B 0 3 D 5 6 A 2 - 2 7 3 3 - 4 D 0 F - 8 6 E 1 - E C C D 1 F 2 6 1 0 3 A } "   = >   k e y   r e m o v e d   s u c c e s s f u l l y 
 
 " H K L M \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s   N T \ C u r r e n t V e r s i o n \ S c h e d u l e \ T a s k C a c h e \ T r e e \ G o o g l e U p d a t e T a s k M a c h i n e U A "   = >   k e y   r e m o v e d   s u c c e s s f u l l y 
 
 " H K L M \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s   N T \ C u r r e n t V e r s i o n \ S c h e d u l e \ T a s k C a c h e \ L o g o n \ { C D 0 A 9 F A 7 - 0 9 5 F - 4 2 2 C - 9 7 4 7 - D C 0 D 2 4 B 1 C 3 A A } "   = >   k e y   r e m o v e d   s u c c e s s f u l l y 
 
 " H K L M \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s   N T \ C u r r e n t V e r s i o n \ S c h e d u l e \ T a s k C a c h e \ T a s k s \ { C D 0 A 9 F A 7 - 0 9 5 F - 4 2 2 C - 9 7 4 7 - D C 0 D 2 4 B 1 C 3 A A } "   = >   k e y   r e m o v e d   s u c c e s s f u l l y 
 
 C : \ W i n d o w s \ S y s t e m 3 2 \ T a s k s \ D D G C U A F Q O N Y A R C N Q   = >   m o v e d   s u c c e s s f u l l y 
 
 " H K L M \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s   N T \ C u r r e n t V e r s i o n \ S c h e d u l e \ T a s k C a c h e \ T r e e \ D D G C U A F Q O N Y A R C N Q "   = >   k e y   r e m o v e d   s u c c e s s f u l l y 
 
 C : \ P r o g r a m D a t a \ S e r v i c e 1 2 9 1   = >   m o v e d   s u c c e s s f u l l y 
 
 " H K L M \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s   N T \ C u r r e n t V e r s i o n \ S c h e d u l e \ T a s k C a c h e \ P l a i n \ { C E 8 8 B B 5 4 - C 4 4 0 - 4 8 9 1 - A B 3 6 - 3 E 9 0 4 3 F 4 3 3 6 7 } "   = >   k e y   r e m o v e d   s u c c e s s f u l l y 
 
 " H K L M \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s   N T \ C u r r e n t V e r s i o n \ S c h e d u l e \ T a s k C a c h e \ T a s k s \ { C E 8 8 B B 5 4 - C 4 4 0 - 4 8 9 1 - A B 3 6 - 3 E 9 0 4 3 F 4 3 3 6 7 } "   = >   k e y   r e m o v e d   s u c c e s s f u l l y 
 
 " H K L M \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s   N T \ C u r r e n t V e r s i o n \ S c h e d u l e \ T a s k C a c h e \ T r e e \ C C l e a n e r S k i p U A C "   = >   k e y   r e m o v e d   s u c c e s s f u l l y 
 
 " H K L M \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s   N T \ C u r r e n t V e r s i o n \ S c h e d u l e \ T a s k C a c h e \ L o g o n \ { D D C 9 9 E 7 9 - 7 4 A B - 4 7 A 3 - 9 9 D D - B A E A 4 A C 7 8 F 6 0 } "   = >   k e y   r e m o v e d   s u c c e s s f u l l y 
 
 " H K L M \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s   N T \ C u r r e n t V e r s i o n \ S c h e d u l e \ T a s k C a c h e \ T a s k s \ { D D C 9 9 E 7 9 - 7 4 A B - 4 7 A 3 - 9 9 D D - B A E A 4 A C 7 8 F 6 0 } "   = >   k e y   r e m o v e d   s u c c e s s f u l l y 
 
 C : \ W i n d o w s \ S y s t e m 3 2 \ T a s k s \ K G Z O N 1   = >   m o v e d   s u c c e s s f u l l y 
 
 " H K L M \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s   N T \ C u r r e n t V e r s i o n \ S c h e d u l e \ T a s k C a c h e \ T r e e \ K G Z O N 1 "   = >   k e y   r e m o v e d   s u c c e s s f u l l y 
 
 " C : \ P r o g r a m D a t a \ F l a s h B e a t "   = >   F i l e / F o l d e r   n o t   f o u n d . 
 
 " H K L M \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s   N T \ C u r r e n t V e r s i o n \ S c h e d u l e \ T a s k C a c h e \ L o g o n \ { E 7 A C 4 5 B 6 - 4 1 F A - 4 9 3 A - 9 0 1 B - 2 2 8 C D D C F 7 9 4 7 } "   = >   k e y   r e m o v e d   s u c c e s s f u l l y 
 
 " H K L M \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s   N T \ C u r r e n t V e r s i o n \ S c h e d u l e \ T a s k C a c h e \ T a s k s \ { E 7 A C 4 5 B 6 - 4 1 F A - 4 9 3 A - 9 0 1 B - 2 2 8 C D D C F 7 9 4 7 } "   = >   k e y   r e m o v e d   s u c c e s s f u l l y 
 
 " H K L M \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s   N T \ C u r r e n t V e r s i o n \ S c h e d u l e \ T a s k C a c h e \ T r e e \ i B R u G W M 7 X j i b z Y K t K t S H o c z L g c 0 "   = >   k e y   r e m o v e d   s u c c e s s f u l l y 
 
 " H K L M \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s   N T \ C u r r e n t V e r s i o n \ S c h e d u l e \ T a s k C a c h e \ L o g o n \ { E 7 C 6 E A 8 D - 8 6 9 3 - 4 2 3 9 - A 9 C 9 - B 6 A 6 0 A C 3 4 F 3 0 } "   = >   k e y   r e m o v e d   s u c c e s s f u l l y 
 
 " H K L M \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s   N T \ C u r r e n t V e r s i o n \ S c h e d u l e \ T a s k C a c h e \ T a s k s \ { E 7 C 6 E A 8 D - 8 6 9 3 - 4 2 3 9 - A 9 C 9 - B 6 A 6 0 A C 3 4 F 3 0 } "   = >   k e y   r e m o v e d   s u c c e s s f u l l y 
 
 " H K L M \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s   N T \ C u r r e n t V e r s i o n \ S c h e d u l e \ T a s k C a c h e \ T r e e \ R T K C P L "   = >   k e y   r e m o v e d   s u c c e s s f u l l y 
 
 " H K L M \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s   N T \ C u r r e n t V e r s i o n \ S c h e d u l e \ T a s k C a c h e \ L o g o n \ { F 2 5 F 0 3 D 9 - D 3 B 6 - 4 5 E 6 - A E 9 C - A 9 6 2 B 1 E 6 4 4 C F } "   = >   k e y   r e m o v e d   s u c c e s s f u l l y 
 
 " H K L M \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s   N T \ C u r r e n t V e r s i o n \ S c h e d u l e \ T a s k C a c h e \ T a s k s \ { F 2 5 F 0 3 D 9 - D 3 B 6 - 4 5 E 6 - A E 9 C - A 9 6 2 B 1 E 6 4 4 C F } "   = >   k e y   r e m o v e d   s u c c e s s f u l l y 
 
 " H K L M \ S O F T W A R E \ M i c r o s o f t \ W i n d o w s   N T \ C u r r e n t V e r s i o n \ S c h e d u l e \ T a s k C a c h e \ T r e e \ A S U S   S m a r t   G e s t u r e   L a u n c h e r "   = >   k e y   r e m o v e d   s u c c e s s f u l l y 
 
 C : \ W i n d o w s \ T a s k s \ b i Q f r L T 2 d 5 4 u . j o b   = >   m o v e d   s u c c e s s f u l l y 
 
 C : \ W i n d o w s \ T a s k s \ D D G C U A F Q O N Y A R C N Q . j o b   = >   m o v e d   s u c c e s s f u l l y 
 
 C : \ W i n d o w s \ T a s k s \ i B R u G W M 7 X j i b z Y K t K t S H o c z L g c 0 . j o b   = >   m o v e d   s u c c e s s f u l l y 
 
 C : \ W i n d o w s \ T a s k s \ K G Z O N 1 . j o b   = >   m o v e d   s u c c e s s f u l l y 
 
 " H K L M \ S o f t w a r e \ M o z i l l a P l u g i n s \ @ i q i y i . c o m / n p c l i e n t "   = >   k e y   r e m o v e d   s u c c e s s f u l l y 
 
 " H K L M \ S o f t w a r e \ M o z i l l a P l u g i n s \ @ i q i y i . c o m / n p W e b P l a y e r "   = >   k e y   r e m o v e d   s u c c e s s f u l l y 
 
 C : \ P r o g r a m D a t a \ E 1 8 6 4 A 6 6 - 7 5 E 3 - 4 8 6 a - B D 9 5 - D 1 B 7 D 9 9 A 8 4 A 7   = >   m o v e d   s u c c e s s f u l l y 
 
 C : \ U s e r s \ P u b l i c \ Q i Y i   = >   m o v e d   s u c c e s s f u l l y 
 
 C : \ U s e r s \ g r e g t i n d e r 1 9 8 8 \ A p p D a t a \ R o a m i n g \ O p e r a   S o f t w a r e   = >   m o v e d   s u c c e s s f u l l y 
 
 C : \ U s e r s \ g r e g t i n d e r 1 9 8 8 \ A p p D a t a \ L o c a l \ O p e r a   S o f t w a r e   = >   m o v e d   s u c c e s s f u l l y 
 
 C : \ P r o g r a m D a t a \ I c y C a r j e   = >   m o v e d   s u c c e s s f u l l y 
 
 C : \ U s e r s \ P u b l i c \ D o c u m e n t s \ B a i d u   = >   m o v e d   s u c c e s s f u l l y 
 
 H K L M \ S Y S T E M \ C u r r e n t C o n t r o l S e t \ s e r v i c e s \ S h a r e d A c c e s s \ P a r a m e t e r s \ F i r e w a l l P o l i c y \ F i r e w a l l R u l e s \ \ { C 3 9 D 4 5 8 C - 6 0 F 0 - 4 9 6 A - a 7 8 3 - F A 7 A 3 9 0 B A F A 9 }   = >   v a l u e   r e m o v e d   s u c c e s s f u l l y 
 
 H K L M \ S Y S T E M \ C u r r e n t C o n t r o l S e t \ s e r v i c e s \ S h a r e d A c c e s s \ P a r a m e t e r s \ F i r e w a l l P o l i c y \ F i r e w a l l R u l e s \ \ { 8 A 6 1 E C C 7 - A 2 C 0 - 4 3 A 8 - A 8 D D - E A 0 3 7 4 3 E 7 9 D 9 }   = >   v a l u e   r e m o v e d   s u c c e s s f u l l y 
 
 H K L M \ S Y S T E M \ C u r r e n t C o n t r o l S e t \ s e r v i c e s \ S h a r e d A c c e s s \ P a r a m e t e r s \ F i r e w a l l P o l i c y \ F i r e w a l l R u l e s \ \ { 3 2 7 7 9 8 A 4 - D 9 B 5 - 4 C B B - A 8 E 2 - 2 9 1 4 C 8 E C C 6 6 F }   = >   v a l u e   r e m o v e d   s u c c e s s f u l l y 
 
 H K L M \ S Y S T E M \ C u r r e n t C o n t r o l S e t \ s e r v i c e s \ S h a r e d A c c e s s \ P a r a m e t e r s \ F i r e w a l l P o l i c y \ F i r e w a l l R u l e s \ \ { 7 1 C C 9 D 2 9 - 6 A 7 4 - 4 B 4 4 - A 8 2 3 - 4 4 7 3 2 9 1 5 1 4 E B }   = >   v a l u e   r e m o v e d   s u c c e s s f u l l y 
 
 H K L M \ S Y S T E M \ C u r r e n t C o n t r o l S e t \ s e r v i c e s \ S h a r e d A c c e s s \ P a r a m e t e r s \ F i r e w a l l P o l i c y \ F i r e w a l l R u l e s \ \ { 6 A 8 A A 8 2 A - E 5 8 0 - 4 E E 2 - 9 5 9 E - F 6 0 6 C 1 E 6 E D 5 4 }   = >   v a l u e   r e m o v e d   s u c c e s s f u l l y 
 
 C o u l d   n o t   m o v e   " C : \ W i n d o w s \ s y s t e m 3 2 \ D r i v e r s \ c h e r i m o y a . s y s "   = >   S c h e d u l e d   t o   m o v e   o n   r e b o o t . 
 
 
 
 R e s u l t   o f   s c h e d u l e d   f i l e s   t o   m o v e   ( B o o t   M o d e :   N o r m a l )   ( D a t e & T i m e :   2 0 1 5 - 0 9 - 1 5   1 8 : 5 6 : 3 6 ) < = 
 
 
 
 " C : \ W i n d o w s \ s y s t e m 3 2 \ D r i v e r s \ c h e r i m o y a . s y s "   = >   C o u l d   n o t   m o v e 
 
 
 
 = = = =   E n d   o f   F i x l o g   1 8 : 5 6 : 3 7   = = = =

Emsisoft Emergency Kit - Version 10.0
Last update: 15/09/2015 19:17:04
User account: WIN-JB8A7APJU9F\gregtinder1988
 
Scan settings:
 
Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files
 
Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 15/09/2015 19:21:09
C:\Program Files (x86)\Super Optimizer detected: Application.InstallOpt (A)
C:\Users\gregtinder1988\AppData\Local\Temp\supoptsetup.exe detected: Application.InstallOpt (A)
Key: HKEY_USERS\S-1-5-21-1997882694-1096448110-3519574286-1000\SOFTWARE\SUPER OPTIMIZER detected: Application.InstallOpt (A)
C:\ProgramData\toolsupdateplatform detected: Application.Toolbar (A)
C:\Users\gregtinder1988\AppData\Roaming\super optimizer detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.AC3\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.AMR\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.AMV\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.APE\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.ASS\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.BIK\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.CSF\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.F4V\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.FLAC\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.FLV\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.GPLF\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.IDX\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MKV\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MP5\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MPC\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.OGG\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.OGM\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.PFV\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.PMF\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.PMP\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.PVA\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.QSV\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.QT\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.RA\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.RAM\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.RM\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.RMVB\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.SRT\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.SSA\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.SUB\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.TP\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.TTA\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.3G2\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.3GP\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.3GP2\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.3GPP\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.AAC\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.AIF\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.AIFF\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.ASF\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.ASX\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.AVI\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.CDA\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.DVR-MS\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.M2TS\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.M4A\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.M4B\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.M4P\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.M4V\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MID\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MIDI\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MOD\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MOV\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MP2\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MP3\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MP4\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MPE\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MPEG\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MPG\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.RMI\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.TS\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.VOB\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.WM\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.WMA\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.WMV\OPENWITHLIST\GEEPLAYER.EXE detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\GEEPLAYER.DIR detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{F3D0D36F-23F8-4682-A195-74C92B03D4AF} detected: Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SU detected: Application.Toolbar (A)
Key: HKEY_USERS\S-1-5-21-1997882694-1096448110-3519574286-1000\SOFTWARE\PPSTREAM detected: Application.Toolbar (A)
C:\Windows\system32\drivers\bsdriver.sys detected: Application.AdSearch (A)
C:\Windows\system32\drivers\cherimoya.sys detected: Application.AdSearch (A)
C:\Users\gregtinder1988\AppData\Local\nsfD22.tmp detected: Application.Win32.AdProtect (A)
C:\Users\gregtinder1988\AppData\Local\Temp\DVQAF31.exe detected: Gen:Variant.Adware.Kazy.721855 (B)
 
Scanned 73149
Found 78
 
Scan end: 15/09/2015 19:30:22
Scan time: 0:09:13
 
C:\Users\gregtinder1988\AppData\Local\Temp\DVQAF31.exe Quarantined Gen:Variant.Adware.Kazy.721855 (B)
C:\Users\gregtinder1988\AppData\Local\nsfD22.tmp Quarantined Application.Win32.AdProtect (A)
Key: HKEY_USERS\S-1-5-21-1997882694-1096448110-3519574286-1000\SOFTWARE\PPSTREAM Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SU Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{F3D0D36F-23F8-4682-A195-74C92B03D4AF} Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\GEEPLAYER.DIR Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.WMV\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.WMA\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.WM\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.VOB\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.TS\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.RMI\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MPG\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MPEG\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MPE\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MP4\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MP3\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MP2\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MOV\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MOD\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MIDI\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MID\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.M4V\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.M4P\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.M4B\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.M4A\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.M2TS\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.DVR-MS\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.CDA\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.AVI\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.ASX\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.ASF\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.AIFF\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.AIF\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.AAC\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.3GPP\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.3GP2\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.3GP\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.3G2\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.TTA\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.TP\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.SUB\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.SSA\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.SRT\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.RMVB\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.RM\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.RAM\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.RA\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.QT\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.QSV\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.PVA\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.PMP\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.PMF\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.PFV\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.OGM\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.OGG\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MPC\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MP5\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.MKV\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.IDX\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.GPLF\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.FLV\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.FLAC\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.F4V\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.CSF\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.BIK\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.ASS\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.APE\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.AMV\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.AMR\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\.AC3\OPENWITHLIST\GEEPLAYER.EXE Quarantined Application.Toolbar (A)
C:\Users\gregtinder1988\AppData\Roaming\super optimizer Quarantined Application.Toolbar (A)
C:\ProgramData\toolsupdateplatform Quarantined Application.Toolbar (A)
Key: HKEY_USERS\S-1-5-21-1997882694-1096448110-3519574286-1000\SOFTWARE\SUPER OPTIMIZER Quarantined Application.InstallOpt (A)
C:\Users\gregtinder1988\AppData\Local\Temp\supoptsetup.exe Quarantined Application.InstallOpt (A)
C:\Program Files (x86)\Super Optimizer Quarantined Application.InstallOpt (A)
 
Quarantined 76

Thanks again 

 

Greg






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users