Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Defender found Rogue JS/TechBroloba.B and ESET online crashed


  • This topic is locked This topic is locked
42 replies to this topic

#1 Seanosborne66

Seanosborne66

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:25 PM

Posted 07 November 2016 - 02:46 PM

Windows Defender found this Trojan
 
Tried to use Malwarebytes but got BSOD and "MBAMSwissarmy.sys" error, page fault in non paged area
Tried to use MBAR but got BSOD and "MBAMSwissarmy.sys" error, page fault in non paged area
SPYBOT found rootkit activity but no option to clean up
ESET online scanner crashed but found 4 infections before crashing
 
Windows 10 insider preview 14959
i7-2600
Asus Essentio 6830

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-11-2016
Ran by avner (administrator) on DESKTOP-03BVFFK (07-11-2016 19:18:54)
Running from C:\Users\avner\Downloads
Loaded Profiles: avner (Available Profiles: avner)
Platform: Windows 10 Pro Insider Preview Version 1607 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(LaCie) C:\Program Files (x86)\LaCie\LaCie Desktop Manager\LaCieDesktopManagerDaemon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe
() C:\Program Files (x86)\Common Files\Appkeys\yytool64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(BUFFALO INC.) C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Ransomware\MB3Service.exe
(Apple Inc.) C:\Program Files (x86)\AirPrint\airprint.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate_Media\Sync\MediaAggreService.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Ransomware\mbarw.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Google Inc.) C:\Users\avner\AppData\Local\Google\Update\GoogleUpdate.exe
(Google, Inc) C:\Users\avner\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\ScanToPCActivationApp.exe
(TomTom) C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(LaCie) C:\Program Files (x86)\LaCie\LaCie Desktop Manager\LaCie Desktop Manager.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Audible, Inc.) C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(BUFFALO INC.) C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe
(Panasonic Corporation) C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Seagate LLC) C:\Program Files (x86)\Seagate\Seagate_Media\AgrregationStatus\stxmediamenumgr.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe
(Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [666896 2016-10-27] (Microsoft Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\nvspcap64.dll [1854008 2016-10-25] (NVIDIA Corporation)
HKLM\...\Run: [Malwarebytes Anti-Ransomware] => C:\Program Files\Malwarebytes\Anti-Ransomware\mbarw.exe [722896 2016-08-26] (Malwarebytes)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-11-01] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [1042912 2016-10-13] (DivX, LLC)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4127488 2015-06-16] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [FreeAgentTheaterTrayIcon] => C:\Program Files (x86)\Seagate\Seagate_Media\AgrregationStatus\StxMediaMenuMgr.exe [189480 2014-09-25] (Seagate LLC)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2651088 2016-10-28] (Malwarebytes Corporation)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-02-12] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [UpdReg] => C:\WINDOWS\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Sound Blaster Z-Series Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe [877056 2014-11-24] (Creative Technology Ltd)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist Corporate\1165\G2AWinLogon_x64.dll (Citrix Systems, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-997813710-3732513820-1655796302-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23818712 2016-10-12] (Google)
HKU\S-1-5-21-997813710-3732513820-1655796302-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-10-05] (Apple Inc.)
HKU\S-1-5-21-997813710-3732513820-1655796302-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2016-10-05] (Apple Inc.)
HKU\S-1-5-21-997813710-3732513820-1655796302-1001\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1084688 2016-04-21] (Apple Inc.)
HKU\S-1-5-21-997813710-3732513820-1655796302-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2016-10-05] (Apple Inc.)
HKU\S-1-5-21-997813710-3732513820-1655796302-1001\...\Run: [Google Update] => C:\Users\avner\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-11] (Google Inc.)
HKU\S-1-5-21-997813710-3732513820-1655796302-1001\...\Run: [Google Photos Backup] => C:\Users\avner\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3790936 2016-04-08] (Google, Inc)
HKU\S-1-5-21-997813710-3732513820-1655796302-1001\...\Run: [BF70A8F512A0992E29A6DBF2AEAE761D5A8BE133._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [921704 2016-10-20] (Google Inc.)
HKU\S-1-5-21-997813710-3732513820-1655796302-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2016-10-05] (Apple Inc.)
HKU\S-1-5-21-997813710-3732513820-1655796302-1001\...\Run: [HP Photosmart Plus B210 series (NET)] => C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-997813710-3732513820-1655796302-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-997813710-3732513820-1655796302-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8944344 2016-09-28] (Piriform Ltd)
HKU\S-1-5-21-997813710-3732513820-1655796302-1001\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe [2104096 2016-08-26] (TomTom)
HKU\S-1-5-21-997813710-3732513820-1655796302-1001\...\Run: [GoogleChromeAutoLaunch_3EC916FF6E54D03168B219937167F3CC] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [921704 2016-10-20] (Google Inc.)
HKU\S-1-5-21-997813710-3732513820-1655796302-1001\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [12527088 2016-11-04] (Plex, Inc.)
HKU\S-1-5-21-997813710-3732513820-1655796302-1001\...\Run: [LaCie Desktop Manager 2 Startup] => C:\Program Files (x86)\LaCie\LaCie Desktop Manager\LaCie Desktop Manager.exe [872736 2015-10-26] (LaCie)
HKU\S-1-5-21-997813710-3732513820-1655796302-1001\...\MountPoints2: {96d19992-3d83-11e5-acd2-806e6f6e6963} - "K:\Audio\setup.exe"
HKU\S-1-5-21-997813710-3732513820-1655796302-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [810496 2016-10-27] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [12527088 2016-11-04] (Plex, Inc.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-10-12] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-10-12] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-10-12] (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk [2016-04-24]
ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BUFFALO NAS Navigator2.lnk [2016-09-22]
ShortcutTarget: BUFFALO NAS Navigator2.lnk -> C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe (Buffalo Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NAS Scheduler.lnk [2016-09-22]
ShortcutTarget: NAS Scheduler.lnk -> C:\Program Files (x86)\BUFFALO\NASNAVI\nassche.exe (BUFFALO INC.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 9.6 PE.lnk [2016-07-07]
ShortcutTarget: PHOTOfunSTUDIO 9.6 PE.lnk -> C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)
Startup: C:\Users\avner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart Plus B210 series (Network).lnk [2016-02-07]
ShortcutTarget: Monitor Ink Alerts - HP Photosmart Plus B210 series (Network).lnk -> C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
GroupPolicy: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4ef9a330-e225-4142-82a0-2012155e2365}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{612b9bae-e9f4-41e1-9715-7b676a562de9}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a8996f2d-ce25-4b6b-80ab-1b09f8265b97}: [DhcpNameServer] 172.20.10.1

Internet Explorer:
==================
HKU\S-1-5-21-997813710-3732513820-1655796302-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-997813710-3732513820-1655796302-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-gb/?pc=UE01&ocid=UE01DHP
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-10-21] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-10-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-21] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-21] (Oracle Corporation)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-21] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-21] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-21] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-21] (Microsoft Corporation)

Edge:
======
Edge Extension: (NAME) -> hdokiejnpimakedhajhdlcegeplioahd_LastPassLastPassFreePasswordManager_qq0fmhteeht3j => C:\Program Files\WindowsApps\LastPass.LastPassFreePasswordManager_4.1.29.0_neutral__qq0fmhteeht3j [2016-10-11]

FireFox:
========
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2016-09-27] (DivX, LLC)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-08-26] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-10-21] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-10-25] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-10-25] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-997813710-3732513820-1655796302-1001: @citrixonline.com/appdetectorplugin -> C:\Users\avner\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-08-18] (Citrix Online)
FF Plugin HKU\S-1-5-21-997813710-3732513820-1655796302-1001: @tools.google.com/Google Update;version=3 -> C:\Users\avner\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-997813710-3732513820-1655796302-1001: @tools.google.com/Google Update;version=9 -> C:\Users\avner\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)

Chrome:
=======
CHR Profile: C:\Users\avner\AppData\Local\Google\Chrome\User Data\Default [2016-11-06]
CHR Extension: (Google Docs) - C:\Users\avner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-16]
CHR Extension: (Google Drive) - C:\Users\avner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\avner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (Google Cast) - C:\Users\avner\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-03-25]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\avner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2016-08-12]
CHR Extension: (Google Search) - C:\Users\avner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30]
CHR Extension: (Google Sheets) - C:\Users\avner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-16]
CHR Extension: (PDF Compressor - Smallpdf.com) - C:\Users\avner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gealeehfjeflamgnohlhabaefbfjfjgc [2015-09-27]
CHR Extension: (Google Docs Offline) - C:\Users\avner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-20]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\avner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-09-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\avner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-08]
CHR Extension: (Gmail) - C:\Users\avner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-16]
CHR Extension: (Chrome Media Router) - C:\Users\avner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-04]
CHR HKU\S-1-5-21-997813710-3732513820-1655796302-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AirPrint; C:\Program Files (x86)\AirPrint\airprint.exe [234784 2010-10-07] (Apple Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3291848 2016-10-08] (Microsoft Corporation)
S3 Creative Media Toolbox 6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [79360 2016-10-21] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2012-10-08] (Creative Technology Ltd) [File not signed]
R2 CtHdaSvc; C:\WINDOWS\sysWow64\CtHdaSvc.exe [114176 2014-11-17] (Creative Technology Ltd)
S3 debugregsvc; C:\WINDOWS\System32\debugregsvc.dll [30208 2016-10-26] (Microsoft Corporation)
S3 DeveloperToolsService; C:\WINDOWS\System32\DeveloperToolsSvc.exe [108544 2016-10-26] (Microsoft Corporation)
R2 DusmSvc; C:\WINDOWS\System32\dusmsvc.dll [268288 2016-10-27] (Microsoft Corporation)
R2 FreeAgentTheater Service; C:\Program Files (x86)\Seagate\Seagate_Media\Sync\MediaAggreService.exe [243752 2014-09-25] (Seagate Technology LLC)
S3 GoToAssist; C:\Program Files (x86)\Citrix\GoToAssist Corporate\1165\G2AC_Service.exe [309720 2016-08-18] (Citrix Systems, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-15] (HP Inc.)
S3 IpxlatCfgSvc; C:\WINDOWS\System32\IpxlatCfg.dll [67584 2016-10-27] (Microsoft Corporation)
R2 LaCieDesktopManagerDaemon; C:\Program Files (x86)\LaCie\LaCie Desktop Manager\LaCieDesktopManagerDaemon.exe [1149728 2015-10-26] (LaCie)
R2 Leawo_service; C:\Program Files (x86)\Common Files\Appkeys\yytool64.exe [1114608 2013-12-12] ()
R2 MB3Service; C:\Program Files\Malwarebytes\Anti-Ransomware\MB3Service.exe [3291088 2016-08-26] (Malwarebytes)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [155088 2016-10-28] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 MixedRealityCapture; C:\WINDOWS\system32\MixedRealityCapture.exe [37888 2016-10-27] (Microsoft Corporation)
R2 NasPmService; C:\Program Files (x86)\BUFFALO\NASNAVI\nassvc.exe [245760 2013-11-21] (BUFFALO INC.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [458296 2016-10-25] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [458296 2016-10-25] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-10-25] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1165368 2016-10-25] (NVIDIA Corporation)
R2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [1897456 2016-11-04] (Plex, Inc.)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1750712 2015-06-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.)
S3 SEMgrSvc; C:\WINDOWS\system32\SEMgrSvc.dll [1161728 2016-10-27] (Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2981208 2016-10-27] (Microsoft Corporation)
S3 spectrum; C:\WINDOWS\system32\spectrum.exe [1293312 2016-10-27] (Microsoft Corporation)
S3 SshBroker; C:\WINDOWS\System32\SshBroker.dll [382976 2016-10-26] (Microsoft Corporation)
S3 SshProxy; C:\WINDOWS\System32\SshProxy.dll [298496 2016-10-26] (Microsoft Corporation)
S3 vmicguestinterface; C:\WINDOWS\System32\icsvc.dll [318464 2016-10-27] (Microsoft Corporation)
S3 vmicheartbeat; C:\WINDOWS\System32\icsvc.dll [318464 2016-10-27] (Microsoft Corporation)
S3 vmickvpexchange; C:\WINDOWS\System32\icsvc.dll [318464 2016-10-27] (Microsoft Corporation)
S3 vmicshutdown; C:\WINDOWS\System32\icsvc.dll [318464 2016-10-27] (Microsoft Corporation)
S3 vmictimesync; C:\WINDOWS\System32\icsvc.dll [318464 2016-10-27] (Microsoft Corporation)
S3 vmicvmsession; C:\WINDOWS\System32\icsvc.dll [318464 2016-10-27] (Microsoft Corporation)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [302968 2015-02-12] (Western Digital Technologies, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [349632 2016-10-27] (Microsoft Corporation)
S4 WebManagement; C:\WINDOWS\system32\WebManagement.exe [1079296 2016-10-26] (Microsoft Corporation)
S3 WFDSConMgrSvc; C:\WINDOWS\System32\wfdsconmgrsvc.dll [493568 2016-10-27] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [97032 2016-10-27] (Microsoft Corporation)
S3 wlpasvc; C:\WINDOWS\System32\lpasvc.dll [1196032 2016-10-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ASUSfilter; C:\WINDOWS\System32\drivers\ASUSfilter.sys [48384 2013-03-28] (MCCI Corporation)
S3 ASUSumsc; C:\WINDOWS\System32\drivers\ASUSumsc.sys [151808 2013-03-28] (MCCI Corporation)
R2 CldFlt; C:\WINDOWS\System32\drivers\cldflt.sys [407040 2016-10-27] (Microsoft Corporation)
R3 cthda; C:\WINDOWS\system32\drivers\cthda.sys [1065728 2014-11-17] (Creative Technology Ltd)
R3 cthdb; C:\WINDOWS\system32\DRIVERS\cthdb.sys [34048 2014-11-17] (Creative Technology Ltd)
S3 DSI_SiUSBXp_3_1; C:\WINDOWS\system32\drivers\DSI_SiUSBXp_3_1.sys [16384 2007-09-06] (Silicon Laboratories)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [77416 2016-10-28] ()
S3 mausbhost; C:\WINDOWS\System32\drivers\mausbhost.sys [262928 2016-10-27] (Microsoft Corporation)
S3 mausbip; C:\WINDOWS\System32\drivers\mausbip.sys [43792 2016-10-27] (Microsoft Corporation)
R0 MB3SwissArmy; C:\WINDOWS\System32\drivers\MB3SwissArmy.sys [228800 2016-11-07] (Malwarebytes)
R1 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [140672 2016-03-10] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [91072 2016-11-07] (Malwarebytes)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-11-07] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [91648 2016-10-27] (Microsoft Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_848dea456d3c865e\nvlddmkm.sys [14159928 2016-10-26] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2016-10-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47672 2016-10-25] (NVIDIA Corporation)
S3 pmem; C:\WINDOWS\System32\drivers\pmem.sys [98304 2016-10-27] (Microsoft Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [936192 2016-04-21] (Realtek )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [26384 2016-10-27] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [40768 2016-10-27] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [282896 2016-10-27] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119056 2016-10-27] (Microsoft Corporation)
S3 WinNat; C:\WINDOWS\System32\drivers\winnat.sys [206336 2016-10-27] (Microsoft Corporation)
S3 ZTEusbMB; C:\WINDOWS\System32\drivers\ZTEusbnmeaext2.sys [123264 2013-04-09] (ZTE Incorporated)
S3 ZTEusbnmeaext; C:\WINDOWS\System32\drivers\ZTEusbnmeaext.sys [123264 2013-04-09] (ZTE Incorporated)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-07 19:18 - 2016-11-07 19:22 - 00031851 _____ C:\Users\avner\Downloads\FRST.txt
2016-11-07 19:17 - 2016-11-07 19:18 - 00000000 ____D C:\FRST
2016-11-07 19:17 - 2016-11-07 19:17 - 02410496 _____ (Farbar) C:\Users\avner\Downloads\FRST64.exe
2016-11-07 19:07 - 2016-11-07 19:07 - 08867840 _____ C:\Users\avner\Downloads\SeaToolsDOS223ALL.ISO
2016-11-07 18:59 - 2016-11-07 18:59 - 00000000 ___HD C:\OneDriveTemp
2016-11-07 18:30 - 2016-11-07 18:30 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2016-11-07 18:30 - 2016-10-25 20:21 - 00106040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2016-11-07 18:30 - 2016-10-25 20:21 - 00095800 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2016-11-07 17:56 - 2016-11-07 18:10 - 00000000 ____D C:\Users\avner\Documents\SysnativeFileCollectionApp
2016-11-07 17:55 - 2016-11-07 17:56 - 00158720 _____ (Sysnative) C:\Users\avner\Downloads\SysnativeBSODCollectionApp.exe
2016-11-07 07:43 - 2016-11-07 07:43 - 00552084 _____ C:\WINDOWS\Minidump\110716-31937-01.dmp
2016-11-07 07:21 - 2016-11-07 07:21 - 00552012 _____ C:\WINDOWS\Minidump\110716-35875-01.dmp
2016-11-06 20:48 - 2016-11-06 20:48 - 06761600 _____ (ESET spol. s r.o.) C:\Users\avner\Downloads\esetonlinescanner_enu (2).exe
2016-11-06 18:26 - 2016-10-26 20:15 - 01079296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebManagement.exe
2016-11-06 18:26 - 2016-10-26 20:13 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\debugregsvcapi.dll
2016-11-06 18:26 - 2016-10-26 20:13 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperTools.ProxyStub.dll
2016-11-06 18:26 - 2016-10-26 20:12 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevToolsLauncher.exe
2016-11-06 18:26 - 2016-10-26 20:12 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeployUtil.exe
2016-11-06 18:26 - 2016-10-26 20:10 - 00454144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdp.dll
2016-11-06 18:26 - 2016-10-26 20:10 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\debugregsvc.dll
2016-11-06 18:26 - 2016-10-26 20:09 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperToolsSvc.exe
2016-11-06 18:26 - 2016-10-26 20:08 - 00382976 _____ (Microsoft Corporation) C:\WINDOWS\system32\SshBroker.dll
2016-11-06 18:26 - 2016-10-26 20:08 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SshProxy.dll
2016-11-06 18:26 - 2016-10-26 20:07 - 00537088 _____ (Microsoft Corporation) C:\WINDOWS\system32\SshSession.exe
2016-11-06 18:26 - 2016-10-26 20:07 - 00457216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SshSftp.exe
2016-11-06 18:04 - 2016-11-06 18:04 - 06761600 _____ (ESET spol. s r.o.) C:\Users\avner\Downloads\esetonlinescanner_enu (1).exe
2016-11-06 17:49 - 2016-11-06 17:50 - 00571340 _____ C:\WINDOWS\Minidump\110616-28265-01.dmp
2016-11-06 17:42 - 2016-11-06 17:42 - 22851472 _____ (Malwarebytes ) C:\Users\avner\Downloads\mbam-setup-2.2.1.1043.exe
2016-11-06 17:42 - 2016-11-06 17:42 - 00001175 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-11-06 17:42 - 2016-11-06 17:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-11-06 17:42 - 2016-11-06 17:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-11-06 17:42 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-11-06 17:42 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-11-06 17:22 - 2016-11-06 17:22 - 06761600 _____ (ESET spol. s r.o.) C:\Users\avner\Downloads\esetonlinescanner_enu.exe
2016-11-06 17:22 - 2016-11-06 17:22 - 00000000 ____D C:\Users\avner\AppData\Local\ESET
2016-11-06 12:51 - 2016-11-06 12:52 - 00553676 _____ C:\WINDOWS\Minidump\110616-27906-01.dmp
2016-11-06 12:50 - 2016-11-06 17:42 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-11-06 12:49 - 2016-11-07 18:57 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-11-06 12:49 - 2016-11-07 07:42 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-11-06 12:48 - 2016-11-06 12:48 - 00000000 ____D C:\Users\avner\Desktop\mbar
2016-11-06 12:48 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-11-06 12:47 - 2016-11-06 12:47 - 16563352 _____ (Malwarebytes Corp.) C:\Users\avner\Downloads\mbar-1.09.3.1001.exe
2016-11-06 12:38 - 2016-11-06 12:38 - 00566128 _____ (Malwarebytes) C:\Users\avner\Downloads\mbam-clean-2.3.0.1001.exe
2016-11-06 12:31 - 2016-11-06 12:31 - 00552348 _____ C:\WINDOWS\Minidump\110616-30812-01.dmp
2016-11-06 12:07 - 2016-11-06 12:07 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\avner\Downloads\mbam-setup-1.75.0.1300.exe
2016-11-06 11:40 - 2016-11-06 11:41 - 00571388 _____ C:\WINDOWS\Minidump\110616-29234-01.dmp
2016-11-06 10:21 - 2016-11-07 07:43 - 942434867 _____ C:\WINDOWS\MEMORY.DMP
2016-11-06 10:21 - 2016-11-07 07:43 - 00000000 ____D C:\WINDOWS\Minidump
2016-11-06 10:21 - 2016-11-06 10:23 - 00679948 _____ C:\WINDOWS\Minidump\110616-33312-01.dmp
2016-11-06 09:51 - 2016-11-06 09:54 - 00000000 ____D C:\Users\TEMP\AppData\Local\Packages
2016-11-06 09:50 - 2016-11-06 09:54 - 00000000 ____D C:\Users\TEMP\AppData\Local\NVIDIA Corporation
2016-11-06 09:50 - 2016-11-06 09:54 - 00000000 ____D C:\Users\TEMP
2016-11-05 10:14 - 2016-11-05 10:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
2016-11-05 10:14 - 2016-11-05 10:14 - 00000000 ____D C:\Program Files (x86)\Plex
2016-11-05 10:10 - 2016-11-05 10:24 - 00000000 ____D C:\Users\avner\Downloads\London.Town.2016.1080p.WEBRip.DD5.1.x264-NTb
2016-11-05 10:01 - 2016-11-05 10:01 - 00088061 _____ C:\Users\avner\Downloads\London.Town.2016.1080p.WEBRip.DD5.1.x264-NTb-[rarbg.com].torrent
2016-11-04 17:34 - 2016-11-04 17:37 - 00000000 ____D C:\Users\avner\Downloads\Miss.Peregrines.Home.For.Peculiar.Children.2016.1080p.KORSUB.HDRip.x264.AAC2.0-STUTTERbleep
2016-11-04 17:33 - 2016-11-04 17:34 - 00000000 ____D C:\Users\avner\Downloads\Bridget.Jones.Baby.2016.1080p.KORSUB.HDRip.x264.AAC2.0-STUTTERbleep
2016-11-04 17:33 - 2016-11-04 17:33 - 00063419 _____ C:\Users\avner\Downloads\Miss.Peregrines.Home.For.Peculiar.Children.2016.1080p.KORSUB.HDRip.x264.AAC2.0-STUTTERbleep-[rarbg.com] (1).torrent
2016-11-04 17:31 - 2016-11-04 17:31 - 00063419 _____ C:\Users\avner\Downloads\Miss.Peregrines.Home.For.Peculiar.Children.2016.1080p.KORSUB.HDRip.x264.AAC2.0-STUTTERbleep-[rarbg.com].torrent
2016-11-04 17:30 - 2016-11-04 17:30 - 00082367 _____ C:\Users\avner\Downloads\Bridget.Jones.Baby.2016.1080p.KORSUB.HDRip.x264.AAC2.0-STUTTERbleep-[rarbg.com].torrent
2016-11-04 17:17 - 2016-11-04 17:17 - 00466520 _____ (Creative Labs) C:\WINDOWS\system32\wrap_oal.dll
2016-11-04 17:17 - 2016-11-04 17:17 - 00445016 _____ (Creative Labs) C:\WINDOWS\SysWOW64\wrap_oal.dll
2016-11-04 17:17 - 2016-11-04 17:17 - 00123480 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\system32\OpenAL32.dll
2016-11-04 17:17 - 2016-11-04 17:17 - 00109144 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\SysWOW64\OpenAL32.dll
2016-11-04 17:17 - 2014-04-25 16:33 - 01898496 ____N (Creative) C:\WINDOWS\system32\Sens_oal.dll
2016-11-04 17:17 - 2014-04-25 16:29 - 01609728 ____N (Creative) C:\WINDOWS\SysWOW64\Sens_oal.dll
2016-11-04 17:17 - 2009-12-24 02:49 - 00809560 ____R (Creative Labs Inc.) C:\WINDOWS\SysWOW64\tmpC8FB.tmp
2016-11-04 17:17 - 2009-12-24 02:49 - 00809560 ____R (Creative Labs Inc.) C:\WINDOWS\SysWOW64\tmpC8EA.tmp
2016-11-04 17:17 - 2000-05-11 01:00 - 00090112 ____N (Creative Technology Ltd.) C:\WINDOWS\Updreg.EXE
2016-11-04 17:14 - 2012-04-02 07:51 - 00004850 _____ C:\WINDOWS\cthdaENG.reg
2016-11-04 08:26 - 2016-11-04 08:26 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-11-04 08:24 - 2016-11-04 08:24 - 00000020 ___SH C:\Users\avner\ntuser.ini
2016-11-03 22:07 - 2016-11-03 22:07 - 00000000 ____D C:\ProgramData\USOShared
2016-11-03 22:03 - 2016-11-03 22:05 - 00007623 _____ C:\WINDOWS\diagwrn.xml
2016-11-03 22:03 - 2016-11-03 22:05 - 00007623 _____ C:\WINDOWS\diagerr.xml
2016-11-03 22:02 - 2016-11-07 19:03 - 00004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{70BF88B9-62CA-435B-B003-528C6ABA6F13}
2016-11-03 22:02 - 2016-11-07 18:55 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-11-03 22:02 - 2016-11-07 18:31 - 00003938 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-03 22:02 - 2016-11-07 18:30 - 00004002 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-03 22:02 - 2016-11-07 18:30 - 00003974 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-03 22:02 - 2016-11-07 18:30 - 00003912 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-03 22:02 - 2016-11-07 18:30 - 00003750 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-03 22:02 - 2016-11-07 18:30 - 00003708 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-03 22:02 - 2016-11-03 22:02 - 00002828 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task
2016-11-03 22:02 - 2016-11-03 22:02 - 00002444 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2016-11-03 22:02 - 2016-11-03 22:02 - 00002392 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2016-11-03 22:02 - 2016-11-03 22:02 - 00002388 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2016-11-03 22:02 - 2016-11-03 22:02 - 00002374 _____ C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2016-11-03 22:02 - 2016-11-03 22:02 - 00002370 _____ C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2016-11-03 22:02 - 2016-11-03 22:02 - 00002320 _____ C:\WINDOWS\System32\Tasks\{094825FA-C1C4-4DF1-8182-53D552719CFF}
2016-11-03 22:02 - 2016-11-03 22:02 - 00000000 ____D C:\WINDOWS\System32\Tasks\Western Digital
2016-11-03 22:02 - 2016-11-03 22:02 - 00000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
2016-11-03 22:01 - 2016-11-07 17:52 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-11-03 22:01 - 2016-11-05 17:15 - 00003504 _____ C:\WINDOWS\System32\Tasks\Apple Diagnostics
2016-11-03 22:01 - 2016-11-03 22:02 - 00003644 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-997813710-3732513820-1655796302-1001UA1d1e962e6b16963
2016-11-03 22:01 - 2016-11-03 22:02 - 00003614 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-997813710-3732513820-1655796302-1001UA
2016-11-03 22:01 - 2016-11-03 22:02 - 00003450 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-11-03 22:01 - 2016-11-03 22:02 - 00003376 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-997813710-3732513820-1655796302-1001Core1d1e962e697b589
2016-11-03 22:01 - 2016-11-03 22:02 - 00003346 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-997813710-3732513820-1655796302-1001Core
2016-11-03 22:01 - 2016-11-03 22:02 - 00003256 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1d1abb5d0a26b59
2016-11-03 22:01 - 2016-11-03 22:02 - 00003226 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-11-03 22:01 - 2016-11-03 22:02 - 00002792 _____ C:\WINDOWS\System32\Tasks\klcp_update
2016-11-03 22:01 - 2016-11-03 22:02 - 00002760 _____ C:\WINDOWS\System32\Tasks\DivXUpdate
2016-11-03 22:01 - 2016-11-03 22:02 - 00002736 _____ C:\WINDOWS\System32\Tasks\HPCustParticipation HP Photosmart Plus B210 series
2016-11-03 22:01 - 2016-11-03 22:02 - 00002218 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-11-03 22:01 - 2016-11-03 22:01 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2016-11-03 22:01 - 2016-11-03 22:01 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2016-11-03 21:59 - 2016-11-06 09:38 - 00918614 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-11-03 21:54 - 2016-11-03 21:54 - 00000000 ____D C:\ProgramData\Lexmark Universal v2 PS3
2016-11-03 21:49 - 2016-11-03 21:49 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-11-03 21:43 - 2016-11-03 21:51 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2016-11-03 21:41 - 2016-11-07 07:44 - 00000000 ____D C:\Users\avner
2016-11-03 21:40 - 2016-10-25 20:17 - 06386232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2016-11-03 21:40 - 2016-10-25 20:17 - 02475968 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2016-11-03 21:40 - 2016-10-25 20:17 - 01764408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2016-11-03 21:40 - 2016-10-25 20:17 - 00548408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2016-11-03 21:40 - 2016-10-25 20:17 - 00392128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2016-11-03 21:40 - 2016-10-25 20:17 - 00081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2016-11-03 21:40 - 2016-10-25 20:17 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2016-11-03 21:40 - 2016-10-24 06:31 - 07507695 _____ C:\WINDOWS\system32\nvcoproc.bin
2016-11-03 21:39 - 2016-11-07 18:31 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-11-03 21:39 - 2016-11-07 18:30 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-11-03 21:39 - 2016-11-07 18:30 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-11-03 21:39 - 2016-11-03 21:39 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2016-11-03 21:39 - 2016-10-27 07:36 - 02757120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2016-11-03 21:37 - 2016-11-07 17:39 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-11-03 21:37 - 2016-11-04 08:34 - 00345792 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-11-03 21:36 - 2016-11-04 17:11 - 00000000 ___DC C:\WINDOWS\Panther
2016-11-03 21:33 - 2016-11-03 21:33 - 00000000 ____D C:\Windows.old
2016-11-03 21:28 - 2016-11-03 21:37 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2016-11-03 21:28 - 2016-11-03 21:28 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-11-03 21:26 - 2016-11-03 21:26 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-11-03 21:26 - 2016-11-03 21:26 - 00000000 ____D C:\Program Files\MSBuild
2016-11-03 21:26 - 2016-11-03 21:26 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-11-03 21:26 - 2016-11-03 21:26 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-11-03 21:26 - 2016-08-22 18:09 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2016-11-03 21:26 - 2016-08-22 18:09 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-11-03 21:26 - 2016-08-22 18:09 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2016-11-03 21:25 - 2016-08-24 17:40 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2016-11-03 21:25 - 2016-08-24 17:40 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2016-11-03 21:25 - 2016-08-24 17:40 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2016-11-03 18:47 - 2016-11-03 21:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-11-03 18:47 - 2016-11-03 18:47 - 00001826 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-11-03 18:46 - 2016-11-03 18:46 - 00000000 ____D C:\Program Files\iPod
2016-10-29 10:03 - 2016-10-29 10:03 - 01717620 _____ C:\Users\avner\Downloads\H100iv2_QSG.pdf
2016-10-29 09:12 - 2016-11-03 21:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital Corporation
2016-10-29 09:12 - 2016-10-29 09:12 - 00620395 _____ C:\Users\avner\Downloads\__rzi_0.510
2016-10-29 09:12 - 2016-10-29 09:12 - 00001539 _____ C:\Users\Public\Desktop\Data Lifeguard Diagnostic for Windows.lnk
2016-10-29 09:12 - 2016-10-29 09:12 - 00000000 ____D C:\Program Files (x86)\Western Digital Corporation
2016-10-29 09:10 - 2016-10-29 09:10 - 00001263 _____ C:\Users\Public\Desktop\WD Discovery.lnk
2016-10-29 09:09 - 2016-10-29 09:10 - 03964296 _____ C:\Users\avner\Downloads\wd_discovery_windows.zip
2016-10-29 07:57 - 2016-11-03 21:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2016-10-29 07:51 - 2016-10-25 20:00 - 00134712 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2016-10-29 07:47 - 2016-10-26 01:09 - 01595456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2016-10-29 07:47 - 2016-10-26 01:09 - 00212936 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2016-10-29 07:47 - 2016-10-26 01:09 - 00046024 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2016-10-29 07:47 - 2016-10-25 21:40 - 40123840 _____ C:\WINDOWS\system32\nvcompiler.dll
2016-10-29 07:47 - 2016-10-25 21:40 - 35224632 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2016-10-29 07:47 - 2016-10-25 21:40 - 34711096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2016-10-29 07:47 - 2016-10-25 21:40 - 28202040 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2016-10-29 07:47 - 2016-10-25 21:40 - 10912232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2016-10-29 07:47 - 2016-10-25 21:40 - 10782952 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2016-10-29 07:47 - 2016-10-25 21:40 - 10332664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2016-10-29 07:47 - 2016-10-25 21:40 - 09120512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2016-10-29 07:47 - 2016-10-25 21:40 - 08913512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2016-10-29 07:47 - 2016-10-25 21:40 - 08723968 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2016-10-29 07:47 - 2016-10-25 21:40 - 03927288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2016-10-29 07:47 - 2016-10-25 21:40 - 03468736 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2016-10-29 07:47 - 2016-10-25 21:40 - 02940352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2016-10-29 07:47 - 2016-10-25 21:40 - 02574784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2016-10-29 07:47 - 2016-10-25 21:40 - 01953336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437570.dll
2016-10-29 07:47 - 2016-10-25 21:40 - 01586744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437570.dll
2016-10-29 07:47 - 2016-10-25 21:40 - 01037248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2016-10-29 07:47 - 2016-10-25 21:40 - 00975296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2016-10-29 07:47 - 2016-10-25 21:40 - 00943552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2016-10-29 07:47 - 2016-10-25 21:40 - 00897080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2016-10-29 07:47 - 2016-10-25 21:40 - 00802768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2016-10-29 07:47 - 2016-10-25 21:40 - 00683640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2016-10-29 07:47 - 2016-10-25 21:40 - 00644112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2016-10-29 07:47 - 2016-10-25 21:40 - 00572888 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2016-10-29 07:47 - 2016-10-25 21:40 - 00438208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2016-10-29 07:47 - 2016-10-25 21:40 - 00394704 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2016-10-29 07:47 - 2016-10-25 21:40 - 00390200 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2016-10-29 07:47 - 2016-10-25 21:40 - 00384448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2016-10-29 07:47 - 2016-10-25 21:40 - 00348728 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2016-10-29 07:47 - 2016-10-25 21:40 - 00327224 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2016-10-29 07:47 - 2016-10-25 21:40 - 00042296 _____ C:\WINDOWS\system32\nvinfo.pb
2016-10-29 07:47 - 2016-10-25 21:40 - 00000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2016-10-29 07:47 - 2016-10-25 21:40 - 00000669 _____ C:\WINDOWS\system32\nv-vk64.json
2016-10-27 19:38 - 2016-11-03 21:04 - 00000000 ___HD C:\$WINDOWS.~BT
2016-10-27 18:58 - 2016-10-27 18:58 - 00599040 _____ (Microsoft Corporation) C:\WINDOWS\system32\quickassist.exe
2016-10-27 18:57 - 2016-10-27 07:40 - 00033882 _____ C:\WINDOWS\Professional.xml
2016-10-27 18:56 - 2016-10-27 18:56 - 00027136 _____ (Khronos Group) C:\WINDOWS\SysWOW64\opencl.dll
2016-10-27 18:56 - 2016-10-27 18:56 - 00000000 __SHD C:\WINDOWS\BitLockerDiscoveryVolumeContents
2016-10-27 18:56 - 2016-10-27 18:56 - 00000000 ____D C:\WINDOWS\RemotePackages
2016-10-27 18:56 - 2016-10-27 18:56 - 00000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2016-10-27 18:47 - 2016-10-27 18:47 - 00000000 ____D C:\WINDOWS\SKB
2016-10-27 18:47 - 2016-10-27 18:47 - 00000000 ____D C:\WINDOWS\OCR
2016-10-27 18:46 - 2016-11-03 21:45 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2016-10-27 18:46 - 2016-11-03 21:45 - 00000000 ____D C:\WINDOWS\system32\slmgr
2016-10-27 18:46 - 2016-10-27 18:46 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2016-10-27 18:46 - 2016-10-27 18:46 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2016-10-27 18:46 - 2016-10-27 18:46 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2016-10-27 18:46 - 2016-10-27 18:46 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2016-10-27 18:46 - 2016-10-27 18:46 - 00000000 ____D C:\WINDOWS\SysWOW64\0409
2016-10-27 18:46 - 2016-10-27 18:46 - 00000000 ____D C:\WINDOWS\system32\winrm
2016-10-27 18:46 - 2016-10-27 18:46 - 00000000 ____D C:\WINDOWS\system32\WCN
2016-10-27 18:46 - 2016-10-27 18:46 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2016-10-27 18:46 - 2016-10-27 18:46 - 00000000 ____D C:\WINDOWS\system32\0409
2016-10-27 18:46 - 2016-10-27 18:46 - 00000000 ____D C:\WINDOWS\DigitalLocker
2016-10-27 08:28 - 2016-10-27 08:28 - 00000000 _SHDL C:\Users\Default User
2016-10-27 08:28 - 2016-10-27 08:28 - 00000000 _SHDL C:\Users\All Users
2016-10-27 07:56 - 2016-10-27 07:56 - 00000000 ____D C:\WINDOWS\Setup
2016-10-27 07:55 - 2016-10-27 07:42 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-10-27 07:55 - 2016-10-27 07:42 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-10-27 07:51 - 2016-10-27 07:46 - 00000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
2016-10-27 07:28 - 2016-11-06 18:27 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-10-27 04:20 - 2016-11-07 18:54 - 01572864 _____ C:\WINDOWS\system32\config\BBI
2016-10-27 04:20 - 2016-11-03 22:06 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2016-10-27 04:20 - 2016-11-03 21:40 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-10-27 04:20 - 2016-10-27 18:46 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-10-27 04:20 - 2016-10-27 18:46 - 00000000 ____D C:\WINDOWS\servicing
2016-10-27 04:20 - 2016-10-27 07:51 - 00000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2016-10-27 04:20 - 2016-10-27 07:50 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2016-10-27 04:20 - 2016-10-27 04:20 - 00896272 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-10-27 04:20 - 2016-10-27 04:20 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmiEngine.dll
2016-10-27 04:20 - 2016-10-27 04:20 - 00280336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdscore.dll
2016-10-27 04:20 - 2016-10-27 04:20 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\PkgMgr.exe
2016-10-27 04:20 - 2016-10-27 04:20 - 00153872 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-10-27 04:20 - 2016-10-27 04:20 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2016-10-27 04:20 - 2016-10-27 04:20 - 00131344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SSShim.dll
2016-10-27 04:20 - 2016-10-27 04:20 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetDriverInstall.dll
2016-10-27 04:20 - 2016-10-27 04:20 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2016-10-27 04:20 - 2016-10-27 04:20 - 00000000 ____D C:\WINDOWS\system32\SMI
2016-10-27 04:20 - 2016-10-27 04:20 - 00000000 ____D C:\WINDOWS\system32\downlevel
2016-10-26 17:18 - 2016-11-03 21:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LaCie
2016-10-26 17:18 - 2016-10-26 17:18 - 06048832 _____ (LaCie ) C:\Users\avner\Downloads\LaCie_desktop_manager_windows.exe
2016-10-26 17:18 - 2016-10-26 17:18 - 00002288 _____ C:\Users\Public\Desktop\LaCie Desktop Manager.lnk
2016-10-26 17:18 - 2016-10-26 17:18 - 00000000 ____D C:\ProgramData\LaCie
2016-10-26 17:18 - 2016-10-26 17:18 - 00000000 ____D C:\Program Files (x86)\LaCie
2016-10-26 17:16 - 2016-10-26 17:16 - 05110465 _____ C:\Users\avner\Downloads\LaCieUSBFirmwareUpdater-1.1.5-WIN.zip
2016-10-25 19:55 - 2016-11-04 17:15 - 00000000 ____D C:\Users\Public\Creative
2016-10-25 17:51 - 2016-10-25 18:28 - 00000000 ____D C:\Users\avner\Downloads\The.BFG.2016.1080p.WEB-DL.DD5.1.H264-FGT
2016-10-25 17:51 - 2016-10-25 18:26 - 00000000 ____D C:\Users\avner\Downloads\Finding.Dory.2016.1080p.WEB-DL.AAC2.0.H264-FGT
2016-10-25 17:50 - 2016-10-25 17:50 - 00083669 _____ C:\Users\avner\Downloads\The.BFG.2016.1080p.WEB-DL.DD5.1.H264-FGT-[rarbg.com] (1).torrent
2016-10-25 17:50 - 2016-10-25 17:50 - 00073787 _____ C:\Users\avner\Downloads\Finding.Dory.2016.1080p.WEB-DL.AAC2.0.H264-FGT-[rarbg.com].torrent
2016-10-25 17:49 - 2016-10-25 17:49 - 00083669 _____ C:\Users\avner\Downloads\The.BFG.2016.1080p.WEB-DL.DD5.1.H264-FGT-[rarbg.com].torrent
2016-10-25 06:18 - 2016-10-22 07:25 - 01953336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437563.dll
2016-10-25 06:18 - 2016-10-22 07:25 - 01585088 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437563.dll
2016-10-25 06:17 - 2016-10-25 06:17 - 00291434 _____ C:\Users\avner\Documents\cc_20161025_071742.reg
2016-10-24 19:07 - 2016-10-24 19:07 - 04379823 _____ C:\Users\avner\Downloads\__rzi_1.846
2016-10-24 18:54 - 2016-10-24 18:55 - 08270712 _____ (Piriform Ltd) C:\Users\avner\Downloads\ccsetup523.exe
2016-10-23 21:05 - 2016-11-03 21:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2016-10-23 21:03 - 2016-10-23 21:05 - 01875208 _____ (Malwarebytes ) C:\Users\avner\Downloads\mbae-setup-1.08.1.2572.exe
2016-10-23 20:16 - 2016-10-23 20:16 - 05385516 _____ C:\Users\avner\Downloads\345489115848-MasterOV.zip
2016-10-23 20:11 - 2016-10-23 20:11 - 00000000 ____D C:\Users\avner\Downloads\Elvis Presley - The Wonder of You - E. P. with the R. P. O
2016-10-23 15:37 - 2016-10-23 16:00 - 00000000 ____D C:\Users\avner\Downloads\[wWw.GloDLS.to] - Now Thats What I Call Music 89 - [2CD] [MP3] RETAIL DINGL3DAWN [GloDLS]
2016-10-23 15:33 - 2016-10-23 15:33 - 01841689 _____ C:\Users\avner\Downloads\Malwarebytes Anti-Exploit 1.08.1.2572 + Keys [4realtorrentz].zip
2016-10-23 14:05 - 2016-11-07 18:57 - 00228800 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MB3SwissArmy.sys
2016-10-23 14:05 - 2016-11-07 18:56 - 00091072 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2016-10-23 14:05 - 2016-11-03 21:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2016-10-23 14:05 - 2016-10-23 14:05 - 00001950 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Ransomware.lnk
2016-10-23 14:05 - 2016-10-23 14:05 - 00000000 ____D C:\ProgramData\MalwarebytesARW
2016-10-23 14:05 - 2016-10-23 14:05 - 00000000 ____D C:\Program Files\Malwarebytes
2016-10-23 14:04 - 2016-10-23 14:05 - 37892136 _____ (Malwarebytes ) C:\Users\avner\Downloads\MBARW_Setup.exe
2016-10-23 14:00 - 2016-10-23 14:00 - 01878784 _____ (Malwarebytes ) C:\Users\avner\Downloads\mbae-setup-1.9.1.1180.exe
2016-10-23 13:49 - 2016-11-06 09:58 - 00000000 ____D C:\Users\avner\AppData\Local\Plex Media Server
2016-10-23 13:24 - 2016-10-23 13:26 - 97891320 _____ (Plex, Inc.) C:\Users\avner\Downloads\Plex-Media-Server-1.1.4.2757-24ffd60-en-US.exe
2016-10-23 12:19 - 2016-10-23 12:20 - 00000000 ____D C:\Users\avner\Downloads\Va.Now.That's.What.I.Call.Music.90-TDG
2016-10-23 12:15 - 2016-10-23 12:20 - 00000000 ____D C:\Users\avner\Downloads\Now 92 retail
2016-10-23 12:12 - 2016-10-23 16:13 - 00000000 ____D C:\Users\avner\Downloads\Now.Thats.What.I.Call.Music_Complete.Collection-(1-75)-TPB
2016-10-23 12:12 - 2016-10-23 16:08 - 00000000 ____D C:\Users\avner\Downloads\Now Thats What I Call Music! - Recent Collection - (76-88) That's
2016-10-23 12:12 - 2016-10-23 12:37 - 00000000 ____D C:\Users\avner\Downloads\The Original Elvis Presley Collection (50CD)
2016-10-23 12:12 - 2016-10-23 12:22 - 00000000 ____D C:\Users\avner\Downloads\Madonna [2015] Rebel Heart
2016-10-23 12:12 - 2016-10-23 12:13 - 00000000 ____D C:\Users\avner\Downloads\One Direction - Made In The A.M. [Deluxe Edition] [2015] [MP3-320KBPS] [H4CKUS] [GloDLS]
2016-10-23 12:12 - 2016-10-23 12:12 - 00000000 ____D C:\Users\avner\Downloads\Now That's What I Call Music! 93
2016-10-23 11:17 - 2016-10-23 11:17 - 00000000 ____D C:\Users\avner\Downloads\Bobby.2016.720p.BRRip.x264.AAC-ETRG
2016-10-21 22:30 - 2016-10-21 22:30 - 00000000 ____D C:\Program Files\Creative
2016-10-21 22:26 - 2016-10-21 22:28 - 00000000 ___HD C:\Program Files (x86)\Creative Installation Information
2016-10-21 22:22 - 2016-10-18 21:27 - 01951680 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437557.dll
2016-10-21 22:22 - 2016-10-18 21:27 - 01586744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437557.dll
2016-10-21 22:07 - 2009-12-24 02:49 - 00809560 ____R (Creative Labs Inc.) C:\WINDOWS\SysWOW64\tmp4E72.tmp
2016-10-21 22:07 - 2009-12-24 02:49 - 00809560 ____R (Creative Labs Inc.) C:\WINDOWS\SysWOW64\tmp4E71.tmp
2016-10-21 22:06 - 2012-11-26 16:19 - 00005687 _____ C:\WINDOWS\SysWOW64\CTOPT352.cat
2016-10-21 22:06 - 2012-08-13 13:51 - 00167424 _____ (Creative Technology Ltd) C:\WINDOWS\SysWOW64\CTOPT352.dll
2016-10-21 22:06 - 2006-12-05 12:53 - 00042496 _____ (Creative Technology Ltd.) C:\WINDOWS\SysWOW64\AddCat.exe
2016-10-21 22:05 - 2010-10-04 14:20 - 00079360 _____ (Creative Technology Ltd) C:\WINDOWS\SysWOW64\CTOPT399.dll
2016-10-21 22:05 - 2010-10-03 13:48 - 00005498 _____ C:\WINDOWS\SysWOW64\CTOPT399.cat
2016-10-21 22:05 - 2008-12-22 19:13 - 00061440 _____ (Creative Technology Ltd) C:\WINDOWS\SysWOW64\CTChkAud.dll
2016-10-21 20:59 - 2016-11-07 18:56 - 00000000 ____D C:\ProgramData\NVIDIA
2016-10-21 08:10 - 2016-11-03 22:02 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2016-10-21 07:59 - 2016-10-21 07:59 - 00063760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Account.SettingsServer.dll
2016-10-17 17:09 - 2016-10-17 17:09 - 00031661 _____ C:\Users\avner\Documents\Jenny label.pdf
2016-10-16 12:30 - 2016-10-16 12:30 - 00000000 ___HD C:\$SysReset
2016-10-13 17:45 - 2016-09-09 18:25 - 00269600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2016-10-13 17:45 - 2016-09-09 18:25 - 00261920 _____ C:\WINDOWS\system32\vulkan-1.dll
2016-10-13 17:45 - 2016-09-09 18:25 - 00110880 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2016-10-13 17:45 - 2016-09-09 18:24 - 00125216 _____ C:\WINDOWS\system32\vulkaninfo.exe
2016-10-13 17:40 - 2016-10-18 21:27 - 03922632 _____ (NVIDIA Corporation) C:\WINDOWS\system32\SET96F2.tmp
2016-10-13 17:40 - 2016-10-18 21:27 - 03465312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\SETAB07.tmp
2016-10-13 17:40 - 2016-10-01 21:11 - 01935808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437306.dll
2016-10-13 17:40 - 2016-10-01 21:11 - 01586744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437306.dll
2016-10-13 05:40 - 2016-11-07 18:31 - 00001489 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2016-10-13 05:40 - 2016-10-25 20:21 - 01854008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2016-10-13 05:40 - 2016-10-25 20:21 - 01756728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2016-10-13 05:40 - 2016-10-25 20:21 - 01454136 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2016-10-13 05:40 - 2016-10-25 20:21 - 01318968 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2016-10-13 05:40 - 2016-10-25 20:21 - 00121912 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2016-10-13 05:40 - 2016-10-25 20:21 - 00047672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2016-10-13 05:40 - 2016-10-25 19:12 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2016-10-13 05:39 - 2016-10-13 05:39 - 71063336 _____ (NVIDIA Corporation) C:\Users\avner\Downloads\GeForce_Experience_v3.0.7.34.exe
2016-10-11 06:27 - 2016-10-11 06:27 - 01631928 _____ (Malwarebytes) C:\Users\avner\Downloads\JRT.exe
2016-10-08 17:16 - 2016-10-08 17:19 - 00000000 ____D C:\Users\avner\Downloads\Four.Lions.2010.BRRip.XviD.MP3-RARBG
2016-10-08 17:08 - 2016-10-08 17:13 - 00000000 ____D C:\Users\avner\Downloads\Hector and the Search for Happiness (2014) [1080p]
2016-10-08 14:23 - 2016-10-08 14:23 - 00025823 _____ C:\Users\avner\Downloads\Four.Lions.2010.BRRip.XviD.MP3-RARBG-[rarbg.com].torrent
2016-10-08 14:19 - 2016-11-03 21:40 - 00000000 ____D C:\temp
2016-10-08 14:19 - 2016-10-08 14:21 - 00000000 ____D C:\Users\avner\Downloads\Four.Lions.2010.720p.BluRay.H264.AAC-RARBG
2016-10-08 14:18 - 2016-10-08 14:18 - 36908777 _____ C:\Users\avner\Downloads\__rzi_0.627
2016-10-08 14:16 - 2016-10-08 14:16 - 36908777 _____ C:\Users\avner\Downloads\uTorrent Pro 3.4.9 Build 42606 Stable + Crack [4realtorrentz].zip
2016-10-08 14:13 - 2016-10-08 14:13 - 00024821 _____ C:\Users\avner\Downloads\Four.Lions.2010.720p.BluRay.H264.AAC-RARBG-[rarbg.com] (1).torrent
2016-10-08 14:12 - 2016-10-08 14:12 - 00024821 _____ C:\Users\avner\Downloads\Four.Lions.2010.720p.BluRay.H264.AAC-RARBG-[rarbg.com].torrent

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-07 19:01 - 2015-08-07 21:14 - 00000000 ___RD C:\Users\avner\Google Drive
2016-11-07 18:59 - 2015-08-10 05:57 - 00000000 ___RD C:\Users\avner\iCloudDrive
2016-11-07 18:59 - 2015-08-07 19:34 - 00000000 ___RD C:\Users\avner\OneDrive
2016-11-07 18:54 - 2015-08-07 21:00 - 00000000 ____D C:\Users\avner\Documents\Outlook Files
2016-11-07 07:44 - 2015-08-07 22:18 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-11-06 09:51 - 2015-08-07 19:31 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-11-06 09:46 - 2016-02-14 20:03 - 00000000 ____D C:\Users\avner\AppData\Roaming\uTorrent
2016-11-05 10:14 - 2015-08-07 21:58 - 00000000 ____D C:\ProgramData\Package Cache
2016-11-04 17:29 - 2015-08-07 21:13 - 00000000 ____D C:\Users\avner\AppData\Local\Google
2016-11-04 17:17 - 2016-09-02 19:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
2016-11-04 17:17 - 2016-09-02 19:31 - 00000000 ____D C:\Program Files (x86)\Creative
2016-11-04 17:15 - 2016-09-02 19:31 - 00000078 ___RH C:\WINDOWS\ctfile.rfc
2016-11-04 17:11 - 2015-11-16 18:14 - 00000000 ____D C:\Users\avner\AppData\Local\CrashDumps
2016-11-04 16:49 - 2016-09-06 06:39 - 00002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2016-11-04 08:51 - 2015-08-12 20:18 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-11-04 08:35 - 2015-10-25 13:01 - 00000400 __RSH C:\ProgramData\ntuser.pol
2016-11-04 08:32 - 2015-08-07 21:13 - 00002119 _____ C:\Users\Public\Desktop\Google Slides.lnk
2016-11-04 08:32 - 2015-08-07 21:13 - 00002117 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2016-11-04 08:32 - 2015-08-07 21:13 - 00002107 _____ C:\Users\Public\Desktop\Google Docs.lnk
2016-11-04 08:32 - 2015-08-07 21:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-11-03 22:02 - 2016-01-08 18:25 - 00022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2016-11-03 21:51 - 2016-09-06 06:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2016-11-03 21:51 - 2016-07-30 07:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2016-11-03 21:51 - 2016-07-07 17:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LoiLoScope Download
2016-11-03 21:51 - 2016-07-01 06:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RescuePRO Deluxe
2016-11-03 21:51 - 2016-05-28 18:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
2016-11-03 21:51 - 2016-05-28 14:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK
2016-11-03 21:51 - 2016-05-06 17:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bonjour Print Services
2016-11-03 21:51 - 2016-04-24 09:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudibleManager
2016-11-03 21:51 - 2016-04-08 18:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-11-03 21:51 - 2016-03-31 08:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-11-03 21:51 - 2016-01-30 22:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark
2016-11-03 21:51 - 2016-01-30 18:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2016-11-03 21:51 - 2016-01-10 21:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2016-11-03 21:51 - 2016-01-10 20:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2016-11-03 21:51 - 2015-10-27 20:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Data Recovery Wizard 7.5
2016-11-03 21:51 - 2015-10-27 20:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Data Recovery Wizard 8.5
2016-11-03 21:51 - 2015-10-25 18:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ISO to USB
2016-11-03 21:51 - 2015-10-25 12:14 - 00000000 ____D C:\Users\avner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
2016-11-03 21:51 - 2015-10-10 08:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-11-03 21:51 - 2015-10-10 08:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-11-03 21:51 - 2015-09-17 21:10 - 00000000 ____D C:\Users\avner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kodi
2016-11-03 21:51 - 2015-09-11 20:38 - 00000000 ____D C:\Users\avner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Photos Backup
2016-11-03 21:51 - 2015-09-11 20:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2016-11-03 21:51 - 2015-09-05 12:11 - 00000000 ____D C:\Users\avner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2016-11-03 21:51 - 2015-09-05 12:11 - 00000000 ____D C:\Users\avner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2016-11-03 21:51 - 2015-09-03 17:13 - 00000000 ____D C:\Users\avner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2016-11-03 21:51 - 2015-08-16 13:44 - 00000000 ____D C:\WINDOWS\SysWOW64\WLM-0.14
2016-11-03 21:51 - 2015-08-13 17:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-11-03 21:51 - 2015-08-12 19:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-11-03 21:51 - 2015-08-09 21:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
2016-11-03 21:51 - 2015-08-08 11:14 - 00000000 ____D C:\Users\avner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-11-03 21:51 - 2015-08-08 11:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-11-03 21:45 - 2016-06-14 19:28 - 00000000 __RSD C:\WINDOWS\system32\WindowsDevicePortal
2016-11-03 21:45 - 2016-06-14 19:28 - 00000000 ___RD C:\WINDOWS\WebManagement
2016-11-03 21:45 - 2015-08-07 21:48 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2016-11-03 21:44 - 2016-07-07 17:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panasonic
2016-11-03 21:44 - 2016-05-24 06:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
2016-11-03 21:44 - 2016-05-23 17:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2016-11-03 21:44 - 2016-05-11 16:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2016-11-03 21:44 - 2016-03-25 14:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BUFFALO
2016-11-03 21:44 - 2016-03-11 07:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vulkan 1.0.3.0
2016-11-03 21:43 - 2016-09-02 19:56 - 00000000 ____D C:\Users\avner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Creative
2016-11-03 21:43 - 2015-08-07 20:02 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-11-03 21:42 - 2015-08-07 19:31 - 00000000 ____D C:\Users\avner\AppData\Local\Packages
2016-11-03 21:08 - 2015-08-07 20:09 - 00008192 __RSH C:\BOOTSECT.BAK
2016-11-03 18:46 - 2015-08-07 23:00 - 00000000 ____D C:\Program Files\iTunes
2016-11-03 18:46 - 2015-08-07 21:21 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-11-01 20:50 - 2015-08-11 18:55 - 00000000 ____D C:\Users\avner\AppData\Local\ElevatedDiagnostics
2016-10-31 19:30 - 2016-07-18 18:07 - 00001139 _____ C:\Users\Public\Desktop\DivX Player.lnk
2016-10-31 19:30 - 2016-03-26 17:47 - 00001526 _____ C:\Users\avner\Desktop\DivX Movies.lnk
2016-10-31 19:30 - 2016-01-10 20:53 - 00000000 ____D C:\Program Files (x86)\DivX
2016-10-31 19:30 - 2016-01-10 20:51 - 00000000 ____D C:\ProgramData\DivX
2016-10-31 19:29 - 2016-07-18 18:06 - 00001164 _____ C:\Users\Public\Desktop\DivX Converter.lnk
2016-10-31 19:29 - 2016-01-10 20:54 - 00000000 ____D C:\Users\avner\AppData\Roaming\DivX
2016-10-29 09:12 - 2015-08-07 22:04 - 00000000 ____D C:\Users\avner\AppData\Local\Western_Digital_Technolog
2016-10-29 09:10 - 2015-08-07 22:03 - 00000000 ____D C:\Program Files (x86)\Western Digital
2016-10-29 08:39 - 2015-08-10 05:56 - 00000000 ____D C:\Users\avner\AppData\Local\15AF9602-35FC-460D-BF51-BBEB8BBCE7EE.aplzod
2016-10-29 07:50 - 2016-03-11 07:20 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-10-28 20:22 - 2015-08-07 22:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2016-10-28 06:10 - 2015-08-07 19:45 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-10-27 07:37 - 2015-08-07 20:09 - 00385262 __RSH C:\bootmgr
2016-10-27 07:37 - 2015-08-07 20:09 - 00000001 ___SH C:\BOOTNXT
2016-10-26 09:58 - 2016-03-30 09:32 - 00012574 _____ C:\Users\avner\Documents\monthly bills 2016.xlsx
2016-10-26 03:28 - 2016-01-01 09:52 - 00002276 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-26 03:28 - 2016-01-01 09:52 - 00002264 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-10-25 20:41 - 2015-08-07 19:34 - 00002412 _____ C:\Users\avner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-10-24 19:14 - 2016-03-31 08:49 - 00000000 ____D C:\Program Files\CCleaner
2016-10-24 18:55 - 2016-03-31 08:49 - 00000867 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-10-21 22:30 - 2015-09-11 17:25 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-10-21 22:28 - 2016-09-02 19:39 - 00000000 ____D C:\ProgramData\Creative
2016-10-21 20:21 - 2015-10-10 08:13 - 00000000 ____D C:\Users\avner\AppData\Local\NVIDIA Corporation
2016-10-21 20:19 - 2015-10-10 08:10 - 00000000 ____D C:\Program Files (x86)\Java
2016-10-21 20:19 - 2015-09-17 20:53 - 00000000 ____D C:\ProgramData\Oracle
2016-10-21 20:18 - 2015-10-10 08:10 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-10-21 16:49 - 2015-08-07 20:18 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-10-16 13:35 - 2015-08-07 19:31 - 00000000 ____D C:\Users\avner\AppData\Local\TileDataLayer
2016-10-13 05:43 - 2015-10-10 08:13 - 00000000 ____D C:\Users\avner\AppData\Local\NVIDIA
2016-10-08 08:41 - 2016-04-08 15:53 - 00000000 ____D C:\Users\avner\AppData\Local\ConnectedDevicesPlatform

==================== Files in the root of some directories =======

2016-02-07 09:46 - 2016-02-07 09:47 - 0007600 _____ () C:\Users\avner\AppData\Local\resmon.resmoncfg
2016-01-30 18:54 - 2016-01-30 18:54 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-08-07 19:41 - 2016-01-30 22:30 - 0009996 _____ () C:\ProgramData\Coinstaller.log
2016-08-17 23:38 - 2016-08-17 23:38 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-09-11 17:43 - 2016-01-30 18:18 - 0005766 _____ () C:\ProgramData\hpzinstall.log

Files to move or delete:
====================
C:\Users\avner\WDMyCloud_win.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-11-03 21:37

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2016
Ran by avner (07-11-2016 19:31:07)
Running from C:\Users\avner\Downloads
Windows 10 Pro Insider Preview Version 1607 (X64) (2016-11-03 22:06:58)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-997813710-3732513820-1655796302-500 - Administrator - Disabled)
avner (S-1-5-21-997813710-3732513820-1655796302-1001 - Administrator - Enabled) => C:\Users\avner
DefaultAccount (S-1-5-21-997813710-3732513820-1655796302-503 - Limited - Disabled)
Guest (S-1-5-21-997813710-3732513820-1655796302-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-997813710-3732513820-1655796302-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-997813710-3732513820-1655796302-1001\...\uTorrent) (Version: 3.4.9.42606 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Ansel (Version: 375.70 - NVIDIA Corporation) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{F2871C89-C8A5-42EE-8D45-0F02506385A6}) (Version: 5.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9BC93467-75D1-4AA4-BD58-D9C51D88DFAB}) (Version: 5.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Audible Download Manager (HKLM-x32\...\AudibleDownloadManager) (Version: 6.6.0.19 - Audible, Inc.)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 1258291530.39593368.127.39584352 - Audible, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bonjour Print Services (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.)
BUFFALO NAS Navigator2 (HKLM-x32\...\UN060501) (Version: 2.82 - Buffalo Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.23 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
CPUID CPU-Z 1.76 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
Creative Media Toolbox 6 (HKLM-x32\...\{F1A14CB2-A048-45A6-AFDA-3571296E1D76}) (Version: 6.02 - Creative Technology Limited)
Creative Music Server (HKLM-x32\...\Music Server) (Version: 1.01 - Creative Technology Limited)
Creative Smart Recorder (HKLM-x32\...\Smart Recorder) (Version: 2.20 - Creative Technology Limited)
Creative WaveStudio 7 (HKLM-x32\...\WaveStudio 7) (Version: 7.14 - Creative Technology Limited)
Customer Support (HKLM-x32\...\{B33D89E4-FB43-6749-447E-2E469AC9EB5B}) (Version: 1.0.0.0 - Lexmark International, Inc.)
Data Lifeguard Diagnostic for Windows 1.31 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version: - Western Digital Corporation)
DivX Setup (HKLM\...\DivX Setup) (Version: 3.0.0.99 - DivX, LLC)
Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.03 - Creative Technology Limited)
DTS Connect Pack (HKLM-x32\...\DTS Connect Pack) (Version: 1.00 - Creative Technology Limited)
EaseUS Data Recovery Wizard 7.5 (HKLM-x32\...\EaseUS Data Recovery Wizard 7.5_is1) (Version: - EaseUS)
EaseUS Data Recovery Wizard 8.5 (HKLM\...\EaseUS Data Recovery Wizard 8.5_is1) (Version: - EaseUS)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.71 - Google Inc.)
Google Drive (HKLM-x32\...\{3D7AB4D4-2E45-4986-BAC5-5B3CEED21FAA}) (Version: 1.32.3592.6117 - Google, Inc.)
Google Photos Backup (HKU\S-1-5-21-997813710-3732513820-1655796302-1001\...\Google Photos Backup) (Version: 1.1.2.13 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 11.5.0.1165 - Citrix Systems, Inc.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Photosmart Plus B210 series Basic Device Software (HKLM\...\{5B17980C-5C44-45D0-80A5-665FD9E776A9}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart Plus B210 series Help (HKLM-x32\...\{7F5FDEA1-D0AC-4D80-9D95-59775FCCFA40}) (Version: 140.0.54.54 - Hewlett Packard)
HP Photosmart Plus B210 series Product Improvement Study (HKLM\...\{0C87AEBC-E9FD-4232-9386-54C4F8ECCCDF}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.5.32.37 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{29AAC3D3-23FC-496D-8266-0E3833686758}) (Version: 6.0.2.10 - Apple Inc.)
ISO to USB (HKLM-x32\...\{D08A30AC-A663-4EA8-8D81-B98E17F19F1C}_is1) (Version: - isotousb.com)
iTunes (HKLM\...\{554C62C7-E6BB-40F1-892B-F0AE02D3C135}) (Version: 12.5.3.17 - Apple Inc.)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
K-Lite Mega Codec Pack 12.3.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.3.5 - KLCP)
Kodi (HKU\S-1-5-21-997813710-3732513820-1655796302-1001\...\Kodi) (Version: - XBMC-Foundation)
LaCie Desktop Manager 2.8.0 (HKLM-x32\...\{3845209F-142E-4F48-B61A-AA34D2DB54BB}_is1) (Version: 2.8.0 - LaCie)
Lenovo Service Bridge (HKU\S-1-5-21-997813710-3732513820-1655796302-1001\...\cbe8636f7dd0cf1d) (Version: 1.5.0.0 - Lenovo)
LenovoUsbDriver 1.0.15 (HKLM-x32\...\LenovoUsbDriver) (Version: 1.0.15 - Lenovo)
Lexmark Travel Print (HKLM\...\{0B53F4E3-AB9B-4424-BB33-5567D65F39F8}) (Version: 1.4.0.0 - Lexmark International, Inc.)
Lexmark Universal v2 PS3 Print Driver (HKLM\...\{1172EF83-31C6-412D-B301-991E709701DB}) (Version: 2.10.0.0 - Lexmark International, Inc.)
LoiLoScope Download (HKLM-x32\...\{C2A254F4-AC74-482F-8F09-DB2843AC2AAE}_is1) (Version: 2.0 - LoiLo inc)
Malwarebytes Anti-Exploit version 1.9.1.1235 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.9.1.1235 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Malwarebytes Anti-Ransomware version 0.9.17.661 (HKLM\...\{6CA75021-FBB0-41A5-B95C-FC1C9E0421F0}_is1) (Version: 0.9.17.661 - Malwarebytes)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7369.2038 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{b3c7f59f-dc40-4be9-829c-77dd292978ea}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MP3jam 1.1.1.12 (HKLM-x32\...\MP3jam_is1) (Version: 1.1.1.12 - MP3jam)
Mp3tag v2.78 (HKLM-x32\...\Mp3tag) (Version: v2.78 - Florian Heidenreich)
MusicBrainz Picard (HKLM-x32\...\MusicBrainz Picard) (Version: 1.4.0dev5_win_20160728100053 - MusicBrainz)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 375.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 375.70 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.1.0.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.1.0.52 - NVIDIA Corporation)
NVIDIA Graphics Driver 375.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 375.70 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.1.0.52 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 1.2.0.0 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
PHOTOfunSTUDIO 9.6 PE (HKLM-x32\...\{7113ACE0-A2FA-463B-969A-E3FD7BF42573}) (Version: 9.06.724.1033 - Panasonic Corporation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.140.248 - Google, Inc.)
Plex Media Server (HKLM-x32\...\{e0f09eed-4b59-434a-bd04-70a53c69e59e}) (Version: 1.2.6.2975 - Plex, Inc.)
Plex Media Server (x32 Version: 1.2.2975 - Plex, Inc.) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.8.311.2016 - Realtek)
RescuePRO Deluxe 5.2.5.8 (HKLM-x32\...\{38D9AAB8-116B-40BB-A801-50B71DF82D24}_is1) (Version: 5.2.5.8 - LC Technology International, Inc.)
Seagate Media Software (HKLM-x32\...\InstallShield_{6EE8AB46-ACAF-4FA5-B6D1-40B35B2157CD}) (Version: 2.01.0414 - Seagate)
Seagate Media Software (x32 Version: 2.01.0414 - Seagate) Hidden
SeaTools for Windows 1.4.0.4 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.4 - Seagate Technology)
SHIELD Streaming (Version: 7.1.0330 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.1.0.52 - NVIDIA Corporation) Hidden
Sound Blaster Z-Series (HKLM-x32\...\{B2C527EF-4F7B-405A-ADB4-89B432891FF2}) (Version: 1.00.28 - Creative Technology Limited)
Sound Blaster Z-Series Extras (HKLM-x32\...\{9D9DB4BA-E352-4AC8-AD2B-B10104F5AB80}) (Version: 1.0 - Creative Technology Limited)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.5.43 - Safer-Networking Ltd.)
Stopping Plex (x32 Version: 1.2.2975 - Plex, Inc.) Hidden
TomTom MyDrive Connect 4.1.2.2862 (HKLM-x32\...\MyDriveConnect) (Version: 4.1.2.2862 - TomTom)
TP-LINK Archer T9E Driver (HKLM-x32\...\{59516745-D476-49FD-B281-371844FA1C21}) (Version: 1.3.1 - TP-LINK)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
WD Discovery (HKLM-x32\...\{A80AE043-EF68-4B64-9C6F-088405FED315}) (Version: 102.0.1.10 - Western Digital Technologies, Inc.)
WD My Cloud (HKLM\...\{4B86F896-11DC-4711-BB60-81104832FA44}) (Version: 1.0.7.17 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{965D28B5-3C86-41FD-994E-D6376815C9B3}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Driver Package - Lexmark International Printer (10/02/2015 2.10.0.0) (HKLM\...\C392153AE73FBC561A5E8A8314FA7D7A437BD2B5) (Version: 10/02/2015 2.10.0.0 - Lexmark International)
WinRAR 5.30 beta 2 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.2 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-997813710-3732513820-1655796302-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-997813710-3732513820-1655796302-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\avner\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-997813710-3732513820-1655796302-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\avner\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_10\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-997813710-3732513820-1655796302-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\avner\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1FB32755-CA37-45B1-8852-5DAFB4993234} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2016-08-15] ()
Task: {1FC2F0C7-CB2F-4CC1-907D-6ED8C1EBB635} - System32\Tasks\Microsoft\Windows\Subscription\LicenseAcquisition => C:\WINDOWS\system32\ClipRenew.exe [2016-10-27] (Microsoft Corporation)
Task: {2D0EC1C3-F21B-431E-B0E4-D05C15413044} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {310AC9D0-84BC-4ECC-A487-252CD9412183} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-10-25] (NVIDIA Corporation)
Task: {34A29980-7677-4E71-8960-2FE310DE9AB3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {36403F3A-B2C0-42A3-B6EF-0085A127EC06} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-10-21] (Microsoft Corporation)
Task: {36F768D7-8F07-4869-B697-074115FFC290} - System32\Tasks\Microsoft\Windows\BrokerInfrastructure\BgTaskRegistrationMaintenanceTask
Task: {38590466-34EA-418A-94FF-8673140A1A73} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-997813710-3732513820-1655796302-1001UA => C:\Users\avner\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-11] (Google Inc.)
Task: {4121C2B2-5F50-4163-8C18-FC355C45D3B2} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {43452FD9-0B39-4BEF-AB50-7E30E4AE5D52} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-08] (Microsoft Corporation)
Task: {490C5706-57B4-4EF6-9D13-D79CE88D5DB8} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-10-25] (NVIDIA Corporation)
Task: {4FD08063-B925-4EC5-811A-5140006B7DD9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-997813710-3732513820-1655796302-1001Core1d1e962e697b589 => C:\Users\avner\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-11] (Google Inc.)
Task: {589375FE-E581-4B54-ADAC-EF672E60AF65} - \Microsoft\XblGameSave\XblGameSaveTask\Logon -> No File <==== ATTENTION
Task: {6372C662-E7FD-47D9-B630-1139A1F4E29B} - System32\Tasks\HPCustParticipation HP Photosmart Plus B210 series => C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {641DAB42-D500-47AF-90E4-60EE5D96D667} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {6B5553AB-F792-442F-A0A8-D7FC8FCA753F} - System32\Tasks\Microsoft\Windows\Subscription\EnableLicenseAcquisition => C:\WINDOWS\system32\ClipRenew.exe [2016-10-27] (Microsoft Corporation)
Task: {758406AE-4ED5-4D72-8D44-B6487BEFDC51} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-08] (Microsoft Corporation)
Task: {75E52C71-14AD-4588-89A6-CC0313AAE9EC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-997813710-3732513820-1655796302-1001UA1d1e962e6b16963 => C:\Users\avner\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-11] (Google Inc.)
Task: {767C6014-45EA-40C0-AF14-07D0D719D4DB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-07] (Google Inc.)
Task: {77614F77-1C24-44FD-97B2-97A7F1566224} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2016-10-05] (Apple Inc.)
Task: {77F5592B-1703-4A26-9FAF-D416F9546CD0} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {7D2D4E4E-476D-4251-9FD3-1D167716E911} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-10-25] (NVIDIA Corporation)
Task: {7FCD5553-1EEB-472E-8789-2D2E1B2D6BA8} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-10-25] (NVIDIA Corporation)
Task: {80E46C5A-688A-4F9C-A0C2-1C382CED8046} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-09-28] (Piriform Ltd)
Task: {8EAE97C6-93D8-4417-B5AB-22FA0B11950B} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {9C99252E-7A31-4920-ABBD-A5771A3BC907} - System32\Tasks\DivXUpdate => C:\Program Files (x86)\Common Files\DivX Shared\Qt4.8\DivXUpdate.exe [2016-09-22] (DivX, LLC)
Task: {9D3936B3-CCF5-4AE1-96B0-41301FFFB852} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-997813710-3732513820-1655796302-1001Core => C:\Users\avner\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-11] (Google Inc.)
Task: {A2434592-EB01-4E4B-9CBE-F6B4336EAF2B} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {A3FBB861-1DDF-40A0-B69D-99AE65EC768D} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-10-25] (NVIDIA Corporation)
Task: {B2006954-A7B7-44CA-86C1-ED6000AFEDF4} - System32\Tasks\{094825FA-C1C4-4DF1-8182-53D552719CFF} => pcalua.exe -a "C:\Program Files (x86)\Audible\Bin\Manager.exe" -d "C:\Program Files (x86)\Audible\BIN\"
Task: {B2D2D551-0B65-465A-9BFE-F0F350E4BA5E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-07] (Google Inc.)
Task: {B6B05070-C538-4B7E-9C29-CAC8E6D99794} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
Task: {BB8F633C-9A21-4829-8FC4-F18DCD2C7293} - System32\Tasks\GoogleUpdateTaskMachineCore1d1abb5d0a26b59 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-07] (Google Inc.)
Task: {BE27879D-20A3-4688-9701-69D2AC0227B9} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {D3D75086-47B7-4BBF-B3F2-C7DC4661E524} - System32\Tasks\Microsoft\Windows\PLA\System\{A85715F0-E547-4CF6-8D03-E4503D5574D8}_System Diagnostics => Rundll32.exe C:\WINDOWS\system32\pla.dll,PlaHost "system\System Diagnostics" "$(Arg0)"
Task: {DB571BB6-9593-4462-9092-6D61389DBFE3} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-10-25] (NVIDIA Corporation)
Task: {FFD92B29-B714-4D29-A67E-E9D3D69ADFDC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d1619d58241879.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d1abb5d0a26b59.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-997813710-3732513820-1655796302-1001Core.job => C:\Users\avner\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-997813710-3732513820-1655796302-1001Core1d1e962e697b589.job => C:\Users\avner\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-997813710-3732513820-1655796302-1001UA.job => C:\Users\avner\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-997813710-3732513820-1655796302-1001UA1d1e962e6b16963.job => C:\Users\avner\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\avner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Videostream for Google Chromecast™.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=cnciopoikihiagdjbjpnocolokfelagl
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FullHD Video Editor LoiLoScope Download.lnk -> C:\Program Files (x86)\LoiLo\LoiLoScope Download\WebShortcut.exe () -> hxxp://loilo.tv/product/20?partner_id=14
ShortcutWithArgument: C:\Users\Public\Desktop\FullHD Video Editor LoiLoScope Download.lnk -> C:\Program Files (x86)\LoiLo\LoiLoScope Download\WebShortcut.exe () -> hxxp://loilo.tv/product/20?partner_id=14

==================== Loaded Modules (Whitelisted) ==============

2016-10-27 07:37 - 2016-10-27 07:37 - 02821568 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-10-27 07:36 - 2016-10-27 07:36 - 00346112 _____ () C:\WINDOWS\System32\HrtfApo.dll
2016-10-13 05:40 - 2016-10-25 20:21 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-10-13 05:40 - 2016-10-25 20:21 - 04490808 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-13 05:40 - 2016-10-25 20:21 - 00420408 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\_nvspserviceplugin64.dll
2015-08-08 12:50 - 2013-12-12 10:32 - 01114608 _____ () C:\Program Files (x86)\Common Files\Appkeys\yytool64.exe
2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-10-05 17:17 - 2016-10-05 17:17 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-10-23 14:05 - 2016-08-26 08:37 - 01175504 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-RANSOMWARE\arwlib.dll
2016-11-03 21:40 - 2016-10-25 20:17 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-12-17 07:34 - 2015-12-17 07:34 - 01924096 _____ () C:\WINDOWS\system32\spool\DRIVERS\x64\3\LMUD1N4Z.DLL
2016-10-27 07:37 - 2016-10-27 07:37 - 02821568 _____ () c:\windows\system32\CoreUIComponents.dll
2016-10-27 07:38 - 2016-10-27 07:38 - 00145608 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2016-10-27 07:37 - 2016-10-27 07:37 - 02821568 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-10-25 20:34 - 2016-10-25 20:34 - 01864384 _____ () C:\Users\avner\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_10\amd64\ClientTelemetry.dll
2016-09-06 06:39 - 2016-10-21 06:25 - 08923840 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-10-27 07:37 - 2016-10-27 07:37 - 02821568 _____ () C:\Windows\System32\CoreUIComponents.dll
2016-10-27 07:38 - 2016-10-27 07:38 - 00157184 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-10-27 07:38 - 2016-10-27 07:38 - 00624128 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-10-27 07:40 - 2016-10-27 18:55 - 11121664 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-10-27 07:40 - 2016-10-27 18:55 - 01643008 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-10-27 07:40 - 2016-10-27 18:55 - 00858624 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-10-27 07:40 - 2016-10-27 18:55 - 01113088 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-10-27 07:40 - 2016-10-27 18:55 - 02767360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-10-27 07:40 - 2016-10-27 18:55 - 05729792 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-10-23 14:05 - 2016-04-14 17:38 - 00745984 _____ () C:\Program Files\Malwarebytes\Anti-Ransomware\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-10-27 07:37 - 2016-10-27 07:37 - 02821568 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-10-24 19:14 - 2016-10-24 19:14 - 00062168 _____ () C:\Program Files\CCleaner\branding.dll
2016-11-04 14:57 - 2016-11-04 14:57 - 00083440 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
2016-11-04 14:57 - 2016-11-04 14:57 - 00203248 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
2015-10-10 08:13 - 2016-10-25 20:21 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-10-13 05:40 - 2016-10-25 19:57 - 00506424 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-10-13 05:40 - 2016-10-25 19:57 - 00255936 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-10-13 05:40 - 2016-10-25 19:57 - 02808256 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-10-13 05:40 - 2016-10-25 20:21 - 00901688 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-10-13 05:40 - 2016-10-25 20:21 - 03776056 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-13 05:40 - 2016-10-25 19:57 - 00246840 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-10-13 05:40 - 2016-10-25 19:57 - 00436792 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-10-13 05:40 - 2016-10-25 19:57 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-10-13 05:40 - 2016-10-25 19:57 - 00968248 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2016-10-25 20:34 - 2016-10-25 20:34 - 01383616 _____ () C:\Users\avner\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_10\ClientTelemetry.dll
2016-10-25 20:40 - 2016-10-25 20:40 - 00118976 _____ () C:\Users\avner\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_10\FileSyncViews.dll
2016-10-05 17:18 - 2016-10-05 17:18 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-10-05 17:18 - 2016-10-05 17:18 - 00189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2016-09-01 17:13 - 2016-09-01 17:13 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2016-04-08 22:35 - 2016-04-08 22:35 - 03481600 _____ () C:\Users\avner\AppData\Local\Programs\Google\Google Photos Backup\gpuploader_i18n.dll
2014-09-11 15:06 - 2014-09-11 15:06 - 00878592 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\platforms\qwindows.dll
2014-09-11 15:05 - 2014-09-11 15:05 - 00036352 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\bearer\qgenericbearer.dll
2014-09-11 15:06 - 2014-09-11 15:06 - 00038912 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\bearer\qnativerwifibearer.dll
2014-09-11 15:14 - 2014-09-11 15:14 - 00032256 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qdds.dll
2014-09-11 15:05 - 2014-09-11 15:05 - 00021504 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qgif.dll
2014-09-11 15:14 - 2014-09-11 15:14 - 00027648 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qicns.dll
2014-09-11 15:05 - 2014-09-11 15:05 - 00021504 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qico.dll
2014-09-11 15:14 - 2014-09-11 15:14 - 00381952 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qjp2.dll
2014-09-11 15:05 - 2014-09-11 15:05 - 00204800 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qjpeg.dll
2014-09-11 15:14 - 2014-09-11 15:14 - 00218112 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qmng.dll
2014-09-11 15:08 - 2014-09-11 15:08 - 00015872 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qsvg.dll
2014-09-11 15:14 - 2014-09-11 15:14 - 00015360 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qtga.dll
2014-09-11 15:15 - 2014-09-11 15:15 - 00307712 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qtiff.dll
2014-09-11 15:15 - 2014-09-11 15:15 - 00014848 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qwbmp.dll
2014-09-11 15:15 - 2014-09-11 15:15 - 00252928 _____ () C:\Program Files (x86)\MyDrive Connect\Plugins\imageformats\qwebp.dll
2016-11-04 14:57 - 2016-11-04 14:57 - 01083376 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
2016-11-04 14:57 - 2016-11-04 14:57 - 00115696 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
2016-11-04 14:57 - 2016-11-04 14:57 - 00059888 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
2016-11-04 14:57 - 2016-11-04 14:57 - 00772080 _____ () C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
2016-11-04 14:57 - 2016-11-04 14:57 - 01741296 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_imgproc2411.dll
2016-11-04 14:57 - 2016-11-04 14:57 - 01962992 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_core2411.dll
2016-11-04 14:57 - 2016-11-04 14:57 - 00025584 _____ () C:\Program Files (x86)\Plex\Plex Media Server\lyric_lite.dll
2016-11-07 18:58 - 2016-11-07 18:58 - 00098816 ____R () C:\Users\avner\AppData\Local\Temp\_MEI96402\win32api.pyd
2016-11-07 18:58 - 2016-11-07 18:58 - 00110080 ____R () C:\Users\avner\AppData\Local\Temp\_MEI96402\pywintypes27.dll
2016-11-07 18:58 - 2016-11-07 18:58 - 00364544 ____R () C:\Users\avner\AppData\Local\Temp\_MEI96402\pythoncom27.dll
2016-11-07 18:58 - 2016-11-07 18:58 - 00320512 ____R () C:\Users\avner\AppData\Local\Temp\_MEI96402\win32com.shell.shell.pyd
2016-11-07 18:58 - 2016-11-07 18:58 - 00914432 ____R () C:\Users\avner\AppData\Local\Temp\_MEI96402\_hashlib.pyd
2016-11-07 18:58 - 2016-11-07 18:58 - 01176576 ____R () C:\Users\avner\AppData\Local\Temp\_MEI96402\wx._core_.pyd
2016-11-07 18:58 - 2016-11-07 18:58 - 00806400 ____R () C:\Users\avner\AppData\Local\Temp\_MEI96402\wx._gdi_.pyd
2016-11-07 18:58 - 2016-11-07 18:58 - 00816128 ____R () C:\Users\avner\AppData\Local\Temp\_MEI96402\wx._windows_.pyd
2016-11-07 18:58 - 2016-11-07 18:58 - 01067008 ____R () C:\Users\avner\AppData\Local\Temp\_MEI96402\wx._controls_.pyd
2016-11-07 18:58 - 2016-11-07 18:58 - 00733184 ____R () C:\Users\avner\AppData\Local\Temp\_MEI96402\wx._misc_.pyd
2016-11-07 18:58 - 2016-11-07 18:58 - 00682496 ____R () C:\Users\avner\AppData\Local\Temp\_MEI96402\pysqlite2._sqlite.pyd
2016-11-07 18:58 - 2016-11-07 18:58 - 00088064 ____R () C:\Users\avner\AppData\Local\Temp\_MEI96402\_ctypes.pyd
2016-11-07 18:58 - 2016-11-07 18:58 - 00686080 ____R () C:\Users\avner\AppData\Local\Temp\_MEI96402\unicodedata.pyd
2016-11-07 18:58 - 2016-11-07 18:58 - 00119808 ____R () C:\Users\avner\AppData\Local\Temp\_MEI96402\win32file.pyd
2016-11-07 18:58 - 2016-11-07 18:58 - 00108544 ____R () C:\Users\avner\AppData\Local\Temp\_MEI96402\win32security.pyd
2016-11-07 18:58 - 2016-11-07 18:58 - 00007168 ____R () C:\Users\avner\AppData\Local\Temp\_MEI96402\hashobjs_ext.pyd
2016-11-07 18:58 - 2016-11-07 18:58 - 00017920 ____R () C:\Users\avner\AppData\Local\Temp\_MEI96402\thumbnails_ext.pyd
2016-11-07 18:58 - 2016-11-07 18:58 - 00088064 ____R () C:\Users\avner\AppData\Local\Temp\_MEI96402\usb_ext.pyd
2016-11-07 18:58 - 2016-11-07 18:58 - 00012800 ____R () C:\Users\avner\AppData\Local\Temp\_MEI96402\common.time34.pyd
2016-11-07 18:58 - 2016-11-07 18:58 - 00018432 ____R () C:\Users\avner\AppData\Local\Temp\_MEI96402\win32event.pyd
2016-11-07 18:58 - 2016-11-07 18:58 - 00167936 ____R () C:\Users\avner\AppData\Local\Temp\_MEI96402\win32gui.pyd
2016-11-07 18:58 - 2016-11-07 18:58 - 00046080 ____R () C:\Users\avner\AppData\Local\Temp\_MEI96402\_socket.pyd
2016-11-07 18:58 - 2016-11-07 18:58 - 01303552 ____R () C:\Users\avner\AppData\Local\Temp\_MEI96402\_ssl.pyd
2016-11-07 18:58 - 2016-11-07 18:58 - 00128512 ____R () C:\Users\avner\AppData\Local\Temp\_MEI96402\_elementtree.pyd
2016-11-07 18:58 - 2016-11-07 18:58 - 00127488 ____R () C:\Users\avner\AppData\Local\Temp\_MEI96402\pyexpat.pyd
2016-11-07 18:58 - 2016-11-07 18:58 - 00038912 ____R () C:\Users\avner\AppData\Local\Temp\_MEI96402\win32inet.pyd
2016-11-07 18:58 - 2016-11-07 18:58 - 00036864 ____R () C:\Users\avner\AppData\Local\Temp\_MEI96402\_psutil_windows.pyd
2016-11-07 18:58 - 2016-11-07 18:58 - 00524248 ____R () C:\Users\avner\AppData\Local\Temp\_MEI96402\windows._lib_cacheinvalidation.pyd
2016-11-07 18:58 - 2016-11-07 18:58 - 00011264 ____R () C:\Users\avner\AppData\Local\Temp\_MEI96402\win32crypt.pyd
2016-11-07 18:58 - 2016-11-07 18:58 - 00123392 ____R () C:\Users\avner\AppData\Local\Temp\_MEI96402\wx._wizard.pyd
2016-11-07 18:58 - 2016-11-07 18:58 - 00077312 ____R () C:\Users\avner\AppData\Local\Temp\_MEI96402\wx._html2.pyd
2016-11-07 18:58 - 2016-11-07 18:58 - 00027648 ____R () C:\Users\avner\AppData\Local\Temp\_MEI96402\_multiprocessing.pyd
2016-11-07 18:58 - 2016-11-07 18:58 - 00020480 ____R () C:\Users\avner\AppData\Local\Temp\_MEI96402\_yappi.pyd
2016-11-07 18:58 - 2016-11-07 18:58 - 00035840 ____R () C:\Users\avner\AppData\Local\Temp\_MEI96402\win32process.pyd
2016-11-07 18:58 - 2016-11-07 18:58 - 00078848 ____R () C:\Users\avner\AppData\Local\Temp\_MEI96402\wx._animate.pyd
2016-11-07 18:58 - 2016-11-07 18:58 - 00024064 ____R () C:\Users\avner\AppData\Local\Temp\_MEI96402\win32pipe.pyd
2016-11-07 18:58 - 2016-11-07 18:58 - 00010240 ____R () C:\Users\avner\AppData\Local\Temp\_MEI96402\select.pyd
2016-11-07 18:58 - 2016-11-07 18:58 - 00025600 ____R () C:\Users\avner\AppData\Local\Temp\_MEI96402\win32pdh.pyd
2016-11-07 18:58 - 2016-11-07 18:58 - 00017408 ____R () C:\Users\avner\AppData\Local\Temp\_MEI96402\win32profile.pyd
2016-11-07 18:58 - 2016-11-07 18:58 - 00022528 ____R () C:\Users\avner\AppData\Local\Temp\_MEI96402\win32ts.pyd
2016-04-08 18:21 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-04-08 18:21 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-04-08 18:21 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-11-04 14:57 - 2016-11-04 14:57 - 00050160 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
2016-11-04 14:57 - 2016-11-04 14:57 - 00032240 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
2016-11-04 14:57 - 2016-11-04 14:57 - 00022000 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
2016-11-04 14:57 - 2016-11-04 14:57 - 00041456 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
2016-11-04 14:57 - 2016-11-04 14:57 - 00930288 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
2016-11-04 14:57 - 2016-11-04 14:57 - 00190960 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
2016-11-04 14:57 - 2016-11-04 14:57 - 00074736 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
2016-11-04 14:57 - 2016-11-04 14:57 - 00218096 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
2016-11-04 14:57 - 2016-11-04 14:57 - 00018928 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
2016-11-04 14:57 - 2016-11-04 14:57 - 00095216 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
2016-11-04 14:57 - 2016-11-04 14:57 - 00143344 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
2016-11-04 14:57 - 2016-11-04 14:57 - 00694256 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\avner\Documents\Badgers Images - Maureen - Hi-Res JPEG.zip:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\avner\Documents\Getting Started.pdf:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\avner\Documents\monthly bills.xlsx:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\avner\Documents\plugin.video.droidboxwizard.zip:com.dropbox.attributes [168]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-997813710-3732513820-1655796302-1001\...\amazon.co.uk -> hxxps://amazon.co.uk
IE restricted site: HKU\S-1-5-21-997813710-3732513820-1655796302-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-997813710-3732513820-1655796302-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-997813710-3732513820-1655796302-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-997813710-3732513820-1655796302-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-997813710-3732513820-1655796302-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-997813710-3732513820-1655796302-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-997813710-3732513820-1655796302-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-997813710-3732513820-1655796302-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-997813710-3732513820-1655796302-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-997813710-3732513820-1655796302-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-997813710-3732513820-1655796302-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-997813710-3732513820-1655796302-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-997813710-3732513820-1655796302-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-997813710-3732513820-1655796302-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-997813710-3732513820-1655796302-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-997813710-3732513820-1655796302-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-997813710-3732513820-1655796302-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-997813710-3732513820-1655796302-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-997813710-3732513820-1655796302-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-997813710-3732513820-1655796302-1001\...\123simsen.com -> www.123simsen.com

There are 7898 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-08-07 20:02 - 2016-05-05 22:31 - 00452402 ___RA C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com

There are 15522 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-997813710-3732513820-1655796302-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\avner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "doubleTwist"
HKU\S-1-5-21-997813710-3732513820-1655796302-1001\...\StartupApproved\StartupFolder: => "NAS Scheduler.lnk"
HKU\S-1-5-21-997813710-3732513820-1655796302-1001\...\StartupApproved\StartupFolder: => "BUFFALO NAS Navigator2.lnk"
HKU\S-1-5-21-997813710-3732513820-1655796302-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_3EC916FF6E54D03168B219937167F3CC"
HKU\S-1-5-21-997813710-3732513820-1655796302-1001\...\StartupApproved\Run: => "BF70A8F512A0992E29A6DBF2AEAE761D5A8BE133._service_run"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [holoshellapp-In-TCP] => (Allow) %systemroot%\holoshell\holoshellapp.exe
FirewallRules: [holoshellapp-Out-TCP] => (Allow) %systemroot%\holoshell\holoshellapp.exe
FirewallRules: [compositor-In-TCP] => (Allow) LPort=48862
FirewallRules: [compositor-Out-TCP] => (Allow) LPort=48862
FirewallRules: [{D72B288D-FA5B-433A-984E-CDCBF3636E6D}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [UDP Query User{C7D70221-1A98-466E-8CFF-90C644D43C5C}C:\program files (x86)\western digital\wd discovery\wddiscovery.exe] => (Allow) C:\program files (x86)\western digital\wd discovery\wddiscovery.exe
FirewallRules: [TCP Query User{9264CC2C-7193-410C-8BB2-3C88AF947307}C:\program files (x86)\western digital\wd discovery\wddiscovery.exe] => (Allow) C:\program files (x86)\western digital\wd discovery\wddiscovery.exe
FirewallRules: [{DAD6955E-3BE2-413F-9BBE-D098A57ECE7C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{842BF50B-420B-4F28-835C-E8595AFDD5C4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{E771C372-4C61-467D-B03E-DDE0FBF86FB2}] => (Allow) C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe
FirewallRules: [{2B5023B0-4863-412F-ADBC-8D40B47AFFFF}] => (Allow) C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe
FirewallRules: [{E8225454-7C43-47C9-ABD3-AF09738F3824}] => (Allow) C:\Program Files (x86)\BUFFALO\NASNAVI\NasNavi.exe
FirewallRules: [{3D7CCABA-D0B2-41B2-A726-422CBB16C68D}] => (Allow) C:\Users\avner\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1E8A49CF-F757-4662-8602-EF48E554BE7D}] => (Allow) C:\Users\avner\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F378FF1F-6573-4ABD-AD98-000CD24A3833}] => (Allow) C:\Users\avner\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5BB1158C-5E54-4755-97BF-1A7845752BFE}] => (Allow) C:\Users\avner\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F5586A31-CDBB-4BD4-AE73-BBE591089619}] => (Allow) C:\Users\avner\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C6F65A8D-7938-465E-A07D-69012CFC970D}] => (Allow) C:\Users\avner\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{ACA4752D-93C7-4B04-9A08-F9CD6077D3F3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0DC9E9DE-04F1-4B82-B5D8-8CB581A7324B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5DBA0AD0-AB2D-44ED-A318-04942E193E02}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{40051D3C-95F5-4F04-9C1F-1198D1D73F6A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C19B9EB8-FD13-41D9-AC6C-A55E5BC1A102}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{27CAA0D9-0FEC-43FB-A61A-81BB631D35FE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{21CE05F0-FE94-48D6-A800-CD1C322D3AE1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4F6DF717-E4CD-4C33-A557-1144283F2245}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C1685701-57D8-4528-806E-DC71E2B03245}] => (Allow) LPort=5556
FirewallRules: [{B351D4BB-52D2-41D9-AECB-993B107BAEC3}] => (Allow) LPort=5558
FirewallRules: [{FDD6A14E-E9AD-40E8-80B0-121B1EF51A7D}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [TCP Query User{86F88D22-9F36-43A0-874D-4C6D2085BA0E}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{177D947A-78E8-45DB-A68D-85BE6D00A0A6}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [{7D594381-7EF7-49B8-997A-1EC4CA235F0B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{725A8261-B6A4-4E6A-ADC7-265ADDDC32A5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{19F5404F-2B5A-4DAE-A687-9D7B12101FC2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8CA08D6D-24C3-4AD1-8744-251F565C9079}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7164A64E-D6FF-4103-BF82-843AB3079C8F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{64C0CB1A-4577-4F6F-B064-09B469CAEB19}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{F2F144D7-465F-483F-98D0-6AF2338D1FC5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A77380F1-9517-4954-A186-0DC1CBB8A368}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D4395CE6-28EF-46DD-9650-1D4B71AF2FEB}] => (Allow) C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\DeviceSetup.exe
FirewallRules: [{4593C220-ABD9-4F62-A65A-C2357F5FA18F}] => (Allow) C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{AFB51616-8815-4BA6-A9DA-0CE65E04C32F}] => (Allow) C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{E5884F9F-F5BE-46DA-BF5E-E071215855D8}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [{590D17CA-C681-4035-82E2-20CD12E2F485}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{BF67EAB8-1E67-4ED6-A778-96AAF4FDDFF6}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe
FirewallRules: [{B4E53640-D1F6-466C-9791-164842F60F43}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

04-11-2016 16:48:32 Removed Sound Blaster Z-Series.
07-11-2016 18:49:15 BSOD pre repair

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/07/2016 07:08:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program MicrosoftEdgeCP.exe version 11.0.14959.1000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 3900

Start Time: 01d23929a2b1176e

Termination Time: 16

Application Path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

Report Id: 3b77d86e-f0c8-460a-9604-0a4918ed5a50

Faulting package full name: Microsoft.MicrosoftEdge_39.14959.1000.0_neutral__8wekyb3d8bbwe

Faulting package-relative application ID: MicrosoftEdge

Error: (11/07/2016 07:08:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AcroRd32.exe version 15.20.20042.8920 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 4020

Start Time: 01d2392a320706b1

Termination Time: 44

Application Path: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

Report Id: 7c07190f-6fcb-4631-af2f-c5a1d999bef8

Faulting package full name:

Faulting package-relative application ID:

Error: (11/07/2016 07:03:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program MicrosoftEdgeCP.exe version 11.0.14959.1000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 3e9c

Start Time: 01d239297240b130

Termination Time: 22

Application Path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

Report Id: 47b27606-7fea-43fc-a3e7-8432e2a7b192

Faulting package full name: Microsoft.MicrosoftEdge_39.14959.1000.0_neutral__8wekyb3d8bbwe

Faulting package-relative application ID: MicrosoftEdge

Error: (11/07/2016 06:18:23 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {2CD39202-3A2F-4935-9A86-65B919919A7F} was rejected

Error: (11/07/2016 02:45:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: esetonlinescanner_enu (2).exe, version: 2.0.12.0, time stamp: 0x57ac3e59
Faulting module name: esetonlinescanner_enu (2).exe, version: 2.0.12.0, time stamp: 0x57ac3e59
Exception code: 0xc0000005
Fault offset: 0x000361d1
Faulting process ID: 0x634
Faulting application start time: 0x01d2386f25cbdc4f
Faulting application path: C:\Users\avner\Downloads\esetonlinescanner_enu (2).exe
Faulting module path: C:\Users\avner\Downloads\esetonlinescanner_enu (2).exe
Report ID: 5410053f-d5ea-40fa-959d-e2aa07930e5a
Faulting package full name:
Faulting package-relative application ID:

Error: (11/06/2016 08:48:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.14959.1000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: fe4

Start Time: 01d2386eecdfde1e

Termination Time: 10

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id: 470e7a0a-0b48-454e-98e4-db101c9eb23c

Faulting package full name:

Faulting package-relative application ID:

Error: (11/06/2016 08:46:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbae-svc.exe, version: 1.9.1.1235, time stamp: 0x581349da
Faulting module name: ntdll.dll, version: 10.0.14959.1000, time stamp: 0x58116bf1
Exception code: 0xc000070a
Fault offset: 0x000ec410
Faulting process ID: 0x41b0
Faulting application start time: 0x01d2386e9cb194b9
Faulting application path: C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report ID: 54853777-36f3-42f8-9bc8-1193ae51ab63
Faulting package full name:
Faulting package-relative application ID:

Error: (11/06/2016 08:45:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbae.exe, version: 1.9.1.1235, time stamp: 0x581349d7
Faulting module name: textinputframework.dll, version: 10.0.14959.1000, time stamp: 0x58116c43
Exception code: 0xc0000005
Fault offset: 0x00033c83
Faulting process ID: 0x2260
Faulting application start time: 0x01d23856cc5e887b
Faulting application path: C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
Faulting module path: C:\WINDOWS\SYSTEM32\textinputframework.dll
Report ID: da3f867e-3fe9-442f-8871-59329499f3cd
Faulting package full name:
Faulting package-relative application ID:

Error: (11/06/2016 08:42:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbae-svc.exe, version: 1.9.1.1235, time stamp: 0x581349da
Faulting module name: RPCRT4.dll, version: 10.0.14959.1000, time stamp: 0x58116e15
Exception code: 0xc0020043
Fault offset: 0x00040ec2
Faulting process ID: 0xc78
Faulting application start time: 0x01d23856356d00e5
Faulting application path: C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
Faulting module path: C:\WINDOWS\System32\RPCRT4.dll
Report ID: 07039619-ae4e-4638-a064-1069ce65aa95
Faulting package full name:
Faulting package-relative application ID:

Error: (11/06/2016 08:42:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MB3Service.exe, version: 3.0.0.571, time stamp: 0x57bcde7b
Faulting module name: MB3Service.exe, version: 3.0.0.571, time stamp: 0x57bcde7b
Exception code: 0xc0000409
Fault offset: 0x00000000001670b0
Faulting process ID: 0xc70
Faulting application start time: 0x01d23856356cf8c5
Faulting application path: C:\Program Files\Malwarebytes\Anti-Ransomware\MB3Service.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Ransomware\MB3Service.exe
Report ID: 3a0feaa8-e166-4d7a-8355-591fc073683c
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (11/07/2016 06:57:11 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/07/2016 06:56:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SDScannerService service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (11/07/2016 06:56:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SDScannerService service to connect.

Error: (11/07/2016 06:54:32 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-03BVFFK)
Description: The server {0002DF02-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.

Error: (11/07/2016 05:50:06 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/07/2016 05:40:21 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-03BVFFK)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{3185A766-B338-11E4-A71E-12E3F512A338}
and APPID
{7006698D-2974-4091-A424-85DD0B909E23}
to the user DESKTOP-03BVFFK\avner SID (S-1-5-21-997813710-3732513820-1655796302-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.8.2.14959_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (11/07/2016 07:44:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SDScannerService service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (11/07/2016 07:44:20 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SDScannerService service to connect.

Error: (11/07/2016 07:43:36 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xffff800299429000, 0x0000000000000000, 0xfffff80b744bce90, 0x0000000000000000). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: aa1a1d30-121f-4325-9b5e-dfe3c69af4ee.

Error: (11/07/2016 07:43:36 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 07:31:32 on ‎07/‎11/‎2016 was unexpected.


CodeIntegrity:
===================================
Date: 2016-11-07 19:15:25.575
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-07 19:15:25.563
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-07 19:07:05.852
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-07 19:07:05.823
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-07 19:05:45.288
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-07 19:05:45.261
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-07 19:04:50.330
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-07 19:04:50.300
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-07 19:03:29.191
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2016-11-07 19:00:28.195
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i7-2600 CPU @ 3.40GHz
Percentage of memory in use: 32%
Total physical RAM: 16365.21 MB
Available physical RAM: 11016.43 MB
Total Virtual: 18797.21 MB
Available Virtual: 12477.13 MB

==================== Drives ================================

Drive c: (WIN7) (Fixed) (Total:551.03 GB) (Free:214.06 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (New Volume) (Fixed) (Total:1397.26 GB) (Free:334.44 GB) NTFS
Drive e: (SEAGATE) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
Drive f: (DATA) (Fixed) (Total:827.21 GB) (Free:474.44 GB) NTFS
Drive k: (SB_INSTALL) (CDROM) (Total:0.27 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 57C689B5)
Partition 1: (Not Active) - (Size=18.6 GB) - (Type=1B)
Partition 2: (Active) - (Size=551 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Partition 4: (Not Active) - (Size=827.2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 5E579276)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 11 November 2016 - 10:16 AM.
Posted modified logs


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,472 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:25 PM

Posted 10 November 2016 - 10:43 PM

Greetings Seanosborne66 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me just a bit of time to review what you have posted. While I am doing that please run this.

===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • System Summary report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#3 Seanosborne66

Seanosborne66
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:25 PM

Posted 11 November 2016 - 02:30 AM

Hi Gary

 

Thanks for your help

 

You can call me Sean if you like, I don't Mind.

 

I have attached the Summary file you requested

 

Attached Files



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,472 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:25 PM

Posted 11 November 2016 - 11:25 AM

Hi Sean and thank you for your patience.

There are a number of odd entries in your reports and I want to make sure we can successfully set a System Restore Point before removing an items. I also want to check some files.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CreateRestorePoint:
CloseProcesses:
File: C:\WINDOWS\System32\SshProxy.dll
File: C:\WINDOWS\System32\icsvc.dll
File: C:\WINDOWS\system32\SEMgrSvc.dll
File: C:\WINDOWS\System32\IpxlatCfg.dll
File: C:\WINDOWS\System32\dusmsvc.dll
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog

Edited by Oh My!, 11 November 2016 - 11:38 AM.
Modified instructions

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#5 Seanosborne66

Seanosborne66
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:25 PM

Posted 11 November 2016 - 12:46 PM

Hi Gary

Here is the log

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 04-11-2016
Ran by avner (11-11-2016 17:36:59) Run:1
Running from C:\Users\avner\Downloads
Loaded Profiles: avner (Available Profiles: avner)
Boot Mode: Normal
==============================================
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
File: C:\WINDOWS\System32\SshProxy.dll
File: C:\WINDOWS\System32\icsvc.dll
File: C:\WINDOWS\system32\SEMgrSvc.dll
File: C:\WINDOWS\System32\IpxlatCfg.dll
File: C:\WINDOWS\System32\dusmsvc.dll
*****************
Restore point was successfully created.
Processes closed successfully.
========================= File: C:\WINDOWS\System32\SshProxy.dll ========================
File is digitally signed
MD5: DABEAAAAA777CB72ACD50EEC26A1EBF0
Creation and modification date: 2016-11-06 18:26 - 2016-10-26 20:08
Size: 0298496
Attributes: ----A
Company Name: Microsoft Corporation
Internal Name: SshProxy.dll
Original Name: SshProxy.dll
Product: Microsoft® Windows® Operating System
Description: SSH Server Proxy
File Version: 10.0.14959.1000 (rs_prerelease.161026-1700)
Product Version: 10.0.14959.1000
Copyright: © Microsoft Corporation. All rights reserved.
====== End of File: ======

========================= File: C:\WINDOWS\System32\icsvc.dll ========================
File is digitally signed
MD5: CF0CA32A8991F9D714B6809739DB0D9E
Creation and modification date: 2016-10-27 07:40 - 2016-10-27 07:40
Size: 0318464
Attributes: ----A
Company Name: Microsoft Corporation
Internal Name: icsvc.dll
Original Name: icsvc.dll
Product: Microsoft® Windows® Operating System
Description: Virtual Machine Integration Component Service
File Version: 10.0.14959.1000 (rs_prerelease.161026-1700)
Product Version: 10.0.14959.1000
Copyright: © Microsoft Corporation. All rights reserved.
====== End of File: ======

========================= File: C:\WINDOWS\system32\SEMgrSvc.dll ========================
File is digitally signed
MD5: CF5C8EDBB94DEF94CF5B650DFBC0ACE0
Creation and modification date: 2016-10-27 07:38 - 2016-10-27 07:38
Size: 1161728
Attributes: ----A
Company Name: Microsoft Corporation
Internal Name: SEMgrSvc.dll
Original Name: SEMgrSvc.dll
Product: Microsoft® Windows® Operating System
Description: NFC SEManagement Service DLL
File Version: 10.0.14959.1000 (rs_prerelease.161026-1700)
Product Version: 10.0.14959.1000
Copyright: © Microsoft Corporation. All rights reserved.
====== End of File: ======

========================= File: C:\WINDOWS\System32\IpxlatCfg.dll ========================
File is digitally signed
MD5: 0697385EDC4BF5D4B831444B0A4EE601
Creation and modification date: 2016-10-27 07:37 - 2016-10-27 07:37
Size: 0067584
Attributes: ----A
Company Name: Microsoft Corporation
Internal Name: IPxlatCfg.dll
Original Name: IPxlatCfg.dll
Product: Microsoft® Windows® Operating System
Description: IP Translation Configuration Service
File Version: 10.0.14959.1000 (rs_prerelease.161026-1700)
Product Version: 10.0.14959.1000
Copyright: © Microsoft Corporation. All rights reserved.
====== End of File: ======

========================= File: C:\WINDOWS\System32\dusmsvc.dll ========================
File is digitally signed
MD5: A55DAFFC3B5A15C57FEEB9B5F7684D5C
Creation and modification date: 2016-10-27 07:38 - 2016-10-27 07:38
Size: 0268288
Attributes: ----A
Company Name: Microsoft Corporation
Internal Name: dusmsvc.dll
Original Name: dusmsvc.dll
Product: Microsoft® Windows® Operating System
Description: DUSM Service
File Version: 10.0.14959.1000 (rs_prerelease.161026-1700)
Product Version: 10.0.14959.1000
Copyright: © Microsoft Corporation. All rights reserved.
====== End of File: ======
 
The system needed a reboot.
==== End of Fixlog 17:37:13 ====


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,472 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:25 PM

Posted 11 November 2016 - 01:57 PM

Thank you.

Can you review the information pertaining to the 5 files above and tell me if any/all make sense to you?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#7 Seanosborne66

Seanosborne66
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:25 PM

Posted 11 November 2016 - 04:37 PM

they mean nothing to me are they windows 10 files?



#8 Seanosborne66

Seanosborne66
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:25 PM

Posted 11 November 2016 - 05:11 PM

they refer to the version of windoes 10 insider preveiew I am running

 

File Version: 10.0.14959.1000 (rs_prerelease.161026-1700)
Product Version: 10.0.14959.1000



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,472 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:25 PM

Posted 11 November 2016 - 08:43 PM

Thanks for the information.

Please consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have Peer 2 Peer (torrent) program(s) installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Peer 2 Peer programs, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about CryptoLocker Ransomware, a type of Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Rkill

-------------------
  • Please download Rkill by Grinler from one of the 3 links below (if one of them does not work try another...) and save it to your desktop:

rkill.scr
rkill.com
rkill.exe

  • In order for Rkill to run properly you must disable your anti-malware software. Please refer to this page if you are not sure how.
  • Double-click on Rkill. (If you are using Windows Vista or above, please right-click on it and select Run As Administrator)
  • Note: You may have to run Rkill a few times before it is successful. As a reminder, you may also have to download Rkill from a different link which will save it as a different file name.
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • An Rkill.log will appear. Please copy and paste the contents in your reply (file also located at c:\rkill.log)
  • Do not reboot your computer after running Rkill as the malware programs will start again. If your computer reboots, run Rkill again before continuing on to the next step.
  • If nothing happens or if the tool does not run, please let me know in your next reply.
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-997813710-3732513820-1655796302-1001\...\MountPoints2: {96d19992-3d83-11e5-acd2-806e6f6e6963} - "K:\Audio\setup.exe"
GroupPolicy: Restriction <======= ATTENTION
Task: {589375FE-E581-4B54-ADAC-EF672E60AF65} - \Microsoft\XblGameSave\XblGameSaveTask\Logon
Task: {641DAB42-D500-47AF-90E4-60EE5D96D667} - \OfficeSoftwareProtectionPlatform\SvcRestartTask
zip: C:\WINDOWS\Minidump
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create logs in the same location as FRST.exe called Fixlog.txt and upload.txt
  • Please copy and paste the contents of the Fixlog.txt file in your reply.
  • Attach the upload.txt file to your reply
===================================================

RogueKiller

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • Right click on the setup.exe icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • Click OK on English
  • Select Install 32 and 64 bits versions (Recommended for Technicians), then click Next 2 times
  • Click Install
  • Click Finish
  • Click Start Scan twice
  • When completed click Open Report
  • Click Export Text and save the file on your Desktop as RK.txt
  • Close all open RogueKiller windows
  • Copy and paste the contents of the report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • RKill log
  • Fixlog
  • Attached Upload.txt file
  • RogueKiller log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#10 Seanosborne66

Seanosborne66
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:25 PM

Posted 12 November 2016 - 07:10 AM

Hi Bud

 It didn't produce and upload.txt file it did a minidump.zip file so I added that

 

RKill

 

 

Rkill 2.8.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 11/12/2016 10:21:25 AM in x64 mode.
Windows Version: Windows 10 Pro Insider Preview
Checking for Windows services to stop:
 * No malware services found to stop.
Checking for processes to terminate:
 * No malware processes found to kill.
Checking Registry for malware related settings:
 * No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
 * No issues found.
Checking Windows Service Integrity:
 * agp440 [Missing Service]
 * gagp30kx [Missing Service]
 * IEEtwCollectorService [Missing Service]
 * IoQos [Missing Service]
 * nv_agp [Missing Service]
 * TimeBroker [Missing Service]
 * uagp35 [Missing Service]
 * uliagpkx [Missing Service]
 * WcsPlugInService [Missing Service]
 * wpcfltr [Missing Service]
 * WSService [Missing Service]
 * AJRouter => %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted [Incorrect ImagePath]
 * WpnService => %systemroot%\system32\svchost.exe -k netsvcs [Incorrect ImagePath]
 * vmicrdv => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]
 * vmicvss => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]
Searching for Missing Digital Signatures:
 * No issues found.
Checking HOSTS File:
 * Cannot edit the HOSTS file.
 * Permissions Fixed. Administrators can now edit the HOSTS file.
 * HOSTS file entries found:
  127.0.0.1 www.007guard.com
  127.0.0.1 007guard.com
  127.0.0.1 008i.com
  127.0.0.1 www.008k.com
  127.0.0.1 008k.com
  127.0.0.1 www.00hq.com
  127.0.0.1 00hq.com
  127.0.0.1 010402.com
  127.0.0.1 www.032439.com
  127.0.0.1 032439.com
  127.0.0.1 www.0scan.com
  127.0.0.1 0scan.com
  127.0.0.1 1000gratisproben.com
  127.0.0.1 www.1000gratisproben.com
  127.0.0.1 1001namen.com
  127.0.0.1 www.1001namen.com
  127.0.0.1 100888290cs.com
  127.0.0.1 www.100888290cs.com
  127.0.0.1 www.100sexlinks.com
  127.0.0.1 100sexlinks.com
  20 out of 15553 HOSTS entries shown.
  Please review HOSTS file for further entries.
Program finished at: 11/12/2016 10:26:39 AM
Execution time: 0 hours(s), 5 minute(s), and 14 seconds(s)

 

 

Fixlog:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 04-11-2016
Ran by avner (12-11-2016 10:16:42) Run:3
Running from C:\Users\avner\Desktop
Loaded Profiles: avner (Available Profiles: avner)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-997813710-3732513820-1655796302-1001\...\MountPoints2: {96d19992-3d83-11e5-acd2-806e6f6e6963} - "K:\Audio\setup.exe"
GroupPolicy: Restriction <======= ATTENTION
Task: {589375FE-E581-4B54-ADAC-EF672E60AF65} - \Microsoft\XblGameSave\XblGameSaveTask\Logon
Task: {641DAB42-D500-47AF-90E4-60EE5D96D667} - \OfficeSoftwareProtectionPlatform\SvcRestartTask
zip: C:\WINDOWS\Minidump
*****************
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon => key not found.
"HKU\S-1-5-21-997813710-3732513820-1655796302-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{96d19992-3d83-11e5-acd2-806e6f6e6963}" => key removed successfully
HKCR\CLSID\{96d19992-3d83-11e5-acd2-806e6f6e6963} => key not found.
"C:\WINDOWS\system32\GroupPolicy\Machine" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{589375FE-E581-4B54-ADAC-EF672E60AF65} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{641DAB42-D500-47AF-90E4-60EE5D96D667} => key not found.
================== Zip: ===================
C:\WINDOWS\Minidump -> copied successfully to C:\Users\avner\Desktop\12.11.2016_10.16.43.zip
=========== Zip: End ===========
==== End of Fixlog 10:16:45 ====
 
 
Rogue killer log
 
RogueKiller V12.8.0.0 (x64) [Nov  7 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 10 (10.0.14959) 64 bits version
Started in : Normal mode
User : avner [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 11/12/2016 10:34:20 (Duration : 01:28:51)
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 1 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{a8996f2d-ce25-4b6b-80ab-1b09f8265b97} | DhcpNameServer : 172.20.10.1 ([])  -> Found
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ WMI : 0 ¤¤¤
¤¤¤ Hosts File : 0 [Too big!] ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD15EARX-00ZUDB0 ATA Device +++++
--- User ---
[MBR] 4037ac00b01d053de6ef759284ac1c07
[BSP] 4f4747209cd637d374a968ad621a6b3e : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0x1b) [HIDDEN!] Offset (sectors): 2048 | Size: 19024 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 38963200 | Size: 564258 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 1194563584 | Size: 450 MB
3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1195485184 | Size: 847064 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: WDC WD15EARX-00ZUDB0 ATA Device +++++
--- User ---
[MBR] 5c6d23c924370e5c7c9118f4ae16ea84
[BSP] 51a07e84f6702023d7f6e835662fead4 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1430797 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive2: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
+++++ PhysicalDrive3: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
+++++ PhysicalDrive4: Generic- SM/xD Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
+++++ PhysicalDrive5: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported.
 
regards and thanks
 
Sean
 

 

 

 

 

Attached Files



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,472 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:25 PM

Posted 12 November 2016 - 07:29 PM

Hi Sean,

How is your computer running?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#12 Seanosborne66

Seanosborne66
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:25 PM

Posted 13 November 2016 - 10:44 AM

it appears slow and unresponsive at times and not everything loads before timing out - malawarebytes anti exploit etc.

 

Should I use the Remove Selected button from Rougue Killer?

 

Sean



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,472 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:25 PM

Posted 13 November 2016 - 02:21 PM

Hi Sean.

If you are not part of an internal network then you can delete this entry in RogueKiller:

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{a8996f2d-ce25-4b6b-80ab-1b09f8265b97} | DhcpNameServer : 172.20.10.1 ([]) -> Found

-----

Please boot into Safe Mode with Networking and test your computer performance.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • RogueKiller log, if applicable
  • Safe Mode with Networking?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#14 Seanosborne66

Seanosborne66
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:25 PM

Posted 14 November 2016 - 12:55 PM

This bits causing me issues.

MS Edge wont open with this type of account?

 

I honestly don't know how to test my computer performance in safe mode.

 

I can run rogue killer but get an rkill.log is that correct?

 

Also booting in normal mode Malwarebytes anti-exploit times out and asks me to restart

Attached File  Rkill141116.txt   5.17KB   1 downloadsAttached File  Rkill141116.txt   5.17KB   1 downloads



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,472 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:25 PM

Posted 14 November 2016 - 01:49 PM

Greetings,

Yes you can run RogueKiller. Here is how you can boot into Safe Mode with Networking.

===================================================

Booting Into Safe Mode With Networking

--------------------
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msconfig and press Enter
  • Select the Boot tab
  • Under Boot Options Select /Safe boot
  • Below that select Network
  • Click Apply then OK
  • Click Restart
  • Monitor your computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users