Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Filefinder was installed and playbar.biz search bar in Chrome


  • This topic is locked This topic is locked
17 replies to this topic

#1 dachsung

dachsung

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:03 AM

Posted 21 November 2016 - 06:46 PM

Hello everyone.

 

First off, thank you for all your hard work helping people out.

 

A friend of mine for one way or another installed a program filefinder and now my computer has been acting up.

 

I did managed to remove it from the control panel and tried to remove it from wherever I can find it.

 

Just over the weekend my ebay account was hacked and I noticed a search bar on top of my Chrome window just under the address bar.

 

It looked somewhat normal so I didn't think much of it but every time I click on the google search bar in the middle of the main page of google dot com it switches focus to the textbox of the new search bar.

 

I did do a search and it links to playbar.biz and redirects to a bing search page.

 

I ran all sorts of programs including adwcleaner and malwarebytes to hitmanpro and anything else I can find. I had mcafee installed and ran with no results and now I have tried with avast and the problem persists.

 

I tried everything but unable to resolve this issue and was wondering if anyone here could help out.

 

Thank you in advance.

Attached Files


Edited by dachsung, 21 November 2016 - 10:32 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,701 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:03 AM

Posted 26 November 2016 - 06:50 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/632774 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 dachsung

dachsung
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:03 AM

Posted 26 November 2016 - 07:15 PM

Hello everyone.

Thank you for taking the time to help me with the issues I am having.

I am running a Windows 10 Pro 64 bit system.

The problem I am having is "filefinder" software has been installed recently and am having the following issue.

Since, the installation was discovered, I have removed all instance of that software that I can find in control panel and searching registry and whatever residual files in hidden folders I can find.

Everything seems to be fine but the only thing I can notice now is that when I open up chrome, it does open up normally as it should, but once the window is fully open I see an hourglass for about 5 secs and then a search bar is added to Chrome. I am now running firefox just because of this fact.

I have tried removing and reinstalling and the problem persists.

I have even tried to restore my system to a point prior to the installation of the software but it is the same.

Chrome opens up, an hourglass for a few seconds then a search bar on top of the Chrome window just under the address bar populates. When I click on the search text box in the middle of the Google start page, my mouse focus is pointed back towards the textbox of the search bar that was added on startup.

When I did a search on the search bar to test, it directs to "playbar.biz/..." then a new tab opens in a bing search results page.

This has been driving me wild the last week and not sure if it was related but several other accounts have been hacked. I haven't had this experience in a long time.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-11-2016
Ran by Dachsung (administrator) on DOXTAB (26-11-2016 19:05:15)
Running from C:\Users\Dachsung\Downloads
Loaded Profiles: Dachsung (Available Profiles: Dachsung)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\k118615.inf_amd64_15e6d7105257ed71\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\k118615.inf_amd64_15e6d7105257ed71\IntelCpHDCPSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\k118615.inf_amd64_15e6d7105257ed71\IntelCpHeciSvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\k118615.inf_amd64_15e6d7105257ed71\igfxEM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\SETC396.tmp
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Waves Audio Ltd.) C:\Config.Msi\8661539.rbf
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OFFICE15\CSISYNCCLIENT.EXE
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
(Dell Inc.) C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe
(Dell) C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Dell) C:\Program Files\Dell\Dell Product Registration\PRSvc.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\WINWORD.EXE
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\EXCEL.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Adobe Systems) C:\Program Files\Adobe\Adobe Lightroom\lightroom.exe
() C:\Program Files\Adobe\Adobe Lightroom\Adobe Lightroom CEF Helper.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssist\uaclauncher.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Farbar) C:\Users\Dachsung\Downloads\FRST64(1).exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8925184 2016-11-23] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3893296 2016-05-17] (Dell Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [320568 2016-06-14] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-10-28] (Apple Inc.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-25] (Logitech, Inc.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-11-02] (Microsoft Corporation)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [935344 2016-10-05] (Waves Audio Ltd.)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-21] (AVAST Software)
HKLM\...\RunOnce: [DEL_ST_CPL] => CMD /C del "C:\Program Files\Realtek\Audio\HDA\ST_CPL.XML" /F
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1908341225-1132082261-611098665-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819048 2016-11-11] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-11] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-11] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-11] (Google)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-11-21] (AVAST Software)
Startup: C:\Users\Dachsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2016-11-22]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{77e59a6a-fba9-425e-8f9c-81bf05c104ee}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7e915a7f-5a8f-4cad-a5cb-427748aa97f1}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1908341225-1132082261-611098665-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1908341225-1132082261-611098665-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-10-11] (Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2016-10-31] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-10-11] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-08-16] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: rn0ami6d.default
FF ProfilePath: C:\Users\Dachsung\AppData\Roaming\Mozilla\Firefox\Profiles\rn0ami6d.default [2016-11-26]
FF Extension: (Adblock Plus) - C:\Users\Dachsung\AppData\Roaming\Mozilla\Firefox\Profiles\rn0ami6d.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-11-21]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-11-21]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2016-11-04] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-09-19] (Adobe Systems)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-09-19] (Adobe Systems)

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Dachsung\AppData\Local\Google\Chrome\User Data\Default [2016-11-22]
CHR Extension: (Google Slides) - C:\Users\Dachsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-21]
CHR Extension: (Google Docs) - C:\Users\Dachsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-21]
CHR Extension: (Google Sheets) - C:\Users\Dachsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-21]
CHR Extension: (Google Docs Offline) - C:\Users\Dachsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-21]
CHR Extension: (AdBlock) - C:\Users\Dachsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-11-21]
CHR Extension: (Avast Online Security) - C:\Users\Dachsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-11-21]
CHR Extension: (Google Play Music) - C:\Users\Dachsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2016-11-21]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Dachsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-09-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Dachsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-29]
CHR Extension: (Gmail) - C:\Users\Dachsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-29]
CHR Extension: (Chrome Media Router) - C:\Users\Dachsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-31]
CHR HKU\S-1-5-21-1908341225-1132082261-611098665-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Dachsung\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2016-11-21]
CHR HKU\S-1-5-21-1908341225-1132082261-611098665-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-11-21] (AVAST Software)
R3 cphs; C:\WINDOWS\System32\DriverStore\FileRepository\k118615.inf_amd64_15e6d7105257ed71\IntelCpHeciSvc.exe [310240 2016-11-17] (Intel Corporation)
R2 cplspcon; C:\WINDOWS\System32\DriverStore\FileRepository\k118615.inf_amd64_15e6d7105257ed71\IntelCpHDCPSvc.exe [488928 2016-11-17] (Intel Corporation)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [38000 2016-10-10] (Dropbox, Inc.)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [132472 2016-09-09] (Dell Inc.)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [153960 2016-04-29] (Dell)
R2 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [78672 2016-09-13] (Dell Inc.)
R2 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe [117792 2016-09-23] (Dell)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-06-23] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-06-23] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [229376 2016-05-02] (Dell Inc.)
R2 esifsvc; C:\WINDOWS\System32\Intel\DPTF\esif_uf.exe [1585784 2016-06-03] (Intel Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [17976 2016-06-14] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\System32\DriverStore\FileRepository\k118615.inf_amd64_15e6d7105257ed71\igfxCUIService.exe [350688 2016-11-17] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [974632 2016-02-19] (Intel® Corporation)
R3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2016-03-02] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [8704 2016-03-02] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [215328 2016-05-16] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2016-02-08] ()
R2 Product Registration; C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [80208 2016-09-22] (Dell)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [329728 2016-11-23] (Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-11-02] (Microsoft Corporation)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31928 2016-06-28] (Dell Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-09-06] (Microsoft Corporation)
R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [410032 2016-10-05] (Waves Audio Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3833248 2016-02-08] (Intel® Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [37656 2016-11-21] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [37144 2016-11-21] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [108816 2016-11-21] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [103064 2016-11-21] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-11-21] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [969184 2016-11-21] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [513632 2016-11-21] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [163416 2016-11-21] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-11-21] (AVAST Software)
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [32464 2016-06-23] (Dell Computer Corporation)
R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [24240 2016-06-23] (Dell Computer Corporation)
R2 DpmLiteDrv; c:\Program Files\Dell\QuickSet\DpmLiteDrv64.sys [15080 2014-10-15] (Wistron Corp.)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [70208 2016-05-19] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [65088 2016-05-19] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\System32\drivers\esif_lf.sys [343608 2016-05-19] (Intel Corporation)
R3 HidEventFilter; C:\WINDOWS\System32\drivers\HidEventFilter.sys [46072 2016-01-04] (Intel Corporation)
R3 HID_PCI; C:\WINDOWS\System32\drivers\HID_PCI.sys [30816 2016-05-24] (Intel)
R3 iaLPSS2_GPIO2; C:\WINDOWS\System32\drivers\iaLPSS2_GPIO2.sys [84280 2016-05-17] (Intel Corporation)
R3 iaLPSS2_I2C; C:\WINDOWS\System32\drivers\iaLPSS2_I2C.sys [185144 2016-05-17] (Intel Corporation)
S3 iaLPSS2_SPI; C:\WINDOWS\System32\drivers\iaLPSS2_SPI.sys [152376 2016-05-17] (Intel Corporation)
S3 iaLPSS2_UART2; C:\WINDOWS\System32\drivers\iaLPSS2_UART2.sys [281400 2016-05-17] (Intel Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [250624 2016-10-14] (Intel Corporation)
R3 igfx; C:\WINDOWS\System32\DriverStore\FileRepository\k118615.inf_amd64_15e6d7105257ed71\igdkmd64.sys [10597344 2016-11-17] (Intel Corporation)
R3 ISH; C:\WINDOWS\System32\drivers\ISH.sys [140896 2016-06-05] (Intel)
R3 ISH_BusDriver; C:\WINDOWS\System32\drivers\ISH_BusDriver.sys [78432 2016-06-08] (Intel)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-11-26] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7116288 2016-07-16] (Intel Corporation)
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [413912 2015-12-22] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3116288 2016-04-20] (Realtek Semiconductor Corp.)
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation)
R3 VirtualButtons; C:\WINDOWS\System32\drivers\VirtualButtons.sys [31280 2015-04-14] (Intel Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-26 19:04 - 2016-11-26 19:04 - 02412032 _____ (Farbar) C:\Users\Dachsung\Downloads\FRST64(1).exe
2016-11-23 11:15 - 2016-11-23 11:15 - 00001115 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waves MaxxAudioPro.lnk
2016-11-23 11:15 - 2016-11-23 11:15 - 00000000 ____D C:\Program Files\Waves
2016-11-23 11:14 - 2016-11-23 11:14 - 00000000 ____D C:\WINDOWS\LastGood
2016-11-23 11:13 - 2016-11-23 11:13 - 00003560 _____ C:\WINDOWS\System32\Tasks\PCDEventLauncherTask
2016-11-23 00:42 - 2016-11-23 00:42 - 01381128 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2016-11-23 00:42 - 2016-11-23 00:42 - 00704688 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2016-11-23 00:42 - 2016-11-23 00:42 - 00355496 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2016-11-23 00:41 - 2016-11-23 00:41 - 03795408 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioMeters64.exe
2016-11-23 00:41 - 2016-11-23 00:41 - 03212288 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2016-11-23 00:41 - 2016-11-23 00:41 - 02903800 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2016-11-23 00:41 - 2016-11-23 00:41 - 02081792 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2016-11-22 10:54 - 2016-11-22 10:54 - 00002523 _____ C:\Users\Public\Desktop\Evernote.lnk
2016-11-22 10:54 - 2016-11-22 10:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2016-11-22 10:53 - 2016-11-22 10:54 - 102359936 _____ (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Users\Dachsung\Downloads\Evernote_6.4.2.3788.exe
2016-11-21 22:29 - 2016-11-26 19:05 - 00025304 _____ C:\Users\Dachsung\Downloads\FRST.txt
2016-11-21 22:28 - 2016-11-26 19:05 - 00000000 ____D C:\FRST
2016-11-21 20:02 - 2016-11-21 20:02 - 00004832 _____ C:\Users\Dachsung\Desktop\roguekiller.txt
2016-11-21 19:43 - 2016-11-21 19:43 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-11-21 19:42 - 2016-11-21 20:03 - 00000000 ____D C:\ProgramData\RogueKiller
2016-11-21 19:42 - 2016-11-21 19:42 - 00000901 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2016-11-21 19:42 - 2016-11-21 19:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-11-21 19:42 - 2016-11-21 19:42 - 00000000 ____D C:\Program Files\RogueKiller
2016-11-21 19:41 - 2016-11-21 19:41 - 00000557 _____ C:\Users\Dachsung\Desktop\JRT.txt
2016-11-21 19:35 - 2016-11-21 19:42 - 34158856 _____ (Adlice Software ) C:\Users\Dachsung\Downloads\setup.exe
2016-11-21 18:30 - 2016-11-21 18:30 - 00000000 ___HD C:\OneDriveTemp
2016-11-21 18:19 - 2016-11-21 20:06 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-11-21 18:18 - 2016-11-21 18:29 - 00000000 ____D C:\Users\Dachsung\Desktop\mbar
2016-11-21 18:17 - 2016-11-21 18:18 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Dachsung\Downloads\mbar-1.09.3.1001.exe
2016-11-21 16:35 - 2016-11-21 16:33 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-11-21 16:25 - 2016-11-26 16:57 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-11-21 16:25 - 2016-11-21 18:18 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-11-21 16:25 - 2016-11-21 16:25 - 22851472 _____ (Malwarebytes ) C:\Users\Dachsung\Downloads\mbam-setup-2.2.1.1043.exe
2016-11-21 16:25 - 2016-11-21 16:25 - 00001173 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-11-21 16:25 - 2016-11-21 16:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-11-21 16:25 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-11-21 16:25 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-11-21 16:23 - 2016-11-21 16:23 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Dachsung\Downloads\rkill.exe
2016-11-21 16:23 - 2016-11-21 16:23 - 00003552 _____ C:\Users\Dachsung\Desktop\Rkill.txt
2016-11-21 16:21 - 2016-11-21 16:22 - 00288744 _____ C:\TDSSKiller.txt
2016-11-21 16:21 - 2016-11-21 16:21 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Dachsung\Downloads\tdsskiller.exe.part
2016-11-21 16:21 - 2016-11-21 16:21 - 04656523 _____ C:\Users\Dachsung\Downloads\tdsskiller.zip
2016-11-21 16:21 - 2016-11-07 07:10 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Dachsung\Downloads\TDSSKiller.exe
2016-11-21 16:05 - 2016-11-22 10:19 - 00000000 ____D C:\Users\Dachsung\AppData\LocalLow\Mozilla
2016-11-21 16:05 - 2016-11-21 16:15 - 00000000 ____D C:\Users\Dachsung\AppData\Local\Mozilla
2016-11-21 16:05 - 2016-11-21 16:05 - 00001230 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-11-21 16:05 - 2016-11-21 16:05 - 00000000 ____D C:\Users\Dachsung\AppData\Roaming\Mozilla
2016-11-21 16:05 - 2016-11-21 16:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-11-21 16:05 - 2016-11-21 16:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-11-21 16:04 - 2016-11-21 16:04 - 00243600 _____ C:\Users\Dachsung\Downloads\Firefox Setup Stub 50.0.exe
2016-11-21 15:58 - 2016-11-21 15:58 - 01065376 _____ (Google Inc.) C:\Users\Dachsung\Downloads\ChromeSetup.exe
2016-11-21 15:58 - 2016-11-21 15:58 - 00002346 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-21 15:41 - 2016-11-21 15:41 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2016-11-21 15:32 - 2016-11-21 15:51 - 00004002 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1479760379
2016-11-21 15:32 - 2016-11-21 15:51 - 00001090 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-11-21 15:32 - 2016-11-21 15:32 - 00037144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2016-11-21 15:31 - 2016-11-21 15:31 - 00969184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2016-11-21 15:31 - 2016-11-21 15:31 - 00513632 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2016-11-21 15:31 - 2016-11-21 15:31 - 00391496 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2016-11-21 15:31 - 2016-11-21 15:31 - 00293352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys
2016-11-21 15:31 - 2016-11-21 15:31 - 00163416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2016-11-21 15:31 - 2016-11-21 15:31 - 00108816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2016-11-21 15:31 - 2016-11-21 15:31 - 00103064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2016-11-21 15:31 - 2016-11-21 15:31 - 00074544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2016-11-21 15:31 - 2016-11-21 15:31 - 00053208 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2016-11-21 15:31 - 2016-11-21 15:31 - 00037656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2016-11-21 15:31 - 2016-11-21 15:31 - 00004004 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-11-21 15:31 - 2016-11-21 15:31 - 00001981 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2016-11-21 15:31 - 2016-11-21 15:31 - 00000000 ____D C:\Users\Dachsung\AppData\Roaming\AVAST Software
2016-11-21 15:30 - 2016-11-21 15:32 - 00000000 ____D C:\ProgramData\AVAST Software
2016-11-21 15:30 - 2016-11-21 15:32 - 00000000 ____D C:\Program Files\AVAST Software
2016-11-21 15:29 - 2016-11-21 15:30 - 06253640 _____ (AVAST Software) C:\Users\Dachsung\Downloads\avast_free_antivirus_setup_online_cnet_2.exe
2016-11-21 15:21 - 2016-11-21 15:23 - 00000000 ____D C:\ProgramData\HitmanPro
2016-11-21 15:20 - 2016-11-21 15:21 - 11581544 _____ (SurfRight B.V.) C:\Users\Dachsung\Downloads\hitmanpro_x64.exe
2016-11-21 15:18 - 2016-11-21 15:18 - 01631928 _____ (Malwarebytes) C:\Users\Dachsung\Downloads\JRT.exe
2016-11-21 15:14 - 2016-11-21 19:37 - 00000000 ____D C:\AdwCleaner
2016-11-21 15:14 - 2016-11-21 15:14 - 03910208 _____ C:\Users\Dachsung\Downloads\adwcleaner_6.030.exe
2016-11-21 14:40 - 2016-11-21 16:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-11-21 14:40 - 2016-11-21 14:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-11-18 12:02 - 2016-11-18 12:02 - 00000000 ____D C:\temp
2016-11-17 14:08 - 2016-11-17 14:08 - 00000000 ____D C:\Program Files (x86)\IObit
2016-11-17 13:09 - 2016-11-21 13:56 - 00000000 ____D C:\Users\Dachsung\Evernote
2016-11-17 13:09 - 2016-11-17 13:09 - 00000000 ____D C:\Users\Dachsung\AppData\LocalLow\Evernote
2016-11-17 13:09 - 2016-11-17 13:09 - 00000000 ____D C:\Program Files (x86)\Evernote
2016-11-17 12:00 - 2016-11-21 12:18 - 00000000 ____D C:\Users\Dachsung\AppData\Local\CrashDumps
2016-11-16 16:33 - 2016-11-16 16:33 - 00000000 ____D C:\Users\Dachsung\AppData\Roaming\TechSmith
2016-11-16 16:26 - 2016-11-16 16:26 - 00000000 ____D C:\Users\Dachsung\Documents\Camtasia Studio
2016-11-16 16:26 - 2016-11-16 16:26 - 00000000 ____D C:\Users\Dachsung\AppData\Local\TechSmith
2016-11-16 16:26 - 2016-11-16 16:26 - 00000000 ____D C:\ProgramData\regid.1995-08.com.techsmith
2016-11-16 16:26 - 2016-11-16 16:26 - 00000000 ____D C:\Program Files (x86)\QuickTime
2016-11-16 16:25 - 2016-11-21 15:00 - 00000000 ____D C:\Users\Dachsung\AF33D0D226274AC88473FDBB7892129C.TMP
2016-11-16 16:25 - 2016-11-16 16:25 - 00000000 ____D C:\ProgramData\TechSmith
2016-11-16 16:25 - 2016-11-16 16:25 - 00000000 ____D C:\Program Files (x86)\TechSmith
2016-11-16 16:12 - 2016-11-21 15:00 - 00000000 ____D C:\Users\Dachsung\Documents\Vuze Downloads
2016-11-16 16:12 - 2016-11-16 16:12 - 00001865 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
2016-11-16 16:12 - 2016-11-16 16:12 - 00000000 ____D C:\Users\Dachsung\.swt
2016-11-16 16:12 - 2016-11-16 16:12 - 00000000 ____D C:\Program Files\Vuze
2016-11-16 16:11 - 2016-11-21 15:00 - 00000000 ____D C:\Users\Dachsung\AppData\Roaming\Azureus
2016-11-16 16:11 - 2016-11-16 16:12 - 00000000 ____D C:\Users\Dachsung\.oracle_jre_usage
2016-11-15 13:37 - 2016-11-15 13:37 - 00000000 ____D C:\Users\Dachsung\Documents\Custom Office Templates
2016-11-10 14:40 - 2016-11-10 14:40 - 00000000 ____D C:\WINDOWS\PCHEALTH
2016-11-04 10:29 - 2016-11-04 10:29 - 00000000 ____D C:\Users\Dachsung\AppData\Roaming\sp6_log
2016-11-04 10:29 - 2016-11-04 10:29 - 00000000 ____D C:\Users\Dachsung\AppData\Local\Logishrd
2016-11-04 10:29 - 2016-11-04 10:29 - 00000000 ____D C:\Program Files\Logitech
2016-11-03 13:48 - 2016-11-03 13:48 - 00000720 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brackets.lnk
2016-11-03 13:48 - 2016-11-03 13:48 - 00000000 ____D C:\Program Files (x86)\Brackets
2016-11-03 13:31 - 2016-11-03 13:48 - 45244416 _____ C:\Users\Dachsung\Downloads\Brackets.Release.1.7.msi
2016-11-03 12:32 - 2016-11-03 12:32 - 00000000 ____D C:\Users\Dachsung\.dnx
2016-11-03 12:20 - 2016-11-03 12:31 - 00000000 ____D C:\Users\Dachsung\Documents\Visual Studio 2015
2016-11-03 12:16 - 2016-11-03 12:16 - 00000000 ____D C:\Program Files (x86)\AppInsights
2016-11-03 12:09 - 2016-11-03 12:09 - 00000000 ____D C:\ProgramData\Microsoft DNX
2016-11-03 12:09 - 2016-11-03 12:09 - 00000000 ____D C:\Program Files\Microsoft DNX
2016-11-03 12:09 - 2016-11-03 12:09 - 00000000 ____D C:\Program Files (x86)\ShellDir
2016-11-03 12:07 - 2016-11-03 12:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Web Tools
2016-11-03 12:06 - 2016-11-03 12:06 - 00000000 ____D C:\Program Files\IIS Express
2016-11-03 12:06 - 2016-11-03 12:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Office365 Tools
2016-11-03 12:06 - 2016-11-03 12:06 - 00000000 ____D C:\Program Files (x86)\IIS Express
2016-11-03 12:05 - 2016-11-03 12:05 - 00000000 ____D C:\ProgramData\NuGet
2016-11-03 12:05 - 2016-11-03 12:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression
2016-11-03 12:05 - 2016-11-03 12:05 - 00000000 ____D C:\Program Files (x86)\NuGet
2016-11-03 12:05 - 2016-11-03 12:05 - 00000000 ____D C:\Program Files (x86)\Microsoft WCF Data Services
2016-11-03 12:04 - 2016-11-03 12:17 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 12.0
2016-11-03 12:04 - 2016-11-03 12:04 - 00001500 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend for Visual Studio 2015.lnk
2016-11-03 12:04 - 2016-11-03 12:04 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 12.0
2016-11-03 12:03 - 2016-11-03 12:03 - 00000000 ____D C:\WINDOWS\symbols
2016-11-03 12:03 - 2016-11-03 12:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015
2016-11-03 12:03 - 2016-11-03 12:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Help Viewer
2016-11-03 12:02 - 2016-11-03 12:02 - 00001509 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015.lnk
2016-11-03 12:00 - 2016-11-03 12:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 14.0
2016-11-03 11:59 - 2016-11-03 12:03 - 00000000 ____D C:\Program Files (x86)\Windows Kits
2016-11-02 16:06 - 2016-11-02 12:15 - 00000000 ___DC C:\WINDOWS\Panther
2016-11-02 16:01 - 2016-07-15 22:27 - 00183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\korwbrkr.dll
2016-11-02 16:01 - 2016-07-15 21:43 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\korwbrkr.dll
2016-11-02 16:01 - 2016-05-25 17:39 - 12023100 _____ C:\WINDOWS\system32\korwbrkr.lex
2016-11-02 16:00 - 2016-11-02 16:00 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-11-02 15:59 - 2016-11-02 15:59 - 00199008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys
2016-11-02 12:17 - 2016-11-02 12:17 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-11-02 12:16 - 2016-11-02 12:16 - 00000000 ____D C:\ProgramData\USOShared
2016-11-02 12:15 - 2016-11-07 10:51 - 00000000 ____D C:\Users\Dachsung\AppData\Local\ConnectedDevicesPlatform
2016-11-02 12:15 - 2016-11-02 12:15 - 00000020 ___SH C:\Users\Dachsung\ntuser.ini
2016-11-02 12:15 - 2016-11-02 12:15 - 00000000 _SHDL C:\Users\Default\My Documents
2016-11-02 12:15 - 2016-11-02 12:15 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2016-11-02 12:15 - 2016-11-02 12:15 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2016-11-02 12:15 - 2016-11-02 12:15 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2016-11-02 12:15 - 2016-11-02 12:15 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2016-11-02 12:15 - 2016-11-02 12:15 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2016-11-02 12:15 - 2016-11-02 12:15 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2016-11-02 12:14 - 2016-11-23 11:15 - 00003218 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_PushButton
2016-11-02 12:14 - 2016-11-21 20:06 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-11-02 12:14 - 2016-11-07 11:03 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-11-02 12:14 - 2016-11-02 12:14 - 00007623 _____ C:\WINDOWS\diagwrn.xml
2016-11-02 12:14 - 2016-11-02 12:14 - 00007623 _____ C:\WINDOWS\diagerr.xml
2016-11-02 12:14 - 2016-11-02 12:14 - 00003446 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-11-02 12:14 - 2016-11-02 12:14 - 00003296 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C3D1848C-55E7-4A2B-8172-F215CB046760}
2016-11-02 12:14 - 2016-11-02 12:14 - 00003222 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-11-02 12:14 - 2016-11-02 12:14 - 00003118 _____ C:\WINDOWS\System32\Tasks\Intel PTT EK Recertification
2016-11-02 12:14 - 2016-11-02 12:14 - 00003098 _____ C:\WINDOWS\System32\Tasks\PCDDataUploadTask
2016-11-02 12:14 - 2016-11-02 12:14 - 00002982 _____ C:\WINDOWS\System32\Tasks\SystemToolsDailyTest
2016-11-02 12:14 - 2016-11-02 12:14 - 00002828 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task
2016-11-02 12:14 - 2016-11-02 12:14 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2016-11-02 12:13 - 2016-11-02 12:13 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2016-11-02 12:11 - 2016-11-02 12:11 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-11-02 12:11 - 2016-11-02 12:11 - 00000000 ____D C:\Users\Default\Documents\Visual Studio 2010
2016-11-02 12:11 - 2016-11-02 12:11 - 00000000 ____D C:\Users\Default\Documents\Visual Studio 2008
2016-11-02 12:11 - 2016-11-02 12:11 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2016-11-02 12:11 - 2016-11-02 12:11 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2016-11-02 12:11 - 2016-11-02 12:11 - 00000000 ____D C:\Users\Default User\Documents\Visual Studio 2010
2016-11-02 12:11 - 2016-11-02 12:11 - 00000000 ____D C:\Users\Default User\Documents\Visual Studio 2008
2016-11-02 12:11 - 2016-11-02 12:11 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2016-11-02 12:11 - 2016-11-02 12:11 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2016-11-02 12:08 - 2016-11-21 15:01 - 00000000 ____D C:\Users\Dachsung
2016-11-02 12:08 - 2016-11-02 12:12 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2016-11-02 12:08 - 2016-11-02 12:08 - 00000000 _SHDL C:\Users\Dachsung\My Documents
2016-11-02 12:08 - 2016-11-02 12:08 - 00000000 _SHDL C:\Users\Dachsung\Documents\My Videos
2016-11-02 12:08 - 2016-11-02 12:08 - 00000000 _SHDL C:\Users\Dachsung\Documents\My Pictures
2016-11-02 12:08 - 2016-11-02 12:08 - 00000000 _SHDL C:\Users\Dachsung\Documents\My Music
2016-11-02 12:07 - 2016-11-26 14:09 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-11-02 12:07 - 2016-11-26 13:14 - 00018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2016-11-02 12:07 - 2016-11-23 11:15 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-11-02 12:07 - 2016-11-17 01:07 - 00122384 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2016-11-02 12:07 - 2016-11-10 15:24 - 04911424 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-11-02 12:07 - 2016-11-02 12:09 - 00000000 ____D C:\Program Files\Intel
2016-11-02 12:07 - 2016-11-02 12:09 - 00000000 ____D C:\Program Files (x86)\Intel
2016-11-02 12:07 - 2016-11-02 12:07 - 00103040 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2016-11-02 12:07 - 2016-11-02 12:07 - 00000000 ____D C:\WINDOWS\system32\Intel
2016-11-02 12:07 - 2016-11-02 12:07 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2016-11-02 12:07 - 2016-11-02 12:07 - 00000000 ____D C:\Program Files\Realtek
2016-11-02 12:07 - 2016-11-02 12:07 - 00000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2016-11-02 12:07 - 2016-07-16 06:41 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2016-11-01 11:50 - 2016-11-21 15:00 - 00000000 ____D C:\Program Files\iTunes
2016-11-01 11:50 - 2016-11-02 12:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-11-01 11:50 - 2016-11-01 11:50 - 00000000 ____D C:\Program Files\iPod
2016-10-31 10:23 - 2016-10-31 13:13 - 02190408 _____ (Logitech Inc.) C:\Users\Dachsung\Downloads\ConnectUtility.exe
2016-10-27 10:38 - 2016-10-27 10:38 - 00000000 ____D C:\Users\Dachsung\AppData\Roaming\Dell

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-26 19:05 - 2016-09-29 14:41 - 00000000 ___RD C:\Users\Dachsung\Google Drive
2016-11-26 19:04 - 2016-09-29 14:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-11-26 14:12 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-11-26 13:19 - 2016-09-29 11:28 - 00000000 ____D C:\Users\Dachsung\AppData\Local\Packages
2016-11-26 13:19 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-11-26 13:19 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-11-23 12:39 - 2016-09-29 12:45 - 00000000 ____D C:\Users\Dachsung\Desktop\Real Estate
2016-11-23 11:15 - 2016-09-22 14:36 - 00000000 ____D C:\WINDOWS\system32\RTCOM
2016-11-23 11:14 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF
2016-11-23 00:42 - 2016-09-16 22:22 - 23735744 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioRenderAVX64.dll
2016-11-23 00:42 - 2016-09-16 22:22 - 23642952 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioRender64.dll
2016-11-23 00:42 - 2016-09-16 22:22 - 17558704 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioCapture64.dll
2016-11-23 00:42 - 2016-09-16 22:22 - 03320664 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2016-11-23 00:42 - 2016-09-16 22:22 - 03171840 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2016-11-23 00:42 - 2016-09-16 22:22 - 00585184 _____ (Intel Corporation) C:\WINDOWS\system32\tbb_waves.dll
2016-11-23 00:42 - 2016-09-16 22:22 - 00203440 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2016-11-23 00:41 - 2016-09-16 22:21 - 05352952 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2016-11-23 00:41 - 2016-09-16 22:21 - 00032392 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2016-11-22 10:01 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-11-21 22:30 - 2016-04-25 14:58 - 01261946 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-11-21 20:07 - 2016-09-29 11:30 - 00000000 ___RD C:\Users\Dachsung\OneDrive
2016-11-21 20:07 - 2016-09-29 11:28 - 00000000 __SHD C:\Users\Dachsung\IntelGraphicsProfiles
2016-11-21 20:06 - 2016-07-16 01:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2016-11-21 19:59 - 2015-10-30 02:24 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-11-21 18:29 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\Help
2016-11-21 16:35 - 2016-07-16 01:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2016-11-21 15:58 - 2016-09-29 11:41 - 00000000 ____D C:\Program Files (x86)\Google
2016-11-21 15:30 - 2016-09-22 14:39 - 00000000 ____D C:\ProgramData\McAfee
2016-11-21 15:28 - 2015-10-30 01:28 - 00000000 ____D C:\Users\Default.migrated
2016-11-21 15:00 - 2016-09-29 15:16 - 00000000 ____D C:\Users\Dachsung\AppData\Roaming\Battle.net
2016-11-21 15:00 - 2016-09-29 14:16 - 00000000 ____D C:\Program Files\Bonjour
2016-11-21 15:00 - 2016-09-29 13:33 - 00000000 ____D C:\Program Files (x86)\Dell Customer Connect
2016-11-21 15:00 - 2016-09-22 14:38 - 00000000 ___HD C:\WINDOWS\system32\WLANProfiles
2016-11-21 15:00 - 2016-07-16 06:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-11-21 15:00 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2016-11-21 15:00 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\MUI
2016-11-21 15:00 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\SysWOW64\downlevel
2016-11-21 15:00 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-11-21 15:00 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-11-21 15:00 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\system32\downlevel
2016-11-21 15:00 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-11-21 15:00 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\servicing
2016-11-21 14:59 - 2016-09-29 11:28 - 00000000 ____D C:\Users\Dachsung\AppData\Roaming\Adobe
2016-11-21 14:59 - 2016-09-22 14:36 - 00000000 ____D C:\Intel
2016-11-21 14:59 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\registration
2016-11-21 14:59 - 2015-11-03 14:03 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-11-21 14:59 - 2015-11-03 14:03 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-11-18 12:41 - 2016-09-29 12:33 - 00000000 ____D C:\Users\Dachsung\AppData\Local\Adobe
2016-11-18 12:36 - 2016-09-29 15:20 - 00000000 ____D C:\Users\Dachsung\AppData\Local\Battle.net
2016-11-17 14:21 - 2016-09-29 12:35 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-11-17 14:10 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-11-17 01:07 - 2016-09-22 15:21 - 00280072 _____ C:\WINDOWS\system32\igfxCPL.cpl
2016-11-17 01:07 - 2016-09-22 15:21 - 00150024 _____ C:\WINDOWS\SysWOW64\libEGL.dll
2016-11-17 01:07 - 2016-09-22 15:21 - 00122384 _____ (Khronos Group) C:\WINDOWS\system32\Intel_OpenCL_ICD64.dll
2016-11-17 01:07 - 2016-09-22 15:21 - 00120848 _____ C:\WINDOWS\SysWOW64\libGLESv2.dll
2016-11-17 01:07 - 2016-09-22 15:21 - 00113160 _____ (Khronos Group) C:\WINDOWS\SysWOW64\Intel_OpenCL_ICD32.dll
2016-11-17 01:07 - 2016-09-22 15:21 - 00110096 _____ C:\WINDOWS\SysWOW64\libGLESv1_CM.dll
2016-11-17 01:07 - 2016-07-16 09:29 - 00113160 _____ (Khronos Group) C:\WINDOWS\SysWOW64\opencl.dll
2016-11-16 10:55 - 2016-09-22 15:29 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2016-11-11 14:16 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\rescache
2016-11-11 11:25 - 2016-07-16 01:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI(411)
2016-11-10 15:24 - 2016-04-25 15:36 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-11-10 15:22 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-11-10 15:22 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-11-10 15:22 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-11-10 15:22 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-11-10 15:22 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-11-10 14:42 - 2016-09-29 12:06 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-11-10 14:40 - 2015-10-30 02:24 - 00000167 _____ C:\WINDOWS\win.ini
2016-11-10 14:39 - 2016-09-29 15:34 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-11-10 14:37 - 2016-09-29 15:34 - 141011376 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-11-07 10:49 - 2016-07-16 06:47 - 00015425 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-11-07 10:49 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-11-07 10:49 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-11-04 10:29 - 2016-10-20 11:05 - 00000000 ____D C:\Users\Public\Documents\Logishrd
2016-11-04 10:29 - 2016-10-20 11:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2016-11-04 10:29 - 2016-10-20 11:05 - 00000000 ____D C:\ProgramData\Logishrd
2016-11-04 10:29 - 2016-10-20 11:03 - 00000000 ____D C:\Program Files\Common Files\LogiShrd
2016-11-04 09:33 - 2016-10-26 13:34 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-11-03 12:18 - 2016-09-22 14:35 - 00000000 ____D C:\ProgramData\Package Cache
2016-11-03 12:14 - 2016-09-29 12:52 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2016-11-03 12:14 - 2016-09-29 12:52 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2016-11-03 12:13 - 2016-09-29 12:50 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2016-11-03 12:13 - 2016-09-29 12:48 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2016-11-03 12:10 - 2016-09-29 12:52 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2016-11-03 12:10 - 2016-09-29 12:52 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2016-11-03 12:05 - 2016-09-29 12:50 - 00000000 ____D C:\Program Files\IIS
2016-11-03 12:05 - 2016-09-29 12:50 - 00000000 ____D C:\Program Files (x86)\IIS
2016-11-03 12:04 - 2016-09-29 12:49 - 00000000 ____D C:\WINDOWS\SysWOW64\1033
2016-11-03 12:03 - 2015-11-03 14:03 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-11-03 12:02 - 2016-09-29 12:48 - 00000000 ____D C:\WINDOWS\system32\1033
2016-11-03 12:00 - 2016-07-16 06:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-11-03 11:58 - 2016-07-16 06:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-11-03 11:57 - 2016-09-29 12:49 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 10.0
2016-11-03 11:53 - 2016-09-29 12:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010
2016-11-03 08:59 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\appcompat
2016-11-02 16:06 - 2016-07-16 06:47 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-11-02 16:05 - 2016-07-16 09:29 - 00000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2016-11-02 16:05 - 2016-07-16 06:47 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2016-11-02 16:05 - 2016-07-16 06:47 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-11-02 16:05 - 2016-07-16 06:47 - 00000000 ___SD C:\WINDOWS\system32\dsc
2016-11-02 16:05 - 2016-07-16 06:47 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2016-11-02 16:05 - 2016-07-16 06:47 - 00000000 ___RD C:\Program Files\Windows Defender
2016-11-02 16:05 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2016-11-02 16:05 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\setup
2016-11-02 16:05 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2016-11-02 16:05 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2016-11-02 16:05 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\et-EE
2016-11-02 16:05 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\es-MX
2016-11-02 16:05 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\en-GB
2016-11-02 16:05 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\Provisioning
2016-11-02 16:05 - 2016-07-16 06:47 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-11-02 16:05 - 2016-07-16 06:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-11-02 16:05 - 2016-07-16 06:47 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-11-02 16:01 - 2016-07-16 09:15 - 00000000 ____D C:\WINDOWS\OCR
2016-11-02 12:18 - 2016-09-29 14:41 - 00001822 _____ C:\Users\Dachsung\Desktop\Google Drive.lnk
2016-11-02 12:18 - 2016-09-29 11:30 - 00002374 _____ C:\Users\Dachsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-11-02 12:16 - 2016-07-16 06:47 - 00000000 ____D C:\ProgramData\USOPrivate
2016-11-02 12:14 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2016-11-02 12:13 - 2016-07-16 06:47 - 00000000 __RHD C:\Users\Public\Libraries
2016-11-02 12:12 - 2016-09-29 17:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2016-11-02 12:12 - 2016-09-29 15:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-11-02 12:12 - 2016-09-29 15:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WCF RIA Services V1.0 SP1
2016-11-02 12:12 - 2016-09-29 13:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOM Player
2016-11-02 12:12 - 2016-09-29 12:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
2016-11-02 12:12 - 2016-09-29 12:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Sync Framework
2016-11-02 12:12 - 2016-09-29 12:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2016-11-02 12:12 - 2016-09-29 12:27 - 00000000 ____D C:\Users\Dachsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-11-02 12:12 - 2016-09-29 12:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-11-02 12:12 - 2016-09-22 14:38 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2016-11-02 12:12 - 2016-09-22 14:37 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
2016-11-02 12:12 - 2016-09-22 14:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2016-11-02 12:12 - 2015-11-03 14:03 - 00000000 ____D C:\Program Files\MSBuild
2016-11-02 12:12 - 2015-10-30 04:05 - 00000000 ____D C:\WINDOWS\ShellNew
2016-11-02 12:09 - 2016-09-29 17:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2016-11-02 12:09 - 2016-09-29 15:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 4 SDK
2016-11-02 12:09 - 2016-09-29 13:23 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2016-11-02 12:09 - 2016-09-29 12:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 3 SDK
2016-11-02 12:09 - 2016-09-29 12:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
2016-11-02 12:09 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\spool
2016-11-02 12:09 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-11-02 12:09 - 2016-07-16 06:47 - 00000000 ____D C:\Program Files\Common Files\System
2016-11-02 12:07 - 2016-07-16 06:47 - 00000000 ___RD C:\WINDOWS\PrintDialog
2016-11-02 12:07 - 2016-07-16 06:47 - 00000000 ___RD C:\WINDOWS\MiracastView
2016-11-02 11:46 - 2016-09-29 11:41 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-02 11:46 - 2016-09-29 11:41 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-01 11:50 - 2016-09-29 14:16 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-10-31 13:13 - 2016-10-20 11:03 - 00000000 ____D C:\Users\Dachsung\AppData\Roaming\Logitech
2016-10-31 09:34 - 2016-09-29 11:41 - 00000000 ____D C:\Users\Dachsung\AppData\Local\Google
2016-10-28 18:56 - 2016-07-16 06:49 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-10-28 18:56 - 2016-07-16 06:49 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-10-27 13:00 - 2016-09-29 12:34 - 00000000 ____D C:\ProgramData\Adobe

==================== Files in the root of some directories =======

2016-10-01 15:21 - 2016-10-01 15:26 - 0000600 _____ () C:\Users\Dachsung\AppData\Local\PUTTY.RND

Some files in TEMP:
====================
C:\Users\Dachsung\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Dachsung\AppData\Local\Temp\HitmanPro.exe
C:\Users\Dachsung\AppData\Local\Temp\i4jdel0.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-11-21 15:40

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-11-2016
Ran by Dachsung (26-11-2016 19:05:43)
Running from C:\Users\Dachsung\Downloads
Windows 10 Pro Version 1607 (X64) (2016-11-02 17:15:18)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1908341225-1132082261-611098665-500 - Administrator - Disabled)
Dachsung (S-1-5-21-1908341225-1132082261-611098665-1001 - Administrator - Enabled) => C:\Users\Dachsung
DefaultAccount (S-1-5-21-1908341225-1132082261-611098665-503 - Limited - Disabled)
Guest (S-1-5-21-1908341225-1132082261-611098665-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Active Directory Authentication Library for SQL Server (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Active Directory Authentication Library for SQL Server (x86) (x32 Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.0 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{F2871C89-C8A5-42EE-8D45-0F02506385A6}) (Version: 5.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{9BC93467-75D1-4AA4-BD58-D9C51D88DFAB}) (Version: 5.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{0E4C791E-B78E-477D-BD5A-CDD0985BA6EC}) (Version: 7.0.20622.1 - Microsoft Corporation)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
Azure AD Authentication Connected Service (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden
AzureTools.Notifications (x32 Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brackets (HKLM-x32\...\{EF4E49D9-63EF-4BD4-BAD0-2234C79970D3}) (Version: 1.7 - brackets.io)
Canon Utilities Digital Photo Professional 4 (HKLM-x32\...\Digital Photo Professional 4 (x64)) (Version: 4.2.32.0 - Canon Inc.)
Canon Utilities EOS Sample Music (HKLM-x32\...\EOS Sample Music) (Version: 0.9.0.1 - Canon Inc.)
Dell Customer Connect (HKLM-x32\...\{35BEC446-269E-42E4-8EED-191A38CCFF3D}) (Version: 1.4.10.0 - Dell Inc.)
Dell Data Vault (Version: 4.3.9.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{AB7F2792-2ED1-4C5C-9F28-680E5110BF72}) (Version: 3.1.1018.0 - Dell Products, LP)
Dell Foundation Services (HKLM\...\{C1C53DA1-9497-4ABB-A3D6-A63039820B37}) (Version: 3.3.7200.0 - Dell Inc.)
Dell Help & Support (HKLM-x32\...\InstallShield_{7E780845-303D-4B46-9746-9D49D94D16AB}) (Version: 2.3.22.0 - Dell Inc.)
Dell Help & Support (Version: 2.3.22.0 - Dell Inc.) Hidden
Dell Product Registration (HKLM-x32\...\InstallShield_{85B14AE3-1624-45BE-942B-A528DF6F1CCE}) (Version: 3.0.123.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.3.6855.61 - Dell)
Dell SupportAssist Remediation (HKLM-x32\...\{7af9f4ec-f645-4435-a6a2-fc02fc193893}) (Version: 2.0.2.1822 - Dell Inc.)
Dell SupportAssist Remediation (Version: 2.0.2.1822 - Dell Inc.) Hidden
Dell SupportAssistAgent (HKLM-x32\...\{6992DE3D-E93B-4A24-9FE1-34C841941E11}) (Version: 1.2.4.3 - Dell)
Dell Update - SupportAssist Update Plugin (HKLM\...\{226686E0-DCCB-4B9A-A5CF-234437597C96}) (Version: 2.0.2.1822 - Dell Inc.)
Dell Update (HKLM-x32\...\{FB198E80-F1AB-4A6F-B3E3-F7442FC91FD2}) (Version: 1.9.4.0 - Dell Inc.)
Dotfuscator and Analytics Community Edition 5.22.0 (x32 Version: 5.22.0.3788 - PreEmptive Solutions) Hidden
Dotfuscator Software Services - Community Edition (HKLM-x32\...\{1AA5BD63-6614-44B2-88A7-605191EDB835}) (Version: 5.0.2500.0 - PreEmptive Solutions)
Entity Framework 6.1.3 Tools for Visual Studio 2015 Update 1 (HKLM-x32\...\{2A56910C-69C8-495D-8ED8-9080F0A14E58}) (Version: 14.0.41103.0 - Microsoft Corporation)
Evernote v. 6.4.2 (HKLM-x32\...\{E74F0DCA-9FC8-11E6-9D98-005056950253}) (Version: 6.4.2.3788 - Evernote Corp.)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.3.7.5261 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Drive (HKLM-x32\...\{8696116E-F4C2-4C64-AD7E-FF365E244FA4}) (Version: 1.32.3889.0961 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
IIS 10.0 Express (HKLM\...\{13FD7E30-D2F1-498D-ABC2-A4242DB6610E}) (Version: 10.0.1736 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version: - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version: - )
Intel® Chipset Device Software (x32 Version: 10.1.1.27 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.2.10900.330 - Intel Corporation)
Intel® HID Event Filter (HKLM-x32\...\3FB06EEC-013D-4366-9918-71B97DFB84EB) (Version: 1.1.0.313 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.5.0.1015 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4526 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.0.1.1040 - Intel Corporation)
Intel® Virtual Buttons (HKLM-x32\...\1992736F-C90A-481C-B21B-EE34CAD07387) (Version: 1.1.0.21 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{3920BCB0-23AA-4D0D-93E5-404692DAF9D2}) (Version: 19.00.1621.3340 - Intel Corporation)
Intel® Integrated Sensor Solution (HKLM-x32\...\{b3c2a365-876b-4588-97ce-5ab104b07d57}) (Version: 3.0.30.1076 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{552523b2-40ad-46b3-94f6-2b99d0860d5c}) (Version: 18.40.0 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{8B08DDA1-FDE7-4897-8EB6-E0B048A6D88B}) (Version: 1.0.1.618 - Intel Corporation)
ISS_Drivers_x64 (Version: 3.0.30.1076 - Intel Corporation) Hidden
iTunes (HKLM\...\{2C49F336-2E86-4407-83E2-16AC65598EF4}) (Version: 12.5.3.16 - Apple Inc.)
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Maxx Audio Installer (x64) (Version: 2.7.8865.0 - Waves Audio Ltd.) Hidden
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Version Manager (x64) 1.0.0-beta5 (HKLM\...\{c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738}) (Version: 1.0.10609.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (HKLM-x32\...\{40416836-56CC-4C0E-A6AF-5C34BADCE483}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25420 - Microsoft Corporation)
Microsoft Office Standard 2013 (HKLM\...\Office15.STANDARD) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Silverlight 3 SDK (HKLM-x32\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK (HKLM-x32\...\{05855322-BE43-41FE-B583-D3AE0C326D58}) (Version: 4.0.50826.0 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Framework (HKLM-x32\...\{BC537AE0-88AF-47ED-B762-33B0D62B5188}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Project (HKLM-x32\...\{7A56D81D-6406-40E7-9184-8AC1769C4D69}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (x64) (HKLM\...\{EAEBF166-B06A-4D7F-BAF7-6615303D5C7C}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service (HKLM-x32\...\{09C52940-A4D1-4409-A7CC-1AAE630CF578}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2016 LocalDB (HKLM\...\{E359515A-92E6-4FA3-A2C9-E1BA02D8DE6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects (HKLM-x32\...\{0F1C8E2F-199A-4946-B3BF-0906DACFD032}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects (x64) (HKLM\...\{20EA85AA-2A1D-4F11-B09F-4BA2BF3C8989}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL Language Service (HKLM-x32\...\{8BFDE775-C5B8-46DB-84EF-43FFC8A2E8AD}) (Version: 13.0.14500.10 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL ScriptDom (HKLM\...\{D091DE8C-EA0F-49AF-8DE3-BD6C79737C6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.60519.0) (HKLM-x32\...\{4E27B0EF-7BAB-432A-AF3D-3FC8F3F7353F}) (Version: 14.0.60519.0 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM-x32\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{1E6ED082-E32D-4B2B-8B6A-70B094815135}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime v1.0 SP1 (x64) (HKLM\...\{8438EC02-B8A9-462D-AC72-1B521349C001}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework SDK v1.0 SP1 (HKLM-x32\...\{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework Services v1.0 SP1 (x64) (HKLM\...\{034106B5-54B7-467F-B477-5B7DBB492624}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) (HKLM\...\{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}) (Version: 2.0.3010.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM\...\{96EB5054-C775-4BEF-B7B9-AA96A295EDCD}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM-x32\...\{84C23ECA-FE4D-494F-9247-3EBAD57E7F0C}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft Team Foundation Server 2010 Object Model - ENU (HKLM\...\Microsoft Team Foundation Server 2010 Object Model - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 IntelliTrace Collection (x64) (HKLM\...\{88BAE373-00F4-3E33-828F-96E89E5E0CB9}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 with Updates (HKLM-x32\...\{79b486b9-c5f0-4096-a00c-8351f59587c2}) (Version: 14.0.25420.1 - Microsoft Corporation)
Microsoft Visual Studio Macro Tools (HKLM-x32\...\Microsoft Visual Studio Macro Tools) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{94E1227C-08A9-4962-B388-1F05D89AEA75}) (Version: 3.1238.1962 - Microsoft Corporation)
Mozilla Firefox 50.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.0 (x86 en-US)) (Version: 50.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.0 - Mozilla)
MSBuild/NuGet Integration 14.0 (x86) (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden
Multi-Device Hybrid Apps using C# - Templates - ENU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT (HKLM-x32\...\{B7E94916-7AE6-4F7F-A377-7A410A42BA19}) (Version: 13.0.1601.5 - Microsoft Corporation)
Product Registration (Version: 3.0.123.0 - Dell Inc.) Hidden
QuickSet64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.37 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31222 - Realtek Semiconduct Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7950 - Realtek Semiconductor Corp.)
Realtek PC Camera Driver (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 10.0.10586.11188 - Realtek Semiconductor Corp.)
RogueKiller version 12.8.2.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.8.2.0 - Adlice Software)
Roslyn Language Services - x86 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (x32 Version: 14.0.25431 - Microsoft Corporation) Hidden
SafeZone Stable 1.51.2220.62 (x32 Version: 1.51.2220.62 - Avast Software) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0012-0000-1000-0000000FF1CE}_Office15.STANDARD_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
Service Pack 1 for SQL Server 2008 (KB968369) (64-bit) (HKLM\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Team Explorer for Microsoft Visual Studio 2015 Update 3.1 (x32 Version: 14.102.25619 - Microsoft) Hidden
Test Tools for Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
TypeScript Power Tool (x32 Version: 1.8.34.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (x32 Version: 1.8.36.0 - Microsoft Corporation) Hidden
Update for Skype for Business 2015 (KB3127934) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.STANDARD_{670823C5-9E0F-444C-A115-E8C4F37C5707}) (Version: - Microsoft)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.40219 - Microsoft Corporation)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
Visual Studio 2015 Update 3 (KB3022398) (HKLM-x32\...\{7a68448b-9cf2-4049-bd73-5875f1aa7ba2}) (Version: 14.0.25420 - Microsoft Corporation)
VS Update core components (x32 Version: 14.0.25431 - Microsoft Corporation) Hidden
vs_update3notification (x32 Version: 14.0.25431 - Microsoft Corporation) Hidden
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.7.3.0 - Azureus Software, Inc.)
WCF Data Services 5.6.4 Runtime (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP1 (HKLM-x32\...\{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}) (Version: 4.1.60114.0 - Microsoft Corporation)
Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)
WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1908341225-1132082261-611098665-1001_Classes\CLSID\{a9872fee-5a55-4ecb-9b0f-b06fedcf14d1}\localserver32 -> C:\Program Files\Waves\MaxxAudio\MaxxAudioPro.exe (Waves Audio Ltd)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05D970E4-3B65-40F1-9E16-A0B411F3ED10} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe [2016-06-20] (Microsoft Corporation)
Task: {373468E8-5D8B-4F60-B592-28A83E554B2E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-29] (Google Inc.)
Task: {4FDF3DE4-DAEE-4CC0-8176-2F41B80F24EA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {6064F945-869E-4980-99CA-8DCE661E605E} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2016-09-13] (PC-Doctor, Inc.)
Task: {6C2E2118-B5DF-45F6-B47A-DB982C178041} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-02-19] (Intel® Corporation)
Task: {6DD543EE-8BB5-4989-A2DD-5AC4D53A872E} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {9DA9E1FC-DDDF-4CDC-B5D4-82FA78D78912} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-11-21] (AVAST Software)
Task: {A92B035D-200F-4D18-817B-22177197B51A} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {AC16A68C-317D-4757-A0B2-07BCC7C80EFB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {B7E05E3A-5FC2-4364-AB6E-1BC03381A433} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-29] (Google Inc.)
Task: {BA7E74EB-C37C-4902-9687-4D5F842EE4AA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {D85AFFF3-03AA-42AB-8AE8-76722C525670} - System32\Tasks\SafeZone scheduled Autoupdate 1479760379 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software)
Task: {D899DCA0-110E-4658-B2D0-EC58C4FEB811} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-11-23] (Realtek Semiconductor)
Task: {D9AA3947-D420-481E-88FD-D665593BA954} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {E6CF27EE-04A4-41E5-AB53-51F15203FFC3} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-11-02 16:04 - 2016-11-02 16:04 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-10-05 17:17 - 2016-10-05 17:17 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-11-02 16:04 - 2016-11-02 16:04 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-11-02 12:17 - 2016-11-02 12:17 - 01864384 _____ () C:\Users\Dachsung\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\ClientTelemetry.dll
2016-08-16 12:30 - 2016-08-16 12:30 - 08909504 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-09-29 12:27 - 2011-03-02 11:40 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2016-11-02 16:04 - 2016-11-02 16:04 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-11-10 09:00 - 2016-11-02 05:30 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-11-10 08:59 - 2016-11-02 05:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-10 08:59 - 2016-11-02 05:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-10 08:59 - 2016-11-02 05:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-10 08:59 - 2016-11-02 05:15 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-11-10 08:59 - 2016-11-02 05:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-10 08:59 - 2016-11-02 05:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-11-21 15:06 - 2016-11-21 15:07 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-11-21 15:06 - 2016-11-21 15:07 - 00178688 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-11-21 15:06 - 2016-11-21 15:07 - 41609728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2015-04-06 18:28 - 2015-04-06 18:28 - 00570056 _____ () C:\Program Files\Adobe\Adobe Lightroom\AgKernel.dll
2015-04-06 18:31 - 2015-04-06 18:31 - 53322952 _____ () C:\Program Files\Adobe\Adobe Lightroom\libcef.dll
2015-04-06 18:30 - 2015-04-06 18:30 - 00369864 _____ () C:\Program Files\Adobe\Adobe Lightroom\WFCore.dll
2015-04-06 18:30 - 2015-04-06 18:30 - 00033992 _____ () C:\Program Files\Adobe\Adobe Lightroom\WFSQLite.dll
2015-04-06 18:30 - 2015-04-06 18:30 - 00103112 _____ () C:\Program Files\Adobe\Adobe Lightroom\WFWeb.dll
2015-04-06 18:30 - 2015-04-06 18:30 - 00896712 _____ () C:\Program Files\Adobe\Adobe Lightroom\WFOzClient.dll
2015-04-06 18:30 - 2015-04-06 18:30 - 00029896 _____ () C:\Program Files\Adobe\Adobe Lightroom\LightroomModels.dll
2015-04-06 18:28 - 2015-04-06 18:28 - 00517832 _____ () C:\Program Files\Adobe\Adobe Lightroom\Adobe Lightroom CEF Helper.exe
2015-04-06 18:30 - 2015-04-06 18:30 - 01167048 _____ () C:\Program Files\Adobe\Adobe Lightroom\libglesv2.dll
2015-04-06 18:30 - 2015-04-06 18:30 - 00168136 _____ () C:\Program Files\Adobe\Adobe Lightroom\libegl.dll
2016-11-21 15:31 - 2016-11-21 15:31 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-11-21 15:32 - 2016-11-21 15:32 - 03129808 _____ () C:\Program Files\AVAST Software\Avast\defs\16112100\algo.dll
2016-11-21 15:31 - 2016-11-21 15:31 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-11-26 13:14 - 2016-11-26 13:14 - 03134984 _____ () C:\Program Files\AVAST Software\Avast\defs\16112600\algo.dll
2016-08-16 12:31 - 2016-08-16 12:31 - 08909504 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-11-02 12:17 - 2016-11-02 12:17 - 01383616 _____ () C:\Users\Dachsung\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\ClientTelemetry.dll
2016-11-02 12:17 - 2016-11-02 12:17 - 00118976 _____ () C:\Users\Dachsung\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileSyncViews.dll
2016-11-21 15:31 - 2016-11-21 15:31 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-09-09 07:32 - 2016-09-09 07:32 - 00134008 _____ () C:\Program Files (x86)\Dell Customer Connect\ServiceTagPlusPlus.dll
2016-05-02 16:52 - 2016-05-02 16:52 - 00134144 _____ () C:\Program Files (x86)\Dell Update\ServiceTagPlusPlus.dll
2016-05-16 23:50 - 2016-05-16 23:50 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2016-10-31 17:45 - 2016-10-31 17:45 - 00148664 _____ () C:\Program Files (x86)\Evernote\Evernote\zlibwapi.dll
2016-10-31 17:45 - 2016-10-31 17:45 - 26137272 _____ () C:\Program Files (x86)\Evernote\Evernote\libcef.dll
2016-10-31 17:45 - 2016-10-31 17:45 - 00212664 _____ () C:\Program Files (x86)\Evernote\Evernote\websockets.dll
2016-10-31 17:45 - 2016-10-31 17:45 - 00321208 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2016-10-31 17:17 - 2016-10-31 17:17 - 00740352 _____ () C:\Program Files (x86)\Evernote\Evernote\libglesv2.dll
2016-10-31 17:17 - 2016-10-31 17:17 - 00130048 _____ () C:\Program Files (x86)\Evernote\Evernote\libegl.dll
2016-11-26 19:05 - 2016-11-26 19:05 - 00098816 ____R () C:\Users\Dachsung\AppData\Local\Temp\_MEI130202\win32api.pyd
2016-11-26 19:05 - 2016-11-26 19:05 - 00110080 ____R () C:\Users\Dachsung\AppData\Local\Temp\_MEI130202\pywintypes27.dll
2016-11-26 19:05 - 2016-11-26 19:05 - 00364544 ____R () C:\Users\Dachsung\AppData\Local\Temp\_MEI130202\pythoncom27.dll
2016-11-26 19:05 - 2016-11-26 19:05 - 00320512 ____R () C:\Users\Dachsung\AppData\Local\Temp\_MEI130202\win32com.shell.shell.pyd
2016-11-26 19:05 - 2016-11-26 19:05 - 00914432 ____R () C:\Users\Dachsung\AppData\Local\Temp\_MEI130202\_hashlib.pyd
2016-11-26 19:05 - 2016-11-26 19:05 - 01176576 ____R () C:\Users\Dachsung\AppData\Local\Temp\_MEI130202\wx._core_.pyd
2016-11-26 19:05 - 2016-11-26 19:05 - 00806400 ____R () C:\Users\Dachsung\AppData\Local\Temp\_MEI130202\wx._gdi_.pyd
2016-11-26 19:05 - 2016-11-26 19:05 - 00816128 ____R () C:\Users\Dachsung\AppData\Local\Temp\_MEI130202\wx._windows_.pyd
2016-11-26 19:05 - 2016-11-26 19:05 - 01067008 ____R () C:\Users\Dachsung\AppData\Local\Temp\_MEI130202\wx._controls_.pyd
2016-11-26 19:05 - 2016-11-26 19:05 - 00733184 ____R () C:\Users\Dachsung\AppData\Local\Temp\_MEI130202\wx._misc_.pyd
2016-11-26 19:05 - 2016-11-26 19:05 - 00682496 ____R () C:\Users\Dachsung\AppData\Local\Temp\_MEI130202\pysqlite2._sqlite.pyd
2016-11-26 19:05 - 2016-11-26 19:05 - 00088064 ____R () C:\Users\Dachsung\AppData\Local\Temp\_MEI130202\_ctypes.pyd
2016-11-26 19:05 - 2016-11-26 19:05 - 00686080 ____R () C:\Users\Dachsung\AppData\Local\Temp\_MEI130202\unicodedata.pyd
2016-11-26 19:05 - 2016-11-26 19:05 - 00119808 ____R () C:\Users\Dachsung\AppData\Local\Temp\_MEI130202\win32file.pyd
2016-11-26 19:05 - 2016-11-26 19:05 - 00108544 ____R () C:\Users\Dachsung\AppData\Local\Temp\_MEI130202\win32security.pyd
2016-11-26 19:05 - 2016-11-26 19:05 - 00007168 ____R () C:\Users\Dachsung\AppData\Local\Temp\_MEI130202\hashobjs_ext.pyd
2016-11-26 19:05 - 2016-11-26 19:05 - 00017920 ____R () C:\Users\Dachsung\AppData\Local\Temp\_MEI130202\thumbnails_ext.pyd
2016-11-26 19:05 - 2016-11-26 19:05 - 00088064 ____R () C:\Users\Dachsung\AppData\Local\Temp\_MEI130202\usb_ext.pyd
2016-11-26 19:05 - 2016-11-26 19:05 - 00012800 ____R () C:\Users\Dachsung\AppData\Local\Temp\_MEI130202\common.time34.pyd
2016-11-26 19:05 - 2016-11-26 19:05 - 00018432 ____R () C:\Users\Dachsung\AppData\Local\Temp\_MEI130202\win32event.pyd
2016-11-26 19:05 - 2016-11-26 19:05 - 00167936 ____R () C:\Users\Dachsung\AppData\Local\Temp\_MEI130202\win32gui.pyd
2016-11-26 19:05 - 2016-11-26 19:05 - 00046080 ____R () C:\Users\Dachsung\AppData\Local\Temp\_MEI130202\_socket.pyd
2016-11-26 19:05 - 2016-11-26 19:05 - 01303552 ____R () C:\Users\Dachsung\AppData\Local\Temp\_MEI130202\_ssl.pyd
2016-11-26 19:05 - 2016-11-26 19:05 - 00128512 ____R () C:\Users\Dachsung\AppData\Local\Temp\_MEI130202\_elementtree.pyd
2016-11-26 19:05 - 2016-11-26 19:05 - 00127488 ____R () C:\Users\Dachsung\AppData\Local\Temp\_MEI130202\pyexpat.pyd
2016-11-26 19:05 - 2016-11-26 19:05 - 00038912 ____R () C:\Users\Dachsung\AppData\Local\Temp\_MEI130202\win32inet.pyd
2016-11-26 19:05 - 2016-11-26 19:05 - 00036864 ____R () C:\Users\Dachsung\AppData\Local\Temp\_MEI130202\_psutil_windows.pyd
2016-11-26 19:05 - 2016-11-26 19:05 - 00525208 ____R () C:\Users\Dachsung\AppData\Local\Temp\_MEI130202\windows._lib_cacheinvalidation.pyd
2016-11-26 19:05 - 2016-11-26 19:05 - 00011264 ____R () C:\Users\Dachsung\AppData\Local\Temp\_MEI130202\win32crypt.pyd
2016-11-26 19:05 - 2016-11-26 19:05 - 00123392 ____R () C:\Users\Dachsung\AppData\Local\Temp\_MEI130202\wx._wizard.pyd
2016-11-26 19:05 - 2016-11-26 19:05 - 00077312 ____R () C:\Users\Dachsung\AppData\Local\Temp\_MEI130202\wx._html2.pyd
2016-11-26 19:05 - 2016-11-26 19:05 - 00027648 ____R () C:\Users\Dachsung\AppData\Local\Temp\_MEI130202\_multiprocessing.pyd
2016-11-26 19:05 - 2016-11-26 19:05 - 00020480 ____R () C:\Users\Dachsung\AppData\Local\Temp\_MEI130202\_yappi.pyd
2016-11-26 19:05 - 2016-11-26 19:05 - 00035840 ____R () C:\Users\Dachsung\AppData\Local\Temp\_MEI130202\win32process.pyd
2016-11-26 19:05 - 2016-11-26 19:05 - 00078848 ____R () C:\Users\Dachsung\AppData\Local\Temp\_MEI130202\wx._animate.pyd
2016-11-26 19:05 - 2016-11-26 19:05 - 00024064 ____R () C:\Users\Dachsung\AppData\Local\Temp\_MEI130202\win32pipe.pyd
2016-11-26 19:05 - 2016-11-26 19:05 - 00010240 ____R () C:\Users\Dachsung\AppData\Local\Temp\_MEI130202\select.pyd
2016-11-26 19:05 - 2016-11-26 19:05 - 00025600 ____R () C:\Users\Dachsung\AppData\Local\Temp\_MEI130202\win32pdh.pyd
2016-11-26 19:05 - 2016-11-26 19:05 - 00017408 ____R () C:\Users\Dachsung\AppData\Local\Temp\_MEI130202\win32profile.pyd
2016-11-26 19:05 - 2016-11-26 19:05 - 00022528 ____R () C:\Users\Dachsung\AppData\Local\Temp\_MEI130202\win32ts.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 02:24 - 2015-10-30 02:21 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1908341225-1132082261-611098665-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Dachsung\Documents\backgrounds\03780_riffelsee_1920x1080.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{1F01384B-022B-424E-8256-2952EFF1B5E6}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{BD5E3EB6-BCAB-4BD0-AFD3-BCAAEF9A8F04}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FA73E101-85D0-4687-9713-808B42C80FFD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7A9F3375-4590-4BDA-A16D-F5D216E08228}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B59455DA-D980-4CAE-9EC4-EDDD43D13A20}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C122579B-95FB-4F9F-9FD5-62B08881E595}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{BE4BF305-BDFC-4692-BF0D-6119FEE52651}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{722E8003-5123-4746-BE48-AC322A8DFB46}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{8E97ABDB-DA3C-4C76-ADFD-93AB40384266}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{6094C2DE-4288-4422-B0F8-BC349AE8E19A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{2092B14A-2DFD-4397-839D-4536237BC1E5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{77C60A06-F519-4207-B7B7-44CEB75B1DC3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

16-11-2016 16:25:43 Installed Camtasia Studio 8
21-11-2016 14:58:19 Restore Operation
21-11-2016 15:19:03 JRT Pre-Junkware Removal
21-11-2016 18:28:57 Malwarebytes Anti-Rootkit Restore Point
21-11-2016 19:37:39 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/26/2016 05:28:05 PM) (Source: DellSupportAssistRemedationService.exe) (EventID: 0) (User: )
Description: [10] ERROR- FindPartObjects() failed to find by both MSFT_PartitionToVolume and find_comp_by_files! #StackInfo#

Error: (11/26/2016 03:28:02 PM) (Source: DellSupportAssistRemedationService.exe) (EventID: 0) (User: )
Description: [10] ERROR- FindPartObjects() failed to find by both MSFT_PartitionToVolume and find_comp_by_files! #StackInfo#

Error: (11/26/2016 02:09:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 712625

Error: (11/26/2016 02:09:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 712625

Error: (11/26/2016 02:09:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/26/2016 01:57:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3593

Error: (11/26/2016 01:57:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3593

Error: (11/26/2016 01:57:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/26/2016 01:57:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2421

Error: (11/26/2016 01:57:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2421


System errors:
=============
Error: (11/26/2016 01:57:30 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/23/2016 01:19:51 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/23/2016 11:39:47 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/23/2016 11:15:30 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
Incorrect function.

Error: (11/23/2016 11:15:30 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
Incorrect function.

Error: (11/23/2016 11:15:30 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
Incorrect function.

Error: (11/23/2016 11:15:20 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
Incorrect function.

Error: (11/23/2016 11:15:20 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
Incorrect function.

Error: (11/23/2016 11:15:20 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
Incorrect function.

Error: (11/23/2016 11:15:19 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error:
Incorrect function.


CodeIntegrity:
===================================
Date: 2016-11-23 11:25:44.311
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-23 11:25:44.304
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-23 11:25:44.287
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-23 11:25:44.284
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-23 11:25:44.278
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-23 11:25:44.274
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-23 11:25:44.269
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-23 11:25:44.264
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-23 11:25:44.258
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-23 11:25:44.255
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i7-7500U CPU @ 2.70GHz
Percentage of memory in use: 40%
Total physical RAM: 16252.24 MB
Available physical RAM: 9723.58 MB
Total Virtual: 18684.24 MB
Available Virtual: 10713.77 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:463.97 GB) (Free:359.58 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 58D98B22)

Partition: GPT.

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 26 November 2016 - 07:52 PM.
Posted modified logs


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:03 AM

Posted 26 November 2016 - 09:08 PM

Greetings and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.
 

I have tried removing and reinstalling and the problem persists.

Are you referring to Chrome?

Please do this.

===================================================

Launching Chrome Without Plugins or Extensions

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type in chrome --disable-extensions and press Enter
  • Check the browser behavior
===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure only the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries

  • Click Go and once the scan is completed a MTB.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Chrome performance
  • MTB log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:03 AM

Posted 29 November 2016 - 09:52 AM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 dachsung

dachsung
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:03 AM

Posted 29 November 2016 - 10:27 AM

I apologize for the late reply.

 

Please find attached log file.

 

I will be more alert in the notification emails.

 

Thank you for your help in advance.



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:03 AM

Posted 29 November 2016 - 10:43 AM

Greetings,

The file is not included in your post. Please copy and paste the information in your reply.

Did you run Chrome the special way? If so, any better.

I am going to be away from my computer for a few hours.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 dachsung

dachsung
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:03 AM

Posted 29 November 2016 - 10:45 AM

Sorry, I forgot to click attach file.
 
No, Chrome was not used any special way. Only extensions are adblocker and google docs extensions that get added. tried running without them also and had chrome reinstalled.

MiniToolBox by Farbar Version: 17-06-2016
Ran by Dachsung (administrator) on 29-11-2016 at 10:25:14
Running from "C:\Users\Dachsung\Downloads"
Microsoft Windows 10 Pro (X64)
Model: Inspiron 13-7378 Manufacturer: Dell Inc.
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
========================= IP Configuration: ================================

Intel® Dual Band Wireless-AC 3165 = Wi-Fi (Connected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : DoxTab
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Local Area Connection* 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
Physical Address. . . . . . . . . : 84-EF-18-64-82-C9
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® Dual Band Wireless-AC 3165
Physical Address. . . . . . . . . : 84-EF-18-64-82-C8
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::6432:654d:721d:be18%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.2.10(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, November 29, 2016 10:22:26 AM
Lease Expires . . . . . . . . . . : Wednesday, November 30, 2016 10:22:31 AM
Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DHCPv6 IAID . . . . . . . . . . . : 126152472
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1F-AB-D7-4D-84-EF-18-64-82-C8
DNS Servers . . . . . . . . . . . : 192.168.2.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 84-EF-18-64-82-CC
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 12:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:3cfd:118:cdb4:23c1(Preferred)
Link-local IPv6 Address . . . . . : fe80::3cfd:118:cdb4:23c1%5(Preferred)
Default Gateway . . . . . . . . . : ::
DHCPv6 IAID . . . . . . . . . . . : 83886080
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1F-AB-D7-4D-84-EF-18-64-82-C8
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{77E59A6A-FBA9-425E-8F9C-81BF05C104EE}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.2.1

Name: google.com
Addresses: 2607:f8b0:4004:80d::200e
216.58.217.142


Pinging google.com [216.58.217.142] with 32 bytes of data:
Reply from 216.58.217.142: bytes=32 time=45ms TTL=51
Reply from 216.58.217.142: bytes=32 time=28ms TTL=51

Ping statistics for 216.58.217.142:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 28ms, Maximum = 45ms, Average = 36ms
Server: UnKnown
Address: 192.168.2.1

Name: yahoo.com
Addresses: 2001:4998:44:204::a7
2001:4998:c:a06::2:4008
2001:4998:58:c02::a9
206.190.36.45
98.138.253.109
98.139.183.24


Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=120ms TTL=45
Reply from 206.190.36.45: bytes=32 time=108ms TTL=45

Ping statistics for 206.190.36.45:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 108ms, Maximum = 120ms, Average = 114ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
10...84 ef 18 64 82 c9 ......Microsoft Wi-Fi Direct Virtual Adapter
11...84 ef 18 64 82 c8 ......Intel® Dual Band Wireless-AC 3165
15...84 ef 18 64 82 cc ......Bluetooth Device (Personal Area Network)
1...........................Software Loopback Interface 1
5...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
2...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.10 55
127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
127.0.0.1 255.255.255.255 On-link 127.0.0.1 331
127.255.255.255 255.255.255.255 On-link 127.0.0.1 331
192.168.2.0 255.255.255.0 On-link 192.168.2.10 311
192.168.2.10 255.255.255.255 On-link 192.168.2.10 311
192.168.2.255 255.255.255.255 On-link 192.168.2.10 311
224.0.0.0 240.0.0.0 On-link 127.0.0.1 331
224.0.0.0 240.0.0.0 On-link 192.168.2.10 311
255.255.255.255 255.255.255.255 On-link 127.0.0.1 331
255.255.255.255 255.255.255.255 On-link 192.168.2.10 311
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
5 331 ::/0 On-link
1 331 ::1/128 On-link
5 331 2001::/32 On-link
5 331 2001:0:9d38:90d7:3cfd:118:cdb4:23c1/128
On-link
11 311 fe80::/64 On-link
5 331 fe80::/64 On-link
5 331 fe80::3cfd:118:cdb4:23c1/128
On-link
11 311 fe80::6432:654d:721d:be18/128
On-link
1 331 ff00::/8 On-link
11 311 ff00::/8 On-link
5 331 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\SysWoW64\napinsp.dll [55808] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWoW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWoW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWoW64\NLAapi.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWoW64\winrnr.dll [24064] (Microsoft Corporation)
Catalog5 07 C:\WINDOWS\SysWoW64\wshbth.dll [51712] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128] (Apple Inc.)
Catalog9 01 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [62976] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 13 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)

**** End of log ****

Attached Files

  • Attached File  MTB.txt   12.3KB   1 downloads

Edited by Oh My!, 29 November 2016 - 02:05 PM.


#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:03 AM

Posted 29 November 2016 - 02:10 PM

Greetings,

I would ask that you closely ready the information and instructions I post so that we can efficiently and effectively address your concerns.

I provided instruction on how to start Chrome a special way. That is a necessary troubleshooting step to determine what the issue is. Did you complete the Launching Chrome Without Plugins or Extensions instructions I posted?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 dachsung

dachsung
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:03 AM

Posted 29 November 2016 - 05:05 PM

The bar seems to be gone now running with the parameters you've provided.

 

I relaunched without it and it seems to be gone also.

 

I'm not 100% sure of it being gone but it seems to be gone.

 

Not sure what actually did it but I thank you for your help.

 

Would you like me to run any other tests?

 

Thanks again.



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:03 AM

Posted 29 November 2016 - 05:33 PM

I'm not sure it is solved either. Please run these.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Review the list of entries and if there are any you want to keep stop and copy/paste the ESET.txt report in your reply for my review
  • If you do not wish to keep any of the entries check Uninstall application on close and Delete quarantined files
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ESET log
  • Security Check log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 dachsung

dachsung
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:03 AM

Posted 29 November 2016 - 06:45 PM

Hi just ran the scans and no threats on eset.

 

Security Check log:

 

 Results of screen317's Security Check version 1.014 --- 12/23/15  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Windows Defender   
Avast Antivirus    
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Microsoft VisualStudio JavaScript Project System
 Microsoft VisualStudio JavaScript Language Service
 Java version 32-bit out of Date!
 Mozilla Firefox (50.0)
 Google Chrome (54.0.2840.99)
 Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 Windows Defender MSASCuiL.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:03 AM

Posted 29 November 2016 - 08:19 PM

I would like you to monitor the computer for a day and let me know how it performs. We can touch base tomorrow.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 dachsung

dachsung
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:03 AM

Posted 29 November 2016 - 10:41 PM

Thank you for all your help. I'll update on how it is doing. Thanks again.

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:03 AM

Posted 29 November 2016 - 10:44 PM

My pleasure, thanks.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users