Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

browser hijacker cse.google.com/cse.....


  • This topic is locked This topic is locked
20 replies to this topic

#1 lew1s

lew1s

  • Members
  • 11 posts
  • OFFLINE
  •  

Posted 22 December 2016 - 10:46 AM

Hi,In my Windows/temp folder g9C19.tmp.exe and 4 tmp files. When open chrome and google something its redirecting to cse.google.com/cse. Sometimes is working but if I open new tab or google something it open just blank page.
 
Tried all scanners, Norton live, Malware bytes, Malware Ad, Malwere Rootkit, Spyhunter, Hitman. Avast see this but doesnt takes any action.
 
I need to end the process in task manager and after I can delete these files. When I reboot it's back again. Not every time. But came back on second last time. 
 
I followed these steps as well. https://howtoremove.guide/how-to-remove-cse-google-com-virus/ 
 
Check the hosts.txt file, Chrome reset to default. Uninstall many times install again. Sometimes is doing on Firefox but mostly Chrome is affected. 
 
It's really annoying. It's a new browser hijacker which Scanners doesn't know yet? 
 
Don't want to do format. Lots of stuff installed. I did backup in case formatting.
 
Do I have to wait for solution and when Antivirus & Malware scanners update their databases? 
 
Or somebody has solution ? Thanks
 
I followed this:
https://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
5. Firewall is enabled
6. Farbar recovery scan tool log. attached. FRST.txt and Additional.txt
 
Thanks!
Mike

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-12-2016
Ran by LEW1S (administrator) on DESKTOP-1EKJ75Q (22-12-2016 15:40:17)
Running from C:\Users\LEW1S\Downloads
Loaded Profiles: LEW1S (Available Profiles: LEW1S)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Performix LLC) C:\Program Files (x86)\Adguard\AdguardSvc.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
() C:\Program Files (x86)\Dell Dock Update\DUWrapperService.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Portrait Displays, Inc.) C:\Program Files\Portrait Displays\Dell PremierColor\PremierColorService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(New Softwares.net) C:\Windows\SysWOW64\WinFLService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe
(Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe
(Portrait Displays, Inc.) C:\Program Files\Portrait Displays\Dell PremierColor\PremierColor.exe
() C:\Program Files\Portrait Displays\Dell PremierColor\CTHelper.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
( New Softwares.net) C:\Windows\SysWOW64\WinFLTray.exe
(Performix LLC) C:\Program Files (x86)\Adguard\Adguard.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
(Dell Inc.) C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
() C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Dell) C:\Program Files\Dell\Dell Product Registration\PRSvc.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
() C:\Windows\Temp\g9C19.tmp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft® Windows® Operating System) C:\Windows\System32\Taskmgr.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ESET spol. s r.o.) C:\Users\LEW1S\Downloads\esetonlinescanner_enu.exe
(The Pidgin developer community) C:\Program Files (x86)\Pidgin\pidgin.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Evernote) C:\Program Files (x86)\Evernote\Skitch\Skitch.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\LEW1S\AppData\Local\Wunderlist\Wunderlist.exe
() C:\Users\LEW1S\AppData\Local\Wunderlist\Wunderlist.exe
() C:\Users\LEW1S\AppData\Local\Wunderlist\Wunderlist.exe
() C:\Users\LEW1S\AppData\Local\Wunderlist\Wunderlist.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
(Adobe Systems, Incorporated) C:\Program Files\Adobe\Adobe Photoshop CC 2014\Photoshop.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Joyent, Inc) C:\Program Files\Adobe\Adobe Photoshop CC 2014\node.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\Sublime Text 3\sublime_text.exe
() C:\Program Files\Sublime Text 3\plugin_host.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Adobe Illustrator CC 2014\Support Files\Contents\Windows\Illustrator.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\YNAB 4\YNAB 4.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8822528 2016-05-25] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1429248 2016-05-25] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322472 2015-07-22] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-15] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Fences] => C:\Program Files (x86)\Stardock\Fences\Fences.exe [4031152 2013-11-26] (Stardock Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-26] (Logitech, Inc.)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [718256 2015-12-22] (Waves Audio Ltd.)
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [1724536 2016-07-29] (Logitech, Inc.)
HKLM\...\Run: [GoPro Tray App] => C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe [1088944 2016-05-11] ()
HKLM\...\Run: [PremierColor] => C:\Program Files\Portrait Displays\Dell PremierColor\PremierColor.exe [3889904 2015-11-14] (Portrait Displays, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1298456 2015-04-20] (CANON INC.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25779624 2016-12-21] (Dropbox, Inc.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-16] (AVAST Software)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [413696 2009-01-05] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM\...\RunOnce: [wd] => C:\Windows\TEMP\g9C19.tmp.exe [252416 2016-12-22] () <===== ATTENTION
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1265675304-2135499584-1237270965-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9105112 2016-11-15] (Piriform Ltd)
HKU\S-1-5-21-1265675304-2135499584-1237270965-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4290240 2016-03-01] (Disc Soft Ltd)
HKU\S-1-5-21-1265675304-2135499584-1237270965-1001\...\Run: [WinFLTray] => C:\Windows\SysWow64\WinFLTray.exe [331824 2016-07-24] ( New Softwares.net)
HKU\S-1-5-21-1265675304-2135499584-1237270965-1001\...\Run: [FLBackup] => C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServCtrl.exe [277552 2016-07-24] (New Softwares.net)
HKU\S-1-5-21-1265675304-2135499584-1237270965-1001\...\Run: [Spotify Web Helper] => C:\Users\LEW1S\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1444976 2016-12-21] (Spotify Ltd)
HKU\S-1-5-21-1265675304-2135499584-1237270965-1001\...\Run: [Spotify] => C:\Users\LEW1S\AppData\Roaming\Spotify\Spotify.exe [7153264 2016-12-21] (Spotify Ltd)
HKU\S-1-5-21-1265675304-2135499584-1237270965-1001\...\Run: [Adguard] => C:\Program Files (x86)\Adguard\Adguard.exe [5622032 2016-12-02] (Performix LLC)
HKU\S-1-5-21-1265675304-2135499584-1237270965-1001\...\RunOnce: [Uninstall C:\Users\LEW1S\AppData\Local\Microsoft\OneDrive\17.3.6301.0127_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\LEW1S\AppData\Local\Microsoft\OneDrive\17.3.6301.0127_1\amd64"
HKU\S-1-5-21-1265675304-2135499584-1237270965-1001\...\MountPoints2: {5a8fa2e3-6d60-11e6-9c40-98dd93d09636} - "G:\Lenovo_Suite.exe"
HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [371928 2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-09-13] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2016-01-16]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HandyAndy.lnk [2016-12-07]
ShortcutTarget: HandyAndy.lnk -> C:\Program Files\Andy\HandyAndy.exe (Andy OS, inc.)
Startup: C:\Users\LEW1S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2016-02-29]
Startup: C:\Users\LEW1S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fences.lnk [2016-04-13]
ShortcutTarget: Fences.lnk -> C:\Program Files (x86)\Stardock\Fences\Fences.exe (Stardock Corporation)
Startup: C:\Users\LEW1S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RLEThjJwJFKr.lnk [2016-02-29]
BootExecute: autocheck autochk * sh4native Sh4Removal
GroupPolicy: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2
Tcpip\..\Interfaces\{971b60a9-556f-4196-b2fc-febe3248a832}: [DhcpNameServer] 192.168.0.1 192.168.0.2

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM -> DefaultScope {003CAC80-DAC6-4732-93DF-CC93124FF197} URL =
SearchScopes: HKLM-x32 -> DefaultScope {003CAC80-DAC6-4732-93DF-CC93124FF197} URL =
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-02-26] (LastPass)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-26] (Logitech, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-12-03] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2016-09-23] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2016-02-26] (LastPass)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-26] (Logitech, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-03] (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-02-26] (LastPass)
Toolbar: HKLM - No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - No File
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2016-02-26] (LastPass)
Toolbar: HKLM-x32 - No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - No File

FireFox:
========
FF ProfilePath: C:\Users\LEW1S\AppData\Roaming\Postbox\Profiles\73ujw2qk.default [2016-11-03]
FF ProfilePath: C:\Users\LEW1S\AppData\Roaming\Mozilla\Firefox\Profiles\t20kov17.default-1482400321512 [2016-12-22]
FF Extension: (Awesome Screenshot - Capture, Annotate & More) - C:\Users\LEW1S\AppData\Roaming\Mozilla\Firefox\Profiles\t20kov17.default-1482400321512\Extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi [2016-12-22]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-09-13]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-09-13]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2016-06-29] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll [2016-10-30] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-09-19] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWoW64\Macromed\Flash\NPSWF32_16_0_0_257.dll [2016-10-30] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2014-07-28] (CANON INC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-25] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-25] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-12-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-03] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2014-05-19] (Nitro PDF)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-09-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-09-16] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-09-19] (Adobe Systems)

Chrome:
=======
CHR DefaultProfile: Profile 5
CHR HomePage: Profile 5 -> hxxp://google.ie/
CHR StartupUrls: Profile 5 -> "hxxp://google.ie/"
CHR DefaultSearchKeyword: Profile 5 -> lp
CHR Session Restore: Profile 5 -> is enabled.
CHR Profile: C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Backup Default [2016-12-21]
CHR Profile: C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 1 [2016-12-21]
CHR Profile: C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 2 [2016-12-22]
CHR Profile: C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 3 [2016-12-22]
CHR Profile: C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 4 [2016-12-22]
CHR Profile: C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5 [2016-12-22]
CHR Extension: (Google Slides) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-22]
CHR Extension: (Super Netflix) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\aioencjhbaolepcoappllicjebblphoc [2016-12-22]
CHR Extension: (Brogrammer Dev Tools Theme) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\alolpfkmcjdkieibielpffiehpobafae [2016-12-22]
CHR Extension: (Google Docs) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-22]
CHR Extension: (Google Drive) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-22]
CHR Extension: (Web Developer) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2016-12-22]
CHR Extension: (ColorZilla) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp [2016-12-22]
CHR Extension: (SnappySnippet) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\blfngdefapoapkcdibbdkigpeaffgcil [2016-12-22]
CHR Extension: (YouTube) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-22]
CHR Extension: (Facebook) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2016-12-22]
CHR Extension: (DevTools Theme: Zero Dark Matrix) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\bomhdjeadceaggdgfoefmpeafkjhegbo [2016-12-22]
CHR Extension: (GistBox) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\caoihfibgoiiakncomhccbflmlgjaohf [2016-12-22]
CHR Extension: (Adblock for Youtube™) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2016-12-22]
CHR Extension: (Clear Cache) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn [2016-12-22]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2016-12-22]
CHR Extension: (Google+) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\dlppkpafhbajpcmmoheippocdidnckmm [2016-12-22]
CHR Extension: (Google Calendar) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2016-12-22]
CHR Extension: (Box) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ejnkaeblpdcamcioiiabclakabcbjmbl [2016-12-22]
CHR Extension: (Video Downloader professional) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2016-12-22]
CHR Extension: (Strong Password Generator) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\emehklffcaphknhhfhadkjhpfapcbpco [2016-12-22]
CHR Extension: (Google Sheets) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-12-22]
CHR Extension: (Google Docs Offline) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-22]
CHR Extension: (AdBlock) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-12-22]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2016-12-22]
CHR Extension: (Google Calendar (by Google)) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2016-12-22]
CHR Extension: (Pinterest Save Button) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2016-12-22]
CHR Extension: (Wappalyzer) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\gppongmhjkpfnbhagpmjfkannfbllamg [2016-12-22]
CHR Extension: (Color Tab) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\hchlgfaicmddilenlflajnmomalehbom [2016-12-22]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-12-22]
CHR Extension: (SEO & Website Analysis) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\hlngmmdolgbdnnimbmblfhhndibdipaf [2016-12-22]
CHR Extension: (Google Play Music) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2016-12-22]
CHR Extension: (Social Fixer for Facebook) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2016-12-22]
CHR Extension: (Apps Launcher) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ijmgkhchjindcjamnckoiahagecjnkdc [2016-12-22]
CHR Extension: (WhatFont) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\jabopobgcpjmedljpbcaablpmlmfcogm [2016-12-22]
CHR Extension: (World Time Buddy) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\jdhpjomiingppeefgnohkiapmnaeakoj [2016-12-22]
CHR Extension: (Page Ruler) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\jlpkojjdgbllmedoapgfodplfhcbnbpn [2016-12-22]
CHR Extension: (Tag Assistant (by Google)) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\kejbdjndbnbjgmefkgdddjlbokphdefk [2016-12-22]
CHR Extension: (WordPress.com) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\khjnjifipfkgglficmipimgjpbmlbemd [2016-12-22]
CHR Extension: (TrackingTime
Time Tracker) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\knailkjkjcfegledhjhcfacdngnicimb [2016-12-22]
CHR Extension: (Momentum) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\laookkfknpbbblfpciffpaejjkokdgca [2016-12-22]
CHR Extension: (Evernote Web) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2016-12-22]
CHR Extension: (Corporate Ipsum) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\lfmadckmfehehmdnmhaebniooenedcbb [2016-12-22]
CHR Extension: (Google Maps) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2016-12-22]
CHR Extension: (Morpheon Dark) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\mafbdhjdkjnoafhfelkjpchpaepjknad [2016-12-22]
CHR Extension: (Lightshot (screenshot tool)) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2016-12-22]
CHR Extension: (Take Webpage Screenshots Entirely - FireShot) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg [2016-12-22]
CHR Extension: (Screencastify (Screen Video Recorder)) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\mmeijimgabbpbgpdklnllpncmdofkcpn [2016-12-22]
CHR Extension: (DevDocs) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\mnfehgbmkapmjnhcnbodoamcioleeooe [2016-12-22]
CHR Extension: (Sticky Notes) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\nbjdhgkkhefpifbifjiflpaajchdkhpg [2016-12-22]
CHR Extension: (GetThemAll Video Downloader) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\nbkekaeindpfpcoldfckljplboolgkfm [2016-12-22]
CHR Extension: (Save to Pocket) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2016-12-22]
CHR Extension: (Awesome Screenshot: Screen capture, Annotate) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\nlipoenfbbikpbjkfpfillcgkoblgpmj [2016-12-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-22]
CHR Extension: (Better History) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\obciceimmggglbmelaidpjlmodcebijb [2016-12-22]
CHR Extension: (Responsive Web Design Tester) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\objclahbaimlfnbjdeobicmmlnbhamkg [2016-12-22]
CHR Extension: (imo free video calls and text) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ocaebkdojpikfmhmnekiflipcicedobi [2016-12-22]
CHR Extension: (Chrome Apps & Extensions Developer Tool) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ohmmkhmmmpcnpikjeljgnaoabkaalbgc [2016-12-22]
CHR Extension: (Wunderlist for Chrome) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ojcflmmmcfpacggndoaaflkmcoblhnbh [2016-12-22]
CHR Extension: (Droplr for Chrome) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\oncaapliomaamlbopdmhmdompfemljhm [2016-12-22]
CHR Extension: (Gmail) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-22]
CHR Extension: (Chrome Media Router) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-22]
CHR HKLM-x32\...\Chrome\Extension: [dhhejlifdlcgcmogbggeomfodgklfaem] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [imhlianhlhdicjchlbmbfaefhhjencbe] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Adguard Service; C:\Program Files (x86)\Adguard\AdguardSvc.exe [151312 2016-12-02] (Performix LLC)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-13] (AVAST Software)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2297104 2015-10-29] (Broadcom Corporation.)
S3 cplspcon; C:\Windows\system32\IntelCpHDCPSvc.exe [448488 2016-07-28] (Intel Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-29] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-29] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [42096 2016-12-21] (Dropbox, Inc.)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [132472 2016-09-09] (Dell Inc.)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [97616 2016-11-30] (Dell)
R2 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [78672 2016-09-13] (Dell Inc.)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-06-23] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-06-23] (Dell Inc.)
R2 DellDockUpdate; C:\Program Files (x86)\Dell Dock Update\DUWrapperService.exe [126832 2016-07-07] ()
R2 DellPremierColorService; C:\Program Files\Portrait Displays\Dell PremierColor\PremierColorService.exe [175344 2015-11-14] (Portrait Displays, Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1444544 2016-03-01] (Disc Soft Ltd)
R2 esifsvc; C:\Windows\SysWoW64\esif_uf.exe [1392792 2015-10-30] (Intel Corporation)
R2 FLService; C:\WINDOWS\SysWow64\WinFLService.exe [94768 2016-07-24] (New Softwares.net)
R2 GoProDeviceDetectionService; C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe [37808 2016-05-11] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-07-22] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373736 2016-07-28] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
R3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2015-09-05] (Intel Corporation)
R2 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe [230920 2014-05-19] (Nitro PDF Software)
R2 NitroUpdateService; C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe [417800 2014-05-19] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-15] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-06-15] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-15] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2016-02-03] (Electronic Arts)
R2 Product Registration; C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [80208 2016-09-22] (Dell)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312576 2016-05-25] (Realtek Semiconductor)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31704 2016-09-09] (Dell Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7032080 2016-05-12] (TeamViewer GmbH)
S3 ThunderboltService; C:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [1831064 2015-11-04] (Intel Corporation)
S3 wampapache64; c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [24576 2014-05-01] (Apache Software Foundation) [File not signed]
S3 wampmysqld64; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [12942848 2014-05-01] () [File not signed]
R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [613296 2015-12-22] (Waves Audio Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S2 Phgech; C:\Program Files (x86)\Dracoentghocage\atervosyprv.dll [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 adgnetworkwfpdrv; C:\Windows\System32\drivers\adgnetworkwfpdrv.sys [74864 2016-10-05] ()
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-09-13] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-09-13] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-09-13] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-09-13] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-09-13] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-09-14] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2016-09-22] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-09-13] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-14] (AVAST Software)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [227136 2015-10-29] (Broadcom Corporation.)
R3 BCMPCIEDHD63; C:\Windows\system32\DRIVERS\bcmpciedhd63.sys [1046296 2016-05-03] (Broadcom Corp)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [32464 2015-09-11] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-09-11] (Dell Computer Corporation)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)
R3 dptf_acpi; C:\Windows\System32\drivers\dptf_acpi.sys [55784 2015-10-30] (Intel Corporation)
R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [52200 2015-10-30] (Intel Corporation)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2016-03-30] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2016-03-30] (Disc Soft Ltd)
R3 esif_lf; C:\Windows\system32\DRIVERS\esif_lf.sys [260072 2015-10-30] (Intel Corporation)
R3 HidEventFilter; C:\Windows\System32\drivers\HidEventFilter.sys [43512 2015-06-10] (Intel Corporation)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R2 NEWDRIVER; C:\WINDOWS\SysWow64\WinVDEdrv6.sys [197648 2016-07-24] ()
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvdmi.inf_amd64_86f2ae812568c59a\nvlddmkm.sys [14242872 2016-09-20] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
S3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [752856 2015-06-24] (Realsil Semiconductor Corporation)
U5 RTSUER; C:\Windows\System32\Drivers\RTSUER.sys [402136 2015-06-24] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-08-03] (Synaptics Incorporated)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
S1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [127456 2016-03-04] (Oracle Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 wdm_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R1 WinFLAdrv; C:\Windows\SysWow64\WinFLAdrv.sys [36472 2016-07-24] ()
R2 WinVDEDrv; C:\WINDOWS\SysWow64\WinVDEdrv.sys [225680 2016-07-24] (NewSoftwares.net, Inc.)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2016-12-21] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2016-12-21] (Zemana Ltd.)
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-22 15:40 - 2016-12-22 15:40 - 00046505 _____ C:\Users\LEW1S\Downloads\FRST.txt
2016-12-22 15:40 - 2016-12-22 15:40 - 00000000 ____D C:\FRST
2016-12-22 14:00 - 2016-12-22 14:00 - 00000000 _____ C:\Users\LEW1S\pslog.txt
2016-12-22 13:33 - 2016-12-22 13:33 - 06771840 _____ (ESET spol. s r.o.) C:\Users\LEW1S\Downloads\esetonlinescanner_enu.exe
2016-12-22 13:33 - 2016-12-22 13:33 - 00000000 ____D C:\Users\LEW1S\AppData\Local\ESET
2016-12-22 13:29 - 2016-12-22 15:39 - 02420736 _____ (Farbar) C:\Users\LEW1S\Downloads\FRST64.exe
2016-12-22 13:25 - 2016-12-22 13:47 - 00000000 ____D C:\Users\LEW1S\Desktop\mbar
2016-12-22 13:25 - 2016-12-22 13:47 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-12-22 13:25 - 2016-12-22 13:25 - 16563352 _____ (Malwarebytes Corp.) C:\Users\LEW1S\Downloads\mbar-1.09.3.1001.exe
2016-12-22 13:13 - 2016-12-22 13:13 - 00000000 ____D C:\Users\LEW1S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2016-12-22 13:02 - 2016-12-22 14:54 - 38358767 _____ C:\Users\LEW1S\Desktop\gavurky.psd
2016-12-22 10:07 - 2016-12-22 10:07 - 00000853 _____ C:\Users\LEW1S\Desktop\dddd.txt
2016-12-22 09:52 - 2016-12-22 15:40 - 00000000 ____D C:\ProgramData\Adguard
2016-12-22 09:52 - 2016-12-22 13:15 - 00000000 ____D C:\Program Files (x86)\Adguard
2016-12-22 09:52 - 2016-12-22 09:52 - 00001004 _____ C:\Users\Public\Desktop\Adguard.lnk
2016-12-22 09:52 - 2016-12-22 09:52 - 00000259 _____ C:\Windows\SysWOW64\Drivers\vwifikerneldrv.sys
2016-12-22 09:52 - 2016-12-22 09:52 - 00000259 _____ C:\Windows\SysWOW64\d3dx9_11.dll.tmp
2016-12-22 09:52 - 2016-12-22 09:52 - 00000259 _____ C:\ProgramData\fontcacheev1.dat
2016-12-22 09:52 - 2016-12-22 09:52 - 00000000 ____D C:\Users\LEW1S\Desktop\Old Firefox Data
2016-12-22 09:52 - 2016-12-22 09:52 - 00000000 ____D C:\Users\LEW1S\AppData\Roaming\Performix LLC
2016-12-22 09:52 - 2016-12-22 09:52 - 00000000 ____D C:\Users\LEW1S\AppData\Local\Performix_LLC
2016-12-22 09:52 - 2016-12-22 09:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adguard
2016-12-22 09:52 - 2016-10-05 06:26 - 00074864 _____ () C:\Windows\system32\Drivers\adgnetworkwfpdrv.sys
2016-12-22 09:50 - 2016-12-22 09:51 - 00173328 _____ C:\Users\LEW1S\Downloads\adguardInstaller.exe
2016-12-22 09:45 - 2016-12-22 09:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-12-22 08:48 - 2016-12-22 08:49 - 00294154 _____ C:\TDSSKiller.3.1.0.12_22.12.2016_08.48.00_log.txt
2016-12-22 08:47 - 2016-12-22 08:47 - 04747704 _____ (AO Kaspersky Lab) C:\Users\LEW1S\Downloads\tdsskiller.exe
2016-12-22 08:46 - 2016-12-22 08:47 - 00000000 ____D C:\Users\LEW1S\AppData\Local\NPE
2016-12-22 08:46 - 2016-12-22 08:46 - 03423928 _____ (Symantec Corporation) C:\Users\LEW1S\Downloads\NPE.exe
2016-12-22 08:46 - 2016-12-22 08:46 - 00000000 ____D C:\ProgramData\Norton
2016-12-21 21:08 - 2016-12-21 21:08 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2016-12-21 21:04 - 2016-12-21 21:04 - 00054736 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2016-12-21 20:56 - 2016-12-22 15:40 - 00144652 _____ C:\Windows\ZAM.krnl.trace
2016-12-21 20:56 - 2016-12-22 15:40 - 00110253 _____ C:\Windows\ZAM_Guard.krnl.trace
2016-12-21 20:56 - 2016-12-21 21:09 - 00000000 ____D C:\ProgramData\HitmanPro
2016-12-21 20:56 - 2016-12-21 20:56 - 05211584 _____ (Zemana Ltd.) C:\Users\LEW1S\Downloads\Zemana.AntiMalware.Portable.exe
2016-12-21 20:56 - 2016-12-21 20:56 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2016-12-21 20:56 - 2016-12-21 20:56 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2016-12-21 20:56 - 2016-12-21 20:56 - 00000000 ____D C:\Users\LEW1S\AppData\Local\Zemana
2016-12-21 20:55 - 2016-12-21 20:56 - 11581544 _____ (SurfRight B.V.) C:\Users\LEW1S\Downloads\hitmanpro_x64.exe
2016-12-21 20:43 - 2016-12-21 20:43 - 03977168 _____ C:\Users\LEW1S\Downloads\adwcleaner_6.041 (1).exe
2016-12-21 20:30 - 2016-12-21 20:30 - 00016816 _____ C:\Windows\System32\Tasks\880q919c730g278
2016-12-21 20:30 - 2016-12-21 20:30 - 00000000 ___HD C:\ProgramData\880q919c730g278
2016-12-21 20:08 - 2016-12-21 20:08 - 01065376 _____ (Google Inc.) C:\Users\LEW1S\Downloads\ChromeSetup(1).exe
2016-12-21 20:08 - 2016-12-21 20:08 - 00002350 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-21 20:08 - 2016-12-21 20:08 - 00002338 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-21 19:36 - 2016-12-21 19:36 - 00000895 _____ C:\Users\LEW1S\Desktop\LongTailPro.exe - Shortcut.lnk
2016-12-21 19:35 - 2016-12-21 19:35 - 00001111 _____ C:\Users\LEW1S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LongTailPro.lnk
2016-12-21 18:45 - 2016-12-21 18:45 - 01167426 _____ C:\Users\LEW1S\Downloads\New Doc 2Page 1.pdf
2016-12-21 18:15 - 2016-12-21 18:15 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2016-12-21 18:15 - 2016-12-21 18:15 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2016-12-21 18:15 - 2016-12-21 18:15 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2016-12-21 18:15 - 2016-12-21 18:15 - 00042096 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2016-12-21 18:02 - 2016-12-21 21:18 - 00000236 _____ C:\Users\LEW1S\AppData\Roaming\RO39-2M3Q
2016-12-21 18:02 - 2016-12-21 18:02 - 00000088 _____ C:\Users\LEW1S\AppData\Roaming\.95d691779473f3e03bc4b4e56319d74c.key
2016-12-21 18:01 - 2016-12-21 18:02 - 03530976 _____ C:\Users\LEW1S\Downloads\LongTailPro Platium v3.1.8 [Mediafire-WZ] (1).rar
2016-12-21 17:51 - 2016-12-21 20:30 - 00000000 ___HD C:\ProgramData\329q432c44g260
2016-12-21 17:51 - 2016-12-21 17:51 - 00016810 _____ C:\Windows\System32\Tasks\329q432c44g260
2016-12-21 17:32 - 2016-12-21 17:32 - 04987672 _____ (Ghisler Software GmbH) C:\Users\LEW1S\Downloads\tcmd900ax64.exe
2016-12-21 17:32 - 2016-12-21 17:32 - 00000685 _____ C:\Users\LEW1S\Desktop\Total Commander 64 bit.lnk
2016-12-21 17:32 - 2016-12-21 17:32 - 00000000 ____D C:\Users\LEW1S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander
2016-12-21 17:32 - 2016-12-21 17:32 - 00000000 ____D C:\Users\LEW1S\AppData\Roaming\GHISLER
2016-12-21 17:32 - 2016-12-21 17:32 - 00000000 ____D C:\Users\LEW1S\AppData\Local\GHISLER
2016-12-21 17:32 - 2016-12-21 17:32 - 00000000 ____D C:\totalcmd
2016-12-21 17:18 - 2016-12-21 17:18 - 00346112 _____ C:\Users\LEW1S\Downloads\Unlocker x64 1.9.2.msi
2016-12-21 17:18 - 2016-12-21 17:18 - 00001916 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unlocker.lnk
2016-12-21 17:18 - 2016-12-21 17:18 - 00000000 ____D C:\Program Files\Unlocker
2016-12-21 15:06 - 2016-12-21 15:10 - 01133528 _____ C:\Windows\ntbtlog.txt
2016-12-21 13:58 - 2016-12-21 13:58 - 00019267 _____ C:\Users\LEW1S\Desktop\Shirley Watson info.pdf
2016-12-21 13:16 - 2016-12-21 17:26 - 00016828 _____ C:\Windows\System32\Tasks\87639889d41t208319
2016-12-21 12:23 - 2016-12-21 12:23 - 00002667 _____ C:\Users\LEW1S\Downloads\spyhunter v4 22 8 4668 2-click run.torrent
2016-12-21 12:22 - 2016-12-21 12:22 - 00006289 _____ C:\Users\LEW1S\Downloads\spyhunter 4 18 9 4384 (2).torrent
2016-12-21 12:22 - 2016-12-21 12:22 - 00006289 _____ C:\Users\LEW1S\Downloads\spyhunter 4 18 9 4384 (1).torrent
2016-12-21 12:21 - 2016-12-21 12:21 - 00019816 _____ C:\Users\LEW1S\Downloads\spyhunter 4 24 3 4750 repack amp portable by tryroom.torrent
2016-12-21 12:19 - 2016-12-21 12:19 - 00000000 ____D C:\Program Files (x86)\Hiru
2016-12-21 12:16 - 2016-12-21 12:16 - 00018094 _____ C:\Users\LEW1S\Downloads\FA8E226972704E8184B4F1F5A4178BFB2F94B89A.torrent
2016-12-21 12:14 - 2016-12-21 12:14 - 00006289 _____ C:\Users\LEW1S\Downloads\spyhunter 4 18 9 4384.torrent
2016-12-21 11:05 - 2016-12-21 11:05 - 00000000 ____D C:\Windows\LastGood.Tmp
2016-12-21 11:05 - 2016-05-03 18:07 - 04167216 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvsrv64.dll
2016-12-21 11:05 - 2016-05-03 18:07 - 03795504 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvui64.dll
2016-12-21 11:05 - 2016-05-03 18:07 - 01046296 _____ (Broadcom Corp) C:\Windows\system32\Drivers\bcmpciedhd63.sys
2016-12-20 18:45 - 2016-12-20 18:45 - 00129270 _____ C:\Users\LEW1S\Desktop\How to Remove Cse.google.com _Virus_ - Virus Removal.html
2016-12-20 18:45 - 2016-12-20 18:45 - 00000000 ____D C:\Users\LEW1S\Desktop\How to Remove Cse.google.com _Virus_ - Virus Removal_files
2016-12-20 15:02 - 2016-12-20 15:02 - 00000000 _____ C:\autoexec.bat
2016-12-20 14:24 - 2016-12-20 14:24 - 00034774 _____ C:\Users\LEW1S\Documents\cc_20161220_142427.reg
2016-12-20 14:07 - 2016-12-21 22:14 - 00000000 ____D C:\AdwCleaner
2016-12-20 14:06 - 2016-12-20 14:07 - 03977168 _____ C:\Users\LEW1S\Downloads\adwcleaner_6.041.exe
2016-12-20 13:32 - 2016-12-20 13:32 - 00045739 _____ C:\Users\LEW1S\Downloads\5E03.tmp
2016-12-20 13:06 - 2016-12-20 13:06 - 42790737 _____ C:\Users\LEW1S\Downloads\YOGA.zip
2016-12-20 10:12 - 2016-12-20 10:13 - 28512267 _____ C:\Users\LEW1S\Downloads\hiller10.rar
2016-12-20 10:04 - 2016-12-20 13:31 - 00000000 ____D C:\Users\LEW1S\Desktop\themes
2016-12-20 09:33 - 2016-12-20 09:33 - 00013156 _____ C:\Users\LEW1S\Downloads\40yard-dash-final.csv
2016-12-20 08:34 - 2016-12-20 08:34 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2016-12-20 08:34 - 2016-12-20 08:34 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2016-12-20 08:17 - 2016-12-20 08:18 - 10769864 _____ (Adobe Systems Inc.) C:\Users\LEW1S\Downloads\AdobeAIRInstaller.exe
2016-12-19 21:32 - 2016-12-19 21:32 - 03530976 _____ C:\Users\LEW1S\Downloads\LongTailPro Platium v3.1.8 [Mediafire-WZ].rar
2016-12-19 21:07 - 2016-12-19 21:07 - 06880664 _____ (Tim Kosse) C:\Users\LEW1S\Downloads\FileZilla_3.23.0.2_win64-setup.exe
2016-12-19 21:06 - 2016-12-22 13:42 - 00000000 ____D C:\Users\LEW1S\AppData\Local\Wunderlist
2016-12-19 21:06 - 2016-12-19 21:06 - 00001210 _____ C:\Users\LEW1S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wunderlist.lnk
2016-12-19 21:06 - 2016-12-19 21:06 - 00000000 ____D C:\Users\LEW1S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wunderlist
2016-12-19 21:04 - 2016-12-19 21:06 - 40617552 _____ C:\Users\LEW1S\Downloads\Wunderlist-Setup.exe
2016-12-19 20:39 - 2016-12-19 20:39 - 01065376 _____ (Google Inc.) C:\Users\LEW1S\Downloads\ChromeSetup (1).exe
2016-12-19 20:29 - 2016-12-19 20:29 - 01065376 _____ (Google Inc.) C:\Users\LEW1S\Downloads\ChromeSetup.exe
2016-12-19 20:13 - 2016-12-19 20:13 - 00000000 ____D C:\Users\LEW1S\Downloads\LongTailPro 3.1.8
2016-12-19 20:11 - 2016-12-19 20:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2016-12-19 20:11 - 2016-12-19 20:11 - 00000000 ____D C:\Program Files\VS Revo Group
2016-12-19 20:10 - 2016-12-19 20:10 - 04013747 _____ C:\Users\LEW1S\Downloads\LongTailPro 3.1.8.zip
2016-12-19 16:44 - 2016-12-19 16:44 - 00003676 _____ C:\Windows\System32\Tasks\6d11ffc8882bc444143ff07584e87fee
2016-12-19 16:43 - 2016-12-21 21:08 - 00000000 ____D C:\Program Files (x86)\Dracoentghocage
2016-12-19 16:43 - 2016-12-19 16:58 - 00000000 ____D C:\Users\LEW1S\AppData\Roaming\Zehgevvity
2016-12-19 16:43 - 2016-12-19 16:44 - 00000000 ____D C:\Users\LEW1S\AppData\Local\Hetewardjuvage
2016-12-18 14:45 - 2016-12-19 19:22 - 00000000 ____D C:\Users\LEW1S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Franz
2016-12-18 14:45 - 2016-12-19 19:22 - 00000000 ____D C:\Users\LEW1S\AppData\Roaming\Franz
2016-12-18 14:45 - 2016-12-19 19:22 - 00000000 ____D C:\Users\LEW1S\AppData\Local\Franz
2016-12-16 18:28 - 2016-12-16 18:28 - 00009468 _____ C:\Users\LEW1S\.v8flags.5.1.281.88.LEW1S.json
2016-12-16 18:26 - 2016-12-16 18:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js
2016-12-16 18:26 - 2016-12-16 18:26 - 00000000 ____D C:\Program Files\nodejs
2016-12-16 10:17 - 2016-12-22 13:02 - 00000000 ____D C:\Users\LEW1S\AppData\LocalLow\Mozilla
2016-12-13 16:17 - 2016-12-13 16:17 - 00000000 ___HD C:\Users\LEW1S\InstallAnywhere
2016-12-12 20:06 - 2016-12-19 16:44 - 00000000 ____D C:\Program Files (x86)\Xenu
2016-12-12 20:06 - 2016-12-12 20:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xenu's Link Sleuth
2016-12-12 19:28 - 2016-12-12 19:28 - 00000000 ____D C:\Users\LEW1S\AppData\Roaming\com.longtailpro.LongTailPro
2016-12-12 16:05 - 2016-12-12 16:05 - 00000000 ____D C:\Users\LEW1S\AppData\Roaming\Sony Creative Software Inc
2016-12-12 14:00 - 2016-12-12 14:00 - 00000000 ____D C:\Users\LEW1S\Documents\FlashIntegro
2016-12-12 14:00 - 2016-12-12 14:00 - 00000000 ____D C:\Users\LEW1S\AppData\Roaming\FlashIntegro
2016-12-12 14:00 - 2016-12-06 11:14 - 00071480 _____ (Flash-Integro LLC) C:\Windows\SysWOW64\mslvddsfilter3.ax
2016-12-12 14:00 - 2011-12-07 18:32 - 00216064 _____ ( ) C:\Windows\SysWOW64\Lagarith.dll
2016-12-12 14:00 - 2005-08-01 18:43 - 00245760 _____ () C:\Windows\SysWOW64\lame.ax
2016-12-12 14:00 - 2004-12-10 09:03 - 00438272 _____ (On2.com) C:\Windows\SysWOW64\vp6vfw.dll
2016-12-12 14:00 - 2004-07-03 20:08 - 00139264 _____ C:\Windows\SysWOW64\xvidvfw.dll
2016-12-12 14:00 - 2004-02-04 20:11 - 00081920 _____ (fccHandler) C:\Windows\SysWOW64\AC3ACM.acm
2016-12-12 14:00 - 2003-05-22 11:26 - 00638976 _____ (DivXNetworks, Inc.) C:\Windows\SysWOW64\divx.dll
2016-12-12 14:00 - 2003-05-21 22:50 - 00261632 _____ (MainConcept) C:\Windows\SysWOW64\mcdvd_32.dll
2016-12-12 14:00 - 2003-05-21 22:50 - 00156910 _____ C:\Windows\WMSysPr8.prx
2016-12-12 14:00 - 2003-05-21 22:50 - 00082944 _____ (Voxware, Inc.) C:\Windows\SysWOW64\vct3216.acm
2016-12-12 14:00 - 2003-05-21 22:50 - 00038912 _____ (NCT Company) C:\Windows\SysWOW64\alf2cd.acm
2016-12-12 14:00 - 2003-05-21 22:50 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3a.dll
2016-12-12 14:00 - 2003-03-25 04:49 - 00098304 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\SysWOW64\L3CODECX.AX
2016-12-12 14:00 - 2002-08-19 23:41 - 00413760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mpg4c32.dll
2016-12-12 14:00 - 2000-03-14 19:55 - 00013239 _____ (SHARP Corporation) C:\Windows\SysWOW64\Scg726.acm
2016-12-10 14:13 - 2016-12-19 16:44 - 00000000 ____D C:\Program Files (x86)\Balsamiq Mockups 3
2016-12-10 01:04 - 2016-12-10 01:04 - 00000045 _____ C:\Users\LEW1S\AppData\Roaming\WB.CFG
2016-12-09 10:21 - 2016-12-18 14:45 - 00000000 ____D C:\Users\LEW1S\AppData\Local\SquirrelTemp
2016-12-09 10:21 - 2016-12-09 10:24 - 00000000 ____D C:\Users\LEW1S\AppData\Roaming\Zeplin
2016-12-09 10:21 - 2016-12-09 10:21 - 00000000 ____D C:\Users\LEW1S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zeplin Inc
2016-12-09 10:21 - 2016-12-09 10:21 - 00000000 ____D C:\Users\LEW1S\AppData\Local\Zeplin
2016-12-07 17:16 - 2016-12-19 20:58 - 00000000 _____ C:\hsrv.txt
2016-12-07 17:16 - 2016-12-07 17:16 - 00000000 ____D C:\Program Files\Oracle
2016-12-07 17:16 - 2016-12-07 17:16 - 00000000 ____D C:\Program Files\Droid4Xext
2016-12-07 17:12 - 2016-12-07 17:13 - 00000000 ____D C:\Users\LEW1S\AppData\Roaming\HaiYuInst
2016-12-07 17:11 - 2016-12-08 15:44 - 00000000 ____D C:\Users\LEW1S\AppData\Roaming\VMware
2016-12-07 17:11 - 2016-12-07 17:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Andy
2016-12-07 17:10 - 2016-11-11 23:16 - 00088128 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmx86.sys
2016-12-07 17:10 - 2016-11-11 23:16 - 00052288 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmkbd.sys
2016-12-07 17:09 - 2016-12-21 15:34 - 00000000 ____D C:\ProgramData\VMware
2016-12-07 17:09 - 2016-12-21 15:34 - 00000000 ____D C:\Program Files (x86)\VMware
2016-12-07 17:09 - 2016-12-19 16:44 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-12-07 17:09 - 2016-12-07 17:09 - 00000000 ____D C:\Program Files\Bonjour
2016-12-07 17:09 - 2016-09-06 18:48 - 00083008 _____ (VMware, Inc.) C:\Windows\system32\Drivers\hcmon.sys
2016-12-07 17:07 - 2016-12-07 17:11 - 00000000 ____D C:\Users\LEW1S\Andy
2016-12-07 17:06 - 2016-12-09 08:27 - 00000000 ____D C:\Users\LEW1S\AppData\Roaming\Andy
2016-12-07 17:06 - 2016-12-07 17:07 - 00000000 ____D C:\Program Files\Andy
2016-12-07 17:06 - 2016-12-07 17:06 - 00000000 ____D C:\Users\LEW1\Andy
2016-12-07 17:06 - 2016-12-07 17:06 - 00000000 ____D C:\Users\LEW1
2016-12-07 17:04 - 2016-12-21 13:18 - 00000302 _____ C:\Windows\Tasks\{1643ECA0-BCB4-25E3-51A8-5BA5C8257549}.job
2016-12-07 17:04 - 2016-12-21 13:16 - 00002770 _____ C:\Windows\System32\Tasks\{1643ECA0-BCB4-25E3-51A8-5BA5C8257549}
2016-12-07 17:04 - 2016-12-21 13:16 - 00000000 ____D C:\Users\LEW1S\AppData\Local\1643ECA0-BCB4-25E3-51A8-5BA5C8257549
2016-12-07 16:43 - 2016-12-07 17:17 - 00000000 ____D C:\Users\LEW1S\.android
2016-12-07 16:43 - 2016-12-07 16:43 - 00000000 ____D C:\Users\LEW1S\AppData\Roaming\JetBrains
2016-12-07 16:43 - 2016-12-07 16:43 - 00000000 ____D C:\Users\LEW1S\.AndroidStudio2.2
2016-12-07 16:43 - 2016-12-07 16:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android Studio
2016-12-07 16:40 - 2016-12-07 16:40 - 00000000 ____D C:\Users\LEW1S\AppData\Local\Android
2016-12-07 16:39 - 2016-12-07 16:39 - 00000000 ____D C:\Program Files\Android
2016-12-05 08:33 - 2016-12-05 08:33 - 00005016 _____ C:\Users\LEW1S\Documents\cc_20161205_083337.reg
2016-12-03 19:53 - 2016-12-03 19:53 - 00000000 ____D C:\Users\LEW1S\.ScreamingFrogSEOSpider
2016-12-03 19:52 - 2016-12-19 16:44 - 00000000 ____D C:\Program Files (x86)\Java
2016-12-03 19:52 - 2016-12-03 19:53 - 00000000 ____D C:\ProgramData\Oracle
2016-12-03 19:52 - 2016-12-03 19:52 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-12-03 19:52 - 2016-12-03 19:52 - 00000000 ____D C:\Users\LEW1S\AppData\Roaming\Sun
2016-12-03 19:52 - 2016-12-03 19:52 - 00000000 ____D C:\Users\LEW1S\AppData\LocalLow\Sun
2016-12-03 19:52 - 2016-12-03 19:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-12-03 19:51 - 2016-12-19 16:44 - 00000000 ____D C:\Program Files (x86)\Screaming Frog SEO Spider
2016-12-03 19:51 - 2016-12-03 19:51 - 00000000 ____D C:\Users\LEW1S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Screaming Frog SEO Spider
2016-11-28 12:32 - 2016-11-28 12:32 - 00000000 ____D C:\Users\LEW1S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-11-28 12:32 - 2016-11-28 12:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-22 15:39 - 2016-01-29 11:58 - 00000000 ____D C:\Users\LEW1S\AppData\Roaming\.purple
2016-12-22 15:24 - 2016-08-13 01:48 - 00000000 ____D C:\Windows\system32\SleepStudy
2016-12-22 14:57 - 2016-01-29 13:56 - 00000000 ___RD C:\Users\LEW1S\Dropbox
2016-12-22 14:05 - 2016-01-29 11:38 - 00000034 _____ C:\Users\LEW1S\AppData\Roaming\AdobeWLCMCache.dat
2016-12-22 14:02 - 2016-03-09 19:01 - 00000000 ___RD C:\Users\LEW1S\Desktop\WORKING ON
2016-12-22 14:00 - 2016-08-13 01:50 - 00000000 ____D C:\Users\LEW1S
2016-12-22 13:39 - 2016-01-30 11:37 - 00000000 ____D C:\Users\LEW1S\AppData\Local\Skitch
2016-12-22 13:25 - 2016-03-24 09:45 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-12-22 13:25 - 2016-01-28 23:41 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-12-22 13:20 - 2016-01-16 11:50 - 02577232 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-22 13:17 - 2016-01-29 13:43 - 00000000 ____D C:\Users\LEW1S\Torrent
2016-12-22 13:16 - 2016-09-25 13:21 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-12-22 13:16 - 2016-01-26 12:58 - 00000000 __SHD C:\Users\LEW1S\IntelGraphicsProfiles
2016-12-22 13:15 - 2016-08-13 01:55 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-22 13:15 - 2016-08-13 01:49 - 00000000 ____D C:\ProgramData\NVIDIA
2016-12-22 13:14 - 2016-07-16 06:04 - 00786432 _____ C:\Windows\system32\config\BBI
2016-12-22 13:10 - 2016-01-31 22:09 - 00000000 ____D C:\Users\LEW1S\AppData\Roaming\uTorrent
2016-12-22 09:52 - 2016-09-15 09:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-22 09:52 - 2016-01-16 11:50 - 00000000 ____D C:\ProgramData\Package Cache
2016-12-22 09:45 - 2016-01-16 11:53 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-12-22 09:05 - 2016-01-31 23:39 - 00000000 ____D C:\Users\LEW1S\AppData\Local\CrashDumps
2016-12-22 09:03 - 2016-01-29 11:27 - 00000000 ____D C:\Users\LEW1S\AppData\Local\Adobe
2016-12-21 20:35 - 2016-01-28 23:43 - 00000000 ____D C:\Users\LEW1S\AppData\Roaming\Skype
2016-12-21 20:08 - 2016-01-28 23:39 - 00000000 ____D C:\Program Files (x86)\Google
2016-12-21 20:01 - 2016-01-28 23:39 - 00000000 ____D C:\Users\LEW1S\AppData\Local\Google
2016-12-21 15:34 - 2016-07-16 11:45 - 00000000 ____D C:\Windows\INF
2016-12-21 15:11 - 2016-08-25 05:22 - 00000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2016-12-21 15:00 - 2016-11-07 09:01 - 00000000 ____D C:\Users\LEW1S\AppData\Local\Spotify
2016-12-21 15:00 - 2016-11-07 08:58 - 00000000 ____D C:\Users\LEW1S\AppData\Roaming\Spotify
2016-12-21 14:48 - 2016-01-29 15:40 - 00001456 _____ C:\Users\LEW1S\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-12-21 11:05 - 2016-01-16 11:51 - 00000000 ____D C:\Program Files\Dell
2016-12-21 10:24 - 2016-08-13 01:55 - 00004278 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-12-20 18:59 - 2016-07-16 11:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-12-20 18:59 - 2016-07-16 11:47 - 00000000 ____D C:\Windows\AppReadiness
2016-12-20 18:59 - 2016-06-23 07:16 - 00000000 ____D C:\Program Files (x86)\CineForm
2016-12-20 18:59 - 2016-01-26 12:58 - 00000000 ____D C:\Users\LEW1S\AppData\Local\Packages
2016-12-20 18:52 - 2016-01-30 11:35 - 00000000 ____D C:\Users\LEW1S\AppData\Roaming\FileZilla
2016-12-20 18:52 - 2016-01-16 11:50 - 00000000 ____D C:\Program Files (x86)\ST Microelectronics
2016-12-20 18:52 - 2016-01-16 11:49 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-12-20 18:50 - 2016-08-13 01:55 - 00000000 ____D C:\Windows\System32\Tasks\Lenovo
2016-12-20 18:50 - 2016-03-23 09:22 - 00000000 ____D C:\Users\LEW1S\AppData\Roaming\Lenovo
2016-12-20 18:50 - 2016-03-23 09:22 - 00000000 ____D C:\Users\LEW1S\AppData\Local\Lenovo
2016-12-20 18:50 - 2016-03-23 09:22 - 00000000 ____D C:\ProgramData\Lenovo
2016-12-20 13:56 - 2016-03-23 11:10 - 00000000 ____D C:\Users\LEW1S\.VirtualBox
2016-12-20 13:10 - 2016-02-01 22:46 - 00002030 _____ C:\Users\LEW1S\Desktop\Torrent.lnk
2016-12-20 08:34 - 2016-01-29 14:30 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-12-19 20:14 - 2016-02-02 15:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2016-12-19 20:14 - 2016-02-02 15:11 - 00000000 ____D C:\Program Files (x86)\Sony
2016-12-19 18:10 - 2016-08-13 01:48 - 00632528 _____ C:\Windows\system32\FNTCACHE.DAT
2016-12-19 16:58 - 2016-07-16 11:47 - 00000000 ___RD C:\Windows\MiracastView
2016-12-19 16:56 - 2016-08-13 11:42 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-12-19 16:44 - 2016-11-01 14:17 - 00000000 ____D C:\Program Files (x86)\7-Zip
2016-12-19 16:44 - 2016-10-30 07:55 - 00000000 ____D C:\Program Files (x86)\PacificPoker
2016-12-19 16:44 - 2016-10-20 14:07 - 00000000 ____D C:\Program Files (x86)\Safari
2016-12-19 16:44 - 2016-10-20 14:07 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-12-19 16:44 - 2016-09-30 12:33 - 00000000 ____D C:\Program Files (x86)\Worms W.M.D
2016-12-19 16:44 - 2016-09-28 14:57 - 00000000 ____D C:\Program Files (x86)\Rise of the Tomb Raider
2016-12-19 16:44 - 2016-09-22 17:43 - 00000000 ____D C:\Program Files (x86)\GoPro
2016-12-19 16:44 - 2016-09-22 14:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2016-12-19 16:44 - 2016-09-21 13:04 - 00000000 ____D C:\Program Files (x86)\QuickTime
2016-12-19 16:44 - 2016-09-21 07:52 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2016-12-19 16:44 - 2016-09-19 16:37 - 00000000 ____D C:\Program Files (x86)\Windows Live
2016-12-19 16:44 - 2016-09-19 16:37 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2016-12-19 16:44 - 2016-09-15 13:57 - 00000000 ____D C:\Program Files (x86)\Dell Customer Connect
2016-12-19 16:44 - 2016-08-13 11:42 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-12-19 16:44 - 2016-08-13 01:49 - 00000000 ____D C:\Program Files (x86)\Intel
2016-12-19 16:44 - 2016-08-01 15:41 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2016-12-19 16:44 - 2016-07-24 08:11 - 00000000 ____D C:\Program Files (x86)\NewSoftware's
2016-12-19 16:44 - 2016-07-24 02:17 - 00000000 ____D C:\Program Files (x86)\FullTilt.EU
2016-12-19 16:44 - 2016-07-16 11:47 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2016-12-19 16:44 - 2016-07-16 11:47 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-12-19 16:44 - 2016-07-16 11:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-12-19 16:44 - 2016-07-16 11:47 - 00000000 ____D C:\Program Files (x86)\Windows NT
2016-12-19 16:44 - 2016-07-16 11:47 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-12-19 16:44 - 2016-07-16 11:47 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-12-19 16:44 - 2016-07-14 11:21 - 00000000 ____D C:\Program Files (x86)\Dell Dock Update
2016-12-19 16:44 - 2016-05-21 13:41 - 00000000 ____D C:\Program Files (x86)\Nitro
2016-12-19 16:44 - 2016-04-12 15:19 - 00000000 ____D C:\Program Files (x86)\Stardock
2016-12-19 16:44 - 2016-03-30 19:35 - 00000000 ____D C:\Program Files (x86)\Fallout 4
2016-12-19 16:44 - 2016-02-26 12:05 - 00000000 ____D C:\Program Files (x86)\LastPass
2016-12-19 16:44 - 2016-02-22 12:56 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-12-19 16:44 - 2016-02-12 15:48 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2016-12-19 16:44 - 2016-02-12 15:46 - 00000000 ____D C:\Program Files (x86)\Codec Pack - All In 1
2016-12-19 16:44 - 2016-02-03 15:37 - 00000000 ____D C:\Program Files (x86)\Freelancer.com
2016-12-19 16:44 - 2016-02-03 12:37 - 00000000 ____D C:\Program Files (x86)\Origin Games
2016-12-19 16:44 - 2016-02-03 12:31 - 00000000 ____D C:\Program Files (x86)\Origin
2016-12-19 16:44 - 2016-01-31 19:46 - 00000000 ____D C:\Program Files (x86)\WordPress.com
2016-12-19 16:44 - 2016-01-29 13:42 - 00000000 ____D C:\Program Files (x86)\Diablo III
2016-12-19 16:44 - 2016-01-29 11:58 - 00000000 ____D C:\Program Files (x86)\Pidgin
2016-12-19 16:44 - 2016-01-29 11:56 - 00000000 ____D C:\Program Files (x86)\Canon
2016-12-19 16:44 - 2016-01-29 11:51 - 00000000 ____D C:\Program Files (x86)\Winamp
2016-12-19 16:44 - 2016-01-29 11:50 - 00000000 ____D C:\Program Files (x86)\StarCraft II
2016-12-19 16:44 - 2016-01-29 11:48 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-12-19 16:44 - 2016-01-29 00:43 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2016-12-19 16:44 - 2016-01-29 00:43 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2016-12-19 16:44 - 2016-01-29 00:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2016-12-19 16:44 - 2016-01-28 23:45 - 00000000 ____D C:\Program Files (x86)\YNAB 4
2016-12-19 16:44 - 2016-01-28 23:43 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-12-19 16:44 - 2016-01-28 23:41 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-12-19 16:44 - 2016-01-28 23:41 - 00000000 ____D C:\Program Files (x86)\Evernote
2016-12-19 16:44 - 2016-01-28 23:38 - 00000000 ____D C:\Program Files (x86)\Webteh
2016-12-19 16:44 - 2016-01-26 13:48 - 00000000 ____D C:\Program Files (x86)\Dell
2016-12-19 16:44 - 2016-01-26 13:02 - 00000000 ____D C:\Program Files (x86)\Dell Update
2016-12-19 16:44 - 2016-01-16 11:54 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-12-19 16:44 - 2016-01-16 11:54 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-12-19 16:44 - 2016-01-16 11:53 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-12-19 16:44 - 2016-01-16 11:53 - 00000000 ____D C:\Program Files (x86)\Dell Digital Delivery
2016-12-19 16:44 - 2016-01-16 11:49 - 00000000 ___HD C:\Program Files (x86)\Temp
2016-12-19 16:44 - 2016-01-16 11:49 - 00000000 ____D C:\Program Files (x86)\Realtek
2016-12-19 15:06 - 2016-01-29 00:09 - 00000000 ___RD C:\Users\LEW1S\Desktop\WEBDEVELOPMENT
2016-12-17 23:49 - 2016-02-12 15:49 - 00000000 ____D C:\Users\LEW1S\AppData\Roaming\vlc
2016-12-17 21:17 - 2016-02-02 17:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-12-17 14:10 - 2016-07-16 11:47 - 00000000 ____D C:\Windows\rescache
2016-12-17 10:09 - 2016-08-13 01:55 - 00003416 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-17 10:09 - 2016-08-13 01:55 - 00003292 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-16 19:53 - 2016-03-23 11:25 - 00000000 ____D C:\Users\LEW1S\AppData\Roaming\npm
2016-12-16 19:48 - 2016-03-22 17:46 - 00001408 _____ C:\Users\LEW1S\.bash_history
2016-12-16 18:27 - 2016-03-23 11:26 - 00000046 _____ C:\Users\LEW1S\.node_repl_history
2016-12-15 08:30 - 2016-07-16 11:47 - 00000000 ____D C:\Windows\ShellExperiences
2016-12-14 16:28 - 2016-07-16 11:36 - 00000000 ____D C:\Windows\CbsTemp
2016-12-14 16:23 - 2016-01-28 23:51 - 00000000 ____D C:\Windows\system32\MRT
2016-12-14 16:17 - 2016-01-28 23:51 - 135632432 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-12-13 12:13 - 2016-01-16 11:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2016-12-12 14:26 - 2016-09-10 10:11 - 00000000 ____D C:\Users\LEW1S\AppData\Roaming\Sony
2016-12-11 23:56 - 2016-11-10 04:15 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-12-11 23:56 - 2016-11-10 04:15 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-10 15:40 - 2016-07-07 07:17 - 00000000 ____D C:\Users\LEW1S\AppData\Roaming\Nitro PDF
2016-12-10 14:15 - 2016-02-21 09:16 - 00135472 _____ C:\Users\LEW1S\AppData\Local\GDIPFONTCACHEV1.DAT
2016-12-10 14:13 - 2016-02-22 09:22 - 00001054 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Balsamiq Mockups 3.lnk
2016-12-10 12:19 - 2016-07-16 11:47 - 00000000 ____D C:\Windows\system32\NDF
2016-12-10 12:09 - 2016-01-16 11:55 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-12-10 09:50 - 2016-07-16 11:47 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2016-12-10 09:50 - 2016-07-16 11:47 - 00000000 ____D C:\Windows\SysWOW64\oobe
2016-12-10 09:50 - 2016-07-16 11:47 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2016-12-10 09:50 - 2016-07-16 11:47 - 00000000 ____D C:\Windows\system32\oobe
2016-12-10 09:50 - 2016-07-16 11:47 - 00000000 ____D C:\Windows\bcastdvr
2016-12-10 09:50 - 2016-07-16 06:04 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-12-10 09:50 - 2016-07-16 06:04 - 00000000 ____D C:\Windows\system32\Sysprep
2016-12-10 09:50 - 2016-07-16 06:04 - 00000000 ____D C:\Windows\system32\Dism
2016-12-10 09:50 - 2016-07-16 06:04 - 00000000 ____D C:\Windows\servicing
2016-12-09 15:38 - 2016-07-16 11:42 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\enrollmentapi.dll
2016-12-07 17:09 - 2016-01-16 11:50 - 01912992 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-12-07 17:03 - 2016-03-23 09:22 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-12-05 15:05 - 2016-08-13 01:49 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2016-12-05 08:31 - 2016-07-16 11:47 - 00000000 ____D C:\Windows\LiveKernelReports
2016-12-04 20:44 - 2016-01-28 23:45 - 00000000 ____D C:\Program Files\WinRAR
2016-12-04 20:44 - 2016-01-16 11:53 - 00000934 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-12-04 20:44 - 2016-01-16 11:53 - 00000930 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-12-03 16:35 - 2016-02-02 18:26 - 00000000 ___RD C:\Users\LEW1S\Google Drive
2016-11-30 15:30 - 2016-03-09 20:09 - 00000600 _____ C:\Users\LEW1S\AppData\Local\PUTTY.RND
2016-11-29 16:08 - 2016-08-13 01:55 - 00003994 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2016-11-29 16:08 - 2016-08-13 01:55 - 00003762 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2016-11-25 09:03 - 2016-06-02 13:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2016-11-25 09:03 - 2016-06-02 13:24 - 00000000 ____D C:\Program Files\FileZilla FTP Client
2016-11-23 17:51 - 2016-09-10 10:51 - 00000000 ____D C:\Users\LEW1S\Desktop\FOTO NEW
2016-11-22 21:20 - 2016-01-28 23:43 - 00000000 ____D C:\ProgramData\Skype

==================== Files in the root of some directories =======

2016-12-21 18:02 - 2016-12-21 18:02 - 0000088 _____ () C:\Users\LEW1S\AppData\Roaming\.95d691779473f3e03bc4b4e56319d74c.key
2016-01-29 11:38 - 2016-12-22 14:05 - 0000034 _____ () C:\Users\LEW1S\AppData\Roaming\AdobeWLCMCache.dat
2016-11-02 18:50 - 2016-11-02 18:50 - 0000600 _____ () C:\Users\LEW1S\AppData\Roaming\PUTTY.RND
2016-12-21 18:02 - 2016-12-21 21:18 - 0000236 _____ () C:\Users\LEW1S\AppData\Roaming\RO39-2M3Q
2016-12-10 01:04 - 2016-12-10 01:04 - 0000045 _____ () C:\Users\LEW1S\AppData\Roaming\WB.CFG
2016-01-29 15:40 - 2016-12-21 14:48 - 0001456 _____ () C:\Users\LEW1S\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-02-02 15:15 - 2016-07-06 07:12 - 45700992 _____ (Sony) C:\Users\LEW1S\AppData\Local\pcc.exe
2016-03-09 20:09 - 2016-11-30 15:30 - 0000600 _____ () C:\Users\LEW1S\AppData\Local\PUTTY.RND
2016-02-23 19:53 - 2016-02-23 19:53 - 0000006 ____S () C:\ProgramData\7a43af6a0273bff1b47e52544b642f9fa7e74383
2016-08-13 01:49 - 2016-08-13 01:49 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-12-22 09:52 - 2016-12-22 09:52 - 0000259 _____ () C:\ProgramData\fontcacheev1.dat
2016-02-23 19:53 - 2016-02-29 12:39 - 0001582 _____ () C:\ProgramData\XML

Files to move or delete:
====================
C:\Windows\TEMP\g9C19.tmp.exe
C:\ProgramData\fontcacheev1.dat
C:\Windows\Tasks\{1643ECA0-BCB4-25E3-51A8-5BA5C8257549}.job


Some files in TEMP:
====================
C:\Users\LEW1S\AppData\Local\Temp\g6C47.tmp.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-21 13:16

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-12-2016
Ran by LEW1S (22-12-2016 15:40:49)
Running from C:\Users\LEW1S\Downloads
Windows 10 Home Version 1607 (X64) (2016-08-13 01:57:28)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1265675304-2135499584-1237270965-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1265675304-2135499584-1237270965-503 - Limited - Disabled)
Guest (S-1-5-21-1265675304-2135499584-1237270965-501 - Limited - Disabled)
LEW1S (S-1-5-21-1265675304-2135499584-1237270965-1001 - Administrator - Enabled) => C:\Users\LEW1S

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1265675304-2135499584-1237270965-1001\...\uTorrent) (Version: 3.4.9.43085 - BitTorrent Inc.)
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
2007 Microsoft Office Suite Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
7-Zip 16.04 (HKLM-x32\...\7-Zip) (Version: 16.04 - Igor Pavlov)
888poker (HKLM-x32\...\888poker) (Version: - )
Adguard (HKLM-x32\...\{b2963e15-24ed-4084-988e-5b2c8660c1e6}) (Version: 6.1.298.1564 - Performix LLC)
Adguard (x32 Version: 6.1.298.1564 - Performix LLC) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 24.0.0.180 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Illustrator CC (HKLM-x32\...\{F2321021-08A2-44D6-B1DF-BDB415F23EC3}) (Version: 17.0 - Adobe Systems Incorporated)
Adobe Illustrator CC 2014 (HKLM-x32\...\{2B4B4082-8043-4646-8334-B0A29E641211}) (Version: 18.0 - Adobe Systems Incorporated)
Adobe InDesign CC 2014 (HKLM-x32\...\{CCDCB9C4-72BA-1014-A3F8-D123F2F18BC2}) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.0 - Adobe Systems Incorporated)
Affinity Designer Public Beta (HKLM\...\{09BC1EBD-105F-4DD7-AD32-A4F3B16A048F}) (Version: 1.5.0.28 - Serif (Europe) Ltd)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Andy OS (HKLM\...\Andy OS) (Version: 46.14 - Andy OS, Inc)
Ansel (Version: 372.90 - NVIDIA Corporation) Hidden
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
Balsamiq Mockups 3 (HKLM-x32\...\BalsamiqMockups3.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1) (Version: 3.5.5 - Balsamiq SRL)
Balsamiq Mockups 3 (x32 Version: 3.5.5 - Balsamiq SRL) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.70.1080 - AB Team, d.o.o.)
CamStudio 2.7.4 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.4 - CamStudio Open Source)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: 4.5.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - ‪Canon Inc.‬)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - ‪Canon Inc.‬)
Canon MG4200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG4200_series) (Version: 1.02 - Canon Inc.)
Canon MG5400 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5400_series) (Version: 1.01 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.6.1 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.24 - Piriform)
Codec Pack - All In 1 6.0.3.0 (HKLM-x32\...\Cool's_Codec_pack_4.12) (Version: - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.3.0.0152 - Disc Soft Ltd)
Dell Customer Connect (HKLM-x32\...\{35BEC446-269E-42E4-8EED-191A38CCFF3D}) (Version: 1.4.10.0 - Dell Inc.)
Dell Data Vault (Version: 4.3.9.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{AB7F2792-2ED1-4C5C-9F28-680E5110BF72}) (Version: 3.1.1018.0 - Dell Products, LP)
Dell Dock Update (HKLM-x32\...\{2664612A-153E-4741-80D5-8FEEAF1E89D6}) (Version: 1.0.86.0 - Dell Inc.)
Dell Foundation Services (HKLM\...\{BDB50421-E961-42F3-B803-6DAC6F127834}) (Version: 3.4.15000.0 - Dell Inc.)
Dell Help & Support (HKLM-x32\...\InstallShield_{7E780845-303D-4B46-9746-9D49D94D16AB}) (Version: 2.3.22.0 - Dell Inc.)
Dell Help & Support (Version: 2.3.22.0 - Dell Inc.) Hidden
Dell PremierColor (HKLM\...\{5CA2B02F-FC89-4F42-A3DA-7649B8EFF194}) (Version: 2.0.199 - Portrait Displays, Inc.)
Dell Product Registration (HKLM-x32\...\InstallShield_{85B14AE3-1624-45BE-942B-A528DF6F1CCE}) (Version: 3.0.123.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.3.6855.61 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{27130E51-9555-408B-8134-7BFF54EDE27B}) (Version: 1.3.0.72 - Dell)
Dell System Detect (HKU\S-1-5-21-1265675304-2135499584-1237270965-1001\...\58d94f3ce2c27db0) (Version: 7.11.0.6 - Dell)
Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Dropbox (HKLM-x32\...\Dropbox) (Version: 16.4.30 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 1.566.0.0 - Dell Inc.)
Evernote v. 6.3.3 (HKLM-x32\...\{EB571A8A-81E0-11E6-8CC1-005056950253}) (Version: 6.3.3.3502 - Evernote Corp.)
Fallout 4 (HKLM-x32\...\Fallout 4_is1) (Version: - )
Fences 2 (HKLM-x32\...\Fences 22.01) (Version: 2.01 - Stardock Corporation)
FileZilla Client 3.22.2.2 (HKLM-x32\...\FileZilla Client) (Version: 3.22.2.2 - Tim Kosse)
Folder Lock (HKLM-x32\...\Folder Lock) (Version: - New Softwares.net)
Freelancer Desktop App version 1.4.0 (HKLM-x32\...\Freelancer Desktop App_is1) (Version: 1.4.0 - Freelancer Technology Pty Limited)
Full Tilt.eu (HKLM-x32\...\Full Tilt.eu) (Version: - Full Tilt.eu)
Git version 2.7.4 (HKLM\...\Git_is1) (Version: 2.7.4 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GoPro (Version: 0.1.2733 - GoPro, Inc.) Hidden
GoPro for Desktop (HKLM-x32\...\{88734dc7-c200-4ad3-b29f-bb5e436cb30f}) (Version: 1.4.0.2733 - GoPro, Inc.)
GoPro Studio (x32 Version: 5.9.2733 - GoPro, Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
HeidiSQL (HKLM\...\HeidiSQL_is1) (Version: - Ansgar Becker)
Intel® Chipset Device Software (x32 Version: 10.1.1.13 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10605.221 - Intel Corporation)
Intel® HID Event Filter (HKLM-x32\...\3FB06EEC-013D-4366-9918-71B97DFB84EB) (Version: 1.1.0.310 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1167 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.2.1088 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)
Logitech Options (HKLM\...\LogiOptions) (Version: - Logitech)
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Maxx Audio Installer (x64) (Version: 2.6.8006.3 - Waves Audio Ltd.) Hidden
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x64) - 12.0.20617 (HKLM-x32\...\{448652c1-f5f3-4230-98c6-68c10c88b1fb}) (Version: 12.0.20617.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
Mozilla Thunderbird 45.5.1 (x86 en-GB) (HKLM-x32\...\Mozilla Thunderbird 45.5.1 (x86 en-GB)) (Version: 45.5.1 - Mozilla)
Nitro Pro 9 (HKLM\...\{6DC0850D-DCCA-4E75-8A4A-E374EB38C2B4}) (Version: 9.5.1.5 - Nitro)
Node.js (HKLM\...\{EBF9E075-7642-489B-B557-992F349CFB40}) (Version: 6.9.2 - Node.js Foundation)
NVIDIA 3D Vision Driver 372.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 372.90 - NVIDIA Corporation)
NVIDIA Graphics Driver 372.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 372.90 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Oracle VM VirtualBox 4.3.12_ZZZZ (HKLM\...\{B5121457-0126-4E62-BCBF-6DC7C73D9E4A}) (Version: 4.3.12 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.11.5.17432 - Electronic Arts, Inc.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.12 - )
Product Registration (Version: 3.0.123.0 - Dell Inc.) Hidden
QuickTime (HKLM-x32\...\{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}) (Version: 7.60.92.0 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7829 - Realtek Semiconductor Corp.)
Realtek USB Audio (HKLM-x32\...\{0A46A65D-89AC-464C-8026-3CD44960BD04}) (Version: 6.3.9600.44 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.2 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.2 - VS Revo Group, Ltd.)
Rise of the Tomb Raider (HKLM-x32\...\{45F08513-973A-4C18-93FD-8E12B1908390}_is1) (Version: - Square Enix)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SafeZone Stable 1.51.2220.62 (x32 Version: 1.51.2220.62 - Avast Software) Hidden
Screaming Frog SEO Spider (HKLM-x32\...\Screaming Frog SEO Spider) (Version: 6.2 - Screaming Frog Ltd)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
Skitch (HKLM-x32\...\Skitch 2.3.2.176) (Version: 2.3.2.176 - Evernote Corp.)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-1265675304-2135499584-1237270965-1001\...\Spotify) (Version: 1.0.45.186.g3b5036d6 - Spotify AB)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Stardock Fences 2 (HKLM-x32\...\Stardock Fences 2) (Version: 2.12 - Stardock Software, Inc.)
Sublime Text Build 3083 (HKLM\...\Sublime Text 3_is1) (Version: - Sublime HQ Pty Ltd)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.59518 - TeamViewer)
Thunderbolt™ Software (HKLM-x32\...\{B0E8A8CA-5A40-49C3-BE5E-9076664DB9AA}) (Version: 15.3.39.250 - Intel Corporation)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.0a - Ghisler Software GmbH)
Unlocker (HKLM\...\{5993C960-4E90-4A00-A2F3-D0C4020A6992}) (Version: 1.9.2 - ajua Custom Installers)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Vegas Pro 13.0 (64-bit) (HKLM\...\{1EEE0BEE-0BC8-11E5-A19E-F04DA23A5C58}) (Version: 13.0.453 - Sony)
VFW_Codec32 (x32 Version: 0.1.160.0 - GoPro, Inc.) Hidden
VFW_Codec64 (Version: 0.1.160.0 - GoPro, Inc.) Hidden
Viber (HKU\S-1-5-21-1265675304-2135499584-1237270965-1001\...\{5eceddc9-9d1c-4be5-83a1-78e473cf95ed}) (Version: 6.4.0.1476 - Viber Media Inc.)
Viber (x32 Version: 6.4.0.1476 - Viber Media Inc.) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WampServer 2.5 (HKLM-x32\...\WampServer 2_is1) (Version: - Hervé Leclerc (HeL))
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.1.730 - Broadcom Corporation)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
WordPress.com (HKLM-x32\...\WordPress.com) (Version: - Automattic, Inc.)
Worms W.M.D (HKLM-x32\...\Worms W.M.D_is1) (Version: - )
Xenu's Link Sleuth (HKLM-x32\...\Xenu's Link Sleuth) (Version: 1.3.8 - Tilman Hausherr)
YNAB 4 version 4.3.857 (HKLM-x32\...\com.ynab.YNAB4.LiveCaptive_is1) (Version: 4.3.857 - YouNeedABudget.com)
Zeplin (HKU\S-1-5-21-1265675304-2135499584-1237270965-1001\...\Zeplin) (Version: 0.22.2 - Zeplin Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1265675304-2135499584-1237270965-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1265675304-2135499584-1237270965-1001_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1265675304-2135499584-1237270965-1001_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1265675304-2135499584-1237270965-1001_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1265675304-2135499584-1237270965-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1265675304-2135499584-1237270965-1001_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A9823AF-3538-48C1-93AB-06AFDC971CC5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {0EC523CC-637F-4449-BC69-2757255E764D} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {10461D5E-B772-4D84-ABE2-65814AD2756B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-12-14] (Microsoft Corporation)
Task: {174EEDD9-6056-4716-AD06-E4DFAB4C6A4D} - System32\Tasks\6d11ffc8882bc444143ff07584e87fee => Rundll32.exe "C:\Program Files (x86)\Reference Assemblies\gsie93.dll",e62dc6c6547f46bda862da2d05af6862 <==== ATTENTION
Task: {1874159B-0C0E-49C7-A442-6BFF3D0479CD} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2016-09-13] (PC-Doctor, Inc.)
Task: {21859F71-A472-409D-8506-FEF6607931A5} - System32\Tasks\SafeZone scheduled Autoupdate 1460536512 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software)
Task: {295FCCA9-D40A-4DE2-A84C-6FF36CC8FF01} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-09-09] (Dell Inc.)
Task: {2B5CF5D4-C208-4CF8-A55C-A423C4BE2331} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-30] (Adobe Systems Incorporated)
Task: {3116BF76-3544-4C80-8E64-DFE3F6D4583C} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-09-13] (AVAST Software)
Task: {34F09E3D-311B-4A6A-9AAA-6DFE53CDB38E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-11-15] (Piriform Ltd)
Task: {4E1DD351-96F2-4D51-BE51-7FC71ABD1A34} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2016-09-13] (PC-Doctor, Inc.)
Task: {51967C7A-F48E-4865-AFCF-DBF098A4A996} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-1EKJ75Q-LEW1S => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-09-19] (Adobe Systems Incorporated)
Task: {55D91FEE-2D38-46C2-9F41-D2A634C40380} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => Thunderbolt.exe
Task: {5D093877-4299-4D44-A5FC-DE536502C676} - System32\Tasks\880q919c730g278 => Rundll32.exe "C:\ProgramData\880q919c730g278\880q919c730g278.dll",hcsopx <==== ATTENTION
Task: {7B49A617-6A11-4EF2-B618-6EA762A0154E} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {8213FC94-C919-4A3B-8EF7-9286FC1AFE07} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-01-29] (Dropbox, Inc.)
Task: {83519F01-938B-4F26-97AA-D93937E5A7A0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-28] (Google Inc.)
Task: {902C35B8-04DA-43D8-9722-E9E7DE7907C6} - System32\Tasks\{1643ECA0-BCB4-25E3-51A8-5BA5C8257549} => C:\Users\LEW1S\AppData\Local\1643EC~1\SYNHEL~1.EXE <==== ATTENTION
Task: {9163A12B-2210-479D-883F-EBAA5D0D3855} - System32\Tasks\{0B2E9467-7C4A-4421-9D47-DE434FE608E0} => launchwinapp.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=7.0.0.102&amp;LastError=404
Task: {960A7284-1DF0-48B1-8B8E-17FA90D0C1F9} - System32\Tasks\87639889d41t208319 => Rundll32.exe "C:\ProgramData\87639889d41t208319\87639889d41t208319.dll",DMT <==== ATTENTION
Task: {A26431F2-4D74-4060-9A46-93206E50F1EC} - System32\Tasks\329q432c44g260 => Rundll32.exe "C:\ProgramData\329q432c44g260\329q432c44g260.dll",hcsopx <==== ATTENTION
Task: {ACDE8A5B-7181-4EA8-B37B-18B66A48D01D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-28] (Google Inc.)
Task: {B5867EEA-380F-44CB-800A-829A9C3B4689} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => tbtsvc.exe
Task: {B96ED765-B721-4850-BED3-5B94B78A46F5} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => Thunderbolt.exe
Task: {C6D66CB9-B139-43D3-ADEE-622401172272} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-01-29] (Dropbox, Inc.)
Task: {CB58885D-D3A0-4197-8E0C-61E6FD3B344E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {D6C75F45-4D09-4F12-941A-F428DA9955E5} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => start ThunderboltService
Task: {E987582E-4E16-429A-9248-C15900352151} - \Client -> No File <==== ATTENTION
Task: {FACE61B2-85D5-4D44-861A-412A4E8A5292} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-05-25] (Realtek Semiconductor)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\{1643ECA0-BCB4-25E3-51A8-5BA5C8257549}.job =>

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\LEW1S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Apps & Extensions Developer Tool.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 5" --app-id=ohmmkhmmmpcnpikjeljgnaoabkaalbgc
ShortcutWithArgument: C:\Users\LEW1S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sticky Notes.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 5" --app-id=nbjdhgkkhefpifbifjiflpaajchdkhpg
ShortcutWithArgument: C:\Users\LEW1S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\TrackingTime _ Time Tracker.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 5" --app-id=knailkjkjcfegledhjhcfacdngnicimb
ShortcutWithArgument: C:\Users\LEW1S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Wunderlist for Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 5" --app-id=ojcflmmmcfpacggndoaaflkmcoblhnbh
ShortcutWithArgument: C:\Users\LEW1S\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 11:42 - 2016-07-16 11:42 - 00231424 _____ () C:\Windows\SYSTEM32\ism32k.dll
2016-12-14 12:00 - 2016-12-09 10:29 - 02681200 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-12-21 20:30 - 2014-03-22 19:53 - 02843648 _____ () C:\ProgramData\880q919c730g278\880q919c730g278.dll
2016-08-13 01:49 - 2016-09-16 22:54 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-07-07 14:18 - 2016-07-07 14:18 - 00126832 _____ () C:\Program Files (x86)\Dell Dock Update\DUWrapperService.exe
2015-08-21 01:47 - 2015-08-21 01:47 - 00049408 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll
2014-05-19 12:27 - 2014-05-19 12:27 - 00417800 _____ () C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
2016-03-30 20:21 - 2016-06-15 01:14 - 00369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-03-30 20:06 - 2016-06-15 01:14 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-03-30 20:21 - 2016-06-15 01:14 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-03-30 20:21 - 2016-06-15 01:14 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-03-30 20:21 - 2016-06-15 01:14 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-03-30 20:21 - 2016-06-15 01:14 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-03-30 20:21 - 2016-06-15 01:14 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-03-30 20:06 - 2016-06-15 01:14 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-03-30 20:21 - 2016-06-15 01:14 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-03-30 20:21 - 2016-06-15 01:14 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2016-12-14 12:00 - 2016-12-09 10:29 - 02681200 _____ () C:\Windows\SYSTEM32\CoreUIComponents.dll
2016-10-11 15:16 - 2016-10-11 15:16 - 01864384 _____ () C:\Users\LEW1S\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2016-11-01 18:10 - 2016-11-01 18:10 - 00052400 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2016-07-28 05:29 - 2016-07-28 05:29 - 00401904 _____ () C:\Windows\system32\igfxTray.exe
2016-09-19 08:06 - 2016-09-07 04:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-12-14 12:00 - 2016-12-09 09:41 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-12-14 12:00 - 2016-12-09 09:40 - 00693248 _____ () C:\Windows\ShellExperiences\MtcUvc.dll
2016-12-14 08:05 - 2016-12-14 08:06 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-12-14 08:05 - 2016-12-14 08:06 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-12-14 08:05 - 2016-12-14 08:06 - 42130432 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-12-14 08:05 - 2016-12-14 08:06 - 02216448 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\roottools.dll
2015-11-14 02:21 - 2015-11-14 02:21 - 00273136 _____ () C:\Program Files\Portrait Displays\Dell PremierColor\CTHelper.exe
2016-05-11 23:39 - 2016-05-11 23:39 - 00037808 _____ () C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe
2016-12-22 13:18 - 2016-12-22 13:18 - 00252416 _____ () C:\Windows\TEMP\g9C19.tmp.exe
2016-11-09 09:46 - 2016-11-02 10:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-09 09:46 - 2016-11-02 10:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-09 09:46 - 2016-11-02 10:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-09 09:46 - 2016-11-02 10:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-09 09:46 - 2016-11-02 10:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-12-22 13:19 - 2016-12-22 13:19 - 03662848 _____ () C:\Windows\TEMP\g2402.tmp
2016-12-21 20:08 - 2016-12-08 08:03 - 02412888 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
2016-12-21 20:08 - 2016-12-08 08:03 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll
2016-01-18 10:53 - 2016-01-18 10:53 - 46699520 _____ () C:\Users\LEW1S\AppData\Local\Wunderlist\Wunderlist.exe
2014-05-08 03:35 - 2014-05-08 03:35 - 00470728 _____ () C:\Program Files\Adobe\Adobe Photoshop CC 2014\aif_core.dll
2014-05-08 03:36 - 2014-05-08 03:36 - 02605256 _____ () C:\Program Files\Adobe\Adobe Photoshop CC 2014\aif_ogl.dll
2014-05-08 03:35 - 2014-05-08 03:35 - 00170184 _____ () C:\Program Files\Adobe\Adobe Photoshop CC 2014\aif_ocl.dll
2016-09-22 15:46 - 2016-09-17 00:45 - 40068544 _____ () C:\Windows\system32\nvcompiler.dll
2016-09-25 16:23 - 2016-09-25 16:23 - 05971056 _____ () C:\Program Files\Sublime Text 3\sublime_text.exe
2016-09-25 16:23 - 2016-09-25 16:23 - 00672768 _____ () C:\Program Files\Sublime Text 3\plugin_host.exe
2014-05-10 05:17 - 2014-05-10 05:17 - 00014552 _____ () C:\Program Files\Adobe\Adobe Illustrator CC 2014\Support Files\Contents\Windows\SPBasic.dll
2014-05-10 05:16 - 2014-05-10 05:16 - 00081624 _____ () C:\Program Files\Adobe\Adobe Illustrator CC 2014\Support Files\Contents\Windows\Alcid.dll
2016-01-28 23:45 - 2016-06-06 14:21 - 00216400 _____ () C:\Program Files (x86)\YNAB 4\YNAB 4.exe
2016-12-19 20:36 - 2016-12-11 12:41 - 31164504 _____ () C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\PepperFlash\24.0.0.186\pepflashplayer.dll
2016-09-13 08:32 - 2016-09-13 08:32 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-12-22 13:03 - 2016-12-22 13:03 - 03131344 _____ () C:\Program Files\AVAST Software\Avast\defs\16122200\algo.dll
2016-09-13 08:32 - 2016-09-13 08:32 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-11-16 16:22 - 2016-11-16 16:22 - 01428240 _____ () C:\Program Files (x86)\Adguard\AdguardNetApi.DLL
2016-11-16 16:22 - 2016-11-16 16:22 - 00142096 _____ () C:\Program Files (x86)\Adguard\AdguardNetLib.DLL
2016-01-16 11:53 - 2016-06-15 01:14 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-01-29 13:53 - 2016-11-11 20:36 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-01-29 13:53 - 2016-11-11 20:36 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-01-29 13:53 - 2016-11-11 20:36 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-01-29 13:53 - 2016-12-21 18:26 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-01-29 13:53 - 2016-11-11 20:36 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-12-22 09:45 - 2016-12-21 18:26 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-01-29 13:53 - 2016-11-11 20:37 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-12-22 09:45 - 2016-12-21 18:26 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-12-22 09:45 - 2016-12-21 18:26 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2016-12-22 09:45 - 2016-11-11 20:36 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-12-22 09:45 - 2016-11-11 20:37 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-12-22 09:45 - 2016-11-11 20:36 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-01-29 13:53 - 2016-11-11 20:38 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-08-06 11:03 - 2016-12-21 18:26 - 00021312 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2016-12-22 09:45 - 2016-12-21 18:26 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-12-22 09:45 - 2016-12-21 18:26 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-12-22 09:45 - 2016-11-11 20:36 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2016-12-22 09:45 - 2016-11-11 20:38 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-01-29 13:53 - 2016-11-11 20:38 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2016-01-29 13:53 - 2016-11-11 20:39 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-01-29 13:53 - 2016-12-21 18:26 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-01-29 13:53 - 2016-11-11 20:38 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-08-06 11:03 - 2016-12-21 18:26 - 00025424 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-01-29 13:53 - 2016-11-11 20:38 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-01-29 13:53 - 2016-11-11 20:38 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-01-29 13:53 - 2016-11-11 20:38 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-01-29 13:53 - 2016-11-11 20:39 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-01-29 13:53 - 2016-11-11 20:39 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-01-29 13:53 - 2016-11-11 20:38 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2016-01-29 13:53 - 2016-11-11 20:39 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-12-22 09:45 - 2016-12-21 18:26 - 00246592 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-12-22 09:45 - 2016-12-21 18:26 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-08-06 11:03 - 2016-11-11 20:37 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2016-12-22 09:45 - 2016-12-21 18:26 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-01-29 13:53 - 2016-11-11 20:39 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-01-29 13:53 - 2016-12-21 18:26 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-02-12 05:29 - 2016-12-21 18:26 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-02-12 05:29 - 2016-12-21 18:26 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-02-12 05:29 - 2016-12-21 18:26 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-01-29 13:53 - 2016-11-11 20:39 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-02-12 05:29 - 2016-12-21 18:26 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-12-22 09:45 - 2016-12-21 18:26 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-12-22 09:45 - 2016-11-11 20:35 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-12-22 09:45 - 2016-12-21 18:26 - 00031568 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2016-12-22 09:45 - 2016-12-03 08:13 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2016-12-22 09:45 - 2016-12-21 18:26 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-12-22 09:45 - 2016-12-21 18:26 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-01-29 13:53 - 2016-11-11 20:37 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-12-22 09:45 - 2016-12-21 18:26 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-12-22 09:45 - 2016-12-21 18:26 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-12-22 09:45 - 2016-12-21 18:26 - 01972528 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-12-22 09:45 - 2016-12-21 18:26 - 00133424 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-12-22 09:45 - 2016-12-21 18:26 - 00224056 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-12-22 09:45 - 2016-12-21 18:26 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-08-06 11:03 - 2016-12-21 18:26 - 00020288 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32._winffi_user32.pyd
2016-12-22 09:45 - 2016-11-11 20:42 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2016-12-22 09:45 - 2016-11-11 20:42 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2016-12-22 09:45 - 2016-12-21 18:26 - 00042808 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2016-12-22 09:45 - 2016-12-21 18:26 - 00171320 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2016-12-22 09:45 - 2016-12-21 18:26 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2016-01-29 13:53 - 2016-11-11 20:39 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2016-04-15 11:04 - 2016-12-21 18:26 - 00037192 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2016-08-06 11:03 - 2016-12-21 18:26 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2016-12-22 09:45 - 2016-12-21 18:26 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2016-06-21 16:45 - 2016-06-21 16:45 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-09-09 07:32 - 2016-09-09 07:32 - 00134008 _____ () C:\Program Files (x86)\Dell Customer Connect\ServiceTagPlusPlus.dll
2015-09-05 04:34 - 2015-09-05 04:34 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2016-01-01 19:37 - 2016-01-01 19:37 - 00036878 _____ () C:\Program Files (x86)\Pidgin\libssp-0.dll
2016-01-01 19:37 - 2016-01-01 19:37 - 00671031 _____ () C:\Program Files (x86)\Pidgin\exchndl.dll
2016-01-29 11:58 - 2016-01-29 11:58 - 00904525 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\libcairo-2.dll
2016-01-29 11:58 - 2016-01-29 11:58 - 00118272 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\zlib1.dll
2016-01-29 11:58 - 2016-01-29 11:58 - 00216992 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\libpng14-14.dll
2016-01-29 11:58 - 2016-01-29 11:58 - 00279059 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\libfontconfig-1.dll
2016-01-29 11:58 - 2016-01-29 11:58 - 00553382 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\freetype6.dll
2016-01-01 19:37 - 2016-01-01 19:37 - 01136034 _____ () C:\Program Files (x86)\Pidgin\libxml2-2.dll
2016-01-29 11:58 - 2016-01-29 11:58 - 00177586 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\libexpat-1.dll
2016-01-01 19:37 - 2016-01-01 19:37 - 00475580 _____ () C:\Program Files (x86)\Pidgin\spellcheck\libgtkspell-0.dll
2016-01-01 19:37 - 2016-01-01 19:37 - 00020997 _____ () C:\Program Files (x86)\Pidgin\plugins\autoaccept.dll
2016-01-01 19:37 - 2016-01-01 19:37 - 00013253 _____ () C:\Program Files (x86)\Pidgin\plugins\buddynote.dll
2016-01-01 19:37 - 2016-01-01 19:37 - 00024924 _____ () C:\Program Files (x86)\Pidgin\plugins\convcolors.dll
2016-01-01 19:37 - 2016-01-01 19:37 - 00015702 _____ () C:\Program Files (x86)\Pidgin\plugins\extplacement.dll
2016-01-01 19:37 - 2016-01-01 19:37 - 00014147 _____ () C:\Program Files (x86)\Pidgin\plugins\gtkbuddynote.dll
2016-01-01 19:37 - 2016-01-01 19:37 - 00018882 _____ () C:\Program Files (x86)\Pidgin\plugins\history.dll
2016-01-01 19:37 - 2016-01-01 19:37 - 00012865 _____ () C:\Program Files (x86)\Pidgin\plugins\iconaway.dll
2016-01-01 19:37 - 2016-01-01 19:37 - 00019043 _____ () C:\Program Files (x86)\Pidgin\plugins\idle.dll
2016-01-01 19:37 - 2016-01-01 19:37 - 00018555 _____ () C:\Program Files (x86)\Pidgin\plugins\joinpart.dll
2016-01-01 19:37 - 2016-01-01 19:37 - 00015074 _____ () C:\Program Files (x86)\Pidgin\plugins\libaim.dll
2016-01-01 19:37 - 2016-01-01 19:37 - 00311021 _____ () C:\Program Files (x86)\Pidgin\liboscar.dll
2016-01-01 19:37 - 2016-01-01 19:37 - 00092398 _____ () C:\Program Files (x86)\Pidgin\plugins\libbonjour.dll
2016-01-29 13:38 - 2016-01-29 13:41 - 00773010 _____ () C:\Program Files (x86)\Pidgin\plugins\libfacebook.dll
2016-01-29 13:38 - 2016-01-29 13:41 - 00574322 _____ () C:\Program Files (x86)\Pidgin\libjson-glib-1.0.dll
2016-01-01 19:37 - 2016-01-01 19:37 - 00332178 _____ () C:\Program Files (x86)\Pidgin\plugins\libgg.dll
2016-01-01 19:37 - 2016-01-01 19:37 - 00016005 _____ () C:\Program Files (x86)\Pidgin\plugins\libicq.dll
2016-01-01 19:37 - 2016-01-01 19:37 - 00107371 _____ () C:\Program Files (x86)\Pidgin\plugins\libirc.dll
2016-01-01 19:37 - 2016-01-01 19:37 - 00128694 _____ () C:\Program Files (x86)\Pidgin\libsasl2-3.dll
2016-01-01 19:37 - 2016-01-01 19:37 - 00374169 _____ () C:\Program Files (x86)\Pidgin\plugins\libmsn.dll
2016-01-01 19:37 - 2016-01-01 19:37 - 00150598 _____ () C:\Program Files (x86)\Pidgin\plugins\libmxit.dll
2016-01-01 19:37 - 2016-01-01 19:37 - 00106671 _____ () C:\Program Files (x86)\Pidgin\plugins\libmyspace.dll
2016-01-01 19:37 - 2016-01-01 19:37 - 00123540 _____ () C:\Program Files (x86)\Pidgin\plugins\libnovell.dll
2016-01-01 19:37 - 2016-01-01 19:37 - 00116071 _____ () C:\Program Files (x86)\Pidgin\plugins\libsametime.dll
2016-01-01 19:36 - 2016-01-01 19:36 - 00152852 _____ () C:\Program Files (x86)\Pidgin\libmeanwhile-1.dll
2016-01-01 19:37 - 2016-01-01 19:37 - 00171123 _____ () C:\Program Files (x86)\Pidgin\plugins\libsilc.dll
2016-01-01 19:37 - 2016-01-01 19:37 - 00225616 _____ () C:\Program Files (x86)\Pidgin\libsilcclient-1-1-4.dll
2016-01-01 19:37 - 2016-01-01 19:37 - 00868705 _____ () C:\Program Files (x86)\Pidgin\libsilc-1-1-4.dll
2016-01-01 19:37 - 2016-01-01 19:37 - 00055880 _____ () C:\Program Files (x86)\Pidgin\plugins\libsimple.dll
2016-01-01 19:37 - 2016-01-01 19:37 - 00021337 _____ () C:\Program Files (x86)\Pidgin\plugins\libxmpp.dll
2016-01-01 19:37 - 2016-01-01 19:37 - 00417764 _____ () C:\Program Files (x86)\Pidgin\libjabber.dll
2016-01-01 19:37 - 2016-01-01 19:37 - 00022832 _____ () C:\Program Files (x86)\Pidgin\plugins\libyahoo.dll
2016-01-01 19:37 - 2016-01-01 19:37 - 00236666 _____ () C:\Program Files (x86)\Pidgin\libymsg.dll
2016-01-01 19:37 - 2016-01-01 19:37 - 00019793 _____ () C:\Program Files (x86)\Pidgin\plugins\libyahoojp.dll
2016-01-01 19:37 - 2016-01-01 19:37 - 00047934 _____ () C:\Program Files (x86)\Pidgin\plugins\log_reader.dll
2016-01-01 19:37 - 2016-01-01 19:37 - 00021795 _____ () C:\Program Files (x86)\Pidgin\plugins\markerline.dll
2016-01-01 19:37 - 2016-01-01 19:37 - 00013456 _____ () C:\Program Files (x86)\Pidgin\plugins\newline.dll
2016-01-01 19:37 - 2016-01-01 19:37 - 00030249 _____ () C:\Program Files (x86)\Pidgin\plugins\notify.dll
2016-01-01 19:37 - 2016-01-01 19:37 - 00021075 _____ () C:\Program Files (x86)\Pidgin\plugins\nss-prefs.dll
2016-01-01 19:37 - 2016-01-01 19:37 - 00017023 _____ () C:\Program Files (x86)\Pidgin\plugins\offlinemsg.dll
2016-01-01 19:37 - 2016-01-01 19:37 - 00029256 _____ () C:\Program Files (x86)\Pidgin\plugins\pidginrc.dll
2016-01-01 19:37 - 2016-01-01 19:37 - 00015380 _____ () C:\Program Files (x86)\Pidgin\plugins\psychic.dll
2016-01-01 19:37 - 2016-01-01 19:37 - 00015429 _____ () C:\Program Files (x86)\Pidgin\plugins\relnot.dll
2016-01-01 19:37 - 2016-01-01 19:37 - 00015045 _____ () C:\Program Files (x86)\Pidgin\plugins\sendbutton.dll
2016-01-01 19:37 - 2016-01-01 19:37 - 00069625 _____ () C:\Program Files (x86)\Pidgin\plugins\spellchk.dll
2016-01-01 19:37 - 2016-01-01 19:37 - 00031993 _____ () C:\Program Files (x86)\Pidgin\plugins\ssl-nss.dll
2016-01-01 19:37 - 2016-01-01 19:37 - 00012004 _____ () C:\Program Files (x86)\Pidgin\plugins\ssl.dll
2016-01-01 19:37 - 2016-01-01 19:37 - 00015978 _____ () C:\Program Files (x86)\Pidgin\plugins\statenotify.dll
2016-01-01 19:37 - 2016-01-01 19:37 - 00030353 _____ () C:\Program Files (x86)\Pidgin\plugins\themeedit.dll
2016-01-01 19:37 - 2016-01-01 19:37 - 00032020 _____ () C:\Program Files (x86)\Pidgin\plugins\ticker.dll
2016-01-01 19:37 - 2016-01-01 19:37 - 00018399 _____ () C:\Program Files (x86)\Pidgin\plugins\timestamp.dll
2016-01-01 19:37 - 2016-01-01 19:37 - 00023851 _____ () C:\Program Files (x86)\Pidgin\plugins\timestamp_format.dll
2016-01-01 19:37 - 2016-01-01 19:37 - 00029791 _____ () C:\Program Files (x86)\Pidgin\plugins\win2ktrans.dll
2016-01-01 19:37 - 2016-01-01 19:37 - 00030771 _____ () C:\Program Files (x86)\Pidgin\plugins\winprefs.dll
2016-01-01 19:37 - 2016-01-01 19:37 - 00037191 _____ () C:\Program Files (x86)\Pidgin\plugins\xmppconsole.dll
2016-01-01 19:37 - 2016-01-01 19:37 - 00044494 _____ () C:\Program Files (x86)\Pidgin\plugins\xmppdisco.dll
2016-01-01 19:37 - 2016-01-01 19:37 - 00048402 _____ () C:\Program Files (x86)\Pidgin\sasl2\libanonymous-3.dll
2016-01-01 19:37 - 2016-01-01 19:37 - 00049962 _____ () C:\Program Files (x86)\Pidgin\sasl2\libcrammd5-3.dll
2016-01-01 19:37 - 2016-01-01 19:37 - 00079858 _____ () C:\Program Files (x86)\Pidgin\sasl2\libdigestmd5-3.dll
2016-01-01 19:37 - 2016-01-01 19:37 - 00048907 _____ () C:\Program Files (x86)\Pidgin\sasl2\libplain-3.dll
2016-01-01 19:36 - 2016-01-01 19:36 - 00486400 _____ () C:\Program Files (x86)\Pidgin\sqlite3.dll
2016-01-29 11:58 - 2016-01-29 11:58 - 00090496 _____ () C:\Program Files (x86)\Pidgin\Gtk\lib\gtk-2.0\2.10.0\engines\libwimp.dll
2016-02-02 22:47 - 2015-04-30 20:21 - 00011362 _____ () C:\Program Files (x86)\Evernote\Skitch\mingwm10.dll
2016-02-02 22:47 - 2015-04-30 20:21 - 00043008 _____ () C:\Program Files (x86)\Evernote\Skitch\libgcc_s_dw2-1.dll
2016-10-11 15:16 - 2016-10-11 15:16 - 01383616 _____ () C:\Users\LEW1S\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll
2016-01-18 10:53 - 2016-01-18 10:53 - 01481728 _____ () C:\Users\LEW1S\AppData\Local\Wunderlist\libglesv2.dll
2016-01-18 10:53 - 2016-01-18 10:53 - 00073728 _____ () C:\Users\LEW1S\AppData\Local\Wunderlist\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 11:04 - 2016-12-21 13:44 - 00000853 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1265675304-2135499584-1237270965-1001\Control Panel\Desktop\\Wallpaper -> c:\users\lew1s\desktop\webdevelopment\webjuice-bg.jpg
DNS Servers: 192.168.0.1 - 192.168.0.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "HandyAndy.lnk"
HKLM\...\StartupApproved\Run: => "GoPro Tray App"
HKLM\...\StartupApproved\Run: => "WavesSvc"
HKLM\...\StartupApproved\Run32: => "GrooveMonitor"
HKU\S-1-5-21-1265675304-2135499584-1237270965-1001\...\StartupApproved\Run: => "FLBackup"
HKU\S-1-5-21-1265675304-2135499584-1237270965-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1265675304-2135499584-1237270965-1001\...\StartupApproved\Run: => "Spotify Web Helper"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [UDP Query User{35D2E065-BE81-494D-90FF-3E13F469F85A}C:\programdata\logishrd\logioptions\software\6.00.547\logioptionsmgr.exe] => C:\programdata\logishrd\logioptions\software\6.00.547\logioptionsmgr.exe
FirewallRules: [TCP Query User{CA553E2D-73B1-473A-AF51-FAB8D95992E2}C:\programdata\logishrd\logioptions\software\6.00.547\logioptionsmgr.exe] => C:\programdata\logishrd\logioptions\software\6.00.547\logioptionsmgr.exe
FirewallRules: [{6DB8C342-FF7D-4079-9900-09996C996DAB}] => C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE
FirewallRules: [UDP Query User{F42A87AF-E325-4A17-BCFE-7DCBDAC90E33}C:\program files (x86)\hearthstone\hearthstone.exe] => C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{D4A9D29E-9916-402C-86BC-70C05B6EBE30}C:\program files (x86)\hearthstone\hearthstone.exe] => C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{35B79191-5998-4559-A9D1-DB0F1B9E8002}C:\windows\system32\igfxext.exe] => C:\windows\system32\igfxext.exe
FirewallRules: [TCP Query User{71293329-E159-4315-B19E-9A67153627BB}C:\windows\system32\igfxext.exe] => C:\windows\system32\igfxext.exe
FirewallRules: [{5597215E-8A90-4433-AC72-2F5F542558D1}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{BC065E56-B1F7-4DDE-8C16-E3E0DE60411E}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{A2134AF5-CB66-4A63-BD03-A0C376C7EC99}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{068AAFB9-C6C1-4C45-AD60-C622D2A30ABA}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{75C9BCA1-9822-407C-9D5B-B6DD7A5F33A3}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{55099CC3-12D4-41D9-8A0E-90498028EB8B}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AB1E5D6A-CF7E-4FB9-9CD1-B823ACDC83BB}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{FF643E25-C66B-4B11-80C8-97C4F660132C}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{20DA7E0D-24DC-4485-926C-659667816534}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{91C4B261-E5E4-43C7-A260-024809699117}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{A73AD635-FF99-4122-A567-A67386C7E938}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{9A596487-A928-4E6C-9B3E-1397E1F3C0EE}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{013E5D39-3DBF-4DC1-852F-F78F039EF4F0}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C9CACB0C-623D-47AE-9FEE-E0A7198A1FEC}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{735E63BC-085F-4276-9909-A4AE4552A771}C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe] => C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe
FirewallRules: [UDP Query User{B2762495-5761-4462-9C42-40150DBC28E6}C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe] => C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe
FirewallRules: [{C3F190A1-33D0-41FD-847F-FDC58F5BF514}] => C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{62342001-BF62-4038-9585-86E219528A29}] => C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{EDA6704D-9B69-47BF-BD7F-66F18027D7F2}] => C:\Users\LEW1S\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B7AFB32C-E0E1-4E22-9616-8761EC54DCD6}] => C:\Users\LEW1S\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C5B0FFB7-99AA-4BA0-8FB9-47851EAC9EE2}] => C:\Users\LEW1S\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8C5FDCCD-C715-4D60-A6BA-7E6078E69510}] => C:\Users\LEW1S\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7FDE5B03-A27C-41CD-8F99-C398BCCEFDF7}] => C:\Users\LEW1S\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5EBDF778-0EF9-4987-ACFE-6DB26F1AD9DE}] => C:\Users\LEW1S\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{D3C3A89E-9F84-44AF-9B50-D9FE83A6EEB5}C:\windows\system32\runtimebroker.exe] => C:\windows\system32\runtimebroker.exe
FirewallRules: [UDP Query User{F755FEFE-2EC2-44FC-9089-55EF076191BB}C:\windows\system32\runtimebroker.exe] => C:\windows\system32\runtimebroker.exe
FirewallRules: [TCP Query User{CFAD7221-CED1-4D04-B465-441E8813CC5F}C:\windows\explorer.exe] => C:\windows\explorer.exe
FirewallRules: [UDP Query User{7869DFC3-6986-4E2D-8DAB-9A06647DFA85}C:\windows\explorer.exe] => C:\windows\explorer.exe
FirewallRules: [TCP Query User{DD232B21-7A7E-456F-84BB-BBDA8B1D7714}C:\windows\system32\sihost.exe] => C:\windows\system32\sihost.exe
FirewallRules: [UDP Query User{772FBD0C-93A2-4043-B487-55E35090FDCC}C:\windows\system32\sihost.exe] => C:\windows\system32\sihost.exe
FirewallRules: [{D30B36B0-D82E-4936-AE8B-B9C88F6DCF05}] => C:\windows\system32\sihost.exe
FirewallRules: [{DBA99292-20E7-4C24-B4E6-083796146F16}] => C:\windows\system32\sihost.exe
FirewallRules: [{4AA5F436-4F56-4CDE-AAB7-94EB82AB6579}] => C:\windows\explorer.exe
FirewallRules: [{1CA9966F-143E-47EB-B7D5-AD2D1F8BB66F}] => C:\windows\explorer.exe
FirewallRules: [{BB80A654-973E-4809-83F8-7535A39F9F3B}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{30E90C4A-8AE4-4893-AB40-A01EC419FF1F}] => LPort=2869
FirewallRules: [{481F096B-0F3A-431D-85FC-35B8B159146D}] => LPort=1900
FirewallRules: [{4EE5F63F-E5DD-4D8D-865D-10777A628202}] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [TCP Query User{389932DD-D2DC-4030-A5A0-AA0DC4DB0331}C:\program files\filezilla ftp client\filezilla.exe] => C:\program files\filezilla ftp client\filezilla.exe
FirewallRules: [UDP Query User{2FBB64BD-2B0D-4FE2-94AC-35BFBB3203F8}C:\program files\filezilla ftp client\filezilla.exe] => C:\program files\filezilla ftp client\filezilla.exe
FirewallRules: [{9B273753-3905-4197-97B6-70CC85E57776}] => C:\Program Files\GoPro\GoPro Desktop App\GoPro.exe
FirewallRules: [{D6361664-5C6B-4B5E-99E5-07B65A959520}] => C:\Program Files\GoPro\GoPro Desktop App\GoProMsgBus.exe
FirewallRules: [{4A345A17-F223-4CC8-939F-BD0B1C815924}] => C:\Program Files\GoPro\GoPro Desktop App\GoProIDService.exe
FirewallRules: [{377BAE10-1B0A-42AF-AED2-6EE48FD3BDB5}] => C:\Program Files\GoPro\GoPro Desktop App\GoProLauncher.exe
FirewallRules: [TCP Query User{C24B4801-7E38-49A9-8D62-1C9E4AF7B214}C:\users\lew1s\appdata\roaming\spotify\spotify.exe] => C:\users\lew1s\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{449431E4-8673-4B71-B8B4-58421A26321A}C:\users\lew1s\appdata\roaming\spotify\spotify.exe] => C:\users\lew1s\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{2258C98A-BE51-4CC5-93F6-4A3B56E6D9A5}C:\users\lew1s\appdata\roaming\spotify\spotify.exe] => C:\users\lew1s\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{747AA226-6B9A-4543-8ADB-09CD0F1469C3}C:\users\lew1s\appdata\roaming\spotify\spotify.exe] => C:\users\lew1s\appdata\roaming\spotify\spotify.exe
FirewallRules: [{A3316016-34C1-4EB1-948E-A17044722186}] => C:\Program Files\Andy\andy.exe
FirewallRules: [{EFFE6AAB-B38D-4112-9641-3D4F3E357136}] => C:\Program Files\Andy\andy.exe
FirewallRules: [{17D73A2F-9CB3-45D9-936B-C831268D4A54}] => C:\Program Files\Andy\AndyConsole.exe
FirewallRules: [{F11F900B-646F-47BC-AC55-B86DD1641B9C}] => C:\Program Files\Andy\AndyConsole.exe
FirewallRules: [{A2A5D2F4-4C6D-4CBA-9EE3-F95CAA27690D}] => C:\Program Files\Andy\HandyAndy.exe
FirewallRules: [{C9BCCAF6-DD10-4FA9-B4DB-2C7C428A2F86}] => C:\Program Files\Andy\HandyAndy.exe
FirewallRules: [{C4387154-25B3-43BB-BBC7-1B12FE367A12}] => C:\Program Files\Andy\SetupFiles\Uninstall.exe
FirewallRules: [{81BB3DDE-C61D-4AB3-92B3-5C4EC9DD43D9}] => C:\Program Files\Andy\SetupFiles\Uninstall.exe
FirewallRules: [{B83B62BD-5B51-4FF6-8EB5-134ABC0A96C4}] => C:\Program Files\Andy\SetupFiles\VMwareCheck.exe
FirewallRules: [{9AF4E4FB-F3D9-4F64-9843-575798F01658}] => C:\Program Files\Andy\SetupFiles\VMwareCheck.exe
FirewallRules: [{C2D3EAAF-D24A-4061-9C05-3C1A3442980D}] => C:\Program Files\Andy\SetupFiles\AndyDoctor.exe
FirewallRules: [{49A46CCD-C58B-450C-969E-F972E06149F9}] => C:\Program Files\Andy\SetupFiles\AndyDoctor.exe
FirewallRules: [{E2B07B2A-5D8F-4CF2-A052-57FFAC5A542A}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{82E9F654-0231-4018-9631-F4B7F3018861}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3353C5B3-EEF8-4990-BEF1-F9064D09E708}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{50C65DDD-33C8-4844-BDDE-2B34E4125FD1}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{EC1DF949-07EE-46AD-96B5-F090011B9FB3}C:\users\lew1s\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe] => C:\users\lew1s\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe
FirewallRules: [{6302FF48-EFDB-4A17-9EC3-DBBA7EF331B3}] => C:\Program Files\Oracle\VirtualBox\vboxheadless.exe
FirewallRules: [{0FF06B46-B084-49F7-A19C-4BA7F9E19664}] => C:\Windows\system32\rundll32.exe
FirewallRules: [{74185ACA-7120-4518-AA5B-E9B6B767488A}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{D3712028-1AFE-4E93-914A-B37C52A56466}] => C:\Windows\System32\rundll32.exe
FirewallRules: [{B64A709B-960F-45C5-A63E-620F292E1B8A}] => C:\Windows\System32\rundll32.exe
FirewallRules: [{7E2B5DA3-0530-4124-9255-E60A5B3DEE55}] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{7410A27E-F492-4E0A-8187-B98E19D206C5}] => C:\Program Files (x86)\Adguard\AdguardSvc.exe
FirewallRules: [{A81CD738-E166-4410-86B6-6B820744C309}] => C:\Windows\System32\rundll32.exe
FirewallRules: [{75A37597-6D9A-477D-A1CF-6379743A4500}] => C:\Windows\System32\rundll32.exe

==================== Restore Points =========================

21-12-2016 21:07:17 Checkpoint by HitmanPro
21-12-2016 21:08:25 Checkpoint by HitmanPro

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/22/2016 01:16:09 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\DESKTOP-1EKJ75Q$ via https://NTC-NameId-bcd3c503d39e51b0c50489e9228e984a7e63e303.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"ntc-nameid-bcd3c503d39e51b0c50489e9228e984a7e63e303.microsoftaik.azure.net\" does not exist."}
Cache-Control: no-cache
Date: Thu, 22 Dec 2016 13:16:09 GMT
Pragma: no-cache
Content-Length: 122
Content-Type: application/json; charset=utf-8
Expires: -1
Server: Microsoft-IIS/8.5
x-ms-request-id: 5ca1fc46-4a4d-486b-90a6-5eaa8367809b
Strict-Transport-Security: max-age=31536000;includeSubDomains
X-Content-Type-Options: nosniff
X-Powered-By: ASP.NET

Method: GET(94ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (12/22/2016 01:16:02 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\DESKTOP-1EKJ75Q$ via https://NTC-NameId-bcd3c503d39e51b0c50489e9228e984a7e63e303.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"ntc-nameid-bcd3c503d39e51b0c50489e9228e984a7e63e303.microsoftaik.azure.net\" does not exist."}
Cache-Control: no-cache
Date: Thu, 22 Dec 2016 13:16:02 GMT
Pragma: no-cache
Content-Length: 122
Content-Type: application/json; charset=utf-8
Expires: -1
Server: Microsoft-IIS/8.5
x-ms-request-id: 8aac792a-9d5e-4113-ac28-1ca9fc641e18
Strict-Transport-Security: max-age=31536000;includeSubDomains
X-Content-Type-Options: nosniff
X-Powered-By: ASP.NET

Method: GET(344ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (12/22/2016 01:15:54 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (12/22/2016 01:05:05 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\DESKTOP-1EKJ75Q$ via https://NTC-NameId-bcd3c503d39e51b0c50489e9228e984a7e63e303.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"ntc-nameid-bcd3c503d39e51b0c50489e9228e984a7e63e303.microsoftaik.azure.net\" does not exist."}
Cache-Control: no-cache
Date: Thu, 22 Dec 2016 13:05:08 GMT
Pragma: no-cache
Content-Length: 122
Content-Type: application/json; charset=utf-8
Expires: -1
Server: Microsoft-IIS/8.5
x-ms-request-id: c8ab0412-ccc6-414e-a27c-157f7748b8ef
Strict-Transport-Security: max-age=31536000;includeSubDomains
X-Content-Type-Options: nosniff
X-Powered-By: ASP.NET

Method: GET(110ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (12/22/2016 01:04:59 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\DESKTOP-1EKJ75Q$ via https://NTC-NameId-bcd3c503d39e51b0c50489e9228e984a7e63e303.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"ntc-nameid-bcd3c503d39e51b0c50489e9228e984a7e63e303.microsoftaik.azure.net\" does not exist."}
Cache-Control: no-cache
Date: Thu, 22 Dec 2016 13:05:02 GMT
Pragma: no-cache
Content-Length: 122
Content-Type: application/json; charset=utf-8
Expires: -1
Server: Microsoft-IIS/8.5
x-ms-request-id: decb04c9-fe02-4eb4-95e3-06d7c1986bbf
Strict-Transport-Security: max-age=31536000;includeSubDomains
X-Content-Type-Options: nosniff
X-Powered-By: ASP.NET

Method: GET(922ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (12/22/2016 01:04:47 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (12/22/2016 12:53:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Microsoft.Photos.exe version 1.0.1611.18000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1f4

Start Time: 01d25c5256e06b6e

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe

Report Id: af01af64-c845-11e6-9c88-c14ec8d2e2e5

Faulting package full name: Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe

Faulting package-relative application ID: App

Error: (12/22/2016 12:53:50 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-1EKJ75Q)
Description: Package Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.

Error: (12/22/2016 09:52:10 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.

Error: (12/22/2016 09:45:16 AM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.


System errors:
=============
Error: (12/22/2016 01:36:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (12/22/2016 01:36:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (12/22/2016 01:36:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (12/22/2016 01:36:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (12/22/2016 01:36:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (12/22/2016 01:36:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (12/22/2016 01:36:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (12/22/2016 01:36:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (12/22/2016 01:36:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (12/22/2016 01:34:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading


CodeIntegrity:
===================================
Date: 2016-12-22 13:27:21.600
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Andy\msvcr100.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-12-22 13:27:21.587
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Andy\msvcr100.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-12-22 13:27:21.576
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Andy\msvcr100.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-12-22 13:27:21.557
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Andy\msvcr100.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-12-22 13:27:21.544
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Andy\msvcr100.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-12-22 13:27:21.533
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Andy\msvcr100.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-12-22 13:27:21.483
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Andy\msvcp100.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-12-22 13:27:21.473
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Andy\msvcp100.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-12-22 13:27:21.465
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Andy\msvcp100.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-12-22 13:27:21.452
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Andy\msvcp100.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i7-6700HQ CPU @ 2.60GHz
Percentage of memory in use: 59%
Total physical RAM: 16205.83 MB
Available physical RAM: 6548.58 MB
Total Virtual: 33613.83 MB
Available Virtual: 17553.58 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:940.78 GB) (Free:56.38 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 953.9 GB) (Disk ID: 21501173)

Partition: GPT.

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 23 December 2016 - 01:50 PM.
Posted modified logs


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,751 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:46 AM

Posted 23 December 2016 - 01:44 PM

Greetings Mike and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me just a bit of time to review what you have posted.

**EDIT**

You have a variety of pirated programs/software on your computer. I am certain at least some of them are the cause of your difficulties. Please uninstall every program for which you do not have a valid product key. Following that rerun a FRST scan and copy/paste both logs in your reply. In addition, please do this.

===================================================

CKScanner

--------------------
  • Download CKScanner and save it to your Desktop
  • Double click CKScanner
  • Select Search For Files
  • Once completed select Save List to File
  • A ckfiles.txt document will be placed on your Desktop
  • Copy and paste the results of that report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • CKScanner report
  • FRST report
  • Addition report

Edited by Oh My!, 23 December 2016 - 02:25 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 lew1s

lew1s
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  

Posted 23 December 2016 - 06:41 PM

Hi,
 
CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\apps\adobe photoshop lightroom cc 6.5 incl patch-=team os=-\adobe_cc_v2015-xforce\crack-osx\install.txt
c:\apps\adobe photoshop lightroom cc 6.5 incl patch-=team os=-\adobe_cc_v2015-xforce\crack-osx\xf-accm2015.dmg
c:\apps\adobe photoshop lightroom cc 6.5 incl patch-=team os=-\adobe_cc_v2015-xforce\crack-windows\install.txt
c:\apps\adobe photoshop lightroom cc 6.5 incl patch-=team os=-\adobe_cc_v2015-xforce\crack-windows\xf-adobecc2015.exe
c:\program files\git\usr\bin\ssh-keygen.exe
c:\users\lew1s\.babun\cygwin\bin\ssh-keygen.exe
c:\users\lew1s\.babun\cygwin\lib\python2.7\lib-dynload\crypt.dll
c:\users\lew1s\.babun\cygwin\usr\share\man\man1\ssh-keygen.1.gz
c:\users\lew1s\.babun\cygwin\usr\share\man\man3\evp_pkey_ctx_get_keygen_info.3.gz
c:\users\lew1s\.babun\cygwin\usr\share\man\man3\evp_pkey_ctx_set_rsa_keygen_pubexp.3.gz
c:\users\lew1s\.babun\cygwin\usr\share\man\man3\evp_pkey_ctx_set_rsa_rsa_keygen_bits.3.gz
c:\users\lew1s\.babun\cygwin\usr\share\man\man3\evp_pkey_keygen.3.gz
c:\users\lew1s\.babun\cygwin\usr\share\man\man3\evp_pkey_keygen_init.3.gz
scanner sequence 3.FI.11.RTNAEZ
 ----- EOF -----

Edited by Oh My!, 23 December 2016 - 08:41 PM.


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,751 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:46 AM

Posted 23 December 2016 - 08:47 PM

Gtreetings,

If you are willing, please uninstall Adobe Photoshop Lightroom and run the FRST scan as previously requested.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 lew1s

lew1s
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  

Posted 24 December 2016 - 09:35 AM

Hi and thanks for reply. I dont think its Lightroom. Was using over half year without any issues. This problem started when I download one crack for one software and I ran exe file. From that time all browsers are broken. redirecting, flashing chrome and so on. I uninstalled lightroom and reboot the pc. Now you can see my Windows/Temp folder screenshot. There are 4 suspicious files and 2 are exe files. Every time I delete these files after reboot they come back and doing bad. 
 
See new logs and screenshot. thanks for help and happy christmass :)

FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-12-2016
Ran by LEW1S (administrator) on DESKTOP-1EKJ75Q (24-12-2016 14:19:31)
Running from C:\Users\LEW1S\Downloads
Loaded Profiles: LEW1S (Available Profiles: LEW1S)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Performix LLC) C:\Program Files (x86)\Adguard\AdguardSvc.exe
() C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Portrait Displays, Inc.) C:\Program Files\Portrait Displays\Dell PremierColor\PremierColorService.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
() C:\Program Files (x86)\Dell Dock Update\DUWrapperService.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe
(New Softwares.net) C:\Windows\SysWOW64\WinFLService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Windows\Temp\gF0B7.tmp.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe
(Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe
(Portrait Displays, Inc.) C:\Program Files\Portrait Displays\Dell PremierColor\PremierColor.exe
() C:\Program Files\Portrait Displays\Dell PremierColor\CTHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
( New Softwares.net) C:\Windows\SysWOW64\WinFLTray.exe
(Performix LLC) C:\Program Files (x86)\Adguard\Adguard.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
(Dell Inc.) C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
() C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Dell) C:\Program Files\Dell\Dell Product Registration\PRSvc.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8822528 2016-05-25] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1429248 2016-05-25] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322472 2015-07-22] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-15] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Fences] => C:\Program Files (x86)\Stardock\Fences\Fences.exe [4031152 2013-11-26] (Stardock Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-26] (Logitech, Inc.)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [718256 2015-12-22] (Waves Audio Ltd.)
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [1724536 2016-07-29] (Logitech, Inc.)
HKLM\...\Run: [GoPro Tray App] => C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe [1088944 2016-05-11] ()
HKLM\...\Run: [PremierColor] => C:\Program Files\Portrait Displays\Dell PremierColor\PremierColor.exe [3889904 2015-11-14] (Portrait Displays, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1298456 2015-04-20] (CANON INC.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25779624 2016-12-21] (Dropbox, Inc.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-16] (AVAST Software)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [413696 2009-01-05] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM\...\RunOnce: [wd] => C:\Windows\TEMP\gF0B7.tmp.exe [252416 2016-12-24] () <===== ATTENTION
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1265675304-2135499584-1237270965-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9105112 2016-11-15] (Piriform Ltd)
HKU\S-1-5-21-1265675304-2135499584-1237270965-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4290240 2016-03-01] (Disc Soft Ltd)
HKU\S-1-5-21-1265675304-2135499584-1237270965-1001\...\Run: [WinFLTray] => C:\Windows\SysWow64\WinFLTray.exe [331824 2016-07-24] ( New Softwares.net)
HKU\S-1-5-21-1265675304-2135499584-1237270965-1001\...\Run: [FLBackup] => C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServCtrl.exe [277552 2016-07-24] (New Softwares.net)
HKU\S-1-5-21-1265675304-2135499584-1237270965-1001\...\Run: [Spotify Web Helper] => C:\Users\LEW1S\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1444976 2016-12-21] (Spotify Ltd)
HKU\S-1-5-21-1265675304-2135499584-1237270965-1001\...\Run: [Spotify] => C:\Users\LEW1S\AppData\Roaming\Spotify\Spotify.exe [7153264 2016-12-21] (Spotify Ltd)
HKU\S-1-5-21-1265675304-2135499584-1237270965-1001\...\Run: [Adguard] => C:\Program Files (x86)\Adguard\Adguard.exe [5622032 2016-12-02] (Performix LLC)
HKU\S-1-5-21-1265675304-2135499584-1237270965-1001\...\RunOnce: [Uninstall C:\Users\LEW1S\AppData\Local\Microsoft\OneDrive\17.3.6301.0127_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\LEW1S\AppData\Local\Microsoft\OneDrive\17.3.6301.0127_1\amd64"
HKU\S-1-5-21-1265675304-2135499584-1237270965-1001\...\MountPoints2: {5a8fa2e3-6d60-11e6-9c40-98dd93d09636} - "G:\Lenovo_Suite.exe"
HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [371928 2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-09-13] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2016-01-16]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HandyAndy.lnk [2016-12-07]
ShortcutTarget: HandyAndy.lnk -> C:\Program Files\Andy\HandyAndy.exe (Andy OS, inc.)
Startup: C:\Users\LEW1S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2016-02-29]
Startup: C:\Users\LEW1S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fences.lnk [2016-04-13]
ShortcutTarget: Fences.lnk -> C:\Program Files (x86)\Stardock\Fences\Fences.exe (Stardock Corporation)
Startup: C:\Users\LEW1S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RLEThjJwJFKr.lnk [2016-02-29]
BootExecute: autocheck autochk * sh4native Sh4Removal
GroupPolicy: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{971b60a9-556f-4196-b2fc-febe3248a832}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM -> DefaultScope {003CAC80-DAC6-4732-93DF-CC93124FF197} URL =
SearchScopes: HKLM-x32 -> DefaultScope {003CAC80-DAC6-4732-93DF-CC93124FF197} URL =
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-02-26] (LastPass)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-26] (Logitech, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-12-03] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2016-09-23] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2016-02-26] (LastPass)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-26] (Logitech, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-03] (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-02-26] (LastPass)
Toolbar: HKLM - No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - No File
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2016-02-26] (LastPass)
Toolbar: HKLM-x32 - No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - No File

FireFox:
========
FF ProfilePath: C:\Users\LEW1S\AppData\Roaming\Postbox\Profiles\73ujw2qk.default [2016-11-03]
FF ProfilePath: C:\Users\LEW1S\AppData\Roaming\Mozilla\Firefox\Profiles\t20kov17.default-1482400321512 [2016-12-24]
FF Extension: (Awesome Screenshot - Capture, Annotate & More) - C:\Users\LEW1S\AppData\Roaming\Mozilla\Firefox\Profiles\t20kov17.default-1482400321512\Extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack.xpi [2016-12-22]
FF Extension: (Nimbus Screen Capture - editable screenshots.) - C:\Users\LEW1S\AppData\Roaming\Mozilla\Firefox\Profiles\t20kov17.default-1482400321512\Extensions\nimbusscreencaptureff@everhelper.me.xpi [2016-12-22]
FF Extension: (FireShot) - C:\Users\LEW1S\AppData\Roaming\Mozilla\Firefox\Profiles\t20kov17.default-1482400321512\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2016-12-22]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-09-13]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-09-13]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2016-06-29] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll [2016-10-30] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-09-19] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWoW64\Macromed\Flash\NPSWF32_16_0_0_257.dll [2016-10-30] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2014-07-28] (CANON INC.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-25] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-25] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-12-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-03] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2014-05-19] (Nitro PDF)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-09-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-09-16] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-09-19] (Adobe Systems)

Chrome:
=======
CHR DefaultProfile: Profile 5
CHR HomePage: Profile 5 -> hxxp://google.ie/
CHR StartupUrls: Profile 5 -> "hxxp://google.ie/"
CHR DefaultSearchKeyword: Profile 5 -> lp
CHR Session Restore: Profile 5 -> is enabled.
CHR Profile: C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Backup Default [2016-12-21]
CHR Profile: C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 1 [2016-12-21]
CHR Profile: C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 2 [2016-12-22]
CHR Profile: C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 3 [2016-12-22]
CHR Profile: C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 4 [2016-12-22]
CHR Profile: C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5 [2016-12-24]
CHR Extension: (Google Slides) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-22]
CHR Extension: (Super Netflix) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\aioencjhbaolepcoappllicjebblphoc [2016-12-22]
CHR Extension: (Brogrammer Dev Tools Theme) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\alolpfkmcjdkieibielpffiehpobafae [2016-12-22]
CHR Extension: (Google Docs) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-22]
CHR Extension: (Google Drive) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-22]
CHR Extension: (Web Developer) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2016-12-22]
CHR Extension: (ColorZilla) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp [2016-12-22]
CHR Extension: (SnappySnippet) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\blfngdefapoapkcdibbdkigpeaffgcil [2016-12-22]
CHR Extension: (YouTube) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-22]
CHR Extension: (Facebook) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2016-12-22]
CHR Extension: (DevTools Theme: Zero Dark Matrix) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\bomhdjeadceaggdgfoefmpeafkjhegbo [2016-12-22]
CHR Extension: (GistBox) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\caoihfibgoiiakncomhccbflmlgjaohf [2016-12-22]
CHR Extension: (Adblock for Youtube™) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2016-12-22]
CHR Extension: (Clear Cache) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn [2016-12-22]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2016-12-22]
CHR Extension: (Google+) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\dlppkpafhbajpcmmoheippocdidnckmm [2016-12-22]
CHR Extension: (Google Calendar) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2016-12-22]
CHR Extension: (Box) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ejnkaeblpdcamcioiiabclakabcbjmbl [2016-12-22]
CHR Extension: (Video Downloader professional) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2016-12-22]
CHR Extension: (Strong Password Generator) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\emehklffcaphknhhfhadkjhpfapcbpco [2016-12-22]
CHR Extension: (Google Sheets) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-12-22]
CHR Extension: (Google Docs Offline) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-22]
CHR Extension: (AdBlock) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-12-22]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2016-12-24]
CHR Extension: (Google Calendar (by Google)) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2016-12-22]
CHR Extension: (Pinterest Save Button) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2016-12-22]
CHR Extension: (Wappalyzer) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\gppongmhjkpfnbhagpmjfkannfbllamg [2016-12-22]
CHR Extension: (Color Tab) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\hchlgfaicmddilenlflajnmomalehbom [2016-12-22]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-12-22]
CHR Extension: (SEO & Website Analysis) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\hlngmmdolgbdnnimbmblfhhndibdipaf [2016-12-22]
CHR Extension: (Google Play Music) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2016-12-22]
CHR Extension: (Social Fixer for Facebook) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2016-12-22]
CHR Extension: (Apps Launcher) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ijmgkhchjindcjamnckoiahagecjnkdc [2016-12-22]
CHR Extension: (WhatFont) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\jabopobgcpjmedljpbcaablpmlmfcogm [2016-12-22]
CHR Extension: (World Time Buddy) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\jdhpjomiingppeefgnohkiapmnaeakoj [2016-12-22]
CHR Extension: (Page Ruler) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\jlpkojjdgbllmedoapgfodplfhcbnbpn [2016-12-22]
CHR Extension: (Tag Assistant (by Google)) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\kejbdjndbnbjgmefkgdddjlbokphdefk [2016-12-22]
CHR Extension: (WordPress.com) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\khjnjifipfkgglficmipimgjpbmlbemd [2016-12-22]
CHR Extension: (TrackingTime
Time Tracker) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\knailkjkjcfegledhjhcfacdngnicimb [2016-12-22]
CHR Extension: (Momentum) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\laookkfknpbbblfpciffpaejjkokdgca [2016-12-22]
CHR Extension: (Evernote Web) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2016-12-22]
CHR Extension: (Corporate Ipsum) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\lfmadckmfehehmdnmhaebniooenedcbb [2016-12-22]
CHR Extension: (Google Maps) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2016-12-22]
CHR Extension: (Morpheon Dark) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\mafbdhjdkjnoafhfelkjpchpaepjknad [2016-12-22]
CHR Extension: (Lightshot (screenshot tool)) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2016-12-22]
CHR Extension: (Take Webpage Screenshots Entirely - FireShot) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg [2016-12-22]
CHR Extension: (Screencastify (Screen Video Recorder)) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\mmeijimgabbpbgpdklnllpncmdofkcpn [2016-12-22]
CHR Extension: (DevDocs) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\mnfehgbmkapmjnhcnbodoamcioleeooe [2016-12-22]
CHR Extension: (Sticky Notes) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\nbjdhgkkhefpifbifjiflpaajchdkhpg [2016-12-22]
CHR Extension: (GetThemAll Video Downloader) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\nbkekaeindpfpcoldfckljplboolgkfm [2016-12-22]
CHR Extension: (Save to Pocket) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2016-12-22]
CHR Extension: (Awesome Screenshot: Screen capture, Annotate) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\nlipoenfbbikpbjkfpfillcgkoblgpmj [2016-12-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-22]
CHR Extension: (Better History) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\obciceimmggglbmelaidpjlmodcebijb [2016-12-22]
CHR Extension: (Responsive Web Design Tester) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\objclahbaimlfnbjdeobicmmlnbhamkg [2016-12-22]
CHR Extension: (imo free video calls and text) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ocaebkdojpikfmhmnekiflipcicedobi [2016-12-22]
CHR Extension: (Chrome Apps & Extensions Developer Tool) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ohmmkhmmmpcnpikjeljgnaoabkaalbgc [2016-12-22]
CHR Extension: (Wunderlist for Chrome) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\ojcflmmmcfpacggndoaaflkmcoblhnbh [2016-12-22]
CHR Extension: (Droplr for Chrome) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\oncaapliomaamlbopdmhmdompfemljhm [2016-12-22]
CHR Extension: (Gmail) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-22]
CHR Extension: (Chrome Media Router) - C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-22]
CHR HKLM-x32\...\Chrome\Extension: [dhhejlifdlcgcmogbggeomfodgklfaem] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [imhlianhlhdicjchlbmbfaefhhjencbe] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Adguard Service; C:\Program Files (x86)\Adguard\AdguardSvc.exe [151312 2016-12-02] (Performix LLC)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-13] (AVAST Software)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2297104 2015-10-29] (Broadcom Corporation.)
S3 cplspcon; C:\Windows\system32\IntelCpHDCPSvc.exe [448488 2016-07-28] (Intel Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-29] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-01-29] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [42096 2016-12-21] (Dropbox, Inc.)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [132472 2016-09-09] (Dell Inc.)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [97616 2016-11-30] (Dell)
R2 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [78672 2016-09-13] (Dell Inc.)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-06-23] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-06-23] (Dell Inc.)
R2 DellDockUpdate; C:\Program Files (x86)\Dell Dock Update\DUWrapperService.exe [126832 2016-07-07] ()
R2 DellPremierColorService; C:\Program Files\Portrait Displays\Dell PremierColor\PremierColorService.exe [175344 2015-11-14] (Portrait Displays, Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1444544 2016-03-01] (Disc Soft Ltd)
R2 esifsvc; C:\Windows\SysWoW64\esif_uf.exe [1392792 2015-10-30] (Intel Corporation)
R2 FLService; C:\WINDOWS\SysWow64\WinFLService.exe [94768 2016-07-24] (New Softwares.net)
R2 GoProDeviceDetectionService; C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe [37808 2016-05-11] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-07-22] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373736 2016-07-28] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
S3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2015-09-05] (Intel Corporation)
R2 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe [230920 2014-05-19] (Nitro PDF Software)
R2 NitroUpdateService; C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe [417800 2014-05-19] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-15] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-06-15] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-15] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2016-02-03] (Electronic Arts)
R2 Product Registration; C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [80208 2016-09-22] (Dell)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312576 2016-05-25] (Realtek Semiconductor)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31704 2016-09-09] (Dell Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7032080 2016-05-12] (TeamViewer GmbH)
S3 ThunderboltService; C:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [1831064 2015-11-04] (Intel Corporation)
S3 wampapache64; c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [24576 2014-05-01] (Apache Software Foundation) [File not signed]
S3 wampmysqld64; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [12942848 2014-05-01] () [File not signed]
R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [613296 2015-12-22] (Waves Audio Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S2 Phgech; C:\Program Files (x86)\Dracoentghocage\atervosyprv.dll [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 adgnetworkwfpdrv; C:\Windows\System32\drivers\adgnetworkwfpdrv.sys [74864 2016-10-05] ()
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-09-13] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-09-13] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-09-13] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-09-13] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-09-13] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-09-14] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2016-09-22] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-09-13] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-14] (AVAST Software)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [227136 2015-10-29] (Broadcom Corporation.)
R3 BCMPCIEDHD63; C:\Windows\system32\DRIVERS\bcmpciedhd63.sys [1046296 2016-05-03] (Broadcom Corp)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [32464 2015-09-11] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-09-11] (Dell Computer Corporation)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)
R3 dptf_acpi; C:\Windows\System32\drivers\dptf_acpi.sys [55784 2015-10-30] (Intel Corporation)
R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [52200 2015-10-30] (Intel Corporation)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2016-03-30] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2016-03-30] (Disc Soft Ltd)
R3 esif_lf; C:\Windows\system32\DRIVERS\esif_lf.sys [260072 2015-10-30] (Intel Corporation)
R3 HidEventFilter; C:\Windows\System32\drivers\HidEventFilter.sys [43512 2015-06-10] (Intel Corporation)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R2 NEWDRIVER; C:\WINDOWS\SysWow64\WinVDEdrv6.sys [197648 2016-07-24] ()
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvdmi.inf_amd64_86f2ae812568c59a\nvlddmkm.sys [14242872 2016-09-20] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
S3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [752856 2015-06-24] (Realsil Semiconductor Corporation)
U5 RTSUER; C:\Windows\System32\Drivers\RTSUER.sys [402136 2015-06-24] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-08-03] (Synaptics Incorporated)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
S1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [127456 2016-03-04] (Oracle Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 wdm_usb; C:\Windows\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R1 WinFLAdrv; C:\Windows\SysWow64\WinFLAdrv.sys [36472 2016-07-24] ()
R2 WinVDEDrv; C:\WINDOWS\SysWow64\WinVDEdrv.sys [225680 2016-07-24] (NewSoftwares.net, Inc.)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2016-12-21] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2016-12-21] (Zemana Ltd.)
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-23 22:50 - 2016-12-23 23:37 - 00001448 _____ C:\Users\LEW1S\Downloads\ckfiles.txt
2016-12-23 22:47 - 2016-12-23 22:47 - 00468480 _____ () C:\Users\LEW1S\Downloads\CKScanner.exe
2016-12-22 22:28 - 2016-12-22 22:28 - 00096760 _____ C:\Users\LEW1S\Downloads\Gateway-Server Packet Structure.pdf
2016-12-22 16:24 - 2016-12-22 19:08 - 34867487 _____ C:\Users\LEW1S\Desktop\gavurky.pdf
2016-12-22 15:40 - 2016-12-24 14:19 - 00045328 _____ C:\Users\LEW1S\Downloads\FRST.txt
2016-12-22 15:40 - 2016-12-24 14:19 - 00000000 ____D C:\FRST
2016-12-22 15:40 - 2016-12-22 15:43 - 00073794 _____ C:\Users\LEW1S\Downloads\Addition.txt
2016-12-22 14:00 - 2016-12-22 14:00 - 00000000 _____ C:\Users\LEW1S\pslog.txt
2016-12-22 13:33 - 2016-12-22 13:33 - 06771840 _____ (ESET spol. s r.o.) C:\Users\LEW1S\Downloads\esetonlinescanner_enu.exe
2016-12-22 13:33 - 2016-12-22 13:33 - 00000000 ____D C:\Users\LEW1S\AppData\Local\ESET
2016-12-22 13:29 - 2016-12-22 15:39 - 02420736 _____ (Farbar) C:\Users\LEW1S\Downloads\FRST64.exe
2016-12-22 13:25 - 2016-12-22 13:47 - 00000000 ____D C:\Users\LEW1S\Desktop\mbar
2016-12-22 13:25 - 2016-12-22 13:47 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-12-22 13:25 - 2016-12-22 13:25 - 16563352 _____ (Malwarebytes Corp.) C:\Users\LEW1S\Downloads\mbar-1.09.3.1001.exe
2016-12-22 13:13 - 2016-12-22 13:13 - 00000000 ____D C:\Users\LEW1S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2016-12-22 13:02 - 2016-12-22 16:23 - 39493487 _____ C:\Users\LEW1S\Desktop\gavurky.psd
2016-12-22 10:07 - 2016-12-22 10:07 - 00000853 _____ C:\Users\LEW1S\Desktop\dddd.txt
2016-12-22 09:52 - 2016-12-24 14:19 - 00000000 ____D C:\ProgramData\Adguard
2016-12-22 09:52 - 2016-12-24 14:16 - 00000000 ____D C:\Program Files (x86)\Adguard
2016-12-22 09:52 - 2016-12-22 09:52 - 00001004 _____ C:\Users\Public\Desktop\Adguard.lnk
2016-12-22 09:52 - 2016-12-22 09:52 - 00000259 _____ C:\Windows\SysWOW64\Drivers\vwifikerneldrv.sys
2016-12-22 09:52 - 2016-12-22 09:52 - 00000259 _____ C:\Windows\SysWOW64\d3dx9_11.dll.tmp
2016-12-22 09:52 - 2016-12-22 09:52 - 00000259 _____ C:\ProgramData\fontcacheev1.dat
2016-12-22 09:52 - 2016-12-22 09:52 - 00000000 ____D C:\Users\LEW1S\Desktop\Old Firefox Data
2016-12-22 09:52 - 2016-12-22 09:52 - 00000000 ____D C:\Users\LEW1S\AppData\Roaming\Performix LLC
2016-12-22 09:52 - 2016-12-22 09:52 - 00000000 ____D C:\Users\LEW1S\AppData\Local\Performix_LLC
2016-12-22 09:52 - 2016-12-22 09:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adguard
2016-12-22 09:52 - 2016-10-05 06:26 - 00074864 _____ () C:\Windows\system32\Drivers\adgnetworkwfpdrv.sys
2016-12-22 09:50 - 2016-12-22 09:51 - 00173328 _____ C:\Users\LEW1S\Downloads\adguardInstaller.exe
2016-12-22 09:45 - 2016-12-22 09:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-12-22 08:48 - 2016-12-22 08:49 - 00294154 _____ C:\TDSSKiller.3.1.0.12_22.12.2016_08.48.00_log.txt
2016-12-22 08:47 - 2016-12-22 08:47 - 04747704 _____ (AO Kaspersky Lab) C:\Users\LEW1S\Downloads\tdsskiller.exe
2016-12-22 08:46 - 2016-12-22 08:47 - 00000000 ____D C:\Users\LEW1S\AppData\Local\NPE
2016-12-22 08:46 - 2016-12-22 08:46 - 03423928 _____ (Symantec Corporation) C:\Users\LEW1S\Downloads\NPE.exe
2016-12-22 08:46 - 2016-12-22 08:46 - 00000000 ____D C:\ProgramData\Norton
2016-12-21 21:08 - 2016-12-21 21:08 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2016-12-21 21:04 - 2016-12-21 21:04 - 00054736 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2016-12-21 20:56 - 2016-12-24 14:19 - 00074665 _____ C:\Windows\ZAM.krnl.trace
2016-12-21 20:56 - 2016-12-24 14:19 - 00038626 _____ C:\Windows\ZAM_Guard.krnl.trace
2016-12-21 20:56 - 2016-12-21 21:09 - 00000000 ____D C:\ProgramData\HitmanPro
2016-12-21 20:56 - 2016-12-21 20:56 - 05211584 _____ (Zemana Ltd.) C:\Users\LEW1S\Downloads\Zemana.AntiMalware.Portable.exe
2016-12-21 20:56 - 2016-12-21 20:56 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2016-12-21 20:56 - 2016-12-21 20:56 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2016-12-21 20:56 - 2016-12-21 20:56 - 00000000 ____D C:\Users\LEW1S\AppData\Local\Zemana
2016-12-21 20:55 - 2016-12-21 20:56 - 11581544 _____ (SurfRight B.V.) C:\Users\LEW1S\Downloads\hitmanpro_x64.exe
2016-12-21 20:43 - 2016-12-21 20:43 - 03977168 _____ C:\Users\LEW1S\Downloads\adwcleaner_6.041 (1).exe
2016-12-21 20:30 - 2016-12-21 20:30 - 00016816 _____ C:\Windows\System32\Tasks\880q919c730g278
2016-12-21 20:30 - 2016-12-21 20:30 - 00000000 ___HD C:\ProgramData\880q919c730g278
2016-12-21 20:08 - 2016-12-21 20:08 - 01065376 _____ (Google Inc.) C:\Users\LEW1S\Downloads\ChromeSetup(1).exe
2016-12-21 20:08 - 2016-12-21 20:08 - 00002350 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-21 20:08 - 2016-12-21 20:08 - 00002338 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-21 19:36 - 2016-12-21 19:36 - 00000895 _____ C:\Users\LEW1S\Desktop\LongTailPro.exe - Shortcut.lnk
2016-12-21 19:35 - 2016-12-21 19:35 - 00001111 _____ C:\Users\LEW1S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LongTailPro.lnk
2016-12-21 18:45 - 2016-12-21 18:45 - 01167426 _____ C:\Users\LEW1S\Downloads\New Doc 2Page 1.pdf
2016-12-21 18:15 - 2016-12-21 18:15 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2016-12-21 18:15 - 2016-12-21 18:15 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2016-12-21 18:15 - 2016-12-21 18:15 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2016-12-21 18:15 - 2016-12-21 18:15 - 00042096 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2016-12-21 18:02 - 2016-12-22 17:14 - 00000236 _____ C:\Users\LEW1S\AppData\Roaming\RO39-2M3Q
2016-12-21 18:02 - 2016-12-21 18:02 - 00000088 _____ C:\Users\LEW1S\AppData\Roaming\.95d691779473f3e03bc4b4e56319d74c.key
2016-12-21 18:01 - 2016-12-21 18:02 - 03530976 _____ C:\Users\LEW1S\Downloads\LongTailPro Platium v3.1.8 [Mediafire-WZ] (1).rar
2016-12-21 17:51 - 2016-12-21 20:30 - 00000000 ___HD C:\ProgramData\329q432c44g260
2016-12-21 17:51 - 2016-12-21 17:51 - 00016810 _____ C:\Windows\System32\Tasks\329q432c44g260
2016-12-21 17:32 - 2016-12-21 17:32 - 04987672 _____ (Ghisler Software GmbH) C:\Users\LEW1S\Downloads\tcmd900ax64.exe
2016-12-21 17:32 - 2016-12-21 17:32 - 00000685 _____ C:\Users\LEW1S\Desktop\Total Commander 64 bit.lnk
2016-12-21 17:32 - 2016-12-21 17:32 - 00000000 ____D C:\Users\LEW1S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander
2016-12-21 17:32 - 2016-12-21 17:32 - 00000000 ____D C:\Users\LEW1S\AppData\Roaming\GHISLER
2016-12-21 17:32 - 2016-12-21 17:32 - 00000000 ____D C:\Users\LEW1S\AppData\Local\GHISLER
2016-12-21 17:32 - 2016-12-21 17:32 - 00000000 ____D C:\totalcmd
2016-12-21 17:18 - 2016-12-21 17:18 - 00346112 _____ C:\Users\LEW1S\Downloads\Unlocker x64 1.9.2.msi
2016-12-21 17:18 - 2016-12-21 17:18 - 00001916 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unlocker.lnk
2016-12-21 17:18 - 2016-12-21 17:18 - 00000000 ____D C:\Program Files\Unlocker
2016-12-21 15:06 - 2016-12-21 15:10 - 01133528 _____ C:\Windows\ntbtlog.txt
2016-12-21 13:58 - 2016-12-21 13:58 - 00019267 _____ C:\Users\LEW1S\Desktop\Shirley Watson info.pdf
2016-12-21 13:16 - 2016-12-21 17:26 - 00016828 _____ C:\Windows\System32\Tasks\87639889d41t208319
2016-12-21 12:23 - 2016-12-21 12:23 - 00002667 _____ C:\Users\LEW1S\Downloads\spyhunter v4 22 8 4668 2-click run.torrent
2016-12-21 12:22 - 2016-12-21 12:22 - 00006289 _____ C:\Users\LEW1S\Downloads\spyhunter 4 18 9 4384 (2).torrent
2016-12-21 12:22 - 2016-12-21 12:22 - 00006289 _____ C:\Users\LEW1S\Downloads\spyhunter 4 18 9 4384 (1).torrent
2016-12-21 12:21 - 2016-12-21 12:21 - 00019816 _____ C:\Users\LEW1S\Downloads\spyhunter 4 24 3 4750 repack amp portable by tryroom.torrent
2016-12-21 12:19 - 2016-12-21 12:19 - 00000000 ____D C:\Program Files (x86)\Hiru
2016-12-21 12:16 - 2016-12-21 12:16 - 00018094 _____ C:\Users\LEW1S\Downloads\FA8E226972704E8184B4F1F5A4178BFB2F94B89A.torrent
2016-12-21 12:14 - 2016-12-21 12:14 - 00006289 _____ C:\Users\LEW1S\Downloads\spyhunter 4 18 9 4384.torrent
2016-12-21 11:05 - 2016-12-21 11:05 - 00000000 ____D C:\Windows\LastGood.Tmp
2016-12-21 11:05 - 2016-05-03 18:07 - 04167216 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvsrv64.dll
2016-12-21 11:05 - 2016-05-03 18:07 - 03795504 _____ (Broadcom Corporation) C:\Windows\system32\bcmihvui64.dll
2016-12-21 11:05 - 2016-05-03 18:07 - 01046296 _____ (Broadcom Corp) C:\Windows\system32\Drivers\bcmpciedhd63.sys
2016-12-20 18:45 - 2016-12-20 18:45 - 00129270 _____ C:\Users\LEW1S\Desktop\How to Remove Cse.google.com _Virus_ - Virus Removal.html
2016-12-20 18:45 - 2016-12-20 18:45 - 00000000 ____D C:\Users\LEW1S\Desktop\How to Remove Cse.google.com _Virus_ - Virus Removal_files
2016-12-20 15:02 - 2016-12-20 15:02 - 00000000 _____ C:\autoexec.bat
2016-12-20 14:24 - 2016-12-20 14:24 - 00034774 _____ C:\Users\LEW1S\Documents\cc_20161220_142427.reg
2016-12-20 14:07 - 2016-12-21 22:14 - 00000000 ____D C:\AdwCleaner
2016-12-20 14:06 - 2016-12-20 14:07 - 03977168 _____ C:\Users\LEW1S\Downloads\adwcleaner_6.041.exe
2016-12-20 13:32 - 2016-12-20 13:32 - 00045739 _____ C:\Users\LEW1S\Downloads\5E03.tmp
2016-12-20 13:06 - 2016-12-20 13:06 - 42790737 _____ C:\Users\LEW1S\Downloads\YOGA.zip
2016-12-20 10:12 - 2016-12-20 10:13 - 28512267 _____ C:\Users\LEW1S\Downloads\hiller10.rar
2016-12-20 10:04 - 2016-12-20 13:31 - 00000000 ____D C:\Users\LEW1S\Desktop\themes
2016-12-20 09:33 - 2016-12-20 09:33 - 00013156 _____ C:\Users\LEW1S\Downloads\40yard-dash-final.csv
2016-12-20 08:34 - 2016-12-20 08:34 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2016-12-20 08:34 - 2016-12-20 08:34 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2016-12-20 08:17 - 2016-12-20 08:18 - 10769864 _____ (Adobe Systems Inc.) C:\Users\LEW1S\Downloads\AdobeAIRInstaller.exe
2016-12-19 21:32 - 2016-12-19 21:32 - 03530976 _____ C:\Users\LEW1S\Downloads\LongTailPro Platium v3.1.8 [Mediafire-WZ].rar
2016-12-19 21:07 - 2016-12-19 21:07 - 06880664 _____ (Tim Kosse) C:\Users\LEW1S\Downloads\FileZilla_3.23.0.2_win64-setup.exe
2016-12-19 21:06 - 2016-12-23 12:24 - 00000000 ____D C:\Users\LEW1S\AppData\Local\Wunderlist
2016-12-19 21:06 - 2016-12-19 21:06 - 00001210 _____ C:\Users\LEW1S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wunderlist.lnk
2016-12-19 21:06 - 2016-12-19 21:06 - 00000000 ____D C:\Users\LEW1S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wunderlist
2016-12-19 21:04 - 2016-12-19 21:06 - 40617552 _____ C:\Users\LEW1S\Downloads\Wunderlist-Setup.exe
2016-12-19 20:39 - 2016-12-19 20:39 - 01065376 _____ (Google Inc.) C:\Users\LEW1S\Downloads\ChromeSetup (1).exe
2016-12-19 20:29 - 2016-12-19 20:29 - 01065376 _____ (Google Inc.) C:\Users\LEW1S\Downloads\ChromeSetup.exe
2016-12-19 20:13 - 2016-12-19 20:13 - 00000000 ____D C:\Users\LEW1S\Downloads\LongTailPro 3.1.8
2016-12-19 20:11 - 2016-12-19 20:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2016-12-19 20:11 - 2016-12-19 20:11 - 00000000 ____D C:\Program Files\VS Revo Group
2016-12-19 20:10 - 2016-12-19 20:10 - 04013747 _____ C:\Users\LEW1S\Downloads\LongTailPro 3.1.8.zip
2016-12-19 16:44 - 2016-12-19 16:44 - 00003676 _____ C:\Windows\System32\Tasks\6d11ffc8882bc444143ff07584e87fee
2016-12-19 16:43 - 2016-12-21 21:08 - 00000000 ____D C:\Program Files (x86)\Dracoentghocage
2016-12-19 16:43 - 2016-12-19 16:58 - 00000000 ____D C:\Users\LEW1S\AppData\Roaming\Zehgevvity
2016-12-19 16:43 - 2016-12-19 16:44 - 00000000 ____D C:\Users\LEW1S\AppData\Local\Hetewardjuvage
2016-12-18 14:45 - 2016-12-19 19:22 - 00000000 ____D C:\Users\LEW1S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Franz
2016-12-18 14:45 - 2016-12-19 19:22 - 00000000 ____D C:\Users\LEW1S\AppData\Roaming\Franz
2016-12-18 14:45 - 2016-12-19 19:22 - 00000000 ____D C:\Users\LEW1S\AppData\Local\Franz
2016-12-16 18:28 - 2016-12-16 18:28 - 00009468 _____ C:\Users\LEW1S\.v8flags.5.1.281.88.LEW1S.json
2016-12-16 18:26 - 2016-12-16 18:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js
2016-12-16 18:26 - 2016-12-16 18:26 - 00000000 ____D C:\Program Files\nodejs
2016-12-16 10:17 - 2016-12-24 14:11 - 00000000 ____D C:\Users\LEW1S\AppData\LocalLow\Mozilla
2016-12-14 12:00 - 2016-12-09 10:42 - 01637728 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-12-14 12:00 - 2016-12-09 10:42 - 00137568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-12-14 12:00 - 2016-12-09 10:34 - 01051112 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-12-14 12:00 - 2016-12-09 10:34 - 00894096 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2016-12-14 12:00 - 2016-12-09 10:33 - 01354320 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-12-14 12:00 - 2016-12-09 10:33 - 01173496 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-12-14 12:00 - 2016-12-09 10:32 - 07816032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-12-14 12:00 - 2016-12-09 10:30 - 00377184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2016-12-14 12:00 - 2016-12-09 10:29 - 02681200 _____ C:\Windows\system32\CoreUIComponents.dll
2016-12-14 12:00 - 2016-12-09 10:28 - 00764392 _____ (Microsoft Corporation) C:\Windows\system32\CoreMessaging.dll
2016-12-14 12:00 - 2016-12-09 10:27 - 00172528 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-12-14 12:00 - 2016-12-09 10:20 - 02677544 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2016-12-14 12:00 - 2016-12-09 10:20 - 02189664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-12-14 12:00 - 2016-12-09 10:20 - 01738560 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-12-14 12:00 - 2016-12-09 10:20 - 00658784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
2016-12-14 12:00 - 2016-12-09 10:20 - 00402272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-12-14 12:00 - 2016-12-09 10:19 - 01293152 _____ (Microsoft Corporation) C:\Windows\system32\LicenseManager.dll
2016-12-14 12:00 - 2016-12-09 10:19 - 00168424 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2016-12-14 12:00 - 2016-12-09 10:18 - 02913144 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2016-12-14 12:00 - 2016-12-09 10:18 - 01267512 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
2016-12-14 12:00 - 2016-12-09 10:18 - 01100128 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2016-12-14 12:00 - 2016-12-09 10:18 - 00989024 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2016-12-14 12:00 - 2016-12-09 10:18 - 00947552 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.efi
2016-12-14 12:00 - 2016-12-09 10:18 - 00811872 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.exe
2016-12-14 12:00 - 2016-12-09 10:18 - 00624048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-12-14 12:00 - 2016-12-09 10:15 - 08168000 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2016-12-14 12:00 - 2016-12-09 10:15 - 01988560 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2016-12-14 12:00 - 2016-12-09 10:14 - 01274712 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-12-14 12:00 - 2016-12-09 10:14 - 00241504 _____ (Microsoft Corporation) C:\Windows\system32\CloudExperienceHost.dll
2016-12-14 12:00 - 2016-12-09 10:11 - 02048496 _____ C:\Windows\SysWOW64\CoreUIComponents.dll
2016-12-14 12:00 - 2016-12-09 10:10 - 01572768 _____ (Microsoft Corporation) C:\Windows\system32\gdi32full.dll
2016-12-14 12:00 - 2016-12-09 10:10 - 01461200 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-12-14 12:00 - 2016-12-09 10:09 - 00455520 _____ (Microsoft Corporation) C:\Windows\system32\securekernel.exe
2016-12-14 12:00 - 2016-12-09 10:01 - 02323728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2016-12-14 12:00 - 2016-12-09 10:01 - 01503544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-12-14 12:00 - 2016-12-09 10:01 - 00861024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LicenseManager.dll
2016-12-14 12:00 - 2016-12-09 10:00 - 00106896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2016-12-14 12:00 - 2016-12-09 09:59 - 02166752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2016-12-14 12:00 - 2016-12-09 09:59 - 00846560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinTypes.dll
2016-12-14 12:00 - 2016-12-09 09:57 - 06668040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-12-14 12:00 - 2016-12-09 09:57 - 01852720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2016-12-14 12:00 - 2016-12-09 09:56 - 00959112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-12-14 12:00 - 2016-12-09 09:52 - 01435896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-12-14 12:00 - 2016-12-09 09:52 - 01415752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll
2016-12-14 12:00 - 2016-12-09 09:51 - 00117240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-12-14 12:00 - 2016-12-09 09:47 - 22563328 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2016-12-14 12:00 - 2016-12-09 09:45 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-12-14 12:00 - 2016-12-09 09:45 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\WordBreakers.dll
2016-12-14 12:00 - 2016-12-09 09:42 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-12-14 12:00 - 2016-12-09 09:41 - 00380928 _____ (Microsoft Corporation) C:\Windows\system32\wincorlib.dll
2016-12-14 12:00 - 2016-12-09 09:41 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WordBreakers.dll
2016-12-14 12:00 - 2016-12-09 09:40 - 00147968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32k.sys
2016-12-14 12:00 - 2016-12-09 09:38 - 00324608 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.LockScreen.dll
2016-12-14 12:00 - 2016-12-09 09:37 - 00411136 _____ (Microsoft Corporation) C:\Windows\system32\facecredentialprovider.dll
2016-12-14 12:00 - 2016-12-09 09:37 - 00261632 _____ (Microsoft Corporation) C:\Windows\system32\indexeddbserver.dll
2016-12-14 12:00 - 2016-12-09 09:37 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Shell.dll
2016-12-14 12:00 - 2016-12-09 09:36 - 06285312 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2016-12-14 12:00 - 2016-12-09 09:36 - 03059200 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-12-14 12:00 - 2016-12-09 09:36 - 00425984 _____ (Microsoft Corporation) C:\Windows\system32\aadcloudap.dll
2016-12-14 12:00 - 2016-12-09 09:36 - 00410112 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentClient.dll
2016-12-14 12:00 - 2016-12-09 09:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2016-12-14 12:00 - 2016-12-09 09:34 - 00822784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll
2016-12-14 12:00 - 2016-12-09 09:34 - 00288768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincorlib.dll
2016-12-14 12:00 - 2016-12-09 09:33 - 03777536 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2016-12-14 12:00 - 2016-12-09 09:33 - 01589760 _____ (Microsoft Corporation) C:\Windows\system32\msdtctm.dll
2016-12-14 12:00 - 2016-12-09 09:32 - 00635904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-12-14 12:00 - 2016-12-09 09:31 - 03689984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-12-14 12:00 - 2016-12-09 09:31 - 00313856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppXDeploymentClient.dll
2016-12-14 12:00 - 2016-12-09 09:31 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\indexeddbserver.dll
2016-12-14 12:00 - 2016-12-09 09:30 - 23677952 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-12-14 12:00 - 2016-12-09 09:30 - 19413504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2016-12-14 12:00 - 2016-12-09 09:30 - 04612608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2016-12-14 12:00 - 2016-12-09 09:29 - 04749312 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_nt.dll
2016-12-14 12:00 - 2016-12-09 09:28 - 03306496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2016-12-14 12:00 - 2016-12-09 09:28 - 01004544 _____ (Microsoft Corporation) C:\Windows\system32\enterprisecsps.dll
2016-12-14 12:00 - 2016-12-09 09:27 - 19417088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-12-14 12:00 - 2016-12-09 09:27 - 13084160 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-12-14 12:00 - 2016-12-09 09:27 - 05114368 _____ (Microsoft Corporation) C:\Windows\system32\cdp.dll
2016-12-14 12:00 - 2016-12-09 09:27 - 00981504 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.OnlineId.dll
2016-12-14 12:00 - 2016-12-09 09:26 - 08129536 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2016-12-14 12:00 - 2016-12-09 09:26 - 01692672 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2016-12-14 12:00 - 2016-12-09 09:25 - 00376832 _____ (Microsoft Corporation) C:\Windows\system32\CryptoWinRT.dll
2016-12-14 12:00 - 2016-12-09 09:24 - 02275840 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2016-12-14 12:00 - 2016-12-09 09:23 - 12177920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-12-14 12:00 - 2016-12-09 09:22 - 02820096 _____ (Microsoft Corporation) C:\Windows\system32\InputService.dll
2016-12-14 12:00 - 2016-12-09 09:22 - 02688512 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll
2016-12-14 12:00 - 2016-12-09 09:22 - 01490944 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-12-14 12:00 - 2016-12-09 09:21 - 04746752 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-12-14 12:00 - 2016-12-09 09:21 - 03616768 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2016-12-14 12:00 - 2016-12-09 09:21 - 01512960 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2016-12-14 12:00 - 2016-12-09 09:21 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ShareHost.dll
2016-12-14 12:00 - 2016-12-09 09:20 - 06044160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2016-12-14 12:00 - 2016-12-09 09:20 - 03198464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdp.dll
2016-12-14 12:00 - 2016-12-09 09:20 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2016-12-14 12:00 - 2016-12-09 09:20 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\mdmregistration.dll
2016-12-14 12:00 - 2016-12-09 09:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\DeviceEnroller.exe
2016-12-14 12:00 - 2016-12-09 09:19 - 01121280 _____ (Microsoft Corporation) C:\Windows\system32\aadtb.dll
2016-12-14 12:00 - 2016-12-09 09:19 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\TextInputFramework.dll
2016-12-14 12:00 - 2016-12-09 09:19 - 00261120 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Core.TextInput.dll
2016-12-14 12:00 - 2016-12-09 09:19 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\InputLocaleManager.dll
2016-12-14 12:00 - 2016-12-09 09:19 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\EditBufferTestHook.dll
2016-12-14 12:00 - 2016-12-09 09:18 - 03666432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-12-14 12:00 - 2016-12-09 09:18 - 02138112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InputService.dll
2016-12-14 12:00 - 2016-12-09 09:18 - 00165376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mdmregistration.dll
2016-12-14 12:00 - 2016-12-09 09:17 - 00886272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aadtb.dll
2016-12-14 12:00 - 2016-12-09 09:17 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ShareHost.dll
2016-12-14 12:00 - 2016-12-09 09:16 - 02998272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2016-12-14 12:00 - 2016-12-09 09:16 - 01880576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Logon.dll
2016-12-14 12:00 - 2016-12-09 09:16 - 00353280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TextInputFramework.dll
2016-12-14 12:00 - 2016-12-09 09:15 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Core.TextInput.dll
2016-12-14 12:00 - 2016-12-09 09:15 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InputLocaleManager.dll
2016-12-14 12:00 - 2016-12-09 09:15 - 00068096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EditBufferTestHook.dll
2016-12-14 12:00 - 2016-12-09 08:54 - 00483840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreMessaging.dll
2016-12-14 12:00 - 2016-11-02 10:28 - 00807424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2016-12-14 12:00 - 2016-11-02 10:25 - 00956416 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.desktop.dll
2016-12-14 12:00 - 2016-09-15 16:36 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2016-12-13 16:17 - 2016-12-13 16:17 - 00000000 ___HD C:\Users\LEW1S\InstallAnywhere
2016-12-12 20:06 - 2016-12-19 16:44 - 00000000 ____D C:\Program Files (x86)\Xenu
2016-12-12 20:06 - 2016-12-12 20:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xenu's Link Sleuth
2016-12-12 19:28 - 2016-12-12 19:28 - 00000000 ____D C:\Users\LEW1S\AppData\Roaming\com.longtailpro.LongTailPro
2016-12-12 16:05 - 2016-12-12 16:05 - 00000000 ____D C:\Users\LEW1S\AppData\Roaming\Sony Creative Software Inc
2016-12-12 14:00 - 2016-12-12 14:00 - 00000000 ____D C:\Users\LEW1S\Documents\FlashIntegro
2016-12-12 14:00 - 2016-12-12 14:00 - 00000000 ____D C:\Users\LEW1S\AppData\Roaming\FlashIntegro
2016-12-12 14:00 - 2016-12-06 11:14 - 00071480 _____ (Flash-Integro LLC) C:\Windows\SysWOW64\mslvddsfilter3.ax
2016-12-12 14:00 - 2011-12-07 18:32 - 00216064 _____ ( ) C:\Windows\SysWOW64\Lagarith.dll
2016-12-12 14:00 - 2005-08-01 18:43 - 00245760 _____ () C:\Windows\SysWOW64\lame.ax
2016-12-12 14:00 - 2004-12-10 09:03 - 00438272 _____ (On2.com) C:\Windows\SysWOW64\vp6vfw.dll
2016-12-12 14:00 - 2004-07-03 20:08 - 00139264 _____ C:\Windows\SysWOW64\xvidvfw.dll
2016-12-12 14:00 - 2004-02-04 20:11 - 00081920 _____ (fccHandler) C:\Windows\SysWOW64\AC3ACM.acm
2016-12-12 14:00 - 2003-05-22 11:26 - 00638976 _____ (DivXNetworks, Inc.) C:\Windows\SysWOW64\divx.dll
2016-12-12 14:00 - 2003-05-21 22:50 - 00261632 _____ (MainConcept) C:\Windows\SysWOW64\mcdvd_32.dll
2016-12-12 14:00 - 2003-05-21 22:50 - 00156910 _____ C:\Windows\WMSysPr8.prx
2016-12-12 14:00 - 2003-05-21 22:50 - 00082944 _____ (Voxware, Inc.) C:\Windows\SysWOW64\vct3216.acm
2016-12-12 14:00 - 2003-05-21 22:50 - 00038912 _____ (NCT Company) C:\Windows\SysWOW64\alf2cd.acm
2016-12-12 14:00 - 2003-05-21 22:50 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3a.dll
2016-12-12 14:00 - 2003-03-25 04:49 - 00098304 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\SysWOW64\L3CODECX.AX
2016-12-12 14:00 - 2002-08-19 23:41 - 00413760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mpg4c32.dll
2016-12-12 14:00 - 2000-03-14 19:55 - 00013239 _____ (SHARP Corporation) C:\Windows\SysWOW64\Scg726.acm
2016-12-10 14:13 - 2016-12-19 16:44 - 00000000 ____D C:\Program Files (x86)\Balsamiq Mockups 3
2016-12-10 01:04 - 2016-12-10 01:04 - 00000045 _____ C:\Users\LEW1S\AppData\Roaming\WB.CFG
2016-12-09 15:54 - 2016-11-11 10:22 - 00590960 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2016-12-09 15:54 - 2016-11-11 10:14 - 00603488 _____ (Microsoft Corporation) C:\Windows\system32\ContentDeliveryManager.Utilities.dll
2016-12-09 15:54 - 2016-11-11 09:56 - 00534096 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2016-12-09 15:54 - 2016-11-11 09:29 - 01631232 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.dll
2016-12-09 15:54 - 2016-11-11 09:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\browserbroker.dll
2016-12-09 15:54 - 2016-11-11 09:22 - 00211968 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgent.exe
2016-12-09 15:54 - 2016-11-11 09:21 - 00748544 _____ (Microsoft Corporation) C:\Windows\system32\StoreAgent.dll
2016-12-09 15:54 - 2016-11-11 09:20 - 00407552 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Management.dll
2016-12-09 15:54 - 2016-11-11 09:20 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgentUserBroker.exe
2016-12-09 15:54 - 2016-11-11 09:18 - 00967168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2016-12-09 15:54 - 2016-11-11 09:14 - 00615424 _____ (Microsoft Corporation) C:\Windows\system32\wpnprv.dll
2016-12-09 15:54 - 2016-11-11 09:11 - 00337920 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2016-12-09 15:54 - 2016-11-11 09:08 - 00539136 _____ (Microsoft Corporation) C:\Windows\system32\PlayToManager.dll
2016-12-09 15:54 - 2016-11-11 09:07 - 00347648 _____ (Microsoft Corporation) C:\Windows\system32\rascustom.dll
2016-12-09 15:54 - 2016-11-11 09:06 - 00650752 _____ (Microsoft Corporation) C:\Windows\system32\RDXService.dll
2016-12-09 15:54 - 2016-11-11 09:04 - 01232384 _____ (Microsoft Corporation) C:\Windows\system32\dosvc.dll
2016-12-09 15:54 - 2016-11-11 07:04 - 02682880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netshell.dll
2016-12-09 15:53 - 2016-11-11 10:15 - 00198856 _____ (Microsoft Corporation) C:\Windows\system32\wscapi.dll
2016-12-09 15:53 - 2016-11-11 10:15 - 00101216 _____ (Microsoft Corporation) C:\Windows\system32\DeviceReactivation.dll
2016-12-09 15:53 - 2016-11-11 10:14 - 02482280 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-12-09 15:53 - 2016-11-11 10:14 - 02186896 _____ (Microsoft Corporation) C:\Windows\system32\hevcdecoder.dll
2016-12-09 15:53 - 2016-11-11 10:13 - 02213760 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-12-09 15:53 - 2016-11-11 10:13 - 01886344 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-12-09 15:53 - 2016-11-11 10:13 - 00352096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2016-12-09 15:53 - 2016-11-11 10:12 - 00128352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
2016-12-09 15:53 - 2016-11-11 10:08 - 00142176 _____ (Microsoft Corporation) C:\Windows\system32\migisol.dll
2016-12-09 15:53 - 2016-11-11 10:03 - 01069720 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2016-12-09 15:53 - 2016-11-11 10:03 - 00328008 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Storage.ApplicationData.dll
2016-12-09 15:53 - 2016-11-11 10:03 - 00266544 _____ (Microsoft Corporation) C:\Windows\system32\policymanager.dll
2016-12-09 15:53 - 2016-11-11 10:02 - 02828376 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2016-12-09 15:53 - 2016-11-11 10:02 - 00360040 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlows.exe
2016-12-09 15:53 - 2016-11-11 10:01 - 07219672 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2016-12-09 15:53 - 2016-11-11 10:01 - 01859264 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2016-12-09 15:53 - 2016-11-11 10:01 - 00637400 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2016-12-09 15:53 - 2016-11-11 10:00 - 00335712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2016-12-09 15:53 - 2016-11-11 10:00 - 00223584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-12-09 15:53 - 2016-11-11 10:00 - 00219488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2016-12-09 15:53 - 2016-11-11 09:59 - 00433504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2016-12-09 15:53 - 2016-11-11 09:57 - 22224480 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-12-09 15:53 - 2016-11-11 09:57 - 04130432 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2016-12-09 15:53 - 2016-11-11 09:57 - 01473048 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-12-09 15:53 - 2016-11-11 09:56 - 04673304 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-12-09 15:53 - 2016-11-11 09:56 - 01062480 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2016-12-09 15:53 - 2016-11-11 09:56 - 00424616 _____ (Microsoft Corporation) C:\Windows\system32\MFPlay.dll
2016-12-09 15:53 - 2016-11-11 09:56 - 00418952 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2016-12-09 15:53 - 2016-11-11 09:56 - 00187520 _____ (Microsoft Corporation) C:\Windows\system32\CloudStorageWizard.exe
2016-12-09 15:53 - 2016-11-11 09:56 - 00163752 _____ (Microsoft Corporation) C:\Windows\system32\RTWorkQ.dll
2016-12-09 15:53 - 2016-11-11 09:56 - 00126568 _____ (Microsoft Corporation) C:\Windows\system32\mfaudiocnv.dll
2016-12-09 15:53 - 2016-11-11 09:55 - 01600624 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2016-12-09 15:53 - 2016-11-11 09:55 - 00882680 _____ (Microsoft Corporation) C:\Windows\system32\EditionUpgradeManagerObj.dll
2016-12-09 15:53 - 2016-11-11 09:55 - 00743224 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2016-12-09 15:53 - 2016-11-11 09:54 - 01418312 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2016-12-09 15:53 - 2016-11-11 09:51 - 00454592 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2016-12-09 15:53 - 2016-11-11 09:31 - 00366080 _____ (Microsoft Corporation) C:\Windows\system32\RDXTaskFactory.dll
2016-12-09 15:53 - 2016-11-11 09:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\LaunchWinApp.exe
2016-12-09 15:53 - 2016-11-11 09:28 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\CbtBackgroundManagerPolicy.dll
2016-12-09 15:53 - 2016-11-11 09:27 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\NetCfgNotifyObjectHost.exe
2016-12-09 15:53 - 2016-11-11 09:27 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\lpremove.exe
2016-12-09 15:53 - 2016-11-11 09:26 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\xboxgip.sys
2016-12-09 15:53 - 2016-11-11 09:26 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\EnterpriseModernAppMgmtCSP.dll
2016-12-09 15:53 - 2016-11-11 09:26 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\ReportingCSP.dll
2016-12-09 15:53 - 2016-11-11 09:26 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\modem.sys
2016-12-09 15:53 - 2016-11-11 09:26 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\ReAgentc.exe
2016-12-09 15:53 - 2016-11-11 09:25 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\BcastDVRHelper.dll
2016-12-09 15:53 - 2016-11-11 09:25 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\DisplayManager.dll
2016-12-09 15:53 - 2016-11-11 09:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\MapsBtSvc.dll
2016-12-09 15:53 - 2016-11-11 09:25 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\dmcertinst.exe
2016-12-09 15:53 - 2016-11-11 09:25 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\MosStorage.dll
2016-12-09 15:53 - 2016-11-11 09:25 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\HttpsDataSource.dll
2016-12-09 15:53 - 2016-11-11 09:25 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepositoryBroker.dll
2016-12-09 15:53 - 2016-11-11 09:24 - 00170496 _____ (Microsoft Corporation) C:\Windows\system32\AppCapture.dll
2016-12-09 15:53 - 2016-11-11 09:24 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\ACPBackgroundManagerPolicy.dll
2016-12-09 15:53 - 2016-11-11 09:24 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\VEStoreEventHandlers.dll
2016-12-09 15:53 - 2016-11-11 09:24 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sendmail.dll
2016-12-09 15:53 - 2016-11-11 09:24 - 00122880 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepositoryClient.dll
2016-12-09 15:53 - 2016-11-11 09:24 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2016-12-09 15:53 - 2016-11-11 09:24 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\VPNv2CSP.dll
2016-12-09 15:53 - 2016-11-11 09:23 - 00567296 _____ (Microsoft Corporation) C:\Windows\system32\DevicePairing.dll
2016-12-09 15:53 - 2016-11-11 09:23 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\NgcCtnr.dll
2016-12-09 15:53 - 2016-11-11 09:23 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Shell.Search.UriHandler.dll
2016-12-09 15:53 - 2016-11-11 09:23 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\EAMProgressHandler.dll
2016-12-09 15:53 - 2016-11-11 09:22 - 00489472 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupShim.dll
2016-12-09 15:53 - 2016-11-11 09:22 - 00143360 _____ (Microsoft Corporation) C:\Windows\system32\EDPCleanup.exe
2016-12-09 15:53 - 2016-11-11 09:22 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\moshost.dll
2016-12-09 15:53 - 2016-11-11 09:21 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\ieproxy.dll
2016-12-09 15:53 - 2016-11-11 09:21 - 00587776 _____ (Microsoft Corporation) C:\Windows\system32\vpnike.dll
2016-12-09 15:53 - 2016-11-11 09:21 - 00379392 _____ (Microsoft Corporation) C:\Windows\system32\apprepsync.dll
2016-12-09 15:53 - 2016-11-11 09:21 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\domgmt.dll
2016-12-09 15:53 - 2016-11-11 09:21 - 00313856 _____ (Microsoft Corporation) C:\Windows\system32\moshostcore.dll
2016-12-09 15:53 - 2016-11-11 09:20 - 00657920 _____ (Microsoft Corporation) C:\Windows\system32\rasmans.dll
2016-12-09 15:53 - 2016-11-11 09:20 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\ngccredprov.dll
2016-12-09 15:53 - 2016-11-11 09:20 - 00590336 _____ (Microsoft Corporation) C:\Windows\system32\efswrt.dll
2016-12-09 15:53 - 2016-11-11 09:20 - 00574464 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_StorageSense.dll
2016-12-09 15:53 - 2016-11-11 09:20 - 00446976 _____ (Microsoft Corporation) C:\Windows\system32\MapConfiguration.dll
2016-12-09 15:53 - 2016-11-11 09:20 - 00381952 _____ (Microsoft Corporation) C:\Windows\system32\cryptngc.dll
2016-12-09 15:53 - 2016-11-11 09:20 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\cdpusersvc.dll
2016-12-09 15:53 - 2016-11-11 09:20 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\apprepapi.dll
2016-12-09 15:53 - 2016-11-11 09:20 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\setupugc.exe
2016-12-09 15:53 - 2016-11-11 09:20 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\IdCtrls.dll
2016-12-09 15:53 - 2016-11-11 09:19 - 09131008 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2016-12-09 15:53 - 2016-11-11 09:19 - 00620544 _____ (Microsoft Corporation) C:\Windows\system32\bcastdvr.exe
2016-12-09 15:53 - 2016-11-11 09:19 - 00495104 _____ (Microsoft Corporation) C:\Windows\system32\DataSenseHandlers.dll
2016-12-09 15:53 - 2016-11-11 09:19 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\cdpsvc.dll
2016-12-09 15:53 - 2016-11-11 09:19 - 00389632 _____ (Microsoft Corporation) C:\Windows\system32\ActivationManager.dll
2016-12-09 15:53 - 2016-11-11 09:19 - 00388096 _____ (Microsoft Corporation) C:\Windows\system32\zipfldr.dll
2016-12-09 15:53 - 2016-11-11 09:19 - 00366080 _____ (Microsoft Corporation) C:\Windows\system32\SearchFolder.dll
2016-12-09 15:53 - 2016-11-11 09:19 - 00320000 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-12-09 15:53 - 2016-11-11 09:19 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\EnterpriseAppMgmtSvc.dll
2016-12-09 15:53 - 2016-11-11 09:19 - 00198144 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2016-12-09 15:53 - 2016-11-11 09:18 - 17188352 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2016-12-09 15:53 - 2016-11-11 09:18 - 02084352 _____ (Microsoft Corporation) C:\Windows\system32\DeviceFlows.DataModel.dll
2016-12-09 15:53 - 2016-11-11 09:18 - 00278016 _____ (Microsoft Corporation) C:\Windows\system32\netplwiz.dll
2016-12-09 15:53 - 2016-11-11 09:17 - 01220096 _____ (Microsoft Corporation) C:\Windows\system32\wscui.cpl
2016-12-09 15:53 - 2016-11-11 09:17 - 01002496 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2016-12-09 15:53 - 2016-11-11 09:17 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\ProvSysprep.dll
2016-12-09 15:53 - 2016-11-11 09:16 - 02716672 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2016-12-09 15:53 - 2016-11-11 09:16 - 01477632 _____ (Microsoft Corporation) C:\Windows\system32\wsecedit.dll
2016-12-09 15:53 - 2016-11-11 09:16 - 00560128 _____ (Microsoft Corporation) C:\Windows\system32\AppReadiness.dll
2016-12-09 15:53 - 2016-11-11 09:16 - 00184832 _____ (Microsoft Corporation) C:\Windows\system32\wscsvc.dll
2016-12-09 15:53 - 2016-11-11 09:16 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\EditionUpgradeHelper.dll
2016-12-09 15:53 - 2016-11-11 09:16 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\RjvMDMConfig.dll
2016-12-09 15:53 - 2016-11-11 09:15 - 00282624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-12-09 15:53 - 2016-11-11 09:15 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\wscinterop.dll
2016-12-09 15:53 - 2016-11-11 09:15 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2016-12-09 15:53 - 2016-11-11 09:14 - 07654400 _____ (Microsoft Corporation) C:\Windows\system32\mos.dll
2016-12-09 15:53 - 2016-11-11 09:14 - 02104320 _____ (Microsoft Corporation) C:\Windows\system32\wlidsvc.dll
2016-12-09 15:53 - 2016-11-11 09:14 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-12-09 15:53 - 2016-11-11 09:14 - 00178176 _____ (Microsoft Corporation) C:\Windows\system32\sppnp.dll
2016-12-09 15:53 - 2016-11-11 09:13 - 07812096 _____ (Microsoft Corporation) C:\Windows\system32\BingMaps.dll
2016-12-09 15:53 - 2016-11-11 09:13 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\StorSvc.dll
2016-12-09 15:53 - 2016-11-11 09:13 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\msdtcuiu.dll
2016-12-09 15:53 - 2016-11-11 09:12 - 00870912 _____ (Microsoft Corporation) C:\Windows\system32\msdtcprx.dll
2016-12-09 15:53 - 2016-11-11 09:11 - 00942080 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2016-12-09 15:53 - 2016-11-11 09:11 - 00870400 _____ (Microsoft Corporation) C:\Windows\system32\mfmkvsrcsnk.dll
2016-12-09 15:53 - 2016-11-11 09:11 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\umpoext.dll
2016-12-09 15:53 - 2016-11-11 09:09 - 01366016 _____ (Microsoft Corporation) C:\Windows\system32\wpncore.dll
2016-12-09 15:53 - 2016-11-11 09:09 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\dialserver.dll
2016-12-09 15:53 - 2016-11-11 09:07 - 03441152 _____ (Microsoft Corporation) C:\Windows\system32\MapRouter.dll
2016-12-09 15:53 - 2016-11-11 09:07 - 02953216 _____ (Microsoft Corporation) C:\Windows\system32\MapGeocoder.dll
2016-12-09 15:53 - 2016-11-11 09:07 - 02510848 _____ (Microsoft Corporation) C:\Windows\system32\NetworkMobileSettings.dll
2016-12-09 15:53 - 2016-11-11 09:07 - 02009600 _____ (Microsoft Corporation) C:\Windows\system32\SRHInproc.dll
2016-12-09 15:53 - 2016-11-11 09:07 - 01691136 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2016-12-09 15:53 - 2016-11-11 09:07 - 01060864 _____ (Microsoft Corporation) C:\Windows\system32\JpMapControl.dll
2016-12-09 15:53 - 2016-11-11 09:07 - 00991232 _____ (Microsoft Corporation) C:\Windows\system32\comdlg32.dll
2016-12-09 15:53 - 2016-11-11 09:06 - 03400192 _____ (Microsoft Corporation) C:\Windows\system32\SyncCenter.dll
2016-12-09 15:53 - 2016-11-11 09:06 - 00960000 _____ (Microsoft Corporation) C:\Windows\system32\modernexecserver.dll
2016-12-09 15:53 - 2016-11-11 09:05 - 04136448 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepository.dll
2016-12-09 15:53 - 2016-11-11 09:05 - 02852864 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-12-09 15:53 - 2016-11-11 09:05 - 01779712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-12-09 15:53 - 2016-11-11 09:05 - 01031680 _____ (Microsoft Corporation) C:\Windows\system32\MapsStore.dll
2016-12-09 15:53 - 2016-11-11 09:05 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2016-12-09 15:53 - 2016-11-11 09:04 - 06664192 _____ (Microsoft Corporation) C:\Windows\system32\mspaint.exe
2016-12-09 15:53 - 2016-11-11 09:04 - 02800128 _____ (Microsoft Corporation) C:\Windows\system32\netshell.dll
2016-12-09 15:53 - 2016-11-11 09:04 - 02611200 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2016-12-09 15:53 - 2016-11-11 09:04 - 02317312 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-12-09 15:53 - 2016-11-11 09:04 - 01709056 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2016-12-09 15:53 - 2016-11-11 09:04 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2016-12-09 15:53 - 2016-11-11 09:04 - 00909312 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll
2016-12-09 15:53 - 2016-11-11 09:04 - 00691712 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2016-12-09 15:53 - 2016-11-11 09:04 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\dmenrollengine.dll
2016-12-09 15:53 - 2016-11-11 09:04 - 00389632 _____ (Microsoft Corporation) C:\Windows\system32\stobject.dll
2016-12-09 15:53 - 2016-11-11 09:03 - 04708864 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-12-09 15:53 - 2016-11-11 09:03 - 02669056 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-12-09 15:53 - 2016-11-11 09:03 - 02287616 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2016-12-09 15:53 - 2016-11-11 09:03 - 00905216 _____ (Microsoft Corporation) C:\Windows\system32\MapControlCore.dll
2016-12-09 15:53 - 2016-11-11 09:03 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
2016-12-09 15:53 - 2016-11-11 09:03 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\LogonController.dll
2016-12-09 15:53 - 2016-11-11 09:03 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\rasapi32.dll
2016-12-09 15:53 - 2016-11-11 09:03 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll
2016-12-09 15:53 - 2016-11-11 09:03 - 00283648 _____ (Microsoft Corporation) C:\Windows\system32\wkssvc.dll
2016-12-09 15:53 - 2016-11-11 09:02 - 03542016 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2016-12-09 15:53 - 2016-11-11 09:02 - 01726976 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
2016-12-09 15:53 - 2016-11-11 09:02 - 00936448 _____ (Microsoft Corporation) C:\Windows\system32\NMAA.dll
2016-12-09 15:53 - 2016-11-11 08:39 - 00484584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2016-12-09 15:53 - 2016-11-11 08:01 - 02206496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-12-09 15:53 - 2016-11-11 08:01 - 01969912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hevcdecoder.dll
2016-12-09 15:53 - 2016-11-11 08:01 - 00167848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll
2016-12-09 15:53 - 2016-11-11 08:00 - 01706488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-12-09 15:53 - 2016-11-11 07:59 - 01572768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-12-09 15:53 - 2016-11-11 07:54 - 00122208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\migisol.dll
2016-12-09 15:53 - 2016-11-11 07:49 - 00869848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2016-12-09 15:53 - 2016-11-11 07:49 - 00263472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Storage.ApplicationData.dll
2016-12-09 15:53 - 2016-11-11 07:49 - 00248480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\policymanager.dll
2016-12-09 15:53 - 2016-11-11 07:48 - 02277248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2016-12-09 15:53 - 2016-11-11 07:47 - 05722832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2016-12-09 15:53 - 2016-11-11 07:47 - 01430720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2016-12-09 15:53 - 2016-11-11 07:47 - 00527880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2016-12-09 15:53 - 2016-11-11 07:42 - 20969928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-12-09 15:53 - 2016-11-11 07:42 - 03892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2016-12-09 15:53 - 2016-11-11 07:42 - 01123912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-12-09 15:53 - 2016-11-11 07:42 - 00952416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2016-12-09 15:53 - 2016-11-11 07:42 - 00382784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2016-12-09 15:53 - 2016-11-11 07:42 - 00374448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFPlay.dll
2016-12-09 15:53 - 2016-11-11 07:42 - 00152416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RTWorkQ.dll
2016-12-09 15:53 - 2016-11-11 07:42 - 00091936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfaudiocnv.dll
2016-12-09 15:53 - 2016-11-11 07:41 - 04311736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-12-09 15:53 - 2016-11-11 07:41 - 00157536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CloudStorageWizard.exe
2016-12-09 15:53 - 2016-11-11 07:38 - 01263856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2016-12-09 15:53 - 2016-11-11 07:28 - 01631232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.Resources.dll
2016-12-09 15:53 - 2016-11-11 07:27 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetCfgNotifyObjectHost.exe
2016-12-09 15:53 - 2016-11-11 07:27 - 00034304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LaunchWinApp.exe
2016-12-09 15:53 - 2016-11-11 07:26 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ReAgentc.exe
2016-12-09 15:53 - 2016-11-11 07:25 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapsBtSvc.dll
2016-12-09 15:53 - 2016-11-11 07:25 - 00071168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MosStorage.dll
2016-12-09 15:53 - 2016-11-11 07:24 - 00519168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ngccredprov.dll
2016-12-09 15:53 - 2016-11-11 07:24 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BcastDVRHelper.dll
2016-12-09 15:53 - 2016-11-11 07:24 - 00138240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DisplayManager.dll
2016-12-09 15:53 - 2016-11-11 07:24 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-12-09 15:53 - 2016-11-11 07:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppCapture.dll
2016-12-09 15:53 - 2016-11-11 07:23 - 00094208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepositoryClient.dll
2016-12-09 15:53 - 2016-11-11 07:22 - 00505856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcastdvr.exe
2016-12-09 15:53 - 2016-11-11 07:22 - 00122880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sendmail.dll
2016-12-09 15:53 - 2016-11-11 07:21 - 00332288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapConfiguration.dll
2016-12-09 15:53 - 2016-11-11 07:21 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgent.exe
2016-12-09 15:53 - 2016-11-11 07:21 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2016-12-09 15:53 - 2016-11-11 07:20 - 00557568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StoreAgent.dll
2016-12-09 15:53 - 2016-11-11 07:20 - 00306176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieproxy.dll
2016-12-09 15:53 - 2016-11-11 07:20 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgentUserBroker.exe
2016-12-09 15:53 - 2016-11-11 07:19 - 13868544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2016-12-09 15:53 - 2016-11-11 07:19 - 01755136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceFlows.DataModel.dll
2016-12-09 15:53 - 2016-11-11 07:19 - 00506880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DevicePairing.dll
2016-12-09 15:53 - 2016-11-11 07:19 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupShim.dll
2016-12-09 15:53 - 2016-11-11 07:19 - 00298496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Management.dll
2016-12-09 15:53 - 2016-11-11 07:19 - 00284672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepsync.dll
2016-12-09 15:53 - 2016-11-11 07:19 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepapi.dll
2016-12-09 15:53 - 2016-11-11 07:19 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupugc.exe
2016-12-09 15:53 - 2016-11-11 07:18 - 02333184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2016-12-09 15:53 - 2016-11-11 07:18 - 01336320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsecedit.dll
2016-12-09 15:53 - 2016-11-11 07:18 - 01196544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscui.cpl
2016-12-09 15:53 - 2016-11-11 07:18 - 00431616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\efswrt.dll
2016-12-09 15:53 - 2016-11-11 07:18 - 00318464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFolder.dll
2016-12-09 15:53 - 2016-11-11 07:18 - 00108544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscinterop.dll
2016-12-09 15:53 - 2016-11-11 07:17 - 00333312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActivationManager.dll
2016-12-09 15:53 - 2016-11-11 07:17 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2016-12-09 15:53 - 2016-11-11 07:16 - 00253952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-12-09 15:53 - 2016-11-11 07:15 - 07626752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2016-12-09 15:53 - 2016-11-11 07:15 - 01357824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2016-12-09 15:53 - 2016-11-11 07:15 - 00838144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JpMapControl.dll
2016-12-09 15:53 - 2016-11-11 07:15 - 00348672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\zipfldr.dll
2016-12-09 15:53 - 2016-11-11 07:15 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptngc.dll
2016-12-09 15:53 - 2016-11-11 07:14 - 00395264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dmenrollengine.dll
2016-12-09 15:53 - 2016-11-11 07:13 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LogonController.dll
2016-12-09 15:53 - 2016-11-11 07:12 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdtcuiu.dll
2016-12-09 15:53 - 2016-11-11 07:10 - 06109184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mos.dll
2016-12-09 15:53 - 2016-11-11 07:10 - 00746496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdtcprx.dll
2016-12-09 15:53 - 2016-11-11 07:09 - 05380608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BingMaps.dll
2016-12-09 15:53 - 2016-11-11 07:09 - 00545280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmkvsrcsnk.dll
2016-12-09 15:53 - 2016-11-11 07:08 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xolehlp.dll
2016-12-09 15:53 - 2016-11-11 07:06 - 06474752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspaint.exe
2016-12-09 15:53 - 2016-11-11 07:06 - 02362880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapRouter.dll
2016-12-09 15:53 - 2016-11-11 07:06 - 02109952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapGeocoder.dll
2016-12-09 15:53 - 2016-11-11 07:06 - 01228288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
2016-12-09 15:53 - 2016-11-11 07:06 - 00400384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PlayToManager.dll
2016-12-09 15:53 - 2016-11-11 07:06 - 00359936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxclu.dll
2016-12-09 15:53 - 2016-11-11 07:05 - 04423680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-12-09 15:53 - 2016-11-11 07:05 - 03370496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepository.dll
2016-12-09 15:53 - 2016-11-11 07:04 - 01992704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2016-12-09 15:53 - 2016-11-11 07:04 - 01595392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-12-09 15:53 - 2016-11-11 07:04 - 00912896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.dll
2016-12-09 15:53 - 2016-11-11 07:04 - 00715264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapControlCore.dll
2016-12-09 15:53 - 2016-11-11 07:04 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\stobject.dll
2016-12-09 15:53 - 2016-11-11 07:03 - 02484736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2016-12-09 15:53 - 2016-11-11 07:03 - 02256384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-12-09 15:53 - 2016-11-11 07:03 - 01576448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2016-12-09 15:53 - 2016-11-11 07:03 - 01556480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
2016-12-09 15:53 - 2016-11-11 07:03 - 00772608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2016-12-09 15:53 - 2016-11-11 07:03 - 00760832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NMAA.dll
2016-12-09 15:53 - 2016-11-11 07:03 - 00565248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasapi32.dll
2016-12-09 15:53 - 2016-11-11 07:02 - 00711680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Search.dll
2016-12-09 10:21 - 2016-12-18 14:45 - 00000000 ____D C:\Users\LEW1S\AppData\Local\SquirrelTemp
2016-12-09 10:21 - 2016-12-09 10:24 - 00000000 ____D C:\Users\LEW1S\AppData\Roaming\Zeplin
2016-12-09 10:21 - 2016-12-09 10:21 - 00000000 ____D C:\Users\LEW1S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zeplin Inc
2016-12-09 10:21 - 2016-12-09 10:21 - 00000000 ____D C:\Users\LEW1S\AppData\Local\Zeplin
2016-12-07 17:16 - 2016-12-19 20:58 - 00000000 _____ C:\hsrv.txt
2016-12-07 17:16 - 2016-12-07 17:16 - 00000000 ____D C:\Program Files\Oracle
2016-12-07 17:16 - 2016-12-07 17:16 - 00000000 ____D C:\Program Files\Droid4Xext
2016-12-07 17:12 - 2016-12-07 17:13 - 00000000 ____D C:\Users\LEW1S\AppData\Roaming\HaiYuInst
2016-12-07 17:11 - 2016-12-08 15:44 - 00000000 ____D C:\Users\LEW1S\AppData\Roaming\VMware
2016-12-07 17:11 - 2016-12-07 17:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Andy
2016-12-07 17:10 - 2016-11-11 23:16 - 00088128 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmx86.sys
2016-12-07 17:10 - 2016-11-11 23:16 - 00052288 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmkbd.sys
2016-12-07 17:09 - 2016-12-21 15:34 - 00000000 ____D C:\ProgramData\VMware
2016-12-07 17:09 - 2016-12-21 15:34 - 00000000 ____D C:\Program Files (x86)\VMware
2016-12-07 17:09 - 2016-12-19 16:44 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-12-07 17:09 - 2016-12-07 17:09 - 00000000 ____D C:\Program Files\Bonjour
2016-12-07 17:09 - 2016-09-06 18:48 - 00083008 _____ (VMware, Inc.) C:\Windows\system32\Drivers\hcmon.sys
2016-12-07 17:07 - 2016-12-07 17:11 - 00000000 ____D C:\Users\LEW1S\Andy
2016-12-07 17:06 - 2016-12-09 08:27 - 00000000 ____D C:\Users\LEW1S\AppData\Roaming\Andy
2016-12-07 17:06 - 2016-12-07 17:07 - 00000000 ____D C:\Program Files\Andy
2016-12-07 17:06 - 2016-12-07 17:06 - 00000000 ____D C:\Users\LEW1\Andy
2016-12-07 17:06 - 2016-12-07 17:06 - 00000000 ____D C:\Users\LEW1
2016-12-07 17:04 - 2016-12-21 13:18 - 00000302 _____ C:\Windows\Tasks\{1643ECA0-BCB4-25E3-51A8-5BA5C8257549}.job
2016-12-07 17:04 - 2016-12-21 13:16 - 00002770 _____ C:\Windows\System32\Tasks\{1643ECA0-BCB4-25E3-51A8-5BA5C8257549}
2016-12-07 17:04 - 2016-12-21 13:16 - 00000000 ____D C:\Users\LEW1S\AppData\Local\1643ECA0-BCB4-25E3-51A8-5BA5C8257549
2016-12-07 16:43 - 2016-12-07 17:17 - 00000000 ____D C:\Users\LEW1S\.android
2016-12-07 16:43 - 2016-12-07 16:43 - 00000000 ____D C:\Users\LEW1S\AppData\Roaming\JetBrains
2016-12-07 16:43 - 2016-12-07 16:43 - 00000000 ____D C:\Users\LEW1S\.AndroidStudio2.2
2016-12-07 16:43 - 2016-12-07 16:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android Studio
2016-12-07 16:40 - 2016-12-07 16:40 - 00000000 ____D C:\Users\LEW1S\AppData\Local\Android
2016-12-07 16:39 - 2016-12-07 16:39 - 00000000 ____D C:\Program Files\Android
2016-12-05 08:33 - 2016-12-05 08:33 - 00005016 _____ C:\Users\LEW1S\Documents\cc_20161205_083337.reg
2016-12-03 19:53 - 2016-12-03 19:53 - 00000000 ____D C:\Users\LEW1S\.ScreamingFrogSEOSpider
2016-12-03 19:52 - 2016-12-19 16:44 - 00000000 ____D C:\Program Files (x86)\Java
2016-12-03 19:52 - 2016-12-03 19:53 - 00000000 ____D C:\ProgramData\Oracle
2016-12-03 19:52 - 2016-12-03 19:52 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-12-03 19:52 - 2016-12-03 19:52 - 00000000 ____D C:\Users\LEW1S\AppData\Roaming\Sun
2016-12-03 19:52 - 2016-12-03 19:52 - 00000000 ____D C:\Users\LEW1S\AppData\LocalLow\Sun
2016-12-03 19:52 - 2016-12-03 19:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-12-03 19:51 - 2016-12-19 16:44 - 00000000 ____D C:\Program Files (x86)\Screaming Frog SEO Spider
2016-12-03 19:51 - 2016-12-03 19:51 - 00000000 ____D C:\Users\LEW1S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Screaming Frog SEO Spider
2016-11-28 12:32 - 2016-11-28 12:32 - 00000000 ____D C:\Users\LEW1S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-11-28 12:32 - 2016-11-28 12:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-24 14:17 - 2016-01-29 13:56 - 00000000 ___RD C:\Users\LEW1S\Dropbox
2016-12-24 14:16 - 2016-09-25 13:21 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-12-24 14:16 - 2016-08-13 01:55 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-24 14:16 - 2016-08-13 01:49 - 00000000 ____D C:\ProgramData\NVIDIA
2016-12-24 14:16 - 2016-01-26 12:58 - 00000000 __SHD C:\Users\LEW1S\IntelGraphicsProfiles
2016-12-24 14:15 - 2016-07-16 11:47 - 00000000 ____D C:\Windows\AppReadiness
2016-12-24 14:15 - 2016-07-16 06:04 - 00786432 _____ C:\Windows\system32\config\BBI
2016-12-24 14:15 - 2016-01-29 11:27 - 00000000 ____D C:\Users\LEW1S\AppData\Local\Adobe
2016-12-24 14:12 - 2016-01-16 11:50 - 02620324 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-23 23:36 - 2016-08-13 01:48 - 00000000 ____D C:\Windows\system32\SleepStudy
2016-12-23 12:16 - 2016-01-29 11:58 - 00000000 ____D C:\Users\LEW1S\AppData\Roaming\.purple
2016-12-23 09:47 - 2016-07-16 11:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-12-23 09:46 - 2016-01-31 23:39 - 00000000 ____D C:\Users\LEW1S\AppData\Local\CrashDumps
2016-12-22 20:08 - 2016-01-29 15:40 - 00001456 _____ C:\Users\LEW1S\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-12-22 14:05 - 2016-01-29 11:38 - 00000034 _____ C:\Users\LEW1S\AppData\Roaming\AdobeWLCMCache.dat
2016-12-22 14:02 - 2016-03-09 19:01 - 00000000 ___RD C:\Users\LEW1S\Desktop\WORKING ON
2016-12-22 14:00 - 2016-08-13 01:50 - 00000000 ____D C:\Users\LEW1S
2016-12-22 13:39 - 2016-01-30 11:37 - 00000000 ____D C:\Users\LEW1S\AppData\Local\Skitch
2016-12-22 13:25 - 2016-03-24 09:45 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-12-22 13:25 - 2016-01-28 23:41 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-12-22 13:17 - 2016-01-29 13:43 - 00000000 ____D C:\Users\LEW1S\Torrent
2016-12-22 13:10 - 2016-01-31 22:09 - 00000000 ____D C:\Users\LEW1S\AppData\Roaming\uTorrent
2016-12-22 09:52 - 2016-09-15 09:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-22 09:52 - 2016-01-16 11:50 - 00000000 ____D C:\ProgramData\Package Cache
2016-12-22 09:45 - 2016-01-16 11:53 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-12-21 20:35 - 2016-01-28 23:43 - 00000000 ____D C:\Users\LEW1S\AppData\Roaming\Skype
2016-12-21 20:08 - 2016-01-28 23:39 - 00000000 ____D C:\Program Files (x86)\Google
2016-12-21 20:01 - 2016-01-28 23:39 - 00000000 ____D C:\Users\LEW1S\AppData\Local\Google
2016-12-21 15:34 - 2016-07-16 11:45 - 00000000 ____D C:\Windows\INF
2016-12-21 15:11 - 2016-08-25 05:22 - 00000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2016-12-21 15:00 - 2016-11-07 09:01 - 00000000 ____D C:\Users\LEW1S\AppData\Local\Spotify
2016-12-21 15:00 - 2016-11-07 08:58 - 00000000 ____D C:\Users\LEW1S\AppData\Roaming\Spotify
2016-12-21 11:05 - 2016-01-16 11:51 - 00000000 ____D C:\Program Files\Dell
2016-12-21 10:24 - 2016-08-13 01:55 - 00004278 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-12-20 18:59 - 2016-06-23 07:16 - 00000000 ____D C:\Program Files (x86)\CineForm
2016-12-20 18:59 - 2016-01-26 12:58 - 00000000 ____D C:\Users\LEW1S\AppData\Local\Packages
2016-12-20 18:52 - 2016-01-30 11:35 - 00000000 ____D C:\Users\LEW1S\AppData\Roaming\FileZilla
2016-12-20 18:52 - 2016-01-16 11:50 - 00000000 ____D C:\Program Files (x86)\ST Microelectronics
2016-12-20 18:52 - 2016-01-16 11:49 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-12-20 18:50 - 2016-08-13 01:55 - 00000000 ____D C:\Windows\System32\Tasks\Lenovo
2016-12-20 18:50 - 2016-03-23 09:22 - 00000000 ____D C:\Users\LEW1S\AppData\Roaming\Lenovo
2016-12-20 18:50 - 2016-03-23 09:22 - 00000000 ____D C:\Users\LEW1S\AppData\Local\Lenovo
2016-12-20 18:50 - 2016-03-23 09:22 - 00000000 ____D C:\ProgramData\Lenovo
2016-12-20 13:56 - 2016-03-23 11:10 - 00000000 ____D C:\Users\LEW1S\.VirtualBox
2016-12-20 13:10 - 2016-02-01 22:46 - 00002030 _____ C:\Users\LEW1S\Desktop\Torrent.lnk
2016-12-20 08:34 - 2016-01-29 14:30 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-12-19 20:14 - 2016-02-02 15:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2016-12-19 20:14 - 2016-02-02 15:11 - 00000000 ____D C:\Program Files (x86)\Sony
2016-12-19 18:10 - 2016-08-13 01:48 - 00632528 _____ C:\Windows\system32\FNTCACHE.DAT
2016-12-19 16:58 - 2016-07-16 11:47 - 00000000 ___RD C:\Windows\MiracastView
2016-12-19 16:56 - 2016-08-13 11:42 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-12-19 16:44 - 2016-11-01 14:17 - 00000000 ____D C:\Program Files (x86)\7-Zip
2016-12-19 16:44 - 2016-10-30 07:55 - 00000000 ____D C:\Program Files (x86)\PacificPoker
2016-12-19 16:44 - 2016-10-20 14:07 - 00000000 ____D C:\Program Files (x86)\Safari
2016-12-19 16:44 - 2016-10-20 14:07 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-12-19 16:44 - 2016-09-30 12:33 - 00000000 ____D C:\Program Files (x86)\Worms W.M.D
2016-12-19 16:44 - 2016-09-28 14:57 - 00000000 ____D C:\Program Files (x86)\Rise of the Tomb Raider
2016-12-19 16:44 - 2016-09-22 17:43 - 00000000 ____D C:\Program Files (x86)\GoPro
2016-12-19 16:44 - 2016-09-22 14:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2016-12-19 16:44 - 2016-09-21 13:04 - 00000000 ____D C:\Program Files (x86)\QuickTime
2016-12-19 16:44 - 2016-09-21 07:52 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2016-12-19 16:44 - 2016-09-19 16:37 - 00000000 ____D C:\Program Files (x86)\Windows Live
2016-12-19 16:44 - 2016-09-19 16:37 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2016-12-19 16:44 - 2016-09-15 13:57 - 00000000 ____D C:\Program Files (x86)\Dell Customer Connect
2016-12-19 16:44 - 2016-08-13 11:42 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-12-19 16:44 - 2016-08-13 01:49 - 00000000 ____D C:\Program Files (x86)\Intel
2016-12-19 16:44 - 2016-08-01 15:41 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2016-12-19 16:44 - 2016-07-24 08:11 - 00000000 ____D C:\Program Files (x86)\NewSoftware's
2016-12-19 16:44 - 2016-07-24 02:17 - 00000000 ____D C:\Program Files (x86)\FullTilt.EU
2016-12-19 16:44 - 2016-07-16 11:47 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2016-12-19 16:44 - 2016-07-16 11:47 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-12-19 16:44 - 2016-07-16 11:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-12-19 16:44 - 2016-07-16 11:47 - 00000000 ____D C:\Program Files (x86)\Windows NT
2016-12-19 16:44 - 2016-07-16 11:47 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-12-19 16:44 - 2016-07-16 11:47 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-12-19 16:44 - 2016-07-14 11:21 - 00000000 ____D C:\Program Files (x86)\Dell Dock Update
2016-12-19 16:44 - 2016-05-21 13:41 - 00000000 ____D C:\Program Files (x86)\Nitro
2016-12-19 16:44 - 2016-04-12 15:19 - 00000000 ____D C:\Program Files (x86)\Stardock
2016-12-19 16:44 - 2016-03-30 19:35 - 00000000 ____D C:\Program Files (x86)\Fallout 4
2016-12-19 16:44 - 2016-02-26 12:05 - 00000000 ____D C:\Program Files (x86)\LastPass
2016-12-19 16:44 - 2016-02-22 12:56 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-12-19 16:44 - 2016-02-12 15:48 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2016-12-19 16:44 - 2016-02-12 15:46 - 00000000 ____D C:\Program Files (x86)\Codec Pack - All In 1
2016-12-19 16:44 - 2016-02-03 15:37 - 00000000 ____D C:\Program Files (x86)\Freelancer.com
2016-12-19 16:44 - 2016-02-03 12:37 - 00000000 ____D C:\Program Files (x86)\Origin Games
2016-12-19 16:44 - 2016-02-03 12:31 - 00000000 ____D C:\Program Files (x86)\Origin
2016-12-19 16:44 - 2016-01-31 19:46 - 00000000 ____D C:\Program Files (x86)\WordPress.com
2016-12-19 16:44 - 2016-01-29 13:42 - 00000000 ____D C:\Program Files (x86)\Diablo III
2016-12-19 16:44 - 2016-01-29 11:58 - 00000000 ____D C:\Program Files (x86)\Pidgin
2016-12-19 16:44 - 2016-01-29 11:56 - 00000000 ____D C:\Program Files (x86)\Canon
2016-12-19 16:44 - 2016-01-29 11:51 - 00000000 ____D C:\Program Files (x86)\Winamp
2016-12-19 16:44 - 2016-01-29 11:50 - 00000000 ____D C:\Program Files (x86)\StarCraft II
2016-12-19 16:44 - 2016-01-29 11:48 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-12-19 16:44 - 2016-01-29 00:43 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2016-12-19 16:44 - 2016-01-29 00:43 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2016-12-19 16:44 - 2016-01-29 00:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2016-12-19 16:44 - 2016-01-28 23:45 - 00000000 ____D C:\Program Files (x86)\YNAB 4
2016-12-19 16:44 - 2016-01-28 23:43 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-12-19 16:44 - 2016-01-28 23:41 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-12-19 16:44 - 2016-01-28 23:41 - 00000000 ____D C:\Program Files (x86)\Evernote
2016-12-19 16:44 - 2016-01-28 23:38 - 00000000 ____D C:\Program Files (x86)\Webteh
2016-12-19 16:44 - 2016-01-26 13:48 - 00000000 ____D C:\Program Files (x86)\Dell
2016-12-19 16:44 - 2016-01-26 13:02 - 00000000 ____D C:\Program Files (x86)\Dell Update
2016-12-19 16:44 - 2016-01-16 11:54 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-12-19 16:44 - 2016-01-16 11:54 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-12-19 16:44 - 2016-01-16 11:53 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-12-19 16:44 - 2016-01-16 11:53 - 00000000 ____D C:\Program Files (x86)\Dell Digital Delivery
2016-12-19 16:44 - 2016-01-16 11:49 - 00000000 ___HD C:\Program Files (x86)\Temp
2016-12-19 16:44 - 2016-01-16 11:49 - 00000000 ____D C:\Program Files (x86)\Realtek
2016-12-19 15:06 - 2016-01-29 00:09 - 00000000 ___RD C:\Users\LEW1S\Desktop\WEBDEVELOPMENT
2016-12-17 23:49 - 2016-02-12 15:49 - 00000000 ____D C:\Users\LEW1S\AppData\Roaming\vlc
2016-12-17 21:17 - 2016-02-02 17:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-12-17 14:10 - 2016-07-16 11:47 - 00000000 ____D C:\Windows\rescache
2016-12-17 10:09 - 2016-08-13 01:55 - 00003416 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-17 10:09 - 2016-08-13 01:55 - 00003292 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-16 19:53 - 2016-03-23 11:25 - 00000000 ____D C:\Users\LEW1S\AppData\Roaming\npm
2016-12-16 19:48 - 2016-03-22 17:46 - 00001408 _____ C:\Users\LEW1S\.bash_history
2016-12-16 18:27 - 2016-03-23 11:26 - 00000046 _____ C:\Users\LEW1S\.node_repl_history
2016-12-15 08:30 - 2016-07-16 11:47 - 00000000 ____D C:\Windows\ShellExperiences
2016-12-14 16:28 - 2016-07-16 11:36 - 00000000 ____D C:\Windows\CbsTemp
2016-12-14 16:23 - 2016-01-28 23:51 - 00000000 ____D C:\Windows\system32\MRT
2016-12-14 16:17 - 2016-01-28 23:51 - 135632432 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-12-13 12:13 - 2016-01-16 11:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2016-12-12 14:26 - 2016-09-10 10:11 - 00000000 ____D C:\Users\LEW1S\AppData\Roaming\Sony
2016-12-11 23:56 - 2016-11-10 04:15 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-12-11 23:56 - 2016-11-10 04:15 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-10 15:40 - 2016-07-07 07:17 - 00000000 ____D C:\Users\LEW1S\AppData\Roaming\Nitro PDF
2016-12-10 14:15 - 2016-02-21 09:16 - 00135472 _____ C:\Users\LEW1S\AppData\Local\GDIPFONTCACHEV1.DAT
2016-12-10 14:13 - 2016-02-22 09:22 - 00001054 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Balsamiq Mockups 3.lnk
2016-12-10 12:19 - 2016-07-16 11:47 - 00000000 ____D C:\Windows\system32\NDF
2016-12-10 12:09 - 2016-01-16 11:55 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-12-10 09:50 - 2016-07-16 11:47 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2016-12-10 09:50 - 2016-07-16 11:47 - 00000000 ____D C:\Windows\SysWOW64\oobe
2016-12-10 09:50 - 2016-07-16 11:47 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2016-12-10 09:50 - 2016-07-16 11:47 - 00000000 ____D C:\Windows\system32\oobe
2016-12-10 09:50 - 2016-07-16 11:47 - 00000000 ____D C:\Windows\bcastdvr
2016-12-10 09:50 - 2016-07-16 06:04 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-12-10 09:50 - 2016-07-16 06:04 - 00000000 ____D C:\Windows\system32\Sysprep
2016-12-10 09:50 - 2016-07-16 06:04 - 00000000 ____D C:\Windows\system32\Dism
2016-12-10 09:50 - 2016-07-16 06:04 - 00000000 ____D C:\Windows\servicing
2016-12-09 15:38 - 2016-07-16 11:42 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\enrollmentapi.dll
2016-12-07 17:09 - 2016-01-16 11:50 - 01912992 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-12-07 17:03 - 2016-03-23 09:22 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-12-05 15:05 - 2016-08-13 01:49 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2016-12-05 08:31 - 2016-07-16 11:47 - 00000000 ____D C:\Windows\LiveKernelReports
2016-12-04 20:44 - 2016-01-28 23:45 - 00000000 ____D C:\Program Files\WinRAR
2016-12-04 20:44 - 2016-01-16 11:53 - 00000934 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-12-04 20:44 - 2016-01-16 11:53 - 00000930 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-12-03 16:35 - 2016-02-02 18:26 - 00000000 ___RD C:\Users\LEW1S\Google Drive
2016-11-30 15:30 - 2016-03-09 20:09 - 00000600 _____ C:\Users\LEW1S\AppData\Local\PUTTY.RND
2016-11-29 16:08 - 2016-08-13 01:55 - 00003994 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2016-11-29 16:08 - 2016-08-13 01:55 - 00003762 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2016-11-25 09:03 - 2016-06-02 13:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2016-11-25 09:03 - 2016-06-02 13:24 - 00000000 ____D C:\Program Files\FileZilla FTP Client

==================== Files in the root of some directories =======

2016-12-21 18:02 - 2016-12-21 18:02 - 0000088 _____ () C:\Users\LEW1S\AppData\Roaming\.95d691779473f3e03bc4b4e56319d74c.key
2016-01-29 11:38 - 2016-12-22 14:05 - 0000034 _____ () C:\Users\LEW1S\AppData\Roaming\AdobeWLCMCache.dat
2016-11-02 18:50 - 2016-11-02 18:50 - 0000600 _____ () C:\Users\LEW1S\AppData\Roaming\PUTTY.RND
2016-12-21 18:02 - 2016-12-22 17:14 - 0000236 _____ () C:\Users\LEW1S\AppData\Roaming\RO39-2M3Q
2016-12-10 01:04 - 2016-12-10 01:04 - 0000045 _____ () C:\Users\LEW1S\AppData\Roaming\WB.CFG
2016-01-29 15:40 - 2016-12-22 20:08 - 0001456 _____ () C:\Users\LEW1S\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-02-02 15:15 - 2016-07-06 07:12 - 45700992 _____ (Sony) C:\Users\LEW1S\AppData\Local\pcc.exe
2016-03-09 20:09 - 2016-11-30 15:30 - 0000600 _____ () C:\Users\LEW1S\AppData\Local\PUTTY.RND
2016-02-23 19:53 - 2016-02-23 19:53 - 0000006 ____S () C:\ProgramData\7a43af6a0273bff1b47e52544b642f9fa7e74383
2016-08-13 01:49 - 2016-08-13 01:49 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-12-22 09:52 - 2016-12-22 09:52 - 0000259 _____ () C:\ProgramData\fontcacheev1.dat
2016-02-23 19:53 - 2016-02-29 12:39 - 0001582 _____ () C:\ProgramData\XML

Files to move or delete:
====================
C:\Windows\TEMP\gF0B7.tmp.exe
C:\ProgramData\fontcacheev1.dat
C:\Windows\Tasks\{1643ECA0-BCB4-25E3-51A8-5BA5C8257549}.job


Some files in TEMP:
====================
C:\Users\LEW1S\AppData\Local\Temp\g6C47.tmp.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-21 13:16

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-12-2016
Ran by LEW1S (24-12-2016 14:20:06)
Running from C:\Users\LEW1S\Downloads
Windows 10 Home Version 1607 (X64) (2016-08-13 01:57:28)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1265675304-2135499584-1237270965-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1265675304-2135499584-1237270965-503 - Limited - Disabled)
Guest (S-1-5-21-1265675304-2135499584-1237270965-501 - Limited - Disabled)
LEW1S (S-1-5-21-1265675304-2135499584-1237270965-1001 - Administrator - Enabled) => C:\Users\LEW1S

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1265675304-2135499584-1237270965-1001\...\uTorrent) (Version: 3.4.9.43085 - BitTorrent Inc.)
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
2007 Microsoft Office Suite Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
7-Zip 16.04 (HKLM-x32\...\7-Zip) (Version: 16.04 - Igor Pavlov)
888poker (HKLM-x32\...\888poker) (Version: - )
Adguard (HKLM-x32\...\{b2963e15-24ed-4084-988e-5b2c8660c1e6}) (Version: 6.1.298.1564 - Performix LLC)
Adguard (x32 Version: 6.1.298.1564 - Performix LLC) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 24.0.0.180 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Illustrator CC (HKLM-x32\...\{F2321021-08A2-44D6-B1DF-BDB415F23EC3}) (Version: 17.0 - Adobe Systems Incorporated)
Adobe Illustrator CC 2014 (HKLM-x32\...\{2B4B4082-8043-4646-8334-B0A29E641211}) (Version: 18.0 - Adobe Systems Incorporated)
Adobe InDesign CC 2014 (HKLM-x32\...\{CCDCB9C4-72BA-1014-A3F8-D123F2F18BC2}) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.0 - Adobe Systems Incorporated)
Affinity Designer Public Beta (HKLM\...\{09BC1EBD-105F-4DD7-AD32-A4F3B16A048F}) (Version: 1.5.0.28 - Serif (Europe) Ltd)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Andy OS (HKLM\...\Andy OS) (Version: 46.14 - Andy OS, Inc)
Ansel (Version: 372.90 - NVIDIA Corporation) Hidden
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
Balsamiq Mockups 3 (HKLM-x32\...\BalsamiqMockups3.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1) (Version: 3.5.5 - Balsamiq SRL)
Balsamiq Mockups 3 (x32 Version: 3.5.5 - Balsamiq SRL) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BS.Player FREE (HKLM-x32\...\BSPlayerf) (Version: 2.70.1080 - AB Team, d.o.o.)
CamStudio 2.7.4 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.4 - CamStudio Open Source)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: 4.5.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - ‪Canon Inc.‬)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - ‪Canon Inc.‬)
Canon MG4200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG4200_series) (Version: 1.02 - Canon Inc.)
Canon MG5400 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5400_series) (Version: 1.01 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.6.1 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.24 - Piriform)
Codec Pack - All In 1 6.0.3.0 (HKLM-x32\...\Cool's_Codec_pack_4.12) (Version: - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.3.0.0152 - Disc Soft Ltd)
Dell Customer Connect (HKLM-x32\...\{35BEC446-269E-42E4-8EED-191A38CCFF3D}) (Version: 1.4.10.0 - Dell Inc.)
Dell Data Vault (Version: 4.3.9.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{AB7F2792-2ED1-4C5C-9F28-680E5110BF72}) (Version: 3.1.1018.0 - Dell Products, LP)
Dell Dock Update (HKLM-x32\...\{2664612A-153E-4741-80D5-8FEEAF1E89D6}) (Version: 1.0.86.0 - Dell Inc.)
Dell Foundation Services (HKLM\...\{BDB50421-E961-42F3-B803-6DAC6F127834}) (Version: 3.4.15000.0 - Dell Inc.)
Dell Help & Support (HKLM-x32\...\InstallShield_{7E780845-303D-4B46-9746-9D49D94D16AB}) (Version: 2.3.22.0 - Dell Inc.)
Dell Help & Support (Version: 2.3.22.0 - Dell Inc.) Hidden
Dell PremierColor (HKLM\...\{5CA2B02F-FC89-4F42-A3DA-7649B8EFF194}) (Version: 2.0.199 - Portrait Displays, Inc.)
Dell Product Registration (HKLM-x32\...\InstallShield_{85B14AE3-1624-45BE-942B-A528DF6F1CCE}) (Version: 3.0.123.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.3.6855.61 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{27130E51-9555-408B-8134-7BFF54EDE27B}) (Version: 1.3.0.72 - Dell)
Dell System Detect (HKU\S-1-5-21-1265675304-2135499584-1237270965-1001\...\58d94f3ce2c27db0) (Version: 7.11.0.6 - Dell)
Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Dropbox (HKLM-x32\...\Dropbox) (Version: 16.4.30 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 1.566.0.0 - Dell Inc.)
Evernote v. 6.3.3 (HKLM-x32\...\{EB571A8A-81E0-11E6-8CC1-005056950253}) (Version: 6.3.3.3502 - Evernote Corp.)
Fallout 4 (HKLM-x32\...\Fallout 4_is1) (Version: - )
Fences 2 (HKLM-x32\...\Fences 22.01) (Version: 2.01 - Stardock Corporation)
FileZilla Client 3.22.2.2 (HKLM-x32\...\FileZilla Client) (Version: 3.22.2.2 - Tim Kosse)
Folder Lock (HKLM-x32\...\Folder Lock) (Version: - New Softwares.net)
Freelancer Desktop App version 1.4.0 (HKLM-x32\...\Freelancer Desktop App_is1) (Version: 1.4.0 - Freelancer Technology Pty Limited)
Full Tilt.eu (HKLM-x32\...\Full Tilt.eu) (Version: - Full Tilt.eu)
Git version 2.7.4 (HKLM\...\Git_is1) (Version: 2.7.4 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GoPro (Version: 0.1.2733 - GoPro, Inc.) Hidden
GoPro for Desktop (HKLM-x32\...\{88734dc7-c200-4ad3-b29f-bb5e436cb30f}) (Version: 1.4.0.2733 - GoPro, Inc.)
GoPro Studio (x32 Version: 5.9.2733 - GoPro, Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
HeidiSQL (HKLM\...\HeidiSQL_is1) (Version: - Ansgar Becker)
Intel® Chipset Device Software (x32 Version: 10.1.1.13 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10605.221 - Intel Corporation)
Intel® HID Event Filter (HKLM-x32\...\3FB06EEC-013D-4366-9918-71B97DFB84EB) (Version: 1.1.0.310 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1167 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.2.1088 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)
Logitech Options (HKLM\...\LogiOptions) (Version: - Logitech)
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Maxx Audio Installer (x64) (Version: 2.6.8006.3 - Waves Audio Ltd.) Hidden
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x64) - 12.0.20617 (HKLM-x32\...\{448652c1-f5f3-4230-98c6-68c10c88b1fb}) (Version: 12.0.20617.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
Mozilla Thunderbird 45.5.1 (x86 en-GB) (HKLM-x32\...\Mozilla Thunderbird 45.5.1 (x86 en-GB)) (Version: 45.5.1 - Mozilla)
Nitro Pro 9 (HKLM\...\{6DC0850D-DCCA-4E75-8A4A-E374EB38C2B4}) (Version: 9.5.1.5 - Nitro)
Node.js (HKLM\...\{EBF9E075-7642-489B-B557-992F349CFB40}) (Version: 6.9.2 - Node.js Foundation)
NVIDIA 3D Vision Driver 372.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 372.90 - NVIDIA Corporation)
NVIDIA Graphics Driver 372.90 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 372.90 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Oracle VM VirtualBox 4.3.12_ZZZZ (HKLM\...\{B5121457-0126-4E62-BCBF-6DC7C73D9E4A}) (Version: 4.3.12 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.11.5.17432 - Electronic Arts, Inc.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.12 - )
Product Registration (Version: 3.0.123.0 - Dell Inc.) Hidden
QuickTime (HKLM-x32\...\{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}) (Version: 7.60.92.0 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7829 - Realtek Semiconductor Corp.)
Realtek USB Audio (HKLM-x32\...\{0A46A65D-89AC-464C-8026-3CD44960BD04}) (Version: 6.3.9600.44 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.2 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.2 - VS Revo Group, Ltd.)
Rise of the Tomb Raider (HKLM-x32\...\{45F08513-973A-4C18-93FD-8E12B1908390}_is1) (Version: - Square Enix)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SafeZone Stable 1.51.2220.62 (x32 Version: 1.51.2220.62 - Avast Software) Hidden
Screaming Frog SEO Spider (HKLM-x32\...\Screaming Frog SEO Spider) (Version: 6.2 - Screaming Frog Ltd)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
Skitch (HKLM-x32\...\Skitch 2.3.2.176) (Version: 2.3.2.176 - Evernote Corp.)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-1265675304-2135499584-1237270965-1001\...\Spotify) (Version: 1.0.45.186.g3b5036d6 - Spotify AB)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Stardock Fences 2 (HKLM-x32\...\Stardock Fences 2) (Version: 2.12 - Stardock Software, Inc.)
Sublime Text Build 3083 (HKLM\...\Sublime Text 3_is1) (Version: - Sublime HQ Pty Ltd)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.59518 - TeamViewer)
Thunderbolt™ Software (HKLM-x32\...\{B0E8A8CA-5A40-49C3-BE5E-9076664DB9AA}) (Version: 15.3.39.250 - Intel Corporation)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.0a - Ghisler Software GmbH)
Unlocker (HKLM\...\{5993C960-4E90-4A00-A2F3-D0C4020A6992}) (Version: 1.9.2 - ajua Custom Installers)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Vegas Pro 13.0 (64-bit) (HKLM\...\{1EEE0BEE-0BC8-11E5-A19E-F04DA23A5C58}) (Version: 13.0.453 - Sony)
VFW_Codec32 (x32 Version: 0.1.160.0 - GoPro, Inc.) Hidden
VFW_Codec64 (Version: 0.1.160.0 - GoPro, Inc.) Hidden
Viber (HKU\S-1-5-21-1265675304-2135499584-1237270965-1001\...\{5eceddc9-9d1c-4be5-83a1-78e473cf95ed}) (Version: 6.4.0.1476 - Viber Media Inc.)
Viber (x32 Version: 6.4.0.1476 - Viber Media Inc.) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WampServer 2.5 (HKLM-x32\...\WampServer 2_is1) (Version: - Hervé Leclerc (HeL))
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.1.730 - Broadcom Corporation)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
WordPress.com (HKLM-x32\...\WordPress.com) (Version: - Automattic, Inc.)
Worms W.M.D (HKLM-x32\...\Worms W.M.D_is1) (Version: - )
Xenu's Link Sleuth (HKLM-x32\...\Xenu's Link Sleuth) (Version: 1.3.8 - Tilman Hausherr)
YNAB 4 version 4.3.857 (HKLM-x32\...\com.ynab.YNAB4.LiveCaptive_is1) (Version: 4.3.857 - YouNeedABudget.com)
Zeplin (HKU\S-1-5-21-1265675304-2135499584-1237270965-1001\...\Zeplin) (Version: 0.22.2 - Zeplin Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1265675304-2135499584-1237270965-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1265675304-2135499584-1237270965-1001_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1265675304-2135499584-1237270965-1001_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1265675304-2135499584-1237270965-1001_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1265675304-2135499584-1237270965-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1265675304-2135499584-1237270965-1001_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A9823AF-3538-48C1-93AB-06AFDC971CC5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {0EC523CC-637F-4449-BC69-2757255E764D} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {10461D5E-B772-4D84-ABE2-65814AD2756B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-12-14] (Microsoft Corporation)
Task: {174EEDD9-6056-4716-AD06-E4DFAB4C6A4D} - System32\Tasks\6d11ffc8882bc444143ff07584e87fee => Rundll32.exe "C:\Program Files (x86)\Reference Assemblies\gsie93.dll",e62dc6c6547f46bda862da2d05af6862 <==== ATTENTION
Task: {1874159B-0C0E-49C7-A442-6BFF3D0479CD} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2016-09-13] (PC-Doctor, Inc.)
Task: {21859F71-A472-409D-8506-FEF6607931A5} - System32\Tasks\SafeZone scheduled Autoupdate 1460536512 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software)
Task: {295FCCA9-D40A-4DE2-A84C-6FF36CC8FF01} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-09-09] (Dell Inc.)
Task: {2B5CF5D4-C208-4CF8-A55C-A423C4BE2331} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-10-30] (Adobe Systems Incorporated)
Task: {3116BF76-3544-4C80-8E64-DFE3F6D4583C} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-09-13] (AVAST Software)
Task: {34F09E3D-311B-4A6A-9AAA-6DFE53CDB38E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-11-15] (Piriform Ltd)
Task: {4E1DD351-96F2-4D51-BE51-7FC71ABD1A34} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2016-09-13] (PC-Doctor, Inc.)
Task: {51967C7A-F48E-4865-AFCF-DBF098A4A996} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-1EKJ75Q-LEW1S => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-09-19] (Adobe Systems Incorporated)
Task: {55D91FEE-2D38-46C2-9F41-D2A634C40380} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => Thunderbolt.exe
Task: {5D093877-4299-4D44-A5FC-DE536502C676} - System32\Tasks\880q919c730g278 => Rundll32.exe "C:\ProgramData\880q919c730g278\880q919c730g278.dll",hcsopx <==== ATTENTION
Task: {7B49A617-6A11-4EF2-B618-6EA762A0154E} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {8213FC94-C919-4A3B-8EF7-9286FC1AFE07} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-01-29] (Dropbox, Inc.)
Task: {83519F01-938B-4F26-97AA-D93937E5A7A0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-28] (Google Inc.)
Task: {902C35B8-04DA-43D8-9722-E9E7DE7907C6} - System32\Tasks\{1643ECA0-BCB4-25E3-51A8-5BA5C8257549} => C:\Users\LEW1S\AppData\Local\1643EC~1\SYNHEL~1.EXE <==== ATTENTION
Task: {9163A12B-2210-479D-883F-EBAA5D0D3855} - System32\Tasks\{0B2E9467-7C4A-4421-9D47-DE434FE608E0} => launchwinapp.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=7.0.0.102&amp;LastError=404
Task: {960A7284-1DF0-48B1-8B8E-17FA90D0C1F9} - System32\Tasks\87639889d41t208319 => Rundll32.exe "C:\ProgramData\87639889d41t208319\87639889d41t208319.dll",DMT <==== ATTENTION
Task: {A26431F2-4D74-4060-9A46-93206E50F1EC} - System32\Tasks\329q432c44g260 => Rundll32.exe "C:\ProgramData\329q432c44g260\329q432c44g260.dll",hcsopx <==== ATTENTION
Task: {ACDE8A5B-7181-4EA8-B37B-18B66A48D01D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-28] (Google Inc.)
Task: {B5867EEA-380F-44CB-800A-829A9C3B4689} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => tbtsvc.exe
Task: {B96ED765-B721-4850-BED3-5B94B78A46F5} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => Thunderbolt.exe
Task: {C6D66CB9-B139-43D3-ADEE-622401172272} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-01-29] (Dropbox, Inc.)
Task: {CB58885D-D3A0-4197-8E0C-61E6FD3B344E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {D6C75F45-4D09-4F12-941A-F428DA9955E5} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => start ThunderboltService
Task: {E987582E-4E16-429A-9248-C15900352151} - \Client -> No File <==== ATTENTION
Task: {FACE61B2-85D5-4D44-861A-412A4E8A5292} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-05-25] (Realtek Semiconductor)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\{1643ECA0-BCB4-25E3-51A8-5BA5C8257549}.job =>

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\LEW1S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Apps & Extensions Developer Tool.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 5" --app-id=ohmmkhmmmpcnpikjeljgnaoabkaalbgc
ShortcutWithArgument: C:\Users\LEW1S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sticky Notes.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 5" --app-id=nbjdhgkkhefpifbifjiflpaajchdkhpg
ShortcutWithArgument: C:\Users\LEW1S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\TrackingTime _ Time Tracker.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 5" --app-id=knailkjkjcfegledhjhcfacdngnicimb
ShortcutWithArgument: C:\Users\LEW1S\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Wunderlist for Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 5" --app-id=ojcflmmmcfpacggndoaaflkmcoblhnbh
ShortcutWithArgument: C:\Users\LEW1S\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 11:42 - 2016-07-16 11:42 - 00231424 _____ () C:\Windows\SYSTEM32\ism32k.dll
2016-12-14 12:00 - 2016-12-09 10:29 - 02681200 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-12-21 20:30 - 2014-03-22 19:53 - 02843648 _____ () C:\ProgramData\880q919c730g278\880q919c730g278.dll
2016-08-13 01:49 - 2016-09-16 22:54 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-05-19 17:11 - 2015-05-19 17:11 - 00007680 _____ () C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe
2015-08-21 01:47 - 2015-08-21 01:47 - 00049408 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll
2016-07-07 14:18 - 2016-07-07 14:18 - 00126832 _____ () C:\Program Files (x86)\Dell Dock Update\DUWrapperService.exe
2016-03-30 20:21 - 2016-06-15 01:14 - 00369208 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-03-30 20:06 - 2016-06-15 01:14 - 00289848 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-03-30 20:21 - 2016-06-15 01:14 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-03-30 20:21 - 2016-06-15 01:14 - 03613240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2014-05-19 12:27 - 2014-05-19 12:27 - 00417800 _____ () C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
2016-03-30 20:21 - 2016-06-15 01:14 - 02667576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-03-30 20:21 - 2016-06-15 01:14 - 01990200 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-03-30 20:21 - 2016-06-15 01:14 - 01842232 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-03-30 20:06 - 2016-06-15 01:14 - 00208952 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-03-30 20:21 - 2016-06-15 01:14 - 00035896 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-03-30 20:21 - 2016-06-15 01:14 - 00921656 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2016-12-14 12:00 - 2016-12-09 10:29 - 02681200 _____ () C:\Windows\SYSTEM32\CoreUIComponents.dll
2016-10-11 15:16 - 2016-10-11 15:16 - 01864384 _____ () C:\Users\LEW1S\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2016-09-19 08:06 - 2016-09-07 04:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-12-14 12:00 - 2016-12-09 09:41 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-07-28 05:29 - 2016-07-28 05:29 - 00401904 _____ () C:\Windows\system32\igfxTray.exe
2016-12-14 08:05 - 2016-12-14 08:06 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-12-14 08:05 - 2016-12-14 08:06 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-12-14 08:05 - 2016-12-14 08:06 - 42130432 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-12-14 08:05 - 2016-12-14 08:06 - 02216448 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\roottools.dll
2016-12-23 21:02 - 2016-12-24 14:16 - 00252416 _____ () C:\Windows\TEMP\gF0B7.tmp.exe
2015-11-14 02:21 - 2015-11-14 02:21 - 00273136 _____ () C:\Program Files\Portrait Displays\Dell PremierColor\CTHelper.exe
2016-12-23 21:05 - 2016-12-24 14:16 - 03662848 _____ () C:\Windows\TEMP\gDA87.tmp
2016-12-21 20:08 - 2016-12-08 08:03 - 02412888 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
2016-12-21 20:08 - 2016-12-08 08:03 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll
2016-05-11 23:39 - 2016-05-11 23:39 - 00037808 _____ () C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe
2016-11-09 09:46 - 2016-11-02 10:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-09 09:46 - 2016-11-02 10:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-09 09:46 - 2016-11-02 10:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-09 09:46 - 2016-11-02 10:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-09 09:46 - 2016-11-02 10:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-09-13 08:32 - 2016-09-13 08:32 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-12-23 20:58 - 2016-12-23 20:58 - 03131344 _____ () C:\Program Files\AVAST Software\Avast\defs\16122301\algo.dll
2016-09-13 08:32 - 2016-09-13 08:32 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-11-16 16:22 - 2016-11-16 16:22 - 01428240 _____ () C:\Program Files (x86)\Adguard\AdguardNetApi.DLL
2016-11-16 16:22 - 2016-11-16 16:22 - 00142096 _____ () C:\Program Files (x86)\Adguard\AdguardNetLib.DLL
2016-01-16 11:53 - 2016-06-15 01:14 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-01-29 13:53 - 2016-11-11 20:36 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-01-29 13:53 - 2016-11-11 20:36 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-01-29 13:53 - 2016-11-11 20:36 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-01-29 13:53 - 2016-12-21 18:26 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-01-29 13:53 - 2016-11-11 20:36 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-12-22 09:45 - 2016-12-21 18:26 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-01-29 13:53 - 2016-11-11 20:37 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-12-22 09:45 - 2016-12-21 18:26 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-12-22 09:45 - 2016-12-21 18:26 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2016-12-22 09:45 - 2016-11-11 20:36 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-12-22 09:45 - 2016-11-11 20:37 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-12-22 09:45 - 2016-11-11 20:36 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-01-29 13:53 - 2016-11-11 20:38 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-08-06 11:03 - 2016-12-21 18:26 - 00021312 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2016-12-22 09:45 - 2016-12-21 18:26 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-12-22 09:45 - 2016-12-21 18:26 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-12-22 09:45 - 2016-11-11 20:36 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2016-12-22 09:45 - 2016-11-11 20:38 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-01-29 13:53 - 2016-11-11 20:38 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2016-01-29 13:53 - 2016-11-11 20:39 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-01-29 13:53 - 2016-12-21 18:26 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-01-29 13:53 - 2016-11-11 20:38 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-08-06 11:03 - 2016-12-21 18:26 - 00025424 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-01-29 13:53 - 2016-11-11 20:38 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-01-29 13:53 - 2016-11-11 20:38 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-01-29 13:53 - 2016-11-11 20:38 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-01-29 13:53 - 2016-11-11 20:39 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-01-29 13:53 - 2016-11-11 20:39 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-01-29 13:53 - 2016-11-11 20:38 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2016-01-29 13:53 - 2016-11-11 20:39 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-12-22 09:45 - 2016-12-21 18:26 - 00246592 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-12-22 09:45 - 2016-12-21 18:26 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-08-06 11:03 - 2016-11-11 20:37 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2016-12-22 09:45 - 2016-12-21 18:26 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-01-29 13:53 - 2016-11-11 20:39 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-01-29 13:53 - 2016-12-21 18:26 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-02-12 05:29 - 2016-12-21 18:26 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-02-12 05:29 - 2016-12-21 18:26 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-02-12 05:29 - 2016-12-21 18:26 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-01-29 13:53 - 2016-11-11 20:39 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-02-12 05:29 - 2016-12-21 18:26 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-12-22 09:45 - 2016-12-21 18:26 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-12-22 09:45 - 2016-11-11 20:35 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-12-22 09:45 - 2016-12-21 18:26 - 00031568 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2016-12-22 09:45 - 2016-12-03 08:13 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2016-12-22 09:45 - 2016-12-21 18:26 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-12-22 09:45 - 2016-12-21 18:26 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-01-29 13:53 - 2016-11-11 20:37 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-12-22 09:45 - 2016-12-21 18:26 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-12-22 09:45 - 2016-12-21 18:26 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-12-22 09:45 - 2016-12-21 18:26 - 01972528 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-12-22 09:45 - 2016-12-21 18:26 - 00133424 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-12-22 09:45 - 2016-12-21 18:26 - 00224056 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-12-22 09:45 - 2016-12-21 18:26 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-08-06 11:03 - 2016-12-21 18:26 - 00020288 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32._winffi_user32.pyd
2016-12-22 09:45 - 2016-11-11 20:42 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2016-12-22 09:45 - 2016-11-11 20:42 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2016-12-22 09:45 - 2016-12-21 18:26 - 00042808 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2016-12-22 09:45 - 2016-12-21 18:26 - 00171320 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2016-12-22 09:45 - 2016-12-21 18:26 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2016-04-15 11:04 - 2016-12-21 18:26 - 00037192 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2016-01-29 13:53 - 2016-11-11 20:39 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2016-08-06 11:03 - 2016-12-21 18:26 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2016-12-22 09:45 - 2016-12-21 18:26 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2016-06-21 16:45 - 2016-06-21 16:45 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-09-09 07:32 - 2016-09-09 07:32 - 00134008 _____ () C:\Program Files (x86)\Dell Customer Connect\ServiceTagPlusPlus.dll
2015-09-05 04:34 - 2015-09-05 04:34 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 11:04 - 2016-12-21 13:44 - 00000853 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1265675304-2135499584-1237270965-1001\Control Panel\Desktop\\Wallpaper -> c:\users\lew1s\desktop\webdevelopment\webjuice-bg.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "HandyAndy.lnk"
HKLM\...\StartupApproved\Run: => "GoPro Tray App"
HKLM\...\StartupApproved\Run: => "WavesSvc"
HKLM\...\StartupApproved\Run32: => "GrooveMonitor"
HKU\S-1-5-21-1265675304-2135499584-1237270965-1001\...\StartupApproved\Run: => "FLBackup"
HKU\S-1-5-21-1265675304-2135499584-1237270965-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1265675304-2135499584-1237270965-1001\...\StartupApproved\Run: => "Spotify Web Helper"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [UDP Query User{35D2E065-BE81-494D-90FF-3E13F469F85A}C:\programdata\logishrd\logioptions\software\6.00.547\logioptionsmgr.exe] => C:\programdata\logishrd\logioptions\software\6.00.547\logioptionsmgr.exe
FirewallRules: [TCP Query User{CA553E2D-73B1-473A-AF51-FAB8D95992E2}C:\programdata\logishrd\logioptions\software\6.00.547\logioptionsmgr.exe] => C:\programdata\logishrd\logioptions\software\6.00.547\logioptionsmgr.exe
FirewallRules: [{6DB8C342-FF7D-4079-9900-09996C996DAB}] => C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE
FirewallRules: [UDP Query User{F42A87AF-E325-4A17-BCFE-7DCBDAC90E33}C:\program files (x86)\hearthstone\hearthstone.exe] => C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{D4A9D29E-9916-402C-86BC-70C05B6EBE30}C:\program files (x86)\hearthstone\hearthstone.exe] => C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{35B79191-5998-4559-A9D1-DB0F1B9E8002}C:\windows\system32\igfxext.exe] => C:\windows\system32\igfxext.exe
FirewallRules: [TCP Query User{71293329-E159-4315-B19E-9A67153627BB}C:\windows\system32\igfxext.exe] => C:\windows\system32\igfxext.exe
FirewallRules: [{5597215E-8A90-4433-AC72-2F5F542558D1}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{BC065E56-B1F7-4DDE-8C16-E3E0DE60411E}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{A2134AF5-CB66-4A63-BD03-A0C376C7EC99}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{068AAFB9-C6C1-4C45-AD60-C622D2A30ABA}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{75C9BCA1-9822-407C-9D5B-B6DD7A5F33A3}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{55099CC3-12D4-41D9-8A0E-90498028EB8B}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AB1E5D6A-CF7E-4FB9-9CD1-B823ACDC83BB}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{FF643E25-C66B-4B11-80C8-97C4F660132C}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{20DA7E0D-24DC-4485-926C-659667816534}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{91C4B261-E5E4-43C7-A260-024809699117}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{A73AD635-FF99-4122-A567-A67386C7E938}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{9A596487-A928-4E6C-9B3E-1397E1F3C0EE}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{013E5D39-3DBF-4DC1-852F-F78F039EF4F0}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C9CACB0C-623D-47AE-9FEE-E0A7198A1FEC}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{735E63BC-085F-4276-9909-A4AE4552A771}C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe] => C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe
FirewallRules: [UDP Query User{B2762495-5761-4462-9C42-40150DBC28E6}C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe] => C:\wamp\bin\apache\apache2.4.9\bin\httpd.exe
FirewallRules: [{C3F190A1-33D0-41FD-847F-FDC58F5BF514}] => C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{62342001-BF62-4038-9585-86E219528A29}] => C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{EDA6704D-9B69-47BF-BD7F-66F18027D7F2}] => C:\Users\LEW1S\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B7AFB32C-E0E1-4E22-9616-8761EC54DCD6}] => C:\Users\LEW1S\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C5B0FFB7-99AA-4BA0-8FB9-47851EAC9EE2}] => C:\Users\LEW1S\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8C5FDCCD-C715-4D60-A6BA-7E6078E69510}] => C:\Users\LEW1S\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7FDE5B03-A27C-41CD-8F99-C398BCCEFDF7}] => C:\Users\LEW1S\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5EBDF778-0EF9-4987-ACFE-6DB26F1AD9DE}] => C:\Users\LEW1S\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{D3C3A89E-9F84-44AF-9B50-D9FE83A6EEB5}C:\windows\system32\runtimebroker.exe] => C:\windows\system32\runtimebroker.exe
FirewallRules: [UDP Query User{F755FEFE-2EC2-44FC-9089-55EF076191BB}C:\windows\system32\runtimebroker.exe] => C:\windows\system32\runtimebroker.exe
FirewallRules: [TCP Query User{CFAD7221-CED1-4D04-B465-441E8813CC5F}C:\windows\explorer.exe] => C:\windows\explorer.exe
FirewallRules: [UDP Query User{7869DFC3-6986-4E2D-8DAB-9A06647DFA85}C:\windows\explorer.exe] => C:\windows\explorer.exe
FirewallRules: [TCP Query User{DD232B21-7A7E-456F-84BB-BBDA8B1D7714}C:\windows\system32\sihost.exe] => C:\windows\system32\sihost.exe
FirewallRules: [UDP Query User{772FBD0C-93A2-4043-B487-55E35090FDCC}C:\windows\system32\sihost.exe] => C:\windows\system32\sihost.exe
FirewallRules: [{D30B36B0-D82E-4936-AE8B-B9C88F6DCF05}] => C:\windows\system32\sihost.exe
FirewallRules: [{DBA99292-20E7-4C24-B4E6-083796146F16}] => C:\windows\system32\sihost.exe
FirewallRules: [{4AA5F436-4F56-4CDE-AAB7-94EB82AB6579}] => C:\windows\explorer.exe
FirewallRules: [{1CA9966F-143E-47EB-B7D5-AD2D1F8BB66F}] => C:\windows\explorer.exe
FirewallRules: [{BB80A654-973E-4809-83F8-7535A39F9F3B}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{30E90C4A-8AE4-4893-AB40-A01EC419FF1F}] => LPort=2869
FirewallRules: [{481F096B-0F3A-431D-85FC-35B8B159146D}] => LPort=1900
FirewallRules: [{4EE5F63F-E5DD-4D8D-865D-10777A628202}] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [TCP Query User{389932DD-D2DC-4030-A5A0-AA0DC4DB0331}C:\program files\filezilla ftp client\filezilla.exe] => C:\program files\filezilla ftp client\filezilla.exe
FirewallRules: [UDP Query User{2FBB64BD-2B0D-4FE2-94AC-35BFBB3203F8}C:\program files\filezilla ftp client\filezilla.exe] => C:\program files\filezilla ftp client\filezilla.exe
FirewallRules: [{9B273753-3905-4197-97B6-70CC85E57776}] => C:\Program Files\GoPro\GoPro Desktop App\GoPro.exe
FirewallRules: [{D6361664-5C6B-4B5E-99E5-07B65A959520}] => C:\Program Files\GoPro\GoPro Desktop App\GoProMsgBus.exe
FirewallRules: [{4A345A17-F223-4CC8-939F-BD0B1C815924}] => C:\Program Files\GoPro\GoPro Desktop App\GoProIDService.exe
FirewallRules: [{377BAE10-1B0A-42AF-AED2-6EE48FD3BDB5}] => C:\Program Files\GoPro\GoPro Desktop App\GoProLauncher.exe
FirewallRules: [TCP Query User{C24B4801-7E38-49A9-8D62-1C9E4AF7B214}C:\users\lew1s\appdata\roaming\spotify\spotify.exe] => C:\users\lew1s\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{449431E4-8673-4B71-B8B4-58421A26321A}C:\users\lew1s\appdata\roaming\spotify\spotify.exe] => C:\users\lew1s\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{2258C98A-BE51-4CC5-93F6-4A3B56E6D9A5}C:\users\lew1s\appdata\roaming\spotify\spotify.exe] => C:\users\lew1s\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{747AA226-6B9A-4543-8ADB-09CD0F1469C3}C:\users\lew1s\appdata\roaming\spotify\spotify.exe] => C:\users\lew1s\appdata\roaming\spotify\spotify.exe
FirewallRules: [{A3316016-34C1-4EB1-948E-A17044722186}] => C:\Program Files\Andy\andy.exe
FirewallRules: [{EFFE6AAB-B38D-4112-9641-3D4F3E357136}] => C:\Program Files\Andy\andy.exe
FirewallRules: [{17D73A2F-9CB3-45D9-936B-C831268D4A54}] => C:\Program Files\Andy\AndyConsole.exe
FirewallRules: [{F11F900B-646F-47BC-AC55-B86DD1641B9C}] => C:\Program Files\Andy\AndyConsole.exe
FirewallRules: [{A2A5D2F4-4C6D-4CBA-9EE3-F95CAA27690D}] => C:\Program Files\Andy\HandyAndy.exe
FirewallRules: [{C9BCCAF6-DD10-4FA9-B4DB-2C7C428A2F86}] => C:\Program Files\Andy\HandyAndy.exe
FirewallRules: [{C4387154-25B3-43BB-BBC7-1B12FE367A12}] => C:\Program Files\Andy\SetupFiles\Uninstall.exe
FirewallRules: [{81BB3DDE-C61D-4AB3-92B3-5C4EC9DD43D9}] => C:\Program Files\Andy\SetupFiles\Uninstall.exe
FirewallRules: [{B83B62BD-5B51-4FF6-8EB5-134ABC0A96C4}] => C:\Program Files\Andy\SetupFiles\VMwareCheck.exe
FirewallRules: [{9AF4E4FB-F3D9-4F64-9843-575798F01658}] => C:\Program Files\Andy\SetupFiles\VMwareCheck.exe
FirewallRules: [{C2D3EAAF-D24A-4061-9C05-3C1A3442980D}] => C:\Program Files\Andy\SetupFiles\AndyDoctor.exe
FirewallRules: [{49A46CCD-C58B-450C-969E-F972E06149F9}] => C:\Program Files\Andy\SetupFiles\AndyDoctor.exe
FirewallRules: [{E2B07B2A-5D8F-4CF2-A052-57FFAC5A542A}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{82E9F654-0231-4018-9631-F4B7F3018861}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3353C5B3-EEF8-4990-BEF1-F9064D09E708}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{50C65DDD-33C8-4844-BDDE-2B34E4125FD1}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{EC1DF949-07EE-46AD-96B5-F090011B9FB3}C:\users\lew1s\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe] => C:\users\lew1s\appdata\roaming\haiyuinst\plugins\download\minithunderplatform.exe
FirewallRules: [{6302FF48-EFDB-4A17-9EC3-DBBA7EF331B3}] => C:\Program Files\Oracle\VirtualBox\vboxheadless.exe
FirewallRules: [{0FF06B46-B084-49F7-A19C-4BA7F9E19664}] => C:\Windows\system32\rundll32.exe
FirewallRules: [{74185ACA-7120-4518-AA5B-E9B6B767488A}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{7E2B5DA3-0530-4124-9255-E60A5B3DEE55}] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{7410A27E-F492-4E0A-8187-B98E19D206C5}] => C:\Program Files (x86)\Adguard\AdguardSvc.exe
FirewallRules: [{4D70BBDA-12E0-49BF-A2FA-FA2C01216CE8}] => C:\Windows\System32\rundll32.exe
FirewallRules: [{3F7CB452-5CE5-4260-958F-4204ADA383AF}] => C:\Windows\System32\rundll32.exe
FirewallRules: [{0CCEFE36-B862-452D-A280-13B9F21A14C7}] => C:\Windows\System32\rundll32.exe
FirewallRules: [{72DD50EE-6107-41AE-A5D2-A5792EB90295}] => C:\Windows\System32\rundll32.exe

==================== Restore Points =========================

21-12-2016 21:07:17 Checkpoint by HitmanPro
21-12-2016 21:08:25 Checkpoint by HitmanPro

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/24/2016 02:16:46 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\DESKTOP-1EKJ75Q$ via https://NTC-NameId-bcd3c503d39e51b0c50489e9228e984a7e63e303.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"ntc-nameid-bcd3c503d39e51b0c50489e9228e984a7e63e303.microsoftaik.azure.net\" does not exist."}
Cache-Control: no-cache
Date: Sat, 24 Dec 2016 14:16:47 GMT
Pragma: no-cache
Content-Length: 122
Content-Type: application/json; charset=utf-8
Expires: -1
Server: Microsoft-IIS/8.5
x-ms-request-id: 48489932-00c9-4326-95d7-5e5480c1a25e
Strict-Transport-Security: max-age=31536000;includeSubDomains
X-Content-Type-Options: nosniff
X-Powered-By: ASP.NET

Method: GET(156ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (12/24/2016 02:16:40 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\DESKTOP-1EKJ75Q$ via https://NTC-NameId-bcd3c503d39e51b0c50489e9228e984a7e63e303.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"ntc-nameid-bcd3c503d39e51b0c50489e9228e984a7e63e303.microsoftaik.azure.net\" does not exist."}
Cache-Control: no-cache
Date: Sat, 24 Dec 2016 14:16:41 GMT
Pragma: no-cache
Content-Length: 122
Content-Type: application/json; charset=utf-8
Expires: -1
Server: Microsoft-IIS/8.5
x-ms-request-id: a9ccd275-bac3-4f6d-9afe-f0d6838125c7
Strict-Transport-Security: max-age=31536000;includeSubDomains
X-Content-Type-Options: nosniff
X-Powered-By: ASP.NET

Method: GET(703ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (12/24/2016 02:16:27 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (12/24/2016 02:08:34 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\DESKTOP-1EKJ75Q$ via https://NTC-NameId-bcd3c503d39e51b0c50489e9228e984a7e63e303.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps

Method: GET(219ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (12/24/2016 02:08:30 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\DESKTOP-1EKJ75Q$ via https://NTC-NameId-bcd3c503d39e51b0c50489e9228e984a7e63e303.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps

Method: GET(15ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (12/24/2016 02:08:26 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\DESKTOP-1EKJ75Q$ via https://NTC-NameId-bcd3c503d39e51b0c50489e9228e984a7e63e303.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps

Method: GET(109ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (12/24/2016 02:08:19 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (12/23/2016 08:58:10 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\DESKTOP-1EKJ75Q$ via https://NTC-NameId-bcd3c503d39e51b0c50489e9228e984a7e63e303.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"ntc-nameid-bcd3c503d39e51b0c50489e9228e984a7e63e303.microsoftaik.azure.net\" does not exist."}
Cache-Control: no-cache
Date: Fri, 23 Dec 2016 20:58:11 GMT
Pragma: no-cache
Content-Length: 122
Content-Type: application/json; charset=utf-8
Expires: -1
Server: Microsoft-IIS/8.5
x-ms-request-id: e197781c-398e-45e5-975b-abe7cf9c321f
Strict-Transport-Security: max-age=31536000;includeSubDomains
X-Content-Type-Options: nosniff
X-Powered-By: ASP.NET

Method: GET(188ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (12/23/2016 08:58:04 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\DESKTOP-1EKJ75Q$ via https://NTC-NameId-bcd3c503d39e51b0c50489e9228e984a7e63e303.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps
GetCACaps: Not Found
{"Message":"The authority \"ntc-nameid-bcd3c503d39e51b0c50489e9228e984a7e63e303.microsoftaik.azure.net\" does not exist."}
Cache-Control: no-cache
Date: Fri, 23 Dec 2016 20:58:05 GMT
Pragma: no-cache
Content-Length: 122
Content-Type: application/json; charset=utf-8
Expires: -1
Server: Microsoft-IIS/8.5
x-ms-request-id: 555c79c9-5948-4348-9acb-ee78a8d72241
Strict-Transport-Security: max-age=31536000;includeSubDomains
X-Content-Type-Options: nosniff
X-Powered-By: ASP.NET

Method: GET(359ms)
Stage: GetCACaps
Not found (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (12/23/2016 08:57:51 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.


System errors:
=============
Error: (12/24/2016 02:16:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/24/2016 02:16:27 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Phgech service terminated with the following error:
The specified module could not be found.

Error: (12/24/2016 02:08:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/24/2016 02:08:19 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Phgech service terminated with the following error:
The specified module could not be found.

Error: (12/23/2016 08:57:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/23/2016 08:57:51 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Phgech service terminated with the following error:
The specified module could not be found.

Error: (12/23/2016 12:26:23 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-1EKJ75Q)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.

Error: (12/23/2016 12:26:23 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-1EKJ75Q)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.

Error: (12/23/2016 12:26:23 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-1EKJ75Q)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.

Error: (12/23/2016 12:26:23 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-1EKJ75Q)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.


CodeIntegrity:
===================================
Date: 2016-12-22 13:27:21.600
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Andy\msvcr100.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-12-22 13:27:21.587
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Andy\msvcr100.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-12-22 13:27:21.576
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Andy\msvcr100.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-12-22 13:27:21.557
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Andy\msvcr100.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-12-22 13:27:21.544
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Andy\msvcr100.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-12-22 13:27:21.533
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Andy\msvcr100.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-12-22 13:27:21.483
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Andy\msvcp100.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-12-22 13:27:21.473
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Andy\msvcp100.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-12-22 13:27:21.465
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Andy\msvcp100.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-12-22 13:27:21.452
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Andy\msvcp100.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i7-6700HQ CPU @ 2.60GHz
Percentage of memory in use: 35%
Total physical RAM: 16205.83 MB
Available physical RAM: 10443.23 MB
Total Virtual: 33613.83 MB
Available Virtual: 27827.13 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:940.78 GB) (Free:59.97 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 953.9 GB) (Disk ID: 21501173)

Partition: GPT.

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 24 December 2016 - 11:12 AM.


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,751 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:46 AM

Posted 24 December 2016 - 11:40 AM

Hi Mike and Merry Christmas to you as well.

Thank you for the information. I wanted to get Lightroom out of the way because it was an untrusted download.

Are you aware of all these Chrome profiles?
 

CHR Profile: C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 1 [2016-12-21]
CHR Profile: C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 2 [2016-12-22]
CHR Profile: C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 3 [2016-12-22]
CHR Profile: C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 4 [2016-12-22]
CHR Profile: C:\Users\LEW1S\AppData\Local\Google\Chrome\User Data\Profile 5 [2016-12-22]


Please consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have Peer 2 Peer (torrent) program(s) installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Peer 2 Peer programs, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about CryptoLocker Ransomware, a type of Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CreateRestorePoint:
CloseProcesses:
C:\Windows\Temp\g9C19.tmp.exe
HKLM\...\RunOnce: [wd] => C:\Windows\TEMP\g9C19.tmp.exe [252416 2016-12-22] () <===== ATTENTION
GroupPolicy: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {003CAC80-DAC6-4732-93DF-CC93124FF197} URL =
SearchScopes: HKLM-x32 -> DefaultScope {003CAC80-DAC6-4732-93DF-CC93124FF197} URL =
Toolbar: HKLM - No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - No File
Toolbar: HKLM-x32 - No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - No File
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-09-13]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [imhlianhlhdicjchlbmbfaefhhjencbe] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
S2 Phgech; C:\Program Files (x86)\Dracoentghocage\atervosyprv.dll [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]
2016-12-21 20:30 - 2016-12-21 20:30 - 00016816 _____ C:\Windows\System32\Tasks\880q919c730g278
2016-12-21 20:30 - 2016-12-21 20:30 - 00000000 ___HD C:\ProgramData\880q919c730g278
2016-12-21 17:51 - 2016-12-21 20:30 - 00000000 ___HD C:\ProgramData\329q432c44g260
2016-12-21 17:51 - 2016-12-21 17:51 - 00016810 _____ C:\Windows\System32\Tasks\329q432c44g260
2016-12-21 13:16 - 2016-12-21 17:26 - 00016828 _____ C:\Windows\System32\Tasks\87639889d41t208319
2016-12-19 16:44 - 2016-12-19 16:44 - 00003676 _____ C:\Windows\System32\Tasks\6d11ffc8882bc444143ff07584e87fee
2016-12-19 16:43 - 2016-12-21 21:08 - 00000000 ____D C:\Program Files (x86)\Dracoentghocage
2016-12-19 16:43 - 2016-12-19 16:58 - 00000000 ____D C:\Users\LEW1S\AppData\Roaming\Zehgevvity
2016-12-19 16:43 - 2016-12-19 16:44 - 00000000 ____D C:\Users\LEW1S\AppData\Local\Hetewardjuvage
2016-12-07 17:04 - 2016-12-21 13:18 - 00000302 _____ C:\Windows\Tasks\{1643ECA0-BCB4-25E3-51A8-5BA5C8257549}.job
2016-12-07 17:04 - 2016-12-21 13:16 - 00002770 _____ C:\Windows\System32\Tasks\{1643ECA0-BCB4-25E3-51A8-5BA5C8257549}
2016-12-07 17:04 - 2016-12-21 13:16 - 00000000 ____D C:\Users\LEW1S\AppData\Local\1643ECA0-BCB4-25E3-51A8-5BA5C8257549
C:\ProgramData\fontcacheev1.dat
Task: {174EEDD9-6056-4716-AD06-E4DFAB4C6A4D} - System32\Tasks\6d11ffc8882bc444143ff07584e87fee => Rundll32.exe "C:\Program Files (x86)\Reference Assemblies\gsie93.dll",e62dc6c6547f46bda862da2d05af6862
Task: {5D093877-4299-4D44-A5FC-DE536502C676} - System32\Tasks\880q919c730g278 => Rundll32.exe "C:\ProgramData\880q919c730g278\880q919c730g278.dll",hcsopx
C:\ProgramData\880q919c730g278\880q919c730g278.dll
Task: {902C35B8-04DA-43D8-9722-E9E7DE7907C6} - System32\Tasks\{1643ECA0-BCB4-25E3-51A8-5BA5C8257549} => C:\Users\LEW1S\AppData\Local\1643EC~1\SYNHEL~1.EXE
C:\Users\LEW1S\AppData\Local\1643EC~1\SYNHEL~1.EXE
Task: {960A7284-1DF0-48B1-8B8E-17FA90D0C1F9} - System32\Tasks\87639889d41t208319 => Rundll32.exe "C:\ProgramData\87639889d41t208319\87639889d41t208319.dll",DMT
C:\ProgramData\87639889d41t208319\87639889d41t208319.dll
Task: {A26431F2-4D74-4060-9A46-93206E50F1EC} - System32\Tasks\329q432c44g260 => Rundll32.exe "C:\ProgramData\329q432c44g260\329q432c44g260.dll",hcsopx
C:\ProgramData\329q432c44g260
Task: {E987582E-4E16-429A-9248-C15900352151} - \Client
Task: C:\Windows\Tasks\{1643ECA0-BCB4-25E3-51A8-5BA5C8257549}.job =>
2016-12-22 13:19 - 2016-12-22 13:19 - 03662848 _____ () C:\Windows\TEMP\g2402.tmp
File: C:\ProgramData\7a43af6a0273bff1b47e52544b642f9fa7e74383
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Chrome profiles?
  • Fixlog
  • Update on computer performance

Edited by Oh My!, 24 December 2016 - 11:46 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 lew1s

lew1s
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  

Posted 25 December 2016 - 05:48 AM

Hi,
 
So I deleted all profiles. Computer is running normally, just issues with browsers. 
 
Please see log

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-12-2016
Ran by LEW1S (25-12-2016 11:36:46) Run:1
Running from C:\Users\LEW1S\Downloads\FRST
Loaded Profiles: LEW1S (Available Profiles: LEW1S)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
C:\Windows\Temp\g9C19.tmp.exe
HKLM\...\RunOnce: [wd] => C:\Windows\TEMP\g9C19.tmp.exe [252416 2016-12-22] () <===== ATTENTION
GroupPolicy: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {003CAC80-DAC6-4732-93DF-CC93124FF197} URL =
SearchScopes: HKLM-x32 -> DefaultScope {003CAC80-DAC6-4732-93DF-CC93124FF197} URL =
Toolbar: HKLM - No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - No File
Toolbar: HKLM-x32 - No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - No File
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-09-13]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [imhlianhlhdicjchlbmbfaefhhjencbe] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
S2 Phgech; C:\Program Files (x86)\Dracoentghocage\atervosyprv.dll [X]
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]
2016-12-21 20:30 - 2016-12-21 20:30 - 00016816 _____ C:\Windows\System32\Tasks\880q919c730g278
2016-12-21 20:30 - 2016-12-21 20:30 - 00000000 ___HD C:\ProgramData\880q919c730g278
2016-12-21 17:51 - 2016-12-21 20:30 - 00000000 ___HD C:\ProgramData\329q432c44g260
2016-12-21 17:51 - 2016-12-21 17:51 - 00016810 _____ C:\Windows\System32\Tasks\329q432c44g260
2016-12-21 13:16 - 2016-12-21 17:26 - 00016828 _____ C:\Windows\System32\Tasks\87639889d41t208319
2016-12-19 16:44 - 2016-12-19 16:44 - 00003676 _____ C:\Windows\System32\Tasks\6d11ffc8882bc444143ff07584e87fee
2016-12-19 16:43 - 2016-12-21 21:08 - 00000000 ____D C:\Program Files (x86)\Dracoentghocage
2016-12-19 16:43 - 2016-12-19 16:58 - 00000000 ____D C:\Users\LEW1S\AppData\Roaming\Zehgevvity
2016-12-19 16:43 - 2016-12-19 16:44 - 00000000 ____D C:\Users\LEW1S\AppData\Local\Hetewardjuvage
2016-12-07 17:04 - 2016-12-21 13:18 - 00000302 _____ C:\Windows\Tasks\{1643ECA0-BCB4-25E3-51A8-5BA5C8257549}.job
2016-12-07 17:04 - 2016-12-21 13:16 - 00002770 _____ C:\Windows\System32\Tasks\{1643ECA0-BCB4-25E3-51A8-5BA5C8257549}
2016-12-07 17:04 - 2016-12-21 13:16 - 00000000 ____D C:\Users\LEW1S\AppData\Local\1643ECA0-BCB4-25E3-51A8-5BA5C8257549
C:\ProgramData\fontcacheev1.dat
Task: {174EEDD9-6056-4716-AD06-E4DFAB4C6A4D} - System32\Tasks\6d11ffc8882bc444143ff07584e87fee => Rundll32.exe "C:\Program Files (x86)\Reference Assemblies\gsie93.dll",e62dc6c6547f46bda862da2d05af6862
Task: {5D093877-4299-4D44-A5FC-DE536502C676} - System32\Tasks\880q919c730g278 => Rundll32.exe "C:\ProgramData\880q919c730g278\880q919c730g278.dll",hcsopx
C:\ProgramData\880q919c730g278\880q919c730g278.dll
Task: {902C35B8-04DA-43D8-9722-E9E7DE7907C6} - System32\Tasks\{1643ECA0-BCB4-25E3-51A8-5BA5C8257549} => C:\Users\LEW1S\AppData\Local\1643EC~1\SYNHEL~1.EXE
C:\Users\LEW1S\AppData\Local\1643EC~1\SYNHEL~1.EXE
Task: {960A7284-1DF0-48B1-8B8E-17FA90D0C1F9} - System32\Tasks\87639889d41t208319 => Rundll32.exe "C:\ProgramData\87639889d41t208319\87639889d41t208319.dll",DMT
C:\ProgramData\87639889d41t208319\87639889d41t208319.dll
Task: {A26431F2-4D74-4060-9A46-93206E50F1EC} - System32\Tasks\329q432c44g260 => Rundll32.exe "C:\ProgramData\329q432c44g260\329q432c44g260.dll",hcsopx
C:\ProgramData\329q432c44g260
Task: {E987582E-4E16-429A-9248-C15900352151} - \Client
Task: C:\Windows\Tasks\{1643ECA0-BCB4-25E3-51A8-5BA5C8257549}.job =>
2016-12-22 13:19 - 2016-12-22 13:19 - 03662848 _____ () C:\Windows\TEMP\g2402.tmp
File: C:\ProgramData\7a43af6a0273bff1b47e52544b642f9fa7e74383
*****************

Restore point was successfully created.
Processes closed successfully.
"C:\Windows\Temp\g9C19.tmp.exe" => not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\wd => value removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} => value removed successfully
HKCR\CLSID\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} => value removed successfully
HKCR\Wow6432Node\CLSID\{1DAC0C53-7D23-4AB3-856A-B04D98CD982A} => key not found.
HKLM\Software\Mozilla\Firefox\Extensions\\sp@avast.com => value removed successfully

"C:\Program Files\AVAST Software\Avast\SafePrice\FF" folder move:

Could not move "C:\Program Files\AVAST Software\Avast\SafePrice\FF" => Scheduled to move on reboot.

HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\sp@avast.com => value removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\imhlianhlhdicjchlbmbfaefhhjencbe" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl" => key removed successfully
Phgech => service removed successfully
dbx => service removed successfully
PCDSRVC{3B54B31B-D06B6431-06020200}_0 => service removed successfully
VMnetAdapter => service removed successfully
C:\Windows\System32\Tasks\880q919c730g278 => moved successfully
C:\ProgramData\880q919c730g278 => moved successfully
C:\ProgramData\329q432c44g260 => moved successfully
C:\Windows\System32\Tasks\329q432c44g260 => moved successfully
C:\Windows\System32\Tasks\87639889d41t208319 => moved successfully
C:\Windows\System32\Tasks\6d11ffc8882bc444143ff07584e87fee => moved successfully
C:\Program Files (x86)\Dracoentghocage => moved successfully
C:\Users\LEW1S\AppData\Roaming\Zehgevvity => moved successfully
C:\Users\LEW1S\AppData\Local\Hetewardjuvage => moved successfully
C:\Windows\Tasks\{1643ECA0-BCB4-25E3-51A8-5BA5C8257549}.job => moved successfully
C:\Windows\System32\Tasks\{1643ECA0-BCB4-25E3-51A8-5BA5C8257549} => moved successfully
C:\Users\LEW1S\AppData\Local\1643ECA0-BCB4-25E3-51A8-5BA5C8257549 => moved successfully
C:\ProgramData\fontcacheev1.dat => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{174EEDD9-6056-4716-AD06-E4DFAB4C6A4D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{174EEDD9-6056-4716-AD06-E4DFAB4C6A4D}" => key removed successfully
C:\Windows\System32\Tasks\6d11ffc8882bc444143ff07584e87fee => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\6d11ffc8882bc444143ff07584e87fee" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{5D093877-4299-4D44-A5FC-DE536502C676}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D093877-4299-4D44-A5FC-DE536502C676}" => key removed successfully
C:\Windows\System32\Tasks\880q919c730g278 => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\880q919c730g278" => key removed successfully
"C:\ProgramData\880q919c730g278\880q919c730g278.dll" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{902C35B8-04DA-43D8-9722-E9E7DE7907C6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{902C35B8-04DA-43D8-9722-E9E7DE7907C6}" => key removed successfully
C:\Windows\System32\Tasks\{1643ECA0-BCB4-25E3-51A8-5BA5C8257549} => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1643ECA0-BCB4-25E3-51A8-5BA5C8257549}" => key removed successfully
"C:\Users\LEW1S\AppData\Local\1643EC~1\SYNHEL~1.EXE" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{960A7284-1DF0-48B1-8B8E-17FA90D0C1F9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{960A7284-1DF0-48B1-8B8E-17FA90D0C1F9}" => key removed successfully
C:\Windows\System32\Tasks\87639889d41t208319 => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\87639889d41t208319" => key removed successfully
"C:\ProgramData\87639889d41t208319\87639889d41t208319.dll" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{A26431F2-4D74-4060-9A46-93206E50F1EC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A26431F2-4D74-4060-9A46-93206E50F1EC}" => key removed successfully
C:\Windows\System32\Tasks\329q432c44g260 => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\329q432c44g260" => key removed successfully
"C:\ProgramData\329q432c44g260" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E987582E-4E16-429A-9248-C15900352151}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E987582E-4E16-429A-9248-C15900352151}" => key removed successfully
C:\Windows\Tasks\{1643ECA0-BCB4-25E3-51A8-5BA5C8257549}.job => not found.
"C:\Windows\TEMP\g2402.tmp" => not found.

========================= File: C:\ProgramData\7a43af6a0273bff1b47e52544b642f9fa7e74383 ========================

File not signed
MD5: 681F15499FAD902937978528E0A3F3F0
Creation and modification date: 2016-02-23 20:53 - 2016-02-23 20:53
Size: 0000006
Attributes: ---AS
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:

====== End of File: ======


Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 25-12-2016 11:44:15)

"C:\Program Files\AVAST Software\Avast\SafePrice\FF" => Could not move

==== End of Fixlog 11:44:15 ====

Attached Files


Edited by Oh My!, 25 December 2016 - 10:40 AM.


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,751 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:46 AM

Posted 25 December 2016 - 10:51 AM

Thank you.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows Key + R on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
2016-02-23 19:53 - 2016-02-23 19:53 - 0000006 ____S () C:\ProgramData\7a43af6a0273bff1b47e52544b642f9fa7e74383
2016-02-23 19:53 - 2016-02-29 12:39 - 0001582 _____ () C:\ProgramData\XML
C:\Windows\TEMP\gF0B7.tmp.exe
emptytemp:
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Resetting Google Chrome to Original Defaults

--------------------
  • Launch Chrome then review this page before following these steps to review what changes will take place
  • In the address bar type chrome://settings and press Enter
  • Click Show advanced settings... located at the bottom of the page
  • Under the Reset settings section click Reset settings
  • Uncheck Help make Google Chrome better by reporting the current settings if you don' t want to provide that information
  • Click Reset
  • Restart Chrome and check the performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Update on Chrome

Edited by Oh My!, 25 December 2016 - 11:15 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 lew1s

lew1s
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  

Posted 25 December 2016 - 11:12 AM

sorry but this command is broken I think. Can you please check again ?

 

2016-02-23 19:53 - 2016-02-23 19:53 - 0000006 ____S () C:\ProgramData\7a43af6a0273bff1b47e52544b642f9fa7e74383
2016-02-23 19:53 - 2016-02-29 12:39 - 0001582 _____ () C:\ProgramData\XML
C
:\Windows\TEMP\gF0B7.tmp.exe
emptytemp
:



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,751 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:46 AM

Posted 25 December 2016 - 11:16 AM

I fixed the first part of the instructions. If it doesn't work properly let me know.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 lew1s

lew1s
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  

Posted 25 December 2016 - 11:26 AM

thanks, looking good. testing. come back to you tomorrow if its ok.

the files dont appear after restart



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,751 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:46 AM

Posted 25 December 2016 - 11:27 AM

Sure, just out of curiosity, did you happen to test it after the fixlist and before the Chrome reset?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 lew1s

lew1s
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  

Posted 25 December 2016 - 11:33 AM

no i thought the first command you typed wrong. but was working. i think did this the job. Can you tell me please what was that? browser hijacker? why antivirus and malwarebytes couldnt fix this?



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,751 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:46 AM

Posted 25 December 2016 - 12:13 PM

It is hard to nail down exactly what was going on because there are multiple possibilities. You had 2 issues, the reappearing files and the Chrome problem. Although it is clear the gF0B7.tmp.exe file needed to be removed, the other 2 entries were less suspect because of the dates they were created/modified. It was months ago so if they were the cause you would have seen symptoms a long time ago. However, since I could find no legitimate reason for their existence I decided to remove them.

It is possible the emptytemp: command was instrumental in resolving the issue. There are a lot files that are removed and they are not individually identified in the subsequent report.

In answer to your questing regarding why the automated tools did not pick this up it is because tools use identification criteria in order to flag something that is bad or potentially bad. This same approach will sometime falsely accuse a file of being bad and conversely not identify a file as bad when in fact it is. No one tool is foolproof and there are times when even using multiple tools will not overcome an issue. The reason we exist here at BleepingComputer is because a trained human eye can process information in a way automated systems may not be able too. As an example, temporary files are very common but a trained eye can identify a temporary file that is strangely named or located in a place where it typically doesn't or shouldn't exist.

Would it be possible for you to post the fixlog report generated after you ran the fixlist?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 lew1s

lew1s
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  

Posted 26 December 2016 - 02:56 AM

thank you very much. looking good. here is fixlog

Fix result of Farbar Recovery Scan Tool (x64) Version: 21-12-2016
Ran by LEW1S (25-12-2016 17:17:03) Run:2
Running from C:\Users\LEW1S\Downloads\FRST
Loaded Profiles: LEW1S (Available Profiles: LEW1S)
Boot Mode: Normal
==============================================

fixlist content:
*****************
2016-02-23 19:53 - 2016-02-23 19:53 - 0000006 ____S () C:\ProgramData\7a43af6a0273bff1b47e52544b642f9fa7e74383
2016-02-23 19:53 - 2016-02-29 12:39 - 0001582 _____ () C:\ProgramData\XML
C:\Windows\TEMP\gF0B7.tmp.exe
emptytemp:
*****************

C:\ProgramData\7a43af6a0273bff1b47e52544b642f9fa7e74383 => moved successfully
C:\ProgramData\XML => moved successfully
C:\Windows\TEMP\gF0B7.tmp.exe => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 308208 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 23241060 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 13896239 B
Edge => 2852390 B
Chrome => 169133749 B
Firefox => 128424215 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 92514 B
NetworkService => 3928064 B
LEW1S => 612015982 B

RecycleBin => 15986637086 B
EmptyTemp: => 15.8 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 17:17:55 ====

Attached Files


Edited by Oh My!, 26 December 2016 - 09:57 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users