Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

temp files appearing


  • This topic is locked This topic is locked
2 replies to this topic

#1 sprank

sprank

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:31 AM

Posted 02 January 2017 - 01:03 PM

Files have been appearing in my C:\Windows\Temp folder. Avast brings up a "threat blocked" notification every time one is created but it doesn't do anything to prevent it. My issue is very similar to this users: https://www.bleepingcomputer.com/forums/t/636264/cse-google-redirect-malware-and-re-appearing-temp-filesregistry-values/
and chrome sometimes redirects to cse.google.com just as his did.
 
The reappearing files are
 
g42A1.tmp
 
gA15.tmp
 
gC808..tmp
 
here's my FRST log:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-01-2017
Ran by Liam Cameron (administrator) on FANCY-NEW-LAPTO (02-01-2017 12:27:51)
Running from C:\Users\Liam Cameron\Downloads
Loaded Profiles: Liam Cameron (Available Profiles: Liam Cameron)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\syswow64\IntelCpHeciSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.2.2.524\AsusWSWinService.exe
(Intel Corporation) C:\Windows\syswow64\esif_uf.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe
() C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe
(Fork, Ltd.) C:\Windows\Prey\wpxsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe
(Intel) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
(Node.js) C:\Windows\Prey\versions\1.6.5\bin\node.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer INC.) C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Fork, Ltd.) C:\Windows\Prey\versions\1.6.5\node_modules\triggers\bin\lightevt.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634896 2015-07-23] (NVIDIA Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.2.2.524\ASUSWSLoader.exe [63272 2015-05-31] ()
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-12-25] (AVAST Software)
HKU\S-1-5-21-214791878-4100251593-1600971497-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe [1694344 2016-12-13] (BlueStack Systems, Inc.)
HKU\S-1-5-21-214791878-4100251593-1600971497-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd)
HKU\S-1-5-21-214791878-4100251593-1600971497-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [465920 2015-10-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.2.2.524\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.2.2.524\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.2.2.524\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-12-25] (AVAST Software)
Startup: C:\Users\Liam Cameron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-12-27]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{0f3f002c-d6a0-4cee-a63b-f6e7045b8a02}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{203079cb-5409-42f6-a9d5-7c24e9ce6ca2}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{26b11a49-585f-4b43-a90c-9af3c3d7b25b}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{28cdf7c6-e970-11e5-b48d-806e6f6e6963}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{3f1693c3-80d0-43e4-aa75-f27c13d5a399}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{471cdecf-ad94-44a1-8c22-7daf75ae4c34}: [DhcpNameServer] 10.9.0.1
Tcpip\..\Interfaces\{48417844-099e-4c04-a0ca-a38d7a2853a0}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{48417844-099e-4c04-a0ca-a38d7a2853a0}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5664010f-ed67-47e8-8fa2-74520cf1f67b}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{95edbea8-e769-49df-80a6-af888bfb7dcc}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{b1952504-13cd-4455-b412-53f33459fa9a}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{cbadfc11-2cfa-4fcf-a515-c02032a846a6}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{f945f8f2-7c39-411e-a19c-2b09e730b1fc}: [NameServer] 77.234.40.79
 
Internet Explorer:
==================
HKU\S-1-5-21-214791878-4100251593-1600971497-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ic.loadblanks.ru/c/02037a282dd7fbaf?
HKU\S-1-5-21-214791878-4100251593-1600971497-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus15.msn.com/?pc=ASTE
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-25] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-25] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-25] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-25] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-25] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-25] (Microsoft Corporation)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2017-01-02]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2017-01-02]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-25] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-25] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-25] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-25] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-25] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-14] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.ca/
CHR StartupUrls: Default -> "hxxps://www.google.ca/"
CHR Profile: C:\Users\Liam Cameron\AppData\Local\Google\Chrome\User Data\Default [2017-01-02]
CHR Extension: (Google Slides) - C:\Users\Liam Cameron\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-25]
CHR Extension: (Google Docs) - C:\Users\Liam Cameron\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-25]
CHR Extension: (Google Drive) - C:\Users\Liam Cameron\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-25]
CHR Extension: (Adguard AdBlocker) - C:\Users\Liam Cameron\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2016-12-27]
CHR Extension: (YouTube) - C:\Users\Liam Cameron\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-25]
CHR Extension: (Google Sheets) - C:\Users\Liam Cameron\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-12-25]
CHR Extension: (Google Docs Offline) - C:\Users\Liam Cameron\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-25]
CHR Extension: (Avast Online Security) - C:\Users\Liam Cameron\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-12-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Liam Cameron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-25]
CHR Extension: (Fast search) - C:\Users\Liam Cameron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha [2016-12-27]
CHR Extension: (Gmail) - C:\Users\Liam Cameron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-25]
CHR Extension: (Chrome Media Router) - C:\Users\Liam Cameron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-25]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
 
Opera: 
=======
OPR Extension: (Fast search) - C:\Users\Liam Cameron\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha [2016-12-27]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.2.2.524\AsusWSWinService.exe [71168 2015-05-31] (ASUS Cloud Corporation) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-12-25] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [223600 2017-01-02] (AVAST Software)
S3 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [486936 2016-12-13] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [470552 2016-12-13] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [511512 2016-12-13] (BlueStack Systems, Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3698888 2016-12-04] (Microsoft Corporation)
S3 cplspcon; C:\WINDOWS\system32\IntelCpHDCPSvc.exe [621472 2016-03-05] (Intel Corporation)
R2 CronService; C:\Windows\Prey\wpxsvc.exe [611854 2016-12-26] (Fork, Ltd.) [File not signed]
R2 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1385640 2015-08-16] (Intel Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [373312 2015-04-14] (WildTangent)
R2 ibtsiva; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [165104 2015-08-07] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373160 2016-03-05] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
S3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S3 Intel® WiDi SAM; C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-06-17] (Intel Corporation)
R2 IntelUSBoverIP; C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe [396992 2015-07-06] (Intel)
R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2015-09-04] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-08-13] ()
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [32384 2016-10-03] (The OpenVPN Project)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831712 2015-08-13] (Intel® Corporation)
S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -originalversion 4.4.127.0 [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 aswHdsKe; C:\WINDOWS\system32\drivers\aswHdsKe.sys [82936 2017-01-02] (AVAST Software)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [37656 2016-12-25] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [37144 2016-12-25] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [108816 2016-12-25] (AVAST Software)
R1 aswNetSec; C:\WINDOWS\system32\drivers\aswNetSec.sys [453192 2017-01-02] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [103064 2016-12-25] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-12-25] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [969184 2016-12-25] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [513632 2016-12-25] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [163416 2016-12-25] (AVAST Software)
S3 aswTap; C:\WINDOWS\System32\drivers\aswTap.sys [44640 2016-12-25] (The OpenVPN Project)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-12-25] (AVAST Software)
R3 ATP; C:\WINDOWS\System32\drivers\AsusTP.sys [98296 2015-12-14] (ASUS Corporation)
S3 BstHdDrv; C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [152672 2016-12-13] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\Bluestacks\BstkDrv.sys [270904 2016-11-08] (Bluestack System Inc. )
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [55816 2015-08-16] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [53752 2015-08-16] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [261624 2015-08-16] (Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2016-12-14] ()
S3 GeneStor; C:\WINDOWS\System32\drivers\GeneStor.sys [115704 2015-07-15] (GenesysLogic)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [259824 2015-08-07] (Intel Corporation)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176064 2016-12-27] (Malwarebytes)
S3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-01-02] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [250816 2017-01-02] (Malwarebytes)
R3 Netwtw02; C:\WINDOWS\System32\drivers\Netwtw02.sys [7075568 2015-08-23] (Intel Corporation)
R3 SensorsAlsDriver; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [216064 2015-10-30] (Microsoft Corporation)
S3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2016-10-17] (The OpenVPN Project)
S3 usb3Hub; C:\WINDOWS\System32\drivers\usb3Hub.sys [212056 2015-07-06] (Windows ® Win 7 DDK provider)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 e1edc438-f640-4184-a443-d2a7c37a01dc; \??\D:\asus-wtp\WindowsActive\690b33e1-0462-4e84-9bea-c7552b45432a.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-02 12:27 - 2017-01-02 12:28 - 00021357 _____ C:\Users\Liam Cameron\Downloads\FRST.txt
2017-01-02 12:27 - 2017-01-02 12:27 - 00000000 ____D C:\FRST
2017-01-02 12:23 - 2017-01-02 12:27 - 02418176 _____ (Farbar) C:\Users\Liam Cameron\Downloads\FRST64.exe
2017-01-02 12:07 - 2017-01-02 12:08 - 00001536 _____ C:\WINDOWS\Tasks\306831v2a423h92.job
2017-01-02 11:49 - 2017-01-02 11:49 - 00000000 ____D C:\Users\Liam Cameron\AppData\LocalLow\Evernote
2017-01-02 11:25 - 2017-01-02 11:25 - 00001981 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Internet Security.lnk
2017-01-02 11:25 - 2017-01-02 11:11 - 00082936 ____N (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2017-01-02 11:24 - 2017-01-02 11:24 - 00453192 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetSec.sys
2017-01-02 11:24 - 2016-12-25 09:48 - 00391496 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2016-12-31 18:42 - 2017-01-01 12:13 - 00000000 ____D C:\Users\Liam Cameron\AppData\LocalLow\BitTorrent
2016-12-31 09:06 - 2016-12-31 10:15 - 13909716 _____ (EasiestSoft.com ) C:\Users\Liam Cameron\Downloads\Unconfirmed 750578.crdownload
2016-12-30 23:06 - 2016-12-30 23:56 - 20643540 _____ (EasiestSoft.com ) C:\Users\Liam Cameron\Downloads\Unconfirmed 35417.crdownload
2016-12-30 22:36 - 2016-12-30 23:02 - 14745300 _____ (EasiestSoft.com ) C:\Users\Liam Cameron\Downloads\Unconfirmed 216990.crdownload
2016-12-30 22:16 - 2016-12-30 22:16 - 00000822 _____ C:\Users\Liam Cameron\Desktop\Dothraki translation s2e1.srt
2016-12-30 13:05 - 2017-01-02 11:51 - 00000000 ____D C:\ProgramData\Betternet
2016-12-30 13:05 - 2016-12-30 13:05 - 00002028 _____ C:\Users\Public\Desktop\Betternet.lnk
2016-12-30 13:05 - 2016-12-30 13:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2016-12-30 13:05 - 2016-12-30 13:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Betternet Technologies Inc
2016-12-30 13:05 - 2016-12-30 13:05 - 00000000 ____D C:\Program Files\TAP-Windows
2016-12-30 13:05 - 2016-12-30 13:05 - 00000000 ____D C:\Program Files (x86)\OpenVPN
2016-12-30 13:05 - 2016-12-30 13:05 - 00000000 ____D C:\Program Files (x86)\Betternet
2016-12-30 12:34 - 2016-12-30 12:34 - 10665882 _____ (Betternet Technologies Inc.) C:\Users\Liam Cameron\Downloads\BetternetForWindows374.exe
2016-12-30 12:22 - 2016-12-30 12:22 - 00000553 _____ C:\WINDOWS\system32\host.txt
2016-12-30 11:14 - 2016-12-30 11:14 - 00000000 ____D C:\Users\Liam Cameron\AppData\Roaming\SmartSteamEmu
2016-12-30 11:14 - 2016-12-30 11:14 - 00000000 ____D C:\Users\Liam Cameron\AppData\LocalLow\Giant Army
2016-12-30 11:13 - 2016-12-30 11:14 - 00000000 ____D C:\Users\Liam Cameron\Downloads\Game.of.Thrones.Season.5.720p.BluRay.x264.ShAaNiG
2016-12-30 11:13 - 2016-12-30 11:13 - 00000000 ____D C:\Users\Liam Cameron\Downloads\Universe.Sandbox.2.Alpha.19
2016-12-30 11:13 - 2016-12-30 11:13 - 00000000 ____D C:\Users\Liam Cameron\Downloads\Game.of.Thrones.Season.6.720p.HDTV.x265.ShAaNiG
2016-12-30 11:12 - 2016-12-30 12:42 - 00000000 ____D C:\Users\Liam Cameron\Downloads\Game of Thrones - The Complete Season 3 [HDTV]
2016-12-30 11:12 - 2016-12-30 11:13 - 00000000 ____D C:\Users\Liam Cameron\Downloads\Game.of.Thrones.Season.4.720p.BluRay.x264-ShAaNiG
2016-12-29 16:55 - 2016-12-29 16:55 - 00000000 ____D C:\Users\Liam Cameron\AppData\Local\ElevatedDiagnostics
2016-12-29 10:20 - 2017-01-01 22:54 - 00000000 ____D C:\Users\Liam Cameron\AppData\Roaming\TunnelBear
2016-12-29 10:20 - 2016-12-29 10:20 - 00000000 ____D C:\Users\Liam Cameron\AppData\Local\IsolatedStorage
2016-12-29 10:19 - 2016-12-29 10:19 - 24709664 _____ (TunnelBear) C:\Users\Liam Cameron\Downloads\TunnelBear-Installer.exe
2016-12-28 20:21 - 2016-12-29 10:38 - 00000000 ____D C:\Users\Liam Cameron\AppData\Roaming\.minecraft
2016-12-28 20:21 - 2016-12-28 20:21 - 00000000 ____D C:\Users\Liam Cameron\AppData\Roaming\java
2016-12-28 19:43 - 2016-12-28 19:43 - 00000905 _____ C:\Users\Liam Cameron\Documents\Mortgage calculator.t
2016-12-28 17:54 - 2016-12-28 17:54 - 00000082 _____ C:\Users\Liam Cameron\Documents\spacing.t
2016-12-28 17:46 - 2016-12-30 22:12 - 00000000 ____D C:\Users\Liam Cameron\Downloads\Game.of.Thrones.S02.720p.BluRay.x264.ShAaNiG
2016-12-28 17:40 - 2016-12-28 17:40 - 00000129 _____ C:\Users\Liam Cameron\Documents\string counter.t
2016-12-28 17:28 - 2016-12-29 08:58 - 00000000 ____D C:\Users\Liam Cameron\Downloads\Rogue One A Star Wars Story 2016 x264 HDTS AAC(Deflickered)-DDR
2016-12-28 15:22 - 2016-12-30 13:05 - 00000618 _____ C:\WINDOWS\setupact.log
2016-12-28 15:22 - 2016-12-28 15:22 - 00000000 _____ C:\WINDOWS\setuperr.log
2016-12-28 08:10 - 2016-12-29 10:42 - 00001144 _____ C:\Users\Liam Cameron\Desktop\nativelog.txt
2016-12-27 21:38 - 2016-12-28 20:18 - 00000000 ____D C:\Program Files (x86)\Minecraft
2016-12-27 21:38 - 2016-12-27 21:38 - 00001032 _____ C:\Users\Public\Desktop\Minecraft.lnk
2016-12-27 21:38 - 2016-12-27 21:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2016-12-27 21:18 - 2016-12-27 21:38 - 02314240 _____ C:\Users\Liam Cameron\Downloads\MinecraftInstaller.msi
2016-12-27 20:58 - 2016-12-27 21:02 - 04121824 _____ (Husdawg, LLC) C:\Users\Liam Cameron\Downloads\Detection.exe
2016-12-27 20:32 - 2016-12-27 20:34 - 00114092 _____ C:\Users\Liam Cameron\Documents\panic.log
2016-12-27 20:31 - 2016-12-30 10:47 - 1258398326 ____R C:\Users\Liam Cameron\Downloads\Universe.Sandbox.2.Alpha.19.zip
2016-12-27 20:12 - 2016-12-27 20:12 - 00000000 ____D C:\Users\Liam Cameron\AppData\Local\Diagnostics
2016-12-27 19:18 - 2016-12-27 19:18 - 00000000 ____D C:\Users\Liam Cameron\Documents\OneNote Notebooks
2016-12-27 18:03 - 2016-12-27 18:03 - 00000000 ____D C:\Users\Liam Cameron\AppData\Local\SolarWinds
2016-12-27 17:52 - 2016-12-27 17:52 - 00000000 ____D C:\ProgramData\SolarWinds
2016-12-27 17:40 - 2016-12-27 17:50 - 04808111 _____ C:\Users\Liam Cameron\Downloads\SolarWinds-Realtime-Bandwidth-Monitor.zip
2016-12-27 16:42 - 2016-12-27 16:42 - 01131720 _____ (Opera Software) C:\Users\Liam Cameron\Downloads\OperaSetup.exe
2016-12-27 16:00 - 2017-01-02 12:08 - 00250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-12-27 16:00 - 2017-01-02 12:08 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-12-27 16:00 - 2016-12-29 23:20 - 00102856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2016-12-27 16:00 - 2016-12-27 16:25 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2016-12-27 16:00 - 2016-12-27 16:00 - 00176064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2016-12-27 16:00 - 2016-12-27 16:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2016-12-27 16:00 - 2016-12-27 16:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-12-27 16:00 - 2016-12-27 16:00 - 00000000 ____D C:\Program Files\Malwarebytes
2016-12-27 16:00 - 2016-12-14 13:55 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2016-12-27 15:19 - 2016-12-27 18:57 - 00000000 ____D C:\Users\Liam Cameron\Downloads\Game of Thrones Season 1 720p BluRay- mRs
2016-12-27 13:02 - 2016-12-27 13:02 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Liam Cameron\Downloads\rkill.exe
2016-12-27 12:29 - 2017-01-02 11:14 - 00004180 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A6AF8201-55FC-42EB-A6BA-D49210555196}
2016-12-27 12:25 - 2016-12-30 12:34 - 00000000 ____D C:\Users\Liam Cameron\AppData\Local\Downloaded Installations
2016-12-27 12:25 - 2016-12-27 20:49 - 00000000 ____D C:\Users\Liam Cameron\AppData\Roaming\Browsers
2016-12-27 12:25 - 2016-12-27 12:39 - 00000000 ____D C:\ProgramData\Windowsupdate
2016-12-27 12:25 - 2016-12-27 12:25 - 00000000 ____D C:\Users\Liam Cameron\AppData\Roaming\SPI
2016-12-26 21:18 - 2016-12-26 21:21 - 33663568 _____ (KeepKey,LLC) C:\Users\Liam Cameron\Downloads\multibit-windows-x64-0.4.1.exe
2016-12-26 21:06 - 2016-12-26 21:06 - 00001690 _____ C:\Users\Liam Cameron\Desktop\OneNote 2016.lnk
2016-12-26 21:04 - 2016-12-26 21:04 - 00000000 ____D C:\Program Files\Common Files\McAfee
2016-12-26 21:04 - 2016-12-26 21:04 - 00000000 ____D C:\Program Files\Common Files\AV
2016-12-26 21:04 - 2016-12-26 21:04 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-12-26 20:12 - 2016-12-26 22:28 - 00000000 ____D C:\Program Files\TrueKey
2016-12-26 20:12 - 2016-12-26 20:16 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-12-26 20:12 - 2016-12-26 20:15 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-12-26 20:12 - 2016-12-26 20:12 - 00002126 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-12-26 20:12 - 2016-12-26 20:12 - 00000000 ____D C:\Users\Liam Cameron\AppData\LocalLow\Adobe
2016-12-26 20:12 - 2016-12-26 20:12 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-12-26 20:11 - 2016-12-26 20:13 - 00000000 ____D C:\ProgramData\Adobe
2016-12-26 18:06 - 2016-12-26 20:12 - 00000000 ____D C:\Users\Liam Cameron\AppData\Local\Adobe
2016-12-26 18:02 - 2016-12-26 18:02 - 02263787 _____ C:\Users\Liam Cameron\Documents\Turing guide.pdf
2016-12-26 16:35 - 2016-12-26 16:35 - 00000000 ____D C:\Users\Liam Cameron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Acrylic Wi-Fi Home
2016-12-26 16:35 - 2016-12-26 16:35 - 00000000 ____D C:\Users\Liam Cameron\AppData\Roaming\Acrylic Wi-Fi Home
2016-12-26 16:35 - 2016-12-26 16:35 - 00000000 ____D C:\Program Files\Acrylic Wi-Fi Home
2016-12-26 16:18 - 2016-12-26 16:22 - 04598752 _____ (Tarlogic Security S.L. ) C:\Users\Liam Cameron\Downloads\Acrylic_WiFi_Home_v3.1.6117.24454-Setup.exe
2016-12-26 14:03 - 2016-12-26 14:03 - 00330086 _____ C:\Users\Liam Cameron\Downloads\desktop-wallpaper-floral-pattern-dark-desktop-background.jpg
2016-12-26 13:49 - 2017-01-02 12:08 - 00000000 ____D C:\WINDOWS\Prey
2016-12-26 13:44 - 2016-12-26 13:44 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-12-26 13:19 - 2016-12-26 13:19 - 00002059 _____ C:\Users\Liam Cameron\Desktop\Welcome to ASUS Product Registration.lnk
2016-12-26 13:19 - 2016-12-26 13:19 - 00000000 ____D C:\ProgramData\APRP
2016-12-26 13:13 - 2017-01-02 12:08 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2016-12-26 13:12 - 2017-01-02 12:07 - 00159413 ____H C:\Users\Liam Cameron\AppData\Local\IconCache.db
2016-12-26 13:12 - 2017-01-02 11:26 - 00014188 _____ C:\WINDOWS\PFRO.log
2016-12-26 13:01 - 2016-12-26 23:24 - 00012701 _____ C:\Users\Liam Cameron\Documents\Foot Size vs Jump Height.docx
2016-12-26 13:00 - 2016-12-26 13:00 - 00000000 ____D C:\Users\Liam Cameron\Documents\Custom Office Templates
2016-12-25 17:48 - 2016-12-25 17:48 - 02263787 _____ C:\Users\Liam Cameron\Downloads\Turing guide.pdf
2016-12-25 17:11 - 2016-12-25 17:11 - 00000000 ____D C:\Users\Liam Cameron\AppData\Roaming\NVIDIA
2016-12-25 17:09 - 2016-12-25 17:09 - 00000000 ____D C:\Program Files (x86)\FurMark
2016-12-25 17:08 - 2016-12-25 17:08 - 00000000 ____D C:\Users\Liam Cameron\AppData\Local\Programs
2016-12-25 17:05 - 2016-12-25 17:08 - 05802211 _____ (Geeks3D ) C:\Users\Liam Cameron\Downloads\FurMark_1.18.2.0_Setup.exe
2016-12-25 16:58 - 2016-12-25 16:58 - 00000988 _____ C:\Users\Liam Cameron\Documents\PC Stress test #1.nbr
2016-12-25 16:56 - 2016-12-25 16:56 - 00000000 ____D C:\ProgramData\NovaTech Network
2016-12-25 16:55 - 2016-12-25 16:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NovaBench
2016-12-25 16:55 - 2016-12-25 16:55 - 00000000 ____D C:\Program Files (x86)\Novawave
2016-12-25 16:55 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_42.dll
2016-12-25 16:55 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_42.dll
2016-12-25 16:54 - 2016-12-25 16:55 - 12261072 _____ (Novawave Inc. ) C:\Users\Liam Cameron\Downloads\novabench.exe
2016-12-25 16:43 - 2017-01-02 12:08 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2016-12-25 16:43 - 2016-12-25 16:44 - 00000000 ____D C:\Users\Liam Cameron\AppData\Local\paint.net
2016-12-25 16:43 - 2016-12-25 16:43 - 00001106 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2016-12-25 16:43 - 2016-12-25 16:43 - 00001094 _____ C:\Users\Public\Desktop\paint.net.lnk
2016-12-25 16:43 - 2016-12-25 16:43 - 00000000 ____D C:\Program Files\paint.net
2016-12-25 16:41 - 2016-12-25 16:42 - 07055677 _____ C:\Users\Liam Cameron\Downloads\paint.net.4.0.13.install.zip
2016-12-25 16:36 - 2016-12-27 16:51 - 00000000 ____D C:\Users\Liam Cameron\Desktop\Protection
2016-12-25 16:31 - 2016-12-25 16:31 - 00002884 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-12-25 16:31 - 2016-12-25 16:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-12-25 16:31 - 2016-12-25 16:31 - 00000000 ____D C:\Program Files\CCleaner
2016-12-25 16:30 - 2016-12-25 16:31 - 08803648 _____ (Piriform Ltd) C:\Users\Liam Cameron\Downloads\ccsetup525.exe
2016-12-25 14:35 - 2016-12-29 09:03 - 00000450 _____ C:\Users\Liam Cameron\AppData\Roaming\turing_files.ini
2016-12-25 14:35 - 2016-12-25 14:35 - 00000050 _____ C:\Users\Liam Cameron\Documents\Hello World!.t
2016-12-25 14:33 - 2016-12-25 16:06 - 00000000 ____D C:\Users\Liam Cameron\Downloads\Turing 4.1.1
2016-12-25 14:33 - 2016-12-25 16:06 - 00000000 ____D C:\Users\Liam Cameron\Desktop\Turing 4.1.1
2016-12-25 14:31 - 2016-12-25 14:32 - 09367003 _____ C:\Users\Liam Cameron\Downloads\Turing 4.1.1.zip
2016-12-25 14:18 - 2016-12-25 14:18 - 00000000 ____D C:\Users\Liam Cameron\AppData\Roaming\Mozilla
2016-12-25 14:18 - 2016-12-25 14:18 - 00000000 ____D C:\Users\Liam Cameron\AppData\Roaming\Macromedia
2016-12-25 14:18 - 2016-12-25 14:18 - 00000000 ____D C:\Users\Liam Cameron\AppData\Local\Macromedia
2016-12-25 14:07 - 2016-11-23 08:37 - 00000570 _____ C:\Users\Liam Cameron\AppData\Local\TroubleshooterConfig.json
2016-12-25 14:06 - 2016-12-29 10:44 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-12-25 14:06 - 2016-12-25 14:06 - 00001644 _____ C:\Users\Public\Desktop\BlueStacks.lnk
2016-12-25 14:06 - 2016-12-25 14:06 - 00001644 _____ C:\ProgramData\Microsoft\Windows\Start Menu\BlueStacks.lnk
2016-12-25 14:06 - 2016-12-25 14:06 - 00000000 ____D C:\Users\Liam Cameron\AppData\Local\Bluestacks
2016-12-25 14:05 - 2016-12-25 14:06 - 00000000 ____D C:\Program Files (x86)\Bluestacks
2016-12-25 14:05 - 2016-12-13 12:27 - 00000000 ____D C:\ProgramData\Bluestacks
2016-12-25 13:55 - 2016-12-25 14:05 - 331190024 _____ (BlueStack Systems Inc.) C:\Users\Liam Cameron\Downloads\BlueStacks2_native_c66fb4adc14f7413a957b93dfa230ec4.exe
2016-12-25 13:50 - 2016-12-25 13:50 - 00000000 ____D C:\Users\Liam Cameron\AppData\Roaming\Opera Software
2016-12-25 13:50 - 2016-12-25 13:50 - 00000000 ____D C:\Users\Liam Cameron\AppData\Local\Opera Software
2016-12-25 13:49 - 2016-12-27 16:57 - 00003974 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1482691792
2016-12-25 13:49 - 2016-12-27 16:57 - 00001206 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-12-25 13:49 - 2016-12-25 13:49 - 00001206 ____H C:\Users\Public\Desktop\Opera.lnk
2016-12-25 13:48 - 2016-12-30 21:01 - 00000000 ____D C:\Program Files (x86)\Opera
2016-12-25 13:48 - 2016-12-25 13:48 - 00002753 _____ C:\Users\Liam Cameron\Desktop\BitTorrent.lnk
2016-12-25 13:48 - 2016-12-25 13:48 - 00002753 _____ C:\Users\Liam Cameron\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2016-12-25 13:48 - 2016-12-25 13:48 - 00000000 ____D C:\Users\Liam Cameron\AppData\Roaming\opera_helper
2016-12-25 13:45 - 2017-01-02 00:01 - 00000000 ____D C:\Users\Liam Cameron\AppData\Roaming\BitTorrent
2016-12-25 13:45 - 2016-12-25 13:45 - 02400456 _____ (BitTorrent Inc.) C:\Users\Liam Cameron\Downloads\BitTorrent.exe
2016-12-25 11:31 - 2016-12-25 11:31 - 00001678 _____ C:\Users\Liam Cameron\Desktop\Word 2016.lnk
2016-12-25 11:31 - 2016-12-25 11:31 - 00001670 _____ C:\Users\Liam Cameron\Desktop\Excel 2016.lnk
2016-12-25 11:30 - 2016-12-25 11:30 - 00001714 _____ C:\Users\Liam Cameron\Desktop\PowerPoint 2016.lnk
2016-12-25 10:57 - 2016-12-25 10:57 - 00003628 _____ C:\WINDOWS\System32\Tasks\ASUS Smart Gesture Launcher
2016-12-25 10:40 - 2016-12-25 10:40 - 00000000 ____D C:\Users\Liam Cameron\AppData\Local\speech
2016-12-25 10:30 - 2016-12-25 10:30 - 00002495 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-12-25 10:30 - 2016-12-25 10:30 - 00002494 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2016-12-25 10:30 - 2016-12-25 10:30 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2016-12-25 10:30 - 2016-12-25 10:30 - 00002437 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-12-25 10:30 - 2016-12-25 10:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2016-12-25 10:24 - 2016-12-25 10:24 - 00001299 _____ C:\Users\Liam Cameron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eye Care Switcher.lnk
2016-12-25 10:18 - 2016-12-25 10:18 - 00524288 ___SH C:\Users\Public\NTUSER.DAT{612d77b3-caae-11e6-9be1-185e0f19fab3}.TMContainer00000000000000000002.regtrans-ms
2016-12-25 10:18 - 2016-12-25 10:18 - 00524288 ___SH C:\Users\Public\NTUSER.DAT{612d77b3-caae-11e6-9be1-185e0f19fab3}.TMContainer00000000000000000001.regtrans-ms
2016-12-25 10:18 - 2016-12-25 10:18 - 00524288 ___SH C:\Users\Default.migrated\NTUSER.DAT{612d77ae-caae-11e6-9be1-185e0f19fab3}.TMContainer00000000000000000002.regtrans-ms
2016-12-25 10:18 - 2016-12-25 10:18 - 00524288 ___SH C:\Users\Default.migrated\NTUSER.DAT{612d77ae-caae-11e6-9be1-185e0f19fab3}.TMContainer00000000000000000001.regtrans-ms
2016-12-25 10:18 - 2016-12-25 10:18 - 00065536 ___SH C:\Users\Public\NTUSER.DAT{612d77b3-caae-11e6-9be1-185e0f19fab3}.TM.blf
2016-12-25 10:18 - 2016-12-25 10:18 - 00065536 ___SH C:\Users\Default.migrated\NTUSER.DAT{612d77ae-caae-11e6-9be1-185e0f19fab3}.TM.blf
2016-12-25 10:18 - 2016-12-25 10:18 - 00008192 ___SH C:\Users\Public\NTUSER.DAT.LOG1
2016-12-25 10:18 - 2016-12-25 10:18 - 00008192 ___SH C:\Users\Default.migrated\NTUSER.DAT.LOG1
2016-12-25 10:18 - 2016-12-25 10:18 - 00008192 _____ C:\Users\Public\NTUSER.DAT
2016-12-25 10:18 - 2016-12-25 10:18 - 00008192 _____ C:\Users\Default.migrated\NTUSER.DAT
2016-12-25 10:18 - 2016-12-25 10:18 - 00000000 ___SH C:\Users\Public\NTUSER.DAT.LOG2
2016-12-25 10:18 - 2016-12-25 10:18 - 00000000 ___SH C:\Users\Default.migrated\NTUSER.DAT.LOG2
2016-12-25 10:12 - 2016-12-25 10:34 - 00000000 ____D C:\Users\Liam Cameron\AppData\Local\Google
2016-12-25 10:12 - 2016-12-25 10:12 - 00000000 ____D C:\Users\Liam Cameron\AppData\Local\CEF
2016-12-25 10:11 - 2017-01-02 11:34 - 00004020 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1482678709
2016-12-25 10:11 - 2017-01-02 11:34 - 00001090 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-12-25 10:11 - 2016-12-25 10:11 - 00002274 ____H C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-25 10:11 - 2016-12-25 10:11 - 00002262 ____H C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-25 10:11 - 2016-12-25 10:11 - 00001090 ____H C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-12-25 10:11 - 2016-12-25 10:11 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-12-25 10:05 - 2016-12-25 14:10 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-25 10:05 - 2016-12-25 14:10 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-25 10:05 - 2016-12-25 10:11 - 00000000 ____D C:\Program Files (x86)\Google
2016-12-25 10:04 - 2016-12-25 10:04 - 00037144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2016-12-25 09:55 - 2016-12-25 09:57 - 03907384 _____ (Microsoft Corporation) C:\Users\Liam Cameron\Downloads\Setup.X86.en-US_HomeStudentRetail_0f7a5905-399a-4c3b-bf49-3c164560a60c_TX_PR_.exe
2016-12-25 09:50 - 2016-12-25 09:50 - 00000000 ____D C:\Users\Liam Cameron\AppData\Roaming\AVAST Software
2016-12-25 09:48 - 2017-01-02 11:24 - 00004004 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-12-25 09:48 - 2016-12-25 09:49 - 00969184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2016-12-25 09:48 - 2016-12-25 09:49 - 00513632 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2016-12-25 09:48 - 2016-12-25 09:49 - 00293352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2016-12-25 09:48 - 2016-12-25 09:48 - 00163416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2016-12-25 09:48 - 2016-12-25 09:48 - 00108816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2016-12-25 09:48 - 2016-12-25 09:48 - 00103064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2016-12-25 09:48 - 2016-12-25 09:48 - 00074544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2016-12-25 09:48 - 2016-12-25 09:48 - 00053208 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2016-12-25 09:48 - 2016-12-25 09:48 - 00044640 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\aswTap.sys
2016-12-25 09:48 - 2016-12-25 09:48 - 00037656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2016-12-25 09:47 - 2016-12-25 09:47 - 00000000 ____D C:\Users\Liam Cameron\AppData\Local\Comms
2016-12-25 09:42 - 2016-12-25 10:04 - 00000000 ____D C:\Program Files\AVAST Software
2016-12-25 09:41 - 2016-12-25 10:04 - 00000000 ____D C:\ProgramData\AVAST Software
2016-12-25 09:40 - 2016-12-25 09:41 - 06334848 _____ (AVAST Software) C:\Users\Liam Cameron\Downloads\avast_free_antivirus_setup_online.exe
2016-12-25 09:37 - 2016-12-25 09:37 - 00003304 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2016-12-25 09:36 - 2016-12-29 23:40 - 00003834 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2016-12-25 09:36 - 2016-12-25 09:36 - 00000000 ____D C:\Users\Liam Cameron\AppData\Roaming\Skype
2016-12-25 09:36 - 2016-12-25 09:36 - 00000000 ____D C:\Users\Liam Cameron\AppData\Roaming\awsRun
2016-12-25 09:34 - 2016-12-25 09:34 - 00000000 ____D C:\Users\Liam Cameron\AppData\Local\NetworkTiles
2016-12-25 09:33 - 2016-12-25 09:37 - 00000000 ____D C:\Users\Liam Cameron\AppData\Local\MicrosoftEdge
2016-12-25 09:31 - 2017-01-02 11:57 - 00000000 ___RD C:\Users\Liam Cameron\OneDrive
2016-12-25 09:31 - 2016-12-25 14:18 - 00000000 ___SD C:\Users\Liam Cameron\AppData\LocalLow\Microsoft
2016-12-25 09:31 - 2016-12-25 09:37 - 00002386 _____ C:\Users\Liam Cameron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-12-25 09:31 - 2016-12-25 09:31 - 00000000 ____D C:\Users\Liam Cameron\AppData\Roaming\DropboxOEM
2016-12-25 09:31 - 2016-12-25 09:31 - 00000000 ____D C:\Users\Liam Cameron\AppData\Local\NVIDIA
2016-12-25 09:31 - 2016-12-25 09:31 - 00000000 ____D C:\Users\Liam Cameron\AppData\Local\DropboxOEM
2016-12-25 09:30 - 2017-01-02 12:09 - 00000165 _____ C:\Users\Liam Cameron\AppData\Roaming\sp_data.sys
2016-12-25 09:30 - 2017-01-02 12:08 - 00000000 __SHD C:\Users\Liam Cameron\IntelGraphicsProfiles
2016-12-25 09:30 - 2016-12-28 15:04 - 00000000 ____D C:\Users\Liam Cameron\AppData\Local\VirtualStore
2016-12-25 09:30 - 2016-12-27 19:20 - 00000000 ___RD C:\Users\Liam Cameron\Searches
2016-12-25 09:30 - 2016-12-27 19:18 - 00000000 ___RD C:\Users\Liam Cameron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2016-12-25 09:30 - 2016-12-26 20:12 - 00000000 ____D C:\Users\Liam Cameron\AppData\Roaming\Adobe
2016-12-25 09:30 - 2016-12-25 18:21 - 00000000 ____D C:\Users\Liam Cameron\AppData\Local\Packages
2016-12-25 09:30 - 2016-12-25 09:30 - 00000402 ___SH C:\Users\Liam Cameron\Documents\desktop.ini
2016-12-25 09:30 - 2016-12-25 09:30 - 00000282 ___SH C:\Users\Liam Cameron\Downloads\desktop.ini
2016-12-25 09:30 - 2016-12-25 09:30 - 00000282 ___SH C:\Users\Liam Cameron\Desktop\desktop.ini
2016-12-25 09:30 - 2016-12-25 09:30 - 00000174 ___SH C:\Users\Liam Cameron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
2016-12-25 09:30 - 2016-12-25 09:30 - 00000174 ___SH C:\Users\Liam Cameron\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
2016-12-25 09:30 - 2016-12-25 09:30 - 00000000 ___RD C:\Users\Liam Cameron\Contacts
2016-12-25 09:30 - 2016-12-25 09:30 - 00000000 ___RD C:\Users\Liam Cameron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2016-12-25 09:30 - 2016-12-25 09:30 - 00000000 ____D C:\Users\Liam Cameron\AppData\Roaming\WebStorage
2016-12-25 09:30 - 2016-12-25 09:30 - 00000000 ____D C:\Users\Liam Cameron\AppData\Roaming\Intel
2016-12-25 09:30 - 2016-12-25 09:30 - 00000000 ____D C:\Users\Liam Cameron\AppData\Local\TileDataLayer
2016-12-25 09:30 - 2016-12-25 09:30 - 00000000 ____D C:\Users\Liam Cameron\AppData\Local\Publishers
2016-12-25 09:30 - 2016-12-25 09:30 - 00000000 ____D C:\Users\Liam Cameron\AppData\Local\ActiveSync
2016-12-25 09:29 - 2017-01-02 12:28 - 00000000 ____D C:\Users\Liam Cameron\AppData\Local\Temp
2016-12-25 09:29 - 2017-01-02 12:27 - 00000000 ___RD C:\Users\Liam Cameron\Downloads
2016-12-25 09:29 - 2017-01-02 12:07 - 02359296 ___SH C:\Users\Liam Cameron\NTUSER.DAT
2016-12-25 09:29 - 2017-01-02 11:49 - 00000000 ____D C:\Users\Liam Cameron\AppData\LocalLow
2016-12-25 09:29 - 2017-01-02 11:11 - 00000000 ____D C:\Users\Liam Cameron\AppData\Local
2016-12-25 09:29 - 2016-12-31 23:23 - 00000000 ____D C:\Users\Liam Cameron
2016-12-25 09:29 - 2016-12-30 22:16 - 00000000 ___RD C:\Users\Liam Cameron\Desktop
2016-12-25 09:29 - 2016-12-30 11:14 - 00000000 ____D C:\Users\Liam Cameron\AppData\Roaming
2016-12-25 09:29 - 2016-12-29 19:45 - 00524288 ___SH C:\Users\Liam Cameron\NTUSER.DAT{28cdf819-e970-11e5-b48d-9b8a4dc2168e}.TMContainer00000000000000000001.regtrans-ms
2016-12-25 09:29 - 2016-12-29 19:45 - 00065536 ___SH C:\Users\Liam Cameron\NTUSER.DAT{28cdf819-e970-11e5-b48d-9b8a4dc2168e}.TM.blf
2016-12-25 09:29 - 2016-12-29 10:36 - 00000000 ___RD C:\Users\Liam Cameron\Videos
2016-12-25 09:29 - 2016-12-28 19:54 - 00000000 ___RD C:\Users\Liam Cameron\Pictures
2016-12-25 09:29 - 2016-12-28 19:43 - 00000000 ___RD C:\Users\Liam Cameron\Documents
2016-12-25 09:29 - 2016-12-27 21:33 - 00000000 ____D C:\Users\Liam Cameron\AppData\Local\Microsoft
2016-12-25 09:29 - 2016-12-27 21:30 - 00000000 ___RD C:\Users\Liam Cameron\Music
2016-12-25 09:29 - 2016-12-27 19:20 - 00000000 ___SD C:\Users\Liam Cameron\AppData\Roaming\Microsoft
2016-12-25 09:29 - 2016-12-27 16:34 - 00000000 ___RD C:\Users\Liam Cameron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2016-12-25 09:29 - 2016-12-26 16:35 - 00000000 ___RD C:\Users\Liam Cameron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
2016-12-25 09:29 - 2016-12-25 09:30 - 00000000 ___RD C:\Users\Liam Cameron\Saved Games
2016-12-25 09:29 - 2016-12-25 09:30 - 00000000 ___RD C:\Users\Liam Cameron\Links
2016-12-25 09:29 - 2016-12-25 09:30 - 00000000 ___RD C:\Users\Liam Cameron\Favorites
2016-12-25 09:29 - 2016-12-25 09:29 - 00819200 ___SH C:\Users\Liam Cameron\ntuser.dat.LOG1
2016-12-25 09:29 - 2016-12-25 09:29 - 00643072 ___SH C:\Users\Liam Cameron\ntuser.dat.LOG2
2016-12-25 09:29 - 2016-12-25 09:29 - 00524288 ___SH C:\Users\Liam Cameron\NTUSER.DAT{28cdf819-e970-11e5-b48d-9b8a4dc2168e}.TMContainer00000000000000000002.regtrans-ms
2016-12-25 09:29 - 2016-12-25 09:29 - 00000020 ___SH C:\Users\Liam Cameron\ntuser.ini
2016-12-25 09:29 - 2016-12-25 09:29 - 00000000 _SHDL C:\Users\Liam Cameron\Templates
2016-12-25 09:29 - 2016-12-25 09:29 - 00000000 _SHDL C:\Users\Liam Cameron\Start Menu
2016-12-25 09:29 - 2016-12-25 09:29 - 00000000 _SHDL C:\Users\Liam Cameron\SendTo
2016-12-25 09:29 - 2016-12-25 09:29 - 00000000 _SHDL C:\Users\Liam Cameron\Recent
2016-12-25 09:29 - 2016-12-25 09:29 - 00000000 _SHDL C:\Users\Liam Cameron\PrintHood
2016-12-25 09:29 - 2016-12-25 09:29 - 00000000 _SHDL C:\Users\Liam Cameron\NetHood
2016-12-25 09:29 - 2016-12-25 09:29 - 00000000 _SHDL C:\Users\Liam Cameron\My Documents
2016-12-25 09:29 - 2016-12-25 09:29 - 00000000 _SHDL C:\Users\Liam Cameron\Local Settings
2016-12-25 09:29 - 2016-12-25 09:29 - 00000000 _SHDL C:\Users\Liam Cameron\Documents\My Videos
2016-12-25 09:29 - 2016-12-25 09:29 - 00000000 _SHDL C:\Users\Liam Cameron\Documents\My Pictures
2016-12-25 09:29 - 2016-12-25 09:29 - 00000000 _SHDL C:\Users\Liam Cameron\Documents\My Music
2016-12-25 09:29 - 2016-12-25 09:29 - 00000000 _SHDL C:\Users\Liam Cameron\Cookies
2016-12-25 09:29 - 2016-12-25 09:29 - 00000000 _SHDL C:\Users\Liam Cameron\Application Data
2016-12-25 09:29 - 2016-12-25 09:29 - 00000000 _SHDL C:\Users\Liam Cameron\AppData\Local\Temporary Internet Files
2016-12-25 09:29 - 2016-12-25 09:29 - 00000000 _SHDL C:\Users\Liam Cameron\AppData\Local\History
2016-12-25 09:29 - 2016-12-25 09:29 - 00000000 _SHDL C:\Users\Liam Cameron\AppData\Local\Application Data
2016-12-25 09:29 - 2016-12-25 09:29 - 00000000 ___HD C:\Users\Liam Cameron\AppData
2016-12-25 09:29 - 2016-03-13 18:01 - 00000000 ___RD C:\Users\Liam Cameron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2016-12-25 09:29 - 2016-03-13 18:01 - 00000000 ___RD C:\Users\Liam Cameron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2016-12-25 09:29 - 2016-03-13 18:01 - 00000000 ____D C:\Users\Liam Cameron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2016-12-25 09:29 - 2016-03-13 17:14 - 00000000 __RSD C:\Users\Liam Cameron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2016-12-25 09:29 - 2016-03-13 17:14 - 00000000 ____D C:\Users\Liam Cameron\Roaming
2016-12-25 09:28 - 2016-12-25 09:30 - 00000000 ____D C:\ProgramData\USBChargerPlus
2016-12-25 09:28 - 2016-12-25 09:28 - 00000000 ____D C:\ProgramData\ASUS
2016-12-25 09:26 - 2015-10-30 04:01 - 00037616 _____ C:\WINDOWS\SysWOW64\license.rtf
2016-12-25 09:26 - 2015-10-30 04:01 - 00037616 _____ C:\WINDOWS\system32\license.rtf
2016-12-25 09:24 - 2016-12-25 16:43 - 00000000 ____D C:\WINDOWS\SoftwareDistribution
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-02 12:15 - 2016-03-13 18:00 - 00000000 ____D C:\WINDOWS\INF
2017-01-02 12:15 - 2015-08-18 03:36 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-02 12:08 - 2016-03-13 17:55 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2017-01-02 12:08 - 2016-03-13 17:15 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-02 12:08 - 2016-03-13 17:07 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-01-02 12:01 - 2015-12-17 08:34 - 00003544 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
2017-01-02 12:01 - 2015-12-17 08:34 - 00003534 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
2017-01-02 11:15 - 2016-03-13 18:01 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-01 22:54 - 2015-12-17 08:22 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-01 19:10 - 2016-03-13 18:04 - 00000000 ____D C:\WINDOWS\OCR
2017-01-01 19:10 - 2016-03-13 17:58 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-01 14:54 - 2016-03-13 18:01 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2017-01-01 11:34 - 2016-03-13 18:01 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-01 11:29 - 2016-03-13 18:01 - 00000000 ____D C:\WINDOWS\rescache
2016-12-31 23:24 - 2016-03-13 18:01 - 00000000 ____D C:\WINDOWS\system32\WDI
2016-12-30 19:57 - 2016-03-13 18:01 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2016-12-30 19:57 - 2016-03-13 18:01 - 00000000 ____D C:\WINDOWS\system32\en-US
2016-12-30 19:57 - 2016-03-13 18:01 - 00000000 ____D C:\Program Files\Windows Journal
2016-12-30 17:04 - 2016-03-13 18:01 - 00000000 ____D C:\WINDOWS\Logs
2016-12-30 13:05 - 2016-03-13 17:55 - 00000000 ___RD C:\Program Files
2016-12-30 13:05 - 2016-03-13 17:55 - 00000000 ____D C:\WINDOWS\system32\DriverStore
2016-12-28 21:03 - 2016-03-13 18:01 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-12-27 17:58 - 2016-03-13 18:01 - 00000000 ___SD C:\ProgramData\Microsoft
2016-12-27 17:28 - 2016-03-13 18:01 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-12-27 16:19 - 2015-07-10 06:04 - 00000888 _____ C:\WINDOWS\system32\Drivers\etc\hosts
2016-12-27 12:25 - 2016-03-13 18:01 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
2016-12-26 23:02 - 2016-03-13 18:01 - 00000000 ___RD C:\WINDOWS\assembly
2016-12-26 23:01 - 2016-03-13 18:01 - 00000000 ____D C:\WINDOWS\system32\catroot2
2016-12-26 21:04 - 2016-03-13 17:55 - 00000000 ____D C:\Program Files\Common Files
2016-12-26 21:04 - 2015-12-17 08:36 - 00000000 ____D C:\ProgramData\McAfee
2016-12-26 20:12 - 2016-03-13 17:55 - 00000000 ____D C:\Program Files (x86)\Common Files
2016-12-26 16:37 - 2015-12-17 08:43 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-12-26 13:12 - 2016-03-13 18:01 - 00000000 ____D C:\WINDOWS\debug
2016-12-26 13:12 - 2016-03-13 17:55 - 00000000 ____D C:\WINDOWS\system32\CatRoot
2016-12-26 13:12 - 2016-03-13 17:06 - 00232944 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-12-25 16:43 - 2016-03-13 18:01 - 00000000 ____D C:\WINDOWS\system32\restore
2016-12-25 16:33 - 2016-03-13 18:05 - 00000000 ___DC C:\WINDOWS\Panther
2016-12-25 14:31 - 2016-07-05 11:47 - 00000000 __SHD C:\$RECYCLE.BIN
2016-12-25 14:09 - 2016-03-13 18:01 - 00000000 ____D C:\WINDOWS\system32\LogFiles
2016-12-25 14:06 - 2016-03-13 18:01 - 00000000 __RHD C:\Users\Public\Libraries
2016-12-25 10:57 - 2015-12-17 08:34 - 00000000 ____D C:\Program Files\DIFX
2016-12-25 10:57 - 2015-08-18 03:37 - 00000000 ____D C:\Program Files (x86)\ASUS
2016-12-25 10:56 - 2016-03-13 18:04 - 00000000 ____D C:\ProgramData\SetupTPDriver
2016-12-25 10:53 - 2016-03-13 18:01 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-12-25 10:52 - 2016-03-13 18:01 - 00000000 ____D C:\Program Files (x86)\Microsoft.NET
2016-12-25 10:20 - 2016-03-13 18:01 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-12-25 10:20 - 2016-03-13 17:55 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-12-25 10:18 - 2016-03-13 18:01 - 00000000 ___RD C:\Users\Public
2016-12-25 10:18 - 2016-03-13 17:55 - 00262144 ___SH C:\Users\Default\NTUSER.DAT
2016-12-25 10:18 - 2015-07-10 04:05 - 00000000 ____D C:\Users\Default.migrated
2016-12-25 10:14 - 2016-03-13 18:01 - 00000000 __RSD C:\WINDOWS\Fonts
2016-12-25 10:11 - 2016-03-13 18:01 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-12-25 09:46 - 2016-03-13 17:55 - 00000000 ___RD C:\Users
2016-12-25 09:36 - 2015-12-17 08:23 - 00000000 ____D C:\ProgramData\Intel
2016-12-25 09:30 - 2015-12-17 08:20 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-12-25 09:25 - 2016-03-13 18:01 - 00000000 ____D C:\WINDOWS\system32\Recovery
2016-12-25 09:24 - 2016-03-13 17:07 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2016-12-25 09:24 - 2016-03-13 17:07 - 00000000 ____D C:\ProgramData\NVIDIA
2016-12-25 09:23 - 2016-03-13 18:01 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-12-25 09:23 - 2016-03-13 17:07 - 00000000 ____D C:\Program Files\CONEXANT
2016-12-25 09:23 - 2015-12-17 08:46 - 00002670 _____ C:\WINDOWS\System32\Tasks\ASUS Patch for Touch Panel
2016-12-25 09:23 - 2015-12-17 08:40 - 00002340 _____ C:\WINDOWS\System32\Tasks\ASUS USB Charger Plus
2016-12-25 09:23 - 2015-12-17 08:35 - 00002214 _____ C:\WINDOWS\System32\Tasks\ASUS Splendid ACMON
2016-12-25 09:23 - 2015-12-17 08:34 - 00002612 _____ C:\WINDOWS\System32\Tasks\Update Checker
2016-12-25 09:23 - 2015-12-17 08:33 - 00003040 _____ C:\WINDOWS\System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec
2016-12-25 09:23 - 2015-12-17 08:33 - 00002924 _____ C:\WINDOWS\System32\Tasks\ATK Package 36D18D69AFC3
2016-12-25 09:23 - 2015-12-17 08:33 - 00002674 _____ C:\WINDOWS\System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon
2016-12-25 09:23 - 2015-12-17 08:33 - 00002214 _____ C:\WINDOWS\System32\Tasks\ATK Package A22126881260
2016-12-25 09:23 - 2015-08-18 03:38 - 00002172 _____ C:\WINDOWS\System32\Tasks\DropboxOEM
2016-12-25 09:22 - 2016-03-13 17:07 - 00000000 ___HD C:\Intel
2016-12-25 09:22 - 2016-03-13 17:07 - 00000000 ____D C:\Program Files (x86)\Intel
2016-12-25 09:21 - 2016-03-13 17:07 - 00000000 ____D C:\ProgramData\Conexant
 
==================== Files in the root of some directories =======
 
2016-12-25 09:30 - 2017-01-02 12:09 - 0000165 _____ () C:\Users\Liam Cameron\AppData\Roaming\sp_data.sys
2016-12-25 14:35 - 2016-12-29 09:03 - 0000450 _____ () C:\Users\Liam Cameron\AppData\Roaming\turing_files.ini
2016-12-25 14:07 - 2016-11-23 08:37 - 0000570 _____ () C:\Users\Liam Cameron\AppData\Local\TroubleshooterConfig.json
 
Some files in TEMP:
====================
C:\Users\Liam Cameron\AppData\Local\Temp\msvcp120.dll
C:\Users\Liam Cameron\AppData\Local\Temp\msvcr120.dll
C:\Users\Liam Cameron\AppData\Local\Temp\pc-decrapifier.exe
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2016-03-13 17:06
 
==================== End of FRST.txt ============================
 
and addition.txt:
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-01-2017
Ran by Liam Cameron (02-01-2017 12:28:29)
Running from C:\Users\Liam Cameron\Downloads
Windows 10 Home Version 1511 (X64) (2016-12-25 14:28:27)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-214791878-4100251593-1600971497-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-214791878-4100251593-1600971497-503 - Limited - Disabled)
Guest (S-1-5-21-214791878-4100251593-1600971497-501 - Limited - Disabled)
Liam Cameron (S-1-5-21-214791878-4100251593-1600971497-1001 - Administrator - Enabled) => C:\Users\Liam Cameron
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: Avast Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acrylic Wi-Fi Home v3.1 (HKU\S-1-5-21-214791878-4100251593-1600971497-1001\...\{3706FB7A-11FB-44C4-AD94-2B29878D75DC}_is1) (Version: 3.1 - Tarlogic Security S.L.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.5 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.12 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.13.0004 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.6 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0040 - ASUS)
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.0.99 - ICEpower a/s)
Avast Internet Security (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
Betternet for Windows (HKLM-x32\...\{2E77104D-96E1-4A9C-86F2-C7CF4C703740}) (Version: 3.7.4.0 - Betternet Technologies Inc.)
BitTorrent (HKU\S-1-5-21-214791878-4100251593-1600971497-1001\...\BitTorrent) (Version: 7.9.9.43086 - BitTorrent Inc.)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.5.83.6332 - BlueStack Systems, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.16.55 - Conexant)
CyberLink PhotoDirector 5 (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6515 - CyberLink Corp.)
CyberLink PhotoDirector 5 (Version: 5.0.5.6515 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4010.0 - CyberLink Corp.)
CyberLink PowerDirector 12 (Version: 12.0.4010.0 - CyberLink Corp.) Hidden
Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.0.2 - ASUSTek Computer Inc.)
Dropbox 25 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.8.0 - Dropbox, Inc.)
Geeks3D FurMark 1.18.2.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version:  - Geeks3D)
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.5.0.6.1001 - Genesys Logic)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Intel® Chipset Device Software (x32 Version: 10.1.1.11 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10603.192 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1167 - Intel Corporation)
Intel® WiDi (HKLM\...\{C7CD6D54-26AF-4D93-B06F-D81ACE8624CB}) (Version: 6.0.40.0 - Intel Corporation)
Intel® WiDi Software Asset Manager (x32 Version: 1.1.347 - Intel Corporation) Hidden
Intel® Wireless Bluetooth® (HKLM-x32\...\{64FD4757-7186-4F12-9AA8-5EE809CAB282}) (Version: 17.1.1532.1814 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{4c8b7360-62a2-4339-b745-41323055d0bb}) (Version: 18.20.0 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Malwarebytes version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.7571.2075 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-214791878-4100251593-1600971497-1001\...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
NovaBench 3.0.4 (HKLM-x32\...\{88603FC0-6B3C-442D-981E-E3D49F083548}_is1) (Version:  - Novawave Inc.)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7571.2075 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7571.2075 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7571.2075 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7571.2075 - Microsoft Corporation) Hidden
OpenVPN 2.3.12-I602  (HKLM-x32\...\OpenVPN) (Version: 2.3.12-I602 - )
Opera Stable 42.0.2393.94 (HKLM-x32\...\Opera 42.0.2393.94) (Version: 42.0.2393.94 - Opera Software)
paint.net (HKLM\...\{6AC1101E-7561-43C9-BEEA-4AB1D220D8FF}) (Version: 4.0.13 - dotPDN LLC)
Prey Anti-Theft (x32 Version: 1.6.5 - Prey, Inc.) Hidden
SafeZone Stable 1.51.2220.62 (x32 Version: 1.51.2220.62 - Avast Software) Hidden
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.2.2.524 - ASUS Cloud Corporation)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.0.11.16 - WildTangent)
Windows Driver Package - ASUS (ATP) Mouse  (06/17/2015 6.0.0.66) (HKLM\...\1EFB54678773735560B565BE7FA6F2BCC557EE21) (Version: 06/17/2015 6.0.0.66 - ASUS)
Windows Driver Package - ASUS (ATP) Mouse  (11/11/2015 6.0.0.66) (HKLM\...\82D024CBD181D16D72E5AE45A426919815D5F456) (Version: 11/11/2015 6.0.0.66 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.0.1 - ASUS)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {04ED1BC7-FC42-47A4-8B59-E1D68ADBD094} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2015-08-25] (ASUS)
Task: {0C7C8103-B2E7-4F03-8F1B-E1488E1B85D5} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2015-12-14] (AsusTek)
Task: {0F369DAC-C432-43D6-8FB0-E4B02A64DA05} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-04] (Microsoft Corporation)
Task: {0F88C2C8-BDBC-4CC0-A284-3C1C577DC970} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-25] (Google Inc.)
Task: {3ADCF1E9-1877-4E88-8D82-C6E82769978F} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-06-17] (Intel Corporation)
Task: {3CF585F1-83FE-4FDC-8431-D27B9ECA2113} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-08-12] (ASUSTeK Computer Inc.)
Task: {4274C647-E545-410E-8B83-93CD37FEE90C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-04] (Microsoft Corporation)
Task: {4886695F-0101-4062-8BC4-E2F06DBCD4B0} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.)
Task: {674DE2B8-3DF6-40FC-A861-233598B0BF9B} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2015-05-29] ()
Task: {77FD967D-B598-4DED-862C-174204C38EC4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {7D61B8B1-54C3-4077-9FA3-4F577512104A} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-08-12] (ASUSTeK Computer Inc.)
Task: {7E248845-0CDF-4BD1-8E8F-296EA7365939} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-25] (Google Inc.)
Task: {88C97785-9241-439C-B245-239A73821079} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
Task: {911C48B4-49A3-4930-B6D0-1002AEFEA66D} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2015-08-12] ()
Task: {934E2E34-CED8-478C-8E05-523637C12BDD} - System32\Tasks\SafeZone scheduled Autoupdate 1482678709 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software)
Task: {AC383DC4-E094-4C1E-9B91-D71ECAB10C07} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-12-25] (AVAST Software)
Task: {BC9D41AF-9993-4632-BA9A-504EE412F9F9} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2015-05-25] (ASUSTek Computer Inc.)
Task: {BD871080-0E01-4571-A50B-2B152E01B1DC} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.)
Task: {C9E0A862-B55E-4612-9DAD-EBA9E2F69BCA} - System32\Tasks\ASUS Patch for Touch Panel => C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe [2015-05-29] (ASUSTek Computer INC.)
Task: {D0FE2E59-2BC9-4C80-93E9-58859D2D9E22} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2015-06-05] (Intel Corporation)
Task: {DF3DDE40-FA88-4ECB-96C0-D1B80A6CAD63} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-06] (Piriform Ltd)
Task: {E3743588-7A16-4C43-8C71-1C01151FD07B} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2015-05-14] (ASUSTek Computer Inc.)
Task: {EA35A669-A436-477E-8D54-45521C3B43F7} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-06-17] (Intel Corporation)
Task: {F53C5FD3-D6DC-4FEF-A819-D76F33C2B355} - \306831v2a423h92 -> No File <==== ATTENTION
Task: {FC0D5F07-1578-4082-81DF-531262985B1A} - System32\Tasks\Opera scheduled Autoupdate 1482691792 => C:\Program Files (x86)\Opera\launcher.exe [2016-12-19] (Opera Software)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\306831v2a423h92.job => rundll32.exe  C:\ProgramData\306831v2a423h92\306831v2a423h92.dll <==== ATTENTION
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\Liam Cameron\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооgle Сhrоmе.lnk -> C:\Users\Liam Cameron\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
 
ShortcutWithArgument: C:\Users\Liam Cameron\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\beae29ac434b3d6b\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default
ShortcutWithArgument: C:\Users\Liam Cameron\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5d696d521de238c3\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-03-13 17:07 - 2015-08-07 12:18 - 00116528 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-12-17 08:42 - 2014-04-14 21:59 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2016-12-27 16:00 - 2016-12-14 13:55 - 02259232 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2015-05-19 12:11 - 2015-05-19 12:11 - 00007680 _____ () C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe
2015-10-30 02:17 - 2015-10-30 02:17 - 02652784 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-30 02:17 - 2015-10-30 02:17 - 02652784 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-12-25 09:37 - 2016-12-25 09:37 - 01678560 _____ () C:\Users\Liam Cameron\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\amd64\ClientTelemetry.dll
2016-12-25 10:36 - 2016-12-25 10:36 - 08924872 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-03-05 14:42 - 2016-03-05 14:42 - 00402344 _____ () C:\WINDOWS\system32\igfxTray.exe
2016-12-25 18:22 - 2016-12-25 18:23 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-10-30 02:17 - 2015-10-30 02:17 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-10-30 02:17 - 2015-10-30 02:17 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-10-30 02:18 - 2015-10-30 04:06 - 08005632 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-10-30 02:18 - 2015-10-30 04:06 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-10-30 02:18 - 2015-10-30 04:06 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-30 02:18 - 2015-10-30 04:06 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-12-25 09:48 - 2016-12-25 09:48 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-01-02 11:11 - 2017-01-02 11:11 - 03131344 _____ () C:\Program Files\AVAST Software\Avast\defs\17010200\algo.dll
2016-12-25 09:48 - 2016-12-25 09:48 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-08-31 19:57 - 2016-08-31 19:57 - 00899584 _____ () \\?\C:\Windows\Prey\versions\1.6.5\node_modules\sqlite3\lib\binding\node-v46-win32-ia32\node_sqlite3.node
2015-08-25 12:40 - 2015-08-25 12:40 - 00027648 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2015-08-25 12:40 - 2015-08-25 12:40 - 00124928 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2016-12-25 18:22 - 2016-12-25 18:23 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-12-25 18:22 - 2016-12-25 18:23 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-12-25 09:48 - 2016-12-25 09:48 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-09-04 23:34 - 2015-09-04 23:34 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2016-12-25 10:11 - 2016-12-08 02:29 - 01829208 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
2016-12-25 10:11 - 2016-12-08 02:29 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-07-10 06:04 - 2016-12-27 16:19 - 00000888 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 v1.ff.avast.com 
127.0.0.1 vlcproxy.ff.avast.com 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-214791878-4100251593-1600971497-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Liam Cameron\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{aea2ddba-a08b-43b1-9e9a-136ed780914c}.jpg
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
HKLM\...\StartupApproved\Run32: => "WebStorage"
HKU\S-1-5-21-214791878-4100251593-1600971497-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-214791878-4100251593-1600971497-1001\...\StartupApproved\Run: => "BlueStacks Agent"
HKU\S-1-5-21-214791878-4100251593-1600971497-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-214791878-4100251593-1600971497-1001\...\StartupApproved\Run: => "OneDrive"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{139687E3-E6A1-4648-BF48-FB915C3CEDE2}] => c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{1E7A1764-EA68-41D3-82F3-CBB079839394}] => C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
FirewallRules: [{8057C264-4A0B-4075-8DA2-A2949EBE32BF}] => C:\Program Files\Intel Corporation\Intel WiDi\SmartAgentTest.exe
FirewallRules: [{E2B1E390-4F84-4A7D-A953-F66CD6D7818E}] => C:\Program Files\Intel Corporation\Intel WiDi\Next\WirelessDisplay.exe
FirewallRules: [{2D0D84C4-44F2-46F9-8D7F-A5F8C4057387}] => C:\Program Files\Intel Corporation\Intel WiDi\WiDiAppOld.exe
FirewallRules: [{7F254AEA-6101-498A-8F0D-CCDAD3D2A34B}] => C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{A927645F-2BD9-42EA-B56B-A519C1876880}] => C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{DF72694D-DB6C-417E-9123-CD635FEA724A}] => C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
FirewallRules: [{B2030CC4-79C1-48C5-B40B-B0543B2A1A72}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{1BC1E1FB-DF55-4C3A-8216-63AEFCDB17EF}C:\users\liam cameron\appdata\roaming\bittorrent\bittorrent.exe] => C:\users\liam cameron\appdata\roaming\bittorrent\bittorrent.exe
FirewallRules: [UDP Query User{F54F7055-EEDC-4440-9ABF-FB5DFB6D54BE}C:\users\liam cameron\appdata\roaming\bittorrent\bittorrent.exe] => C:\users\liam cameron\appdata\roaming\bittorrent\bittorrent.exe
FirewallRules: [{C7BB2B0A-106F-4683-A71E-84E33A5DB5E1}] => C:\Windows\Prey\versions\1.6.5\bin\node.exe
FirewallRules: [{4DAB6A3E-3E5A-431D-BE39-812270678D49}] => C:\Program Files\Acrylic Wi-Fi Home\Acrylic.exe
FirewallRules: [{CE7C84F3-404A-4AB0-B6E5-BDB188305063}] => C:\Program Files\Acrylic Wi-Fi Home\Acrylic.exe
FirewallRules: [{6B4E9BE2-72EB-4BE1-89D6-A5D8B9595FC7}] => C:\WINDOWS\system32\rundll32.exe
FirewallRules: [TCP Query User{FF7EBE88-528A-41E3-BDCE-B456E480A2F7}C:\users\liam cameron\downloads\universe.sandbox.2.alpha.19\universe.sandbox.2.alpha.19\universe sandbox x64.exe] => C:\users\liam cameron\downloads\universe.sandbox.2.alpha.19\universe.sandbox.2.alpha.19\universe sandbox x64.exe
FirewallRules: [UDP Query User{00E137DB-26F9-47F2-8E0A-842FF63C7B52}C:\users\liam cameron\downloads\universe.sandbox.2.alpha.19\universe.sandbox.2.alpha.19\universe sandbox x64.exe] => C:\users\liam cameron\downloads\universe.sandbox.2.alpha.19\universe.sandbox.2.alpha.19\universe sandbox x64.exe
FirewallRules: [{B65C1277-BBEE-4934-BB88-D9EBB1D62249}] => C:\Windows\System32\rundll32.exe
FirewallRules: [{5AE5AC88-52B9-40E1-9E9D-04C09423A9F0}] => C:\Windows\System32\rundll32.exe
 
==================== Restore Points =========================
 
25-12-2016 16:43:05 paint.net 4.0.13
26-12-2016 21:04:44 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
27-12-2016 21:38:31 Installed Minecraft
01-01-2017 11:32:16 Windows Modules Installer
02-01-2017 11:49:08 PC Decrapifier Restore Point
 
==================== Faulty Device Manager Devices =============
 
Name: avast! SecureLine TAP Adapter v3
Description: avast! SecureLine TAP Adapter v3
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: aswTap
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/02/2017 12:04:12 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: FANCY-NEW-LAPTO)
Description: Activation of app Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (01/02/2017 12:03:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdge.exe, version: 11.0.10586.0, time stamp: 0x5632d6c3
Faulting module name: eModel.dll, version: 11.0.10586.0, time stamp: 0x5632d3d8
Exception code: 0xc0000409
Fault offset: 0x000000000012c0bf
Faulting process id: 0x27c
Faulting application start time: 0x01d2651a3586da7f
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
Faulting module path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\eModel.dll
Report Id: 852a2aa3-6376-4e60-aa51-bf1ff4605d29
Faulting package full name: Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge
 
Error: (01/02/2017 11:49:25 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: FANCY-NEW-LAPTO)
Description: Application or service 'Asus GiftBox Desktop' could not be restarted.
 
Error: (01/02/2017 11:49:10 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (01/02/2017 11:27:05 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "WmiApRpl" in DLL "C:\WINDOWS\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (01/02/2017 11:27:03 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.
 
Error: (01/02/2017 11:27:03 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
 
Error: (01/02/2017 11:27:03 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "MSDTC" in DLL "C:\WINDOWS\system32\msdtcuiu.DLL" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (01/02/2017 11:27:03 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "Lsa" in DLL "C:\Windows\System32\Secur32.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (01/02/2017 11:27:03 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "ESENT" in DLL "C:\WINDOWS\system32\esentprf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
 
System errors:
=============
Error: (01/02/2017 12:08:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The InstallerService service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (01/02/2017 12:07:55 PM) (Source: DCOM) (EventID: 10010) (User: FANCY-NEW-LAPTO)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
 
Error: (01/02/2017 12:07:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_5cca8 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (01/02/2017 12:07:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_5cca8 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (01/02/2017 12:07:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_5cca8 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (01/02/2017 12:07:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_5cca8 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (01/02/2017 12:07:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/02/2017 11:59:58 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Asus WebStorage Windows Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/02/2017 11:58:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The InstallerService service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (01/02/2017 11:57:38 AM) (Source: DCOM) (EventID: 10010) (User: FANCY-NEW-LAPTO)
Description: The server {D63B10C5-BB46-4990-A94F-E40B9D520160} did not register with DCOM within the required timeout.
 
 
CodeIntegrity:
===================================
  Date: 2017-01-01 22:22:37.858
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-01 11:39:50.499
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-12-30 20:57:07.981
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-12-27 17:32:13.463
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2016-12-27 17:32:13.463
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2016-12-27 17:32:13.463
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2016-12-27 17:32:13.462
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2016-12-27 17:32:13.462
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2016-12-27 17:32:13.462
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2016-12-27 17:32:13.462
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-6500U CPU @ 2.50GHz
Percentage of memory in use: 27%
Total physical RAM: 12156.37 MB
Available physical RAM: 8770.88 MB
Total Virtual: 14012.37 MB
Available Virtual: 10598.62 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:476.18 GB) (Free:411.5 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: B339422E)
 
Partition: GPT.
 
==================== End of Addition.txt ============================



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,940 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:31 AM

Posted 03 January 2017 - 10:13 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

CHR Extension: (Avast Online Security) - C:\Users\Liam Cameron\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-12-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Liam Cameron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-25]
CHR Extension: (Chrome Media Router) - C:\Users\Liam Cameron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-25]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
OPR Extension: (Fast search) - C:\Users\Liam Cameron\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha [2016-12-27]
S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -originalversion 4.4.127.0 [X]
S3 e1edc438-f640-4184-a443-d2a7c37a01dc; \??\D:\asus-wtp\WindowsActive\690b33e1-0462-4e84-9bea-c7552b45432a.sys [x]
Task: {F53C5FD3-D6DC-4FEF-A819-D76F33C2B355} - \306831v2a423h92 -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\306831v2a423h92.job => rundll32.exe  C:\ProgramData\306831v2a423h92\306831v2a423h92.dll <==== ATTENTION
Shortcut: C:\Users\Liam Cameron\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\G??gle ?hr?m?.lnk -> C:\Users\Liam Cameron\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
C:\ProgramData\306831v2a423h92

Reboot:


End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

His the problem persisting?

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,940 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:31 AM

Posted 09 January 2017 - 08:23 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users