Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Temp files triggering Avast malware detection


  • This topic is locked This topic is locked
1 reply to this topic

#1 sprank

sprank

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:55 PM

Posted 02 January 2017 - 01:18 PM

A mistake was recently made by  myself and I downloaded some ridiculously suspicious files that installed programs that made all my browser shortcuts redirect to porn websites. After I uninstalled and reinstalled all of the browsers it seemed OK, but .tmp files have been appearing in C:\Windows\Temp that get noticed by Avast and a "Threat Blocked" notification comes up with the file location but I have no Idea where these are coming from.
 
 
and I have noticed I've been directed to cse.google.com but I didn't realize that could be connected
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-01-2017
Ran by Liam Cameron (administrator) on FANCY-NEW-LAPTO (02-01-2017 12:27:51)
Running from C:\Users\Liam Cameron\Downloads
Loaded Profiles: Liam Cameron (Available Profiles: Liam Cameron)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\syswow64\IntelCpHeciSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.2.2.524\AsusWSWinService.exe
(Intel Corporation) C:\Windows\syswow64\esif_uf.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe
() C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe
(Fork, Ltd.) C:\Windows\Prey\wpxsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe
(Intel) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
(Node.js) C:\Windows\Prey\versions\1.6.5\bin\node.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer INC.) C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Fork, Ltd.) C:\Windows\Prey\versions\1.6.5\node_modules\triggers\bin\lightevt.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634896 2015-07-23] (NVIDIA Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.2.2.524\ASUSWSLoader.exe [63272 2015-05-31] ()
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-12-25] (AVAST Software)
HKU\S-1-5-21-214791878-4100251593-1600971497-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe [1694344 2016-12-13] (BlueStack Systems, Inc.)
HKU\S-1-5-21-214791878-4100251593-1600971497-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd)
HKU\S-1-5-21-214791878-4100251593-1600971497-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [465920 2015-10-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.2.2.524\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.2.2.524\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.2.2.524\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-12-25] (AVAST Software)
Startup: C:\Users\Liam Cameron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-12-27]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{0f3f002c-d6a0-4cee-a63b-f6e7045b8a02}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{203079cb-5409-42f6-a9d5-7c24e9ce6ca2}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{26b11a49-585f-4b43-a90c-9af3c3d7b25b}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{28cdf7c6-e970-11e5-b48d-806e6f6e6963}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{3f1693c3-80d0-43e4-aa75-f27c13d5a399}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{471cdecf-ad94-44a1-8c22-7daf75ae4c34}: [DhcpNameServer] 10.9.0.1
Tcpip\..\Interfaces\{48417844-099e-4c04-a0ca-a38d7a2853a0}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{48417844-099e-4c04-a0ca-a38d7a2853a0}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5664010f-ed67-47e8-8fa2-74520cf1f67b}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{95edbea8-e769-49df-80a6-af888bfb7dcc}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{b1952504-13cd-4455-b412-53f33459fa9a}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{cbadfc11-2cfa-4fcf-a515-c02032a846a6}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{f945f8f2-7c39-411e-a19c-2b09e730b1fc}: [NameServer] 77.234.40.79
 
Internet Explorer:
==================
HKU\S-1-5-21-214791878-4100251593-1600971497-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ic.loadblanks.ru/c/02037a282dd7fbaf?
HKU\S-1-5-21-214791878-4100251593-1600971497-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus15.msn.com/?pc=ASTE
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-25] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-25] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-25] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-25] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-25] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-25] (Microsoft Corporation)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2017-01-02]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2017-01-02]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-25] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-25] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-25] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-25] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-25] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-14] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.ca/
CHR StartupUrls: Default -> "hxxps://www.google.ca/"
CHR Profile: C:\Users\Liam Cameron\AppData\Local\Google\Chrome\User Data\Default [2017-01-02]
CHR Extension: (Google Slides) - C:\Users\Liam Cameron\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-25]
CHR Extension: (Google Docs) - C:\Users\Liam Cameron\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-25]
CHR Extension: (Google Drive) - C:\Users\Liam Cameron\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-25]
CHR Extension: (Adguard AdBlocker) - C:\Users\Liam Cameron\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2016-12-27]
CHR Extension: (YouTube) - C:\Users\Liam Cameron\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-25]
CHR Extension: (Google Sheets) - C:\Users\Liam Cameron\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-12-25]
CHR Extension: (Google Docs Offline) - C:\Users\Liam Cameron\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-25]
CHR Extension: (Avast Online Security) - C:\Users\Liam Cameron\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-12-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Liam Cameron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-25]
CHR Extension: (Fast search) - C:\Users\Liam Cameron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbdpajcdgknpendpmecafmopknefafha [2016-12-27]
CHR Extension: (Gmail) - C:\Users\Liam Cameron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-25]
CHR Extension: (Chrome Media Router) - C:\Users\Liam Cameron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-25]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
 
Opera: 
=======
OPR Extension: (Fast search) - C:\Users\Liam Cameron\AppData\Roaming\Opera Software\Opera Stable\Extensions\pbdpajcdgknpendpmecafmopknefafha [2016-12-27]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.2.2.524\AsusWSWinService.exe [71168 2015-05-31] (ASUS Cloud Corporation) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-12-25] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [223600 2017-01-02] (AVAST Software)
S3 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [486936 2016-12-13] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [470552 2016-12-13] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [511512 2016-12-13] (BlueStack Systems, Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3698888 2016-12-04] (Microsoft Corporation)
S3 cplspcon; C:\WINDOWS\system32\IntelCpHDCPSvc.exe [621472 2016-03-05] (Intel Corporation)
R2 CronService; C:\Windows\Prey\wpxsvc.exe [611854 2016-12-26] (Fork, Ltd.) [File not signed]
R2 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1385640 2015-08-16] (Intel Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [373312 2015-04-14] (WildTangent)
R2 ibtsiva; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [165104 2015-08-07] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373160 2016-03-05] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
S3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S3 Intel® WiDi SAM; C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-06-17] (Intel Corporation)
R2 IntelUSBoverIP; C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe [396992 2015-07-06] (Intel)
R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2015-09-04] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-08-13] ()
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [32384 2016-10-03] (The OpenVPN Project)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831712 2015-08-13] (Intel® Corporation)
S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -originalversion 4.4.127.0 [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 aswHdsKe; C:\WINDOWS\system32\drivers\aswHdsKe.sys [82936 2017-01-02] (AVAST Software)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [37656 2016-12-25] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [37144 2016-12-25] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [108816 2016-12-25] (AVAST Software)
R1 aswNetSec; C:\WINDOWS\system32\drivers\aswNetSec.sys [453192 2017-01-02] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [103064 2016-12-25] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-12-25] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [969184 2016-12-25] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [513632 2016-12-25] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [163416 2016-12-25] (AVAST Software)
S3 aswTap; C:\WINDOWS\System32\drivers\aswTap.sys [44640 2016-12-25] (The OpenVPN Project)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-12-25] (AVAST Software)
R3 ATP; C:\WINDOWS\System32\drivers\AsusTP.sys [98296 2015-12-14] (ASUS Corporation)
S3 BstHdDrv; C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [152672 2016-12-13] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\Bluestacks\BstkDrv.sys [270904 2016-11-08] (Bluestack System Inc. )
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [55816 2015-08-16] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [53752 2015-08-16] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [261624 2015-08-16] (Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2016-12-14] ()
S3 GeneStor; C:\WINDOWS\System32\drivers\GeneStor.sys [115704 2015-07-15] (GenesysLogic)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [259824 2015-08-07] (Intel Corporation)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176064 2016-12-27] (Malwarebytes)
S3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-01-02] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [250816 2017-01-02] (Malwarebytes)
R3 Netwtw02; C:\WINDOWS\System32\drivers\Netwtw02.sys [7075568 2015-08-23] (Intel Corporation)
R3 SensorsAlsDriver; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [216064 2015-10-30] (Microsoft Corporation)
S3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2016-10-17] (The OpenVPN Project)
S3 usb3Hub; C:\WINDOWS\System32\drivers\usb3Hub.sys [212056 2015-07-06] (Windows ® Win 7 DDK provider)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 e1edc438-f640-4184-a443-d2a7c37a01dc; \??\D:\asus-wtp\WindowsActive\690b33e1-0462-4e84-9bea-c7552b45432a.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-02 12:27 - 2017-01-02 12:28 - 00021357 _____ C:\Users\Liam Cameron\Downloads\FRST.txt
2017-01-02 12:27 - 2017-01-02 12:27 - 00000000 ____D C:\FRST
2017-01-02 12:23 - 2017-01-02 12:27 - 02418176 _____ (Farbar) C:\Users\Liam Cameron\Downloads\FRST64.exe
2017-01-02 12:07 - 2017-01-02 12:08 - 00001536 _____ C:\WINDOWS\Tasks\306831v2a423h92.job
2017-01-02 11:49 - 2017-01-02 11:49 - 00000000 ____D C:\Users\Liam Cameron\AppData\LocalLow\Evernote
2017-01-02 11:25 - 2017-01-02 11:25 - 00001981 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Internet Security.lnk
2017-01-02 11:25 - 2017-01-02 11:11 - 00082936 ____N (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2017-01-02 11:24 - 2017-01-02 11:24 - 00453192 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetSec.sys
2017-01-02 11:24 - 2016-12-25 09:48 - 00391496 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2016-12-31 18:42 - 2017-01-01 12:13 - 00000000 ____D C:\Users\Liam Cameron\AppData\LocalLow\BitTorrent
2016-12-31 09:06 - 2016-12-31 10:15 - 13909716 _____ (EasiestSoft.com ) C:\Users\Liam Cameron\Downloads\Unconfirmed 750578.crdownload
2016-12-30 23:06 - 2016-12-30 23:56 - 20643540 _____ (EasiestSoft.com ) C:\Users\Liam Cameron\Downloads\Unconfirmed 35417.crdownload
2016-12-30 22:36 - 2016-12-30 23:02 - 14745300 _____ (EasiestSoft.com ) C:\Users\Liam Cameron\Downloads\Unconfirmed 216990.crdownload
2016-12-30 22:16 - 2016-12-30 22:16 - 00000822 _____ C:\Users\Liam Cameron\Desktop\Dothraki translation s2e1.srt
2016-12-30 13:05 - 2017-01-02 11:51 - 00000000 ____D C:\ProgramData\Betternet
2016-12-30 13:05 - 2016-12-30 13:05 - 00002028 _____ C:\Users\Public\Desktop\Betternet.lnk
2016-12-30 13:05 - 2016-12-30 13:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2016-12-30 13:05 - 2016-12-30 13:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Betternet Technologies Inc
2016-12-30 13:05 - 2016-12-30 13:05 - 00000000 ____D C:\Program Files\TAP-Windows
2016-12-30 13:05 - 2016-12-30 13:05 - 00000000 ____D C:\Program Files (x86)\OpenVPN
2016-12-30 13:05 - 2016-12-30 13:05 - 00000000 ____D C:\Program Files (x86)\Betternet
2016-12-30 12:34 - 2016-12-30 12:34 - 10665882 _____ (Betternet Technologies Inc.) C:\Users\Liam Cameron\Downloads\BetternetForWindows374.exe
2016-12-30 12:22 - 2016-12-30 12:22 - 00000553 _____ C:\WINDOWS\system32\host.txt
2016-12-30 11:14 - 2016-12-30 11:14 - 00000000 ____D C:\Users\Liam Cameron\AppData\Roaming\SmartSteamEmu
2016-12-30 11:14 - 2016-12-30 11:14 - 00000000 ____D C:\Users\Liam Cameron\AppData\LocalLow\Giant Army
2016-12-30 11:13 - 2016-12-30 11:14 - 00000000 ____D C:\Users\Liam Cameron\Downloads\Game.of.Thrones.Season.5.720p.BluRay.x264.ShAaNiG
2016-12-30 11:13 - 2016-12-30 11:13 - 00000000 ____D C:\Users\Liam Cameron\Downloads\Universe.Sandbox.2.Alpha.19
2016-12-30 11:13 - 2016-12-30 11:13 - 00000000 ____D C:\Users\Liam Cameron\Downloads\Game.of.Thrones.Season.6.720p.HDTV.x265.ShAaNiG
2016-12-30 11:12 - 2016-12-30 12:42 - 00000000 ____D C:\Users\Liam Cameron\Downloads\Game of Thrones - The Complete Season 3 [HDTV]
2016-12-30 11:12 - 2016-12-30 11:13 - 00000000 ____D C:\Users\Liam Cameron\Downloads\Game.of.Thrones.Season.4.720p.BluRay.x264-ShAaNiG
2016-12-29 16:55 - 2016-12-29 16:55 - 00000000 ____D C:\Users\Liam Cameron\AppData\Local\ElevatedDiagnostics
2016-12-29 10:20 - 2017-01-01 22:54 - 00000000 ____D C:\Users\Liam Cameron\AppData\Roaming\TunnelBear
2016-12-29 10:20 - 2016-12-29 10:20 - 00000000 ____D C:\Users\Liam Cameron\AppData\Local\IsolatedStorage
2016-12-29 10:19 - 2016-12-29 10:19 - 24709664 _____ (TunnelBear) C:\Users\Liam Cameron\Downloads\TunnelBear-Installer.exe
2016-12-28 20:21 - 2016-12-29 10:38 - 00000000 ____D C:\Users\Liam Cameron\AppData\Roaming\.minecraft
2016-12-28 20:21 - 2016-12-28 20:21 - 00000000 ____D C:\Users\Liam Cameron\AppData\Roaming\java
2016-12-28 19:43 - 2016-12-28 19:43 - 00000905 _____ C:\Users\Liam Cameron\Documents\Mortgage calculator.t
2016-12-28 17:54 - 2016-12-28 17:54 - 00000082 _____ C:\Users\Liam Cameron\Documents\spacing.t
2016-12-28 17:46 - 2016-12-30 22:12 - 00000000 ____D C:\Users\Liam Cameron\Downloads\Game.of.Thrones.S02.720p.BluRay.x264.ShAaNiG
2016-12-28 17:40 - 2016-12-28 17:40 - 00000129 _____ C:\Users\Liam Cameron\Documents\string counter.t
2016-12-28 17:28 - 2016-12-29 08:58 - 00000000 ____D C:\Users\Liam Cameron\Downloads\Rogue One A Star Wars Story 2016 x264 HDTS AAC(Deflickered)-DDR
2016-12-28 15:22 - 2016-12-30 13:05 - 00000618 _____ C:\WINDOWS\setupact.log
2016-12-28 15:22 - 2016-12-28 15:22 - 00000000 _____ C:\WINDOWS\setuperr.log
2016-12-28 08:10 - 2016-12-29 10:42 - 00001144 _____ C:\Users\Liam Cameron\Desktop\nativelog.txt
2016-12-27 21:38 - 2016-12-28 20:18 - 00000000 ____D C:\Program Files (x86)\Minecraft
2016-12-27 21:38 - 2016-12-27 21:38 - 00001032 _____ C:\Users\Public\Desktop\Minecraft.lnk
2016-12-27 21:38 - 2016-12-27 21:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2016-12-27 21:18 - 2016-12-27 21:38 - 02314240 _____ C:\Users\Liam Cameron\Downloads\MinecraftInstaller.msi
2016-12-27 20:58 - 2016-12-27 21:02 - 04121824 _____ (Husdawg, LLC) C:\Users\Liam Cameron\Downloads\Detection.exe
2016-12-27 20:32 - 2016-12-27 20:34 - 00114092 _____ C:\Users\Liam Cameron\Documents\panic.log
2016-12-27 20:31 - 2016-12-30 10:47 - 1258398326 ____R C:\Users\Liam Cameron\Downloads\Universe.Sandbox.2.Alpha.19.zip
2016-12-27 20:12 - 2016-12-27 20:12 - 00000000 ____D C:\Users\Liam Cameron\AppData\Local\Diagnostics
2016-12-27 19:18 - 2016-12-27 19:18 - 00000000 ____D C:\Users\Liam Cameron\Documents\OneNote Notebooks
2016-12-27 18:03 - 2016-12-27 18:03 - 00000000 ____D C:\Users\Liam Cameron\AppData\Local\SolarWinds
2016-12-27 17:52 - 2016-12-27 17:52 - 00000000 ____D C:\ProgramData\SolarWinds
2016-12-27 17:40 - 2016-12-27 17:50 - 04808111 _____ C:\Users\Liam Cameron\Downloads\SolarWinds-Realtime-Bandwidth-Monitor.zip
2016-12-27 16:42 - 2016-12-27 16:42 - 01131720 _____ (Opera Software) C:\Users\Liam Cameron\Downloads\OperaSetup.exe
2016-12-27 16:00 - 2017-01-02 12:08 - 00250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-12-27 16:00 - 2017-01-02 12:08 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-12-27 16:00 - 2016-12-29 23:20 - 00102856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2016-12-27 16:00 - 2016-12-27 16:25 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2016-12-27 16:00 - 2016-12-27 16:00 - 00176064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2016-12-27 16:00 - 2016-12-27 16:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2016-12-27 16:00 - 2016-12-27 16:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-12-27 16:00 - 2016-12-27 16:00 - 00000000 ____D C:\Program Files\Malwarebytes
2016-12-27 16:00 - 2016-12-14 13:55 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2016-12-27 15:19 - 2016-12-27 18:57 - 00000000 ____D C:\Users\Liam Cameron\Downloads\Game of Thrones Season 1 720p BluRay- mRs
2016-12-27 13:02 - 2016-12-27 13:02 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Liam Cameron\Downloads\rkill.exe
2016-12-27 12:29 - 2017-01-02 11:14 - 00004180 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A6AF8201-55FC-42EB-A6BA-D49210555196}
2016-12-27 12:25 - 2016-12-30 12:34 - 00000000 ____D C:\Users\Liam Cameron\AppData\Local\Downloaded Installations
2016-12-27 12:25 - 2016-12-27 20:49 - 00000000 ____D C:\Users\Liam Cameron\AppData\Roaming\Browsers
2016-12-27 12:25 - 2016-12-27 12:39 - 00000000 ____D C:\ProgramData\Windowsupdate
2016-12-27 12:25 - 2016-12-27 12:25 - 00000000 ____D C:\Users\Liam Cameron\AppData\Roaming\SPI
2016-12-26 21:18 - 2016-12-26 21:21 - 33663568 _____ (KeepKey,LLC) C:\Users\Liam Cameron\Downloads\multibit-windows-x64-0.4.1.exe
2016-12-26 21:06 - 2016-12-26 21:06 - 00001690 _____ C:\Users\Liam Cameron\Desktop\OneNote 2016.lnk
2016-12-26 21:04 - 2016-12-26 21:04 - 00000000 ____D C:\Program Files\Common Files\McAfee
2016-12-26 21:04 - 2016-12-26 21:04 - 00000000 ____D C:\Program Files\Common Files\AV
2016-12-26 21:04 - 2016-12-26 21:04 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-12-26 20:12 - 2016-12-26 22:28 - 00000000 ____D C:\Program Files\TrueKey
2016-12-26 20:12 - 2016-12-26 20:16 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-12-26 20:12 - 2016-12-26 20:15 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-12-26 20:12 - 2016-12-26 20:12 - 00002126 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-12-26 20:12 - 2016-12-26 20:12 - 00000000 ____D C:\Users\Liam Cameron\AppData\LocalLow\Adobe
2016-12-26 20:12 - 2016-12-26 20:12 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-12-26 20:11 - 2016-12-26 20:13 - 00000000 ____D C:\ProgramData\Adobe
2016-12-26 18:06 - 2016-12-26 20:12 - 00000000 ____D C:\Users\Liam Cameron\AppData\Local\Adobe
2016-12-26 18:02 - 2016-12-26 18:02 - 02263787 _____ C:\Users\Liam Cameron\Documents\Turing guide.pdf
2016-12-26 16:35 - 2016-12-26 16:35 - 00000000 ____D C:\Users\Liam Cameron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Acrylic Wi-Fi Home
2016-12-26 16:35 - 2016-12-26 16:35 - 00000000 ____D C:\Users\Liam Cameron\AppData\Roaming\Acrylic Wi-Fi Home
2016-12-26 16:35 - 2016-12-26 16:35 - 00000000 ____D C:\Program Files\Acrylic Wi-Fi Home
2016-12-26 16:18 - 2016-12-26 16:22 - 04598752 _____ (Tarlogic Security S.L. ) C:\Users\Liam Cameron\Downloads\Acrylic_WiFi_Home_v3.1.6117.24454-Setup.exe
2016-12-26 14:03 - 2016-12-26 14:03 - 00330086 _____ C:\Users\Liam Cameron\Downloads\desktop-wallpaper-floral-pattern-dark-desktop-background.jpg
2016-12-26 13:49 - 2017-01-02 12:08 - 00000000 ____D C:\WINDOWS\Prey
2016-12-26 13:44 - 2016-12-26 13:44 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-12-26 13:19 - 2016-12-26 13:19 - 00002059 _____ C:\Users\Liam Cameron\Desktop\Welcome to ASUS Product Registration.lnk
2016-12-26 13:19 - 2016-12-26 13:19 - 00000000 ____D C:\ProgramData\APRP
2016-12-26 13:13 - 2017-01-02 12:08 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2016-12-26 13:12 - 2017-01-02 12:07 - 00159413 ____H C:\Users\Liam Cameron\AppData\Local\IconCache.db
2016-12-26 13:12 - 2017-01-02 11:26 - 00014188 _____ C:\WINDOWS\PFRO.log
2016-12-26 13:01 - 2016-12-26 23:24 - 00012701 _____ C:\Users\Liam Cameron\Documents\Foot Size vs Jump Height.docx
2016-12-26 13:00 - 2016-12-26 13:00 - 00000000 ____D C:\Users\Liam Cameron\Documents\Custom Office Templates
2016-12-25 17:48 - 2016-12-25 17:48 - 02263787 _____ C:\Users\Liam Cameron\Downloads\Turing guide.pdf
2016-12-25 17:11 - 2016-12-25 17:11 - 00000000 ____D C:\Users\Liam Cameron\AppData\Roaming\NVIDIA
2016-12-25 17:09 - 2016-12-25 17:09 - 00000000 ____D C:\Program Files (x86)\FurMark
2016-12-25 17:08 - 2016-12-25 17:08 - 00000000 ____D C:\Users\Liam Cameron\AppData\Local\Programs
2016-12-25 17:05 - 2016-12-25 17:08 - 05802211 _____ (Geeks3D ) C:\Users\Liam Cameron\Downloads\FurMark_1.18.2.0_Setup.exe
2016-12-25 16:58 - 2016-12-25 16:58 - 00000988 _____ C:\Users\Liam Cameron\Documents\PC Stress test #1.nbr
2016-12-25 16:56 - 2016-12-25 16:56 - 00000000 ____D C:\ProgramData\NovaTech Network
2016-12-25 16:55 - 2016-12-25 16:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NovaBench
2016-12-25 16:55 - 2016-12-25 16:55 - 00000000 ____D C:\Program Files (x86)\Novawave
2016-12-25 16:55 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_42.dll
2016-12-25 16:55 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_42.dll
2016-12-25 16:54 - 2016-12-25 16:55 - 12261072 _____ (Novawave Inc. ) C:\Users\Liam Cameron\Downloads\novabench.exe
2016-12-25 16:43 - 2017-01-02 12:08 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2016-12-25 16:43 - 2016-12-25 16:44 - 00000000 ____D C:\Users\Liam Cameron\AppData\Local\paint.net
2016-12-25 16:43 - 2016-12-25 16:43 - 00001106 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2016-12-25 16:43 - 2016-12-25 16:43 - 00001094 _____ C:\Users\Public\Desktop\paint.net.lnk
2016-12-25 16:43 - 2016-12-25 16:43 - 00000000 ____D C:\Program Files\paint.net
2016-12-25 16:41 - 2016-12-25 16:42 - 07055677 _____ C:\Users\Liam Cameron\Downloads\paint.net.4.0.13.install.zip
2016-12-25 16:36 - 2016-12-27 16:51 - 00000000 ____D C:\Users\Liam Cameron\Desktop\Protection
2016-12-25 16:31 - 2016-12-25 16:31 - 00002884 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-12-25 16:31 - 2016-12-25 16:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-12-25 16:31 - 2016-12-25 16:31 - 00000000 ____D C:\Program Files\CCleaner
2016-12-25 16:30 - 2016-12-25 16:31 - 08803648 _____ (Piriform Ltd) C:\Users\Liam Cameron\Downloads\ccsetup525.exe
2016-12-25 14:35 - 2016-12-29 09:03 - 00000450 _____ C:\Users\Liam Cameron\AppData\Roaming\turing_files.ini
2016-12-25 14:35 - 2016-12-25 14:35 - 00000050 _____ C:\Users\Liam Cameron\Documents\Hello World!.t
2016-12-25 14:33 - 2016-12-25 16:06 - 00000000 ____D C:\Users\Liam Cameron\Downloads\Turing 4.1.1
2016-12-25 14:33 - 2016-12-25 16:06 - 00000000 ____D C:\Users\Liam Cameron\Desktop\Turing 4.1.1
2016-12-25 14:31 - 2016-12-25 14:32 - 09367003 _____ C:\Users\Liam Cameron\Downloads\Turing 4.1.1.zip
2016-12-25 14:18 - 2016-12-25 14:18 - 00000000 ____D C:\Users\Liam Cameron\AppData\Roaming\Mozilla
2016-12-25 14:18 - 2016-12-25 14:18 - 00000000 ____D C:\Users\Liam Cameron\AppData\Roaming\Macromedia
2016-12-25 14:18 - 2016-12-25 14:18 - 00000000 ____D C:\Users\Liam Cameron\AppData\Local\Macromedia
2016-12-25 14:07 - 2016-11-23 08:37 - 00000570 _____ C:\Users\Liam Cameron\AppData\Local\TroubleshooterConfig.json
2016-12-25 14:06 - 2016-12-29 10:44 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-12-25 14:06 - 2016-12-25 14:06 - 00001644 _____ C:\Users\Public\Desktop\BlueStacks.lnk
2016-12-25 14:06 - 2016-12-25 14:06 - 00001644 _____ C:\ProgramData\Microsoft\Windows\Start Menu\BlueStacks.lnk
2016-12-25 14:06 - 2016-12-25 14:06 - 00000000 ____D C:\Users\Liam Cameron\AppData\Local\Bluestacks
2016-12-25 14:05 - 2016-12-25 14:06 - 00000000 ____D C:\Program Files (x86)\Bluestacks
2016-12-25 14:05 - 2016-12-13 12:27 - 00000000 ____D C:\ProgramData\Bluestacks
2016-12-25 13:55 - 2016-12-25 14:05 - 331190024 _____ (BlueStack Systems Inc.) C:\Users\Liam Cameron\Downloads\BlueStacks2_native_c66fb4adc14f7413a957b93dfa230ec4.exe
2016-12-25 13:50 - 2016-12-25 13:50 - 00000000 ____D C:\Users\Liam Cameron\AppData\Roaming\Opera Software
2016-12-25 13:50 - 2016-12-25 13:50 - 00000000 ____D C:\Users\Liam Cameron\AppData\Local\Opera Software
2016-12-25 13:49 - 2016-12-27 16:57 - 00003974 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1482691792
2016-12-25 13:49 - 2016-12-27 16:57 - 00001206 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-12-25 13:49 - 2016-12-25 13:49 - 00001206 ____H C:\Users\Public\Desktop\Opera.lnk
2016-12-25 13:48 - 2016-12-30 21:01 - 00000000 ____D C:\Program Files (x86)\Opera
2016-12-25 13:48 - 2016-12-25 13:48 - 00002753 _____ C:\Users\Liam Cameron\Desktop\BitTorrent.lnk
2016-12-25 13:48 - 2016-12-25 13:48 - 00002753 _____ C:\Users\Liam Cameron\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2016-12-25 13:48 - 2016-12-25 13:48 - 00000000 ____D C:\Users\Liam Cameron\AppData\Roaming\opera_helper
2016-12-25 13:45 - 2017-01-02 00:01 - 00000000 ____D C:\Users\Liam Cameron\AppData\Roaming\BitTorrent
2016-12-25 13:45 - 2016-12-25 13:45 - 02400456 _____ (BitTorrent Inc.) C:\Users\Liam Cameron\Downloads\BitTorrent.exe
2016-12-25 11:31 - 2016-12-25 11:31 - 00001678 _____ C:\Users\Liam Cameron\Desktop\Word 2016.lnk
2016-12-25 11:31 - 2016-12-25 11:31 - 00001670 _____ C:\Users\Liam Cameron\Desktop\Excel 2016.lnk
2016-12-25 11:30 - 2016-12-25 11:30 - 00001714 _____ C:\Users\Liam Cameron\Desktop\PowerPoint 2016.lnk
2016-12-25 10:57 - 2016-12-25 10:57 - 00003628 _____ C:\WINDOWS\System32\Tasks\ASUS Smart Gesture Launcher
2016-12-25 10:40 - 2016-12-25 10:40 - 00000000 ____D C:\Users\Liam Cameron\AppData\Local\speech
2016-12-25 10:30 - 2016-12-25 10:30 - 00002495 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-12-25 10:30 - 2016-12-25 10:30 - 00002494 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2016-12-25 10:30 - 2016-12-25 10:30 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2016-12-25 10:30 - 2016-12-25 10:30 - 00002437 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-12-25 10:30 - 2016-12-25 10:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2016-12-25 10:24 - 2016-12-25 10:24 - 00001299 _____ C:\Users\Liam Cameron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eye Care Switcher.lnk
2016-12-25 10:18 - 2016-12-25 10:18 - 00524288 ___SH C:\Users\Public\NTUSER.DAT{612d77b3-caae-11e6-9be1-185e0f19fab3}.TMContainer00000000000000000002.regtrans-ms
2016-12-25 10:18 - 2016-12-25 10:18 - 00524288 ___SH C:\Users\Public\NTUSER.DAT{612d77b3-caae-11e6-9be1-185e0f19fab3}.TMContainer00000000000000000001.regtrans-ms
2016-12-25 10:18 - 2016-12-25 10:18 - 00524288 ___SH C:\Users\Default.migrated\NTUSER.DAT{612d77ae-caae-11e6-9be1-185e0f19fab3}.TMContainer00000000000000000002.regtrans-ms
2016-12-25 10:18 - 2016-12-25 10:18 - 00524288 ___SH C:\Users\Default.migrated\NTUSER.DAT{612d77ae-caae-11e6-9be1-185e0f19fab3}.TMContainer00000000000000000001.regtrans-ms
2016-12-25 10:18 - 2016-12-25 10:18 - 00065536 ___SH C:\Users\Public\NTUSER.DAT{612d77b3-caae-11e6-9be1-185e0f19fab3}.TM.blf
2016-12-25 10:18 - 2016-12-25 10:18 - 00065536 ___SH C:\Users\Default.migrated\NTUSER.DAT{612d77ae-caae-11e6-9be1-185e0f19fab3}.TM.blf
2016-12-25 10:18 - 2016-12-25 10:18 - 00008192 ___SH C:\Users\Public\NTUSER.DAT.LOG1
2016-12-25 10:18 - 2016-12-25 10:18 - 00008192 ___SH C:\Users\Default.migrated\NTUSER.DAT.LOG1
2016-12-25 10:18 - 2016-12-25 10:18 - 00008192 _____ C:\Users\Public\NTUSER.DAT
2016-12-25 10:18 - 2016-12-25 10:18 - 00008192 _____ C:\Users\Default.migrated\NTUSER.DAT
2016-12-25 10:18 - 2016-12-25 10:18 - 00000000 ___SH C:\Users\Public\NTUSER.DAT.LOG2
2016-12-25 10:18 - 2016-12-25 10:18 - 00000000 ___SH C:\Users\Default.migrated\NTUSER.DAT.LOG2
2016-12-25 10:12 - 2016-12-25 10:34 - 00000000 ____D C:\Users\Liam Cameron\AppData\Local\Google
2016-12-25 10:12 - 2016-12-25 10:12 - 00000000 ____D C:\Users\Liam Cameron\AppData\Local\CEF
2016-12-25 10:11 - 2017-01-02 11:34 - 00004020 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1482678709
2016-12-25 10:11 - 2017-01-02 11:34 - 00001090 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-12-25 10:11 - 2016-12-25 10:11 - 00002274 ____H C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-25 10:11 - 2016-12-25 10:11 - 00002262 ____H C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-25 10:11 - 2016-12-25 10:11 - 00001090 ____H C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-12-25 10:11 - 2016-12-25 10:11 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-12-25 10:05 - 2016-12-25 14:10 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-25 10:05 - 2016-12-25 14:10 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-25 10:05 - 2016-12-25 10:11 - 00000000 ____D C:\Program Files (x86)\Google
2016-12-25 10:04 - 2016-12-25 10:04 - 00037144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2016-12-25 09:55 - 2016-12-25 09:57 - 03907384 _____ (Microsoft Corporation) C:\Users\Liam Cameron\Downloads\Setup.X86.en-US_HomeStudentRetail_0f7a5905-399a-4c3b-bf49-3c164560a60c_TX_PR_.exe
2016-12-25 09:50 - 2016-12-25 09:50 - 00000000 ____D C:\Users\Liam Cameron\AppData\Roaming\AVAST Software
2016-12-25 09:48 - 2017-01-02 11:24 - 00004004 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-12-25 09:48 - 2016-12-25 09:49 - 00969184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2016-12-25 09:48 - 2016-12-25 09:49 - 00513632 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2016-12-25 09:48 - 2016-12-25 09:49 - 00293352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2016-12-25 09:48 - 2016-12-25 09:48 - 00163416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2016-12-25 09:48 - 2016-12-25 09:48 - 00108816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2016-12-25 09:48 - 2016-12-25 09:48 - 00103064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2016-12-25 09:48 - 2016-12-25 09:48 - 00074544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2016-12-25 09:48 - 2016-12-25 09:48 - 00053208 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2016-12-25 09:48 - 2016-12-25 09:48 - 00044640 _____ (The OpenVPN Project) C:\WINDOWS\system32\Drivers\aswTap.sys
2016-12-25 09:48 - 2016-12-25 09:48 - 00037656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2016-12-25 09:47 - 2016-12-25 09:47 - 00000000 ____D C:\Users\Liam Cameron\AppData\Local\Comms
2016-12-25 09:42 - 2016-12-25 10:04 - 00000000 ____D C:\Program Files\AVAST Software
2016-12-25 09:41 - 2016-12-25 10:04 - 00000000 ____D C:\ProgramData\AVAST Software
2016-12-25 09:40 - 2016-12-25 09:41 - 06334848 _____ (AVAST Software) C:\Users\Liam Cameron\Downloads\avast_free_antivirus_setup_online.exe
2016-12-25 09:37 - 2016-12-25 09:37 - 00003304 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2016-12-25 09:36 - 2016-12-29 23:40 - 00003834 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2016-12-25 09:36 - 2016-12-25 09:36 - 00000000 ____D C:\Users\Liam Cameron\AppData\Roaming\Skype
2016-12-25 09:36 - 2016-12-25 09:36 - 00000000 ____D C:\Users\Liam Cameron\AppData\Roaming\awsRun
2016-12-25 09:34 - 2016-12-25 09:34 - 00000000 ____D C:\Users\Liam Cameron\AppData\Local\NetworkTiles
2016-12-25 09:33 - 2016-12-25 09:37 - 00000000 ____D C:\Users\Liam Cameron\AppData\Local\MicrosoftEdge
2016-12-25 09:31 - 2017-01-02 11:57 - 00000000 ___RD C:\Users\Liam Cameron\OneDrive
2016-12-25 09:31 - 2016-12-25 14:18 - 00000000 ___SD C:\Users\Liam Cameron\AppData\LocalLow\Microsoft
2016-12-25 09:31 - 2016-12-25 09:37 - 00002386 _____ C:\Users\Liam Cameron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-12-25 09:31 - 2016-12-25 09:31 - 00000000 ____D C:\Users\Liam Cameron\AppData\Roaming\DropboxOEM
2016-12-25 09:31 - 2016-12-25 09:31 - 00000000 ____D C:\Users\Liam Cameron\AppData\Local\NVIDIA
2016-12-25 09:31 - 2016-12-25 09:31 - 00000000 ____D C:\Users\Liam Cameron\AppData\Local\DropboxOEM
2016-12-25 09:30 - 2017-01-02 12:09 - 00000165 _____ C:\Users\Liam Cameron\AppData\Roaming\sp_data.sys
2016-12-25 09:30 - 2017-01-02 12:08 - 00000000 __SHD C:\Users\Liam Cameron\IntelGraphicsProfiles
2016-12-25 09:30 - 2016-12-28 15:04 - 00000000 ____D C:\Users\Liam Cameron\AppData\Local\VirtualStore
2016-12-25 09:30 - 2016-12-27 19:20 - 00000000 ___RD C:\Users\Liam Cameron\Searches
2016-12-25 09:30 - 2016-12-27 19:18 - 00000000 ___RD C:\Users\Liam Cameron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2016-12-25 09:30 - 2016-12-26 20:12 - 00000000 ____D C:\Users\Liam Cameron\AppData\Roaming\Adobe
2016-12-25 09:30 - 2016-12-25 18:21 - 00000000 ____D C:\Users\Liam Cameron\AppData\Local\Packages
2016-12-25 09:30 - 2016-12-25 09:30 - 00000402 ___SH C:\Users\Liam Cameron\Documents\desktop.ini
2016-12-25 09:30 - 2016-12-25 09:30 - 00000282 ___SH C:\Users\Liam Cameron\Downloads\desktop.ini
2016-12-25 09:30 - 2016-12-25 09:30 - 00000282 ___SH C:\Users\Liam Cameron\Desktop\desktop.ini
2016-12-25 09:30 - 2016-12-25 09:30 - 00000174 ___SH C:\Users\Liam Cameron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
2016-12-25 09:30 - 2016-12-25 09:30 - 00000174 ___SH C:\Users\Liam Cameron\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
2016-12-25 09:30 - 2016-12-25 09:30 - 00000000 ___RD C:\Users\Liam Cameron\Contacts
2016-12-25 09:30 - 2016-12-25 09:30 - 00000000 ___RD C:\Users\Liam Cameron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2016-12-25 09:30 - 2016-12-25 09:30 - 00000000 ____D C:\Users\Liam Cameron\AppData\Roaming\WebStorage
2016-12-25 09:30 - 2016-12-25 09:30 - 00000000 ____D C:\Users\Liam Cameron\AppData\Roaming\Intel
2016-12-25 09:30 - 2016-12-25 09:30 - 00000000 ____D C:\Users\Liam Cameron\AppData\Local\TileDataLayer
2016-12-25 09:30 - 2016-12-25 09:30 - 00000000 ____D C:\Users\Liam Cameron\AppData\Local\Publishers
2016-12-25 09:30 - 2016-12-25 09:30 - 00000000 ____D C:\Users\Liam Cameron\AppData\Local\ActiveSync
2016-12-25 09:29 - 2017-01-02 12:28 - 00000000 ____D C:\Users\Liam Cameron\AppData\Local\Temp
2016-12-25 09:29 - 2017-01-02 12:27 - 00000000 ___RD C:\Users\Liam Cameron\Downloads
2016-12-25 09:29 - 2017-01-02 12:07 - 02359296 ___SH C:\Users\Liam Cameron\NTUSER.DAT
2016-12-25 09:29 - 2017-01-02 11:49 - 00000000 ____D C:\Users\Liam Cameron\AppData\LocalLow
2016-12-25 09:29 - 2017-01-02 11:11 - 00000000 ____D C:\Users\Liam Cameron\AppData\Local
2016-12-25 09:29 - 2016-12-31 23:23 - 00000000 ____D C:\Users\Liam Cameron
2016-12-25 09:29 - 2016-12-30 22:16 - 00000000 ___RD C:\Users\Liam Cameron\Desktop
2016-12-25 09:29 - 2016-12-30 11:14 - 00000000 ____D C:\Users\Liam Cameron\AppData\Roaming
2016-12-25 09:29 - 2016-12-29 19:45 - 00524288 ___SH C:\Users\Liam Cameron\NTUSER.DAT{28cdf819-e970-11e5-b48d-9b8a4dc2168e}.TMContainer00000000000000000001.regtrans-ms
2016-12-25 09:29 - 2016-12-29 19:45 - 00065536 ___SH C:\Users\Liam Cameron\NTUSER.DAT{28cdf819-e970-11e5-b48d-9b8a4dc2168e}.TM.blf
2016-12-25 09:29 - 2016-12-29 10:36 - 00000000 ___RD C:\Users\Liam Cameron\Videos
2016-12-25 09:29 - 2016-12-28 19:54 - 00000000 ___RD C:\Users\Liam Cameron\Pictures
2016-12-25 09:29 - 2016-12-28 19:43 - 00000000 ___RD C:\Users\Liam Cameron\Documents
2016-12-25 09:29 - 2016-12-27 21:33 - 00000000 ____D C:\Users\Liam Cameron\AppData\Local\Microsoft
2016-12-25 09:29 - 2016-12-27 21:30 - 00000000 ___RD C:\Users\Liam Cameron\Music
2016-12-25 09:29 - 2016-12-27 19:20 - 00000000 ___SD C:\Users\Liam Cameron\AppData\Roaming\Microsoft
2016-12-25 09:29 - 2016-12-27 16:34 - 00000000 ___RD C:\Users\Liam Cameron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2016-12-25 09:29 - 2016-12-26 16:35 - 00000000 ___RD C:\Users\Liam Cameron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
2016-12-25 09:29 - 2016-12-25 09:30 - 00000000 ___RD C:\Users\Liam Cameron\Saved Games
2016-12-25 09:29 - 2016-12-25 09:30 - 00000000 ___RD C:\Users\Liam Cameron\Links
2016-12-25 09:29 - 2016-12-25 09:30 - 00000000 ___RD C:\Users\Liam Cameron\Favorites
2016-12-25 09:29 - 2016-12-25 09:29 - 00819200 ___SH C:\Users\Liam Cameron\ntuser.dat.LOG1
2016-12-25 09:29 - 2016-12-25 09:29 - 00643072 ___SH C:\Users\Liam Cameron\ntuser.dat.LOG2
2016-12-25 09:29 - 2016-12-25 09:29 - 00524288 ___SH C:\Users\Liam Cameron\NTUSER.DAT{28cdf819-e970-11e5-b48d-9b8a4dc2168e}.TMContainer00000000000000000002.regtrans-ms
2016-12-25 09:29 - 2016-12-25 09:29 - 00000020 ___SH C:\Users\Liam Cameron\ntuser.ini
2016-12-25 09:29 - 2016-12-25 09:29 - 00000000 _SHDL C:\Users\Liam Cameron\Templates
2016-12-25 09:29 - 2016-12-25 09:29 - 00000000 _SHDL C:\Users\Liam Cameron\Start Menu
2016-12-25 09:29 - 2016-12-25 09:29 - 00000000 _SHDL C:\Users\Liam Cameron\SendTo
2016-12-25 09:29 - 2016-12-25 09:29 - 00000000 _SHDL C:\Users\Liam Cameron\Recent
2016-12-25 09:29 - 2016-12-25 09:29 - 00000000 _SHDL C:\Users\Liam Cameron\PrintHood
2016-12-25 09:29 - 2016-12-25 09:29 - 00000000 _SHDL C:\Users\Liam Cameron\NetHood
2016-12-25 09:29 - 2016-12-25 09:29 - 00000000 _SHDL C:\Users\Liam Cameron\My Documents
2016-12-25 09:29 - 2016-12-25 09:29 - 00000000 _SHDL C:\Users\Liam Cameron\Local Settings
2016-12-25 09:29 - 2016-12-25 09:29 - 00000000 _SHDL C:\Users\Liam Cameron\Documents\My Videos
2016-12-25 09:29 - 2016-12-25 09:29 - 00000000 _SHDL C:\Users\Liam Cameron\Documents\My Pictures
2016-12-25 09:29 - 2016-12-25 09:29 - 00000000 _SHDL C:\Users\Liam Cameron\Documents\My Music
2016-12-25 09:29 - 2016-12-25 09:29 - 00000000 _SHDL C:\Users\Liam Cameron\Cookies
2016-12-25 09:29 - 2016-12-25 09:29 - 00000000 _SHDL C:\Users\Liam Cameron\Application Data
2016-12-25 09:29 - 2016-12-25 09:29 - 00000000 _SHDL C:\Users\Liam Cameron\AppData\Local\Temporary Internet Files
2016-12-25 09:29 - 2016-12-25 09:29 - 00000000 _SHDL C:\Users\Liam Cameron\AppData\Local\History
2016-12-25 09:29 - 2016-12-25 09:29 - 00000000 _SHDL C:\Users\Liam Cameron\AppData\Local\Application Data
2016-12-25 09:29 - 2016-12-25 09:29 - 00000000 ___HD C:\Users\Liam Cameron\AppData
2016-12-25 09:29 - 2016-03-13 18:01 - 00000000 ___RD C:\Users\Liam Cameron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2016-12-25 09:29 - 2016-03-13 18:01 - 00000000 ___RD C:\Users\Liam Cameron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2016-12-25 09:29 - 2016-03-13 18:01 - 00000000 ____D C:\Users\Liam Cameron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2016-12-25 09:29 - 2016-03-13 17:14 - 00000000 __RSD C:\Users\Liam Cameron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2016-12-25 09:29 - 2016-03-13 17:14 - 00000000 ____D C:\Users\Liam Cameron\Roaming
2016-12-25 09:28 - 2016-12-25 09:30 - 00000000 ____D C:\ProgramData\USBChargerPlus
2016-12-25 09:28 - 2016-12-25 09:28 - 00000000 ____D C:\ProgramData\ASUS
2016-12-25 09:26 - 2015-10-30 04:01 - 00037616 _____ C:\WINDOWS\SysWOW64\license.rtf
2016-12-25 09:26 - 2015-10-30 04:01 - 00037616 _____ C:\WINDOWS\system32\license.rtf
2016-12-25 09:24 - 2016-12-25 16:43 - 00000000 ____D C:\WINDOWS\SoftwareDistribution
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-02 12:15 - 2016-03-13 18:00 - 00000000 ____D C:\WINDOWS\INF
2017-01-02 12:15 - 2015-08-18 03:36 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-02 12:08 - 2016-03-13 17:55 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2017-01-02 12:08 - 2016-03-13 17:15 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-02 12:08 - 2016-03-13 17:07 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-01-02 12:01 - 2015-12-17 08:34 - 00003544 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
2017-01-02 12:01 - 2015-12-17 08:34 - 00003534 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
2017-01-02 11:15 - 2016-03-13 18:01 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-01 22:54 - 2015-12-17 08:22 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-01 19:10 - 2016-03-13 18:04 - 00000000 ____D C:\WINDOWS\OCR
2017-01-01 19:10 - 2016-03-13 17:58 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-01 14:54 - 2016-03-13 18:01 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2017-01-01 11:34 - 2016-03-13 18:01 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-01 11:29 - 2016-03-13 18:01 - 00000000 ____D C:\WINDOWS\rescache
2016-12-31 23:24 - 2016-03-13 18:01 - 00000000 ____D C:\WINDOWS\system32\WDI
2016-12-30 19:57 - 2016-03-13 18:01 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2016-12-30 19:57 - 2016-03-13 18:01 - 00000000 ____D C:\WINDOWS\system32\en-US
2016-12-30 19:57 - 2016-03-13 18:01 - 00000000 ____D C:\Program Files\Windows Journal
2016-12-30 17:04 - 2016-03-13 18:01 - 00000000 ____D C:\WINDOWS\Logs
2016-12-30 13:05 - 2016-03-13 17:55 - 00000000 ___RD C:\Program Files
2016-12-30 13:05 - 2016-03-13 17:55 - 00000000 ____D C:\WINDOWS\system32\DriverStore
2016-12-28 21:03 - 2016-03-13 18:01 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-12-27 17:58 - 2016-03-13 18:01 - 00000000 ___SD C:\ProgramData\Microsoft
2016-12-27 17:28 - 2016-03-13 18:01 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-12-27 16:19 - 2015-07-10 06:04 - 00000888 _____ C:\WINDOWS\system32\Drivers\etc\hosts
2016-12-27 12:25 - 2016-03-13 18:01 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
2016-12-26 23:02 - 2016-03-13 18:01 - 00000000 ___RD C:\WINDOWS\assembly
2016-12-26 23:01 - 2016-03-13 18:01 - 00000000 ____D C:\WINDOWS\system32\catroot2
2016-12-26 21:04 - 2016-03-13 17:55 - 00000000 ____D C:\Program Files\Common Files
2016-12-26 21:04 - 2015-12-17 08:36 - 00000000 ____D C:\ProgramData\McAfee
2016-12-26 20:12 - 2016-03-13 17:55 - 00000000 ____D C:\Program Files (x86)\Common Files
2016-12-26 16:37 - 2015-12-17 08:43 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-12-26 13:12 - 2016-03-13 18:01 - 00000000 ____D C:\WINDOWS\debug
2016-12-26 13:12 - 2016-03-13 17:55 - 00000000 ____D C:\WINDOWS\system32\CatRoot
2016-12-26 13:12 - 2016-03-13 17:06 - 00232944 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-12-25 16:43 - 2016-03-13 18:01 - 00000000 ____D C:\WINDOWS\system32\restore
2016-12-25 16:33 - 2016-03-13 18:05 - 00000000 ___DC C:\WINDOWS\Panther
2016-12-25 14:31 - 2016-07-05 11:47 - 00000000 __SHD C:\$RECYCLE.BIN
2016-12-25 14:09 - 2016-03-13 18:01 - 00000000 ____D C:\WINDOWS\system32\LogFiles
2016-12-25 14:06 - 2016-03-13 18:01 - 00000000 __RHD C:\Users\Public\Libraries
2016-12-25 10:57 - 2015-12-17 08:34 - 00000000 ____D C:\Program Files\DIFX
2016-12-25 10:57 - 2015-08-18 03:37 - 00000000 ____D C:\Program Files (x86)\ASUS
2016-12-25 10:56 - 2016-03-13 18:04 - 00000000 ____D C:\ProgramData\SetupTPDriver
2016-12-25 10:53 - 2016-03-13 18:01 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-12-25 10:52 - 2016-03-13 18:01 - 00000000 ____D C:\Program Files (x86)\Microsoft.NET
2016-12-25 10:20 - 2016-03-13 18:01 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-12-25 10:20 - 2016-03-13 17:55 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-12-25 10:18 - 2016-03-13 18:01 - 00000000 ___RD C:\Users\Public
2016-12-25 10:18 - 2016-03-13 17:55 - 00262144 ___SH C:\Users\Default\NTUSER.DAT
2016-12-25 10:18 - 2015-07-10 04:05 - 00000000 ____D C:\Users\Default.migrated
2016-12-25 10:14 - 2016-03-13 18:01 - 00000000 __RSD C:\WINDOWS\Fonts
2016-12-25 10:11 - 2016-03-13 18:01 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-12-25 09:46 - 2016-03-13 17:55 - 00000000 ___RD C:\Users
2016-12-25 09:36 - 2015-12-17 08:23 - 00000000 ____D C:\ProgramData\Intel
2016-12-25 09:30 - 2015-12-17 08:20 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-12-25 09:25 - 2016-03-13 18:01 - 00000000 ____D C:\WINDOWS\system32\Recovery
2016-12-25 09:24 - 2016-03-13 17:07 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2016-12-25 09:24 - 2016-03-13 17:07 - 00000000 ____D C:\ProgramData\NVIDIA
2016-12-25 09:23 - 2016-03-13 18:01 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-12-25 09:23 - 2016-03-13 17:07 - 00000000 ____D C:\Program Files\CONEXANT
2016-12-25 09:23 - 2015-12-17 08:46 - 00002670 _____ C:\WINDOWS\System32\Tasks\ASUS Patch for Touch Panel
2016-12-25 09:23 - 2015-12-17 08:40 - 00002340 _____ C:\WINDOWS\System32\Tasks\ASUS USB Charger Plus
2016-12-25 09:23 - 2015-12-17 08:35 - 00002214 _____ C:\WINDOWS\System32\Tasks\ASUS Splendid ACMON
2016-12-25 09:23 - 2015-12-17 08:34 - 00002612 _____ C:\WINDOWS\System32\Tasks\Update Checker
2016-12-25 09:23 - 2015-12-17 08:33 - 00003040 _____ C:\WINDOWS\System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec
2016-12-25 09:23 - 2015-12-17 08:33 - 00002924 _____ C:\WINDOWS\System32\Tasks\ATK Package 36D18D69AFC3
2016-12-25 09:23 - 2015-12-17 08:33 - 00002674 _____ C:\WINDOWS\System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon
2016-12-25 09:23 - 2015-12-17 08:33 - 00002214 _____ C:\WINDOWS\System32\Tasks\ATK Package A22126881260
2016-12-25 09:23 - 2015-08-18 03:38 - 00002172 _____ C:\WINDOWS\System32\Tasks\DropboxOEM
2016-12-25 09:22 - 2016-03-13 17:07 - 00000000 ___HD C:\Intel
2016-12-25 09:22 - 2016-03-13 17:07 - 00000000 ____D C:\Program Files (x86)\Intel
2016-12-25 09:21 - 2016-03-13 17:07 - 00000000 ____D C:\ProgramData\Conexant
 
==================== Files in the root of some directories =======
 
2016-12-25 09:30 - 2017-01-02 12:09 - 0000165 _____ () C:\Users\Liam Cameron\AppData\Roaming\sp_data.sys
2016-12-25 14:35 - 2016-12-29 09:03 - 0000450 _____ () C:\Users\Liam Cameron\AppData\Roaming\turing_files.ini
2016-12-25 14:07 - 2016-11-23 08:37 - 0000570 _____ () C:\Users\Liam Cameron\AppData\Local\TroubleshooterConfig.json
 
Some files in TEMP:
====================
C:\Users\Liam Cameron\AppData\Local\Temp\msvcp120.dll
C:\Users\Liam Cameron\AppData\Local\Temp\msvcr120.dll
C:\Users\Liam Cameron\AppData\Local\Temp\pc-decrapifier.exe
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2016-03-13 17:06
 
==================== End of FRST.txt ============================
 
 
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-01-2017
Ran by Liam Cameron (02-01-2017 12:28:29)
Running from C:\Users\Liam Cameron\Downloads
Windows 10 Home Version 1511 (X64) (2016-12-25 14:28:27)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-214791878-4100251593-1600971497-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-214791878-4100251593-1600971497-503 - Limited - Disabled)
Guest (S-1-5-21-214791878-4100251593-1600971497-501 - Limited - Disabled)
Liam Cameron (S-1-5-21-214791878-4100251593-1600971497-1001 - Administrator - Enabled) => C:\Users\Liam Cameron
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: Avast Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acrylic Wi-Fi Home v3.1 (HKU\S-1-5-21-214791878-4100251593-1600971497-1001\...\{3706FB7A-11FB-44C4-AD94-2B29878D75DC}_is1) (Version: 3.1 - Tarlogic Security S.L.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.5 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.12 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.13.0004 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.6 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0040 - ASUS)
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.0.99 - ICEpower a/s)
Avast Internet Security (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
Betternet for Windows (HKLM-x32\...\{2E77104D-96E1-4A9C-86F2-C7CF4C703740}) (Version: 3.7.4.0 - Betternet Technologies Inc.)
BitTorrent (HKU\S-1-5-21-214791878-4100251593-1600971497-1001\...\BitTorrent) (Version: 7.9.9.43086 - BitTorrent Inc.)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.5.83.6332 - BlueStack Systems, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.16.55 - Conexant)
CyberLink PhotoDirector 5 (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6515 - CyberLink Corp.)
CyberLink PhotoDirector 5 (Version: 5.0.5.6515 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4010.0 - CyberLink Corp.)
CyberLink PowerDirector 12 (Version: 12.0.4010.0 - CyberLink Corp.) Hidden
Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.0.2 - ASUSTek Computer Inc.)
Dropbox 25 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.8.0 - Dropbox, Inc.)
Geeks3D FurMark 1.18.2.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version:  - Geeks3D)
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.5.0.6.1001 - Genesys Logic)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Intel® Chipset Device Software (x32 Version: 10.1.1.11 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10603.192 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1167 - Intel Corporation)
Intel® WiDi (HKLM\...\{C7CD6D54-26AF-4D93-B06F-D81ACE8624CB}) (Version: 6.0.40.0 - Intel Corporation)
Intel® WiDi Software Asset Manager (x32 Version: 1.1.347 - Intel Corporation) Hidden
Intel® Wireless Bluetooth® (HKLM-x32\...\{64FD4757-7186-4F12-9AA8-5EE809CAB282}) (Version: 17.1.1532.1814 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{4c8b7360-62a2-4339-b745-41323055d0bb}) (Version: 18.20.0 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Malwarebytes version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.7571.2075 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-214791878-4100251593-1600971497-1001\...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
NovaBench 3.0.4 (HKLM-x32\...\{88603FC0-6B3C-442D-981E-E3D49F083548}_is1) (Version:  - Novawave Inc.)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7571.2075 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7571.2075 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7571.2075 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7571.2075 - Microsoft Corporation) Hidden
OpenVPN 2.3.12-I602  (HKLM-x32\...\OpenVPN) (Version: 2.3.12-I602 - )
Opera Stable 42.0.2393.94 (HKLM-x32\...\Opera 42.0.2393.94) (Version: 42.0.2393.94 - Opera Software)
paint.net (HKLM\...\{6AC1101E-7561-43C9-BEEA-4AB1D220D8FF}) (Version: 4.0.13 - dotPDN LLC)
Prey Anti-Theft (x32 Version: 1.6.5 - Prey, Inc.) Hidden
SafeZone Stable 1.51.2220.62 (x32 Version: 1.51.2220.62 - Avast Software) Hidden
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.2.2.524 - ASUS Cloud Corporation)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.0.11.16 - WildTangent)
Windows Driver Package - ASUS (ATP) Mouse  (06/17/2015 6.0.0.66) (HKLM\...\1EFB54678773735560B565BE7FA6F2BCC557EE21) (Version: 06/17/2015 6.0.0.66 - ASUS)
Windows Driver Package - ASUS (ATP) Mouse  (11/11/2015 6.0.0.66) (HKLM\...\82D024CBD181D16D72E5AE45A426919815D5F456) (Version: 11/11/2015 6.0.0.66 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.0.1 - ASUS)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {04ED1BC7-FC42-47A4-8B59-E1D68ADBD094} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2015-08-25] (ASUS)
Task: {0C7C8103-B2E7-4F03-8F1B-E1488E1B85D5} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2015-12-14] (AsusTek)
Task: {0F369DAC-C432-43D6-8FB0-E4B02A64DA05} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-04] (Microsoft Corporation)
Task: {0F88C2C8-BDBC-4CC0-A284-3C1C577DC970} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-25] (Google Inc.)
Task: {3ADCF1E9-1877-4E88-8D82-C6E82769978F} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-06-17] (Intel Corporation)
Task: {3CF585F1-83FE-4FDC-8431-D27B9ECA2113} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-08-12] (ASUSTeK Computer Inc.)
Task: {4274C647-E545-410E-8B83-93CD37FEE90C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-04] (Microsoft Corporation)
Task: {4886695F-0101-4062-8BC4-E2F06DBCD4B0} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.)
Task: {674DE2B8-3DF6-40FC-A861-233598B0BF9B} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2015-05-29] ()
Task: {77FD967D-B598-4DED-862C-174204C38EC4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {7D61B8B1-54C3-4077-9FA3-4F577512104A} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-08-12] (ASUSTeK Computer Inc.)
Task: {7E248845-0CDF-4BD1-8E8F-296EA7365939} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-25] (Google Inc.)
Task: {88C97785-9241-439C-B245-239A73821079} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
Task: {911C48B4-49A3-4930-B6D0-1002AEFEA66D} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2015-08-12] ()
Task: {934E2E34-CED8-478C-8E05-523637C12BDD} - System32\Tasks\SafeZone scheduled Autoupdate 1482678709 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software)
Task: {AC383DC4-E094-4C1E-9B91-D71ECAB10C07} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-12-25] (AVAST Software)
Task: {BC9D41AF-9993-4632-BA9A-504EE412F9F9} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2015-05-25] (ASUSTek Computer Inc.)
Task: {BD871080-0E01-4571-A50B-2B152E01B1DC} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.)
Task: {C9E0A862-B55E-4612-9DAD-EBA9E2F69BCA} - System32\Tasks\ASUS Patch for Touch Panel => C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe [2015-05-29] (ASUSTek Computer INC.)
Task: {D0FE2E59-2BC9-4C80-93E9-58859D2D9E22} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2015-06-05] (Intel Corporation)
Task: {DF3DDE40-FA88-4ECB-96C0-D1B80A6CAD63} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-06] (Piriform Ltd)
Task: {E3743588-7A16-4C43-8C71-1C01151FD07B} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2015-05-14] (ASUSTek Computer Inc.)
Task: {EA35A669-A436-477E-8D54-45521C3B43F7} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-06-17] (Intel Corporation)
Task: {F53C5FD3-D6DC-4FEF-A819-D76F33C2B355} - \306831v2a423h92 -> No File <==== ATTENTION
Task: {FC0D5F07-1578-4082-81DF-531262985B1A} - System32\Tasks\Opera scheduled Autoupdate 1482691792 => C:\Program Files (x86)\Opera\launcher.exe [2016-12-19] (Opera Software)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\306831v2a423h92.job => rundll32.exe  C:\ProgramData\306831v2a423h92\306831v2a423h92.dll <==== ATTENTION
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\Liam Cameron\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Gооgle Сhrоmе.lnk -> C:\Users\Liam Cameron\AppData\Roaming\Browsers\exe.emorhc.bat (No File) <===== Cyrillic
 
ShortcutWithArgument: C:\Users\Liam Cameron\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\beae29ac434b3d6b\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default
ShortcutWithArgument: C:\Users\Liam Cameron\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5d696d521de238c3\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-03-13 17:07 - 2015-08-07 12:18 - 00116528 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-12-17 08:42 - 2014-04-14 21:59 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2016-12-27 16:00 - 2016-12-14 13:55 - 02259232 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2015-05-19 12:11 - 2015-05-19 12:11 - 00007680 _____ () C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe
2015-10-30 02:17 - 2015-10-30 02:17 - 02652784 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-30 02:17 - 2015-10-30 02:17 - 02652784 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-12-25 09:37 - 2016-12-25 09:37 - 01678560 _____ () C:\Users\Liam Cameron\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\amd64\ClientTelemetry.dll
2016-12-25 10:36 - 2016-12-25 10:36 - 08924872 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-03-05 14:42 - 2016-03-05 14:42 - 00402344 _____ () C:\WINDOWS\system32\igfxTray.exe
2016-12-25 18:22 - 2016-12-25 18:23 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-10-30 02:17 - 2015-10-30 02:17 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-10-30 02:17 - 2015-10-30 02:17 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-10-30 02:18 - 2015-10-30 04:06 - 08005632 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-10-30 02:18 - 2015-10-30 04:06 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-10-30 02:18 - 2015-10-30 04:06 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-30 02:18 - 2015-10-30 04:06 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-12-25 09:48 - 2016-12-25 09:48 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-01-02 11:11 - 2017-01-02 11:11 - 03131344 _____ () C:\Program Files\AVAST Software\Avast\defs\17010200\algo.dll
2016-12-25 09:48 - 2016-12-25 09:48 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-08-31 19:57 - 2016-08-31 19:57 - 00899584 _____ () \\?\C:\Windows\Prey\versions\1.6.5\node_modules\sqlite3\lib\binding\node-v46-win32-ia32\node_sqlite3.node
2015-08-25 12:40 - 2015-08-25 12:40 - 00027648 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2015-08-25 12:40 - 2015-08-25 12:40 - 00124928 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2016-12-25 18:22 - 2016-12-25 18:23 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-12-25 18:22 - 2016-12-25 18:23 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-12-25 09:48 - 2016-12-25 09:48 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-09-04 23:34 - 2015-09-04 23:34 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2016-12-25 10:11 - 2016-12-08 02:29 - 01829208 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
2016-12-25 10:11 - 2016-12-08 02:29 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-07-10 06:04 - 2016-12-27 16:19 - 00000888 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 v1.ff.avast.com 
127.0.0.1 vlcproxy.ff.avast.com 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-214791878-4100251593-1600971497-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Liam Cameron\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{aea2ddba-a08b-43b1-9e9a-136ed780914c}.jpg
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
HKLM\...\StartupApproved\Run32: => "WebStorage"
HKU\S-1-5-21-214791878-4100251593-1600971497-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-214791878-4100251593-1600971497-1001\...\StartupApproved\Run: => "BlueStacks Agent"
HKU\S-1-5-21-214791878-4100251593-1600971497-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-214791878-4100251593-1600971497-1001\...\StartupApproved\Run: => "OneDrive"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{139687E3-E6A1-4648-BF48-FB915C3CEDE2}] => c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{1E7A1764-EA68-41D3-82F3-CBB079839394}] => C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
FirewallRules: [{8057C264-4A0B-4075-8DA2-A2949EBE32BF}] => C:\Program Files\Intel Corporation\Intel WiDi\SmartAgentTest.exe
FirewallRules: [{E2B1E390-4F84-4A7D-A953-F66CD6D7818E}] => C:\Program Files\Intel Corporation\Intel WiDi\Next\WirelessDisplay.exe
FirewallRules: [{2D0D84C4-44F2-46F9-8D7F-A5F8C4057387}] => C:\Program Files\Intel Corporation\Intel WiDi\WiDiAppOld.exe
FirewallRules: [{7F254AEA-6101-498A-8F0D-CCDAD3D2A34B}] => C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{A927645F-2BD9-42EA-B56B-A519C1876880}] => C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{DF72694D-DB6C-417E-9123-CD635FEA724A}] => C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
FirewallRules: [{B2030CC4-79C1-48C5-B40B-B0543B2A1A72}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{1BC1E1FB-DF55-4C3A-8216-63AEFCDB17EF}C:\users\liam cameron\appdata\roaming\bittorrent\bittorrent.exe] => C:\users\liam cameron\appdata\roaming\bittorrent\bittorrent.exe
FirewallRules: [UDP Query User{F54F7055-EEDC-4440-9ABF-FB5DFB6D54BE}C:\users\liam cameron\appdata\roaming\bittorrent\bittorrent.exe] => C:\users\liam cameron\appdata\roaming\bittorrent\bittorrent.exe
FirewallRules: [{C7BB2B0A-106F-4683-A71E-84E33A5DB5E1}] => C:\Windows\Prey\versions\1.6.5\bin\node.exe
FirewallRules: [{4DAB6A3E-3E5A-431D-BE39-812270678D49}] => C:\Program Files\Acrylic Wi-Fi Home\Acrylic.exe
FirewallRules: [{CE7C84F3-404A-4AB0-B6E5-BDB188305063}] => C:\Program Files\Acrylic Wi-Fi Home\Acrylic.exe
FirewallRules: [{6B4E9BE2-72EB-4BE1-89D6-A5D8B9595FC7}] => C:\WINDOWS\system32\rundll32.exe
FirewallRules: [TCP Query User{FF7EBE88-528A-41E3-BDCE-B456E480A2F7}C:\users\liam cameron\downloads\universe.sandbox.2.alpha.19\universe.sandbox.2.alpha.19\universe sandbox x64.exe] => C:\users\liam cameron\downloads\universe.sandbox.2.alpha.19\universe.sandbox.2.alpha.19\universe sandbox x64.exe
FirewallRules: [UDP Query User{00E137DB-26F9-47F2-8E0A-842FF63C7B52}C:\users\liam cameron\downloads\universe.sandbox.2.alpha.19\universe.sandbox.2.alpha.19\universe sandbox x64.exe] => C:\users\liam cameron\downloads\universe.sandbox.2.alpha.19\universe.sandbox.2.alpha.19\universe sandbox x64.exe
FirewallRules: [{B65C1277-BBEE-4934-BB88-D9EBB1D62249}] => C:\Windows\System32\rundll32.exe
FirewallRules: [{5AE5AC88-52B9-40E1-9E9D-04C09423A9F0}] => C:\Windows\System32\rundll32.exe
 
==================== Restore Points =========================
 
25-12-2016 16:43:05 paint.net 4.0.13
26-12-2016 21:04:44 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
27-12-2016 21:38:31 Installed Minecraft
01-01-2017 11:32:16 Windows Modules Installer
02-01-2017 11:49:08 PC Decrapifier Restore Point
 
==================== Faulty Device Manager Devices =============
 
Name: avast! SecureLine TAP Adapter v3
Description: avast! SecureLine TAP Adapter v3
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Windows Provider V9
Service: aswTap
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/02/2017 12:04:12 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: FANCY-NEW-LAPTO)
Description: Activation of app Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (01/02/2017 12:03:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdge.exe, version: 11.0.10586.0, time stamp: 0x5632d6c3
Faulting module name: eModel.dll, version: 11.0.10586.0, time stamp: 0x5632d3d8
Exception code: 0xc0000409
Fault offset: 0x000000000012c0bf
Faulting process id: 0x27c
Faulting application start time: 0x01d2651a3586da7f
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
Faulting module path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\eModel.dll
Report Id: 852a2aa3-6376-4e60-aa51-bf1ff4605d29
Faulting package full name: Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge
 
Error: (01/02/2017 11:49:25 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: FANCY-NEW-LAPTO)
Description: Application or service 'Asus GiftBox Desktop' could not be restarted.
 
Error: (01/02/2017 11:49:10 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (01/02/2017 11:27:05 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "WmiApRpl" in DLL "C:\WINDOWS\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (01/02/2017 11:27:03 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.
 
Error: (01/02/2017 11:27:03 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
 
Error: (01/02/2017 11:27:03 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "MSDTC" in DLL "C:\WINDOWS\system32\msdtcuiu.DLL" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (01/02/2017 11:27:03 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "Lsa" in DLL "C:\Windows\System32\Secur32.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (01/02/2017 11:27:03 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "ESENT" in DLL "C:\WINDOWS\system32\esentprf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
 
System errors:
=============
Error: (01/02/2017 12:08:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The InstallerService service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (01/02/2017 12:07:55 PM) (Source: DCOM) (EventID: 10010) (User: FANCY-NEW-LAPTO)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
 
Error: (01/02/2017 12:07:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_5cca8 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (01/02/2017 12:07:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_5cca8 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (01/02/2017 12:07:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_5cca8 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (01/02/2017 12:07:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_5cca8 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (01/02/2017 12:07:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/02/2017 11:59:58 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Asus WebStorage Windows Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/02/2017 11:58:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The InstallerService service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (01/02/2017 11:57:38 AM) (Source: DCOM) (EventID: 10010) (User: FANCY-NEW-LAPTO)
Description: The server {D63B10C5-BB46-4990-A94F-E40B9D520160} did not register with DCOM within the required timeout.
 
 
CodeIntegrity:
===================================
  Date: 2017-01-01 22:22:37.858
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-01 11:39:50.499
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-12-30 20:57:07.981
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-12-27 17:32:13.463
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2016-12-27 17:32:13.463
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2016-12-27 17:32:13.463
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2016-12-27 17:32:13.462
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2016-12-27 17:32:13.462
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2016-12-27 17:32:13.462
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2016-12-27 17:32:13.462
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-6500U CPU @ 2.50GHz
Percentage of memory in use: 27%
Total physical RAM: 12156.37 MB
Available physical RAM: 8770.88 MB
Total Virtual: 14012.37 MB
Available Virtual: 10598.62 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:476.18 GB) (Free:411.5 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: B339422E)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,969 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:55 PM

Posted 03 January 2017 - 10:15 AM

Duplicate. The topic will be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users