Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need assistance for ZHPDiag results


  • This topic is locked This topic is locked
5 replies to this topic

#1 thomaspmfc

thomaspmfc

  • Members
  • 2 posts
  • OFFLINE
  •  

Posted 14 January 2017 - 03:47 AM

received this log from ZHPDiag.exe need help removing items listed

Http://s000.tinyupload.com/?file_id=439 ... 8066576388

Attached Files



BC AdBot (Login to Remove)

 


#2 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,239 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:07:48 PM

Posted 18 January 2017 - 08:05 PM

My name is TsVk!, but you can call me John. I'll be helping you with your issue.

 

Just a few ground rules before we get started.

  • Please don't run any malware removal programs unless directed.
  • Please don't make any system changes unless directed.
  • Please backup all essential data now. We are are removing software designed to damage/compromise your system, it's inherently risky business.
  • Please copy and paste all logs in plain text straight into your reply, do not quote or attach logs.

These things are to make it easier for me to help you.

 

Please be aware that I am still in training and everything that I say needs to be covered in detail with my instructor. This is a bonus for you because you have two sets of eyes on your thread, but you need to be aware this can take some time so my responses may take a day or so.

 

i5r8d1.jpg  Download Farbar Recovery Scan Tool.

  • Choose 32bit or 64bit depending on your Windows version. If you are unsure click here.
  • Save the application to your desktop and run it.
  • Click Yes to allow the application
  • Click Scan, wait for the log to appear
  • Copy and paste the results into your next reply.

John



#3 thomaspmfc

thomaspmfc
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  

Posted 19 January 2017 - 03:30 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-01-2017
Ran by thomas (administrator) on THOMASPMFC3 (19-01-2017 02:20:36)
Running from C:\Users\thomas\Downloads\Programs
Loaded Profiles: thomas (Available Profiles: thomas)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(Validity Sensors, Inc.) C:\Windows\System32\valWBFPolicyService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\RealTimeProtector.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe
(Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP OfficeJet 3830 series\Bin\ScanToPCActivationApp.exe
(Cisco) C:\Users\thomas\AppData\Local\Cisco\VideoGuardPlayer\VideoGuardMonitor\CiscoVideoGuardMonitor.exe
(Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP OfficeJet 3830 series\Bin\HPNetworkCommunicatorCom.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Facebook) C:\Users\thomas\AppData\Local\Facebook\Games\FacebookGameroom.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFTips.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
() C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\SPNativeMessage.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9181696 2017-01-06] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-25] (Logitech, Inc.)
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [1735288 2016-09-29] (Logitech, Inc.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [127528 2015-07-08] (Hewlett-Packard Company)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\iSkysoft\Video Converter Ultimate\DelayPluginI.exe [1962944 2016-11-22] ()
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [6006560 2016-11-01] (IObit)
HKLM\...\Winlogon: [Userinit] C:\WINDOWS\SysWoW64\userinit.exe,
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3191074968-1142232586-2317584735-1001\...\Run: [HP OfficeJet 3830 series (NET)] => C:\Program Files\HP\HP OfficeJet 3830 series\Bin\ScanToPCActivationApp.exe [3651080 2015-03-09] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-3191074968-1142232586-2317584735-1001\...\Run: [VideoGuardMonitor] => C:\Users\thomas\AppData\Local\Cisco\VideoGuardPlayer\VideoGuardMonitor\CiscoVideoGuardMonitor.exe [4155656 2016-06-14] (Cisco)
HKU\S-1-5-21-3191074968-1142232586-2317584735-1001\...\Run: [Advanced SystemCare 10] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [2913568 2016-12-16] (IObit)
HKU\S-1-5-21-3191074968-1142232586-2317584735-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8912088 2016-08-26] (Piriform Ltd)
HKU\S-1-5-21-3191074968-1142232586-2317584735-1001\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-3191074968-1142232586-2317584735-1001\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-3191074968-1142232586-2317584735-1001\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-3191074968-1142232586-2317584735-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2016-08-09] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2016-08-09] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2016-08-09] (Acronis)
GroupPolicyScripts-x32: Restriction <======= ATTENTION
GroupPolicyScripts-x32\User: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{841701b1-ebed-49bd-a776-edc8eea10ec1}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{d8d05c91-e136-43bd-9e4b-584b859e63ed}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{e54b95ba-b8cc-4a94-aa92-a5a825ea0755}: [DhcpNameServer] 192.168.1.1
ManualProxies: 
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC64.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05] (Adobe Systems Incorporated)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
BHO-x32: iSkysoft iMedia Converter Deluxe 5.1.0 -> {AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} -> C:\ProgramData\iSkysoft\Video Converter Ultimate\WSBrowserAppMgr.dll [2016-11-22] (Wondershare)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO-x32: IObit Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2016-08-03] (IObit)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
BHO-x32: IObit Ads Removal -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Adblock\Adblock.dll [2016-06-23] (IObit)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-07-12] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2016-07-12] (Microsoft Corporation)
Handler: WSISVCUchrome - No CLSID Value
 
Edge: 
======
Edge Extension: (AdBlock) -> EdgeExtension_BetaFishAdBlock_c1wakc4j0nefm => C:\Program Files\WindowsApps\BetaFish.AdBlock_1.8.1.0_neutral__c1wakc4j0nefm [2017-01-04]
 
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2016-10-13] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2016-10-13] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [ISVCU@iSkysoft.com] - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com_xpi
FF Extension: (iSkysoft iMedia Converter Deluxe) - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com_xpi [2016-11-30]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF HKU\S-1-5-21-3191074968-1142232586-2317584735-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\thomas\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\thomas\AppData\Roaming\IDM\idmmzcc5 [2017-01-19] [not signed]
FF HKU\S-1-5-21-3191074968-1142232586-2317584735-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2016-11-16]
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-24] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-24] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2011-09-05] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Profile: C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default [2017-01-19]
CHR Extension: (IObit Surfing Protection & Ads Removal) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2017-01-06]
CHR Extension: (YouTube) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-10]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2016-10-10]
CHR Extension: (AdBlock) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-12-28]
CHR Extension: (IDM Integration Module) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-12-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18]
CHR Extension: (Gmail) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-10-10]
CHR Extension: (Chrome Media Router) - C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-14]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2016-12-15]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2016-12-15]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S3 AcrSch2Svc; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [1277688 2016-08-21] ()
R2 AdvancedSystemCareService10; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [462624 2016-12-12] (IObit)
S3 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [6086744 2016-10-13] ()
S3 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021056 2016-03-03] (Adobe Systems, Incorporated)
R2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2269440 2015-07-10] (Broadcom Corporation.)
S3 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [569608 2014-10-09] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [359848 2015-09-09] (Intel Corporation)
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [1600800 2016-10-21] (IObit)
S3 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-10] (Intel Corporation)
R2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [360736 2016-10-28] (IObit)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
S3 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [3046688 2016-07-29] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S4 mmsminisrv; C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [4692840 2016-08-15] (Acronis International GmbH)
S3 mobile_backup_server; C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe [7717528 2016-07-18] (Acronis International GmbH)
S3 mobile_backup_status_server; C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe [1516920 2016-08-21] ()
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1045336 2016-05-25] (Intel Security, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [322560 2017-01-06] (Realtek Semiconductor)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-02] (DEVGURU Co., LTD.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2012-05-03] (Adobe Systems Incorporated) [File not signed]
S3 syncagentsrv; C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [9729272 2016-08-11] ()
S3 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [269400 2016-10-04] (Synaptics Incorporated)
S3 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [117400 2016-06-08] ()
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [32768 2013-08-01] (Validity Sensors, Inc.) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ampa; C:\WINDOWS\system32\ampa.sys [19568 2015-11-10] () [File not signed]
S3 ampa; C:\WINDOWS\SysWOW64\ampa.sys [19568 2015-11-10] () [File not signed]
S3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [199472 2015-07-10] (Broadcom Corporation.)
S3 BCM43XX; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [11774712 2016-10-13] (Broadcom Corp)
S3 BCMWL63A; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [11774712 2016-10-13] (Broadcom Corp)
S3 CLVirtualBus01; C:\WINDOWS\System32\drivers\CLVirtualBus01.sys [103176 2014-11-05] (CyberLink)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R0 file_tracker; C:\WINDOWS\System32\DRIVERS\file_tracker.sys [375136 2016-10-13] (Acronis International GmbH)
R1 HWiNFO32; C:\WINDOWS\SysWoW64\drivers\HWiNFO64A.SYS [27552 2017-01-06] (REALiX™)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [228112 2017-01-06] (Intel Corporation)
R3 IMFFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\IMFFilter.sys [22208 2016-04-01] (IObit)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [140672 2016-10-25] (Malwarebytes)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2017-01-19] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3517200 2017-01-06] (Intel Corporation)
R2 NPF; C:\WINDOWS\system32\drivers\npf.sys [35344 2016-11-14] (CACE Technologies, Inc.)
R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2016-07-27] (IObit.com)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )
S3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [506072 2014-06-20] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3127552 2017-01-06] (Realtek Semiconductor Corp.)
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2016.SP1\WNt600x64\Sandra.sys [23112 2009-08-07] (SiSoftware)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
R0 SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [21360 2016-03-22] (IObit)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [30448 2014-06-16] (Synaptics Incorporated)
S3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [79960 2016-10-04] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R0 tib; C:\WINDOWS\System32\DRIVERS\tib.sys [1267544 2016-10-13] (Acronis International GmbH)
R2 tib_mounter; C:\WINDOWS\system32\DRIVERS\tib_mounter.sys [212320 2016-10-13] (Acronis International GmbH)
S3 tnd; C:\WINDOWS\system32\DRIVERS\tnd.sys [687968 2016-10-13] (Acronis International GmbH)
R3 Trufos; C:\WINDOWS\System32\DRIVERS\TRUFOS.sys [452040 2016-03-31] (BitDefender S.R.L.)
R2 virtual_file; C:\WINDOWS\System32\DRIVERS\virtual_file.sys [331104 2016-10-13] (Acronis International GmbH)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 WirelessButtonDriver; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [31656 2017-01-06] (HP)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [31656 2017-01-06] (HP)
U0 aswVmm; no ImagePath
U0 Partizan; system32\drivers\Partizan.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-19 02:20 - 2017-01-19 02:20 - 00000000 ____D C:\FRST
2017-01-18 22:51 - 2017-01-18 22:51 - 00003034 _____ C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (thomas)
2017-01-18 22:31 - 2017-01-18 22:31 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-01-13 09:23 - 2017-01-13 09:23 - 00166937 _____ C:\Users\thomas\Desktop\ZHPDiag.txt
2017-01-13 09:14 - 2017-01-13 09:21 - 00000000 ____D C:\Users\thomas\AppData\Roaming\ZHP
2017-01-13 09:14 - 2017-01-13 09:20 - 00000915 _____ C:\Users\thomas\Desktop\ZHPDiag.lnk
2017-01-13 09:14 - 2017-01-13 09:14 - 00002031 _____ C:\Users\thomas\Desktop\ZHPFix.lnk
2017-01-13 09:14 - 2017-01-13 09:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2017-01-13 09:14 - 2017-01-13 09:14 - 00000000 ____D C:\Program Files (x86)\ZHPDiag
2017-01-13 02:10 - 2017-01-13 02:18 - 00000000 ____D C:\Users\thomas\Downloads\TEEN'S FIRST TIME SQUIRTING
2017-01-13 02:08 - 2017-01-13 02:08 - 00017876 _____ C:\Users\thomas\Downloads\D9E2472C7D66561B12766ED9F024558B81EBBEBD.torrent
2017-01-13 02:06 - 2017-01-13 02:38 - 00000000 ____D C:\Users\thomas\Downloads\CastingCouch-X - Casting agent bleep little teen Sally Squirt
2017-01-13 02:05 - 2017-01-13 02:05 - 00019304 _____ C:\Users\thomas\Downloads\796A2418E8485533F69B808642F1C09E8939529E.torrent
2017-01-12 17:47 - 2017-01-12 17:47 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-01-12 15:38 - 2017-01-12 17:41 - 00000576 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task fdef56f6-661c-43f9-a0c8-268382257861.job
2017-01-12 15:38 - 2017-01-12 17:41 - 00000576 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 2636d186-2e3a-4af2-8c50-418d9fdc02c6.job
2017-01-12 15:38 - 2017-01-12 15:40 - 00003876 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task fdef56f6-661c-43f9-a0c8-268382257861
2017-01-12 15:38 - 2017-01-12 15:40 - 00003794 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task 2636d186-2e3a-4af2-8c50-418d9fdc02c6
2017-01-12 14:40 - 2017-01-12 14:40 - 00001301 _____ C:\Users\thomas\Desktop\Facebook Gameroom.lnk
2017-01-11 12:52 - 2017-01-12 10:13 - 01185792 _____ C:\Users\thomas\Desktop\ASSISTANCE.pfl
2017-01-11 00:04 - 2016-12-22 17:13 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-01-11 00:04 - 2016-12-22 17:13 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-10 23:37 - 2016-12-21 02:08 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-01-10 23:37 - 2016-12-21 01:43 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-01-10 23:37 - 2016-12-21 01:43 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-01-10 23:37 - 2016-12-21 01:43 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-01-10 23:37 - 2016-12-21 01:42 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-01-10 23:37 - 2016-12-21 01:42 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-01-10 23:37 - 2016-12-21 01:42 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-01-10 23:37 - 2016-12-21 01:42 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-01-10 23:37 - 2016-12-21 01:41 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-10 23:37 - 2016-12-21 01:08 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-01-10 23:37 - 2016-12-21 01:06 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-01-10 23:37 - 2016-12-21 00:59 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-01-10 23:37 - 2016-12-21 00:56 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-01-10 23:37 - 2016-12-21 00:53 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-01-10 23:37 - 2016-12-21 00:51 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-01-10 23:37 - 2016-12-21 00:51 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-01-10 23:37 - 2016-12-21 00:50 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-01-10 23:37 - 2016-12-20 23:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2017-01-10 23:37 - 2016-12-20 23:09 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-01-10 23:37 - 2016-12-20 23:01 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-01-10 23:37 - 2016-12-20 22:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-01-10 23:37 - 2016-12-20 22:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2017-01-10 23:37 - 2016-12-20 22:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-01-10 23:37 - 2016-12-20 22:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-01-10 23:37 - 2016-12-20 22:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-01-10 23:37 - 2016-12-20 22:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2017-01-10 23:37 - 2016-12-20 22:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2017-01-10 23:37 - 2016-12-20 22:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-01-10 23:37 - 2016-12-13 23:41 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-01-10 23:37 - 2016-12-13 23:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2017-01-10 23:37 - 2016-12-13 23:17 - 00319288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-01-10 23:37 - 2016-12-13 22:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-01-10 23:37 - 2016-12-13 22:42 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-01-10 23:37 - 2016-12-13 22:38 - 17188864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-01-10 23:37 - 2016-12-13 22:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
2017-01-10 23:37 - 2016-12-13 22:35 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-01-10 23:37 - 2016-12-13 22:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2017-01-10 23:37 - 2016-12-13 22:26 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-01-10 23:37 - 2016-12-13 22:24 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2017-01-10 23:37 - 2016-12-13 22:24 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-01-10 23:37 - 2016-12-13 22:23 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-01-10 23:37 - 2016-12-13 22:22 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-01-10 23:37 - 2016-12-13 22:22 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-01-10 23:36 - 2016-12-21 02:08 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-01-10 23:36 - 2016-12-21 02:04 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-01-10 23:36 - 2016-12-21 01:49 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-01-10 23:36 - 2016-12-21 01:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-01-10 23:36 - 2016-12-21 01:43 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-01-10 23:36 - 2016-12-21 01:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-01-10 23:36 - 2016-12-21 01:37 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-01-10 23:36 - 2016-12-21 01:15 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-10 23:36 - 2016-12-21 01:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-01-10 23:36 - 2016-12-21 01:13 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2017-01-10 23:36 - 2016-12-21 01:12 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2017-01-10 23:36 - 2016-12-21 01:10 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2017-01-10 23:36 - 2016-12-21 01:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-01-10 23:36 - 2016-12-21 01:09 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-01-10 23:36 - 2016-12-21 01:08 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-01-10 23:36 - 2016-12-21 01:08 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-01-10 23:36 - 2016-12-21 01:08 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-01-10 23:36 - 2016-12-21 01:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-10 23:36 - 2016-12-21 01:08 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-01-10 23:36 - 2016-12-21 01:07 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-01-10 23:36 - 2016-12-21 01:06 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-01-10 23:36 - 2016-12-21 01:06 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-01-10 23:36 - 2016-12-21 01:06 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-01-10 23:36 - 2016-12-21 01:05 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-01-10 23:36 - 2016-12-21 01:05 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-01-10 23:36 - 2016-12-21 01:05 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-01-10 23:36 - 2016-12-21 01:01 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-01-10 23:36 - 2016-12-21 01:00 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2017-01-10 23:36 - 2016-12-21 00:59 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-01-10 23:36 - 2016-12-21 00:58 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-01-10 23:36 - 2016-12-21 00:57 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2017-01-10 23:36 - 2016-12-21 00:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-01-10 23:36 - 2016-12-21 00:55 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-10 23:36 - 2016-12-21 00:55 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-01-10 23:36 - 2016-12-21 00:54 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2017-01-10 23:36 - 2016-12-21 00:53 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-01-10 23:36 - 2016-12-21 00:53 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-01-10 23:36 - 2016-12-21 00:51 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-01-10 23:36 - 2016-12-21 00:49 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-01-10 23:36 - 2016-12-21 00:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-01-10 23:36 - 2016-12-21 00:49 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-01-10 23:36 - 2016-12-21 00:47 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-01-10 23:36 - 2016-12-20 23:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-01-10 23:36 - 2016-12-20 23:02 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-01-10 23:36 - 2016-12-20 23:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-01-10 23:36 - 2016-12-20 23:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-01-10 23:36 - 2016-12-20 23:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-01-10 23:36 - 2016-12-20 23:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-01-10 23:36 - 2016-12-20 22:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2017-01-10 23:36 - 2016-12-20 22:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-10 23:36 - 2016-12-20 22:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2017-01-10 23:36 - 2016-12-20 22:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-01-10 23:36 - 2016-12-20 22:39 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-01-10 23:36 - 2016-12-20 22:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-01-10 23:36 - 2016-12-20 22:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-01-10 23:36 - 2016-12-20 22:34 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-01-10 23:36 - 2016-12-20 22:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-01-10 23:36 - 2016-12-20 22:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-01-10 23:36 - 2016-12-20 22:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-01-10 23:36 - 2016-12-20 22:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-01-10 23:36 - 2016-12-20 22:26 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2017-01-10 23:36 - 2016-12-20 22:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-01-10 23:36 - 2016-12-20 22:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-01-10 23:36 - 2016-12-20 22:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-01-10 23:36 - 2016-12-20 22:24 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-01-10 23:36 - 2016-12-20 22:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-01-10 23:36 - 2016-12-20 22:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-01-10 23:36 - 2016-12-20 22:22 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-01-10 23:36 - 2016-12-13 23:41 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-01-10 23:36 - 2016-12-13 23:34 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-01-10 23:36 - 2016-12-13 23:33 - 01356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-01-10 23:36 - 2016-12-13 23:23 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-01-10 23:36 - 2016-12-13 23:19 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-01-10 23:36 - 2016-12-13 23:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-01-10 23:36 - 2016-12-13 23:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-01-10 23:36 - 2016-12-13 23:14 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-01-10 23:36 - 2016-12-13 23:14 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2017-01-10 23:36 - 2016-12-13 23:14 - 00089416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-01-10 23:36 - 2016-12-13 23:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-01-10 23:36 - 2016-12-13 23:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-01-10 23:36 - 2016-12-13 23:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-01-10 23:36 - 2016-12-13 23:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2017-01-10 23:36 - 2016-12-13 23:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2017-01-10 23:36 - 2016-12-13 22:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-01-10 23:36 - 2016-12-13 22:46 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-01-10 23:36 - 2016-12-13 22:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-01-10 23:36 - 2016-12-13 22:43 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-01-10 23:36 - 2016-12-13 22:42 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-01-10 23:36 - 2016-12-13 22:42 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-10 23:36 - 2016-12-13 22:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-01-10 23:36 - 2016-12-13 22:41 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-01-10 23:36 - 2016-12-13 22:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-01-10 23:36 - 2016-12-13 22:40 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2017-01-10 23:36 - 2016-12-13 22:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-01-10 23:36 - 2016-12-13 22:40 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-01-10 23:36 - 2016-12-13 22:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-10 23:36 - 2016-12-13 22:39 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-01-10 23:36 - 2016-12-13 22:39 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-01-10 23:36 - 2016-12-13 22:39 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-01-10 23:36 - 2016-12-13 22:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-01-10 23:36 - 2016-12-13 22:38 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-01-10 23:36 - 2016-12-13 22:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-01-10 23:36 - 2016-12-13 22:36 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-01-10 23:36 - 2016-12-13 22:36 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-01-10 23:36 - 2016-12-13 22:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-01-10 23:36 - 2016-12-13 22:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-01-10 23:36 - 2016-12-13 22:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-01-10 23:36 - 2016-12-13 22:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2017-01-10 23:36 - 2016-12-13 22:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-01-10 23:36 - 2016-12-13 22:26 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-01-10 23:36 - 2016-12-13 22:25 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2017-01-10 23:36 - 2016-12-13 22:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-01-10 23:36 - 2016-12-13 22:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-01-10 23:36 - 2016-12-13 22:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2017-01-10 23:36 - 2016-12-13 22:22 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-01-10 23:36 - 2016-12-13 22:22 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-01-10 23:36 - 2016-12-13 22:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-01-10 23:36 - 2016-11-02 06:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-01-10 23:36 - 2016-11-02 05:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-01-10 23:36 - 2016-11-02 04:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-01-10 23:36 - 2016-11-02 04:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-01-10 23:36 - 2016-11-02 04:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-01-10 23:36 - 2016-08-01 22:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-01-08 22:32 - 2017-01-08 22:32 - 00000258 __RSH C:\ProgramData\ntuser.pol
2017-01-07 05:35 - 2017-01-07 05:35 - 00000000 ____D C:\Users\thomas\AppData\RoamingStartup Manager
2017-01-06 20:10 - 2017-01-06 20:10 - 07294976 _____ C:\WINDOWS\system32\config\drivers.iobit
2017-01-06 19:30 - 2017-01-06 19:30 - 00000000 _____ C:\WINDOWS\SysWOW64\dwm.exe
2017-01-06 19:10 - 2017-01-08 22:42 - 00002013 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Beats Audio.lnk
2017-01-06 19:09 - 2017-01-06 19:09 - 72520712 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
2017-01-06 19:09 - 2017-01-06 19:09 - 07704619 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2017-01-06 19:09 - 2017-01-06 19:09 - 03204096 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2017-01-06 19:09 - 2017-01-06 19:09 - 03014144 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2017-01-06 19:09 - 2017-01-06 19:09 - 02995000 _____ (DTS, Inc.) C:\WINDOWS\system32\slcnt64.dll
2017-01-06 19:09 - 2017-01-06 19:09 - 02706856 _____ (DTS, Inc.) C:\WINDOWS\system32\sltech64.dll
2017-01-06 19:09 - 2017-01-06 19:09 - 02201088 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2017-01-06 19:09 - 2017-01-06 19:09 - 01615656 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64APO.dll
2017-01-06 19:09 - 2017-01-06 19:09 - 01529136 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64Proxy.dll
2017-01-06 19:09 - 2017-01-06 19:09 - 01435136 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRRPTR64.dll
2017-01-06 19:09 - 2017-01-06 19:09 - 01360512 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2017-01-06 19:09 - 2017-01-06 19:09 - 01003320 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDHF64.dll
2017-01-06 19:09 - 2017-01-06 19:09 - 00984912 _____ (DTS, Inc.) C:\WINDOWS\system32\sl3apo64.dll
2017-01-06 19:09 - 2017-01-06 19:09 - 00865912 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SEHDHF32.dll
2017-01-06 19:09 - 2017-01-06 19:09 - 00859216 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDRA64.dll
2017-01-06 19:09 - 2017-01-06 19:09 - 00850400 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SECOMN64.dll
2017-01-06 19:09 - 2017-01-06 19:09 - 00721800 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SECOMN32.dll
2017-01-06 19:09 - 2017-01-06 19:09 - 00689872 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2017-01-06 19:09 - 2017-01-06 19:09 - 00574752 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAC64.dll
2017-01-06 19:09 - 2017-01-06 19:09 - 00532376 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
2017-01-06 19:09 - 2017-01-06 19:09 - 00499152 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEAPO64.dll
2017-01-06 19:09 - 2017-01-06 19:09 - 00467152 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRAPO64.dll
2017-01-06 19:09 - 2017-01-06 19:09 - 00438688 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\CAF64APO2.dll
2017-01-06 19:09 - 2017-01-06 19:09 - 00387312 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2017-01-06 19:09 - 2017-01-06 19:09 - 00381400 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM64.dll
2017-01-06 19:09 - 2017-01-06 19:09 - 00343704 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2017-01-06 19:09 - 2017-01-06 19:09 - 00341144 _____ (Synopsys, Inc.) C:\WINDOWS\SysWOW64\SRCOM.dll
2017-01-06 19:09 - 2017-01-06 19:09 - 00341144 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM.dll
2017-01-06 19:09 - 2017-01-06 19:09 - 00321712 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2017-01-06 19:09 - 2017-01-06 19:09 - 00321712 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2017-01-06 19:09 - 2017-01-06 19:09 - 00258864 _____ (TODO: <Company name>) C:\WINDOWS\system32\slprp64.dll
2017-01-06 19:09 - 2017-01-06 19:09 - 00214832 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2017-01-06 19:09 - 2017-01-06 19:09 - 00166200 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
2017-01-06 19:09 - 2017-01-06 19:09 - 00122320 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2017-01-06 19:09 - 2017-01-06 19:09 - 00118592 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAR64.dll
2017-01-06 19:09 - 2017-01-06 19:09 - 00112488 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\Caf64api.dll
2017-01-06 19:09 - 2017-01-06 19:09 - 00110984 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2017-01-06 19:09 - 2017-01-06 19:09 - 00088344 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2017-01-06 19:09 - 2017-01-06 19:09 - 00005604 _____ C:\WINDOWS\system32\cxapo.lncs
2017-01-06 19:09 - 2017-01-06 19:09 - 00000736 _____ C:\WINDOWS\system32\cxapo.prop
2017-01-06 19:08 - 2017-01-06 19:08 - 10719648 _____ C:\WINDOWS\system32\Drivers\Netwfw02.dat
2017-01-06 19:08 - 2017-01-06 19:08 - 03517200 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\Netwbw02.sys
2017-01-06 19:08 - 2017-01-06 19:08 - 00379152 _____ (Intel Corporation) C:\WINDOWS\system32\ibtproppage.dll
2017-01-06 19:08 - 2017-01-06 19:08 - 00082544 _____ (Realtek Semiconductor Corporation) C:\WINDOWS\system32\RtNicProp64.dll
2017-01-06 19:07 - 2017-01-06 19:07 - 03127552 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\rtsuvc.sys
2017-01-06 19:07 - 2017-01-06 19:07 - 01980672 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RsDecode.dll
2017-01-06 19:07 - 2017-01-06 19:07 - 00641280 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtCamP64.dll
2017-01-06 19:07 - 2017-01-06 19:07 - 00556288 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RtCamP.dll
2017-01-06 19:07 - 2017-01-06 19:07 - 00481768 _____ (Intel® Corporation) C:\WINDOWS\system32\Drivers\IntcDAud.sys
2017-01-06 19:07 - 2017-01-06 19:07 - 00099072 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtCamO64.dll
2017-01-06 18:58 - 2017-01-08 22:41 - 00001194 _____ C:\Users\Public\Desktop\Smart Defrag 5.lnk
2017-01-06 18:58 - 2017-01-06 18:58 - 00003260 _____ C:\WINDOWS\System32\Tasks\SmartDefrag_AutoAnalyze
2017-01-06 18:58 - 2017-01-06 18:58 - 00003100 _____ C:\WINDOWS\System32\Tasks\SmartDefrag_Startup
2017-01-06 18:58 - 2017-01-06 18:58 - 00003100 _____ C:\WINDOWS\System32\Tasks\IObitSelfCheckTask
2017-01-06 18:58 - 2017-01-06 18:58 - 00003096 _____ C:\WINDOWS\System32\Tasks\SmartDefrag_Update
2017-01-06 18:58 - 2017-01-06 18:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag
2017-01-06 18:58 - 2016-03-25 14:33 - 00128288 _____ (IObit) C:\WINDOWS\system32\IObitSmartDefragExtension.dll
2017-01-06 18:58 - 2016-03-22 11:02 - 00036824 _____ (IObit) C:\WINDOWS\system32\SmartDefragBootTime.exe
2017-01-06 18:58 - 2016-03-22 11:02 - 00021360 _____ (IObit) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys
2017-01-06 18:45 - 2017-01-06 18:45 - 00003110 _____ C:\WINDOWS\System32\Tasks\ASC10_PerformanceMonitor
2017-01-06 18:45 - 2017-01-06 18:45 - 00002906 _____ C:\WINDOWS\System32\Tasks\ASC10_SkipUac_thomas
2017-01-06 18:45 - 2017-01-06 18:45 - 00002494 _____ C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_thomas
2017-01-06 18:45 - 2017-01-06 18:45 - 00000304 _____ C:\WINDOWS\Tasks\Uninstaller_SkipUac_thomas.job
2017-01-06 18:45 - 2017-01-06 18:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
2017-01-06 18:45 - 2017-01-06 18:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare
2017-01-06 18:45 - 2017-01-06 18:45 - 00000000 ____D C:\ProgramData\{74E9F814-C737-42CC-B721-DBBC4059367A}
2017-01-06 18:44 - 2017-01-12 15:43 - 00000000 ____D C:\Program Files (x86)\Dashlane
2017-01-06 18:44 - 2017-01-06 18:44 - 00027552 _____ (REALiX™) C:\WINDOWS\SysWOW64\Drivers\HWiNFO64A.SYS
2017-01-06 18:44 - 2017-01-06 18:44 - 00003388 _____ C:\WINDOWS\System32\Tasks\Driver Booster Scheduler
2017-01-06 18:44 - 2017-01-06 18:44 - 00000000 ____D C:\WINDOWS\Tasks\ImCleanDisabled
2017-01-06 18:44 - 2017-01-06 18:44 - 00000000 ____D C:\WINDOWS\IObit
2017-01-06 18:44 - 2017-01-06 18:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 4
2017-01-06 18:40 - 2017-01-06 18:40 - 00000000 ____D C:\ProgramData\BDLogging
2017-01-06 18:40 - 2016-03-31 17:54 - 00452040 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\Drivers\trufos.sys
2017-01-06 18:33 - 2017-01-06 18:33 - 00000000 ____D C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}
2017-01-06 18:32 - 2017-01-06 18:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2017-01-05 01:31 - 2017-01-05 01:31 - 00000000 ____D C:\Users\thomas\AppData\Local\NEGU_Soft
2017-01-05 01:30 - 2017-01-08 22:41 - 00001097 _____ C:\Users\Public\Desktop\Ultimate Control.lnk
2017-01-05 01:30 - 2017-01-05 01:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ultimate Control
2017-01-05 01:30 - 2017-01-05 01:30 - 00000000 ____D C:\Program Files (x86)\Ultimate Control
2017-01-05 00:46 - 2017-01-05 00:46 - 00081208 _____ C:\Users\thomas\Desktop\network.reg
2017-01-04 23:53 - 2017-01-04 23:53 - 00000000 ____D C:\Users\thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BTControllerPCHost
2017-01-04 23:52 - 2017-01-05 00:06 - 00000000 ____D C:\Users\thomas\AppData\Local\Deployment
2017-01-04 23:52 - 2017-01-04 23:52 - 00000000 ____D C:\Users\thomas\AppData\Local\Apps\2.0
2017-01-04 23:38 - 2017-01-12 14:40 - 00000000 ____D C:\Users\thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
2017-01-04 23:38 - 2017-01-04 23:38 - 00000000 ____D C:\Users\thomas\AppData\LocalLow\Peanut Butter Labs
2017-01-04 23:38 - 2017-01-04 23:38 - 00000000 ____D C:\Users\thomas\AppData\Local\Facebook
2017-01-04 23:38 - 2017-01-04 23:38 - 00000000 ____D C:\Users\thomas\AppData\Local\CEF
2017-01-04 23:38 - 2017-01-04 23:38 - 00000000 ____D C:\Users\Public\Facebook Games
2017-01-04 22:38 - 2017-01-04 22:38 - 00000000 ____D C:\Users\thomas\Intel
2017-01-04 16:38 - 2017-01-04 16:45 - 00000000 ____D C:\Users\thomas\Downloads\Collateral Beauty 2016 HDRip.x264.AAC -LTT
2017-01-04 15:20 - 2017-01-04 15:20 - 00000000 ____D C:\Users\thomas\AppData\Roaming\ProductData
2017-01-04 15:19 - 2017-01-14 18:50 - 00000000 ____D C:\ProgramData\ProductData
2017-01-04 15:19 - 2017-01-08 22:41 - 00001392 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2017-01-04 15:19 - 2017-01-06 19:28 - 00000000 ____D C:\Users\thomas\AppData\LocalLow\IObit
2017-01-04 15:19 - 2017-01-04 15:19 - 00002508 _____ C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_Administrator
2017-01-04 15:19 - 2017-01-04 15:19 - 00000304 _____ C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job
2017-01-04 15:19 - 2017-01-04 15:19 - 00000000 ____D C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2017-01-04 14:19 - 2017-01-04 14:19 - 42774528 _____ C:\WINDOWS\system32\config\system.iobit
2017-01-04 14:19 - 2017-01-04 14:19 - 101314560 _____ C:\WINDOWS\system32\config\software.iobit
2017-01-04 14:19 - 2017-01-04 14:19 - 04980736 _____ C:\WINDOWS\system32\config\default.iobit
2017-01-04 14:19 - 2017-01-04 14:19 - 00069632 _____ C:\WINDOWS\system32\config\sam.iobit
2017-01-04 14:19 - 2017-01-04 14:19 - 00036864 _____ C:\WINDOWS\system32\config\security.iobit
2017-01-04 14:07 - 2017-01-06 20:14 - 00000000 ____D C:\ProgramData\IObit
2017-01-04 14:07 - 2017-01-06 18:58 - 00000000 ____D C:\Users\thomas\AppData\Roaming\IObit
2017-01-04 14:07 - 2017-01-06 18:58 - 00000000 ____D C:\Program Files (x86)\IObit
2017-01-04 13:52 - 2017-01-04 13:53 - 27760640 _____ C:\Users\thomas\Downloads\Iobit Advance System Care v5.3.0.246 Pro+Serial Keys.iso
2017-01-04 08:12 - 2017-01-04 08:12 - 00003350 _____ C:\WINDOWS\System32\Tasks\{C9759327-FD29-4347-B87A-416FA1976BEF}
2017-01-04 08:02 - 2017-01-04 08:02 - 00000000 ____D C:\Users\thomas\AppData\Roaming\iolo
2017-01-04 06:01 - 2017-01-04 06:01 - 00000000 ___HD C:\OneDriveTemp
2017-01-04 02:32 - 2017-01-08 22:41 - 00002236 _____ C:\Users\Public\Desktop\Style Builder 2017.lnk
2017-01-04 02:32 - 2017-01-08 22:41 - 00002150 _____ C:\Users\Public\Desktop\LayOut 2017.lnk
2017-01-04 02:32 - 2017-01-08 22:41 - 00002061 _____ C:\Users\Public\Desktop\SketchUp 2017.lnk
2017-01-04 02:32 - 2017-01-04 02:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SketchUp 2017
2017-01-04 02:31 - 2017-01-04 02:31 - 00000000 ____D C:\Program Files\SketchUp
2017-01-04 01:35 - 2017-01-08 22:41 - 00001067 _____ C:\Users\Public\Desktop\Photoshop CS6 x64.lnk
2017-01-04 01:26 - 2017-01-04 01:35 - 00000000 ____D C:\Program Files\photoshop extended
2017-01-04 00:47 - 2017-01-06 20:08 - 00000000 ____D C:\Program Files\Plug-ins
2017-01-04 00:47 - 2017-01-04 01:18 - 00000000 ____D C:\Program Files\x64
2017-01-04 00:47 - 2017-01-04 01:18 - 00000000 ____D C:\Program Files\Required
2017-01-04 00:47 - 2017-01-04 01:18 - 00000000 ____D C:\Program Files\Presets
2017-01-04 00:47 - 2017-01-04 00:47 - 00000000 ____D C:\Program Files\Locales
2017-01-04 00:47 - 2017-01-04 00:47 - 00000000 ____D C:\Program Files\Configuration
2017-01-04 00:47 - 2017-01-04 00:47 - 00000000 ____D C:\Program Files\CIT
2017-01-04 00:47 - 2017-01-04 00:47 - 00000000 ____D C:\Program Files\AMT
2017-01-03 20:56 - 2017-01-03 20:56 - 00002903 _____ C:\Users\thomas\Desktop\template.txt
2017-01-03 20:49 - 2017-01-08 22:41 - 00001046 _____ C:\Users\thomas\Desktop\Cool Beans NFO Creator.lnk
2017-01-03 20:49 - 2017-01-03 20:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cool Beans NFO Creator
2017-01-03 20:49 - 2017-01-03 20:49 - 00000000 ____D C:\Program Files (x86)\Cool Beans NFO Creator
2017-01-03 12:35 - 2017-01-03 12:35 - 00000000 ___RD C:\Users\thomas\3D Objects
2017-01-01 10:05 - 2017-01-01 10:13 - 00000000 ____D C:\Users\thomas\Downloads\Collateral Beauty 2016 HDRip HD x264-LKRG
2016-12-31 23:52 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_6.dll
2016-12-31 23:52 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_6.dll
2016-12-31 23:52 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_4.dll
2016-12-31 23:52 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_3.dll
2016-12-31 23:52 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_3.dll
2016-12-31 23:52 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_3.dll
2016-12-31 23:52 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_3.dll
2016-12-31 23:52 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_2.dll
2016-12-31 23:52 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_2.dll
2016-12-31 23:52 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_5.dll
2016-12-31 23:52 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_5.dll
2016-12-31 23:52 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_2.dll
2016-12-31 23:52 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_2.dll
2016-12-31 23:52 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_1.dll
2016-12-31 23:52 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_1.dll
2016-12-31 23:52 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_2.dll
2016-12-31 23:52 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_2.dll
2016-12-31 13:26 - 2016-12-31 13:26 - 00000000 ____D C:\Users\thomas\My Games
2016-12-31 13:25 - 2016-12-31 13:25 - 00000000 ____D C:\Users\thomas\Documents\SkidRow
2016-12-31 09:43 - 2017-01-12 21:45 - 00000000 ____D C:\Users\thomas\Downloads\Documents
2016-12-31 06:18 - 2017-01-18 20:16 - 00000000 ____D C:\Users\thomas\Downloads\Video
2016-12-31 05:36 - 2016-12-31 05:36 - 00000000 ____D C:\Users\thomas\Desktop\Resume etc
2016-12-31 05:34 - 2017-01-08 22:41 - 00001217 _____ C:\Users\thomas\Desktop\SDMain.exe - Shortcut.lnk
2016-12-29 15:49 - 2016-12-29 15:49 - 00000000 ____D C:\Users\thomas\AppData\Roaming\ERS Game Studios
2016-12-29 15:32 - 2016-12-29 15:39 - 00000000 ____D C:\Users\thomas\Downloads\Adobe Photoshop CS6 Extended Multilingual (2016 Update) Incl Crack-=TEAM OS=-
2016-12-29 01:48 - 2016-12-29 01:48 - 00000000 ____D C:\Users\thomas\.android
2016-12-28 22:20 - 2017-01-08 22:41 - 00001894 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2016-12-28 22:20 - 2016-12-28 22:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2016-12-28 22:19 - 2017-01-12 15:38 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-12-28 21:33 - 2016-12-28 21:28 - 00000931 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20161228-213301.backup
2016-12-28 21:32 - 2016-12-28 21:32 - 00000000 ____D C:\Program Files (x86)\TeaTimer (Spybot - Search & Destroy)
2016-12-28 21:32 - 2016-12-28 21:32 - 00000000 ____D C:\Program Files (x86)\File Scanner Library (Spybot - Search & Destroy)
2016-12-28 21:29 - 2016-12-28 22:22 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-12-28 21:23 - 2016-12-28 21:23 - 00000000 ____D C:\Users\thomas\AppData\Roaming\SUPERAntiSpyware.com
2016-12-28 21:23 - 2016-12-28 21:23 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-12-28 21:16 - 2016-12-31 05:34 - 00000000 ____D C:\Users\thomas\Desktop\virus
2016-12-28 18:30 - 2016-12-28 18:30 - 98566144 _____ C:\WINDOWS\system32\config\software.bdkup
2016-12-28 18:30 - 2016-12-28 18:30 - 40632320 _____ C:\WINDOWS\system32\config\system.bdkup
2016-12-28 18:30 - 2016-12-28 18:30 - 10223616 _____ C:\Users\thomas\ntuser.dat.bdkup
2016-12-28 18:30 - 2016-12-28 18:30 - 04980736 _____ C:\WINDOWS\system32\config\default.bdkup
2016-12-28 17:12 - 2017-01-12 11:37 - 00000000 ____D C:\RescueCD Logs
2016-12-28 04:12 - 2016-12-28 04:12 - 00283136 ____H C:\WINDOWS\system32\BIT6856.tmp
2016-12-28 04:12 - 2016-12-28 04:12 - 00283136 ____H C:\WINDOWS\system32\BIT6623.tmp
2016-12-25 00:08 - 2016-12-25 00:08 - 00000000 ____D C:\Users\thomas\AppData\LocalLow\AparGames
2016-12-24 23:46 - 2016-12-24 23:46 - 00000000 ____D C:\Users\thomas\AppData\Roaming\AxiPLAY
2016-12-24 23:46 - 2016-12-24 23:46 - 00000000 ____D C:\Users\thomas\AppData\LocalLow\Unity
2016-12-24 20:41 - 2016-12-24 21:00 - 00000000 ____D C:\Users\thomas\Desktop\seperation
2016-12-24 12:40 - 2016-12-24 12:40 - 00000000 ____D C:\ProgramData\Sophos
2016-12-24 12:39 - 2017-01-08 22:41 - 00002769 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2016-12-24 12:39 - 2016-12-24 12:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2016-12-24 12:39 - 2016-12-24 12:39 - 00000000 ____D C:\Program Files (x86)\Sophos
2016-12-24 00:56 - 2016-12-24 01:02 - 00524288 ___SH C:\Users\thomas\ntuser.dat{02403372-c9a6-11e6-829c-847fb02d8fea}.TMContainer00000000000000000002.regtrans-ms
2016-12-24 00:56 - 2016-12-24 01:02 - 00524288 ___SH C:\Users\thomas\ntuser.dat{02403372-c9a6-11e6-829c-847fb02d8fea}.TMContainer00000000000000000001.regtrans-ms
2016-12-24 00:56 - 2016-12-24 01:02 - 00065536 ___SH C:\Users\thomas\ntuser.dat{02403372-c9a6-11e6-829c-847fb02d8fea}.TM.blf
2016-12-24 00:51 - 2016-12-24 00:53 - 00524288 ___SH C:\WINDOWS\system32\config\drivers{60caf797-c9a5-11e6-829a-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
2016-12-24 00:51 - 2016-12-24 00:53 - 00524288 ___SH C:\WINDOWS\system32\config\drivers{60caf797-c9a5-11e6-829a-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
2016-12-24 00:51 - 2016-12-24 00:53 - 00065536 ___SH C:\WINDOWS\system32\config\drivers{60caf797-c9a5-11e6-829a-806e6f6e6963}.TM.blf
2016-12-23 23:23 - 2016-12-24 02:18 - 00000000 ___HD C:\Program Files (x86)\Glencoe
2016-12-23 23:23 - 2016-12-24 02:18 - 00000000 ____D C:\Program Files (x86)\Itibiti Soft Phone
2016-12-23 23:23 - 2016-12-23 23:23 - 00000000 ____D C:\Users\Public\Documents\Guid
2016-12-23 23:22 - 2016-12-23 23:23 - 00000003 _____ C:\Users\thomas\AppData\Local\run1.txt
2016-12-23 23:22 - 2016-12-23 23:22 - 00000000 ____D C:\Users\thomas\AppData\Local\CrashRpt
2016-12-23 23:22 - 2016-12-23 23:22 - 00000000 _____ C:\TOSTACK
2016-12-23 23:08 - 2016-12-23 23:08 - 00000000 ____D C:\Program Files (x86)\iolo
2016-12-22 18:29 - 2017-01-04 01:34 - 00000000 ____D C:\ProgramData\Google
2016-12-22 15:34 - 2016-12-24 02:18 - 00000000 ____D C:\ProgramData\Mettle
2016-12-22 15:27 - 2016-12-22 15:27 - 00000000 ____D C:\Users\thomas\AppData\Roaming\Intel Corporation
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-19 01:12 - 2016-10-10 16:29 - 00000000 ____D C:\Users\thomas\Downloads\Compressed
2017-01-19 01:12 - 2016-10-10 16:29 - 00000000 ____D C:\Users\thomas\AppData\Roaming\DMCache
2017-01-19 00:59 - 2016-10-14 21:43 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-01-19 00:28 - 2016-10-10 16:29 - 00000000 ____D C:\Users\thomas\AppData\Roaming\IDM
2017-01-18 23:27 - 2016-10-10 10:27 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-18 22:54 - 2016-10-10 07:12 - 00000000 ____D C:\ProgramData\Synaptics
2017-01-18 22:37 - 2016-10-10 10:33 - 01681390 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-18 22:31 - 2016-10-10 16:29 - 00000000 ____D C:\Program Files\Internet Download Manager
2017-01-18 22:31 - 2016-10-10 10:41 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-18 22:31 - 2016-10-10 10:33 - 00000000 ____D C:\Users\thomas
2017-01-18 22:31 - 2016-10-10 09:02 - 00000000 __SHD C:\Users\thomas\IntelGraphicsProfiles
2017-01-18 22:30 - 2016-07-16 00:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-01-18 20:22 - 2016-07-16 05:45 - 00000000 ____D C:\WINDOWS\INF
2017-01-14 22:37 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-01-14 22:21 - 2016-10-10 17:00 - 00000000 ____D C:\Users\thomas\AppData\Local\ElevatedDiagnostics
2017-01-14 20:39 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-01-14 19:46 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\rescache
2017-01-13 15:01 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-13 11:06 - 2016-07-16 05:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-13 10:02 - 2016-11-19 03:07 - 00000000 ____D C:\Users\thomas\AppData\Roaming\uTorrent
2017-01-13 10:02 - 2016-07-16 05:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-01-13 09:59 - 2014-11-21 03:23 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2017-01-12 14:42 - 2016-07-16 05:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-12 10:09 - 2016-10-10 08:57 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-12 10:05 - 2016-10-10 10:27 - 04979272 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-12 04:30 - 2016-07-16 05:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-12 04:30 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-01-12 04:30 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-12 04:30 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-01-12 04:30 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-01-11 22:20 - 2016-12-02 13:52 - 00000000 ____D C:\Users\thomas\Desktop\foodstamp app
2017-01-11 00:07 - 2016-10-10 13:37 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-11 00:05 - 2016-10-10 13:36 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-08 22:42 - 2016-10-13 18:14 - 00001253 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis True Image.lnk
2017-01-08 22:42 - 2016-10-13 15:41 - 00002481 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
2017-01-08 22:42 - 2016-10-13 15:41 - 00002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
2017-01-08 22:42 - 2016-10-10 23:52 - 00002668 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2017-01-08 22:42 - 2016-10-10 23:52 - 00002660 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2017-01-08 22:42 - 2016-10-10 23:52 - 00002660 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2017-01-08 22:42 - 2016-10-10 23:52 - 00002654 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2017-01-08 22:42 - 2016-10-10 23:52 - 00002640 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2017-01-08 22:42 - 2016-10-10 16:32 - 00002239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-08 22:42 - 2016-10-10 10:37 - 00001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-01-08 22:41 - 2016-11-30 22:17 - 00001154 _____ C:\Users\Public\Desktop\iSkysoft iMedia Converter Deluxe.lnk
2017-01-08 22:41 - 2016-11-19 03:08 - 00002712 _____ C:\Users\thomas\Desktop\µTorrent.lnk
2017-01-08 22:41 - 2016-11-19 03:08 - 00002692 _____ C:\Users\thomas\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2017-01-08 22:41 - 2016-11-02 21:40 - 00002314 _____ C:\Users\Public\Desktop\HP OfficeJet 3830 series.lnk
2017-01-08 22:41 - 2016-11-02 10:18 - 00002140 _____ C:\ProgramData\Microsoft\Windows\Start Menu\PDFill PDF Editor.lnk
2017-01-08 22:41 - 2016-11-02 10:18 - 00002128 _____ C:\Users\Public\Desktop\PDFill PDF Editor.lnk
2017-01-08 22:41 - 2016-10-14 21:42 - 00001136 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2017-01-08 22:41 - 2016-10-13 19:31 - 00001183 _____ C:\Users\Public\Desktop\AOMEI Partition Assistant Unlimited Edition 6.0.lnk
2017-01-08 22:41 - 2016-10-13 18:14 - 00001235 _____ C:\Users\Public\Desktop\Acronis True Image.lnk
2017-01-08 22:41 - 2016-10-13 16:22 - 00001744 _____ C:\Users\Public\Desktop\Recuva.lnk
2017-01-08 22:41 - 2016-10-13 16:22 - 00000882 _____ C:\Users\Public\Desktop\Speccy.lnk
2017-01-08 22:41 - 2016-10-13 16:21 - 00001810 _____ C:\Users\Public\Desktop\Defraggler.lnk
2017-01-08 22:41 - 2016-10-13 16:21 - 00000908 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-01-08 21:30 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\tracing
2017-01-06 20:16 - 2016-10-10 16:31 - 00000000 ____D C:\Program Files (x86)\Google
2017-01-06 20:16 - 2016-10-10 07:02 - 00000000 ____D C:\Intel
2017-01-06 20:15 - 2016-10-10 10:30 - 00000000 ____D C:\ProgramData\Validity
2017-01-06 20:08 - 2016-10-31 21:34 - 00000000 ____D C:\Program Files\iMedia Converter Deluxe
2017-01-06 20:08 - 2016-10-13 15:34 - 00000000 ____D C:\Program Files\Adobe
2017-01-06 20:08 - 2016-10-13 14:08 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-01-06 20:08 - 2016-10-10 13:12 - 00000000 ____D C:\inetpub
2017-01-06 20:08 - 2014-04-04 17:55 - 00000000 ____D C:\SWSetup
2017-01-06 20:07 - 2016-11-18 23:07 - 00000000 ____D C:\Users\thomas\Downloads\CyberLink.Director.Suite.v4.0.Keymaker.Only-CORE
2017-01-06 19:47 - 2016-11-01 23:40 - 00000000 ____D C:\ProgramData\IntelDLM
2017-01-06 19:47 - 2016-10-13 14:18 - 00000000 ____D C:\Users\thomas\Documents\Adobe
2017-01-06 19:41 - 2016-10-10 09:02 - 00000000 ____D C:\Users\thomas\AppData\Local\Packages
2017-01-06 19:12 - 2016-10-10 10:30 - 00006567 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2017-01-06 19:10 - 2016-10-10 10:30 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2017-01-06 19:09 - 2016-10-10 10:30 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-01-06 19:09 - 2016-10-10 07:04 - 05523456 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2017-01-06 19:09 - 2016-10-10 07:04 - 00192976 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2017-01-06 19:09 - 2016-10-10 07:04 - 00023688 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2017-01-06 19:09 - 2016-10-10 07:03 - 03503048 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2017-01-06 19:09 - 2016-10-10 07:03 - 03201376 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2017-01-06 19:08 - 2016-05-26 22:37 - 00228112 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\ibtusb.sys
2017-01-06 19:08 - 2016-05-26 22:37 - 00183560 _____ (Intel Corporation) C:\WINDOWS\system32\ibtsiva.exe
2017-01-06 19:07 - 2016-10-15 06:06 - 00000000 ____D C:\Program Files (x86)\HP
2017-01-06 19:07 - 2016-10-10 10:30 - 00000000 ____D C:\Program Files\Realtek
2017-01-06 19:07 - 2013-07-22 17:45 - 00031656 _____ (HP) C:\WINDOWS\system32\Drivers\WirelessButtonDriver64.sys
2017-01-06 19:06 - 2013-11-08 12:22 - 01469952 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\iaStorA.sys
2017-01-06 19:06 - 2013-08-01 09:03 - 03660112 _____ (Synaptics Incorporated) C:\WINDOWS\system32\vcsAPIFORWBF.dll
2017-01-06 19:05 - 2015-06-23 11:56 - 00204896 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\TeeDriverW8x64.sys
2017-01-05 01:15 - 2016-10-10 13:26 - 00000000 ___DC C:\WINDOWS\Panther
2017-01-05 00:59 - 2016-11-14 12:04 - 00000000 ____D C:\Users\thomas\Desktop\phone
2017-01-04 22:40 - 2016-10-10 07:03 - 00000000 ____D C:\Program Files (x86)\Realtek
2017-01-04 15:19 - 2016-11-19 01:49 - 00000000 ____D C:\Users\thomas\AppData\Roaming\Apple Computer
2017-01-04 14:13 - 2016-10-10 07:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-01-04 08:02 - 2014-11-21 03:29 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-01-04 07:14 - 2016-12-15 09:29 - 00000000 ____D C:\Users\thomas\AppData\Local\Downloaded Installations
2017-01-04 06:28 - 2016-10-13 16:21 - 00000000 ____D C:\Program Files\CCleaner
2017-01-04 06:17 - 2016-11-18 23:22 - 00000000 ____D C:\ProgramData\CLSK
2017-01-04 06:17 - 2016-11-18 22:30 - 00000000 ____D C:\ProgramData\SUPPORTDIR
2017-01-04 06:17 - 2016-10-10 07:18 - 00000000 ____D C:\Program Files (x86)\CyberLink
2017-01-04 06:16 - 2016-10-10 07:33 - 00000000 ____D C:\Program Files\CyberLink
2017-01-04 06:02 - 2016-10-10 09:07 - 00000000 ___RD C:\Users\thomas\OneDrive
2017-01-04 05:26 - 2016-10-10 07:18 - 00000000 ____D C:\ProgramData\AVAST Software
2017-01-04 02:34 - 2016-10-15 20:10 - 00000000 ____D C:\Users\thomas\AppData\Roaming\SketchUp
2017-01-04 02:31 - 2014-11-21 03:34 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-04 01:34 - 2016-10-10 16:31 - 00000000 ____D C:\Users\thomas\AppData\Local\Google
2017-01-04 01:08 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\registration
2017-01-04 01:07 - 2016-10-15 20:03 - 00000000 ____D C:\ProgramData\SketchUp
2017-01-04 00:21 - 2016-10-15 20:04 - 00000000 ____D C:\ProgramData\Reprise
2017-01-03 20:58 - 2016-10-10 09:03 - 00000000 ____D C:\Users\thomas\AppData\Local\VirtualStore
2017-01-01 03:44 - 2016-10-10 07:03 - 00000000 ___HD C:\Program Files (x86)\Temp
2017-01-01 03:41 - 2016-10-10 07:03 - 02825944 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtlExUpd.dll
2017-01-01 03:40 - 2016-10-10 07:02 - 00000000 ____D C:\Program Files\Intel
2017-01-01 03:38 - 2016-10-10 07:10 - 00000000 ____D C:\WINDOWS\Hewlett-Packard
2016-12-31 23:51 - 2016-07-16 05:47 - 00000000 __RSD C:\WINDOWS\assembly
2016-12-31 05:37 - 2016-10-10 06:05 - 00000000 ____D C:\Users\thomas\Desktop\Backup_2016-10-10 040524
2016-12-31 03:04 - 2016-11-02 21:41 - 00000000 ____D C:\Users\thomas\AppData\Roaming\HpUpdate
2016-12-29 21:29 - 2016-10-10 16:29 - 00000000 ____D C:\Users\thomas\Downloads\Music
2016-12-29 01:47 - 2016-07-16 05:47 - 00000000 __RSD C:\WINDOWS\Fonts
2016-12-28 21:33 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\Drivers\etc
2016-12-28 21:33 - 2013-08-22 07:25 - 00453958 ____R C:\WINDOWS\system32\Drivers\etc\hosts
2016-12-24 19:33 - 2016-10-10 07:09 - 00000000 __SHD C:\$RECYCLE.BIN
2016-12-24 02:32 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2016-12-24 02:28 - 2016-10-10 16:31 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-24 02:28 - 2016-10-10 16:31 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-24 02:19 - 2016-10-10 16:29 - 00000000 ____D C:\Users\thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2016-12-24 02:19 - 2016-10-10 16:27 - 00000000 ____D C:\Users\thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-12-24 02:19 - 2016-10-10 10:41 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2016-12-24 02:19 - 2016-10-10 10:33 - 00000000 ___RD C:\Users\thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2016-12-24 02:19 - 2016-10-10 10:33 - 00000000 ___RD C:\Users\thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2016-12-24 02:19 - 2016-10-10 10:33 - 00000000 ___RD C:\Users\thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2016-12-24 02:19 - 2016-10-10 10:33 - 00000000 ___RD C:\Users\thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2016-12-24 02:19 - 2016-07-16 05:47 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2016-12-24 02:19 - 2016-07-16 05:47 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2016-12-24 02:19 - 2016-07-16 05:47 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2016-12-24 02:19 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\CodeIntegrity
2016-12-24 02:19 - 2016-07-16 00:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-12-24 02:19 - 2013-08-22 09:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-12-24 02:18 - 2016-11-14 17:33 - 00000000 ____D C:\Users\thomas\AppData\Local\NETGEARGenie
2016-12-24 02:18 - 2016-11-02 21:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2016-12-24 02:18 - 2016-11-02 10:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFill
2016-12-24 02:18 - 2016-11-01 23:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility
2016-12-24 02:18 - 2016-10-31 21:34 - 00000000 ____D C:\ProgramData\iSkysoft iMedia Converter Deluxe
2016-12-24 02:18 - 2016-10-14 21:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-12-24 02:18 - 2016-10-13 21:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2016-12-24 02:18 - 2016-10-13 19:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOMEI Partition Assistant Unlimited Edition 6.0
2016-12-24 02:18 - 2016-10-13 16:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2016-12-24 02:18 - 2016-10-13 16:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2016-12-24 02:18 - 2016-10-13 16:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
2016-12-24 02:18 - 2016-10-13 16:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-12-24 02:18 - 2016-10-13 15:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
2016-12-24 02:18 - 2016-10-13 15:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6
2016-12-24 02:18 - 2016-10-10 23:52 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2016-12-24 02:18 - 2016-10-10 16:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2016-12-24 02:18 - 2016-10-10 16:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-12-24 02:18 - 2016-10-10 07:19 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2016-12-24 02:18 - 2014-11-21 03:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2016-12-24 02:18 - 2014-11-21 03:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2016-12-24 02:18 - 2014-11-21 03:27 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2016-12-24 02:04 - 2016-10-10 10:33 - 00000000 ___SD C:\Users\thomas\AppData\Roaming\Microsoft
2016-12-24 02:02 - 2016-10-13 14:07 - 00000000 ____D C:\ProgramData\Adobe
2016-12-24 02:02 - 2016-10-10 07:20 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
 
==================== Files in the root of some directories =======
 
2016-10-14 04:37 - 2016-10-14 04:37 - 0000132 _____ () C:\Users\thomas\AppData\Roaming\Adobe GIF Format CS6 Prefs
2016-11-02 20:59 - 2016-11-02 20:59 - 0001456 _____ () C:\Users\thomas\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-10-13 20:35 - 2016-11-14 23:11 - 0007597 _____ () C:\Users\thomas\AppData\Local\Resmon.ResmonCfg
2016-12-23 23:22 - 2016-12-23 23:23 - 0000003 _____ () C:\Users\thomas\AppData\Local\run1.txt
2016-11-02 21:40 - 2016-11-02 21:40 - 0000057 _____ () C:\ProgramData\Ament.ini
 
Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\dwm.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-01-17 17:11
 
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-01-2017
Ran by thomas (19-01-2017 02:21:44)
Running from C:\Users\thomas\Downloads\Programs
Windows 10 Home Version 1607 (X64) (2016-10-10 17:33:00)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3191074968-1142232586-2317584735-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3191074968-1142232586-2317584735-503 - Limited - Disabled)
Guest (S-1-5-21-3191074968-1142232586-2317584735-501 - Limited - Disabled)
thomas (S-1-5-21-3191074968-1142232586-2317584735-1001 - Administrator - Enabled) => C:\Users\thomas
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: IObit Malware Fighter (Enabled - Up to date) {4D381C57-3C7A-6F22-07EB-639F49E836D4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: IObit Malware Fighter (Enabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
. . . (Version: 2.1.28.3 - Intel) Hidden
. . . (x32 Version: 2.6.1.4 - Intel) Hidden
µTorrent (HKU\S-1-5-21-3191074968-1142232586-2317584735-1001\...\uTorrent) (Version: 3.4.9.42923 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acronis True Image (HKLM-x32\...\{1D97407D-1C0C-4749-8A57-A57C17C71D45}Visible) (Version: 20.0.5534 - Acronis)
Acronis True Image (x32 Version: 20.0.5534 - Acronis) Hidden
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.1 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Advanced SystemCare 10 (HKLM-x32\...\Advanced SystemCare_is1) (Version: 10.1.0 - IObit)
AOMEI Partition Assistant Unlimited Edition 6.0 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-5498165BF3D0}_is1) (Version:  - AOMEI Technology Co., Ltd.)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.22 - Piriform)
Charter TV Player (HKLM-x32\...\{076af162-8f4c-4e36-9013-1673e5cf4d24}) (Version: 6.6 - Charter)
Cisco VideoGuard Player (HKLM-x32\...\{dfc759fd-a56f-4d04-8306-d1480137a065}) (Version: 6.6 - Cisco Systems, Inc)
Cool Beans NFO Creator 2.0.1.3 (HKLM-x32\...\Cool Beans NFO Creator_is1) (Version:  - Cool Beans Software)
CyberLink Power Media Player 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5.4505 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.5.4523 - CyberLink Corp.)
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Driver Booster 4.1 (HKLM-x32\...\Driver Booster_is1) (Version: 4.1.0 - IObit)
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Facebook Gameroom 1.2.1.1 (HKLM-x32\...\{C0CC7E04-39D6-48DC-8BCB-9D9FCD255996}) (Version: 1.2.1.1 - Facebook)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
gpedt.msc 1.0 (HKLM-x32\...\{10B9C608-BF7C-4CCF-A658-C01D969DCA21}_is1) (Version:  - Richard)
Herramientas de corrección de Microsoft Office 2016: español (x32 Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{E8D0E2B8-B64B-44BC-8E01-00DDACBDF78A}) (Version: 6.0.28.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{ADE2F6A7-E7BD-4955-BD66-30903B223DDF}) (Version: 2.20.41 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{C203E224-E4BE-4210-9D30-EB6571ACA1F9}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Dropbox Plugin (HKLM-x32\...\{23617173-F935-4C17-A323-EB1207F3ED49}) (Version: 36.0.31.53050 - Hewlett-Packard Co.)
HP Google Drive Plugin (HKLM-x32\...\{AFF80405-E56A-48E7-98FC-8E46E261949F}) (Version: 36.0.31.53050 - Hewlett-Packard Co.)
HP OfficeJet 3830 series Basic Device Software (HKLM\...\{644380A4-11D0-48CB-AAB8-CCB6BD072784}) (Version: 36.0.72.54013 - Hewlett-Packard Co.)
HP OfficeJet 3830 series Help (HKLM-x32\...\{1FCCD112-2F27-463D-8C36-1D5C29A3BB3E}) (Version: 35.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7745.4851 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{56D27851-B9A6-430F-875A-E2D7A3802C7B}) (Version: 8.3.50.9 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{2B5A1E68-6617-406D-B797-5DAB5B4630B8}) (Version: 12.5.32.203 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{C39A7F0F-89A6-44BB-B1BF-5F96569B5345}) (Version: 1.2.9 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard)
Inst5675 (Version: 8.01.11 - Softex Inc.) Hidden
Inst5676 (Version: 8.01.11 - Softex Inc.) Hidden
Intel® Chipset Device Software (x32 Version: 10.1.1.7 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4248 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{1C9F622C-EAA2-41D3-9E0A-F8760C58A5D5}) (Version: 19.10.1635.0483 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{fe2eebd3-ee15-4538-bb19-b627e3f2a911}) (Version: 2.6.1.4 - Intel)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
IObit Malware Fighter 4 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 4.4 - IObit)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 6.1.0.510 - IObit)
iSkysoft iMedia Converter Deluxe(Build 9.0.0.1) (HKLM-x32\...\iSkysoft iMedia Converter Deluxe_is1) (Version: 9.0.0.1 - iSkysoft Software)
Logitech Options (HKLM\...\LogiOptions) (Version:  - Logitech)
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office Professional Plus 2016 (HKLM-x32\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Outils de vérification linguistique 2016 de Microsoft Office - Français (x32 Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 12.0 - PlotSoft LLC)
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
proDAD Adorage 3.0 (64bit) (HKLM\...\proDAD-Adorage-3.0) (Version: 3.0.114.1 - proDAD GmbH)
Rays (HKLM\...\Digital Film Tools-Rays 2.0) (Version: 2.0 - Digital Film Tools)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.55 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8004 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.51.0 - SAMSUNG Electronics Co., Ltd.)
SketchUp 2017 (HKLM\...\{BCA90A4C-9C6A-49D1-91F9-594A0BE02432}) (Version: 17.1.174 - Trimble, Inc.)
Smart Defrag 5 (HKLM-x32\...\Smart Defrag_is1) (Version: 5.4.0 - IObit)
SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.8 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (x32 Version: 5.1.8 - SmartSound Software Inc.) Hidden
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1230 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.2.4.10 - Synaptics Incorporated)
Topaz Adjust 5 (HKLM-x32\...\Topaz Adjust 5) (Version: 5.1.0 - Topaz Labs, LLC)
Topaz B&W Effects (HKLM-x32\...\Topaz BW Effects 2) (Version: 2.1.0 - Topaz Labs, LLC)
Topaz Clarity (HKLM-x32\...\Topaz Clarity) (Version: 1.0.0 - Topaz Labs, LLC)
Topaz Clean 3 (HKLM-x32\...\Topaz Clean 3) (Version: 3.1.0 - Topaz Labs, LLC)
Topaz DeJpeg 4 (HKLM-x32\...\Topaz DeJpeg 4) (Version: 4.0.2 - Topaz Labs, LLC)
Topaz DeNoise 6 (HKLM-x32\...\Topaz DeNoise 6) (Version: 6.0.1 - Topaz Labs, LLC)
Topaz Detail 3 (HKLM-x32\...\Topaz Detail 3) (Version: 3.2.0 - Topaz Labs, LLC)
Topaz Fusion Express 2 (HKLM-x32\...\Topaz Fusion Express 2) (Version: 2.1.3 - Topaz Labs, LLC)
Topaz InFocus (HKLM-x32\...\Topaz InFocus) (Version: 1.0.0 - Topaz Labs, LLC)
Topaz Lens Effects (HKLM-x32\...\Topaz Lens Effects) (Version: 1.2.0 - Topaz Labs, LLC)
Topaz ReMask 5 (HKLM-x32\...\Topaz ReMask 5) (Version: 5.0.1 - Topaz Labs, LLC)
Topaz ReStyle (HKLM-x32\...\Topaz ReStyle) (Version: 1.0.0 - Topaz Labs, LLC)
Topaz Simplify 4 (HKLM-x32\...\Topaz Simplify 4) (Version: 4.1.1 - Topaz Labs, LLC)
Topaz Star Effects (HKLM-x32\...\Topaz Star Effects) (Version: 1.1.0 - Topaz Labs, LLC)
Ultimate Control version 1.2 (HKLM-x32\...\{4D649577-47C2-4068-B7B8-09D1FEE7EF03}_is1) (Version: 1.2 - NEGU Soft)
Update for Skype for Business 2016 (KB3115268) 32-Bit Edition (HKLM-x32\...\{90160000-0011-0000-0000-0000000FF1CE}_Office16.PROPLUS_{0FB91F90-6FB9-4984-987D-7300F55D3B3E}) (Version:  - Microsoft)
Update for Skype for Business 2016 (KB3115268) 32-Bit Edition (HKLM-x32\...\{90160000-012B-0409-0000-0000000FF1CE}_Office16.PROPLUS_{0FB91F90-6FB9-4984-987D-7300F55D3B3E}) (Version:  - Microsoft)
Validity WBF DDK (HKLM\...\{21498212-1146-4540-8A81-6A1328BA19F2}) (Version: 4.5.228.0 - Validity Sensors, Inc.)
WinRAR 5.40 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
ZHPDiag 2015 (HKLM-x32\...\ZHPDiag_is1) (Version: 2015 - Nicolas Coolman)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0566C8F3-6CDC-48B9-8B3A-59B4FA8F3ADA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-10] (Google Inc.)
Task: {0E307DB1-6710-43E3-91FB-2FB4DB090F44} - \McAfee\McAfee Idle Detection Task -> No File <==== ATTENTION
Task: {13D9FE13-5C88-4C4B-9865-180DC5EEE354} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2014-05-19] (Hewlett-Packard Development Company, L.P.)
Task: {1579130D-D752-44E4-A3FD-C3067FC88D96} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe [2016-11-21] (IObit)
Task: {15F445FA-CFDF-424E-B187-6F560938F8CF} - System32\Tasks\Uninstaller_SkipUac_thomas => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-12-15] (IObit)
Task: {25C3CA08-6F37-40FF-83E9-466A336265A4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-01-09] (HP Inc.)
Task: {328C5677-F1A6-47CB-B719-BDC31DED6265} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {39B82666-E0C5-4762-B63E-B52300E3C0E5} - System32\Tasks\IObitSelfCheckTask => C:\Program Files (x86)\IObit\Smart Defrag\IObitSelfCheck.exe [2016-10-18] (IObit)
Task: {3FFE1E8C-80F1-43AC-BD72-92BEA752E29E} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-12-15] (IObit)
Task: {454DB776-9CF5-4084-99CB-B1BE4097B25C} - System32\Tasks\Driver Booster SkipUAC (thomas) => C:\Program Files (x86)\IObit\Driver Booster\4.1.0\DriverBooster.exe [2016-11-14] (IObit)
Task: {4DB7C438-6E5A-4BD7-B2B4-72858FF57B6A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-10] (Google Inc.)
Task: {52FD1251-12D0-4FA2-BE0A-105EAB6E9EA8} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe
Task: {5B6F7C14-636A-4B6E-9A7A-2CB34FC17C8C} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [2016-07-22] (IObit)
Task: {65E4FD3E-7200-440C-8AE9-D4E79C579EED} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-01-09] (HP Inc.)
Task: {68F6D343-F9A9-4CFD-980D-7C52AC214940} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {6D1426EF-320F-4D23-BB2C-3ED9B6D46805} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-26] (Piriform Ltd)
Task: {79C82D91-E4BA-4547-A7B1-54C23018DF35} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {7EBD111B-447E-463E-AE59-EDBE8F776859} - System32\Tasks\USER_ESRV_SVC_WILLAMETTE => Wscript.exe //B //NoLogo "C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.vbs"
Task: {8CE5CCF8-E5B3-4230-9D6F-1C34620149C9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-07-04] (HP Inc.)
Task: {8D770E77-606F-40AD-B9FE-307AE052BFE0} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {8DB9115B-5E96-4FB9-94F4-FFED739EFB80} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {9A7BCFB0-665D-4B27-8BE4-7617C9B74AD1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2016-12-15] (HP Inc.)
Task: {9AC58C98-CF4F-4C6C-BD20-9939FE05DF8F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
Task: {9EED9D0B-BD22-430E-9C0A-206FDDE4F646} - System32\Tasks\SUPERAntiSpyware Scheduled Task 2636d186-2e3a-4af2-8c50-418d9fdc02c6 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {AC606831-FD4A-4C06-9A76-20AA285E5DBA} - System32\Tasks\{C9759327-FD29-4347-B87A-416FA1976BEF} => pcalua.exe -a C:\Users\thomas\Downloads\Programs\Glary\gup5setup.exe -d C:\Users\thomas\Downloads\Programs\Glary
Task: {ACDE4AC6-C2C9-4E0A-B17B-BA1BF9E41BAD} - \WPD\SqmUpload_S-1-5-21-3191074968-1142232586-2317584735-1001 -> No File <==== ATTENTION
Task: {AFB3823B-4216-4225-8023-C19696B2A9B1} - System32\Tasks\SUPERAntiSpyware Scheduled Task fdef56f6-661c-43f9-a0c8-268382257861 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {B0B1B862-276D-4310-A840-D74B7567D488} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
Task: {B61979D1-C60E-44FF-9319-3E7C05C82C07} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\4.1.0\Scheduler.exe [2016-11-08] (IObit)
Task: {BBC37815-2852-403B-9EF1-1612CC43DA14} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {BD3898BD-5A45-4080-AA75-580FA5D29D04} - System32\Tasks\R@1n-KMS\Office16ProPlus => wmic [Argument = path SoftwareLicensingProduct where (ID="d450596f-894d-49e0-966a-fd39ed4c4c64") call Activate]
Task: {C73CF3AB-6BED-4A2B-9B27-9A47D6A75416} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {CC47572D-44C6-4FAB-B365-8BB62C309D82} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN6542J4T0 => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-01-09] (HP Inc.)
Task: {E17BBC62-4B1F-4D12-B856-8BD2127B9637} - System32\Tasks\ASC10_SkipUac_thomas => C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe [2016-12-27] (IObit)
Task: {EAFBBA4E-9CE2-4037-8A63-242AB5BA7C57} - System32\Tasks\ASC10_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe [2016-12-05] (IObit)
Task: {FBAEB9AA-A73D-49EC-8773-51AF9CC217C7} - System32\Tasks\SmartDefrag_AutoAnalyze => C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe [2016-06-06] (IObit)
Task: {FDDA9D4E-9975-4E1F-ADDE-8807B727ABF6} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-09-23] (CyberLink Corp.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 2636d186-2e3a-4af2-8c50-418d9fdc02c6.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe  C:\Program Files\SUPERAntiSpyware\c7eeef23-1abc-4ee1-b32f-74a982c4f520.com
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task fdef56f6-661c-43f9-a0c8-268382257861.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe  C:\Program Files\SUPERAntiSpyware\c7eeef23-1abc-4ee1-b32f-74a982c4f520.com
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_thomas.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 05:42 - 2016-07-16 05:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-14 02:25 - 2016-12-09 04:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2014-03-28 15:31 - 2014-03-28 15:31 - 02110464 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2014-03-28 15:27 - 2014-03-28 15:27 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2014-03-28 15:27 - 2014-03-28 15:27 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2014-03-28 15:27 - 2014-03-28 15:27 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2014-03-28 15:48 - 2014-03-28 15:48 - 00367504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2014-03-28 15:48 - 2014-03-28 15:48 - 00712080 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2016-12-14 02:25 - 2016-12-09 04:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-07-12 05:12 - 2016-07-12 05:12 - 08911552 _____ () C:\Program Files\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-10-10 13:21 - 2016-10-10 13:21 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-10 23:36 - 2016-12-21 01:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-10 23:36 - 2016-12-21 01:08 - 00693248 _____ () C:\Windows\ShellExperiences\MtcUvc.dll
2017-01-10 23:36 - 2016-12-21 00:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-10 23:36 - 2016-12-21 00:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-10 23:36 - 2016-12-21 00:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-10 23:36 - 2016-12-21 00:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-10 23:36 - 2016-12-21 00:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-10 23:36 - 2016-12-21 00:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2014-03-28 15:36 - 2014-03-28 15:36 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2016-11-23 07:56 - 2016-11-23 07:56 - 00019456 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-11-23 07:56 - 2016-11-23 07:56 - 20433408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-10-10 12:14 - 2016-10-10 12:14 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2016-11-23 07:56 - 2016-11-23 07:56 - 01046528 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2016-11-23 07:56 - 2016-11-23 07:56 - 00353792 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Photos.Inking.dll
2016-11-30 22:17 - 2015-02-27 14:38 - 00721263 _____ () C:\WINDOWS\SysWoW64\ISCM64.dll
2016-12-14 19:27 - 2016-12-08 02:03 - 02412888 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
2016-12-14 19:27 - 2016-12-08 02:03 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll
2017-01-06 18:45 - 2016-08-03 17:16 - 01307560 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\SPNativeMessage.exe
2017-01-11 13:02 - 2017-01-11 13:02 - 31167576 _____ () C:\Users\thomas\AppData\Local\Google\Chrome\User Data\PepperFlash\24.0.0.194\pepflashplayer.dll
2017-01-04 15:18 - 2016-06-21 19:30 - 00442144 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2017-01-04 15:18 - 2016-06-21 19:29 - 00210720 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2017-01-04 15:18 - 2016-06-21 19:29 - 00059680 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2017-01-06 18:45 - 2016-08-18 18:43 - 00442144 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madExcept_.bpl
2017-01-06 18:45 - 2016-08-18 18:43 - 00210720 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madBasic_.bpl
2017-01-06 18:45 - 2016-08-18 18:43 - 00059680 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\madDisAsm_.bpl
2017-01-06 18:44 - 2016-11-01 10:11 - 00078624 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\GetProcessDLL.dll
2017-01-06 18:44 - 2015-12-28 13:50 - 00899872 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\webres.dll
2017-01-06 18:44 - 2016-09-26 13:59 - 00631072 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare\ProductStatistics.dll
2017-01-06 18:32 - 2016-03-31 17:57 - 00899872 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\webres.dll
2017-01-06 18:32 - 2016-03-31 17:57 - 00188704 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\unrar.dll
2017-01-06 18:32 - 2016-03-31 17:57 - 00151840 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\zlibwapi.dll
2017-01-06 18:32 - 2016-03-31 17:57 - 00625440 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\ProductStatistics.dll
2016-10-10 07:02 - 2013-12-10 09:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2016-12-14 11:25 - 2016-12-14 11:25 - 01180160 _____ () C:\Users\thomas\AppData\Local\Facebook\Games\CefSharp.Core.dll
2016-11-17 19:01 - 2016-11-17 19:01 - 52839936 _____ () C:\Users\thomas\AppData\Local\Facebook\Games\libcef.dll
2017-01-06 18:32 - 2016-03-31 17:57 - 00355616 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madExcept_.bpl
2017-01-06 18:32 - 2016-03-31 17:57 - 00190240 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madBasic_.bpl
2017-01-06 18:32 - 2016-03-31 17:57 - 00057632 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madDisAsm_.bpl
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
AlternateDataStreams: C:\Users\thomas\Cookies:j62b7rZV6grB2mq8cGK4MgEj [2042]
AlternateDataStreams: C:\Users\thomas\AppData\Local\nAW9H1eZUt:Ty5gQ5sg0WT96FRBARxa7I8NnzM [2070]
AlternateDataStreams: C:\Users\thomas\AppData\Local\Temp:{6F005000-2F00-7800-6500-390048002F00} [192]
AlternateDataStreams: C:\Users\thomas\AppData\Local\Temp:{72003900-6600-5400-7400-52004B005100} [664]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7924 more sites.
 
IE restricted site: HKU\S-1-5-21-3191074968-1142232586-2317584735-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3191074968-1142232586-2317584735-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3191074968-1142232586-2317584735-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3191074968-1142232586-2317584735-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3191074968-1142232586-2317584735-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3191074968-1142232586-2317584735-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3191074968-1142232586-2317584735-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3191074968-1142232586-2317584735-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3191074968-1142232586-2317584735-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3191074968-1142232586-2317584735-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3191074968-1142232586-2317584735-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3191074968-1142232586-2317584735-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3191074968-1142232586-2317584735-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3191074968-1142232586-2317584735-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3191074968-1142232586-2317584735-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3191074968-1142232586-2317584735-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3191074968-1142232586-2317584735-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3191074968-1142232586-2317584735-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3191074968-1142232586-2317584735-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3191074968-1142232586-2317584735-1001\...\1-se.com -> 1-se.com
 
There are 11462 more sites.
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 07:25 - 2016-12-28 21:33 - 00453958 ____R C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 activation.acronis.com 
0.0.0.0 superantispyware.com
0.0.0.0 license.superantispyware.com127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
 
There are 15576 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3191074968-1142232586-2317584735-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\thomas\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\StartupFolder: => "avast! SecureLine.lnk"
HKLM\...\StartupApproved\Run: => "OPBHOBroker"
HKLM\...\StartupApproved\Run: => "OPBHOBrokerDesktop"
HKLM\...\StartupApproved\Run: => "Acronis Scheduler2 Service"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G11"
HKU\S-1-5-21-3191074968-1142232586-2317584735-1001\...\StartupApproved\Run: => "NETGEARGenie"
HKU\S-1-5-21-3191074968-1142232586-2317584735-1001\...\StartupApproved\Run: => "Power2GoExpress11"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{363A261E-6A32-41F4-8E05-8718CD7B1529}] => C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{BECE88F3-89CD-48D5-93ED-0DC91A85F33B}] => C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{56C262FF-9EC4-4D8A-87E9-F1AD2FB8A3EB}] => C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{26911C61-8C38-44AF-8DE7-553834CDB451}] => C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{C82738A6-9118-44B9-BDAD-09EF0E4844AF}] => C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe
FirewallRules: [{A3A08B1F-3A6C-495C-BF8C-AC0628A47544}] => C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe
FirewallRules: [{CA92306B-1628-4663-969B-10C65D2F9A04}] => LPort=7935
FirewallRules: [{6B6EE3CF-F2FF-447D-BACB-5E020BF4520B}] => C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{B81D323C-D640-4C3B-8E27-EB94A38F234F}] => C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
FirewallRules: [{E72CB631-E940-4216-866E-CAED9B33E351}] => C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe
FirewallRules: [{7A2F1335-AB8D-4BDF-BB92-7391C0B7F783}] => C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe
FirewallRules: [{A94199AB-5EEE-45C8-A042-59FA22AA7B07}] => C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE
FirewallRules: [{04E9A176-42C1-44A8-AC36-422972348912}] => C:\Users\thomas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5AD549B0-D51C-4E8A-9609-25374EFB82C3}] => C:\Users\thomas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{736BA370-0C30-4FBD-A501-ED8F2EA4F4AE}C:\windows\system32\rundll32.exe] => C:\windows\system32\rundll32.exe
FirewallRules: [UDP Query User{2E76F71C-FBF4-4586-AC02-5C6B79D1B7A0}C:\windows\system32\rundll32.exe] => C:\windows\system32\rundll32.exe
FirewallRules: [{70BC1DC4-68BE-47BC-AA5F-660407EF43DC}] => C:\Program Files\HP\HP OfficeJet 3830 series\bin\FaxApplications.exe
FirewallRules: [{82710DDD-2C53-43CB-8568-234697379490}] => C:\Program Files\HP\HP OfficeJet 3830 series\bin\DigitalWizards.exe
FirewallRules: [{D2A86D68-F241-4795-85DC-142997C1C48C}] => C:\Program Files\HP\HP OfficeJet 3830 series\bin\SendAFax.exe
FirewallRules: [{F1C56B4A-7010-441E-85D8-03694863AE03}] => C:\Program Files\HP\HP OfficeJet 3830 series\bin\FaxPrinterUtility.exe
FirewallRules: [{2F1E35A1-3674-4039-B4E6-6D590FDAB51B}] => C:\Program Files\HP\HP OfficeJet 3830 series\Bin\DeviceSetup.exe
FirewallRules: [{2D28C671-8E13-474D-AADE-622F68F310F0}] => LPort=5357
FirewallRules: [{2D8D7020-0C12-4B48-AE2F-1C821D061ADD}] => C:\Program Files\HP\HP OfficeJet 3830 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{12D06628-61A1-45EB-B5AB-BAE8063147AF}] => C:\Users\thomas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E4FF28D2-CCBD-441C-9667-7AEB6CB5F938}] => C:\Users\thomas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{23D8ED3D-B686-423E-86E3-27AE0262A23A}] => C:\Users\thomas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A8751144-94A1-4A23-A0E0-9CA8046C1A4F}] => C:\Users\thomas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1339D7D8-A709-40B1-852D-02268CB306E4}] => C:\Users\thomas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7BA88F2D-0A9A-4BB8-AF1B-DAC050353E1A}] => C:\Users\thomas\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F574FFC1-81E7-4AB6-921A-3C9C1FBEDE70}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{E47E0F91-29E5-45DE-AF77-7C6AE7EB8F31}C:\users\thomas\appdata\local\apps\2.0\egk0r7oc.pjh\tqkkzr61.mkk\btco..tion_565a16168bc4efff_0001.0001_667f2fc24494158c\btcontrollerpchost.exe] => C:\users\thomas\appdata\local\apps\2.0\egk0r7oc.pjh\tqkkzr61.mkk\btco..tion_565a16168bc4efff_0001.0001_667f2fc24494158c\btcontrollerpchost.exe
FirewallRules: [UDP Query User{7DF19DCC-BE15-4FD6-8383-BF3DF157F7B5}C:\users\thomas\appdata\local\apps\2.0\egk0r7oc.pjh\tqkkzr61.mkk\btco..tion_565a16168bc4efff_0001.0001_667f2fc24494158c\btcontrollerpchost.exe] => C:\users\thomas\appdata\local\apps\2.0\egk0r7oc.pjh\tqkkzr61.mkk\btco..tion_565a16168bc4efff_0001.0001_667f2fc24494158c\btcontrollerpchost.exe
FirewallRules: [TCP Query User{9E476EF7-1445-4E59-BAC1-E805CBBDED32}C:\program files (x86)\ultimate control\ucontrol.exe] => C:\program files (x86)\ultimate control\ucontrol.exe
FirewallRules: [UDP Query User{A9533F25-80FD-4604-A5B6-2968EC9BC909}C:\program files (x86)\ultimate control\ucontrol.exe] => C:\program files (x86)\ultimate control\ucontrol.exe
FirewallRules: [{15288E0B-C673-4D66-AEE9-F8B012991ADE}] => C:\Program Files (x86)\IObit\Driver Booster\4.1.0\DriverBooster.exe
FirewallRules: [{A70A4755-73E2-4C4D-BA27-6C60D4C2BA70}] => C:\Program Files (x86)\IObit\Driver Booster\4.1.0\DriverBooster.exe
FirewallRules: [{5BD6A96C-13EB-4105-A7A1-41FB463F9FFF}] => C:\Program Files (x86)\IObit\Driver Booster\4.1.0\DBDownloader.exe
FirewallRules: [{D9BDAE19-A14D-4071-BB25-C79FDD02FEC7}] => C:\Program Files (x86)\IObit\Driver Booster\4.1.0\DBDownloader.exe
FirewallRules: [{70957439-E443-460D-B764-1FEB370AD8C7}] => C:\Program Files (x86)\IObit\Driver Booster\4.1.0\AutoUpdate.exe
FirewallRules: [{51882BCD-3EF2-4597-9180-C52DA7751393}] => C:\Program Files (x86)\IObit\Driver Booster\4.1.0\AutoUpdate.exe
FirewallRules: [{3F018037-585F-488F-A155-8477DAF33F3C}] => C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{E55881C1-E74B-471E-944D-138E6DB2AD67}] => C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
 
==================== Restore Points =========================
 
15-01-2017 19:29:06 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/18/2017 11:08:01 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Facebook Gameroom Browser.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 66492281
 
Error: (01/18/2017 10:47:28 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Facebook Gameroom Browser.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 66492281
 
Error: (01/18/2017 09:10:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Youcam_webcam_camera_video.exe, version: 5.0.5.4523, time stamp: 0x54211057
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x58256ca0
Exception code: 0xc0000005
Fault offset: 0x00045b0e
Faulting process id: 0x1338
Faulting application start time: 0x01d272019f470bd3
Faulting application path: C:\Program Files (x86)\CyberLink\YouCam\Youcam_webcam_camera_video.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: b0fccdd2-7ded-4aca-85c7-add8b5232503
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (01/18/2017 09:06:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.14393.447, time stamp: 0x5819bf85
Faulting module name: twinapi.appcore.dll, version: 10.0.14393.206, time stamp: 0x57daca78
Exception code: 0xc000027b
Fault offset: 0x000000000006d1c4
Faulting process id: 0x14cc
Faulting application start time: 0x01d26f8b6eb247b9
Faulting application path: C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Faulting module path: C:\Windows\System32\twinapi.appcore.dll
Report Id: 7f434462-c3ed-4201-9a8e-e71462e04a11
Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.14393.693_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App
 
Error: (01/17/2017 06:48:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.2.21.0, time stamp: 0x56bd3616
Faulting module name: mbamservice.exe, version: 3.2.21.0, time stamp: 0x56bd3616
Exception code: 0x40000015
Fault offset: 0x000ad2a6
Faulting process id: 0xc48
Faulting application start time: 0x01d26f8b556530a0
Faulting application path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
Faulting module path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
Report Id: 756b068b-c13d-4742-bf48-02ef879bf865
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (01/18/2017 10:31:44 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/18/2017 10:31:44 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/18/2017 10:31:41 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/18/2017 10:30:24 PM) (Source: DCOM) (EventID: 10010) (User: THOMASPMFC3)
Description: The server {D7FD466D-F6CF-4C8E-86DD-12E9B0FDAE48} did not register with DCOM within the required timeout.
 
Error: (01/18/2017 10:30:24 PM) (Source: DCOM) (EventID: 10010) (User: THOMASPMFC3)
Description: The server {D7FD466D-F6CF-4C8E-86DD-12E9B0FDAE48} did not register with DCOM within the required timeout.
 
Error: (01/18/2017 10:30:24 PM) (Source: DCOM) (EventID: 10010) (User: THOMASPMFC3)
Description: The server {D7FD466D-F6CF-4C8E-86DD-12E9B0FDAE48} did not register with DCOM within the required timeout.
 
Error: (01/18/2017 10:30:24 PM) (Source: DCOM) (EventID: 10010) (User: THOMASPMFC3)
Description: The server {D7FD466D-F6CF-4C8E-86DD-12E9B0FDAE48} did not register with DCOM within the required timeout.
 
Error: (01/18/2017 10:30:19 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/18/2017 09:09:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/18/2017 09:09:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
CodeIntegrity:
===================================
  Date: 2017-01-05 11:47:59.671
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-01-04 15:56:12.872
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-01-03 18:33:17.420
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-01-02 15:12:48.638
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-01-01 07:13:39.287
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-12-31 06:49:33.403
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-12-29 11:09:31.706
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-12-28 13:43:14.296
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-12-24 05:49:15.952
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-12-23 07:09:41.199
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4720HQ CPU @ 2.60GHz
Percentage of memory in use: 50%
Total physical RAM: 8122.15 MB
Available physical RAM: 3995.18 MB
Total Virtual: 16314.15 MB
Available Virtual: 10926.59 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:904.02 GB) (Free:609 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:25.66 GB) (Free:18.67 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 5D77DAEA)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#4 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,239 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:07:48 PM

Posted 23 January 2017 - 05:15 PM

Hi thomaspmfc,

 

Thank you for your patience

 

The good news is that nothing particularly malicious was found on your system. There are some things we can do to improve it though, in addition to removing the ZHPDiag detections.

 

---------------------

Torrent Warning!

 

Torrented software often contains malware and other nasties. It's a really effective way of getting infected with malware. Right up the list there, next to deliberately infecting yourself.

 

It's up to you whether you want to run the risk by keeping this software on your machine, but I ask you not to run any torrent transfers until we are finished please.

----------------------

2017-01-04 13:52 - 2017-01-04 13:53 - 27760640 _____ C:\Users\thomas\Downloads\Iobit Advance System Care v5.3.0.246 Pro+Serial Keys.iso

Bleeping Computer does recommend the use of PC Optimizers, Driver Updaters or Registry Cleaners. Please see this excellent post on the subject by Quietman7.

 

Cracked software and "Warez" are also a really effective way of getting infected with malware. Right up the list there, next to deliberately infecting yourself.

 

I highly recommend that you uninstall this program and all of it's features now. Using such programs can cause computer issues, and I speak from personal experience. You are well advised to stay away from these type of programs. They are all "snake oil" as well as being dangerous to the health and performance of your computer.

 

IOBit antivirus uses the BitDefender engine to eliminate malware, if you are happy with the protection you have had you may choose to install BitDefender.

 

If you chose to remove this software...

 

 

  Install an anti-virus solution now.

 

My current picks of the available free solutions are Avira and BitDefender. Though other popular solutions include Sophos and Avast.

 

Make sure you have done this before moving forward.

 

 

i5r8d1.jpg  Please create a new text file located in the same directory as FRST.exe, copy these lines into it and then save it.

CreateRestorePoint:
2016-11-02 21:40 - 2016-11-02 21:40 - 0000057 _____ () C:\ProgramData\Ament.ini
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\mcafee\msc\npMcSnFFPl64.dll [No File]
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll [No File]
U0 aswVmm; no ImagePath
U0 Partizan; system32\drivers\Partizan.sys [X]
2017-01-04 13:52 - 2017-01-04 13:53 - 27760640 _____ C:\Users\thomas\Downloads\Iobit Advance System Care v5.3.0.246 Pro+Serial Keys.iso
Task: {0E307DB1-6710-43E3-91FB-2FB4DB090F44} - \McAfee\McAfee Idle Detection Task -> No File <==== ATTENTION
Task: {ACDE4AC6-C2C9-4E0A-B17B-BA1BF9E41BAD} - \WPD\SqmUpload_S-1-5-21-3191074968-1142232586-2317584735-1001 -> No File <==== ATTENTION
Task: {BBC37815-2852-403B-9EF1-1612CC43DA14} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
AlternateDataStreams: C:\Users\thomas\Cookies:j62b7rZV6grB2mq8cGK4MgEj [2042]
AlternateDataStreams: C:\Users\thomas\AppData\Local\nAW9H1eZUt:Ty5gQ5sg0WT96FRBARxa7I8NnzM [2070]
AlternateDataStreams: C:\Users\thomas\AppData\Local\Temp:{6F005000-2F00-7800-6500-390048002F00} [192]
AlternateDataStreams: C:\Users\thomas\AppData\Local\Temp:{72003900-6600-5400-7400-52004B005100} [664]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814} =>.Superfluous.Orphan
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
C:\Program Files (x86)\Dashlane
C:\Users\thomas\AppData\Local\CrashRpt
C:\Users\thomas\AppData\Local\Tempzxpsign1bf900baace51288
C:\Users\thomas\AppData\Local\Tempzxpsign98e0ffee60819e38
C:\WINDOWS\Prefetch\BROWSERPROTECT.EXE-33864BB1.pf
C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage
C:\Users\thomas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal
File: C:\Windows\SysWOW64\dwm.exe
EmptyTemp:

Do you use either Glary Utilities or Itibiti Soft Phone? If not please add these 2 lines to your text and save it.

Task: {AC606831-FD4A-4C06-9A76-20AA285E5DBA} - System32\Tasks\{C9759327-FD29-4347-B87A-416FA1976BEF} => pcalua.exe -a C:\Users\thomas\Downloads\Programs\Glary\gup5setup.exe -d C:\Users\thomas\Downloads\Programs\Glary
C:\Program Files (x86)\Itibiti Soft Phone
  • Now name that file fixlist.txt
  • Please run FRST
  • Click the "fix" button.
  • Your PC may restart automatically to complete the fix.
  • Please note the removal log.

 

 i5r8d1.jpg  Please run Farbar Recovery Scan Tool again.

  • Click Yes to allow the application
  • Click Scan, wait for the log to appear
  • Copy and paste the results into your next reply.

How did you go? Please include in your reply

  • fixlist.txt
  • new FRST scan logs

John



#5 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,239 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:07:48 PM

Posted 27 January 2017 - 02:23 AM

It's been a few days. Do you still require assistance?



#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,602 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:48 AM

Posted 30 January 2017 - 05:24 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users