Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

im in over my head please help


  • This topic is locked This topic is locked
8 replies to this topic

#1 ninjarig

ninjarig

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:11:44 AM

Posted 22 February 2017 - 05:18 PM

i noticed some unusual and unitiated web traffic from my laptop so i ran a boot scan and found over 350 files infected with the generic lable of vbs malware gen.  i just recently had to wipe and clean install my laptop, i think at least one bug may have followed me over via the autoplay feature of the usb drive.  i defer to you, those more wise than me..

 

im running windows 10 pro

 

here is my frst logs:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-02-2017 01
Ran by Owner (administrator) on FBISURVEILANCEV (22-02-2017 14:49:20)
Running from C:\Users\Owner\Desktop\anti stuff
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidMonitorSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11610.1001.25.0_x64__8wekyb3d8bbwe\WinStore.App.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.7870.57621.0_x64__8wekyb3d8bbwe\onenoteim.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.561\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.561\SZBrowser_crashreporter.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.561\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.561\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.561\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.561\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.561\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.561\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.561\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.561\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.561\SZBrowser.exe
(Microsoft Corporation) C:\Windows\syswow64\cmd.exe
() C:\Program Files\AVAST Software\Avast\AvastNM.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.561\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.561\SZBrowser.exe
(Avast Software) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.561\SZBrowser.exe
(Microsoft Corporation) C:\Windows\syswow64\notepad.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [754984 2016-05-17] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-06] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-02-16] (AVAST Software)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-02-16] (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3d2d3807-1199-4f24-b62e-e095ec36d8fd}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
 
FireFox:
========
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
 
Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [104744 2016-05-17] (Alps Electric Co., Ltd.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7142136 2017-02-16] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-02-16] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [278784 2017-02-16] (AVAST Software)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [319096 2016-06-15] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [309784 2017-02-16] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [189768 2017-02-16] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334600 2017-02-16] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [48528 2017-02-16] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-02-16] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [32088 2017-02-16] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [126088 2017-02-16] (AVAST Software)
R1 aswNetSec; C:\WINDOWS\system32\drivers\aswNetSec.sys [456456 2017-02-16] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [100640 2017-02-16] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [74680 2017-02-16] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [991496 2017-02-16] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [547904 2017-02-16] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [162528 2017-02-16] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [337080 2017-02-16] (AVAST Software)
R3 bcbtums; C:\WINDOWS\system32\DRIVERS\bcbtums.sys [186152 2016-02-17] (Broadcom Corporation.)
R3 bcmsmbsp; C:\WINDOWS\System32\drivers\bcmsmbsp.sys [54048 2015-09-09] (Broadcom Corporation.)
R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [19440 2015-05-08] (OSR Open Systems Resources, Inc.)
S3 dg_ssudbus; C:\WINDOWS\System32\drivers\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [251848 2017-02-21] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NETwNe64; C:\WINDOWS\System32\drivers\NETwew01.sys [3343872 2016-07-16] (Intel Corporation)
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64640 2016-09-05] (QUALCOMM Incorporated)
R3 ST_Accel; C:\WINDOWS\System32\drivers\ST_Accel.sys [146512 2015-07-02] (STMicroelectronics)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-22 14:38 - 2017-02-22 14:38 - 00050632 _____ C:\Users\Owner\Downloads\Addition.txt
2017-02-21 23:39 - 2017-02-21 23:44 - 00000000 ____D C:\ProgramData\SophosClean
2017-02-21 22:07 - 2017-02-16 09:49 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20170221-220701.backup
2017-02-21 22:03 - 2017-02-21 22:03 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-02-21 22:02 - 2017-02-21 22:02 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TouchPad
2017-02-21 21:14 - 2017-02-21 22:05 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-02-21 21:14 - 2017-02-21 22:03 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-02-21 21:14 - 2017-02-21 21:14 - 00001464 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-02-21 21:14 - 2017-02-21 21:14 - 00001452 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2017-02-21 21:14 - 2017-02-21 21:14 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2017-02-21 21:14 - 2017-02-21 21:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-02-21 21:14 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2017-02-21 20:51 - 2017-02-21 20:51 - 00000716 _____ C:\Users\Owner\AppData\Local\recently-used.xbel
2017-02-21 20:28 - 2017-02-21 20:28 - 00002134 _____ C:\Users\Public\Desktop\Samplitude Pro X3 Suite (64-Bit).lnk
2017-02-21 20:10 - 2017-02-21 20:10 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2017-02-21 19:33 - 2017-02-21 20:03 - 00000000 ____D C:\Program Files (x86)\MAGIX Samplitude Music Studio 
2017-02-21 19:16 - 2017-02-21 20:53 - 00000000 ____D C:\Users\Owner\Downloads\IK Multimedia T-RackS CS Complete v4.10
2017-02-21 19:13 - 2017-02-21 19:13 - 00019077 _____ C:\Users\Owner\Downloads\IK.Multimedia.T-RackS.CS.Complete.v4.10.
2017-02-21 16:31 - 2017-02-21 16:31 - 00000000 ____D C:\Users\Owner\Documents\MAGIX_MusicEditor
2017-02-21 16:18 - 2017-02-21 16:18 - 00000000 ____D C:\Users\Owner\Downloads\MAGIX Music Maker 2017 Premium
2017-02-21 16:02 - 2017-02-21 16:13 - 771090283 _____ C:\Users\Owner\Downloads\MAGIX Music Maker 2017 Premium 24.0.2.46 
2017-02-21 15:14 - 2017-02-21 15:15 - 00821040 _____ C:\TDSSKiller.3.1.0.12_21.02.2017_15.14.27_log.txt
2017-02-21 15:10 - 2017-02-21 15:13 - 00262488 _____ C:\TDSSKiller.3.1.0.12_21.02.2017_15.10.26_log.txt
2017-02-21 14:37 - 2017-02-21 14:53 - 00000000 ____D C:\Users\Owner\Downloads\MAGIX Samplitude Music Studio 2014 ISO-TBE
2017-02-21 12:14 - 2017-02-21 12:14 - 00000000 ____D C:\Users\Owner\Downloads\duo-link-update-tool
2017-02-21 12:11 - 2017-02-21 12:22 - 41615639 _____ C:\Users\Owner\Downloads\xvideos.com_1049c8e70088394c4d45b84aa98ddb59-1.mp4
2017-02-21 12:11 - 2017-02-21 12:18 - 23028383 _____ C:\Users\Owner\Downloads\xvideos.com_1c7408378f22d22873848a8b7b673adb-1.mp4
2017-02-21 12:09 - 2017-02-21 12:27 - 71981478 _____ C:\Users\Owner\Downloads\xvideos.com_bfb03413b07f930022173f18477ea108-1.mp4
2017-02-21 06:54 - 2017-02-21 06:54 - 00444134 _____ C:\Users\Owner\Downloads\duo-link-update-tool.zip
2017-02-21 06:39 - 2017-02-21 06:39 - 00379049 _____ C:\Users\Owner\Downloads\WP-Unlock.zip
2017-02-20 23:46 - 2017-02-20 23:46 - 00000554 _____ C:\Users\Owner\Desktop\JRT.txt
2017-02-20 22:14 - 2017-02-20 22:14 - 00000032 _____ C:\Users\Owner\Downloads\autobk.inc
2017-02-20 22:13 - 2017-02-20 22:13 - 01034506 _____ C:\Users\Owner\Downloads\cab1.cab
2017-02-20 22:12 - 2017-02-20 22:12 - 00000784 _____ C:\Users\Owner\Downloads\state.rsm
2017-02-20 22:12 - 2017-02-20 22:12 - 00000784 _____ C:\Users\Owner\Downloads\state (2).rsm
2017-02-20 22:12 - 2017-02-20 22:12 - 00000784 _____ C:\Users\Owner\Downloads\state (1).rsm
2017-02-20 19:53 - 2017-02-20 19:53 - 00000000 ____D C:\Users\Owner\Documents\New folder (2)
2017-02-20 19:53 - 2017-02-20 19:53 - 00000000 ____D C:\Users\Owner\Documents\New folder
2017-02-20 02:33 - 2017-02-20 02:33 - 00000000 ____D C:\Users\Owner\AppData\Local\ESET
2017-02-19 23:40 - 2012-08-29 13:23 - 12708016 _____ (Intel Corporation) C:\WINDOWS\system32\mkl_def.dll
2017-02-19 23:40 - 2012-08-29 13:23 - 12474544 _____ (Intel Corporation) C:\WINDOWS\system32\mkl_core.dll
2017-02-19 23:40 - 2012-08-29 13:23 - 09917616 _____ (Intel Corporation) C:\WINDOWS\system32\mkl_intel_thread.dll
2017-02-19 23:40 - 2012-08-29 13:23 - 00529072 _____ (Intel Corporation) C:\WINDOWS\system32\libiomp5md.dll
2017-02-19 23:40 - 2012-08-29 13:23 - 00499712 _____ (Microsoft Corporation) C:\WINDOWS\msvcp71.dll
2017-02-19 23:40 - 2012-08-29 13:23 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\msvcr71.dll
2017-02-19 23:40 - 2009-08-28 11:54 - 03462320 _____ (Intel Corporation) C:\WINDOWS\system32\mkl_sequential.dll
2017-02-19 23:08 - 2017-02-19 23:08 - 00001274 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\reaper.lnk
2017-02-19 22:50 - 2017-02-19 22:50 - 00000000 ____D C:\Users\Owner\AppData\Local\Zynaptiq
2017-02-19 22:33 - 2017-02-21 19:07 - 00000000 ____D C:\Users\Owner\Documents\MAGIX Downloads
2017-02-19 21:29 - 2017-02-19 21:29 - 20465080 _____ (MAGIX Software GmbH) C:\Users\Owner\Downloads\DD85.tmp
2017-02-19 21:27 - 2017-02-21 20:28 - 00000000 ____D C:\Users\Public\Documents\MAGIX
2017-02-19 21:27 - 2017-02-21 20:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
2017-02-19 21:27 - 2017-02-21 13:10 - 00000000 ____D C:\Program Files\MAGIX
2017-02-19 21:27 - 2017-02-19 21:27 - 00000000 ____D C:\Users\Owner\AppData\Local\Xara
2017-02-19 21:27 - 2017-02-19 21:27 - 00000000 ____D C:\Program Files\Common Files\MAGIX Services
2017-02-19 21:26 - 2017-02-21 20:27 - 00000000 ____D C:\ProgramData\MAGIX
2017-02-19 21:26 - 2017-02-21 20:27 - 00000000 ____D C:\Program Files (x86)\MAGIX
2017-02-19 21:26 - 2017-02-21 19:38 - 00000000 ___RD C:\Users\Owner\Documents\MAGIX
2017-02-19 21:26 - 2017-02-21 19:36 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2017-02-19 21:26 - 2017-02-19 21:26 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-19 18:24 - 2017-02-19 18:27 - 00260604 _____ C:\TDSSKiller.3.1.0.12_19.02.2017_18.24.30_log.txt
2017-02-19 18:20 - 2017-02-19 21:19 - 00000000 ____D C:\Users\Owner\Downloads\MAGIX Samplitude Pro X3 Suite
2017-02-19 18:13 - 2017-02-19 18:13 - 00034784 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2017-02-19 18:06 - 2017-02-19 18:06 - 00007802 _____ C:\tasklist.txt
2017-02-19 17:48 - 2017-02-19 17:48 - 01920725 _____ C:\Users\Owner\Downloads\ProcessExplorer.zip
2017-02-19 14:41 - 2017-02-21 23:46 - 00005126 _____ C:\Users\Owner\Desktop\Rkill.txt
2017-02-19 12:36 - 2017-02-19 12:36 - 00000000 ____D C:\Users\Owner\AppData\Local\ElevatedDiagnostics
2017-02-19 12:32 - 2017-02-19 12:33 - 00000988 _____ C:\Users\Owner\Desktop\Control Panel - Shortcut.lnk
2017-02-18 21:58 - 2017-02-19 00:09 - 02418998 _____ C:\Users\Owner\Desktop\New Bitmap Image.bmp
2017-02-18 19:02 - 2017-02-21 20:43 - 00000000 ____D C:\Users\Owner\AppData\Roaming\vlc
2017-02-18 19:02 - 2017-02-18 19:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2017-02-18 19:02 - 2017-02-18 19:02 - 00000000 ____D C:\Program Files\VideoLAN
2017-02-18 16:05 - 2017-02-19 23:22 - 00000000 ____D C:\Users\Owner\AppData\Roaming\REAPER
2017-02-18 14:07 - 2017-02-18 14:22 - 673828579 _____ C:\Users\Owner\Downloads\MAGIX Samplitude Pro X3 Suite 
2017-02-18 13:46 - 2017-02-21 19:38 - 00000000 ____D C:\Users\Owner\AppData\Roaming\MAGIX
2017-02-18 13:31 - 2017-02-21 21:45 - 54130789 _____ C:\Users\Owner\Downloads\MAGIX Samplitude Music Studio 
2017-02-18 13:14 - 2017-02-18 13:15 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Python-Eggs
2017-02-18 13:06 - 2017-02-18 14:37 - 00000000 ____D C:\Users\Owner\Downloads\icons
2017-02-18 13:05 - 2017-02-18 13:05 - 00049876 _____ C:\Users\Owner\Downloads\Collection 1.zip
2017-02-18 12:37 - 2017-02-20 22:57 - 00111981 _____ C:\Users\Owner\Downloads\skip-to-start.htm
2017-02-18 09:12 - 2017-02-18 09:12 - 00000000 ____D C:\Users\Owner\AppData\Roaming\WinRAR
2017-02-18 05:52 - 2017-02-18 05:52 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-02-18 05:52 - 2017-02-18 05:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-02-18 05:50 - 2017-02-18 09:12 - 00000000 ____D C:\Program Files\WinRAR
2017-02-18 05:48 - 2017-02-18 05:48 - 00000000 ____D C:\Users\Owner\Downloads\WinRAR v5.31 (x86x64) Incl Key [4realtorrentz]
2017-02-17 22:49 - 2017-02-17 22:49 - 03564039 _____ C:\Users\Owner\Downloads\WinRAR
2017-02-17 22:22 - 2017-02-17 22:22 - 00000585 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2017-02-17 22:01 - 2017-02-17 22:01 - 00000000 ____D C:\Users\Owner\Downloads\Autoruns
2017-02-17 22:00 - 2017-02-17 22:00 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Macromedia
2017-02-17 17:31 - 2017-02-17 20:48 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-02-17 17:30 - 2017-02-17 17:30 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-02-17 17:06 - 2017-02-17 17:06 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\AVAST Software
2017-02-17 16:55 - 2017-02-17 20:59 - 00000000 ____D C:\Users\TEMP\AppData\Local\Packages
2017-02-17 16:55 - 2017-02-17 20:59 - 00000000 ____D C:\Users\TEMP
2017-02-17 15:13 - 2017-02-17 15:13 - 52481228 _____ C:\Users\Owner\Downloads\IK Multimedia AmpliTube 4
2017-02-17 15:01 - 2017-02-17 15:02 - 00000000 ____D C:\Users\Owner\AppData\Local\PackageStaging
2017-02-17 13:49 - 2017-02-17 13:49 - 00462174 _____ C:\Users\Owner\Downloads\ASIO4ALL_2_13_English.exe
2017-02-17 13:49 - 2017-02-17 13:49 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2017-02-17 13:49 - 2017-02-17 13:49 - 00000000 ____D C:\Program Files (x86)\ASIO4ALL v2
2017-02-17 13:37 - 2017-02-17 13:37 - 01201256 _____ (Adobe Systems Incorporated) C:\Users\Owner\Downloads\flashplayer24pp_la_install.exe
2017-02-17 13:15 - 2017-02-21 13:43 - 00000032 _____ C:\Users\Owner\AppData\Roaming\msregsvv.dll
2017-02-17 13:15 - 2017-02-21 13:43 - 00000032 _____ C:\ProgramData\autobk.inc
2017-02-17 13:15 - 2017-02-18 20:33 - 00000000 ____D C:\Users\Owner\AppData\Roaming\IK Multimedia
2017-02-17 13:06 - 2017-02-17 13:07 - 00000000 ____D C:\Program Files (x86)\IK Multimedia
2017-02-17 12:52 - 2017-02-19 23:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IK Multimedia
2017-02-17 12:51 - 2017-02-19 23:39 - 00000000 ____D C:\Program Files\VstPlugIns
2017-02-17 12:51 - 2017-02-19 23:39 - 00000000 ____D C:\Program Files\IK Multimedia
2017-02-17 12:51 - 2017-02-19 23:39 - 00000000 ____D C:\Program Files\Common Files\VST3
2017-02-17 12:51 - 2017-02-17 12:51 - 00000000 ____D C:\Program Files\Common Files\Avid
2017-02-17 12:16 - 2017-02-17 12:16 - 00000000 ____D C:\Users\Owner\AppData\Local\Apps\2.0
2017-02-17 11:58 - 2017-02-22 10:52 - 00004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4EB50509-9D2A-471F-B009-DC4B0018AAD9}
2017-02-17 11:28 - 2017-02-17 11:29 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-17 11:28 - 2017-02-17 11:28 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-17 10:50 - 2017-02-17 10:50 - 00000000 ____D C:\Users\Owner\AppData\Local\PeerDistRepub
2017-02-17 10:05 - 2017-02-17 10:05 - 03456262 _____ C:\Users\Owner\Downloads\Microsoft_Security_Intelligence_Report_Volume_13_English.pdf
2017-02-17 09:30 - 2017-02-17 09:30 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-02-17 09:13 - 2017-02-17 09:15 - 00000000 ___RD C:\Users\Owner\Downloads\SampleTank_Custom_Shop_3.6.7
2017-02-17 08:55 - 2017-02-17 08:55 - 00000000 ____D C:\Program Files\Common Files\Propellerhead Software
2017-02-17 08:54 - 2017-02-18 11:41 - 00000000 ____D C:\Program Files\REAPER (x64)
2017-02-17 08:54 - 2017-02-17 08:54 - 00000731 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tor Browser.lnk
2017-02-17 08:35 - 2017-02-17 08:47 - 00000000 ____D C:\Users\Owner\Downloads\IK Multimedia AmpliTube 4
2017-02-17 07:41 - 2017-02-21 20:51 - 00000000 ____D C:\Users\Owner\Downloads\deluge
2017-02-17 07:40 - 2017-02-21 20:01 - 00000000 ____D C:\Users\Owner\AppData\Roaming\deluge
2017-02-17 06:46 - 2017-02-17 07:25 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Apple Computer
2017-02-17 06:46 - 2017-02-17 06:46 - 00000000 ____D C:\Users\Owner\AppData\Local\Apple Computer
2017-02-17 06:46 - 2017-02-17 06:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-02-17 06:46 - 2017-02-17 06:46 - 00000000 ____D C:\ProgramData\Apple Computer
2017-02-17 06:46 - 2017-02-17 06:46 - 00000000 ____D C:\Program Files\iTunes
2017-02-17 06:46 - 2017-02-17 06:46 - 00000000 ____D C:\Program Files\iPod
2017-02-17 06:44 - 2017-02-17 06:44 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-02-17 06:44 - 2017-02-17 06:44 - 00000000 ____D C:\Users\Owner\AppData\Local\Apple
2017-02-17 06:44 - 2017-02-17 06:44 - 00000000 ____D C:\Program Files\Bonjour
2017-02-17 06:44 - 2017-02-17 06:44 - 00000000 ____D C:\Program Files (x86)\Bonjour
2017-02-17 06:44 - 2017-02-17 06:44 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2017-02-17 06:43 - 2017-02-17 06:46 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-02-17 06:43 - 2017-02-17 06:44 - 00000000 ____D C:\ProgramData\Apple
2017-02-17 06:41 - 2017-02-17 06:41 - 00000585 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Downloads.lnk
2017-02-17 06:07 - 2017-02-17 06:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluge
2017-02-17 06:07 - 2017-02-17 06:07 - 00000000 ____D C:\Program Files (x86)\Deluge
2017-02-17 05:46 - 2017-02-17 06:07 - 15955676 _____ (Deluge Team) C:\Users\Owner\Downloads\deluge-1.3.13-win32-py2.7-0.exe
2017-02-17 05:16 - 2017-02-17 05:16 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\49585ADC.sys
2017-02-17 05:15 - 2017-02-17 05:15 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\14015A42.sys
2017-02-17 03:57 - 2017-02-17 03:57 - 00048080 _____ C:\Users\Owner\Documents\cc_20170217_035730.reg
2017-02-17 03:55 - 2017-02-17 04:01 - 00000000 ____D C:\Program Files\CCleaner
2017-02-17 03:55 - 2017-02-17 03:55 - 00002870 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-02-17 03:55 - 2017-02-17 03:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-02-17 03:04 - 2017-02-21 22:02 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-17 03:04 - 2017-02-17 17:31 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-17 03:04 - 2017-02-17 03:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-17 03:04 - 2017-02-17 03:04 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-17 03:04 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-02-17 02:28 - 2017-02-17 02:28 - 00000000 ____D C:\Users\Owner\AppData\Local\AVAST Software
2017-02-17 01:48 - 2017-02-17 01:48 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-02-16 15:07 - 2017-02-16 15:07 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2017-02-16 09:54 - 2017-02-17 03:56 - 00000000 ___DC C:\WINDOWS\Panther
2017-02-16 09:54 - 2017-02-16 09:54 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2017-02-16 09:54 - 2017-02-16 09:54 - 00000000 ____D C:\WINDOWS\Setup
2017-02-16 09:54 - 2017-02-16 09:54 - 00000000 ____D C:\WINDOWS\InfusedApps
2017-02-16 09:54 - 2017-02-16 09:54 - 00000000 ____D C:\Program Files\STMicroelectronics
2017-02-16 09:54 - 2017-02-16 09:54 - 00000000 ____D C:\Program Files\DellTPad
2017-02-16 09:54 - 2017-02-16 08:24 - 00000000 ____D C:\Windows.old
2017-02-16 09:54 - 2017-02-16 07:55 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2017-02-16 09:53 - 2017-02-16 09:53 - 00000000 ____D C:\WINDOWS\OCR
2017-02-16 09:52 - 2017-02-16 09:52 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2017-02-16 09:52 - 2017-02-16 09:52 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2017-02-16 09:52 - 2017-02-16 09:52 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2017-02-16 09:52 - 2017-02-16 09:52 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2017-02-16 09:52 - 2017-02-16 09:52 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2017-02-16 09:52 - 2017-02-16 09:52 - 00000000 ____D C:\WINDOWS\SysWOW64\0409
2017-02-16 09:52 - 2017-02-16 09:52 - 00000000 ____D C:\WINDOWS\system32\winrm
2017-02-16 09:52 - 2017-02-16 09:52 - 00000000 ____D C:\WINDOWS\system32\WCN
2017-02-16 09:52 - 2017-02-16 09:52 - 00000000 ____D C:\WINDOWS\system32\slmgr
2017-02-16 09:52 - 2017-02-16 09:52 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2017-02-16 09:52 - 2017-02-16 09:52 - 00000000 ____D C:\WINDOWS\system32\0409
2017-02-16 09:52 - 2017-02-16 09:52 - 00000000 ____D C:\WINDOWS\DigitalLocker
2017-02-16 09:52 - 2017-02-16 09:52 - 00000000 ____D C:\Program Files\Reference Assemblies
2017-02-16 09:52 - 2017-02-16 09:52 - 00000000 ____D C:\Program Files\MSBuild
2017-02-16 09:52 - 2017-02-16 09:52 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-02-16 09:52 - 2017-02-16 09:52 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-02-16 09:51 - 2017-02-06 13:48 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-02-16 09:51 - 2017-02-06 13:48 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-16 09:50 - 2017-02-22 13:57 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-02-16 09:50 - 2017-02-22 11:55 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-16 09:50 - 2017-02-22 11:55 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-16 09:50 - 2017-02-21 21:49 - 00000000 ____D C:\WINDOWS\Help
2017-02-16 09:50 - 2017-02-21 20:27 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-02-16 09:50 - 2017-02-21 17:53 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-16 09:50 - 2017-02-19 13:43 - 00000000 ____D C:\WINDOWS\rescache
2017-02-16 09:50 - 2017-02-17 16:00 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-02-16 09:50 - 2017-02-17 16:00 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-02-16 09:50 - 2017-02-17 16:00 - 00000000 ___SD C:\WINDOWS\system32\dsc
2017-02-16 09:50 - 2017-02-17 16:00 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2017-02-16 09:50 - 2017-02-17 16:00 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-02-16 09:50 - 2017-02-17 16:00 - 00000000 ___RD C:\Program Files\Windows Defender
2017-02-16 09:50 - 2017-02-17 16:00 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2017-02-16 09:50 - 2017-02-17 16:00 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2017-02-16 09:50 - 2017-02-17 16:00 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-02-16 09:50 - 2017-02-17 16:00 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-02-16 09:50 - 2017-02-17 16:00 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-02-16 09:50 - 2017-02-17 16:00 - 00000000 ____D C:\WINDOWS\system32\setup
2017-02-16 09:50 - 2017-02-17 16:00 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-02-16 09:50 - 2017-02-17 16:00 - 00000000 ____D C:\WINDOWS\system32\migwiz
2017-02-16 09:50 - 2017-02-17 16:00 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-02-16 09:50 - 2017-02-17 16:00 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-02-16 09:50 - 2017-02-17 16:00 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-02-16 09:50 - 2017-02-17 16:00 - 00000000 ____D C:\WINDOWS\Provisioning
2017-02-16 09:50 - 2017-02-17 16:00 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-02-16 09:50 - 2017-02-17 16:00 - 00000000 ____D C:\WINDOWS\bcastdvr
2017-02-16 09:50 - 2017-02-17 16:00 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-02-16 09:50 - 2017-02-17 16:00 - 00000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2017-02-16 09:50 - 2017-02-17 16:00 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-02-16 09:50 - 2017-02-17 16:00 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-02-16 09:50 - 2017-02-17 11:28 - 00015425 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2017-02-16 09:50 - 2017-02-17 04:40 - 00000000 ____D C:\WINDOWS\appcompat
2017-02-16 09:50 - 2017-02-16 09:54 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-02-16 09:50 - 2017-02-16 09:53 - 00000000 ____D C:\WINDOWS\SystemApps
2017-02-16 09:50 - 2017-02-16 09:52 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2017-02-16 09:50 - 2017-02-16 09:52 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2017-02-16 09:50 - 2017-02-16 09:52 - 00000000 ____D C:\WINDOWS\SysWOW64\Com
2017-02-16 09:50 - 2017-02-16 09:52 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2017-02-16 09:50 - 2017-02-16 09:52 - 00000000 ____D C:\WINDOWS\system32\MUI
2017-02-16 09:50 - 2017-02-16 09:52 - 00000000 ____D C:\WINDOWS\system32\Com
2017-02-16 09:50 - 2017-02-16 09:52 - 00000000 ____D C:\WINDOWS\IME
2017-02-16 09:50 - 2017-02-16 09:52 - 00000000 ____D C:\Program Files\Common Files\System
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 __SHD C:\WINDOWS\BitLockerDiscoveryVolumeContents
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 __SHD C:\Program Files\Windows Sidebar
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 __RSD C:\WINDOWS\Media
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ___SD C:\WINDOWS\SysWOW64\Nui
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ___SD C:\WINDOWS\system32\Nui
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ___SD C:\WINDOWS\system32\Configuration
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ___RD C:\WINDOWS\Offline Web Pages
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ____D C:\WINDOWS\Web
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ____D C:\WINDOWS\Vss
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ____D C:\WINDOWS\tracing
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ____D C:\WINDOWS\TAPI
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ____D C:\WINDOWS\SysWOW64\SMI
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ____D C:\WINDOWS\SysWOW64\ras
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ____D C:\WINDOWS\SysWOW64\NDF
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ____D C:\WINDOWS\SysWOW64\MsDtc
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ____D C:\WINDOWS\SysWOW64\icsxml
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ____D C:\WINDOWS\SysWOW64\downlevel
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ____D C:\WINDOWS\SystemResources
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ____D C:\WINDOWS\system32\WinMetadata
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ____D C:\WINDOWS\system32\winevt
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ____D C:\WINDOWS\system32\ras
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ____D C:\WINDOWS\system32\ProximityToast
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ____D C:\WINDOWS\system32\PointOfService
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ____D C:\WINDOWS\system32\MsDtc
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ____D C:\WINDOWS\system32\Ipmi
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ____D C:\WINDOWS\system32\IME
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ____D C:\WINDOWS\system32\icsxml
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ____D C:\WINDOWS\system32\ias
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ____D C:\WINDOWS\system32\GroupPolicyUsers
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ____D C:\WINDOWS\system32\downlevel
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ____D C:\WINDOWS\system32\DDFs
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ____D C:\WINDOWS\system32\config\Journal
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ____D C:\WINDOWS\system32\Bthprops
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ____D C:\WINDOWS\system32\AppLocker
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ____D C:\WINDOWS\System
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ____D C:\WINDOWS\SKB
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ____D C:\WINDOWS\security
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ____D C:\WINDOWS\schemas
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ____D C:\WINDOWS\SchCache
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ____D C:\WINDOWS\Resources
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ____D C:\WINDOWS\RemotePackages
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ____D C:\WINDOWS\Registration
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ____D C:\WINDOWS\PLA
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ____D C:\WINDOWS\Performance
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ____D C:\WINDOWS\ModemLogs
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ____D C:\WINDOWS\L2Schemas
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ____D C:\WINDOWS\InputMethod
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ____D C:\WINDOWS\Globalization
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ____D C:\WINDOWS\GameBarPresenceWriter
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ____D C:\WINDOWS\Cursors
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ____D C:\WINDOWS\Branding
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ____D C:\WINDOWS\addins
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ____D C:\ProgramData\Comms
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ____D C:\Program Files\Windows Portable Devices
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ____D C:\Program Files\Windows NT
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ____D C:\Program Files\Common Files\Services
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ____D C:\Program Files (x86)\Windows NT
2017-02-16 09:50 - 2017-02-16 09:50 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2017-02-16 09:50 - 2017-02-16 09:49 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2017-02-16 09:50 - 2017-02-16 09:49 - 00215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
2017-02-16 09:50 - 2017-02-16 09:49 - 00215943 _____ C:\WINDOWS\system32\dssec.dat
2017-02-16 09:50 - 2017-02-16 09:49 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2017-02-16 09:50 - 2017-02-16 09:49 - 00017463 _____ C:\WINDOWS\system32\Drivers\etc\services
2017-02-16 09:50 - 2017-02-16 09:49 - 00004096 _____ C:\WINDOWS\system32\config\VSMIDK
2017-02-16 09:50 - 2017-02-16 09:49 - 00003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
2017-02-16 09:50 - 2017-02-16 09:49 - 00001358 _____ C:\WINDOWS\system32\Drivers\etc\protocol
2017-02-16 09:50 - 2017-02-16 09:49 - 00000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2017-02-16 09:50 - 2017-02-16 09:49 - 00000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
2017-02-16 09:50 - 2017-02-16 09:49 - 00000741 _____ C:\WINDOWS\system32\NOISE.DAT
2017-02-16 09:50 - 2017-02-16 09:49 - 00000407 _____ C:\WINDOWS\system32\Drivers\etc\networks
2017-02-16 09:50 - 2017-02-16 09:49 - 00000219 _____ C:\WINDOWS\system.ini
2017-02-16 09:50 - 2017-02-16 09:49 - 00000092 _____ C:\WINDOWS\win.ini
2017-02-16 09:50 - 2017-02-16 08:02 - 00000000 __RHD C:\Users\Public\Libraries
2017-02-16 09:50 - 2017-02-16 08:02 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-02-16 09:50 - 2017-02-16 08:01 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-02-16 09:50 - 2017-02-16 07:58 - 00000000 ____D C:\WINDOWS\system32\spool
2017-02-16 09:50 - 2017-02-16 07:58 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2017-02-16 09:50 - 2017-02-16 07:58 - 00000000 ____D C:\WINDOWS\CSC
2017-02-16 09:50 - 2017-02-16 07:57 - 00000000 ___RD C:\WINDOWS\PrintDialog
2017-02-16 09:50 - 2017-02-16 07:57 - 00000000 ___RD C:\WINDOWS\MiracastView
2017-02-16 09:50 - 2017-02-16 07:56 - 00000000 ____D C:\ProgramData\USOPrivate
2017-02-16 09:50 - 2016-06-15 12:32 - 00069120 _____ (Khronos Group) C:\WINDOWS\SysWOW64\opencl.dll
2017-02-16 09:49 - 2017-02-19 18:59 - 00000000 ____D C:\WINDOWS\INF
2017-02-16 09:46 - 2017-02-22 00:04 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-16 09:45 - 2017-02-21 21:26 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-02-16 09:45 - 2017-02-17 16:00 - 00000000 ____D C:\WINDOWS\servicing
2017-02-16 09:45 - 2017-02-17 09:30 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-02-16 09:45 - 2017-02-16 09:50 - 00000000 ____D C:\WINDOWS\system32\SMI
2017-02-16 09:44 - 2017-02-16 09:44 - 00000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-02-16 09:39 - 2017-02-17 09:40 - 00004022 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1487259548
2017-02-16 09:39 - 2017-02-17 09:40 - 00001088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-02-16 09:39 - 2017-02-17 03:59 - 00000000 ____D C:\Users\Owner\AppData\Local\Google
2017-02-16 09:39 - 2017-02-16 09:39 - 00456456 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetSec.sys
2017-02-16 09:39 - 2017-02-16 09:39 - 00001979 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Internet Security.lnk
2017-02-16 09:39 - 2017-02-16 09:37 - 00398408 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2017-02-16 09:38 - 2017-02-17 03:59 - 00000000 ____D C:\Program Files (x86)\Google
2017-02-16 09:38 - 2017-02-16 09:38 - 00032088 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2017-02-16 09:38 - 2017-02-16 09:38 - 00000000 ____D C:\Users\Owner\AppData\Roaming\AVAST Software
2017-02-16 09:38 - 2017-02-16 09:38 - 00000000 ____D C:\Users\Owner\AppData\Local\CEF
2017-02-16 09:37 - 2017-02-18 21:40 - 00004268 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2017-02-16 09:37 - 2017-02-16 09:37 - 00991496 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2017-02-16 09:37 - 2017-02-16 09:37 - 00547904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2017-02-16 09:37 - 2017-02-16 09:37 - 00337080 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2017-02-16 09:37 - 2017-02-16 09:37 - 00162528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2017-02-16 09:37 - 2017-02-16 09:37 - 00126088 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2017-02-16 09:37 - 2017-02-16 09:37 - 00100640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2017-02-16 09:37 - 2017-02-16 09:37 - 00074680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2017-02-16 09:37 - 2017-02-16 09:37 - 00038296 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2017-02-16 09:37 - 2017-02-16 09:37 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2017-02-16 09:37 - 2017-02-16 09:37 - 00000000 ____D C:\Program Files\Common Files\AV
2017-02-16 09:37 - 2017-02-16 09:36 - 00334600 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys
2017-02-16 09:37 - 2017-02-16 09:36 - 00309784 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2017-02-16 09:37 - 2017-02-16 09:36 - 00189768 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2017-02-16 09:37 - 2017-02-16 09:36 - 00048528 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2017-02-16 09:36 - 2017-02-16 17:07 - 00000000 ____D C:\ProgramData\AVAST Software
2017-02-16 09:36 - 2017-02-16 09:38 - 00000000 ____D C:\Program Files\AVAST Software
2017-02-16 09:35 - 2017-02-17 22:08 - 00000000 ____D C:\Users\Owner\AppData\Local\MicrosoftEdge
2017-02-16 08:18 - 2017-02-21 06:54 - 00000000 ____D C:\Users\Owner\AppData\Local\Comms
2017-02-16 08:17 - 2017-02-16 08:17 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Skype
2017-02-16 08:17 - 2017-02-16 08:17 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2017-02-16 08:15 - 2017-02-21 23:45 - 00000000 ____D C:\Users\Owner\AppData\Local\VirtualStore
2017-02-16 08:15 - 2017-02-21 10:51 - 00000000 ____D C:\Users\Owner\AppData\Local\Packages
2017-02-16 08:15 - 2017-02-16 09:45 - 00000000 ____D C:\Users\Owner\AppData\Local\ConnectedDevicesPlatform
2017-02-16 08:15 - 2017-02-16 08:15 - 00000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2017-02-16 08:15 - 2017-02-16 08:15 - 00000020 ___SH C:\Users\Owner\ntuser.ini
2017-02-16 08:15 - 2017-02-16 08:15 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Adobe
2017-02-16 08:15 - 2017-02-16 08:15 - 00000000 ____D C:\Users\Owner\AppData\Local\TileDataLayer
2017-02-16 08:15 - 2017-02-16 08:15 - 00000000 ____D C:\Users\Owner\AppData\Local\Publishers
2017-02-16 08:04 - 2017-02-21 22:09 - 01173892 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-16 08:03 - 2017-02-16 08:03 - 00000000 _SHDL C:\Users\Default\My Documents
2017-02-16 08:03 - 2017-02-16 08:03 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2017-02-16 08:03 - 2017-02-16 08:03 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2017-02-16 08:03 - 2017-02-16 08:03 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2017-02-16 08:03 - 2017-02-16 08:03 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2017-02-16 08:03 - 2017-02-16 08:03 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2017-02-16 08:03 - 2017-02-16 08:03 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2017-02-16 08:03 - 2017-02-16 08:03 - 00000000 _SHDL C:\Users\Default User
2017-02-16 08:03 - 2017-02-16 08:03 - 00000000 _SHDL C:\Users\All Users
2017-02-16 08:02 - 2017-02-16 08:02 - 00009618 _____ C:\Users\Owner\Desktop\Removed Apps.html
2017-02-16 07:58 - 2017-02-17 16:53 - 00000000 ____D C:\Users\Owner
2017-02-16 07:58 - 2017-02-16 07:58 - 00000000 _SHDL C:\Users\Owner\My Documents
2017-02-16 07:58 - 2017-02-16 07:58 - 00000000 _SHDL C:\Users\Owner\Documents\My Videos
2017-02-16 07:58 - 2017-02-16 07:58 - 00000000 _SHDL C:\Users\Owner\Documents\My Pictures
2017-02-16 07:58 - 2017-02-16 07:58 - 00000000 _SHDL C:\Users\Owner\Documents\My Music
2017-02-16 07:57 - 2017-02-16 07:57 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_ST_Accel_01011.Wdf
2017-02-16 07:57 - 2017-02-16 07:57 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Apfiltr_01009.Wdf
2017-02-16 07:57 - 2017-02-16 07:57 - 00000000 ____D C:\Program Files\DIFX
2017-02-16 07:57 - 2016-07-16 05:41 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-02-16 07:57 - 2015-01-09 10:25 - 00023216 _____ (ST Microelectronics) C:\WINDOWS\system32\Drivers\stdcfltn.sys
2017-02-16 07:56 - 2017-02-16 07:56 - 00000000 ____D C:\ProgramData\USOShared
2017-02-16 07:56 - 2017-02-16 07:56 - 00000000 ____D C:\Program Files\Intel
2017-02-16 07:56 - 2016-06-15 12:32 - 00072704 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2017-02-16 07:55 - 2017-02-22 13:54 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-16 07:55 - 2017-02-21 22:02 - 00269720 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-02-16 07:55 - 2017-02-21 22:02 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-16 02:33 - 2017-02-16 02:33 - 01304400 _____ C:\Users\Owner\Downloads\Autoruns.zip
2017-02-16 00:13 - 2017-02-17 03:49 - 00000022 _____ C:\Users\Owner\Downloads\BootCheck.zip
2017-02-15 04:10 - 2017-02-15 04:10 - 11022192 _____ C:\Users\Owner\Desktop\reaper533_x64-install.exe
2017-02-15 04:06 - 2017-02-20 22:13 - 00000000 ____D C:\Users\Owner\Documents\reaper DOCS
2017-02-12 20:22 - 2017-02-12 20:22 - 00000000 ____D C:\RegBackup
2017-02-12 17:34 - 2017-02-12 17:34 - 00075672 _____ C:\Users\Owner\Documents\cc_20170212_173413.reg
2017-02-12 17:22 - 2017-02-12 17:22 - 00000420 _____ C:\Users\Owner\This PC - Shortcut.lnk
2017-02-12 12:58 - 2017-02-12 12:58 - 00000000 ____D C:\Users\Owner\Downloads\SampleTank_Custom_Shop_Sound_Library_Update_3.6
2017-02-12 12:48 - 2017-02-12 12:48 - 01278190 _____ C:\Users\Owner\Downloads\blutooth keyoard manua.pdf
2017-02-12 12:47 - 2017-02-12 12:47 - 00201196 _____ C:\Users\Owner\Downloads\FCCID.io-2725659.pdf
2017-02-12 08:12 - 2017-02-22 14:49 - 00000000 ____D C:\FRST
2017-02-12 05:50 - 2017-02-22 14:49 - 00000000 ____D C:\Users\Owner\Desktop\anti stuff
2017-02-12 04:29 - 2017-02-12 04:32 - 00270260 _____ C:\TDSSKiller.3.1.0.12_12.02.2017_04.29.13_log.txt
2017-02-12 00:01 - 2017-02-12 00:01 - 01278190 _____ C:\Users\Owner\Downloads\BLUETOOTH KEYBOARD.txt
2017-02-11 21:45 - 2017-02-11 21:45 - 00000000 ____D C:\Users\Owner\Downloads\SampleTank_Custom_Shop_Sound_Content
2017-02-11 21:27 - 2017-02-11 21:27 - 00000000 ____D C:\Users\Public\Documents\IK Multimedia
2017-02-10 21:54 - 2017-02-10 23:03 - 107716134 _____ C:\Users\Owner\Downloads\xvideos.com_526b2ee28e64a38bb9ed79c4d36beffa.mp4
2017-02-09 20:40 - 2017-02-09 20:40 - 00000000 ____D C:\Users\Owner\Documents\anything
2017-02-09 19:59 - 2017-02-09 19:59 - 00051398 _____ C:\Users\Owner\Documents\cc_20170209_195926.reg
2017-02-09 19:38 - 2017-02-09 19:39 - 47683808 _____ (Microsoft Corporation) C:\Users\Owner\Documents\Windows-KB890830-x64-V5.44.exe
2017-02-09 19:36 - 2017-02-09 19:41 - 1326793054 _____ C:\Users\Owner\Downloads\SampleTank_Custom_Shop_Sound_Content.zip
2017-02-09 19:36 - 2017-02-09 19:38 - 178018570 _____ C:\Users\Owner\Downloads\SampleTank_Custom_Shop_Sound_Library_Update_3.6.zip
2017-02-09 19:32 - 2017-02-09 19:33 - 445235318 _____ C:\Users\Owner\Downloads\SampleTank_Custom_Shop_3.6.7.zip
2017-02-09 18:49 - 2017-02-09 18:49 - 00007787 _____ C:\Users\Owner\Downloads\Anger EG PERCUSSIVE-
2017-02-07 23:49 - 2017-02-09 10:41 - 00000000 ____D C:\Users\Owner\Documents\scratch
2017-02-07 21:42 - 2016-05-25 14:31 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-02-07 21:42 - 2016-05-25 14:31 - 00124624 ____N (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-02-07 21:42 - 2016-05-25 14:31 - 00035480 ____N (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-02-07 21:42 - 2016-05-25 11:03 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2017-02-07 21:42 - 2016-05-25 11:03 - 00103120 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-02-07 21:42 - 2016-05-25 11:03 - 00035480 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2017-02-07 10:52 - 2017-02-07 10:52 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Owner\Documents\rkill.exe
2017-02-07 08:27 - 2017-02-07 08:27 - 00014986 _____ C:\Users\Owner\Documents\cc_20170207_082739.reg
2017-02-06 18:47 - 2017-02-07 11:03 - 32854184 _____ (Tweaking.com) C:\Users\Owner\Documents\tweaking.com_windows_repair_aio_setup.exe
2017-02-06 18:45 - 2017-02-19 17:39 - 00000000 ____D C:\AdwCleaner
2017-02-06 18:35 - 2017-02-06 18:45 - 04015056 _____ C:\Users\Owner\Documents\AdwCleaner.exe
2017-02-06 00:24 - 2017-02-06 00:24 - 00065823 _____ C:\Users\Owner\Downloads\Pantera - 10S (guitar pro).gp5
2017-02-05 14:12 - 2017-02-05 14:12 - 00068910 _____ C:\Users\Owner\Downloads\Tool - Third Eye (power tab).ptb
2017-02-04 04:56 - 2017-02-04 04:56 - 00000000 ____D C:\Users\Owner\Documents\idk
2017-02-04 04:09 - 2017-02-04 04:09 - 00211904 _____ C:\Users\Owner\Documents\SP_Compressor_manual.pdf
2017-02-03 22:30 - 2017-02-03 22:30 - 00000000 ____D C:\Users\Owner\Documents\REAPER Media
2017-02-01 00:29 - 2017-02-02 04:22 - 00000000 ____D C:\Users\Owner\Documents\bbb
2017-01-31 21:17 - 2017-01-31 21:17 - 00006498 _____ C:\Users\Owner\Downloads\Pantera_Walk_II_Intro-Drop-D_0dB.atxp
2017-01-31 21:17 - 2017-01-31 21:17 - 00006498 _____ C:\Users\Owner\Downloads\Pantera_Walk_II_Intro-Drop-D_0dB (1).atxp
2017-01-31 21:17 - 2017-01-31 21:17 - 00005733 _____ C:\Users\Owner\Downloads\Boosted RG100ES-Tube Power.atxp
2017-01-31 21:17 - 2017-01-31 21:17 - 00005733 _____ C:\Users\Owner\Downloads\Boosted RG100ES-Tube Power (1).atxp
2017-01-30 20:45 - 2017-01-30 20:46 - 00000010 _____ C:\Users\Owner\Documents\homesharing password.txt
2017-01-28 03:00 - 2017-02-17 13:06 - 00000000 ____D C:\Users\Owner\Documents\IK Multimedia
2017-01-26 19:14 - 2017-02-08 01:05 - 00000000 ____D C:\Users\Owner\Documents\Native Instruments
2017-01-25 17:08 - 2017-01-25 17:08 - 00000000 ____D C:\Users\Owner\Downloads\star_wars_reloaded_by_claudiux88-d3frxcm
2017-01-25 16:58 - 2017-01-25 16:58 - 00000000 ____D C:\Users\Owner\Downloads\star_wars_imperial_cursor_set_by_cygnicantus-dal0vfo
2017-01-25 15:47 - 2017-01-25 15:47 - 00000000 _____ C:\Users\Owner\Desktop\Touring Personal Peter Brad Green[16].xls
2017-01-25 15:45 - 2017-01-25 15:45 - 00000000 _____ C:\Users\Owner\Desktop\Touring Personal Peter Brad Green[16].xlsx.xls
2017-01-25 10:56 - 2017-01-25 10:58 - 00000000 ____D C:\Users\Owner\Downloads\SlimSansSerif-Bold
2017-01-24 22:38 - 2017-02-17 06:06 - 00000000 ____D C:\Users\Owner\Downloads\TriblerDownloads
2017-01-24 07:19 - 2017-01-26 00:23 - 00000000 ____D C:\Users\Owner\Documents\theory
2017-01-23 19:08 - 2017-01-23 19:08 - 00000000 ____D C:\Users\Owner\Desktop\Tor Browser
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-02-21 22:02 - 2016-10-04 17:06 - 00000000 __SHD C:\Users\Owner\IntelGraphicsProfiles
2017-02-21 21:12 - 2017-01-22 04:57 - 00000000 ___RD C:\Users\Owner\iCloudDrive
2017-02-17 16:55 - 2016-10-04 16:46 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-02-16 20:47 - 2016-10-04 16:47 - 00000000 ___RD C:\Users\Owner\OneDrive
2017-02-16 09:48 - 2016-07-16 00:04 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-02-16 09:47 - 2016-07-16 00:04 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-02-16 09:45 - 2016-12-30 23:27 - 00000000 ____D C:\Windows.old(1)
2017-02-07 21:49 - 2016-10-04 16:49 - 00000000 ____D C:\Intel
 
==================== Files in the root of some directories =======
 
2017-02-17 13:15 - 2017-02-21 13:43 - 0000032 _____ () C:\Users\Owner\AppData\Roaming\msregsvv.dll
2017-02-21 20:51 - 2017-02-21 20:51 - 0000716 _____ () C:\Users\Owner\AppData\Local\recently-used.xbel
2017-02-17 13:15 - 2017-02-21 13:43 - 0000032 _____ () C:\ProgramData\autobk.inc
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-02-16 07:55
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-02-2017 01
Ran by Owner (22-02-2017 14:49:44)
Running from C:\Users\Owner\Desktop\anti stuff
Windows 10 Pro Version 1607 (X64) (2017-02-16 14:03:08)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1742536433-1387649883-3529769592-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1742536433-1387649883-3529769592-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-1742536433-1387649883-3529769592-1000 - Limited - Enabled)
Guest (S-1-5-21-1742536433-1387649883-3529769592-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1742536433-1387649883-3529769592-1003 - Limited - Enabled)
Owner (S-1-5-21-1742536433-1387649883-3529769592-1001 - Administrator - Enabled) => C:\Users\Owner
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
AmpliTube 4 version 4.0.2 (HKLM\...\{21B0C8E0-7EB7-4832-B764-20A7DAE86E02}_is1) (Version: 4.0.2 - IK Multimedia)
Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.13 - Michael Tippach)
Avast Internet Security (HKLM-x32\...\Avast Antivirus) (Version: 17.1.2286 - AVAST Software)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.27 - Piriform)
Custom Shop version 1.7.0 (HKLM-x32\...\{21BAD046-50EC-49E2-BE7B-F9729704F2C3}_is1) (Version: 1.7.0 - IK Multimedia)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 10.1207.101.113 - ALPS ELECTRIC CO., LTD.)
Deluge 1.3.13 (HKLM-x32\...\Deluge) (Version:  - )
IK Multimedia Authorization Manager version 1.0.16 (HKLM\...\{85BC0DCB-69E5-4279-AA25-F108EF896588}_is1) (Version: 1.0.16 - IK Multimedia)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
MAGIX Common Components 1 (x64) (HKLM\...\{F2C951C1-A0BF-4AEE-96DC-0BAE9282BACD}) (Version: 1.3.0.0 - MAGIX Software GmbH)
MAGIX Content and Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Music Maker 2017 Premium Update (Version: 24.0.2.46 - MAGIX Software GmbH) Hidden
MAGIX Music Maker Live add-on Soundpools (Version: 24.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Music Maker Live Pads (Version: 24.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Music Maker Premium (Demo songs) (HKLM-x32\...\MX.{9D590606-780F-41C7-9CEA-E56F1754BB52}) (Version: 24.0.0.0 - MAGIX Software GmbH)
MAGIX Music Maker Premium (Demo songs) (Version: 24.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Music Maker Premium (HKLM-x32\...\MX.{7C0E97DB-B7FF-4248-BA47-4718D1D104A6}) (Version: 24.0.1.34 - MAGIX Software GmbH)
MAGIX Music Maker Premium (Synthesizer and effects) (HKLM-x32\...\MX.{2113E441-FF4F-46D0-8440-3080BA6D4DE8}) (Version: 24.0.0.0 - MAGIX Software GmbH)
MAGIX Music Maker Premium (Synthesizer and effects) (Version: 24.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Music Maker Premium (Version: 24.0.1.34 - MAGIX Software GmbH) Hidden
MAGIX Music Maker Premium (Visuals) (HKLM-x32\...\MX.{1864BD0D-717B-4B1E-891C-124361319786}) (Version: 24.0.0.0 - MAGIX Software GmbH)
MAGIX Music Maker Premium (Visuals) (Version: 24.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Music Maker Premium add-on Soundpools (Version: 24.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Music Maker Standard Soundpools (Version: 24.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Speed burnR (HKLM-x32\...\MX.{5B14DB3E-8E09-4D05-84CB-EAB198A5E0BE}) (Version: 7.0.1.27 - MAGIX Software GmbH)
MAGIX Speed burnR (Version: 7.0.1.27 - MAGIX Software GmbH) Hidden
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
REAPER (x64) (HKLM\...\REAPER) (Version:  - )
SafeZone Stable 3.55.2393.561 (x32 Version: 3.55.2393.561 - Avast Software) Hidden
SampleTank 3 version 3.6.7 (HKLM\...\{4A5CE684-33A5-4EE6-AB22-4B92D92D37D8}_is1) (Version: 3.6.7 - IK Multimedia)
Samplitude Pro X3 Suite (HKLM\...\MX.{C3EE792D-A7B0-456B-B3F4-849E74725DD9}) (Version: 14.0.0.16 - MAGIX Software GmbH)
Samplitude Pro X3 Suite (Version: 14.0.0.16 - MAGIX Software GmbH) Hidden
Samplitude Pro X3 Suite Update (Version: 14.0.1.35 - MAGIX Software GmbH) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
Vita 2 (Version: 2.4.0.79 - MAGIX Software GmbH) Hidden
Vita 2 add-on content (Version: 2.4.0.79 - MAGIX Software GmbH) Hidden
Vita Choir (Version: 2.4.0.79 - MAGIX Software GmbH) Hidden
Vita Church Organ (Version: 2.4.0.79 - MAGIX Software GmbH) Hidden
Vita Cinematic Soundscapes (Version: 2.4.0.79 - MAGIX Software GmbH) Hidden
Vita Concert Grand (Version: 2.4.0.79 - MAGIX Software GmbH) Hidden
Vita Drum Engine (Version: 2.4.0.79 - MAGIX Software GmbH) Hidden
Vita Jazz Drums (Version: 2.4.0.79 - MAGIX Software GmbH) Hidden
Vita Lead Synth (Version: 2.4.0.79 - MAGIX Software GmbH) Hidden
Vita Pop Drums (Version: 2.4.0.79 - MAGIX Software GmbH) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1742536433-1387649883-3529769592-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0B46AED5-2680-434E-ADC6-3023C9CFD5F5} - System32\Tasks\SafeZone scheduled Autoupdate 1487259548 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-02-15] (Avast Software)
Task: {0EE5398F-4854-4DB2-804F-22FC5BE5F7C8} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {14646644-6C3E-4177-92CD-98894E926BD2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {1F2117EF-389A-4763-B913-E2801EAB0B40} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {2FE66FC8-EE94-4641-8D8E-F1D5004EA0A0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-02-07] (Piriform Ltd)
Task: {3DF5F14D-5E1B-40B1-8727-4E027B4ABE15} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {6F3ED132-D41E-4C55-865F-3AD49DD23F5C} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-02-16] (AVAST Software)
Task: {BBEB7337-DCE2-45F7-B4C9-2579A4EF1B23} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {C609F703-1743-4C7A-9AD9-33017A4E42CD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {E6188125-7E7A-4A26-B95D-FE9C23999097} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {F5B2072F-5E4C-4FE8-A751-44FFFF66054D} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-02-16] (AVAST Software)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 05:42 - 2016-07-16 05:42 - 00231424 ____N () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-15 17:31 - 2016-12-09 04:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-02-17 03:04 - 2017-01-20 07:47 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2016-12-15 17:31 - 2016-12-09 04:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-10-05 05:43 - 2016-09-06 22:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-11 11:29 - 2016-12-21 01:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-11 11:28 - 2016-12-21 00:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-11 11:28 - 2016-12-21 00:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-11 11:28 - 2016-12-21 00:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-11 11:28 - 2016-12-21 00:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-11 11:28 - 2016-12-21 00:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-11 11:29 - 2016-12-21 00:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-02-17 04:01 - 2017-02-17 04:01 - 00054488 _____ () C:\Program Files\CCleaner\branding.dll
2017-02-16 15:02 - 2017-02-16 15:02 - 00019456 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-02-16 15:02 - 2017-02-16 15:02 - 20433408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-02-16 15:02 - 2017-02-16 15:02 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2017-02-16 15:02 - 2017-02-16 15:02 - 01046528 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2017-02-16 15:02 - 2017-02-16 15:02 - 00353792 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\Photos.Inking.dll
2016-07-16 08:37 - 2016-07-16 08:37 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2017-02-16 14:59 - 2017-02-16 14:59 - 01369288 _____ () C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.7870.57621.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2017-02-22 11:55 - 2017-02-22 11:55 - 13326536 _____ () C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.7870.57621.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Core.dll
2017-02-16 09:38 - 2017-02-16 09:38 - 00440416 _____ () C:\Program Files\AVAST Software\Avast\AvastNM.exe
2017-02-21 21:14 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2017-02-21 21:14 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2017-02-21 21:14 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2017-02-21 21:14 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2017-02-21 21:14 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2017-02-16 09:37 - 2017-02-16 09:37 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-02-16 09:37 - 2017-02-16 09:37 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-02-16 09:36 - 2017-02-16 09:36 - 00289328 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-02-16 09:37 - 2017-02-16 09:37 - 00655056 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-02-17 09:40 - 2017-02-15 08:10 - 68866592 _____ () C:\Program Files\AVAST Software\SZBrowser\3.55.2393.561\SZBrowser.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\62551202.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\62551202.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7931 more sites.
 
IE restricted site: HKU\S-1-5-21-1742536433-1387649883-3529769592-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1742536433-1387649883-3529769592-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1742536433-1387649883-3529769592-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1742536433-1387649883-3529769592-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1742536433-1387649883-3529769592-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1742536433-1387649883-3529769592-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1742536433-1387649883-3529769592-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1742536433-1387649883-3529769592-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1742536433-1387649883-3529769592-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1742536433-1387649883-3529769592-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1742536433-1387649883-3529769592-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1742536433-1387649883-3529769592-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1742536433-1387649883-3529769592-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1742536433-1387649883-3529769592-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1742536433-1387649883-3529769592-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1742536433-1387649883-3529769592-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1742536433-1387649883-3529769592-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1742536433-1387649883-3529769592-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1742536433-1387649883-3529769592-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1742536433-1387649883-3529769592-1001\...\123simsen.com -> www.123simsen.com
 
There are 7931 more sites.
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-02-16 09:50 - 2017-02-21 22:07 - 00454232 ___RA C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
 
There are 15588 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1742536433-1387649883-3529769592-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{C454D253-CC96-42D4-8311-AF7A22EE04BC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4BD9B513-A7DA-407E-8093-D4DF2BC72504}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{04EA522E-3780-4BFA-A3BD-098808455C30}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A11A4314-CF73-48AF-AB24-5F1645EDD6E0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AB06D53A-73A1-4E09-B4C4-72A2B5F74127}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{1A4E9DC5-9581-44FD-96A8-7D99063E40CA}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.561\SZBrowser.exe
FirewallRules: [{5CEF6C5D-5E68-45AC-8F62-53ACFCFA7A0A}] => (Allow) C:\Program Files (x86)\MAGIX\Music Maker Premium\2017\MusicMaker.exe
FirewallRules: [{02D5D2CB-91A4-4558-B454-EE627FB32C6F}] => (Allow) C:\Program Files\MAGIX\Samplitude Pro X3 Suite\Sam.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Restore Points =========================
 
17-02-2017 01:33:12 backu[
19-02-2017 21:26:37 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
20-02-2017 23:44:44 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/21/2017 09:01:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program WinRAR.exe version 5.31.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 2f4
 
Start Time: 01d28cb7de55b4fa
 
Termination Time: 27
 
Application Path: C:\Program Files\WinRAR\WinRAR.exe
 
Report Id: 31c1a869-f8ab-11e6-b3ce-b00594f82904
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (02/21/2017 02:27:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MusicStudio_x64.exe, version: 23.0.0.10, time stamp: 0x57b415c9
Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f83ff
Exception code: 0xc0000409
Fault offset: 0x0000000000074a30
Faulting process id: 0xd18
Faulting application start time: 0x01d28c772dca4aa8
Faulting application path: C:\Program Files\MAGIX\Samplitude Music Studio\2017\MusicStudio_x64.exe
Faulting module path: C:\WINDOWS\SYSTEM32\MSVCR120.dll
Report Id: 1279b678-9378-4c75-a8c6-b1b57031f84d
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (02/21/2017 12:25:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mbam.exe version 3.0.0.912 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 20b0
 
Start Time: 01d28c6f82e701e6
 
Termination Time: 50
 
Application Path: C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
 
Report Id: 1b16dff4-f863-11e6-b3cd-b00594f82904
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (02/21/2017 11:13:48 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program kodi.exe version 17.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 1574
 
Start Time: 01d28c63cba5daf9
 
Termination Time: 58
 
Application Path: C:\Program Files\WindowsApps\XBMCFoundation.Kodi_17.0.0.0_x86__4n2hpmxwrvr6p\kodi.exe
 
Report Id: 11fbd54f-f859-11e6-b3cd-b00594f82904
 
Faulting package full name: XBMCFoundation.Kodi_17.0.0.0_x86__4n2hpmxwrvr6p
 
Faulting package-relative application ID: Kodi
 
Error: (02/20/2017 11:44:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (02/20/2017 07:51:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AmpliTube 4.exe, version: 4.0.2.0, time stamp: 0x5641c363
Faulting module name: AmpliTube 4.exe, version: 4.0.2.0, time stamp: 0x5641c363
Exception code: 0xc0000005
Fault offset: 0x00000000000cc8ad
Faulting process id: 0x2698
Faulting application start time: 0x01d28bd7ef482333
Faulting application path: C:\Program Files\IK Multimedia\AmpliTube 4\AmpliTube 4.exe
Faulting module path: C:\Program Files\IK Multimedia\AmpliTube 4\AmpliTube 4.exe
Report Id: 8beea837-0e67-4174-ac9c-5eab551f657b
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (02/20/2017 10:00:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4734
 
Error: (02/20/2017 10:00:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4734
 
Error: (02/20/2017 10:00:57 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (02/20/2017 01:39:48 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 10.0.14393.479 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 1028
 
Start Time: 01d28b16d7ac670e
 
Termination Time: 0
 
Application Path: C:\Windows\explorer.exe
 
Report Id: bb90f420-f73f-11e6-b3cc-b00594f82904
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (02/22/2017 01:43:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/22/2017 12:38:52 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/21/2017 11:17:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/21/2017 10:02:20 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/21/2017 10:02:18 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/21/2017 10:02:18 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/21/2017 10:02:10 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
 
Error: (02/21/2017 09:26:04 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Tile Data model server service terminated with the following error: 
%%2147943515 = A system shutdown is in progress.
 
Error: (02/21/2017 09:26:00 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (02/21/2017 08:52:14 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.
 
 Code: 8 0x0 0x0
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3340M CPU @ 2.70GHz
Percentage of memory in use: 41%
Total physical RAM: 8097.59 MB
Available physical RAM: 4761.84 MB
Total Virtual: 9377.59 MB
Available Virtual: 5729.54 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:237.98 GB) (Free:46.25 GB) NTFS
Drive d: (DUO-LINK) (Removable) (Total:14.92 GB) (Free:11.1 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: E93953C0)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 14.9 GB) (Disk ID: A1C57FEB)
Partition 1: (Not Active) - (Size=14.9 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

Edited by hamluis, 22 February 2017 - 05:23 PM.


BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:44 PM

Posted 22 February 2017 - 06:23 PM

:welcome: to BleepingComputer.

Hi there,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / music / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


Perhaps this are false alarms from your AV.


ESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.
Open the scan log and copy and paste the content to your next reply.
 

***


How the computer is running now?


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 ninjarig

ninjarig
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:11:44 AM

Posted 22 February 2017 - 07:27 PM

thank you for helping me jo.  
 
 
 
C:\Users\Owner\Documents\reaper DOCS\ccsetup527.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting
C:\Users\Owner\iCloudDrive\ccsetup526.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting
C:\Windows.old\Users\Owner\AppData\Local\Apple Inc\iCloudDrive\Staging\fe9dee24-047e-4d0b-b638-f78c10706001.bin Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting
 
 
thats all it found.  


#4 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:44 PM

Posted 23 February 2017 - 03:46 AM

Hello again,

you can visit AVAST Forums and see that there is a problem with false postitive detections (false alarms).

All we can do here are two more scans, that should show us, that your pc is clean.

:step1: Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 5 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7/8/10 users need to right click and choose Run as Administrator
You only need to get one of them to run, not all of them.Do not reboot your computer after running rkill as the malware programs will start again.


---


:step2: Malwarebytes' Anti-Malware
If this program is already installed: Skip the installation and run only the scan!
Download and install: Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
How to get logs: (Export log to save as txt)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.
(Copy to clipboard for pasting into forum replies or tickets)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

---


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 ninjarig

ninjarig
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:11:44 AM

Posted 23 February 2017 - 07:55 PM

Rkill 2.8.4 by Lawrence Abrams (Grinler)
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 02/23/2017 06:44:18 PM in x64 mode.
Windows Version: Windows 10 Pro 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * agp440 [Missing Service]
 * gagp30kx [Missing Service]
 * IEEtwCollectorService [Missing Service]
 * IoQos [Missing Service]
 * nv_agp [Missing Service]
 * TimeBroker [Missing Service]
 * uagp35 [Missing Service]
 * uliagpkx [Missing Service]
 * WcsPlugInService [Missing Service]
 * WMPNetworkSvc [Missing Service]
 * workfolderssvc [Missing Service]
 * wpcfltr [Missing Service]
 * WSService [Missing Service]
 
 * AJRouter => %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted [Incorrect ImagePath]
 * WpnService => %systemroot%\system32\svchost.exe -k netsvcs [Incorrect ImagePath]
 
 * vmicrdv => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]
 * vmicvss => %SystemRoot%\System32\icsvcext.dll [Incorrect ServiceDLL]
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * Cannot edit the HOSTS file.
 * Permissions Fixed. Administrators can now edit the HOSTS file.
 
 * HOSTS file entries found: 
 
  127.0.0.1 www.007guard.com
  127.0.0.1 007guard.com
  127.0.0.1 008i.com
  127.0.0.1 www.008k.com
  127.0.0.1 008k.com
  127.0.0.1 www.00hq.com
  127.0.0.1 00hq.com
  127.0.0.1 010402.com
  127.0.0.1 www.032439.com
  127.0.0.1 032439.com
  127.0.0.1 www.0scan.com
  127.0.0.1 0scan.com
  127.0.0.1 1000gratisproben.com
  127.0.0.1 www.1000gratisproben.com
  127.0.0.1 1001namen.com
  127.0.0.1 www.1001namen.com
  127.0.0.1 100888290cs.com
  127.0.0.1 www.100888290cs.com
  127.0.0.1 www.100sexlinks.com
  127.0.0.1 100sexlinks.com
 
  20 out of 15619 HOSTS entries shown.
  Please review HOSTS file for further entries.
 
Program finished at: 02/23/2017 06:44:27 PM
Execution time: 0 hours(s), 0 minute(s), and 9 seconds(s)Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 2/23/17
Scan Time: 6:46 PM
Logfile: 
Administrator: Yes
 
-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.50
Update Package Version: 1.0.1337
License: Free
 
-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: FBISURVEILANCEV\Owner
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 398328
Time Elapsed: 7 min, 16 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 2
PUP.Optional.ASK.Gen, C:\USERS\OWNER\APPDATA\LOCAL\TEMP\APN-Stub, Delete-on-Reboot, [15011], [181296],1.0.1337
PUP.Optional.ASK, C:\USERS\OWNER\APPDATA\LOCAL\TEMP\APNLOGS, Delete-on-Reboot, [647], [184754],1.0.1337
 
File: 3
PUP.Optional.ASK.Gen, C:\Users\Owner\AppData\Local\Temp\APN-Stub\Stb54321d1a-2ea4-4dae-a3c3-977b76331021.log, Delete-on-Reboot, [15011], [181296],1.0.1337
PUP.Optional.ASK.Gen, C:\Users\Owner\AppData\Local\Temp\APN-Stub\Stbbb0baa4f-177d-489e-a564-296555868933.log, Delete-on-Reboot, [15011], [181296],1.0.1337
PUP.Optional.ASK, C:\USERS\OWNER\APPDATA\LOCAL\TEMP\APNLOGS\IC.LOG, Delete-on-Reboot, [647], [184754],1.0.1337
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)


#6 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:44 PM

Posted 24 February 2017 - 03:41 AM

***


It Appears That Your Pc Is Clean!

***


Clean up:

***


Clean up with delfix:
  • please download delfix to your desktop.
  • Close all other programms and start delfix.
  • Please check all the boxes and run the tool.
  • delfix will now delete all found traces of our removal process

***


Delete the log files our tools created; they are located at your desktop or at the
"c:\users\{.......}\Downloads" folder.
Highlight them, and press the del or delete key on the keyboard.
You can browse to the location of the file or folder using either My Computer or Windows Explorer.

===================================

Here are some Preventive tips to reduce the potential for spyware infection in the future

:step1: Make sure you keep your Windows OS current.
  • Windows XP users can visit Windows update regularly to download and install any critical updates and service packs.
  • Windows Vista / 7 / 8 users can update via
    Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane).
:step2: Avoid P2P
  • If you think you're using a "safe" P2P program, only the program is safe, not the data.
  • You will share files from unsafe sources, and these may be infected.
  • Some bad guys use P2P filesharing as an important chanel to spread their wares.
:step3: Use only one anti-virus software and keep it up-to-date.

:step4: Firewall
Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

:step5: Backup regularly
You never know when your PC will become unstable or become so infected that you can't recover it.

:step6: Use Strong passwords!

:step7: Email attachments
Do not open any unknown email attachments, which you received without asking for it!


Extra note:
Keep your Browser, Java, pdf Reader and Adobe Flash Up to Date.
And you could install Malwarebytes Anti-Exploit to run alongside your traditional anti-virus or anti-malware products.

Make sure your programs are up to date - because older versions may contain Security Leaks.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#7 ninjarig

ninjarig
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:11:44 AM

Posted 24 February 2017 - 03:08 PM

thats awesome jo, thank you so very much. 

 

 

when i click on the link for you clean up tool it says the link is invalid.,,,,



#8 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:44 PM

Posted 24 February 2017 - 03:35 PM

sorry,

try this link https://www.bleepingcomputer.com/download/delfix/

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#9 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:44 PM

Posted 26 February 2017 - 06:39 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users