Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Farbar Recovery Log (Please Check)


  • This topic is locked This topic is locked
14 replies to this topic

#1 Badrobo125

Badrobo125

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 23 April 2017 - 11:57 PM

I will explain my dilemma completely. I believe that my computer is hacked in some aspects. First of all, I am unable to remove my computer from the homegroup. Secondly, the PNRP Machine Name Publication Service is unable to start. When I tried to start the service via the properties of Services, it said: Error 1048, The dependency group failed to start. In addition, when I attempted to enable it via the cmd, it resulted in an error and said: System error 2049 has occured. The system cannot find the message text for message number 0x801 in the message file for BASE. I'm not sure but I believe this has something to do with it. Also, I think netsh can be somehow used in this process to solve this complication. One more thing,Lastly, there are a few files in the temp that don't allow me to delete them because they are "open in another process". Also when I try to view these files' security properties, the window becomes unresponsive and ceases to function. Nonetheless, I have also ran a Farbar Recovery Scan, but don't exactly know how to interpret it. Here it is:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-04-2017 01
Ran by Burn (administrator) on BURN-HP (24-04-2017 00:32:14)
Running from C:\Users\Burn\Downloads
Loaded Profiles: Burn (Available Profiles: Burn)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(BlueStack Systems, Inc.) C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(PGWARE LLC) C:\Program Files (x86)\PGWARE\SuperRam\SuperRamService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(PGWARE LLC) C:\Program Files (x86)\PGWARE\SuperRam\SuperRamTray.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Alexander Roshal) C:\Program Files\WinRAR\WinRAR.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Microsoft Corporation) C:\Windows\System32\msdt.exe
(Microsoft Corporation) C:\Windows\System32\sdiagnhost.exe
(Microsoft Corporation) C:\Windows\System32\netsh.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2786768 2016-11-29] (Malwarebytes)
HKLM\...\Run: [TabletDriver] => C:\PenTabletDriver\TabletDriver.exe [634240 2016-05-27] (Graphic Tablet Company Shenzhen)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-08-12] (PDF Complete Inc)
HKLM-x32\...\Run: [SuperRam] => C:\Program Files (x86)\PGWARE\SuperRam\SuperRamTray.exe [1949696 2016-08-21] (PGWARE LLC)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2131344 2016-06-20] (Wondershare)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM-x32\...\RunOnce: [Faseme] => C:\Windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\Burn\AppData\Roaming\Bulefafedo"
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-651885936-3206023527-1227426118-1000\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\Bluestacks\HD-Agent.exe [978456 2016-08-11] (BlueStack Systems, Inc.)
HKU\S-1-5-21-651885936-3206023527-1227426118-1000\...\Run: [Chromium] => "c:\users\burn\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session --restore-last-session --restore-last-session
HKU\S-1-5-21-651885936-3206023527-1227426118-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-651885936-3206023527-1227426118-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7946656 2017-04-12] (SUPERAntiSpyware)
HKU\S-1-5-21-651885936-3206023527-1227426118-1000\...\MountPoints2: {5ffc294c-6a83-11e6-afbb-806e6f6e6963} - E:\setup.exe
Startup: C:\Users\Burn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2017-04-14]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Burn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-01-13]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (No File)
GroupPolicy: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [S-1-5-21-651885936-3206023527-1227426118-1000] => 52.183.30.241:8888
Hosts: 127.0.0.1 platform.wondershare.com 
Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{C288EECE-9172-4BBD-8BF4-BEEE0EA6E837}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{C288EECE-9172-4BBD-8BF4-BEEE0EA6E837}: [DhcpNameServer] 209.18.47.62 209.18.47.61
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_17_11_wbf_zayat_16_49&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1QzutAzzyCtDyByB0EyE0EtC0CtByCtDzzyBtN0D0Tzu0StCzytDtAtN1L2XzutAtFtByBtFtCtFyDtAtN1L1Czu1M1Q1CtAtBtFtAtFtDtN1L1G1B1V1N2Y1L1Qzu2StD0CyDtDyBtC0F0BtGyCyCyCyDtGtC0B0A0FtGtDtA0C0AtGtDtB0B0EyEyCyDtDyEyB0Bzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0Ezyzy0CyCzyyDtG0B0C0EzytGyEzz0FzytGzyyBtDyBtGzz0B0D0AtBtD0FyEyCyBtCzy2QtN0A0LzuyE%26cr%3D1290029178%26a%3Dhdr_s_17_11_wbf_zayat_16_49%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://us.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_17_11_wbf_zayat_16_49&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1QzutAzzyCtDyByB0EyE0EtC0CtByCtDzzyBtN0D0Tzu0StCzytDtAtN1L2XzutAtFtByBtFtCtFyDtAtN1L1Czu1M1Q1CtAtBtFtAtFtDtN1L1G1B1V1N2Y1L1Qzu2StD0CyDtDyBtC0F0BtGyCyCyCyDtGtC0B0A0FtGtDtA0C0AtGtDtB0B0EyEyCyDtDyEyB0Bzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0Ezyzy0CyCzyyDtG0B0C0EzytGyEzz0FzytGzyyBtDyBtGzz0B0D0AtBtD0FyEyCyBtCzy2QtN0A0LzuyE%26cr%3D1290029178%26a%3Dhdr_s_17_11_wbf_zayat_16_49%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium
HKU\S-1-5-21-651885936-3206023527-1227426118-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com
HKU\S-1-5-21-651885936-3206023527-1227426118-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/CQDSK/1
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {817EBD61-96F6-497A-9431-912307C0A779} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM -> {f79e5d1c-5148-469e-9f98-a11d8d7863f4} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {f7bb050c-e116-44da-89c2-6f2b68c54836} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_17_13_wbf_zayat_16_49&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1QzutAzzyCtDyByB0EyE0EtC0CtByCtDzzyBtN0D0Tzu0StCzytCtBtN1L2XzutAtFtByBtFtCtFyDyCtN1L1Czu1M1Q1CtAtBtFtAtFtDtN1L1G1B1V1N2Y1L1Qzu2SyB0AyE0D0DzzzyyDtGyCyD0FtCtGyEyD0BzytGyC0DzyyEtGyEyB0DtAyByBzz0E0ByBtBtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0Ezyzy0CyCzyyDtG0B0C0EzytGyEzz0FzytGzyyBtDyBtGzz0B0D0AtBtD0FyEyCyBtCzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByDyEtC%26cr%3D569429260%26a%3Dhdr_s_17_13_wbf_zayat_16_49%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {817EBD61-96F6-497A-9431-912307C0A779} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> {f79e5d1c-5148-469e-9f98-a11d8d7863f4} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {f7bb050c-e116-44da-89c2-6f2b68c54836} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_17_13_wbf_zayat_16_49&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1QzutAzzyCtDyByB0EyE0EtC0CtByCtDzzyBtN0D0Tzu0StCzytCtBtN1L2XzutAtFtByBtFtCtFyDyCtN1L1Czu1M1Q1CtAtBtFtAtFtDtN1L1G1B1V1N2Y1L1Qzu2SyB0AyE0D0DzzzyyDtGyCyD0FtCtGyEyD0BzytGyC0DzyyEtGyEyB0DtAyByBzz0E0ByBtBtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0Ezyzy0CyCzyyDtG0B0C0EzytGyEzz0FzytGzyyBtDyBtGzz0B0D0AtBtD0FyEyCyBtCzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByDyEtC%26cr%3D569429260%26a%3Dhdr_s_17_13_wbf_zayat_16_49%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
SearchScopes: HKU\S-1-5-21-651885936-3206023527-1227426118-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-651885936-3206023527-1227426118-1000 -> {817EBD61-96F6-497A-9431-912307C0A779} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-651885936-3206023527-1227426118-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF
SearchScopes: HKU\S-1-5-21-651885936-3206023527-1227426118-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-651885936-3206023527-1227426118-1000 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-651885936-3206023527-1227426118-1000 -> {f7bb050c-e116-44da-89c2-6f2b68c54836} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_17_13_wbf_zayat_16_49&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1QzutAzzyCtDyByB0EyE0EtC0CtByCtDzzyBtN0D0Tzu0StCzytCtBtN1L2XzutAtFtByBtFtCtFyDyCtN1L1Czu1M1Q1CtAtBtFtAtFtDtN1L1G1B1V1N2Y1L1Qzu2SyB0AyE0D0DzzzyyDtGyCyD0FtCtGyEyD0BzytGyC0DzyyEtGyEyB0DtAyByBzz0E0ByBtBtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0Ezyzy0CyCzyyDtG0B0C0EzytGyEzz0FzytGzyyBtDyBtGzz0B0D0AtBtD0FyEyCyBtCzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtByDyEtC%26cr%3D569429260%26a%3Dhdr_s_17_13_wbf_zayat_16_49%26os_ver%3D6.1%26os%3DWindows%2B7%2BHome%2BPremium&p={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2017-01-10] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2017-01-10] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-04] (HP Inc.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\coIEPlg.dll [2011-08-11] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\IPS\IPSBHO.DLL [2011-07-25] (Symantec Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-04] (HP Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\coIEPlg.dll [2011-08-11] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-651885936-3206023527-1227426118-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn
FF Extension: (Norton Vulnerability Protection) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn [2016-08-24] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn
FF Extension: (Norton Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn [2017-04-22] [not signed]
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2017-01-10] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2017-01-10] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin: @unity3d.com/UnityPlayer64,version=1.0 -> C:\Program Files\Unity\WebPlayer64\loader-x64\npUnity3D64.dll [2015-06-08] (Unity Technologies ApS)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-10] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-651885936-3206023527-1227426118-1000: @nsroblox.roblox.com/launcher -> C:\Users\Burn\AppData\Local\Roblox\Versions\version-398bf2b17c844b38\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-651885936-3206023527-1227426118-1000: @nsroblox.roblox.com/launcher64 -> C:\Users\Burn\AppData\Local\Roblox\Versions\version-398bf2b17c844b38\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-651885936-3206023527-1227426118-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Burn\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2016-07-14] (Unity Technologies ApS)
 
Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Burn\AppData\Local\Google\Chrome\User Data\Default [2017-04-24]
CHR Extension: (Google Slides) - C:\Users\Burn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-24]
CHR Extension: (Google Docs) - C:\Users\Burn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-24]
CHR Extension: (Google Drive) - C:\Users\Burn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-24]
CHR Extension: (YouTube) - C:\Users\Burn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-24]
CHR Extension: (Adblock Plus) - C:\Users\Burn\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-23]
CHR Extension: (hTab) - C:\Users\Burn\AppData\Local\Google\Chrome\User Data\Default\Extensions\elmkjjfkkchohaaoljobaffjeedcoocj [2017-03-18]
CHR Extension: (Google Sheets) - C:\Users\Burn\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-24]
CHR Extension: (Google Docs Offline) - C:\Users\Burn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-25]
CHR Extension: (Grammarly for Chrome) - C:\Users\Burn\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-04-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Burn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-14]
CHR Extension: (Tampermonkey) - C:\Users\Burn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgmhaokipkgnddjceeobahfneonfnaep [2016-08-24]
CHR Extension: (Gmail) - C:\Users\Burn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-24]
CHR Extension: (Chrome Media Router) - C:\Users\Burn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-06]
CHR HKLM\...\Chrome\Extension: [elmkjjfkkchohaaoljobaffjeedcoocj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-651885936-3206023527-1227426118-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [elmkjjfkkchohaaoljobaffjeedcoocj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [elmkjjfkkchohaaoljobaffjeedcoocj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\Extensions\Chrome.crx [2012-01-13]
 
Opera: 
=======
OPR Extension: (Tampermonkey) - C:\Users\Burn\AppData\Roaming\Opera Software\Opera Stable\Extensions\mfdhdgbonjidekjkjmjaneanmdmpmidf [2016-09-18]
OPR Extension: (Adblock Plus) - C:\Users\Burn\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2017-03-22]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-04-12] (SUPERAntiSpyware.com)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2017-04-14] (Adobe Systems) [File not signed]
S3 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [445976 2016-08-11] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [425496 2016-08-11] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [462360 2016-08-11] (BlueStack Systems, Inc.)
R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] (Hewlett-Packard) [File not signed]
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [33640 2017-04-07] (HP Inc.)
S2 KingoSoftService; C:\Users\Burn\AppData\Local\Kingosoft\Kingo Root\update_27205\bin\checkupdate.exe [367584 2016-08-07] ()
S2 KMSEmulator; C:\Windows\KMS\bin\KMSSS.exe [297472 2015-01-13] (MDL Forum, mod by Ratiborus) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-11-29] (Malwarebytes)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe [138760 2011-08-10] (Symantec Corporation)
S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-12] (PDF Complete Inc)
S2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
R2 SuperRam; C:\Program Files (x86)\PGWARE\SuperRam\SuperRamService.exe [1933312 2016-08-21] (PGWARE LLC) [File not signed]
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-07-26] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 rtop; "C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [30720 2016-08-24] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [37376 2016-08-24] (LG Electronics Inc.)
R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20110819.004\BHDrvx64.sys [1151096 2011-08-19] (Symantec Corporation)
S3 BstHdDrv; C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [152672 2016-08-11] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\Bluestacks\BstkDrv.sys [307768 2016-07-28] (Bluestack System Inc. )
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1301000.01C\ccSetx64.sys [167048 2011-08-08] (Symantec Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77408 2016-11-29] ()
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20110726.001\IDSVia64.sys [488568 2011-07-20] (Symantec Corporation)
S4 IObitUnlocker; C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [36568 2013-09-30] (IObit)
S3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [102856 2017-02-12] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-02-12] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [250816 2017-04-22] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [81696 2017-02-12] (Malwarebytes)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20110810.019\ENG64.SYS [117880 2011-08-09] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20110810.019\EX64.SYS [2048632 2011-08-09] (Symantec Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SRTSP; C:\Windows\system32\drivers\NISx64\1301000.01C\SRTSP64.SYS [729720 2011-08-02] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1301000.01C\SRTSPX64.SYS [37496 2011-08-02] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1301000.01C\SYMDS64.SYS [451192 2011-07-25] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1301000.01C\SYMEFA64.SYS [1084536 2011-07-28] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2012-01-13] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1301000.01C\Ironx64.SYS [189560 2011-07-25] (Symantec Corporation)
R3 SymNetS; C:\Windows\system32\drivers\NISx64\1301000.01C\SYMNETS.SYS [401016 2011-07-25] (Symantec Corporation)
R3 vmulti; C:\Windows\System32\DRIVERS\vmulti.sys [19504 2016-01-13] (Windows ® Win 7 DDK provider)
 
========================== Drivers MD5 =======================
 
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 9A4A1EEE802BF2F878EE8EAB407B21B7
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\System32\DRIVERS\lgandnetdiag64.sys 16B21FEEF6C0999AC6B80C3F37AEED0D
C:\Windows\System32\DRIVERS\lgandnetmodem64.sys E9C96BD17C317016C1B00127E5FDDB57
C:\Windows\system32\drivers\appid.sys F165140EFE85E7767A80BAA234D05A4C
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\system32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20110819.004\BHDrvx64.sys 41DA5845E1F8AF445BD626CF085C4541
C:\Windows\system32\drivers\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ABA3984C822E4D3F889699912D85D6C5
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys ED76DA4C27471C4B608CD72CB34BA7F5
C:\Program Files (x86)\Bluestacks\BstkDrv.sys FD2EFBD92116F5BCF26BC22620AE7BCC
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\system32\drivers\NISx64\1301000.01C\ccSetx64.sys A8AD33C9DD88C810CAC00ACC7F4329FB
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys 3D67C27DD17B254D7915FA16A5AE3573
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys A98CED39AD91B445E2E442A9BD67E8B4
C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys 9B38580063D281A99E68EF5813022A5F
C:\Windows\System32\DRIVERS\ssudbus.sys 5492F6FB1F32E10AEF02679872AFD194
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys 616387BBD83372220B09DE95F4E67BBC
C:\Windows\system32\drivers\drmkaud.sys 26FE888505E5A945B0536AF9A2A27A6F
C:\Windows\System32\drivers\dxgkrnl.sys C727B350874B61E4BE80AB013530F655
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\system32\drivers\mbae64.sys 047244823B2EA707E1F6076CA20DEF90
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\drivers\ftdibus.sys 8EC36B9FD3D25687C3F996200BBB8DED
C:\Windows\System32\drivers\ftser2k.sys 535AB1F6600D8384145E4A8521194D3F
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys F61634BEC53F73702A10DE69F6DCAF57
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\drivers\iaStor.sys 26CF4275034214ECEDD8EC17B0A18A99
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20110726.001\IDSVia64.sys 0B97F1A640AD3D159A7B5D2164C42E50
C:\Windows\System32\DRIVERS\igdkmd64.sys 6383899C5F964D71B0F96B81FBE59BB8
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\Impcd.sys DD587A55390ED2295BCE6D36AD567DA9
C:\Windows\System32\drivers\RTKVHD64.sys 392D5C87F282E8E36DF5154418A7BB20
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelppm.sys ==> MD5 is legit
C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys D7B749051DA5FB4604F4141F19C47660
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 1C19A55425902DC7EAFD208664837F5B
C:\Windows\System32\Drivers\ksecpkg.sys 800B40CE64259F6EEFB1627C9DA0038E
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\L1C62x64.sys 655A5D8E80869781CCE23760ADA7E695
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lvuvc64.sys FF3A488924B0032B1A9CA6948C1FA9E8
C:\Windows\system32\drivers\farflt.sys F3960CA85778E5D7611EE0F501972340
C:\Windows\system32\drivers\mbam.sys 88BD122C3A35DE63D75D382DF75554CE
C:\Windows\system32\drivers\MBAMSwissArmy.sys ABB371D9AEF728B0489B0E6872B4A1C0
C:\Windows\system32\drivers\mwac.sys 90AF4ED8A8D28C40F162DDC1ABD49C42
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\system32\drivers\HECIx64.sys A6518DCC42F7A6E999BB3BEA8FD87567
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys 8ADB5445B29941CB41AF2846FD5C93C7
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 98DB1790F0A584E0A2528B92B052417F
C:\Windows\System32\DRIVERS\mrxsmb.sys 2EB36DF5E373FCD1783F941A85803F9F
C:\Windows\System32\DRIVERS\mrxsmb10.sys 6C6A67FFEC4C06AEB61BC07E5E5B03C1
C:\Windows\System32\DRIVERS\mrxsmb20.sys D9973E3B4637A4EA35DBF86A26F58270
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20110810.019\ENG64.SYS 2DBE90210DE76BE6E1653BB20EC70EC2
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20110810.019\EX64.SYS 346DA70E203B8E2C850277713DE8F71B
C:\Windows\System32\drivers\ndis.sys F7309F42555F8AAB7144A51A1F2585B0
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys E47D571FEC2C76E867935109AB2A770C
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 47B2D0B31BDC3EBE6090228E2BA3764D
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys EA4D67448BE493D543F1730D6CD04694
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS 3289766038DB2CB14D07DC84392138D5
C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS 58A38E75F3316A83C23DF6173D41F2B5
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Sftfslh.sys 21AB491BBCC8C1B26FDC402A374AB196
C:\Windows\System32\DRIVERS\Sftplaylh.sys 3B8D43FEEFF7A187534DDDFD675FE123
C:\Windows\System32\DRIVERS\Sftredirlh.sys F1D1B1DC7A8765A09D7640FBF8D20970
C:\Windows\System32\DRIVERS\Sftvollh.sys B3B9ADE7F8C4AF0C20E712E040588543
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\system32\drivers\NISx64\1301000.01C\SRTSP64.SYS 1321A6C3C92BBD3F3BBE1292CFF8E91A
C:\Windows\system32\drivers\NISx64\1301000.01C\SRTSPX64.SYS BD129C22C3B8C2E584227269DFA77B09
C:\Windows\System32\DRIVERS\srv.sys EB15C46477EB84B6B520871ED5936CCF
C:\Windows\System32\DRIVERS\srv2.sys 7F4FDC9528BCE6FB919615B6A77D5724
C:\Windows\System32\DRIVERS\srvnet.sys 3F20CD2A11872284BD667DAD6D4801CC
C:\Windows\System32\DRIVERS\ssudmdm.sys 627FFBE52FEDF0460C3D7259FC0EDF50
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\NISx64\1301000.01C\SYMDS64.SYS 8B2430762099598DA40686F754632EFD
C:\Windows\system32\drivers\NISx64\1301000.01C\SYMEFA64.SYS FE29B18BF86FFCD55D8733C9B01E5042
C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 36B77F5C9E21F88A8C8EC67AD5415819
C:\Windows\system32\drivers\NISx64\1301000.01C\Ironx64.SYS DD70DA422460FDED831D211DF151D560
C:\Windows\system32\drivers\NISx64\1301000.01C\SYMNETS.SYS BCE4EB2EEF05E388959B46FD21388C2D
C:\Windows\System32\drivers\tcpip.sys B2875D7ABB82867DC3AA03D991940201
C:\Windows\System32\DRIVERS\tcpip.sys B2875D7ABB82867DC3AA03D991940201
C:\Windows\System32\drivers\tcpipreg.sys 7FE5586314EE7D6AA8483264A089E5AF
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys AA77EB517D2F07A947294F260E3ACA83
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2
C:\Windows\System32\DRIVERS\usbccgp.sys 28B81917A195B67617AF7DCF4DFE5736
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys B626F048318DAE65A3317F0592BE592C
C:\Windows\system32\drivers\usbhub.sys 390109E8E05BA00375DCB1ED64DC60AF
C:\Windows\system32\drivers\usbohci.sys B4DF0F4C1D9D25DFE1DAD1D8670F1D4F
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\USBSTOR.SYS D029DD09E22EB24318A8FC3D8138BA43
C:\Windows\system32\drivers\usbuhci.sys CFEAAF96E666E3DCBD8F6DFF516784AE
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\DRIVERS\VBoxDrv.sys 8693BF3C413D225DB72D3F4F4E90FC21
C:\Windows\System32\DRIVERS\VBoxNetAdp.sys 87D4E923785CDFA655B53A78DD99BD2B
C:\Windows\System32\DRIVERS\VBoxNetFlt.sys 3BE9EEA378F69D296E8168D01A6913BD
C:\Windows\System32\DRIVERS\VBoxUSBMon.sys B820D9ACE4EDB499D33B2051B973FBBF
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vmulti.sys 39CCC7F3F7F8BA7895B51B447127B2D5
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys DF8126BD41180351A093A3AD2FC8903B
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Three Months Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-04-24 00:32 - 2017-04-24 00:33 - 00047711 _____ C:\Users\Burn\Downloads\FRST.txt
2017-04-24 00:30 - 2017-04-24 00:32 - 00000000 ____D C:\FRST
2017-04-24 00:29 - 2017-04-24 00:29 - 02426368 _____ (Farbar) C:\Users\Burn\Downloads\FRST64.exe
2017-04-24 00:29 - 2017-04-24 00:29 - 01766912 _____ (Farbar) C:\Users\Burn\Downloads\FRST_19-04-17 (2).exe
2017-04-24 00:28 - 2017-04-24 00:28 - 01766912 _____ (Farbar) C:\Users\Burn\Downloads\FRST_19-04-17.exe
2017-04-24 00:28 - 2017-04-24 00:28 - 01766912 _____ (Farbar) C:\Users\Burn\Downloads\FRST_19-04-17 (1).exe
2017-04-23 23:42 - 2017-04-23 23:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Unlocker
2017-04-23 23:42 - 2017-04-23 23:42 - 00000000 ____D C:\ProgramData\IObit
2017-04-23 23:42 - 2017-04-23 23:42 - 00000000 ____D C:\Program Files (x86)\IObit
2017-04-23 23:41 - 2017-04-23 23:41 - 02451912 _____ (IObit ) C:\Users\Burn\Downloads\unlocker-setup.exe
2017-04-23 23:22 - 2017-04-23 23:22 - 00000017 _____ C:\Users\Burn\AppData\Local\resmon.resmoncfg
2017-04-23 23:17 - 2017-04-23 23:17 - 01078591 _____ C:\Users\Burn\Downloads\Unlocker1.9.2.exe
2017-04-23 21:09 - 2016-09-10 23:13 - 00247348 _____ C:\Windows\MSUIGHUB.tt2
2017-04-23 21:09 - 2016-09-10 17:28 - 21543568 _____ C:\Windows\MSYH.tt2
2017-04-23 21:09 - 2016-09-10 17:28 - 21302624 _____ C:\Windows\MSJH.tt2
2017-04-23 21:09 - 2016-09-10 17:28 - 14381616 _____ C:\Windows\MSYHBD.tt2
2017-04-23 21:09 - 2016-09-10 17:28 - 14343024 _____ C:\Windows\MSJHBD.tt2
2017-04-23 15:14 - 2017-04-23 15:14 - 00000000 ___HD C:\OneDriveTemp
2017-04-22 21:55 - 2017-04-22 21:56 - 15960082 _____ C:\Users\Burn\Downloads\Oracle_VM_VirtualBox_Extension_Pack-4.3.26-98988a.vbox-extpack
2017-04-22 21:50 - 2017-04-22 22:06 - 00000000 ____D C:\Users\Burn\VirtualBox VMs
2017-04-22 21:45 - 2017-04-22 21:45 - 00000000 ____D C:\Users\Burn\AppData\Local\Adobe
2017-04-22 21:13 - 2017-04-22 22:06 - 00000000 ____D C:\Users\Burn\.VirtualBox
2017-04-22 21:13 - 2017-04-22 21:13 - 00001078 _____ C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2017-04-22 21:13 - 2017-04-22 21:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2017-04-22 21:13 - 2015-03-16 17:36 - 00922704 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2017-04-22 21:13 - 2015-03-16 17:35 - 00128592 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2017-04-22 21:12 - 2017-04-22 21:12 - 00000000 ____D C:\Program Files\Oracle
2017-04-22 20:55 - 2015-04-26 13:53 - 1183950848 _____ C:\Users\Burn\Desktop\Yosemite-Zone.iso
2017-04-22 01:09 - 2017-04-22 01:20 - 1026382830 _____ C:\Users\Burn\Downloads\Yosemite.zip
2017-04-22 01:00 - 2017-04-22 01:00 - 111145672 _____ (Oracle Corporation) C:\Users\Burn\Downloads\VirtualBox-4.3.26-98988-Win.exe
2017-04-22 00:26 - 2017-04-22 00:26 - 114012504 _____ (Oracle Corporation) C:\Users\Burn\Downloads\VirtualBox-5.0.38-114632-Win.exe
2017-04-19 22:08 - 2017-04-19 22:09 - 01913404 _____ C:\Users\Burn\Downloads\SmoothDraw4Beta (1).zip
2017-04-18 17:25 - 2017-04-18 17:25 - 00000127 _____ C:\Users\Burn\Documents\HP TouchSmart Calendar.ics
2017-04-18 14:01 - 2017-04-18 14:01 - 00203392 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetLwf.sys
2017-04-18 14:01 - 2017-04-18 14:01 - 00130120 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp6.sys
2017-04-16 12:52 - 2017-04-16 12:52 - 00167882 _____ C:\Users\Burn\Downloads\four_generation_landscape_pedigree_trees.pdf
2017-04-16 12:52 - 2017-04-16 12:52 - 00042425 _____ C:\Users\Burn\Downloads\Family-Tree-Template-Word-Download.zip
2017-04-16 12:47 - 2017-04-16 12:47 - 00060183 _____ C:\Users\Burn\Downloads\5generation_family_tree.pdf
2017-04-16 12:39 - 2017-04-16 12:39 - 00000000 ____D C:\Users\Burn\AppData\LocalLow\Adobe
2017-04-16 12:39 - 2017-04-16 12:39 - 00000000 ____D C:\Users\Burn\AppData\Local\CEF
2017-04-16 12:38 - 2017-04-16 12:38 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-04-16 12:37 - 2017-04-16 12:37 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-04-16 12:37 - 2017-04-16 12:37 - 00002009 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2017-04-16 12:28 - 2017-04-16 12:28 - 00020666 _____ C:\Users\Burn\Downloads\Blank-Family-Tree-For-Kids-Template.zip
2017-04-16 11:44 - 2017-04-19 23:28 - 00000000 ____D C:\Users\Burn\AppData\Local\SmoothDraw
2017-04-16 01:33 - 2017-04-16 01:34 - 00000000 ____D C:\Users\Burn\Desktop\Art Program
2017-04-16 01:33 - 2017-04-16 01:33 - 00000735 _____ C:\Users\Burn\Desktop\LG G2 - Shortcut.lnk
2017-04-16 01:13 - 2017-04-16 01:13 - 01913404 _____ C:\Users\Burn\Downloads\SmoothDraw4Beta.zip
2017-04-15 11:53 - 2017-04-15 11:54 - 29131646 _____ C:\Users\Burn\Downloads\GeometryExamsPDF.zip
2017-04-15 11:49 - 2017-04-14 14:23 - 00002004 _____ C:\Users\Burn\Desktop\Adobe ImageReady CS2.lnk
2017-04-15 11:24 - 2017-04-15 11:47 - 00000000 ____D C:\Users\Burn\Desktop\Geometry
2017-04-15 11:14 - 2017-04-15 11:15 - 03505087 _____ C:\Users\Burn\Downloads\CompactExamsGEO-EV.zip
2017-04-14 18:09 - 2017-04-14 18:11 - 00000000 ____D C:\Program Files\Drawpile
2017-04-14 18:08 - 2017-04-14 18:09 - 14624396 _____ ( ) C:\Users\Burn\Downloads\drawpile-2.0.2.1-setup.exe
2017-04-14 14:36 - 2017-04-14 14:36 - 00000000 ____D C:\Users\Burn\Desktop\Arts
2017-04-14 14:30 - 2017-04-14 14:30 - 00000000 ____D C:\Users\Burn\Documents\Updater
2017-04-14 14:27 - 2017-04-14 14:27 - 00002047 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk
2017-04-14 14:24 - 2017-04-14 14:24 - 00002029 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge.lnk
2017-04-14 14:24 - 2017-04-14 14:24 - 00000000 ____D C:\Users\Public\Documents\Adobe PDF
2017-04-14 14:24 - 2017-04-14 14:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2017-04-14 14:23 - 2017-04-14 14:23 - 00002007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS2.lnk
2017-04-14 14:23 - 2017-04-14 14:23 - 00002004 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady CS2.lnk
2017-04-14 14:19 - 2017-04-14 14:19 - 00000000 ____D C:\PhSp_CS2_UE_Ret
2017-04-14 14:17 - 2017-04-14 14:18 - 356583291 _____ (Adobe Systems Inc. ) C:\Users\Burn\Downloads\PhSp_CS2_English.exe
2017-04-14 13:41 - 2017-04-14 13:47 - 00000000 ____D C:\PenTabletDriver
2017-04-14 13:41 - 2017-04-14 13:41 - 00000677 _____ C:\Users\Public\Desktop\PenTabletDriver.lnk
2017-04-14 13:41 - 2017-04-14 13:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PenTabletDriver
2017-04-14 13:41 - 2016-05-27 08:50 - 00053256 _____ (Graphics Tablet) C:\Windows\system32\wintab32.dll
2017-04-14 13:41 - 2016-05-27 08:50 - 00047624 _____ (Graphics Tablet) C:\Windows\SysWOW64\wintab32.dll
2017-04-14 13:41 - 2016-01-13 13:35 - 01011504 _____ (Microsoft Corporation) C:\Windows\system32\WinUsbCoInstaller2.dll
2017-04-14 13:41 - 2016-01-13 13:34 - 01730360 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2017-04-14 13:41 - 2016-01-13 13:33 - 00019504 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\vmulti.sys
2017-04-14 13:41 - 2016-01-13 13:33 - 00016432 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\hidkmdf.sys
2017-04-13 00:10 - 2017-04-21 15:49 - 00000000 ____D C:\Users\Burn\AppData\Local\{9E8FA8D3-BA27-C46B-D7BF-E183F3D71D1B}
2017-04-12 17:12 - 2017-03-27 14:13 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-04-12 17:12 - 2017-03-27 13:28 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-04-12 17:12 - 2017-03-25 15:39 - 20284416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-04-12 17:12 - 2017-03-25 15:07 - 04604416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-04-12 17:12 - 2017-03-25 15:06 - 13654016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-04-12 17:12 - 2017-03-25 14:55 - 02767360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-04-12 17:12 - 2017-03-25 14:52 - 02289152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-04-12 17:12 - 2017-03-25 14:51 - 01313280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-04-12 17:12 - 2017-03-25 14:48 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-04-12 17:12 - 2017-03-25 14:47 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-04-12 17:12 - 2017-03-25 14:46 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-04-12 17:12 - 2017-03-25 14:46 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-04-12 17:12 - 2017-03-25 14:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-04-12 17:12 - 2017-03-25 14:14 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-04-12 17:12 - 2017-03-25 14:13 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-04-12 17:12 - 2017-03-25 14:10 - 02898432 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-04-12 17:12 - 2017-03-25 13:57 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-04-12 17:12 - 2017-03-25 13:56 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-04-12 17:12 - 2017-03-25 13:52 - 25746944 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-04-12 17:12 - 2017-03-25 13:41 - 06045696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-04-12 17:12 - 2017-03-25 13:04 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-04-12 17:12 - 2017-03-25 13:00 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-04-12 17:12 - 2017-03-25 12:59 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-04-12 17:12 - 2017-03-25 12:57 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-04-12 17:12 - 2017-03-25 12:57 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-04-12 17:12 - 2017-03-25 12:28 - 15259136 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-04-12 17:12 - 2017-03-25 12:27 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-04-12 17:12 - 2017-03-25 12:24 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-04-12 17:12 - 2017-03-25 12:10 - 01546240 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-04-12 17:12 - 2017-03-25 12:01 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-04-12 17:12 - 2017-03-24 18:50 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-04-12 17:12 - 2017-03-24 18:42 - 00313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-04-12 17:12 - 2017-03-22 11:32 - 03165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-04-12 17:12 - 2017-03-22 11:32 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-04-12 17:12 - 2017-03-22 11:32 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-04-12 17:12 - 2017-03-22 11:24 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-04-12 17:12 - 2017-03-22 11:17 - 02651136 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-04-12 17:12 - 2017-03-22 11:15 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-04-12 17:12 - 2017-03-22 11:15 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-04-12 17:12 - 2017-03-22 11:15 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-04-12 17:12 - 2017-03-22 11:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-04-12 17:12 - 2017-03-22 11:05 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-04-12 17:12 - 2017-03-22 11:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-04-12 17:12 - 2017-03-22 11:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2017-04-12 17:12 - 2017-03-14 11:34 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-04-12 17:12 - 2017-03-14 11:34 - 00265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-04-12 17:12 - 2017-03-10 12:35 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-04-12 17:12 - 2017-03-10 12:27 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-04-12 17:12 - 2017-03-10 12:00 - 03219968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-04-12 17:12 - 2017-03-08 16:20 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2017-04-12 17:12 - 2017-03-08 16:10 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2017-04-12 17:12 - 2017-03-08 00:37 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-04-12 17:12 - 2017-03-08 00:36 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-04-12 17:12 - 2017-03-08 00:36 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-04-12 17:12 - 2017-03-08 00:36 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-04-12 17:12 - 2017-03-08 00:36 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-04-12 17:12 - 2017-03-08 00:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-04-12 17:12 - 2017-03-08 00:33 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-04-12 17:12 - 2017-03-08 00:33 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-04-12 17:12 - 2017-03-08 00:33 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-04-12 17:12 - 2017-03-08 00:33 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-04-12 17:12 - 2017-03-08 00:33 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-04-12 17:12 - 2017-03-08 00:26 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-04-12 17:12 - 2017-03-08 00:26 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-04-12 17:12 - 2017-03-08 00:24 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-04-12 17:12 - 2017-03-08 00:22 - 01416192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-04-12 17:12 - 2017-03-08 00:22 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-04-12 17:12 - 2017-03-08 00:21 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-04-12 17:12 - 2017-03-07 12:30 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2017-04-12 17:12 - 2017-03-07 12:17 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2017-04-12 17:12 - 2017-03-03 21:27 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-04-12 17:12 - 2017-03-03 21:27 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\mfmjpegdec.dll
2017-04-12 17:12 - 2017-03-03 21:14 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-04-12 17:12 - 2017-03-03 21:14 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmjpegdec.dll
2017-04-12 17:12 - 2017-02-14 12:33 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-04-12 17:12 - 2017-02-14 12:19 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2017-04-12 17:12 - 2017-02-09 12:32 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2017-04-12 17:12 - 2017-02-09 12:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2017-04-12 17:12 - 2017-02-09 12:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2017-04-12 17:12 - 2017-01-18 11:36 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-04-12 17:12 - 2017-01-18 11:36 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-04-12 17:12 - 2017-01-18 11:36 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-04-12 17:12 - 2017-01-18 11:36 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-04-12 17:12 - 2017-01-18 11:36 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-04-12 17:12 - 2017-01-18 11:36 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-04-12 17:12 - 2017-01-18 11:36 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-04-12 17:12 - 2017-01-18 11:36 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-04-12 17:12 - 2017-01-18 11:36 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-04-12 17:12 - 2017-01-18 11:36 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-04-12 17:12 - 2017-01-18 11:36 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-04-12 17:12 - 2017-01-18 11:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-04-12 17:12 - 2017-01-18 11:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-04-12 17:12 - 2017-01-18 11:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-04-12 17:12 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-04-12 17:12 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-04-12 17:12 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-04-12 17:12 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-04-12 17:12 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-04-12 17:12 - 2017-01-18 11:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-04-12 17:12 - 2017-01-18 11:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-04-12 17:12 - 2017-01-18 11:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-04-12 17:12 - 2017-01-18 11:36 - 00011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-04-12 17:12 - 2017-01-18 11:35 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-04-12 17:12 - 2017-01-18 11:35 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-04-12 17:12 - 2017-01-18 11:35 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-04-12 17:12 - 2017-01-18 11:35 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-04-12 17:12 - 2017-01-18 11:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-04-12 17:12 - 2017-01-18 11:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-04-12 17:12 - 2017-01-18 11:35 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-04-12 17:12 - 2017-01-18 11:35 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-04-12 17:12 - 2017-01-18 11:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-04-12 17:12 - 2017-01-18 11:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-04-12 17:12 - 2017-01-18 11:35 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-04-12 17:12 - 2017-01-18 11:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-04-12 17:12 - 2017-01-18 11:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-04-12 17:12 - 2017-01-18 11:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-04-12 17:12 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-04-12 17:12 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-04-12 17:12 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-04-12 17:12 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-04-12 17:12 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-04-12 17:12 - 2017-01-18 11:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-04-12 17:12 - 2017-01-18 11:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-04-12 17:12 - 2017-01-18 11:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2017-04-12 17:12 - 2017-01-18 11:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2017-04-12 17:11 - 2017-03-25 14:47 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-04-12 17:11 - 2017-03-25 14:47 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-04-12 17:11 - 2017-03-25 14:46 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-04-12 17:11 - 2017-03-25 14:46 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-04-12 17:11 - 2017-03-25 14:46 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-04-12 17:11 - 2017-03-25 14:46 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-04-12 17:11 - 2017-03-25 14:46 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-04-12 17:11 - 2017-03-25 14:45 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-04-12 17:11 - 2017-03-25 14:45 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-04-12 17:11 - 2017-03-25 14:45 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-04-12 17:11 - 2017-03-25 14:45 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-04-12 17:11 - 2017-03-25 14:45 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-04-12 17:11 - 2017-03-25 14:45 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-04-12 17:11 - 2017-03-25 14:45 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-04-12 17:11 - 2017-03-25 14:44 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-04-12 17:11 - 2017-03-25 14:44 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-04-12 17:11 - 2017-03-25 14:35 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-04-12 17:11 - 2017-03-25 14:35 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-04-12 17:11 - 2017-03-25 14:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-04-12 17:11 - 2017-03-25 14:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-04-12 17:11 - 2017-03-25 14:13 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-04-12 17:11 - 2017-03-25 14:04 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-04-12 17:11 - 2017-03-25 14:02 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-04-12 17:11 - 2017-03-25 13:56 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-04-12 17:11 - 2017-03-25 13:56 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-04-12 17:11 - 2017-03-25 13:56 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-04-12 17:11 - 2017-03-25 13:45 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-04-12 17:11 - 2017-03-25 13:41 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-04-12 17:11 - 2017-03-25 13:30 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-04-12 17:11 - 2017-03-25 13:29 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-04-12 17:11 - 2017-03-25 13:24 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-04-12 17:11 - 2017-03-25 13:23 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-04-12 17:11 - 2017-03-25 13:20 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-04-12 17:11 - 2017-03-25 13:19 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-04-12 17:11 - 2017-03-25 13:17 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-04-12 17:11 - 2017-03-25 13:06 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-04-12 17:11 - 2017-03-22 11:30 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2017-04-12 17:11 - 2017-03-22 11:15 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-04-12 17:11 - 2017-03-22 11:15 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2017-04-12 17:11 - 2017-03-22 11:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-04-12 17:11 - 2017-03-14 11:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-04-12 17:11 - 2017-03-10 12:31 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-04-12 17:11 - 2017-03-10 12:31 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-04-12 17:11 - 2017-03-10 12:31 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-04-12 17:11 - 2017-03-10 12:31 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-04-12 17:11 - 2017-03-10 12:20 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2017-04-12 17:11 - 2017-03-10 12:19 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2017-04-12 17:11 - 2017-03-10 12:19 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2017-04-12 17:11 - 2017-03-10 11:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-04-12 17:11 - 2017-03-08 00:33 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-04-12 17:11 - 2017-03-08 00:33 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-04-12 17:11 - 2017-03-08 00:33 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-04-12 17:11 - 2017-03-08 00:33 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-04-12 17:11 - 2017-03-08 00:33 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-04-12 17:11 - 2017-03-08 00:33 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-04-12 17:11 - 2017-03-08 00:33 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-04-12 17:11 - 2017-03-08 00:33 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-04-12 17:11 - 2017-03-08 00:33 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-04-12 17:11 - 2017-03-08 00:33 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-04-12 17:11 - 2017-03-08 00:33 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-04-12 17:11 - 2017-03-08 00:33 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-04-12 17:11 - 2017-03-08 00:33 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-04-12 17:11 - 2017-03-08 00:33 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-04-12 17:11 - 2017-03-08 00:33 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-04-12 17:11 - 2017-03-08 00:33 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-04-12 17:11 - 2017-03-08 00:33 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-04-12 17:11 - 2017-03-08 00:33 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-04-12 17:11 - 2017-03-08 00:33 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-04-12 17:11 - 2017-03-08 00:33 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-04-12 17:11 - 2017-03-08 00:33 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-04-12 17:11 - 2017-03-08 00:33 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-04-12 17:11 - 2017-03-08 00:33 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-04-12 17:11 - 2017-03-08 00:33 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-04-12 17:11 - 2017-03-08 00:33 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-04-12 17:11 - 2017-03-08 00:33 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-04-12 17:11 - 2017-03-08 00:33 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-04-12 17:11 - 2017-03-08 00:33 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-04-12 17:11 - 2017-03-08 00:33 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-04-12 17:11 - 2017-03-08 00:33 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-04-12 17:11 - 2017-03-08 00:33 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-04-12 17:11 - 2017-03-08 00:33 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-04-12 17:11 - 2017-03-08 00:33 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-12 17:11 - 2017-03-08 00:33 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-04-12 17:11 - 2017-03-08 00:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-04-12 17:11 - 2017-03-08 00:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-04-12 17:11 - 2017-03-08 00:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-04-12 17:11 - 2017-03-08 00:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-04-12 17:11 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-04-12 17:11 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-04-12 17:11 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-04-12 17:11 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-04-12 17:11 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-04-12 17:11 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-04-12 17:11 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-04-12 17:11 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-04-12 17:11 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-04-12 17:11 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-04-12 17:11 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-04-12 17:11 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-04-12 17:11 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-04-12 17:11 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-04-12 17:11 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-04-12 17:11 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-04-12 17:11 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-04-12 17:11 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-04-12 17:11 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-04-12 17:11 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-04-12 17:11 - 2017-03-08 00:22 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-04-12 17:11 - 2017-03-08 00:22 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-04-12 17:11 - 2017-03-08 00:22 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-04-12 17:11 - 2017-03-08 00:22 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-04-12 17:11 - 2017-03-08 00:22 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-04-12 17:11 - 2017-03-08 00:22 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-04-12 17:11 - 2017-03-08 00:22 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-04-12 17:11 - 2017-03-08 00:22 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-04-12 17:11 - 2017-03-08 00:22 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-04-12 17:11 - 2017-03-08 00:22 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-04-12 17:11 - 2017-03-08 00:22 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-04-12 17:11 - 2017-03-08 00:22 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-04-12 17:11 - 2017-03-08 00:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-04-12 17:11 - 2017-03-08 00:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-04-12 17:11 - 2017-03-08 00:22 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-04-12 17:11 - 2017-03-08 00:22 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-04-12 17:11 - 2017-03-08 00:22 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-04-12 17:11 - 2017-03-08 00:21 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-04-12 17:11 - 2017-03-08 00:21 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-04-12 17:11 - 2017-03-08 00:21 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-04-12 17:11 - 2017-03-08 00:21 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-04-12 17:11 - 2017-03-08 00:21 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-04-12 17:11 - 2017-03-08 00:21 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-04-12 17:11 - 2017-03-08 00:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-04-12 17:11 - 2017-03-08 00:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-04-12 17:11 - 2017-03-08 00:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-04-12 17:11 - 2017-03-08 00:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-04-12 17:11 - 2017-03-08 00:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-04-12 17:11 - 2017-03-08 00:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-04-12 17:11 - 2017-03-08 00:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-04-12 17:11 - 2017-03-08 00:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-04-12 17:11 - 2017-03-08 00:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-04-12 17:11 - 2017-03-08 00:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-04-12 17:11 - 2017-03-08 00:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-04-12 17:11 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-04-12 17:11 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-04-12 17:11 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-04-12 17:11 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-04-12 17:11 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-04-12 17:11 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-04-12 17:11 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-04-12 17:11 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-04-12 17:11 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-04-12 17:11 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-04-12 17:11 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-04-12 17:11 - 2017-03-08 00:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-04-12 17:11 - 2017-03-08 00:03 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-04-12 17:11 - 2017-03-08 00:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-04-12 17:11 - 2017-03-08 00:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-04-12 17:11 - 2017-03-08 00:00 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-04-12 17:11 - 2017-03-07 23:59 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-04-12 17:11 - 2017-03-07 23:57 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-04-12 17:11 - 2017-03-07 23:56 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-04-12 17:11 - 2017-03-07 23:56 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-04-12 17:11 - 2017-03-07 23:56 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-04-12 17:11 - 2017-03-07 23:55 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-04-12 17:11 - 2017-03-07 23:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-04-12 17:11 - 2017-03-07 23:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-04-12 17:11 - 2017-03-07 23:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-04-12 17:11 - 2017-03-07 23:54 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-04-12 17:11 - 2017-03-07 23:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-04-12 17:11 - 2017-03-07 23:53 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-04-12 17:11 - 2017-03-07 23:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-04-12 17:11 - 2017-03-07 23:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-12 17:11 - 2017-03-07 23:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-04-12 17:11 - 2017-03-07 23:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-04-12 17:11 - 2017-02-11 12:33 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-04-12 17:11 - 2017-02-11 12:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-04-12 10:50 - 2017-04-12 10:51 - 28717726 _____ C:\Users\Burn\Downloads\البرنامج.rar
2017-04-11 16:45 - 2017-04-11 16:51 - 163048451 _____ C:\Users\Burn\Downloads\Dragon Ball Super - 72 [720p].mp4
2017-04-11 12:41 - 2017-04-11 14:03 - 11333633 _____ C:\Users\Burn\Downloads\IW4.DLC.8.Recycled.Pack.zip
2017-04-11 12:41 - 2017-04-11 12:46 - 76285313 _____ C:\Users\Burn\Downloads\Unconfirmed 864361.crdownload
2017-04-11 12:41 - 2017-04-11 12:46 - 134002916 _____ C:\Users\Burn\Downloads\IW4.DLC.6.Cargoship.Winter.zip
2017-04-11 12:40 - 2017-04-11 12:45 - 81981441 _____ C:\Users\Burn\Downloads\Unconfirmed 261050.crdownload
2017-04-11 12:40 - 2017-04-11 12:45 - 158904321 _____ C:\Users\Burn\Downloads\Unconfirmed 362349.crdownload
2017-04-11 12:39 - 2017-04-11 12:45 - 173674497 _____ C:\Users\Burn\Downloads\Unconfirmed 919777.crdownload
2017-04-11 12:27 - 2017-04-11 12:27 - 95469445 _____ C:\Users\Burn\Downloads\ebnurf.zip
2017-04-11 12:19 - 2017-04-11 12:45 - 00000000 ____D C:\Users\Burn\Desktop\MW2
2017-04-11 12:00 - 2017-04-11 12:01 - 00000000 ____D C:\Users\Burn\Downloads\mw2mp
2017-04-11 11:53 - 2017-04-11 12:00 - 53644218 _____ C:\Users\Burn\Downloads\CODMW2.exe
2017-04-11 11:52 - 2017-04-11 11:52 - 00003118 _____ C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2017-04-11 11:52 - 2017-04-11 11:52 - 00003092 _____ C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2017-04-11 11:52 - 2017-04-11 11:52 - 00003090 _____ C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2017-04-11 11:52 - 2017-04-11 11:52 - 00003062 _____ C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2017-04-11 11:52 - 2017-04-11 11:52 - 00003060 _____ C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2017-04-11 11:52 - 2017-04-11 11:52 - 00002741 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center.lnk
2017-04-11 11:51 - 2017-04-11 11:52 - 00000000 ____D C:\Program Files\Microsoft Mouse and Keyboard Center
2017-04-11 11:50 - 2017-04-11 11:50 - 43995928 _____ (Microsoft Corporation) C:\Users\Burn\Downloads\MouseKeyboardCenter_64bit_ENG_2.8.106.exe
2017-04-11 10:00 - 2017-04-11 11:41 - 00000000 ____D C:\Users\Burn\Downloads\Call.Of.Duty.Modern.Warfare.2 - Razor1911
2017-04-11 09:58 - 2017-04-11 09:59 - 00018448 _____ C:\Users\Burn\Downloads\Call.Of.Duty.Modern.Warfare.2 - Razor1911.torrent
2017-04-11 09:57 - 2017-04-11 09:57 - 00002637 _____ C:\Users\Burn\Desktop\µTorrent.lnk
2017-04-11 09:55 - 2017-04-11 09:56 - 02403520 _____ (BitTorrent Inc.) C:\Users\Burn\uTorrent.exe
2017-04-09 14:35 - 2017-04-09 14:46 - 00022881 _____ C:\Users\Burn\Desktop\Zahin3.html
2017-04-09 14:35 - 2017-04-09 14:45 - 00022815 _____ C:\Users\Burn\Desktop\Zahin3.html.bak
2017-04-09 14:35 - 2017-04-09 14:35 - 00022745 _____ C:\Users\Burn\Downloads\Zahin3.html
2017-04-09 14:31 - 2017-04-09 14:33 - 00029664 _____ C:\Users\Burn\Desktop\Hossain3.html
2017-04-09 14:25 - 2017-04-09 14:29 - 00024062 _____ C:\Users\Burn\Desktop\Hossain2.html
2017-04-09 14:25 - 2017-04-09 14:28 - 00024079 _____ C:\Users\Burn\Desktop\Hossain2.html.bak
2017-04-01 22:54 - 2017-04-01 22:54 - 00017308 _____ C:\Users\Burn\Downloads\Hossain3.html
2017-04-01 20:51 - 2017-04-01 20:51 - 00001139 _____ C:\Users\Burn\Desktop\Five Nights at Freddy's DEMO.lnk
2017-03-24 20:29 - 2017-03-24 20:29 - 00012739 _____ C:\Users\Burn\Downloads\geomcc12017-sk.xlsx
2017-03-22 22:39 - 2017-03-23 22:05 - 00019605 _____ C:\Users\Burn\Downloads\Hossain.2.html
2017-03-22 22:39 - 2017-03-23 22:04 - 00019610 _____ C:\Users\Burn\Downloads\Hossain.2.html.bak
2017-03-21 21:12 - 2017-03-21 21:12 - 00000000 ____D C:\Users\Burn\AppData\Roaming\IDMComp
2017-03-21 21:12 - 2017-03-21 21:12 - 00000000 ____D C:\ProgramData\IDMComp
2017-03-21 21:08 - 2017-03-21 21:08 - 00002033 _____ C:\Users\Burn\Desktop\UltraEdit.lnk
2017-03-21 21:08 - 2017-03-21 21:08 - 00000000 ____D C:\Users\Burn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UltraEdit
2017-03-21 21:07 - 2017-03-21 21:07 - 00000000 ____D C:\Users\Burn\Documents\IDM Computer Solutions
2017-03-21 21:03 - 2017-03-21 21:04 - 106765244 _____ C:\Users\Burn\Downloads\IDMU.rar
2017-03-21 20:53 - 2017-03-21 20:53 - 00000963 _____ C:\Users\Burn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TextPad 8.lnk
2017-03-21 20:53 - 2017-03-21 20:53 - 00000000 ____D C:\Users\Burn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TextPad 8
2017-03-21 20:53 - 2017-03-21 20:53 - 00000000 ____D C:\Users\Burn\AppData\Roaming\Helios
2017-03-21 20:53 - 2017-03-21 20:53 - 00000000 ____D C:\Users\Burn\AppData\Local\Helios
2017-03-21 20:53 - 2017-03-21 20:53 - 00000000 ____D C:\Program Files\TextPad 8
2017-03-21 20:51 - 2017-03-21 20:51 - 06331351 _____ C:\Users\Burn\Downloads\txpeng812-64.zip
2017-03-21 20:47 - 2017-03-21 20:51 - 00000000 ____D C:\Users\Burn\AppData\Roaming\Notepad++
2017-03-21 20:47 - 2017-03-21 20:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2017-03-21 20:47 - 2017-03-21 20:47 - 00000000 ____D C:\Program Files (x86)\Notepad++
2017-03-20 00:48 - 2017-03-20 00:48 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2017-03-20 00:48 - 2017-03-20 00:48 - 00019112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr110_clr0400.dll
2017-03-20 00:48 - 2017-03-20 00:48 - 00019112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100_clr0400.dll
2017-03-20 00:48 - 2017-03-20 00:48 - 00019112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp110_clr0400.dll
2017-03-20 00:41 - 2017-03-20 00:41 - 00030400 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2017-03-20 00:41 - 2017-03-20 00:41 - 00019112 _____ (Microsoft Corporation) C:\Windows\system32\msvcr110_clr0400.dll
2017-03-20 00:41 - 2017-03-20 00:41 - 00019112 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100_clr0400.dll
2017-03-20 00:41 - 2017-03-20 00:41 - 00019112 _____ (Microsoft Corporation) C:\Windows\system32\msvcp110_clr0400.dll
2017-03-18 07:39 - 2017-04-24 00:16 - 00000252 _____ C:\Windows\Tasks\{090D9F2E-49A0-8185-C005-32B4FE0C51DF}.job
2017-03-18 07:39 - 2017-03-27 15:16 - 00016080 _____ C:\Users\Burn\AppData\Roaming\Bulefafedo
2017-03-18 07:39 - 2017-03-27 15:16 - 00003188 _____ C:\Windows\System32\Tasks\{090D9F2E-49A0-8185-C005-32B4FE0C51DF}
2017-03-18 07:38 - 2017-03-27 15:16 - 00000000 ____D C:\Users\Burn\AppData\Local\{40EE76B2-6446-1A0A-09DE-3FE22DB6C37A}
2017-03-18 07:38 - 2017-03-27 15:15 - 00001482 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk
2017-03-16 20:51 - 2017-03-16 20:51 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{131536CE-96CB-40E6-8ABB-EB17DED4199F}
2017-03-16 14:26 - 2017-03-16 14:26 - 00001179 _____ C:\Users\Burn\Downloads\infinity.user.js
2017-03-14 20:07 - 2017-02-11 11:58 - 00462848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-03-14 20:07 - 2017-02-10 12:32 - 00803328 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-03-14 20:07 - 2017-02-10 12:17 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-03-14 20:07 - 2017-02-10 10:33 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-03-14 20:07 - 2017-02-09 10:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-03-14 20:07 - 2017-02-09 10:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-03-14 20:07 - 2017-02-06 12:14 - 00733696 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-03-14 20:07 - 2017-01-13 14:00 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-03-14 20:07 - 2017-01-13 13:45 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-03-14 20:07 - 2017-01-11 14:01 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-03-14 20:07 - 2017-01-11 13:43 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2017-03-14 20:06 - 2017-02-11 11:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-03-14 20:06 - 2017-02-11 11:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-03-14 20:06 - 2017-02-09 12:32 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
2017-03-14 20:06 - 2017-02-09 12:31 - 00625664 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2017-03-14 20:06 - 2017-02-09 12:31 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2017-03-14 20:06 - 2017-02-09 12:14 - 00481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2017-03-14 20:06 - 2017-02-09 12:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
2017-03-14 20:06 - 2017-02-09 11:51 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcsPlugInService.dll
2017-03-14 20:06 - 2017-01-13 14:00 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2017-03-14 20:06 - 2017-01-13 13:45 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2017-03-14 20:06 - 2017-01-11 14:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2017-03-14 20:06 - 2017-01-11 13:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2017-03-14 20:05 - 2017-02-22 19:42 - 00084712 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-03-14 20:05 - 2017-02-22 19:37 - 01285632 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-03-14 20:05 - 2017-02-18 10:05 - 01609216 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-03-14 20:05 - 2017-02-18 10:05 - 00646656 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-03-14 20:05 - 2016-12-31 11:36 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-03-14 20:05 - 2016-12-31 11:36 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-03-14 20:05 - 2016-12-31 11:36 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-03-14 20:05 - 2016-12-31 11:36 - 00233984 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-03-14 20:05 - 2016-12-31 11:36 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-03-12 01:15 - 2017-03-12 01:15 - 00000000 ____D C:\Users\Burn\Downloads\lg g2 RIWO
2017-03-12 00:58 - 2017-03-12 00:58 - 06792762 _____ C:\Users\Burn\Downloads\lg g2 RIWO.zip
2017-03-12 00:12 - 2017-03-12 00:12 - 00000000 ____D C:\Users\Burn\Downloads\LG_Root
2017-03-11 23:49 - 2017-03-11 23:49 - 04989927 _____ (Igor Pavlov) C:\Users\Burn\Downloads\LG_Root_Script_by_avicohh.exe
2017-03-11 23:43 - 2017-03-11 23:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LG One Click Root
2017-03-11 23:43 - 2017-03-11 23:43 - 00000000 ____D C:\Program Files (x86)\avicohh software
2017-03-11 23:40 - 2017-03-11 23:40 - 05443202 _____ (Igor Pavlov) C:\Users\Burn\Downloads\LG_One_Click_Root_by_avicohh.exe
2017-03-11 23:38 - 2017-03-11 23:38 - 12812272 _____ (LG Electronics) C:\Users\Burn\Downloads\LGUnitedMobileDriver_S51MAN313AP22_ML_WHQL_Ver_3.13.2.exe
2017-03-11 23:32 - 2017-03-11 23:32 - 01812875 _____ C:\Users\Burn\Downloads\ioroot.zip
2017-03-11 23:28 - 2017-03-11 23:28 - 00355458 _____ C:\Users\Burn\Downloads\ls980SIMunlockFinalrar.zip
2017-03-11 23:26 - 2017-03-11 23:26 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2017-03-11 23:21 - 2017-03-11 23:39 - 00000000 ____D C:\Program Files (x86)\LG Electronics
2017-03-11 23:21 - 2016-08-24 19:09 - 00037376 _____ (LG Electronics Inc.) C:\Windows\system32\Drivers\lgandnetmodem64.sys
2017-03-11 23:21 - 2016-08-24 19:08 - 00030720 _____ (LG Electronics Inc.) C:\Windows\system32\Drivers\lgandnetdiag64.sys
2017-03-11 23:20 - 2017-03-11 23:20 - 16691672 _____ (LG Electronics) C:\Users\Burn\Downloads\LGMobileDriver_WHQL_Ver_4.2.0 (1).exe
2017-03-11 23:17 - 2017-03-11 23:18 - 16691672 _____ (LG Electronics) C:\Users\Burn\Downloads\LGMobileDriver_WHQL_Ver_4.2.0.exe
2017-03-08 19:36 - 2017-03-08 19:36 - 01992590 _____ C:\Users\Burn\Downloads\2016-released-items-math-g6.pdf
2017-03-08 19:35 - 2017-03-08 19:35 - 06288265 _____ C:\Users\Burn\Downloads\2016-scoring-materials-math-g6.pdf
2017-03-08 19:34 - 2017-03-08 19:34 - 09093909 _____ C:\Users\Burn\Downloads\2016-released-items-ela-g6.pdf
2017-03-08 19:34 - 2017-03-08 19:34 - 00131833 _____ C:\Users\Burn\Downloads\nys-math-emphases-k-8.pdf
2017-03-07 17:39 - 2017-03-07 17:39 - 00010218 _____ C:\ProgramData\regid.2015-05.exe.textpad_83F5EF12-C2F9-4C11-A5C5-57A7B2D7AD25.swidtag
2017-03-05 15:29 - 2017-03-05 15:29 - 00000000 ____D C:\Users\Burn\AppData\Roaming\Blender Foundation
2017-03-05 14:21 - 2017-03-05 14:21 - 01946064 _____ C:\Users\Burn\Downloads\0a.wav
2017-03-05 11:05 - 2017-03-05 11:05 - 00417983 _____ C:\Users\Burn\Downloads\RenderNews.mp4
2017-03-05 10:51 - 2017-03-05 10:51 - 00000000 ____D C:\Program Files (x86)\NextUp-ScanSoft
2017-03-05 10:49 - 2017-03-05 10:49 - 00000000 ____D C:\Windows\Downloaded Installations
2017-03-05 10:48 - 2017-03-05 10:50 - 00000000 ____D C:\Users\Burn\AppData\Roaming\Balabolka
2017-03-05 10:48 - 2017-03-05 10:48 - 00000000 ____D C:\Users\Burn\Documents\Balabolka
2017-03-05 10:47 - 2017-03-05 10:47 - 94175793 _____ (NextUp.com ) C:\Users\Burn\Downloads\Daniel 22Khz MLG voice.exe
2017-03-05 10:45 - 2017-03-05 10:47 - 09827694 _____ C:\Users\Burn\Downloads\Balabolka.rar
2017-02-25 14:53 - 2017-02-25 14:53 - 00011409 _____ C:\Users\Burn\Downloads\Naming & Formula Writing Quiz (Responses).xlsx
2017-02-18 13:40 - 2017-02-18 13:40 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{7C05500F-086D-4A08-BD56-3BCC0F79002D}
2017-02-17 00:34 - 2017-02-17 00:35 - 01984192 _____ C:\Users\Burn\Downloads\Black-History-Month-1bgyttv.pptx
2017-02-15 16:06 - 2017-02-15 16:06 - 00016492 _____ C:\Users\Burn\Downloads\~WRD0005.tmp
2017-02-12 12:33 - 2017-02-12 12:33 - 00004010 _____ C:\Users\Burn\Downloads\[Macaroni Ring (Kugayama Hodai)] 18 LOVE (Dragon Ball Z).torrent
2017-02-12 11:56 - 2017-04-22 22:09 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-02-12 11:56 - 2017-02-12 11:56 - 00176064 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-02-12 11:56 - 2017-02-12 11:56 - 00102856 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-02-12 11:56 - 2017-02-12 11:56 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-02-12 11:56 - 2017-02-12 11:56 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-02-12 11:55 - 2017-02-12 11:55 - 00001869 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-12 11:55 - 2017-02-12 11:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-12 11:55 - 2017-02-12 11:55 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-12 11:55 - 2016-11-29 07:27 - 00077408 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-02-12 11:52 - 2017-02-12 11:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-12 11:39 - 2017-02-12 11:39 - 74721152 _____ C:\Users\Burn\Downloads\Malwarebytes Premium 3.0  FINAL.zip
2017-02-09 17:00 - 2017-02-09 17:00 - 00602624 _____ C:\Users\Burn\Downloads\JJSploit.dll
2017-02-09 16:57 - 2017-02-09 16:57 - 00796672 _____ C:\Users\Burn\Downloads\Magitan.dll
2017-02-09 12:57 - 2017-02-09 12:57 - 00213988 _____ C:\Users\Burn\Downloads\plug110.zip
2017-02-09 12:55 - 2017-02-09 12:56 - 01333471 _____ C:\Users\Burn\Downloads\odbg110.zip
2017-02-06 20:17 - 2017-02-06 20:17 - 00017688 ____H C:\Users\Burn\Desktop\~WRL2912.tmp
2017-02-05 23:43 - 2017-02-05 23:43 - 00402640 _____ C:\Users\Burn\Downloads\412875650_15_57 (2).jpeg
2017-02-05 23:42 - 2017-02-05 23:43 - 00402640 _____ C:\Users\Burn\Downloads\412875650_15_57.jpeg
2017-02-05 23:42 - 2017-02-05 23:43 - 00402640 _____ C:\Users\Burn\Downloads\412875650_15_57 (1).jpeg
2017-02-05 13:25 - 2017-02-05 13:25 - 08537049 _____ C:\Users\Burn\Downloads\buried-presskit.zip
2017-02-05 12:54 - 2017-02-05 12:54 - 00072259 _____ C:\Users\Burn\Downloads\animate.css
2017-02-04 10:03 - 2017-02-04 10:03 - 00303586 _____ C:\Users\Burn\Downloads\lua-5.3.4.tar.gz
2017-02-04 09:58 - 2017-02-04 09:58 - 14065277 _____ C:\Users\Burn\Downloads\Binaries-LuaDist-batteries-0.9.8-Windows-x86.zip
2017-01-30 18:26 - 2017-02-09 17:07 - 00002437 _____ C:\Users\Burn\Desktop\settings.xml
2017-01-29 22:23 - 2016-06-03 08:17 - 00000000 ____D C:\Users\Burn\Downloads\Check Cashed V3
2017-01-29 22:19 - 2017-01-29 22:20 - 11774086 _____ C:\Users\Burn\Downloads\Check Cashed V3.rar
2017-01-29 21:54 - 2017-01-29 21:54 - 00165312 _____ C:\Users\Burn\Downloads\The-Conquerors-3-TERRITORY-GAMEMODE (5).htm
2017-01-29 21:54 - 2017-01-29 21:54 - 00165312 _____ C:\Users\Burn\Downloads\The-Conquerors-3-TERRITORY-GAMEMODE (3).htm
2017-01-29 21:54 - 2017-01-29 21:54 - 00165312 _____ C:\Users\Burn\Downloads\The-Conquerors-3-TERRITORY-GAMEMODE (1).htm
2017-01-29 21:54 - 2017-01-29 21:54 - 00165302 _____ C:\Users\Burn\Downloads\The-Conquerors-3-TERRITORY-GAMEMODE (2).htm
2017-01-29 21:54 - 2017-01-29 21:54 - 00164221 _____ C:\Users\Burn\Downloads\The-Conquerors-3-TERRITORY-GAMEMODE (4).htm
2017-01-29 21:54 - 2017-01-29 21:54 - 00161137 _____ C:\Users\Burn\Downloads\The-Conquerors-3-TERRITORY-GAMEMODE.htm
2017-01-29 21:54 - 2017-01-29 21:54 - 00146366 _____ C:\Users\Burn\Downloads\Update-Clone-Tycoon-2.htm
2017-01-26 23:48 - 2016-01-14 00:21 - 00000000 ____D C:\Users\Burn\Downloads\EKIPS
2017-01-26 23:47 - 2017-01-26 23:47 - 00003795 _____ C:\Users\Burn\Downloads\EKIPS.zip
2017-01-26 19:15 - 2017-01-26 19:15 - 00000000 ____D C:\Users\Burn\Documents\My Cheat Tables
2017-01-26 19:15 - 2017-01-26 19:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.6
2017-01-26 19:15 - 2017-01-26 19:15 - 00000000 ____D C:\Program Files (x86)\Cheat Engine 6.6
 
==================== Three Months Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-04-24 00:10 - 2016-09-05 20:21 - 00000256 _____ C:\Windows\Tasks\{5858ED8E-F96C-32DE-52D0-109E3FA52A28}.job
2017-04-23 23:19 - 2016-09-05 22:37 - 00000000 ____D C:\Users\Burn\AppData\Local\ElevatedDiagnostics
2017-04-23 23:07 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2017-04-23 22:55 - 2016-08-24 21:34 - 00114624 _____ C:\Users\Burn\AppData\Local\GDIPFONTCACHEV1.DAT
2017-04-23 22:39 - 2016-09-03 20:05 - 00000000 ____D C:\Users\Burn\AppData\Roaming\SoftGrid Client
2017-04-23 21:47 - 2016-09-10 17:32 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-04-23 21:47 - 2012-01-13 16:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-04-22 23:09 - 2012-01-13 16:19 - 00000000 ____D C:\ProgramData\PDFC
2017-04-22 22:17 - 2009-07-14 00:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-22 22:17 - 2009-07-14 00:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-22 22:08 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-22 21:50 - 2016-08-24 21:28 - 00000000 ____D C:\Users\Burn
2017-04-22 21:48 - 2016-08-24 21:32 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{4E82958C-5E73-422A-AE34-F3C88689D72C}
2017-04-22 21:13 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2017-04-22 00:13 - 2016-10-22 16:18 - 00000000 ____D C:\Users\Burn\AppData\Roaming\vlc
2017-04-21 16:26 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2017-04-21 15:49 - 2016-09-05 21:21 - 00000363 _____ C:\Users\Burn\AppData\Roaming\WB.CFG
2017-04-20 20:44 - 2009-07-14 01:13 - 00783424 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-18 17:20 - 2009-07-14 00:45 - 05054304 _____ C:\Windows\system32\FNTCACHE.DAT
2017-04-16 12:39 - 2016-10-23 00:53 - 00000000 ____D C:\ProgramData\Adobe
2017-04-16 12:39 - 2016-08-24 21:33 - 00000000 ____D C:\Users\Burn\AppData\Roaming\Adobe
2017-04-16 12:37 - 2012-01-13 16:17 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-04-16 11:58 - 2016-09-10 16:58 - 00000000 ____D C:\Users\Burn\AppData\Local\Package Cache
2017-04-16 01:32 - 2016-09-04 21:00 - 00000000 ____D C:\Users\Burn\AppData\Local\CrashDumps
2017-04-14 13:42 - 2016-09-04 21:55 - 00000000 ____D C:\Program Files\DIFX
2017-04-13 10:02 - 2017-01-18 19:16 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-04-13 10:02 - 2016-09-04 03:21 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-04-13 10:02 - 2016-09-04 03:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-04-13 03:08 - 2016-09-04 03:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-04-13 03:03 - 2011-02-11 13:15 - 00775546 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-04-12 10:51 - 2017-01-18 19:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2017-04-11 13:27 - 2016-12-29 19:09 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-04-11 13:27 - 2016-09-28 20:16 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-04-11 13:27 - 2016-09-28 20:16 - 00004446 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-04-11 13:27 - 2012-01-13 16:15 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-04-11 13:27 - 2012-01-13 16:15 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-04-11 13:27 - 2012-01-13 16:15 - 00000000 ____D C:\Windows\system32\Macromed
2017-04-11 13:01 - 2016-10-23 12:17 - 00000000 ____D C:\Users\Burn\AppData\Roaming\uTorrent
2017-04-11 11:56 - 2016-12-17 09:08 - 00000000 ____D C:\Users\Burn\AppData\LocalLow\uTorrent
2017-04-11 09:57 - 2016-10-23 12:19 - 00002637 _____ C:\Users\Burn\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2017-04-10 19:31 - 2016-08-24 21:35 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-10 19:31 - 2016-08-24 21:35 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-08 06:44 - 2016-12-07 22:52 - 00003168 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2
2017-04-08 06:44 - 2016-09-10 17:37 - 00002156 _____ C:\Users\Burn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2017-04-06 21:44 - 2016-08-24 21:36 - 00002157 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-06 21:44 - 2016-08-24 21:36 - 00002145 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-04-01 21:42 - 2016-11-20 14:59 - 00000000 ____D C:\Users\Burn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2017-04-01 20:51 - 2016-10-15 20:03 - 00000000 ____D C:\Program Files (x86)\Five Nights at Freddy's DEMO
2017-03-27 17:58 - 2016-09-05 19:05 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2017-03-27 15:17 - 2016-09-05 20:22 - 00002255 _____ C:\Users\Burn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk
2017-03-27 15:15 - 2016-11-30 01:21 - 00000258 __RSH C:\ProgramData\ntuser.pol
 
==================== Files in the root of some directories =======
 
2017-03-18 07:39 - 2017-03-27 15:16 - 0016080 _____ () C:\Users\Burn\AppData\Roaming\Bulefafedo
2016-09-05 21:21 - 2017-04-21 15:49 - 0000363 _____ () C:\Users\Burn\AppData\Roaming\WB.CFG
2017-04-23 23:22 - 2017-04-23 23:22 - 0000017 _____ () C:\Users\Burn\AppData\Local\resmon.resmoncfg
2016-09-04 20:56 - 2016-09-04 21:00 - 0000176 _____ () C:\Users\Burn\AppData\Local\uts.ini
2016-10-22 18:37 - 2016-10-22 18:37 - 0004096 _____ () C:\ProgramData\czchsjpj.srw
2016-10-22 18:37 - 2016-10-22 18:37 - 0000016 _____ () C:\ProgramData\mntemp
2017-03-07 17:39 - 2017-03-07 17:39 - 0010218 _____ () C:\ProgramData\regid.2015-05.exe.textpad_83F5EF12-C2F9-4C11-A5C5-57A7B2D7AD25.swidtag
2016-10-22 18:58 - 2016-10-22 18:58 - 0004131 _____ () C:\ProgramData\rxsmznjf.zcp
 
Files to move or delete:
====================
C:\Users\Burn\uTorrent.exe
C:\Windows\Tasks\{090D9F2E-49A0-8185-C005-32B4FE0C51DF}.job
C:\Windows\Tasks\{5858ED8E-F96C-32DE-52D0-109E3FA52A28}.job
 
 
Some files in TEMP:
====================
2017-04-23 23:01 - 2017-04-23 23:01 - 0737280 _____ (Indigo Rose Corporation) C:\Users\Burn\AppData\Local\Temp\irsetup.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== BCD ================================
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
extendedinput           Yes
default                 {current}
resumeobject            {f94d0a52-6a82-11e6-9cc5-e2791f227f97}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
customactions           0x1000085000001
                        0x5400000f
custom:5400000f         {56f053aa-6a84-11e6-a26a-386077e4e1c2}
 
Windows Boot Loader
-------------------
identifier              {56f053aa-6a84-11e6-a26a-386077e4e1c2}
device                  ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{56f053ab-6a84-11e6-a26a-386077e4e1c2}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{56f053ab-6a84-11e6-a26a-386077e4e1c2}
systemroot              \windows
nx                      OptIn
winpe                   Yes
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {56f053aa-6a84-11e6-a26a-386077e4e1c2}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {f94d0a52-6a82-11e6-9cc5-e2791f227f97}
nx                      OptIn
 
Resume from Hibernate
---------------------
identifier              {f94d0a52-6a82-11e6-9cc5-e2791f227f97}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
EMS Settings
------------
identifier              {emssettings}
bootems                 Yes
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Device options
--------------
identifier              {56f053ab-6a84-11e6-a26a-386077e4e1c2}
description             Ramdisk Options
ramdisksdidevice        partition=D:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi
 
 
LastRegBack: 2017-04-21 16:17
 
==================== End of FRST.txt ============================

Edited by Badrobo125, 24 April 2017 - 12:20 AM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,640 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:52 AM

Posted 26 April 2017 - 08:50 PM

Greetings Badrobo125 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Unfortunately there appears to evidence of illegal software on your computer. I am going to request you completely uninstall any and all products for which you do not have a valid Product Key, including all "cracked" software. If you are willing to do that please rerun a FRST scan and copy/paste both reports in your reply. Use multiple posts if necessary. If you prefer to leave the program(s) on your computer let me know that and I will be closing the Topic.

If you decide to remove the program(s) please run this after removal.

===================================================

CKScanner

--------------------
  • Download CKScanner and save it to your Desktop
  • Double click CKScanner
  • Select Search For Files
  • Once completed select Save List to File
  • A ckfiles.txt document will be placed on your Desktop
  • Copy and paste the results of that report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • CKScanner report
  • FRST report
  • Addition report

Edited by Oh My!, 26 April 2017 - 08:53 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Badrobo125

Badrobo125
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 26 April 2017 - 09:15 PM

Hey, Gary, Thanks for the reply. I will proceed to your instructions shortly. But first, I wanted to tell you that I'm noticing unusual activity on my computer, First of all, when I used netstat, I see multiple TCP connections. This probably means that I'm hacked by some remote computer. What's more interesting is that after a few minutes I found that I was unable to open my command prompt and it states, this application was unable to start correctly (0xc0000142). In addition, when I logged on to my computer, I found this yahoo toolbar installing window, which when I opened the file location of, I found the application mshta and there was an unknown user in control of it, named "s-1-15-2-1". Lastly, there are multiple hkey Users in the registry,  including,  S-1-5-18, S-1-5-19,S-1-5-20,S-1-5-21-651885936-3206023527-1227426118-1003, and S-1-5-21-651885936-3206023527-1227426118-1003_Classes. And right now, my mouse is lagging which is a sure sign that someone is on the verge of remotely controlling it and is actively watching it. I know this becuase my computer was remotely controlled before by a hacker. 


Edited by Badrobo125, 26 April 2017 - 09:22 PM.


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,640 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:52 AM

Posted 26 April 2017 - 09:25 PM

Thanks for the update.

There are abnormalities in the log that need to be dealt with. Once we clear out the programs of concern and get that risk factor behind us we will start to deal with those entries.

While you are dealing with the programs can you tell me if you set this Proxy Server?

ProxyServer: [S-1-5-21-651885936-3206023527-1227426118-1000] => 52.183.30.241:8888


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Badrobo125

Badrobo125
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 26 April 2017 - 09:50 PM

Gary, I was attempting to uninstall some of the programs and I encountered this error, "windows service installer couldn't be accessed". They also mentioned that that could be because your computer is in safe mode. This was correct, my computer has been stuck in safe mode ever since I had tried to access the BIOS settings for a different purpose, but I never found it. Also, in order to open BIOS settings, I attempted to press random F keys found on the top of the keyboard. I think I might've made it stuck somehow. And also, I tried going to msconfig, but it says im not in safe mode. In addition, multiple windows services are stopped relating to remote access and remote registry. Also I did  not change any proxy setting of my own. 


Edited by Badrobo125, 26 April 2017 - 09:51 PM.


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,640 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:52 AM

Posted 26 April 2017 - 10:09 PM

OK,

I'll trust that you will be willing to delete those programs if we can make some progress.

I am ending for the evening but will be back online in the morning.

Please consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have Peer 2 Peer (torrent) program(s) installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Peer 2 Peer programs, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about CryptoLocker Ransomware, a type of Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows Key + R on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CloseProcesses:
HKLM-x32\...\RunOnce: [Faseme] => C:\Windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\Burn\AppData\Roaming\Bulefafedo"
C:\Users\Burn\AppData\Roaming\Bulefafedo
HKU\S-1-5-21-651885936-3206023527-1227426118-1000\...\MountPoints2: {5ffc294c-6a83-11e6-afbb-806e6f6e6963} - E:\setup.exe
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Extension: (hTab) - C:\Users\Burn\AppData\Local\Google\Chrome\User Data\Default\Extensions\elmkjjfkkchohaaoljobaffjeedcoocj [2017-03-18]
CHR HKLM-x32\...\Chrome\Extension: [elmkjjfkkchohaaoljobaffjeedcoocj] - hxxps://clients2.google.com/service/update2/crx
S2 KMSEmulator; C:\Windows\KMS\bin\KMSSS.exe [297472 2015-01-13] (MDL Forum, mod by Ratiborus) [File not signed]
C:\Windows\KMS
S2 rtop; "C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe" [X]
C:\Program Files\ByteFence
2017-04-23 21:09 - 2016-09-10 23:13 - 00247348 _____ C:\Windows\MSUIGHUB.tt2
2017-04-23 21:09 - 2016-09-10 17:28 - 21543568 _____ C:\Windows\MSYH.tt2
2017-04-23 21:09 - 2016-09-10 17:28 - 21302624 _____ C:\Windows\MSJH.tt2
2017-04-23 21:09 - 2016-09-10 17:28 - 14381616 _____ C:\Windows\MSYHBD.tt2
2017-04-23 21:09 - 2016-09-10 17:28 - 14343024 _____ C:\Windows\MSJHBD.tt2
2017-04-13 00:10 - 2017-04-21 15:49 - 00000000 ____D C:\Users\Burn\AppData\Local\{9E8FA8D3-BA27-C46B-D7BF-E183F3D71D1B}
2017-04-11 12:41 - 2017-04-11 12:46 - 76285313 _____ C:\Users\Burn\Downloads\Unconfirmed 864361.crdownload
2017-04-11 12:40 - 2017-04-11 12:45 - 81981441 _____ C:\Users\Burn\Downloads\Unconfirmed 261050.crdownload
2017-04-11 12:40 - 2017-04-11 12:45 - 158904321 _____ C:\Users\Burn\Downloads\Unconfirmed 362349.crdownload
2017-04-11 12:39 - 2017-04-11 12:45 - 173674497 _____ C:\Users\Burn\Downloads\Unconfirmed 919777.crdownload
2017-03-18 07:39 - 2017-04-24 00:16 - 00000252 _____ C:\Windows\Tasks\{090D9F2E-49A0-8185-C005-32B4FE0C51DF}.job
2017-03-18 07:39 - 2017-03-27 15:16 - 00003188 _____ C:\Windows\System32\Tasks\{090D9F2E-49A0-8185-C005-32B4FE0C51DF}
2017-02-15 16:06 - 2017-02-15 16:06 - 00016492 _____ C:\Users\Burn\Downloads\~WRD0005.tmp
2017-02-06 20:17 - 2017-02-06 20:17 - 00017688 ____H C:\Users\Burn\Desktop\~WRL2912.tmp
2017-04-24 00:10 - 2016-09-05 20:21 - 00000256 _____ C:\Windows\Tasks\{5858ED8E-F96C-32DE-52D0-109E3FA52A28}.job
2016-10-22 18:37 - 2016-10-22 18:37 - 0004096 _____ () C:\ProgramData\czchsjpj.srw
2016-10-22 18:37 - 2016-10-22 18:37 - 0000016 _____ () C:\ProgramData\mntemp
2016-10-22 18:58 - 2016-10-22 18:58 - 0004131 _____ () C:\ProgramData\rxsmznjf.zcp
File:  C:\Users\Burn\Downloads\infinity.user.js
RemoveProxy:
hosts:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: Bitsadmin /Reset /Allusers
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

RogueKiller

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • Right click on the setup.exe icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • Click OK on English
  • Select Install 32 and 64 bits versions (Recommended for Technicians), then click Next 2 times
  • Click Install
  • Click Finish
  • Click Start Scan twice
  • When completed click Open Report
  • Click Export Text and save the file on your Desktop as RK.txt
  • Close all open RogueKiller windows
  • Copy and paste the contents of the report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • RogueKiller log
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Badrobo125

Badrobo125
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 26 April 2017 - 11:21 PM

Gary, about the proxy server, 52.183.30.241:8888, sorry but I actually HAVE USED THIS PROXY SERVER BEFORE(I just rechecked) . But, how did you know and how does this relate?



#8 Badrobo125

Badrobo125
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 26 April 2017 - 11:34 PM

Gary I'm unable to install anything! "This application was unable to start correctly (0xc0000007b)" I don't know why this is happening. ALSO DO YOU THINK ALL THIS WOULD BE RESOLVED IF I ERASE MY WHOLE COMPUTER?


Edited by Badrobo125, 26 April 2017 - 11:36 PM.


#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,640 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:52 AM

Posted 27 April 2017 - 09:06 AM

Greetings,

Yes, this will all be resolved if you reformat your drive and reinstall the operating system but I am not sure that is necessary, at least at this point. I know this is frustrating but we are just getting started. It is up to you on whether or not you want to continue trying to clean your computer or wipe it. Let me know.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Badrobo125

Badrobo125
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 28 April 2017 - 10:12 PM

I actually ended up wiping my data, there was no loss. Thanks to you I learned a whole lot more on surfing the web cautiously. Thanks Gary. 



#11 Badrobo125

Badrobo125
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 28 April 2017 - 10:13 PM

But, now, I have another computer. And this one is a laptop, i think I may have the same issue here. I will do what you told me to do here. It runs on windows 10 and torrents were used. I will willingly follow your instructions.



#12 Badrobo125

Badrobo125
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 28 April 2017 - 10:22 PM

FRST REPORTS:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-04-2017
Ran by Tanju (administrator) on DESKTOP-OK9FV4M (28-04-2017 23:15:37)
Running from C:\Users\tanju\AppData\Local\Temp\scoped_dir12384_23082
Loaded Profiles: Tanju (Available Profiles: Tanju)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Intel® Corporation) C:\Program Files (x86)\Common Files\Intel\RSDCM\bin\win32\RealSenseDCM.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Dell Inc.) C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Dell) C:\Program Files\Dell\Dell Product Registration\PRSvc.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Graphic Tablet Company Shenzhen) C:\PenTabletDriver\TabletDriver.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CyberLink) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssist\imstrayicon.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8848640 2016-02-05] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1419008 2016-02-05] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [7823824 2015-09-21] (Dell Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [323040 2015-11-17] (Intel Corporation)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [718256 2015-12-22] (Waves Audio Ltd.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-10-02] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-18] (Malwarebytes)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM\...\Run: [TabletDriver] => C:\PenTabletDriver\TabletDriver.exe [634240 2016-05-27] (Graphic Tablet Company Shenzhen)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2404952 2017-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-1799275446-980760912-607601007-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4701888 2017-02-02] (Disc Soft Ltd)
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [371928 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [371928 2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
Startup: C:\Users\tanju\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-03-05]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{092935ae-344d-4cc3-a06f-ea3b3a27090a}: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{5ea6c456-1159-4e6d-83c4-197576049f19}: [DhcpNameServer] 209.18.47.62 209.18.47.61
 
Internet Explorer:
==================
HKU\S-1-5-21-1799275446-980760912-607601007-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell15.msn.com/?pc=DCTE
SearchScopes: HKU\S-1-5-21-1799275446-980760912-607601007-1001 -> DefaultScope {76EC8456-F1BA-4020-8D65-91DEF21E9FC7} URL = 
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-04-18] (McAfee, Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-02-02] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-04-18] (Oracle Corporation)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-04-18] (McAfee, Inc.)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2017-02-02] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-04-18] (Oracle Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-04-18] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-04-18] (McAfee, Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-02-02] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-02-02] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-02-02] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-02-02] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-02-02] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-02-02] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-02-02] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-02-02] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-04-18] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-04-18] (McAfee, Inc.)
 
FireFox:
========
FF DefaultProfile: 36yjeun0.default
FF ProfilePath: C:\Users\tanju\AppData\Roaming\Mozilla\Firefox\Profiles\36yjeun0.default [2017-04-18]
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-04-22]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll [2017-04-13] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-02-02] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-03-27] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-13] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-25] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-25] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-04-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-04-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-02-02] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-03-27] (Adobe Systems)
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://search.yahoo.com/?type=639975&fr=yo-yhp-ch
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=C210US105D20160923&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\tanju\AppData\Local\Google\Chrome\User Data\Default [2017-04-28]
CHR Extension: (Google Docs) - C:\Users\tanju\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-22]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\tanju\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2017-03-20]
CHR Extension: (Google Docs Offline) - C:\Users\tanju\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-04-26]
CHR Extension: (AdBlock) - C:\Users\tanju\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-04-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\tanju\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\tanju\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-24]
CHR Extension: (Chrome Media Router) - C:\Users\tanju\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-12]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [771672 2017-03-14] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3697352 2017-01-29] (Microsoft Corporation)
S3 cplspcon; C:\WINDOWS\system32\IntelCpHDCPSvc.exe [431088 2016-11-04] (Intel Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2016-12-21] (Dell Inc.)
S2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [97616 2017-01-11] (Dell)
R2 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [78672 2016-09-13] (Dell Inc.)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-12-13] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-12-13] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [228216 2016-01-21] (Dell Inc.)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2017-02-02] (Disc Soft Ltd)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [19424 2015-11-17] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [356336 2016-11-04] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
R3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2015-10-16] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-18] (Malwarebytes)
R3 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188264 2017-04-18] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-10-28] ()
R2 Product Registration; C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [80208 2016-09-22] (Dell)
R2 RealSenseDCM; C:\Program Files (x86)\Common Files\Intel\RSDCM\bin\win32\RealSenseDCM.exe [3663512 2015-10-15] (Intel® Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [310016 2016-02-05] (Realtek Semiconductor)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [32728 2017-04-13] (Dell Inc.)
S2 TunMirror; C:\ProgramData\KMSAutoS\bin\TunMirror.exe [10752 2015-01-29] () [File not signed]
R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [613296 2015-12-22] (Waves Audio Ltd.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831712 2015-10-28] (Intel® Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [32352 2016-10-13] (Dell Inc.)
R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [24240 2016-01-05] (Dell Computer Corporation)
R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [19440 2015-05-08] (OSR Open Systems Resources, Inc.)
S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-02-02] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-02-02] (Disc Soft Ltd)
S3 FTDIBUS; C:\WINDOWS\system32\drivers\ftdibus.sys [118160 2016-10-04] (Future Technology Devices International Ltd.)
S3 FTSER2K; C:\WINDOWS\system32\drivers\ftser2k.sys [88752 2016-10-04] ()
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [349960 2016-07-12] (Intel Corporation)
R3 IXCamera; C:\WINDOWS\system32\DRIVERS\RealSenseDCM.sys [72704 2015-10-15] (Intel® Corporation)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [251848 2017-04-21] (Malwarebytes)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3524360 2016-10-05] (Intel Corporation)
R3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; c:\program files\dell\supportassist\pcdsrvc_x64.pkms [25584 2017-04-14] (PC-Doctor, Inc.)
R3 ptun0901; C:\WINDOWS\System32\drivers\ptun0901.sys [27136 2014-08-08] (The OpenVPN Project)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-05-29] (Realtek                                            )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402136 2015-05-27] (Realsil Semiconductor Corporation)
S1 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [127456 2016-03-04] (Oracle Corporation)
R3 vmulti; C:\WINDOWS\System32\drivers\vmulti.sys [19504 2016-01-13] (Windows ® Win 7 DDK provider)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U0 aswVmm; no ImagePath
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-04-28 23:15 - 2017-04-28 23:15 - 02427392 _____ (Farbar) C:\Users\tanju\Desktop\FRST64.exe
2017-04-28 23:15 - 2017-04-28 23:15 - 00000000 ____D C:\FRST
2017-04-28 23:02 - 2017-04-28 23:03 - 160947472 _____ (Microsoft Corporation) C:\Users\tanju\Downloads\mpam-fe.exe
2017-04-27 16:31 - 2017-04-27 16:31 - 00000000 ____D C:\Users\tanju\AppData\Local\Tempzxpsign951090db8f13be31
2017-04-27 16:31 - 2017-04-27 16:31 - 00000000 ____D C:\Users\tanju\AppData\Local\Tempzxpsign1dafd1b3b059170a
2017-04-27 16:31 - 2017-04-27 16:31 - 00000000 ____D C:\Users\tanju\AppData\Local\Tempzxpsign19e3becff38a77c4
2017-04-27 00:00 - 2017-04-27 00:01 - 00000684 _____ C:\Users\tanju\Desktop\P2P.txt
2017-04-26 23:48 - 2017-04-26 23:48 - 00000279 _____ C:\Users\tanju\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recycle Bin.lnk
2017-04-26 23:42 - 2017-04-26 23:42 - 00000000 ____H C:\Users\tanju\OneDrive\Documents\Default.rdp
2017-04-25 22:58 - 2017-04-25 22:58 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows
2017-04-25 22:58 - 2017-04-25 22:58 - 00000000 ____D C:\Program Files\Dell Support Center
2017-04-25 22:54 - 2017-04-25 22:54 - 00003212 _____ C:\WINDOWS\System32\Tasks\BundleApplicationRepairToolLauncherTask
2017-04-23 14:26 - 2017-04-23 14:26 - 00000000 ____D C:\Users\tanju\AppData\Local\Tempzxpsign8552833171728e85
2017-04-23 14:23 - 2017-04-23 14:23 - 00000000 ____D C:\Users\tanju\AppData\Local\Tempzxpsign798ac38883ce9866
2017-04-23 14:23 - 2017-04-23 14:23 - 00000000 ____D C:\Users\tanju\AppData\Local\Tempzxpsign6468448f477268f4
2017-04-23 14:22 - 2017-04-23 14:22 - 00000000 ____D C:\Users\tanju\AppData\Local\Tempzxpsign2d38263e0ac2b80b
2017-04-23 14:22 - 2017-04-23 14:22 - 00000000 ____D C:\Users\tanju\AppData\Local\Tempzxpsign18a295bad1ca9e0a
2017-04-23 14:10 - 2017-04-26 00:05 - 00000346 _____ C:\Users\tanju\Desktop\Quinceanera.txt
2017-04-21 22:28 - 2017-04-21 22:41 - 120421344 _____ (Oracle Corporation) C:\Users\tanju\Desktop\VirtualBox-5.0.16-105871-Win.exe
2017-04-21 19:52 - 2017-04-21 19:53 - 107018952 _____ (Oracle Corporation) C:\Users\tanju\Desktop\VirtualBox-4.3.30-101610-Win.exe
2017-04-21 19:45 - 2017-04-21 19:46 - 123429720 _____ (Oracle Corporation) C:\Users\tanju\Desktop\VirtualBox-5.1.20-114628-Win.exe
2017-04-21 16:29 - 2017-04-21 16:29 - 00000000 ____D C:\ProgramData\SupportAssistAgent
2017-04-18 13:48 - 2017-04-18 13:48 - 00000000 ____D C:\Users\tanju\AppData\Local\Tempzxpsignc7b7efd82534f5c2
2017-04-18 13:48 - 2017-04-18 13:48 - 00000000 ____D C:\Users\tanju\AppData\Local\Tempzxpsigna3fa2f36f15e0312
2017-04-18 13:47 - 2017-04-18 13:47 - 00000000 ____D C:\Users\tanju\AppData\Local\Tempzxpsignf3d42a0fedc2d698
2017-04-18 13:47 - 2017-04-18 13:47 - 00000000 ____D C:\Users\tanju\AppData\Local\Tempzxpsign762224755c3f981f
2017-04-18 13:42 - 2017-04-18 13:42 - 00000000 ____D C:\Users\tanju\AppData\Local\Tempzxpsignf80d31364e48f72d
2017-04-18 13:42 - 2017-04-18 13:42 - 00000000 ____D C:\Users\tanju\AppData\Local\Tempzxpsign8aff724d455ad452
2017-04-18 13:22 - 2017-04-18 13:24 - 00389612 _____ C:\WINDOWS\Minidump\041817-37578-01.dmp
2017-04-18 12:32 - 2017-04-18 12:57 - 00000000 ____D C:\Users\tanju\Desktop\Java Files
2017-04-18 12:29 - 2017-04-18 12:29 - 00000000 _____ C:\Users\tanju\.drjava
2017-04-18 12:28 - 2017-04-18 12:28 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-04-18 12:28 - 2017-04-18 12:28 - 00000000 ____D C:\Users\tanju\AppData\Roaming\Sun
2017-04-18 12:28 - 2017-04-18 12:28 - 00000000 ____D C:\Users\tanju\AppData\LocalLow\Sun
2017-04-18 12:28 - 2017-04-18 12:28 - 00000000 ____D C:\ProgramData\Oracle
2017-04-18 12:28 - 2017-04-18 12:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-04-18 12:28 - 2017-04-18 12:28 - 00000000 ____D C:\Program Files (x86)\Java
2017-04-18 02:32 - 2017-04-18 02:32 - 00000000 ____D C:\Users\tanju\AppData\Local\Tempzxpsign73174ba0a37bd387
2017-04-18 02:21 - 2017-04-18 02:21 - 00000000 ____D C:\Users\tanju\AppData\Local\Tempzxpsign0f9c95dc4e419625
2017-04-18 01:39 - 2017-04-18 01:39 - 00000000 ____D C:\Users\tanju\AppData\Local\Tempzxpsign4413c1e44b3ec48a
2017-04-18 01:09 - 2017-04-18 01:09 - 00000000 ____D C:\Users\tanju\AppData\Local\Tempzxpsigna91e2c84a296b9e8
2017-04-18 00:38 - 2017-04-18 00:38 - 00000000 ____D C:\Users\tanju\AppData\Local\Tempzxpsignd7f0d297691a2ab4
2017-04-18 00:02 - 2017-04-18 00:02 - 00000000 ____D C:\Users\tanju\AppData\Local\Tempzxpsign14a08e37a2483c5b
2017-04-17 23:56 - 2017-04-17 23:56 - 00000000 ____D C:\Users\tanju\AppData\Local\Tempzxpsign8eb83d3ccb743943
2017-04-17 23:45 - 2017-04-17 23:45 - 00000000 ____D C:\Users\tanju\AppData\Local\Tempzxpsign84823a327b81464b
2017-04-17 23:44 - 2017-04-17 23:44 - 00000000 ____D C:\Users\tanju\AppData\Local\Tempzxpsignc8bb2f878994778c
2017-04-17 23:44 - 2017-04-17 23:44 - 00000000 ____D C:\Users\tanju\AppData\Local\Tempzxpsignad9d2a3238045bbf
2017-04-17 23:44 - 2017-04-17 23:44 - 00000000 ____D C:\Users\tanju\AppData\Local\Tempzxpsign3e09293a9f0e647d
2017-04-17 23:44 - 2017-04-17 23:44 - 00000000 ____D C:\Users\tanju\AppData\Local\Tempzxpsign1ed6b9977bb1f03d
2017-04-17 23:40 - 2017-04-17 23:40 - 00003634 _____ C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-OK9FV4M-Tanju
2017-04-17 23:40 - 2017-04-17 23:40 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-04-17 23:37 - 2017-04-17 23:37 - 00001087 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2017.lnk
2017-04-17 23:37 - 2017-04-17 23:37 - 00000040 ____H C:\26661DD7FCEA
2017-04-17 23:37 - 2017-04-17 23:37 - 00000000 ____D C:\Users\tanju\OneDrive\Documents\Adobe
2017-04-17 23:21 - 2017-04-17 23:37 - 00000000 ____D C:\Program Files\Common Files\Adobe
2017-04-17 23:21 - 2017-04-17 23:21 - 00000000 ____D C:\Program Files\Adobe
2017-04-17 23:20 - 2017-04-26 07:05 - 00000000 ___RD C:\Users\tanju\Creative Cloud Files
2017-04-17 23:20 - 2017-04-21 22:25 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-04-17 23:16 - 2017-04-17 23:16 - 00001300 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2017-04-17 23:16 - 2017-04-17 23:16 - 00001288 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2017-04-17 23:06 - 2016-11-03 21:53 - 02420104 _____ (Adobe Systems, Incorporated) C:\Users\tanju\Desktop\amtlib.dll
2017-04-17 22:56 - 2017-04-17 23:05 - 00000000 ____D C:\Program Files (x86)\Adobe Photoshop CS6
2017-04-17 22:11 - 2017-04-17 22:46 - 00000000 ____D C:\Users\tanju\Desktop\Proofs
2017-04-16 15:43 - 2017-04-16 15:43 - 00000714 _____ C:\Users\Public\Desktop\PenTabletDriver.lnk
2017-04-16 15:43 - 2017-04-16 15:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PenTabletDriver
2017-04-16 15:43 - 2017-04-16 15:43 - 00000000 ____D C:\PenTabletDriver
2017-04-16 15:43 - 2016-05-27 08:50 - 00053256 _____ (Graphics Tablet) C:\WINDOWS\system32\wintab32.dll
2017-04-16 15:43 - 2016-05-27 08:50 - 00047624 _____ (Graphics Tablet) C:\WINDOWS\SysWOW64\wintab32.dll
2017-04-16 15:43 - 2016-01-13 13:35 - 01011504 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinUsbCoInstaller2.dll
2017-04-16 15:43 - 2016-01-13 13:34 - 01730360 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01009.dll
2017-04-16 15:43 - 2016-01-13 13:33 - 00019504 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\Drivers\vmulti.sys
2017-04-16 15:43 - 2016-01-13 13:33 - 00016432 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\Drivers\hidkmdf.sys
2017-04-16 13:52 - 2017-04-24 23:44 - 00000000 ____D C:\Users\tanju\Desktop\FAMily
2017-03-31 21:40 - 2017-03-31 21:40 - 15771300 _____ C:\Users\tanju\Downloads\MOV005 (1).mp4
2017-03-31 17:13 - 2017-03-31 17:41 - 00000000 ____D C:\Users\tanju\Desktop\Adda and the previus self! lol
2017-03-31 17:11 - 2017-03-31 17:41 - 00000000 ____D C:\Users\tanju\Desktop\2012 prom!
2017-03-31 17:06 - 2017-03-31 17:33 - 00000000 ____D C:\Users\tanju\Desktop\.2012.2013 and 2015 EID!
2017-03-31 16:43 - 2017-03-31 16:43 - 00063029 _____ C:\Users\tanju\Downloads\IMG_22017185857333.jpeg
2017-03-31 16:40 - 2017-03-31 16:40 - 09772645 _____ C:\Users\tanju\Downloads\MOV003.mp4
2017-03-31 16:38 - 2017-03-31 16:38 - 15771300 _____ C:\Users\tanju\Downloads\MOV005.mp4
2017-03-31 16:26 - 2017-03-31 16:26 - 07876764 _____ C:\Users\tanju\Downloads\MOV091.mp4
2017-03-31 16:17 - 2017-03-31 16:17 - 00043240 _____ C:\Users\tanju\Downloads\IMG_74009420691007.jpeg
2017-03-31 16:16 - 2017-03-31 16:16 - 00095437 _____ C:\Users\tanju\Downloads\IMG_14514764315798.jpeg
2017-03-31 16:11 - 2017-03-31 16:11 - 00101731 _____ C:\Users\tanju\Downloads\IMG_14258978327715.jpeg
2017-03-31 16:04 - 2017-03-31 16:04 - 00082481 _____ C:\Users\tanju\Downloads\IMG_91610389322334.jpeg
2017-03-31 09:15 - 2017-03-31 09:15 - 00000000 ____D C:\Users\tanju\OneDrive\Documents\My Received Files
2017-03-31 09:10 - 2017-03-31 20:36 - 00004386 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-04-28 22:41 - 2017-03-05 19:37 - 00000000 ____D C:\Users\tanju\AppData\Local\Adobe
2017-04-28 22:41 - 2016-10-01 22:46 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-04-28 13:49 - 2016-10-01 23:12 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-28 13:49 - 2016-10-01 23:12 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-27 17:08 - 2016-07-19 00:34 - 00000000 ____D C:\ProgramData\PCDr
2017-04-27 00:08 - 2017-02-02 19:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2017-04-27 00:08 - 2016-11-27 18:52 - 00000000 ____D C:\Program Files\Microsoft Office
2017-04-26 23:52 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-04-26 07:01 - 2016-10-01 22:49 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-04-26 07:01 - 2016-09-22 20:39 - 00000000 __SHD C:\Users\tanju\IntelGraphicsProfiles
2017-04-25 22:58 - 2016-07-19 00:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2017-04-25 22:54 - 2016-09-25 12:03 - 00000000 ____D C:\Users\tanju\AppData\Roaming\PCDr
2017-04-23 17:39 - 2017-03-09 00:30 - 00000000 ____D C:\Users\tanju\AppData\Local\ElevatedDiagnostics
2017-04-22 22:39 - 2017-02-21 19:38 - 00003284 _____ C:\WINDOWS\System32\Tasks\PCDoctorBackgroundMonitorTask-Retry
2017-04-21 22:53 - 2016-07-16 07:45 - 00000000 ____D C:\WINDOWS\INF
2017-04-21 22:21 - 2017-02-21 21:13 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-04-21 22:21 - 2016-10-01 23:12 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-04-21 22:20 - 2016-07-16 02:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-04-21 21:52 - 2016-07-19 00:38 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-04-21 21:50 - 2016-10-01 22:55 - 00000000 ____D C:\Users\tanju
2017-04-20 19:36 - 2016-09-22 20:39 - 00000000 ____D C:\Users\tanju\AppData\Local\Packages
2017-04-19 16:34 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-04-18 18:38 - 2016-07-16 07:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-04-18 13:32 - 2016-04-25 16:04 - 01683748 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-04-18 13:22 - 2017-01-26 22:39 - 658108008 _____ C:\WINDOWS\MEMORY.DMP
2017-04-18 13:22 - 2017-01-26 22:39 - 00000000 ____D C:\WINDOWS\Minidump
2017-04-17 23:51 - 2016-09-22 20:39 - 00000000 ____D C:\Users\tanju\AppData\Roaming\Adobe
2017-04-17 23:23 - 2017-03-05 19:38 - 00000000 ____D C:\ProgramData\Adobe
2017-04-17 23:16 - 2016-10-01 22:50 - 00000000 ____D C:\ProgramData\Package Cache
2017-04-17 23:15 - 2016-07-16 07:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-04-17 23:13 - 2017-03-05 19:38 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-04-17 23:05 - 2017-03-05 19:39 - 00000000 ____D C:\Users\tanju\AppData\LocalLow\Adobe
2017-04-17 23:01 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-04-17 11:45 - 2016-10-09 12:26 - 00532136 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-04-16 15:43 - 2016-12-01 23:12 - 00000000 ____D C:\Program Files\DIFX
2017-04-16 15:41 - 2017-03-05 19:39 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-04-16 15:40 - 2017-03-05 19:39 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-04-13 17:52 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-04-12 17:53 - 2016-12-12 21:03 - 00003290 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-04-12 17:53 - 2016-09-22 20:42 - 00002365 _____ C:\Users\tanju\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-04-12 17:53 - 2016-09-22 20:42 - 00000000 ___RD C:\Users\tanju\OneDrive
2017-04-06 18:01 - 2016-09-22 20:54 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-06 18:01 - 2016-09-22 20:54 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-03-31 09:23 - 2016-09-22 20:39 - 00000000 ____D C:\Users\tanju\AppData\Local\VirtualStore
 
==================== Files in the root of some directories =======
 
2017-03-05 15:54 - 2017-03-05 15:54 - 0005051 _____ () C:\ProgramData\czchsjpj.srw
2016-10-01 22:49 - 2016-10-01 22:49 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2017-03-05 15:54 - 2017-03-05 15:54 - 0000016 _____ () C:\ProgramData\mntemp
2016-07-19 00:21 - 2016-07-19 00:21 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2016-07-19 00:16 - 2016-07-19 00:17 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2016-07-19 00:19 - 2016-07-19 00:21 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2016-07-19 00:17 - 2016-07-19 00:19 - 0000113 _____ () C:\ProgramData\{E1646825-D391-42A0-93AA-27FA810DA093}.log
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-04-21 17:13
 
==================== End of FRST.txt ============================
 
 
2nd FRST:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-04-2017
Ran by Tanju (28-04-2017 23:17:29)
Running from C:\Users\tanju\AppData\Local\Temp\scoped_dir12384_23082
Windows 10 Home Version 1607 (X64) (2016-10-02 03:15:11)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1799275446-980760912-607601007-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1799275446-980760912-607601007-503 - Limited - Disabled)
Guest (S-1-5-21-1799275446-980760912-607601007-501 - Limited - Disabled)
Tanju (S-1-5-21-1799275446-980760912-607601007-1001 - Administrator - Enabled) => C:\Users\tanju
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
3DMe (HKLM\...\3DMe 1.1) (Version: 1.1.0.551 - 3D Systems, Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.0.1.188 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_1) (Version: 18.1.0 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
BASIC Stamp Editor v2.5.3 (r2) (HKLM-x32\...\{9A1C2CB6-5E04-4531-BD4F-5ECFFE4E729C}) (Version: 2.5.3 - Parallax Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 12 - CyberLink Corp.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.5.1.0229 - Disc Soft Ltd)
Dell Customer Connect (HKLM-x32\...\{4FA72FF9-DD64-43A8-8704-6380A11F11D5}) (Version: 1.4.15.0 - Dell Inc.)
Dell Data Vault (Version: 4.4.1.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{AB7F2792-2ED1-4C5C-9F28-680E5110BF72}) (Version: 3.1.1018.0 - Dell Products, LP)
Dell Foundation Services (HKLM\...\{BDB50421-E961-42F3-B803-6DAC6F173834}) (Version: 3.4.16100.0 - Dell Inc.)
Dell Help & Support (HKLM-x32\...\InstallShield_{7E780845-303D-4B46-9746-9D49D94D16AB}) (Version: 2.3.22.0 - Dell Inc.)
Dell Help & Support (Version: 2.3.22.0 - Dell Inc.) Hidden
Dell Product Registration (HKLM-x32\...\InstallShield_{85B14AE3-1624-45BE-942B-A528DF6F1CCE}) (Version: 3.0.123.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.3.6855.212 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{1AE53ECE-2255-4191-998B-07741E5EFCDA}) (Version: 1.4.1.8 - Dell)
Dell Update (HKLM-x32\...\{2BE9948C-FD9C-40B0-AC04-EE2AAB4C19D4}) (Version: 1.8.1114.0 - Dell Inc.)
Dropbox 20 GB (HKLM-x32\...\{0867A88D-764F-366E-9E21-130DA8B472C3}) (Version: 3.1.18.0 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Intel® Chipset Device Software (x32 Version: 10.1.1.7 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1173 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.1.1043 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{DC5673D2-228D-45BC-B9BB-9610CE67DFC0}) (Version: 17.1.1524.1353 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c5379552-10e4-4652-9536-b328ff9e4ca6}) (Version: 18.30.0 - Intel Corporation)
Intel® RealSense™ Depth Camera Manager Beta (x86): dptf_com (x32 Version: 2.2.0.52404 - Intel Corporation) Hidden
Intel® RealSense™ Depth Camera Manager F200 (HKLM-x32\...\ARP_for_prd_dcm_runtime_1.4.27.52404) (Version: 1.4.27.52404 - Intel Corporation)
Intel® RealSense™ Depth Camera Manager F200 Gold (x86): Intel® RealSense™ 3D camera IO module (x32 Version: 1.4.27.52404 - Intel Corporation) Hidden
Intel® RealSense™ Depth Camera Manager F200 Gold (x86): Intel® RealSense™ Depth Camera Manager Service (x32 Version: 1.4.27.52404 - Intel Corporation) Hidden
Intel® RealSense™ SDK 2014 (HKLM-x32\...\ARP_for_prd_rs_sdk_rt_5.0.3.187777) (Version: 5.0.3.187777 - Intel Corporation)
Intel® RealSense™ SDK 2014 Runtime  (x86): Core (x32 Version: 5.0.3.7777 - Intel Corporation) Hidden
Intel® RealSense™ SDK 2014 Runtime  (x86): Face Tracking (x32 Version: 5.0.3.7777 - Intel Corporation) Hidden
Intel® RealSense™ SDK 2014 Runtime  (x86): Face Tracking: Models (x32 Version: 5.0.3.7777 - Intel Corporation) Hidden
Intel® RealSense™ SDK 2014 Runtime  (x86): Lantern Rock (x32 Version: 5.0.3.7777 - Intel Corporation) Hidden
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Malwarebytes version 3.0.6.1458 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1458 - Malwarebytes)
Maxx Audio Installer (x64) (Version: 2.6.8006.3 - Waves Audio Ltd.) Hidden
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.127 - McAfee, Inc.)
Microsoft Expression Encoder 4 (HKLM-x32\...\Encoder_4.0.1651.0) (Version: 4.0.1651.0 - Microsoft Corporation)
Microsoft Expression Encoder 4 Screen Capture Codec (HKLM-x32\...\{952DCCD8-4039-46C8-BC8B-5C1EB6C8E130}) (Version: 4.0.1651.0 - Microsoft Corporation)
Microsoft Office Professional 2016 - en-us (HKLM\...\ProfessionalRetail - en-us) (Version: 16.0.7668.2074 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1799275446-980760912-607601007-1001\...\OneDriveSetup.exe) (Version: 17.3.6799.0327 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Movavi Video Editor 12 (HKLM-x32\...\Movavi Video Editor 12) (Version: 12.1.0 - Movavi)
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1 - Mozilla)
NextUp-ScanSoft Daniel British Voice (HKLM-x32\...\{BE916006-E144-44CF-B467-F733D0F86200}) (Version: 4.0.0 - NextUp.com)
Office 16 Click-to-Run Extensibility Component (Version: 16.0.7668.2074 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7668.2074 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (Version: 16.0.7668.2074 - Microsoft Corporation) Hidden
Opera Stable 42.0.2393.517 (HKLM-x32\...\Opera 42.0.2393.517) (Version: 42.0.2393.517 - Opera Software)
Opera Stable 43.0.2442.1144 (HKLM-x32\...\Opera 43.0.2442.1144) (Version: 43.0.2442.1144 - Opera Software)
paint.net (HKLM\...\{6AC1101E-7561-43C9-BEEA-4AB1D220D8FF}) (Version: 4.0.13 - dotPDN LLC)
Product Registration (Version: 3.0.123.0 - Dell Inc.) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.17.009 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.31214 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7737 - Realtek Semiconductor Corp.)
UninstallTabletDeviceDriver (HKLM\...\{39089688-F09E-4DAD-8C80-647D3DF68630}_is1) (Version: 12.2.17 - )
Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.)
Windows Driver Package - FTDI CDM Driver Package - Bus/D2XX Driver (01/27/2014 2.10.00) (HKLM\...\A360E2EA788FFC586113AFE1F2AABF01EBE7A248) (Version: 01/27/2014 2.10.00 - FTDI)
Windows Driver Package - FTDI CDM Driver Package - Bus/D2XX Driver (03/09/2016 2.12.16) (HKLM\...\99CD3C797B82E768034D19AEA9ADB528ECB40DA5) (Version: 03/09/2016 2.12.16 - FTDI)
Windows Driver Package - FTDI CDM Driver Package - VCP Driver (01/27/2014 2.10.00) (HKLM\...\42F5D8399C4B7EB9005D88E9045ABB1A715CD59A) (Version: 01/27/2014 2.10.00 - FTDI)
Windows Driver Package - FTDI CDM Driver Package - VCP Driver (03/09/2016 2.12.16) (HKLM\...\9EE8368568247FE905E68E9555A24D5FBD7EB4EE) (Version: 03/09/2016 2.12.16 - FTDI)
Windows Driver Package - Graphics Tablet (WinUsb) USBDevice  (04/10/2014 8.33.30.0) (HKLM\...\142118DF51345EA02D2B1583E102C8FB95FD6D52) (Version: 04/10/2014 8.33.30.0 - Graphics Tablet)
Windows Driver Package - Parallax Inc CDM Driver Package - Bus & VCP Driver (01/27/2014 2.10.00) (HKLM\...\C51FB38149BAA0158189B9101273139721600D21) (Version: 01/27/2014 2.10.00 - Parallax Inc)
Windows Driver Package - Parallax Inc CDM Driver Package - Bus & VCP Driver (03/09/2016 2.12.16) (HKLM\...\9D6D79AFD5B9CF58D12E2143583693D255D0D847) (Version: 03/09/2016 2.12.16 - Parallax Inc)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Wondershare Filmora(Build 8.0.0) (HKLM\...\Wondershare Filmora_is1) (Version:  - Wondershare Software)
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1799275446-980760912-607601007-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-3935F0675554}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-1799275446-980760912-607601007-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0C9C9688-47E9-4F0E-B8F3-14AD7F3F6F7D} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-02-05] (Realtek Semiconductor)
Task: {15893B67-3DD0-487C-A4F7-B785297C10F3} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLVDLauncher.exe [2015-01-28] (CyberLink Corp.)
Task: {3A5AE838-63C4-4787-BC55-4093D627C065} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe 
Task: {3C4F4277-EABA-4C62-8668-71CAB1077F95} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-04-13] (Adobe Systems Incorporated)
Task: {4B9B7DC3-B7DC-4561-8D6C-13AFED577ACD} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\tanju\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe 
Task: {58051E89-09E1-4E85-8DDA-EF015869785B} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {6659AE70-EDD0-406A-A34E-BDCC8C3668D1} - \KMSAutoNet -> No File <==== ATTENTION
Task: {692B3C53-5CC7-4B22-BD85-B975087ACAEB} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe [2015-03-24] (Intel Corporation)
Task: {76731EE7-C896-4999-AF95-BDC5C641A921} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-01-29] (Microsoft Corporation)
Task: {95ACFBB3-DF69-428E-8BD8-12248B5162BC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-02-02] (Adobe Systems Incorporated)
Task: {9CB5D3DC-DA2F-4CB0-AE57-75075FA83A08} - System32\Tasks\BundleApplicationRepairToolLauncherTask => C:\Users\tanju\AppData\Roaming\PCDr\Repair\BundleApplicationRepairTool.exe [2017-04-25] ()
Task: {A992562E-46A1-47F1-AE42-DC25549C7CD1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {B5D344B4-A122-40F2-989F-42787F1CC955} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-22] (Google Inc.)
Task: {B875BE11-928E-4786-8EB3-AA4C2406C8CD} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2017-04-18] (PC-Doctor, Inc.)
Task: {BC8E7DD5-F622-4060-BE09-C29528F8E46E} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2017-04-13] (Dell Inc.)
Task: {C6458AD7-33C1-4F40-B3E8-779510B14776} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-OK9FV4M-Tanju => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {CF9C51FF-4B1D-4AF8-8AC5-43F25A780364} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {D7119D9F-2681-4DC5-9998-548B8C502DE2} - System32\Tasks\PCDoctorBackgroundMonitorTask-Retry => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2017-04-18] (PC-Doctor, Inc.)
Task: {D9CBE665-F4DF-4F00-9456-AC6288E9C883} - System32\Tasks\Opera_helper => C:\Users\tanju\AppData\Roaming\OPERA_~1\OPERA_~1.EXE 
Task: {D9F6EC66-0CF7-479E-B87D-4724BE7E5C18} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe [2015-08-18] (CyberLink)
Task: {DF0DC7A9-946F-45EA-986B-7223E0D61B56} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe 
Task: {E1732887-BDDA-43CA-9AAA-C36A7985BBAD} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2017-04-18] (PC-Doctor, Inc.)
Task: {EE994022-80AA-4208-A28A-B14C9CD3C852} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-01-29] (Microsoft Corporation)
Task: {EF6286AB-2A65-4206-A41B-C4D9AAF6C68C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {EFAAE102-2D9C-44FD-A02B-1BC23836FB3C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-22] (Google Inc.)
Task: {F1075986-D787-4080-9EA2-C5A86AF6295F} - System32\Tasks\Opera scheduled Autoupdate 1478835914 => C:\Program Files (x86)\Opera\launcher.exe [2017-02-27] (Opera Software)
Task: {F36028E0-3026-40A5-BC45-526558248EE0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {F6CE60C0-2358-4E7A-9F61-F809873C92CA} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {F7304C9D-90AC-4AF8-B9A7-074E740B8F28} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2016-09-21] ()
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\Opera_helper.job => 
Task: C:\WINDOWS\Tasks\RunDLC.job => cmd /c sc start Dell Help Support WORKGROUP DESKTOP OK9FV4M
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-01-13 14:56 - 2017-01-13 14:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 14:56 - 2017-01-13 14:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-02-21 21:15 - 2017-01-18 09:44 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2016-07-19 00:19 - 2014-04-14 21:59 - 00253776 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2016-07-16 07:42 - 2016-07-16 07:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-14 14:20 - 2016-12-09 06:29 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-12-14 14:20 - 2016-12-09 06:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-19 00:37 - 2016-11-04 09:05 - 00384496 _____ () C:\WINDOWS\system32\igfxTray.exe
2016-12-14 14:20 - 2016-12-09 06:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-10-25 09:57 - 2016-10-25 09:57 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-10-02 02:41 - 2016-10-02 02:41 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-12-14 14:22 - 2016-12-09 05:41 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-12-14 14:22 - 2016-12-09 05:40 - 00693248 _____ () C:\Windows\ShellExperiences\MtcUvc.dll
2016-11-08 20:45 - 2016-11-02 06:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-10-25 09:57 - 2016-10-25 09:57 - 31723696 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2016-12-14 15:29 - 2016-12-14 15:33 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-12-14 15:29 - 2016-12-14 15:33 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-12-14 15:29 - 2016-12-14 15:33 - 42130432 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-12-14 15:29 - 2016-12-14 15:33 - 02216448 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\roottools.dll
2016-11-08 20:45 - 2016-11-02 06:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-08 20:45 - 2016-11-02 06:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-08 20:45 - 2016-11-02 06:15 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-11-08 20:45 - 2016-11-02 06:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-08 20:45 - 2016-11-02 06:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-12-21 11:24 - 2016-12-21 11:24 - 00134008 _____ () C:\Program Files (x86)\Dell Customer Connect\ServiceTagPlusPlus.dll
2015-10-16 09:14 - 2015-10-16 09:14 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2017-03-05 14:56 - 2016-10-08 17:48 - 01506304 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2017-03-05 14:56 - 2016-07-21 11:54 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2017-03-14 08:31 - 2017-03-14 08:31 - 52051544 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2016-07-19 00:17 - 2014-12-08 03:28 - 00627672 _____ () C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMediaLibrary.dll
2014-12-08 18:28 - 2014-12-08 18:28 - 00016856 _____ () C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvcPS.dll
2017-02-02 19:50 - 2017-02-02 19:50 - 08930504 _____ () C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-01-25 20:07 - 2017-01-25 20:07 - 00118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2017-01-25 20:07 - 2017-01-25 20:07 - 00214528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2017-01-25 20:06 - 2017-01-25 20:06 - 00117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2017-01-25 20:07 - 2017-01-25 20:07 - 00125952 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2017-03-14 08:35 - 2017-03-14 08:35 - 00099416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2017-01-25 20:07 - 2017-01-25 20:07 - 00086528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2017-02-23 18:13 - 2017-02-23 18:13 - 00118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\fs-ext\build\Release\fs-ext.node
2017-02-23 18:13 - 2017-02-23 18:13 - 00117760 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ref\build\Release\binding.node
2017-02-23 18:13 - 2017-02-23 18:13 - 00125440 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ffi\build\Release\ffi_bindings.node
2017-02-23 18:13 - 2017-02-23 18:13 - 00214528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2017-03-14 08:29 - 2017-03-14 08:29 - 00099416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2017-02-23 18:13 - 2017-02-23 18:13 - 00098816 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\bufferutil\build\Release\bufferutil.node
2017-02-23 18:13 - 2017-02-23 18:13 - 00086528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\idle-gc\build\Release\idle-gc.node
2017-03-01 14:45 - 2017-03-01 14:44 - 39821912 _____ () C:\Program Files (x86)\Opera\43.0.2442.1144\opera_browser.dll
2017-03-01 14:45 - 2017-03-01 14:45 - 45842008 _____ () C:\Program Files (x86)\Opera\43.0.2442.1144\opera_child.dll
2017-03-01 14:45 - 2017-03-01 14:44 - 01930328 _____ () C:\Program Files (x86)\Opera\43.0.2442.1144\libglesv2.dll
2017-03-01 14:45 - 2017-03-01 14:44 - 00087640 _____ () C:\Program Files (x86)\Opera\43.0.2442.1144\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-30 03:24 - 2017-02-21 21:28 - 00000836 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1799275446-980760912-607601007-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\tanju\Desktop\Free-Images-Dell-Wallpapers-HD.jpg
DNS Servers: 209.18.47.62 - 209.18.47.61
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{22BBD3DF-BBD2-4DC2-8BEA-2BB5D14A527E}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{AA0E0D0C-63B4-475E-8DE1-40E49CAFD43D}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{A9389CC0-0809-486B-8C0D-517DD0A36C17}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDirector12\PDR10.EXE
FirewallRules: [{F6544EA2-34CF-4FD5-B5D1-27E52852DEFC}] => (Allow) C:\Users\tanju\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{EB323CDC-879C-4155-9470-84D2A790C523}] => (Allow) C:\Users\tanju\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D4BD116F-BC1E-4D2E-A80D-65AB1AF4FDB1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{56C8B30B-10CD-4FA0-A381-E1971EC14E86}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5F22B645-10A8-4BDF-80F7-8756838A7FD5}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{133C8598-2C3A-488B-BFA3-626C59B7E6BA}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{C3876C5C-AF7E-4086-BD51-75F1B58EF50A}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{65D53841-B011-41BC-B74F-27AC81A3F2E9}] => (Allow) LPort=1688
FirewallRules: [{2C1B7D54-D6EA-4C65-A7DF-3592852FE668}] => (Allow) C:\Program Files (x86)\Opera\43.0.2442.991\opera.exe
FirewallRules: [{A25D1E24-37EF-454E-BD8F-C9A8BC252F7D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{620F0DCB-C4A0-4CE7-92F2-77919B4094BC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{44C76B94-F443-4221-BFF9-84B0A96AEEC7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{15195DA3-0E32-4D98-A985-CDC269D52B8D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DC12B45D-16AC-47C1-B6F2-4824B32346AD}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{5C5CA892-EC84-4E79-B349-E6809F489EE2}] => (Allow) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
FirewallRules: [TCP Query User{DA6D6C04-24BC-4735-8D4E-34465EB0948C}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Block) C:\program files (x86)\paltalk messenger\paltalk.exe
FirewallRules: [UDP Query User{D0F64103-166D-4604-8264-A22C4277B16F}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Block) C:\program files (x86)\paltalk messenger\paltalk.exe
FirewallRules: [{A1DD6622-1711-46DC-98D6-3CFD0E854E89}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{0D19C087-7C7B-4750-A05F-EAAF2F575811}C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe
FirewallRules: [UDP Query User{B241CC26-427E-47F0-A589-72AE0B596969}C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe
FirewallRules: [{F4F9000C-BDEE-481F-A1A0-44F229DC439A}] => (Block) C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe
FirewallRules: [{8BD6E9E9-B10C-4706-A9AB-974E115D13F0}] => (Block) C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe
 
==================== Restore Points =========================
 
26-03-2017 19:14:58 Scheduled Checkpoint
21-04-2017 17:38:23 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/28/2017 10:42:57 PM) (Source: Dell System Detect) (EventID: 0) (User: )
Description: <Exception><Type>System.Xml.XmlException</Type><Message><![CDATA[The '/' character, hexadecimal value 0x2F, cannot be included in a name.]]></Message><Source><![CDATA[System.Xml]]></Source><StackTrace><![CDATA[   at System.Xml.XmlDocument.CheckName(String name)
   at System.Xml.XmlElement..ctor(XmlName name, Boolean empty, XmlDocument doc)
   at System.Xml.XmlDocument.CreateElement(String prefix, String localName, String namespaceURI)
   at System.Xml.XmlDocument.CreateElement(String name)
   at eSupport.Common.Client.Core.LastUpdatedHelper.SetLastUpdatedValue(String type, String value)]]></StackTrace><SysInfo STag="9M4CLC2" SMBIOSMajVer="2" SMBIOSMinVer="8" SMBIOSBIOSVer="1.2.0" SMBIOSPresent="True" Rel_Date="20160520000000.000000+000" DSDVersion="" Vendor="Dell Inc." PName="Inspiron 5559" Ident_Num="DESKTOP-OK9FV4M" TimeZone="(UTC-05:00) Eastern Time (US & Canada)" OSName="Microsoft Windows 10 Home"/><Method>UpdateLastUpdatedConfig</Method><HostIP>192.168.0.5</HostIP></Exception>
 
Error: (04/28/2017 10:42:57 PM) (Source: Dell System Detect) (EventID: 0) (User: )
Description: <Exception><Type>System.Xml.XmlException</Type><Message><![CDATA[The '/' character, hexadecimal value 0x2F, cannot be included in a name.]]></Message><Source><![CDATA[System.Xml]]></Source><StackTrace><![CDATA[   at System.Xml.XmlDocument.CheckName(String name)
   at System.Xml.XmlElement..ctor(XmlName name, Boolean empty, XmlDocument doc)
   at System.Xml.XmlDocument.CreateElement(String prefix, String localName, String namespaceURI)
   at System.Xml.XmlDocument.CreateElement(String name)
   at eSupport.Common.Client.Core.LastUpdatedHelper.SetLastUpdatedValue(String type, String value)]]></StackTrace><SysInfo STag="9M4CLC2" SMBIOSMajVer="2" SMBIOSMinVer="8" SMBIOSBIOSVer="1.2.0" SMBIOSPresent="True" Rel_Date="20160520000000.000000+000" DSDVersion="" Vendor="Dell Inc." PName="Inspiron 5559" Ident_Num="DESKTOP-OK9FV4M" TimeZone="(UTC-05:00) Eastern Time (US & Canada)" OSName="Microsoft Windows 10 Home"/><Method>UpdateLastUpdatedConfig</Method><HostIP>192.168.0.5</HostIP></Exception>
 
Error: (04/28/2017 01:47:29 PM) (Source: Dell System Detect) (EventID: 0) (User: )
Description: <Exception><Type>System.Xml.XmlException</Type><Message><![CDATA[The '/' character, hexadecimal value 0x2F, cannot be included in a name.]]></Message><Source><![CDATA[System.Xml]]></Source><StackTrace><![CDATA[   at System.Xml.XmlDocument.CheckName(String name)
   at System.Xml.XmlElement..ctor(XmlName name, Boolean empty, XmlDocument doc)
   at System.Xml.XmlDocument.CreateElement(String prefix, String localName, String namespaceURI)
   at System.Xml.XmlDocument.CreateElement(String name)
   at eSupport.Common.Client.Core.LastUpdatedHelper.SetLastUpdatedValue(String type, String value)]]></StackTrace><SysInfo STag="9M4CLC2" SMBIOSMajVer="2" SMBIOSMinVer="8" SMBIOSBIOSVer="1.2.0" SMBIOSPresent="True" Rel_Date="20160520000000.000000+000" DSDVersion="" Vendor="Dell Inc." PName="Inspiron 5559" Ident_Num="DESKTOP-OK9FV4M" TimeZone="(UTC-05:00) Eastern Time (US & Canada)" OSName="Microsoft Windows 10 Home"/><Method>UpdateLastUpdatedConfig</Method><HostIP>192.168.0.5</HostIP></Exception>
 
Error: (04/28/2017 01:47:28 PM) (Source: Dell System Detect) (EventID: 0) (User: )
Description: <Exception><Type>System.Xml.XmlException</Type><Message><![CDATA[The '/' character, hexadecimal value 0x2F, cannot be included in a name.]]></Message><Source><![CDATA[System.Xml]]></Source><StackTrace><![CDATA[   at System.Xml.XmlDocument.CheckName(String name)
   at System.Xml.XmlElement..ctor(XmlName name, Boolean empty, XmlDocument doc)
   at System.Xml.XmlDocument.CreateElement(String prefix, String localName, String namespaceURI)
   at System.Xml.XmlDocument.CreateElement(String name)
   at eSupport.Common.Client.Core.LastUpdatedHelper.SetLastUpdatedValue(String type, String value)]]></StackTrace><SysInfo STag="9M4CLC2" SMBIOSMajVer="2" SMBIOSMinVer="8" SMBIOSBIOSVer="1.2.0" SMBIOSPresent="True" Rel_Date="20160520000000.000000+000" DSDVersion="" Vendor="Dell Inc." PName="Inspiron 5559" Ident_Num="DESKTOP-OK9FV4M" TimeZone="(UTC-05:00) Eastern Time (US & Canada)" OSName="Microsoft Windows 10 Home"/><Method>UpdateLastUpdatedConfig</Method><HostIP>192.168.0.5</HostIP></Exception>
 
Error: (04/28/2017 01:46:26 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-OK9FV4M)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (04/28/2017 01:46:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-OK9FV4M)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (04/27/2017 03:29:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname DESKTOP-OK9FV4M.local already in use; will try DESKTOP-OK9FV4M-2.local instead
 
Error: (04/27/2017 03:29:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 0; will deregister   16 DESKTOP-OK9FV4M.local. AAAA FE80:0000:0000:0000:3C87:A087:C80D:80EB
 
Error: (04/27/2017 03:29:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from FE80:0000:0000:0000:3C87:A087:C80D:80EB:5353    4 DESKTOP-OK9FV4M.local. Addr 192.168.0.5
 
Error: (04/27/2017 12:14:42 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: Recovery phase failed.
 
Context:  Application, SystemIndex Catalog
 
Details:
The gatherer is shutting down.  (HRESULT : 0x80040d23) (0x80040d23)
 
 
System errors:
=============
Error: (04/28/2017 04:02:47 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/28/2017 01:46:18 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-OK9FV4M)
Description: The server App.AppXwdz8g2fxr36xz0tdtagygnvemf85s7gg.mca did not register with DCOM within the required timeout.
 
Error: (04/27/2017 05:09:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/27/2017 12:29:32 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/26/2017 08:38:20 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/26/2017 10:16:41 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/26/2017 07:01:41 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/26/2017 07:01:41 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/26/2017 07:01:38 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/26/2017 12:04:38 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-6100U CPU @ 2.30GHz
Percentage of memory in use: 53%
Total physical RAM: 6035.98 MB
Available physical RAM: 2832.39 MB
Total Virtual: 9381.11 MB
Available Virtual: 5499.92 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:915.34 GB) (Free:859.55 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: A21B2E38)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#13 Badrobo125

Badrobo125
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 28 April 2017 - 10:26 PM

CKSCANNER:

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad

scanner sequence 3.RP.11.QQNAOZ
 ----- EOF ----- 


#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,640 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:52 AM

Posted 29 April 2017 - 09:32 AM

Since we only deal with one computer per topic it will be necessary for you start a new topic.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,640 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:52 AM

Posted 01 May 2017 - 12:35 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users