Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

pup.optional.conduit and probably some other things that I can't figure out...


  • This topic is locked This topic is locked
12 replies to this topic

#1 k_k

k_k

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 24 April 2017 - 03:04 AM

Hello,

 

I hope everyone is well.

 

So, I'm pretty sure I have some nasty stuff on my computer. It has been acting a bit odd lately. For example, Norton 360 wouldn't start when I started my computer today, Malwarebytes found the pup.optional.conduit, I keep finding .ini files in random places, even after stopping Onedrive and Cyberlink in Startup and msconfig, they still load at start-up.

 

I keep getting a BSOD, I can't remember exactly what it says but it something like - Windows needs to restart, we need to check something and restart for you. The check gets to 100% and then doesn't restart. It also says something like 'If you contact a Microsoft Help Advisor quote - Error: Security Check Failure '. Like I said, I don't remember what it says exactly. It happens quite often. 

 

 

Any advice would be sorely appreciated. 

 

Cheers

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-04-2017 01
Ran by 51 (administrator) on 51-PC (24-04-2017 12:33:53)
Running from C:\Users\51\Desktop
Loaded Profiles: 51 &  (Available Profiles: 51)
Platform: Windows 10 Pro Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\System32\SecurityHealthService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Sapphire Technology Limited) C:\Program Files (x86)\Sapphire TRIXX\TRIXX.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(HandBrake Team) C:\Program Files\HandBrake\HandBrake.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.9.1.12\n360.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.9.1.12\n360.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files (x86)\VPNetwork LLC\TorGuard\TorGuardDesktopQt.exe
(The OpenVPN Project) C:\Program Files (x86)\VPNetwork LLC\TorGuard\openvpn.exe
(Azureus Software, Inc) C:\Program Files\Vuze\Azureus.exe
(Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-19] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9181696 2016-12-09] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [ControlCenterCount] => C:\Program Files (x86)\MSI\ControlCenter\ControlCenterCount.exe [872448 2012-03-27] (MSI CO.,LTD.)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM-x32\...\Run: [CLMLServer_For_P2G10] => C:\Program Files (x86)\CyberLink\Power2Go10\CLMLSvc_P2G10.exe [110344 2014-12-29] (CyberLink)
HKLM-x32\...\Run: [PowerDVD16Agent] => C:\Program Files (x86)\CyberLink\PowerDVD16\PowerDVD16Agent.exe [516296 2016-03-31] (CyberLink Corp.)
HKU\S-1-5-21-2367461741-209785116-119980550-1000\...\Run: [Power2GoExpress10] => [X]
HKU\S-1-5-21-2367461741-209785116-119980550-1000\...\RunOnce: [Uninstall 17.3.6816.0313\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\51\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\amd64"
HKU\S-1-5-21-2367461741-209785116-119980550-1000\...\RunOnce: [Uninstall 17.3.6816.0313] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\51\AppData\Local\Microsoft\OneDrive\17.3.6816.0313"
HKU\S-1-5-21-2367461741-209785116-119980550-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Power2GoExpress10] => [X]
HKU\S-1-5-21-2367461741-209785116-119980550-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Uninstall 17.3.6816.0313\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\51\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\amd64"
HKU\S-1-5-21-2367461741-209785116-119980550-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Uninstall 17.3.6816.0313] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\51\AppData\Local\Microsoft\OneDrive\17.3.6816.0313"
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine\22.9.1.12\buShell.dll [2017-03-17] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine\22.9.1.12\buShell.dll [2017-03-17] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine\22.9.1.12\buShell.dll [2017-03-17] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine32\22.9.1.12\buShell.dll [2017-03-17] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine32\22.9.1.12\buShell.dll [2017-03-17] (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine32\22.9.1.12\buShell.dll [2017-03-17] (Symantec Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\..\Interfaces\{350ed8dc-947a-4427-a745-414315efed97}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{350ed8dc-947a-4427-a745-414315efed97}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{c34dbfca-15dc-43cc-8c59-9219d532900d}: [NameServer] 10.9.0.1,10.8.0.1
Internet Explorer:
==================
HKU\S-1-5-21-2367461741-209785116-119980550-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-2367461741-209785116-119980550-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.com.au/
HKU\S-1-5-21-2367461741-209785116-119980550-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-2367461741-209785116-119980550-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.com.au/
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-03-06] (Microsoft Corporation)
BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.9.1.12\coIEPlg.dll [2017-03-17] (Symantec Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-03-06] (Microsoft Corporation)
BHO-x32: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine32\22.9.1.12\coIEPlg.dll [2017-03-17] (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.9.1.12\coIEPlg.dll [2017-03-17] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine32\22.9.1.12\coIEPlg.dll [2017-03-17] (Symantec Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-06] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-06] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-06] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-06] (Microsoft Corporation)
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.5.15\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.5.15\coFFAddon [2017-03-31]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.5.15\coFFAddon
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-03-06] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-07] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\51\AppData\Local\Google\Chrome\User Data\Default [2017-04-24]
CHR Extension: (Google Docs) - C:\Users\51\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-06]
CHR Extension: (Google Drive) - C:\Users\51\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-06]
CHR Extension: (YouTube) - C:\Users\51\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-06]
CHR Extension: (Norton Security Toolbar) - C:\Users\51\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2017-03-06]
CHR Extension: (H.265 / HEVC player) - C:\Users\51\AppData\Local\Google\Chrome\User Data\Default\Extensions\dambgipgbnhmnkdolkljibpcbocimnpd [2017-03-25]
CHR Extension: (Google Docs Offline) - C:\Users\51\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-06]
CHR Extension: (Norton Identity Safe) - C:\Users\51\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2017-03-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\51\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\51\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-06]
CHR Extension: (Chrome Media Router) - C:\Users\51\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-04]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.9.1.12\Exts\Chrome.crx [2017-03-25]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.9.1.12\Exts\Chrome.crx [2017-03-25]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3737792 2017-03-26] (Microsoft Corporation)
S4 ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-31] (Intel Corporation) [File not signed]
S4 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-28] (Intel® Corporation) [File not signed]
S4 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-28] (Intel® Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\22.9.1.12\N360.exe [326152 2017-03-16] (Symantec Corporation)
S4 PAExec; C:\WINDOWS\PAExec.exe [189112 2017-04-21] (Power Admin LLC)
S4 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [614664 2014-10-20] (CyberLink)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-19] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-19] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-19] (Microsoft Corporation)
S3 wlpasvc; C:\WINDOWS\System32\lpasvc.dll [1295360 2017-03-19] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc.)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0313248.inf_amd64_aad49543f8f714a1\atikmdag.sys [36556696 2017-04-15] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0313248.inf_amd64_aad49543f8f714a1\atikmpag.sys [528792 2017-04-15] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [110088 2017-03-31] (Advanced Micro Devices)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.5.5.15\Definitions\BASHDefs\20170417.001\BHDrvx64.sys [1831064 2017-04-06] (Symantec Corporation)
R1 ccSet_N360; C:\WINDOWS\system32\drivers\N360x64\1609010.00C\ccSetx64.sys [174240 2017-02-20] (Symantec Corporation)
R3 CLVirtualBus01; C:\WINDOWS\System32\drivers\CLVirtualBus01.sys [103176 2014-11-05] (CyberLink)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497312 2017-01-06] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156824 2017-01-06] (Symantec Corporation)
S3 iaLPSS2i_GPIO2_BXT_P; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [85504 2017-03-19] (Intel Corporation)
S3 iaLPSS2i_I2C_BXT_P; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [168448 2017-03-19] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.5.5.15\Definitions\IPSDefs\20170421.003\IDSvia64.sys [1038024 2017-04-17] (Symantec Corporation)
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [47008 2013-07-31] ()
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [109272 2017-03-07] (Malwarebytes)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2017-04-24] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
S3 NTIOLib_MSISMB_CC; C:\Program Files (x86)\MSI\ControlCenter\Sleep\NTIOLib_X64.sys [13368 2012-11-09] (MSI)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-19] (Realtek                                            )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-19] ()
R1 SRTSP; C:\WINDOWS\System32\Drivers\N360x64\1609010.00C\SRTSP64.SYS [770200 2017-03-17] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\N360x64\1609010.00C\SRTSPX64.SYS [49312 2017-03-17] (Symantec Corporation)
R0 SymEFASI; C:\WINDOWS\System32\drivers\N360x64\1609010.00C\SYMEFASI64.SYS [1716896 2017-02-20] (Symantec Corporation)
S4 SymELAM; C:\WINDOWS\system32\drivers\N360x64\1609010.00C\SymELAM.sys [24616 2017-02-20] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [102608 2017-03-09] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\N360x64\1609010.00C\Ironx64.SYS [291480 2017-02-20] (Symantec Corporation)
R1 SymNetS; C:\WINDOWS\System32\Drivers\N360x64\1609010.00C\SYMNETS.SYS [567512 2017-02-20] (Symantec Corporation)
R3 TRIXX; C:\Users\51\AppData\Local\Temp\TRIXX.sys [27008 2017-04-24] () <==== ATTENTION
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-19] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-19] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-19] (Microsoft Corporation)
S3 WinRing0_1_2_0; D:\Downloads\RealTemp_370\WinRing0x64.sys [14544 2016-07-13] (OpenLibSys.org)
R3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49896 2016-07-23] (Microsoft Corporation)
R2 {41E8078B-96D9-42DC-8789-A1CF102CD880}; C:\Program Files (x86)\CyberLink\PowerDVD16\Common\NavFilter\000.fcl [29624 2016-03-28] (CyberLink Corp.)
U3 idsvc; no ImagePath
S3 NAVENG; \??\C:\Program Files (x86)\Norton 360\NortonData\22.5.5.15\Definitions\SDSDefs\20170413.019\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton 360\NortonData\22.5.5.15\Definitions\SDSDefs\20170413.019\NAVEX15.SYS [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
NETSVCx32: TokenBroker -> C:\Windows\SysWOW64\TokenBroker.dll (Microsoft Corporation)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-24 12:33 - 2017-04-24 12:34 - 00020366 _____ C:\Users\51\Desktop\FRST.txt
2017-04-24 12:33 - 2017-04-24 12:33 - 00000000 ____D C:\FRST
2017-04-24 12:31 - 2017-04-24 12:31 - 02426368 _____ (Farbar) C:\Users\51\Desktop\frst64.exe
2017-04-24 10:34 - 2017-04-24 10:34 - 00000000 ____D C:\Users\Public\Documents\CyberLink
2017-04-24 10:30 - 2017-04-24 10:30 - 00003278 _____ C:\WINDOWS\system32\adorage-protocol.txt
2017-04-24 10:18 - 2017-04-24 10:18 - 03422432 _____ (Symantec Corporation) C:\Users\51\Downloads\NPE.exe
2017-04-24 10:15 - 2017-04-24 10:15 - 00000000 ____D C:\Users\51\AppData\Roaming\DivX
2017-04-24 09:40 - 2017-04-24 12:34 - 2602640297 _____ C:\Users\51\Desktop\Planet Earth II - Deserts 4K (4).mp4
2017-04-24 02:15 - 2017-04-24 05:35 - 3223384158 _____ C:\Users\51\Desktop\Planet Earth II - Deserts 4K (3).mp4
2017-04-23 21:10 - 2017-04-23 22:49 - 1898957885 _____ C:\Users\51\Desktop\Planet Earth II - Deserts 4K (2).mp4
2017-04-23 15:08 - 2017-04-23 19:46 - 1681936725 _____ C:\Users\51\Desktop\Planet Earth II - Deserts 4K (1).mp4
2017-04-22 15:02 - 2017-04-22 15:02 - 00000000 ____D C:\Users\51\AppData\Local\Power2Go10
2017-04-22 10:47 - 2017-04-24 09:40 - 00000000 ____D C:\Users\51\AppData\Roaming\HandBrake
2017-04-22 10:47 - 2017-04-22 10:47 - 00000000 ____D C:\Users\51\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HandBrake
2017-04-22 10:47 - 2017-04-22 10:47 - 00000000 ____D C:\Users\51\AppData\Roaming\HandBrake Team
2017-04-22 10:47 - 2017-04-22 10:47 - 00000000 ____D C:\Program Files\HandBrake
2017-04-22 10:46 - 2017-04-22 10:47 - 10468271 _____ C:\Users\51\Downloads\HandBrake-1.0.7-x86_64-Win_GUI.exe
2017-04-22 10:43 - 2017-04-24 10:15 - 00000000 ____D C:\Users\51\Documents\CyberLink
2017-04-22 10:38 - 2017-04-21 10:58 - 2231422829 _____ C:\Users\51\Desktop\Planet Earth II S01E04 Deserts 2160p UHD BluRay HEVC HDR 360° DTSHD5.1-DDR.mkv
2017-04-22 10:35 - 2017-04-24 10:15 - 00000000 ____D C:\Users\Public\CyberLink
2017-04-22 10:34 - 2017-04-22 10:34 - 00000000 ____D C:\ProgramData\install_backup
2017-04-22 10:32 - 2017-04-22 10:32 - 00002137 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PhotoDirector 7 (64-bit).lnk
2017-04-22 10:30 - 2017-04-22 10:30 - 00002369 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD.lnk
2017-04-22 10:30 - 2017-04-22 10:30 - 00000000 ____D C:\ProgramData\PDVD
2017-04-22 10:28 - 2017-04-24 10:29 - 00000000 ____D C:\ProgramData\SmartSound Software Inc
2017-04-22 10:28 - 2017-04-22 10:28 - 00000000 ____D C:\Users\51\AppData\Roaming\proDAD
2017-04-22 10:28 - 2017-04-22 10:28 - 00000000 ____D C:\Users\51\AppData\LocalLow\Apple Computer
2017-04-22 10:28 - 2017-04-22 10:28 - 00000000 ____D C:\ProgramData\eSellerate
2017-04-22 10:28 - 2015-08-21 01:55 - 00607256 _____ (proDAD GmbH) C:\WINDOWS\system32\prodad-codec.dll
2017-04-22 10:27 - 2017-04-22 10:27 - 00000000 ____D C:\ProgramData\proDAD
2017-04-22 10:27 - 2017-04-22 10:27 - 00000000 ____D C:\Program Files\proDAD
2017-04-22 10:27 - 2015-08-21 01:55 - 00376344 _____ (proDAD GmbH) C:\WINDOWS\system32\proDAD-PA-Support.dll
2017-04-22 10:26 - 2017-04-22 10:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewBlue
2017-04-22 10:26 - 2017-04-22 10:27 - 00000000 ____D C:\Program Files\NewBlue
2017-04-22 10:26 - 2017-04-22 10:27 - 00000000 ____D C:\Program Files (x86)\NewBlue
2017-04-22 10:26 - 2017-04-22 10:26 - 00002148 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Screen Recorder.lnk
2017-04-22 10:26 - 2017-04-22 10:26 - 00002065 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector 14 (64-bit).lnk
2017-04-22 10:26 - 2017-04-22 10:26 - 00000000 ____D C:\Program Files\Common Files\NewBlue
2017-04-22 10:25 - 2017-04-22 10:31 - 00000000 ____D C:\Program Files\CyberLink
2017-04-22 10:23 - 2014-11-05 14:21 - 00103176 _____ (CyberLink) C:\WINDOWS\system32\Drivers\CLVirtualBus01.sys
2017-04-22 10:23 - 2012-11-01 13:00 - 01795952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01011.dll
2017-04-22 10:22 - 2017-04-22 10:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
2017-04-22 10:22 - 2017-04-22 10:22 - 00000000 ____D C:\Program Files\DivX
2017-04-22 10:21 - 2017-04-22 10:34 - 00000000 ____D C:\Program Files (x86)\NSIS Uninstall Information
2017-04-22 10:21 - 2017-04-22 10:23 - 00000000 ____D C:\ProgramData\DivX
2017-04-22 10:21 - 2017-04-22 10:23 - 00000000 ____D C:\Program Files (x86)\DivX
2017-04-22 10:21 - 2017-04-22 10:21 - 00003282 _____ C:\WINDOWS\System32\Tasks\DeviceDetector7.5
2017-04-22 10:20 - 2017-04-24 10:14 - 00000000 ____D C:\Users\51\AppData\Roaming\CyberLink
2017-04-22 10:20 - 2017-04-24 10:14 - 00000000 ____D C:\Users\51\AppData\Local\CyberLink
2017-04-22 10:20 - 2017-04-22 10:34 - 00000000 ____D C:\ProgramData\SUPPORTDIR
2017-04-22 10:19 - 2017-04-22 10:34 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Media Suite
2017-04-22 10:19 - 2017-04-22 10:34 - 00000000 ____D C:\ProgramData\install_clap
2017-04-22 10:19 - 2017-04-22 10:34 - 00000000 ____D C:\Program Files (x86)\CyberLink
2017-04-22 10:19 - 2017-04-22 10:19 - 00000000 ____D C:\ProgramData\CLSK
2017-04-22 10:18 - 2017-04-24 10:43 - 00000000 ____D C:\ProgramData\CyberLink
2017-04-22 10:18 - 2017-04-22 10:33 - 00000000 ____D C:\ProgramData\Temp
2017-04-22 10:16 - 2017-04-22 10:17 - 00000000 ____D C:\Program Files\CyberLink Media Suite 14 Ultra 14.0.0819.0 Multilingual Pre-Activated [SadeemPC]
2017-04-21 23:44 - 2017-04-21 23:44 - 00000000 ____D C:\Users\51\AppData\LocalLow\AMD
2017-04-21 23:44 - 2017-04-21 23:44 - 00000000 ____D C:\Users\51\AppData\Local\AMD
2017-04-21 23:42 - 2017-04-21 23:42 - 00003160 _____ C:\WINDOWS\System32\Tasks\StartCN
2017-04-21 23:42 - 2017-04-21 23:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2017-04-21 23:42 - 2017-04-21 23:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Problem Report Wizard
2017-04-21 23:42 - 2017-04-21 23:42 - 00000000 ____D C:\Program Files (x86)\AMD
2017-04-21 23:41 - 2017-04-21 23:41 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-04-21 23:41 - 2017-04-21 23:41 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2017-04-21 23:40 - 2017-04-21 23:42 - 00000000 ____D C:\Program Files\AMD
2017-04-21 23:39 - 2017-04-21 23:40 - 00000000 ____D C:\AMD
2017-04-21 23:05 - 2017-04-21 23:38 - 539144384 _____ (AMD Inc.) C:\Users\51\Downloads\whql-win10-64bit-radeon-software-crimson-relive-17.4.3-apr17.exe
2017-04-21 22:51 - 2017-04-21 22:52 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-04-21 22:37 - 2017-01-28 03:05 - 00103936 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-04-21 22:37 - 2017-01-28 03:04 - 00326656 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-04-21 22:37 - 2017-01-28 03:02 - 00118272 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-04-21 22:37 - 2017-01-28 03:01 - 00322560 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-04-21 19:05 - 2017-04-21 22:50 - 00003630 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2017-04-21 19:05 - 2017-04-21 19:04 - 00189112 _____ (Power Admin LLC) C:\WINDOWS\PAExec.exe
2017-04-21 19:04 - 2017-04-21 22:53 - 00000000 ____D C:\Users\51\Downloads\DDU Logs
2017-04-21 19:04 - 2017-04-21 19:04 - 00000000 ____D C:\Users\51\Downloads\x64
2017-04-21 19:02 - 2017-04-21 22:53 - 00000000 ____D C:\Users\51\Downloads\settings
2017-04-21 19:02 - 2017-04-15 18:11 - 01487872 _____ C:\Users\51\Downloads\Display Driver Uninstaller.exe
2017-04-21 19:02 - 2017-04-15 18:11 - 00589312 _____ C:\Users\51\Downloads\Display Driver Uninstaller.pdb
2017-04-21 19:02 - 2015-09-06 16:26 - 00000224 _____ C:\Users\51\Downloads\Display Driver Uninstaller.exe.config
2017-04-21 19:00 - 2017-04-21 19:00 - 01157634 _____ (Igor Pavlov) C:\Users\51\Downloads\DDU v17.0.6.3.exe
2017-04-16 13:27 - 2017-04-16 13:27 - 00597068 _____ C:\WINDOWS\Minidump\041617-6953-01.dmp
2017-04-15 00:33 - 2017-04-15 00:33 - 00924568 _____ (AMD) C:\WINDOWS\system32\coinst_17.10.dll
2017-04-15 00:33 - 2017-04-15 00:33 - 00551832 _____ C:\WINDOWS\system32\dgtrayicon.exe
2017-04-15 00:33 - 2017-04-15 00:33 - 00531352 _____ C:\WINDOWS\system32\GameManager64.dll
2017-04-15 00:33 - 2017-04-15 00:33 - 00365464 _____ C:\WINDOWS\SysWOW64\GameManager32.dll
2017-04-15 00:33 - 2017-04-15 00:33 - 00278424 _____ C:\WINDOWS\system32\clinfo.exe
2017-04-15 00:33 - 2017-04-15 00:33 - 00276376 _____ C:\WINDOWS\system32\hsa-thunk64.dll
2017-04-15 00:33 - 2017-04-15 00:33 - 00242072 _____ C:\WINDOWS\SysWOW64\hsa-thunk.dll
2017-04-15 00:33 - 2017-04-15 00:33 - 00191384 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantle64.dll
2017-04-15 00:33 - 2017-04-15 00:33 - 00169880 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantleaxl64.dll
2017-04-15 00:33 - 2017-04-15 00:33 - 00167832 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll
2017-04-15 00:33 - 2017-04-15 00:33 - 00150936 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantle32.dll
2017-04-15 00:33 - 2017-04-15 00:33 - 00135064 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantleaxl32.dll
2017-04-15 00:33 - 2017-04-15 00:33 - 00133528 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll
2017-04-15 00:33 - 2017-04-15 00:33 - 00044952 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\RapidFireServer64.dll
2017-04-15 00:33 - 2017-04-15 00:33 - 00042392 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\RapidFireServer.dll
2017-04-15 00:33 - 2017-04-15 00:33 - 00029080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\detoured.dll
2017-04-15 00:33 - 2017-04-15 00:33 - 00029080 _____ (Microsoft Corporation) C:\WINDOWS\system32\detoured.dll
2017-04-15 00:32 - 2017-04-15 00:32 - 01516440 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll
2017-04-15 00:32 - 2017-04-15 00:32 - 01040792 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll
2017-04-15 00:32 - 2017-04-15 00:32 - 01040792 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll
2017-04-15 00:32 - 2017-04-15 00:32 - 00777112 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe
2017-04-15 00:32 - 2017-04-15 00:32 - 00551832 _____ (AMD) C:\WINDOWS\system32\atiesrxx.exe
2017-04-15 00:32 - 2017-04-15 00:32 - 00483736 _____ C:\WINDOWS\system32\atieah64.exe
2017-04-15 00:32 - 2017-04-15 00:32 - 00467352 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll
2017-04-15 00:32 - 2017-04-15 00:32 - 00411032 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiapfxx.exe
2017-04-15 00:32 - 2017-04-15 00:32 - 00334232 _____ C:\WINDOWS\SysWOW64\atieah32.exe
2017-04-15 00:32 - 2017-04-15 00:32 - 00245144 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll
2017-04-15 00:32 - 2017-04-15 00:32 - 00203672 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll
2017-04-15 00:32 - 2017-04-15 00:32 - 00156720 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll
2017-04-15 00:32 - 2017-04-15 00:32 - 00148456 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll
2017-04-15 00:32 - 2017-04-15 00:32 - 00122776 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll
2017-04-15 00:32 - 2017-04-15 00:32 - 00115096 _____ C:\WINDOWS\system32\atidxx64.dll
2017-04-15 00:32 - 2017-04-15 00:32 - 00101784 _____ C:\WINDOWS\SysWOW64\atidxx32.dll
2017-04-15 00:32 - 2017-04-15 00:32 - 00069016 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ati2erec.dll
2017-04-15 00:31 - 2017-04-15 00:31 - 10320280 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdvlk64.dll
2017-04-15 00:31 - 2017-04-15 00:31 - 08479128 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdvlk32.dll
2017-04-15 00:31 - 2017-04-15 00:31 - 02536344 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amfrt64.dll
2017-04-15 00:31 - 2017-04-15 00:31 - 02198424 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amfrt32.dll
2017-04-15 00:31 - 2017-04-15 00:31 - 00121240 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2017-04-15 00:31 - 2017-04-15 00:31 - 00112536 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdxc64.dll
2017-04-15 00:31 - 2017-04-15 00:31 - 00112024 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2017-04-15 00:31 - 2017-04-15 00:31 - 00099224 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdxc32.dll
2017-04-15 00:30 - 2017-04-15 00:30 - 00864152 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdlvr64.dll
2017-04-15 00:30 - 2017-04-15 00:30 - 00696216 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdlvr32.dll
2017-04-15 00:30 - 2017-04-15 00:30 - 00514456 _____ C:\WINDOWS\system32\amdgfxinfo64.dll
2017-04-15 00:30 - 2017-04-15 00:30 - 00360344 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll
2017-04-15 00:30 - 2017-04-15 00:30 - 00091544 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmcl64.dll
2017-04-15 00:30 - 2017-04-15 00:30 - 00075160 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmcl32.dll
2017-04-15 00:28 - 2017-04-15 00:28 - 00573824 _____ C:\WINDOWS\system32\amdmiracast.dll
2017-04-15 00:28 - 2017-04-15 00:28 - 00196200 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdhcp64.dll
2017-04-15 00:28 - 2017-04-15 00:28 - 00164424 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdhcp32.dll
2017-04-15 00:28 - 2017-04-15 00:28 - 00139096 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll
2017-04-15 00:28 - 2017-04-15 00:28 - 00131296 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll
2017-04-15 00:28 - 2017-04-15 00:28 - 00131296 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll
2017-04-15 00:28 - 2017-04-15 00:28 - 00116088 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll
2017-04-15 00:28 - 2017-04-15 00:28 - 00102536 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll
2017-04-15 00:28 - 2017-04-15 00:28 - 00102536 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll
2017-04-14 10:30 - 2017-04-14 10:30 - 00534668 _____ C:\WINDOWS\Minidump\041417-7375-01.dmp
2017-04-14 04:44 - 2017-04-14 04:44 - 03471376 _____ C:\WINDOWS\SysWOW64\atiumdva.cap
2017-04-14 04:44 - 2017-04-14 04:44 - 03437632 _____ C:\WINDOWS\system32\atiumd6a.cap
2017-04-14 04:44 - 2017-04-14 04:44 - 00791456 _____ C:\WINDOWS\SysWOW64\atiapfxx.blb
2017-04-14 04:44 - 2017-04-14 04:44 - 00791456 _____ C:\WINDOWS\system32\atiapfxx.blb
2017-04-14 04:44 - 2017-04-14 04:44 - 00204952 _____ C:\WINDOWS\SysWOW64\ativvsvl.dat
2017-04-14 04:44 - 2017-04-14 04:44 - 00204952 _____ C:\WINDOWS\system32\ativvsvl.dat
2017-04-14 04:44 - 2017-04-14 04:44 - 00157144 _____ C:\WINDOWS\SysWOW64\ativvsva.dat
2017-04-14 04:44 - 2017-04-14 04:44 - 00157144 _____ C:\WINDOWS\system32\ativvsva.dat
2017-04-14 04:44 - 2017-04-14 04:44 - 00154384 _____ C:\WINDOWS\system32\samu_krnl_ci.sbin
2017-04-14 04:44 - 2017-04-14 04:44 - 00138832 _____ C:\WINDOWS\system32\samu_krnl_isv_ci.sbin
2017-04-14 04:44 - 2017-04-14 04:44 - 00120368 _____ C:\WINDOWS\system32\kapp_ci.sbin
2017-04-14 04:44 - 2017-04-14 04:44 - 00114704 _____ C:\WINDOWS\system32\kapp_si.sbin
2017-04-14 04:43 - 2017-04-14 04:43 - 00020580 _____ C:\WINDOWS\system32\AMDKernelEvents.man
2017-04-14 04:43 - 2017-04-14 04:43 - 00000144 _____ C:\WINDOWS\SysWOW64\amd-vulkan32.json
2017-04-14 04:43 - 2017-04-14 04:43 - 00000144 _____ C:\WINDOWS\system32\amd-vulkan64.json
2017-04-14 04:25 - 2017-04-14 04:25 - 00589596 _____ C:\WINDOWS\Minidump\041417-7953-01.dmp
2017-04-13 21:26 - 2017-04-13 21:26 - 00594108 _____ C:\WINDOWS\Minidump\041317-6343-01.dmp
2017-04-11 23:00 - 2017-04-01 05:57 - 01411640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-04-11 23:00 - 2017-04-01 05:57 - 00626520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-04-11 23:00 - 2017-04-01 05:57 - 00311192 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-04-11 23:00 - 2017-04-01 05:51 - 05477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-04-11 23:00 - 2017-04-01 05:51 - 01760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-04-11 23:00 - 2017-04-01 05:29 - 01518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-04-11 23:00 - 2017-04-01 05:28 - 00354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-04-11 23:00 - 2017-04-01 05:25 - 06756920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-04-11 23:00 - 2017-04-01 05:25 - 00986592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-04-11 23:00 - 2017-04-01 05:19 - 23675392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-04-11 23:00 - 2017-04-01 05:11 - 02957824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-04-11 23:00 - 2017-04-01 05:11 - 00038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-04-11 23:00 - 2017-04-01 05:09 - 20505600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-04-11 23:00 - 2017-04-01 05:09 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-04-11 23:00 - 2017-04-01 05:08 - 19334144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-04-11 23:00 - 2017-04-01 05:04 - 00364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-04-11 23:00 - 2017-04-01 05:04 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-04-11 23:00 - 2017-04-01 05:03 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-04-11 23:00 - 2017-04-01 05:02 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsDocumentTargetPrint.dll
2017-04-11 23:00 - 2017-04-01 05:01 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-04-11 23:00 - 2017-04-01 04:58 - 23680512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-04-11 23:00 - 2017-04-01 04:58 - 01506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-04-11 23:00 - 2017-04-01 04:56 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-04-11 23:00 - 2017-04-01 04:55 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-04-11 23:00 - 2017-04-01 04:55 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsDocumentTargetPrint.dll
2017-04-11 23:00 - 2017-04-01 04:52 - 08247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-04-11 23:00 - 2017-04-01 04:52 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-04-11 23:00 - 2017-04-01 04:52 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-04-11 23:00 - 2017-04-01 04:50 - 01657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-04-11 23:00 - 2017-04-01 02:00 - 00032004 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-04-11 23:00 - 2017-03-25 12:58 - 00388000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-04-11 22:59 - 2017-04-01 06:05 - 01604312 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-04-11 22:59 - 2017-04-01 06:05 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-04-11 22:59 - 2017-04-01 06:04 - 01147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-04-11 22:59 - 2017-04-01 06:04 - 01024416 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-04-11 22:59 - 2017-04-01 06:04 - 00382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-04-11 22:59 - 2017-04-01 05:59 - 08319392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-04-11 22:59 - 2017-04-01 05:52 - 02444184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-04-11 22:59 - 2017-04-01 05:52 - 00409504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-04-11 22:59 - 2017-04-01 05:51 - 00205728 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-04-11 22:59 - 2017-04-01 05:50 - 02085280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-04-11 22:59 - 2017-04-01 05:48 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-04-11 22:59 - 2017-04-01 05:47 - 01323880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-04-11 22:59 - 2017-04-01 05:06 - 03672064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-04-11 22:59 - 2017-04-01 05:05 - 00047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-04-11 22:59 - 2017-04-01 05:02 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-04-11 22:59 - 2017-04-01 04:59 - 11869696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-04-11 22:59 - 2017-04-01 04:58 - 06296064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-04-11 22:59 - 2017-04-01 04:58 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-04-11 22:59 - 2017-04-01 04:55 - 00805376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-04-11 22:59 - 2017-04-01 04:53 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-04-11 22:59 - 2017-04-01 04:50 - 01605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-04-11 22:59 - 2017-04-01 04:48 - 01356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-04-11 22:59 - 2017-04-01 04:47 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-04-11 22:59 - 2017-04-01 04:45 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-04-11 22:59 - 2017-04-01 04:44 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-04-11 22:59 - 2017-03-25 13:28 - 00543648 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-04-11 22:53 - 2017-04-11 22:53 - 00000405 _____ C:\Users\51\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System.lnk
2017-04-09 12:46 - 2017-04-16 13:27 - 00000000 ____D C:\WINDOWS\Minidump
2017-04-09 12:46 - 2017-04-09 12:46 - 00553732 _____ C:\WINDOWS\Minidump\040917-5078-01.dmp
2017-04-08 01:13 - 2017-04-08 01:13 - 00000000 ____D C:\Users\51\AppData\Local\DBG
2017-04-07 16:33 - 2017-04-19 10:08 - 00000000 ____D C:\Windows.old
2017-04-07 16:32 - 2017-03-18 11:00 - 07702016 _____ (Microsoft Corporation) C:\WINDOWS\system32\NL7Models0011.dll
2017-04-07 16:32 - 2017-03-18 11:00 - 02454528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NL7Lexicons0011.dll
2017-04-07 16:32 - 2017-03-18 10:54 - 07405568 _____ (Microsoft Corporation) C:\WINDOWS\system32\NL7Data0011.dll
2017-04-07 16:32 - 2017-03-18 10:54 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSWB70011.dll
2017-04-07 16:32 - 2017-03-18 10:39 - 07244800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NL7Data0011.dll
2017-04-07 16:32 - 2017-03-18 10:39 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSWB70011.dll
2017-04-07 16:32 - 2017-02-11 00:22 - 00002060 _____ C:\WINDOWS\system32\noise.jpn
2017-04-07 16:30 - 2017-04-24 09:39 - 01475960 _____ C:\WINDOWS\system32\perfh011.dat
2017-04-07 16:30 - 2017-04-24 09:39 - 00441376 _____ C:\WINDOWS\system32\perfc011.dat
2017-04-07 16:30 - 2017-04-07 16:30 - 00144624 _____ C:\WINDOWS\system32\perfi011.dat
2017-04-07 16:30 - 2017-04-07 16:30 - 00033402 _____ C:\WINDOWS\system32\perfd011.dat
2017-04-07 16:30 - 2017-04-07 16:30 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2017-04-07 16:30 - 2017-04-07 16:30 - 00000000 ____D C:\WINDOWS\SysWOW64\ja
2017-04-07 16:30 - 2017-04-07 16:30 - 00000000 ____D C:\WINDOWS\system32\ja
2017-04-07 16:27 - 2017-04-07 16:27 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2017-04-07 16:27 - 2017-04-07 16:27 - 00000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2017-04-07 16:27 - 2017-04-07 16:27 - 00000000 ____D C:\WINDOWS\system32\msmq
2017-04-07 16:27 - 2017-04-07 16:27 - 00000000 ____D C:\WINDOWS\system32\BestPractices
2017-04-07 16:27 - 2017-04-07 16:27 - 00000000 ____D C:\Program Files\Reference Assemblies
2017-04-07 16:27 - 2017-04-07 16:27 - 00000000 ____D C:\Program Files\MSBuild
2017-04-07 16:27 - 2017-04-07 16:27 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-04-07 16:27 - 2017-04-07 16:27 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-04-07 16:27 - 2017-04-07 16:27 - 00000000 ____D C:\inetpub
2017-04-07 16:27 - 2017-04-07 03:35 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2017-04-07 16:26 - 2017-02-11 00:26 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-04-07 16:26 - 2017-02-11 00:26 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-04-07 16:26 - 2017-02-11 00:26 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-04-07 16:26 - 2017-02-11 00:21 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2017-04-07 16:26 - 2017-02-11 00:21 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-04-07 16:26 - 2017-02-11 00:21 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2017-04-07 10:52 - 2017-04-07 10:52 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2017-04-07 10:50 - 2017-04-07 10:50 - 00000020 ___SH C:\Users\51\ntuser.ini
2017-04-07 03:50 - 2017-04-07 03:50 - 00000000 ____D C:\ProgramData\USOShared
2017-04-07 03:43 - 2017-04-07 03:43 - 00000000 _SHDL C:\Users\Default\My Documents
2017-04-07 03:42 - 2017-04-07 03:42 - 00007623 _____ C:\WINDOWS\diagwrn.xml
2017-04-07 03:42 - 2017-04-07 03:42 - 00007623 _____ C:\WINDOWS\diagerr.xml
2017-04-07 03:41 - 2017-04-24 10:21 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton 360
2017-04-07 03:41 - 2017-04-24 09:35 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-04-07 03:41 - 2017-04-23 20:41 - 00000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2017-04-07 03:41 - 2017-04-14 14:43 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-04-07 03:41 - 2017-04-07 10:52 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-07 03:41 - 2017-04-07 10:52 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-07 03:41 - 2017-04-07 03:41 - 00002702 _____ C:\WINDOWS\System32\Tasks\Sapphire TRIXX
2017-04-07 03:41 - 2017-04-07 03:41 - 00002612 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2017-04-07 03:41 - 2017-04-07 03:41 - 00002600 _____ C:\WINDOWS\System32\Tasks\TorGuard Autostart
2017-04-07 03:41 - 2017-04-07 03:41 - 00002374 _____ C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2017-04-07 03:41 - 2017-04-07 03:41 - 00002370 _____ C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2017-04-07 03:41 - 2017-04-07 03:41 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2017-04-07 03:39 - 2017-04-07 03:39 - 00001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-04-07 03:37 - 2017-04-07 03:39 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-04-07 03:37 - 2017-04-07 03:37 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2017-04-07 03:37 - 2017-03-19 01:56 - 02233344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-04-07 03:36 - 2017-04-24 09:39 - 04160256 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-04-07 03:36 - 2017-04-24 09:36 - 00000000 ____D C:\Users\51
2017-04-07 03:36 - 2017-04-07 03:36 - 01599566 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2017-04-07 03:36 - 2017-04-07 03:36 - 00000000 _SHDL C:\Users\51\My Documents
2017-04-07 03:36 - 2017-04-07 03:36 - 00000000 _SHDL C:\Users\51\Documents\My Videos
2017-04-07 03:36 - 2017-04-07 03:36 - 00000000 _SHDL C:\Users\51\Documents\My Pictures
2017-04-07 03:36 - 2017-04-07 03:36 - 00000000 _SHDL C:\Users\51\Documents\My Music
2017-04-07 03:35 - 2017-04-24 12:22 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-04-07 03:35 - 2017-04-24 09:35 - 00418944 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-04-07 03:35 - 2017-04-21 23:43 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2017-04-07 03:35 - 2017-04-07 03:37 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-04-07 03:35 - 2017-04-07 03:35 - 00000000 ____D C:\Program Files\Realtek
2017-04-07 02:11 - 2017-04-07 10:50 - 00000000 ___DC C:\WINDOWS\Panther
2017-04-07 02:10 - 2017-04-07 02:11 - 00000036 _____ C:\WINDOWS\progress.ini
2017-04-06 18:12 - 2017-04-07 10:50 - 00000000 ___HD C:\$GetCurrent
2017-04-03 08:57 - 2017-04-03 08:57 - 00000000 _____ C:\Users\51\AppData\Local\{2ECA65E7-D69A-4003-B68F-6D78615A0007}
2017-04-01 03:43 - 2017-04-01 03:43 - 00000000 ____D C:\ProgramData\GeoComply
2017-04-01 03:07 - 2017-04-21 17:51 - 00000000 ____D C:\Users\51\AppData\Local\PokerStars
2017-04-01 03:07 - 2017-04-07 03:39 - 00000000 ____D C:\Users\51\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStars
2017-04-01 03:07 - 2017-04-01 03:42 - 00000000 ____D C:\Program Files (x86)\PokerStars
2017-03-31 18:23 - 2017-03-31 18:23 - 00110088 _____ (Advanced Micro Devices) C:\WINDOWS\system32\Drivers\AtihdWT6.sys
2017-03-31 18:22 - 2017-03-31 18:22 - 00113384 _____ (Advanced Micro Devices) C:\WINDOWS\system32\DelayAPO.dll
2017-03-30 22:08 - 2017-03-30 22:12 - 00228608 _____ C:\Users\51\0
2017-03-26 16:01 - 2017-03-26 16:01 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2017-03-25 02:01 - 2017-04-07 03:39 - 00000000 ____D C:\Users\51\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-24 12:35 - 2017-03-06 20:26 - 00000000 ____D C:\Users\51\AppData\Roaming\Azureus
2017-04-24 10:23 - 2017-03-07 02:35 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-04-24 10:16 - 2017-03-19 02:03 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2017-04-24 09:37 - 2017-03-07 00:25 - 00000000 ____D C:\Users\51\AppData\Roaming\vlc
2017-04-23 00:46 - 2017-03-06 16:40 - 00007603 _____ C:\Users\51\AppData\Local\Resmon.ResmonCfg
2017-04-22 10:34 - 2017-03-07 02:51 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-04-22 10:30 - 2017-03-06 22:02 - 00000000 ____D C:\Users\51\AppData\Local\CrashDumps
2017-04-22 10:23 - 2017-03-19 02:01 - 00000000 ____D C:\WINDOWS\INF
2017-04-22 02:25 - 2017-03-19 02:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-04-22 02:25 - 2017-03-19 02:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-04-21 23:43 - 2017-03-18 16:40 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-04-21 23:29 - 2017-03-19 01:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-04-21 22:49 - 2017-03-18 16:40 - 00008192 _____ C:\WINDOWS\system32\config\ELAM
2017-04-21 17:29 - 2017-03-06 21:06 - 00000061 _____ C:\ProgramData\SoftwareUpdateTemp.xml
2017-04-20 03:00 - 2017-03-19 02:03 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-04-16 13:27 - 2017-03-07 04:09 - 955091277 _____ C:\WINDOWS\MEMORY.DMP
2017-04-15 21:52 - 2017-03-08 20:23 - 00000000 ____D C:\Users\51\Documents\The Witcher 3
2017-04-15 00:33 - 2017-03-15 23:37 - 00546712 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Rapidfire64.dll
2017-04-15 00:33 - 2017-03-15 23:37 - 00478104 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\Rapidfire.dll
2017-04-14 14:42 - 2017-03-07 16:55 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-04-13 12:07 - 2017-03-19 02:03 - 00000000 ____D C:\WINDOWS\rescache
2017-04-12 06:07 - 2017-03-19 02:03 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2017-04-12 06:07 - 2017-03-19 02:03 - 00000000 ____D C:\WINDOWS\system32\en-GB
2017-04-12 05:55 - 2017-03-08 21:10 - 00000000 ____D C:\Fraps
2017-04-11 23:01 - 2017-03-06 20:25 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-04-11 23:00 - 2017-03-06 20:25 - 148601744 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-04-10 02:40 - 2017-03-06 20:05 - 00000000 ____D C:\Users\51\AppData\Local\Packages
2017-04-09 12:46 - 2017-03-19 02:03 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-04-08 03:44 - 2017-03-19 02:03 - 00000000 ____D C:\WINDOWS\appcompat
2017-04-07 16:34 - 2017-03-19 02:03 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-04-07 16:33 - 2017-03-19 02:06 - 00000000 ____D C:\WINDOWS\Setup
2017-04-07 16:32 - 2017-03-19 07:30 - 00000000 ____D C:\WINDOWS\OCR
2017-04-07 16:31 - 2017-03-19 07:31 - 00000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2017-04-07 16:31 - 2017-03-19 07:28 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2017-04-07 16:31 - 2017-03-19 07:28 - 00000000 ____D C:\WINDOWS\system32\WCN
2017-04-07 16:31 - 2017-03-19 02:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-04-07 16:31 - 2017-03-19 02:03 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-04-07 16:31 - 2017-03-19 02:03 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2017-04-07 16:31 - 2017-03-19 02:03 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2017-04-07 16:31 - 2017-03-19 02:03 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-04-07 16:31 - 2017-03-19 02:03 - 00000000 ____D C:\WINDOWS\system32\migwiz
2017-04-07 16:31 - 2017-03-19 02:03 - 00000000 ____D C:\WINDOWS\IME
2017-04-07 16:31 - 2017-03-19 02:03 - 00000000 ____D C:\WINDOWS\Help
2017-04-07 16:31 - 2017-03-19 02:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-04-07 16:31 - 2017-03-19 02:03 - 00000000 ____D C:\Program Files\Windows Defender
2017-04-07 16:31 - 2017-03-19 02:03 - 00000000 ____D C:\Program Files\Common Files\System
2017-04-07 16:31 - 2017-03-19 02:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-04-07 16:31 - 2017-03-19 02:03 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-04-07 16:31 - 2017-03-18 16:40 - 00000000 ____D C:\WINDOWS\servicing
2017-04-07 16:30 - 2017-03-19 07:28 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2017-04-07 16:30 - 2017-03-19 07:28 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2017-04-07 16:30 - 2017-03-19 07:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2017-04-07 16:30 - 2017-03-19 07:28 - 00000000 ____D C:\WINDOWS\system32\winrm
2017-04-07 16:30 - 2017-03-19 07:28 - 00000000 ____D C:\WINDOWS\system32\slmgr
2017-04-07 16:30 - 2017-03-19 07:28 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2017-04-07 16:30 - 2017-03-19 02:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2017-04-07 16:30 - 2017-03-19 02:03 - 00000000 ___SD C:\WINDOWS\system32\dsc
2017-04-07 16:30 - 2017-03-19 02:03 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2017-04-07 16:30 - 2017-03-19 02:03 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2017-04-07 16:30 - 2017-03-19 02:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-04-07 16:30 - 2017-03-19 02:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Com
2017-04-07 16:30 - 2017-03-19 02:03 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-04-07 16:30 - 2017-03-19 02:03 - 00000000 ____D C:\WINDOWS\system32\MUI
2017-04-07 16:30 - 2017-03-19 02:03 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2017-04-07 16:30 - 2017-03-19 02:03 - 00000000 ____D C:\WINDOWS\system32\Com
2017-04-07 16:30 - 2017-03-18 16:40 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-04-07 16:27 - 2017-03-19 01:59 - 00611840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqsnap.dll
2017-04-07 16:27 - 2017-03-19 01:59 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqutil.dll
2017-04-07 16:27 - 2017-03-19 01:59 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.dll
2017-04-07 16:27 - 2017-03-19 01:59 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2017-04-07 16:27 - 2017-03-19 01:59 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2017-04-07 16:27 - 2017-03-19 01:59 - 00156160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqrt.dll
2017-04-07 16:27 - 2017-03-19 01:59 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.tlb
2017-04-07 16:27 - 2017-03-19 01:59 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa30.tlb
2017-04-07 16:27 - 2017-03-19 01:59 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa20.tlb
2017-04-07 16:27 - 2017-03-19 01:59 - 00054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2017-04-07 16:27 - 2017-03-19 01:59 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2017-04-07 16:27 - 2017-03-19 01:59 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2017-04-07 16:27 - 2017-03-19 01:59 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa10.tlb
2017-04-07 16:27 - 2017-03-19 01:59 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2017-04-07 16:27 - 2017-03-19 01:59 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2017-04-07 16:27 - 2017-03-19 01:59 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2017-04-07 16:27 - 2017-03-19 01:59 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2017-04-07 16:27 - 2017-03-19 01:59 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqcertui.dll
2017-04-07 16:27 - 2017-03-19 01:59 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\cngkeyhelper.dll
2017-04-07 16:27 - 2017-03-19 01:59 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2017-04-07 16:27 - 2017-03-19 01:59 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2017-04-07 16:27 - 2017-03-19 01:59 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cngkeyhelper.dll
2017-04-07 16:27 - 2017-03-19 01:59 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2017-04-07 16:27 - 2017-03-19 01:59 - 00009096 _____ C:\WINDOWS\SysWOW64\msmqtrc.mof
2017-04-07 16:27 - 2017-03-19 01:56 - 01380352 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll
2017-04-07 16:27 - 2017-03-19 01:56 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsnap.dll
2017-04-07 16:27 - 2017-03-19 01:56 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqutil.dll
2017-04-07 16:27 - 2017-03-19 01:56 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.dll
2017-04-07 16:27 - 2017-03-19 01:56 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqrt.dll
2017-04-07 16:27 - 2017-03-19 01:56 - 00177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys
2017-04-07 16:27 - 2017-03-19 01:56 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqlogmgr.dll
2017-04-07 16:27 - 2017-03-19 01:56 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.tlb
2017-04-07 16:27 - 2017-03-19 01:56 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa30.tlb
2017-04-07 16:27 - 2017-03-19 01:56 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa20.tlb
2017-04-07 16:27 - 2017-03-19 01:56 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqbkup.exe
2017-04-07 16:27 - 2017-03-19 01:56 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa10.tlb
2017-04-07 16:27 - 2017-03-19 01:56 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
2017-04-07 16:27 - 2017-03-19 01:56 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcertui.dll
2017-04-07 16:27 - 2017-03-19 01:56 - 00009096 _____ C:\WINDOWS\system32\msmqtrc.mof
2017-04-07 12:07 - 2017-03-06 20:20 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-04-07 11:53 - 2017-03-07 14:32 - 00000000 ____D C:\Windows10Upgrade
2017-04-07 10:52 - 2017-03-06 20:05 - 00000000 ____D C:\Users\51\AppData\Local\ConnectedDevicesPlatform
2017-04-07 10:50 - 2017-03-19 02:03 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-04-07 10:50 - 2016-11-20 23:54 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-04-07 03:50 - 2017-03-19 02:03 - 00000000 ____D C:\ProgramData\USOPrivate
2017-04-07 03:42 - 2017-03-19 02:03 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-04-07 03:42 - 2017-03-19 02:03 - 00000000 ____D C:\WINDOWS\Registration
2017-04-07 03:42 - 2017-03-06 20:13 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-07 03:41 - 2017-03-19 07:31 - 00000000 ____D C:\WINDOWS\HoloShell
2017-04-07 03:41 - 2017-03-06 18:03 - 00022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-04-07 03:41 - 2016-07-16 16:47 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-04-07 03:40 - 2017-03-19 02:03 - 00000000 __RSD C:\WINDOWS\Media
2017-04-07 03:40 - 2017-03-19 02:03 - 00000000 __RHD C:\Users\Public\Libraries
2017-04-07 03:39 - 2017-03-22 22:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VPNetwork LLC
2017-04-07 03:39 - 2017-03-19 17:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2017-04-07 03:39 - 2017-03-19 02:03 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-04-07 03:39 - 2017-03-11 12:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-04-07 03:39 - 2017-03-08 21:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
2017-04-07 03:39 - 2017-03-07 02:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK
2017-04-07 03:39 - 2017-03-07 01:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2017-04-07 03:39 - 2017-03-06 20:48 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2017-04-07 03:39 - 2017-03-06 20:25 - 00000000 ____D C:\WINDOWS\system32\RTCOM
2017-04-07 03:39 - 2017-03-06 20:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2017-04-07 03:39 - 2017-03-06 20:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-04-07 03:37 - 2017-03-19 02:03 - 00000000 __SHD C:\Program Files\Windows Sidebar
2017-04-07 03:37 - 2017-03-19 02:03 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2017-04-07 03:37 - 2017-03-19 02:03 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2017-04-07 03:37 - 2017-03-19 02:03 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2017-04-07 03:37 - 2017-03-19 02:03 - 00000000 ____D C:\WINDOWS\system32\spool
2017-04-07 03:37 - 2017-03-19 02:03 - 00000000 ____D C:\WINDOWS\system32\IME
2017-04-07 03:37 - 2017-03-19 02:03 - 00000000 ____D C:\WINDOWS\schemas
2017-04-07 03:37 - 2017-03-19 02:03 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-04-07 03:37 - 2017-03-19 02:03 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-04-07 03:37 - 2017-03-08 19:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mr DJ
2017-04-07 03:37 - 2017-03-06 20:24 - 00000000 ____D C:\Program Files\Intel
2017-04-07 03:37 - 2017-03-06 20:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI
2017-04-07 03:36 - 2017-03-18 16:40 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-04-06 23:05 - 2017-03-07 14:32 - 00000731 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Upgrade Assistant.lnk
2017-04-03 21:56 - 2017-03-19 02:06 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-04-03 21:56 - 2017-03-19 02:06 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-04-01 14:42 - 2017-03-07 00:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-03-29 13:16 - 2017-03-08 19:50 - 00001466 _____ C:\Users\Public\Desktop\The Witcher 3 Wild Hunt Complete.lnk
2017-03-28 11:40 - 2017-03-07 13:18 - 00000000 ____D C:\Program Files\Common Files\AV
2017-03-28 11:15 - 2017-03-06 20:49 - 00000000 ____D C:\WINDOWS\system32\Drivers\N360x64
==================== Files in the root of some directories =======
2017-03-06 23:29 - 2017-03-21 23:58 - 2612224 _____ () C:\Users\51\AppData\Local\file__0.localstorage
2017-03-06 16:40 - 2017-04-23 00:46 - 0007603 _____ () C:\Users\51\AppData\Local\Resmon.ResmonCfg
2017-04-03 08:57 - 2017-04-03 08:57 - 0000000 _____ () C:\Users\51\AppData\Local\{2ECA65E7-D69A-4003-B68F-6D78615A0007}
2017-03-06 21:06 - 2017-04-21 17:29 - 0000061 _____ () C:\ProgramData\SoftwareUpdateTemp.xml
Some files in TEMP:
====================
2017-04-22 10:42 - 2017-04-22 10:42 - 0467968 _____ (Realtek Semiconductor Corp.) C:\Users\51\AppData\Local\Temp\COMAP.EXE
2017-04-07 11:01 - 2017-04-24 10:54 - 0079904 _____ () C:\Users\51\AppData\Local\Temp\i4jdel0.exe
2017-04-24 10:30 - 2015-08-21 01:55 - 1174552 _____ (proDAD GmbH) C:\Users\51\AppData\Local\Temp\uninstall.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-04-23 11:49
==================== End of FRST.txt ============================

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:54 PM

Posted 25 April 2017 - 08:21 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Include the Addition.txt log that was created by the Farbar tool.

Wait for further instructions.

#3 k_k

k_k
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 26 April 2017 - 04:00 AM

Hi nasdaq,

 

Thanks for taking the time to help me. 

 

Here's the requested log file:

 

# AdwCleaner v6.046 - Logfile created 26/04/2017 at 13:56:19
# Updated on 24/04/2017 by Malwarebytes
# Database : 2017-04-25.1 [Server]
# Operating System : Windows 10 Pro  (X64)
# Username : 51 - 51-PC
# Running from : C:\Users\51\Downloads\adwcleaner_6.046.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
 
 
***** [ Files ] *****
 
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\51\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\51\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [960 Bytes] - [26/04/2017 13:56:19]
C:\AdwCleaner\AdwCleaner[S0].txt - [1284 Bytes] - [26/04/2017 13:55:50]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1105 Bytes] ##########


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:54 PM

Posted 26 April 2017 - 08:16 AM

As previously requested.

Include the Addition.txt log that was created by the Farbar tool.

I need to review this file with the FRST log you previously posted.

#5 k_k

k_k
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 26 April 2017 - 08:58 AM

Sorry nasdaq, my bad. 

 

So, this is the second log file i.e the one that I ran after running Adwcleaner. This is the one that you wanted, right?

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-04-2017
Ran by 51 (26-04-2017 18:54:15)
Running from C:\Users\51\Desktop
Windows 10 Pro Version 1703 (X64) (2017-04-07 05:50:44)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
51 (S-1-5-21-2367461741-209785116-119980550-1000 - Administrator - Enabled) => C:\Users\51
Administrator (S-1-5-21-2367461741-209785116-119980550-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2367461741-209785116-119980550-503 - Limited - Disabled)
Guest (S-1-5-21-2367461741-209785116-119980550-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton 360 Premier (Enabled - Up to date) {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 Premier (Enabled - Up to date) {8B15A0D7-38AE-74BB-CE13-B9D7D5768117}
FW: Norton 360 Premier (Enabled) {084FC016-54FB-7A6D-DFFC-2B9050228CD1}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 16.00 (x64) (HKLM\...\7-Zip) (Version: 16.00 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Catalyst Control Center Next Localization BR (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2017.0210.908.16431 - Advanced Micro Devices, Inc.) Hidden
CLICKBIOSII (HKLM-x32\...\{EBCB111F-4907-4B28-BD03-F5BD901106D2}_is1) (Version: 1.0.123 - MSI)
ControlCenter (HKLM-x32\...\{AF14F0CD-5307-4134-BDFA-15974473C1EE}_is1) (Version: 2.5.060 - MSI)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
Google Update Helper (x32 Version: 1.3.33.3 - Google Inc.) Hidden
HandBrake 1.0.7 (HKLM-x32\...\HandBrake) (Version: 1.0.7 - )
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.6.1 Hotfix Rollup (KB3154529) (HKLM\...\{5B71B4F6-A412-3C48-B332-0FA9B9958940}) (Version: 4.6.01081 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.8.106.0 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7870.2031 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2367461741-209785116-119980550-1000\...\OneDriveSetup.exe) (Version: 17.3.6816.0313 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Norton 360 Premier (HKLM-x32\...\N360) (Version: 22.9.1.12 - Symantec Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7870.2024 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7870.2024 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7870.2024 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
PokerStars (HKLM-x32\...\PokerStars) (Version:  - PokerStars)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8010 - Realtek Semiconductor Corp.)
Sapphire TRIXX 6.3.0 (HKLM-x32\...\{54CE6A44-8553-4B78-9B07-AC88A9D581E8}_is1) (Version: 6.3.0 - Sapphire Technology)
Sid Meiers Civilization VI Summer 2017 Edition with Australia Scenario Pack (HKLM\...\c2lkbWVpZXJzY2l2aWxpemF0aW9udmk_is1) (Version: 1 - )
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
The Witcher 3 Wild Hunt Complete version 1.22.0.0 (HKLM-x32\...\The Witcher 3 Wild Hunt Complete_is1) (Version: 1.22.0.0 - Mr DJ)
TP-LINK TL-WN721N_TL-WN722N Driver (HKLM-x32\...\{38A1E3ED-D913-41D2-9953-A93D5ACE3ADF}) (Version: 1.3.1 - TP-LINK)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VPNetwork LLC - TorGuard - Online Privacy Protection Services (HKLM-x32\...\VPNetwork LLC TorGuard) (Version: "0.3.67" - "VPNetwork LLC")
Vulkan Run Time Libraries 1.0.37.0 (HKLM\...\VulkanRT1.0.37.0-4) (Version: 1.0.37.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.37.0 (Version: 1.0.37.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.7.5.0 - Azureus Software, Inc.)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17384 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0604801D-7F9B-41F8-9AFA-31A76F17992A} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2016-08-15] (Microsoft Corporation)
Task: {0A4158EB-6AC0-4BF0-AC42-9A4F9A64C38C} - System32\Tasks\Norton 360\Norton 360 Premier Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.9.1.12\SymErr.exe [2017-02-20] (Symantec Corporation)
Task: {0F19181F-7790-43F5-9040-E5620622C0AA} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {126E6F08-355F-430A-82AD-6C77A5A94AA0} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {1EABEDCE-5BD3-419B-8E64-670EE4E3A3F0} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {1F9DC9AF-0AAE-46F5-A131-2A676BD8440C} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {25803403-4F29-4815-BD4E-9371395D846B} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe 
Task: {2C58BA26-9FCE-42E1-8373-174734E5C472} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {3D300BE2-0A67-4728-9D2B-14759A0779F8} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {3E0FC9B4-B43C-4D97-9723-5F960626DC89} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-03-26] (Microsoft Corporation)
Task: {3E8CF068-D651-433B-B47E-46A2BD19E132} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\22.9.1.12\WSCStub.exe [2017-03-17] (Symantec Corporation)
Task: {40A613E3-0C46-4F27-8547-F113E8448857} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-06] (Google Inc.)
Task: {4115CC53-8F01-496E-9A5E-14810A819BFF} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-02-10] (Advanced Micro Devices, Inc.)
Task: {49D2E2F9-CE6B-4953-A315-138A39CD644D} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {4F925249-DBC7-4ABE-AFB9-D7481B3ACBB7} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {62DA2111-5C1F-400B-80D3-254ADB01002E} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-03-27] (Microsoft Corporation)
Task: {6C63AEA3-0667-4A3B-A573-1DB5FB616F6E} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2016-08-15] (Microsoft Corporation)
Task: {82E5CC21-78FA-4A1C-A354-E5043DE6BB39} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe 
Task: {8D668AB9-5C6B-4F0E-8F82-788AD09BF105} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {9513352B-BA39-4271-99F3-4FD1F0D9A7A4} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {979C3B7E-D4B5-4C80-AC98-3342289BDD8A} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {99C67A00-55AC-4F4C-A776-BA2CB1C5D827} - System32\Tasks\Sapphire TRIXX => C:\Program Files (x86)\Sapphire TRIXX\TRIXX.exe [2016-11-17] (Sapphire Technology Limited)
Task: {9CD8E412-DC3E-4A36-B534-8BAEF70596D1} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {A09CA7A1-BEB3-4D0B-8E64-14C68C6F9634} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {A9A3616E-1A08-4D53-BCA8-17D461F91660} - System32\Tasks\Norton 360\Norton 360 Premier Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.9.1.12\SymErr.exe [2017-02-20] (Symantec Corporation)
Task: {B0DCC37B-17DB-4249-ADA0-EE9BCC1B5508} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {B9C54A74-7671-4FA0-ABD1-1A1AAE360E0D} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {CE4396E9-C1D0-47F8-8F98-62C2B162A13F} - System32\Tasks\Norton 360\Norton 360 Premier Autofix => C:\Program Files (x86)\Norton 360\Engine\22.9.1.12\SymErr.exe [2017-02-20] (Symantec Corporation)
Task: {D322C46B-EAF4-4021-95D4-0B4603CA290A} - System32\Tasks\TorGuard Autostart => C:\Program Files (x86)\VPNetwork LLC\TorGuard\TorGuardDesktopQt.exe [2017-03-17] ()
Task: {D5048C4B-EFE2-4C95-8DA1-55AA132183EA} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {DE9E0B87-8DE2-41E9-99C6-E72B50683EAA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-02-02] (Adobe Systems Incorporated)
Task: {E024D088-A5CD-4CA9-BE47-55105B77CF0C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-03-26] (Microsoft Corporation)
Task: {E878DCB4-9F31-4108-91A4-5516F4E42019} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360 Premier\Upgrade.exe [2017-03-17] (Symantec Corporation)
Task: {E8B40FD7-1C7D-4C67-AB1E-188C75D6CE07} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe 
Task: {F1797BE1-5ED6-4278-B91D-632E0B16D3DC} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {F6901613-212E-4EC6-B104-20385D987431} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {FE73236C-84A0-495F-86CD-93C9A0BD6898} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-06] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\51\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\H.265 _ HEVC player.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=dambgipgbnhmnkdolkljibpcbocimnpd
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-04-03 22:52 - 2017-04-03 22:52 - 00251416 _____ () C:\Program Files\Common Files\ATI Technologies\DSEManager.exe
2017-04-03 22:52 - 2017-04-03 22:52 - 00346136 _____ () C:\Program Files\Common Files\ATI Technologies\DOPPEngine.dll
2015-12-17 18:38 - 2015-12-17 18:38 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-12-17 18:38 - 2015-12-17 18:38 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-03-19 01:58 - 2017-03-19 01:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-17 13:50 - 2017-03-17 13:50 - 01980016 _____ () C:\Program Files (x86)\VPNetwork LLC\TorGuard\TorGuardDesktopQt.exe
2017-03-07 01:35 - 2017-04-01 14:36 - 08930496 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-03-19 01:59 - 2017-03-19 07:30 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-06-29 19:13 - 2016-06-29 19:13 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-06-29 19:13 - 2016-06-29 19:13 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-06-29 19:13 - 2016-06-29 19:13 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2016-06-29 19:13 - 2016-06-29 19:13 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-06-29 19:13 - 2016-06-29 19:13 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-06-29 19:13 - 2016-06-29 19:13 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-06-29 19:13 - 2016-06-29 19:13 - 00191488 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2017-04-05 12:13 - 2017-04-05 12:13 - 10650112 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11701.1001.99.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2017-04-05 12:13 - 2017-04-05 12:13 - 02653184 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11701.1001.99.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll
2017-04-05 12:13 - 2017-04-05 12:13 - 00761344 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11701.1001.99.0_x64__8wekyb3d8bbwe\WinStore.Vui.dll
2017-03-14 07:42 - 2017-03-14 07:42 - 03879424 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1703.601.0_x64__8wekyb3d8bbwe\Calculator.exe
2017-04-05 12:14 - 2017-04-05 12:18 - 00019456 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-04-05 12:14 - 2017-04-05 12:18 - 22723584 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-04-05 12:14 - 2017-04-05 12:18 - 00448512 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.AGM.Native.Windows.dll
2017-04-05 12:14 - 2017-04-05 12:18 - 05427200 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2017-03-06 21:01 - 2017-03-06 21:22 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2017-04-05 12:14 - 2017-04-05 12:18 - 00435712 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-04-05 12:14 - 2017-04-05 12:18 - 01062400 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2016-11-20 23:37 - 2016-11-20 23:37 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.313.10010.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-11-17 16:03 - 2016-11-17 16:03 - 00105857 _____ () C:\Program Files (x86)\VPNetwork LLC\TorGuard\libpkcs11-helper-1.dll
2016-11-17 16:03 - 2016-11-17 16:03 - 00162185 _____ () C:\Program Files (x86)\VPNetwork LLC\TorGuard\liblzo2-2.dll
2017-03-06 20:24 - 2013-09-16 12:20 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2017-04-04 11:26 - 2017-03-29 07:04 - 02187096 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libglesv2.dll
2017-04-04 11:26 - 2017-03-29 07:04 - 00086360 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetSetupSvc => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 07:34 - 2009-06-11 02:00 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2367461741-209785116-119980550-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\51\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\{c94c97c7-3cb3-4dd1-bd14-b0ecb8d39a23}.png
DNS Servers: 10.9.0.1 - 10.8.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKU\S-1-5-21-2367461741-209785116-119980550-1000\...\StartupApproved\Run: => "OneDrive"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{40F66D0F-14D1-450C-BAA5-57436FABB235}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{81EBC06D-C2F7-4EAA-939C-F29662D1FFB4}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{4F2A2490-13F1-4275-B185-B340D8C2821F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1B6E6B49-C58C-4540-BF78-C680C185F5A9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FBC98172-57B9-4B16-B2FB-180A8D64B5AD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D1B52808-7723-485A-8078-9694CE7BA728}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0F235ACC-9A98-4572-B0D8-FC882AD11A31}] => (Allow) D:\Games\The Witcher 3 - Game\Mr DJ\The Witcher 3 Wild Hunt Complete\bin\x64\witcher3.exe
FirewallRules: [{926CA874-5CE0-44DE-A5F0-B9D2B20C689D}] => (Allow) D:\Games\The Witcher 3 - Game\Mr DJ\The Witcher 3 Wild Hunt Complete\bin\x64\witcher3.exe
FirewallRules: [{7AB3E7DE-22A4-420F-B887-CD1EC714709E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{B14F69D4-B37D-4A05-A83C-CF10DC64A0DB}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{33FAF136-402A-440C-AAC2-0431D7A73937}] => (Allow) C:\Program Files\Vuze\Azureus.exe
 
==================== Restore Points =========================
 
11-04-2017 23:00:13 Windows Update
19-04-2017 10:07:34 Scheduled Checkpoint
22-04-2017 10:18:19 Installed Suite2
24-04-2017 10:29:22 Removed SmartSound Quicktracks 5
24-04-2017 14:21:50 Restore Operation
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/26/2017 06:47:51 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004C003
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=49cd895b-53b2-4dc4-a5f7-b18aa019ad37;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (04/26/2017 06:47:50 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Acquisition of End User License failed. hr=0xC004C003
Sku Id=49cd895b-53b2-4dc4-a5f7-b18aa019ad37
 
Error: (04/26/2017 06:47:50 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: License acquisition failure details. 
hr=0xC004C003
 
Error: (04/26/2017 06:47:50 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004E028
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=49cd895b-53b2-4dc4-a5f7-b18aa019ad37;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (04/26/2017 06:47:46 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004E028
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=49cd895b-53b2-4dc4-a5f7-b18aa019ad37;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (04/26/2017 06:47:43 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: )
Description: Acquisition of End User License failed. hr=0xC004C003
Sku Id=49cd895b-53b2-4dc4-a5f7-b18aa019ad37
 
Error: (04/26/2017 06:47:43 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: License acquisition failure details. 
hr=0xC004C003
 
Error: (04/26/2017 06:47:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TRIXX.exe, version: 6.3.0.0, time stamp: 0x582b2c85
Faulting module name: TRIXX.exe, version: 6.3.0.0, time stamp: 0x582b2c85
Exception code: 0xc000041d
Fault offset: 0x00028a3b
Faulting process id: 0x1884
Faulting application start time: 0x01d2be6f4fea1446
Faulting application path: C:\Program Files (x86)\Sapphire TRIXX\TRIXX.exe
Faulting module path: C:\Program Files (x86)\Sapphire TRIXX\TRIXX.exe
Report Id: a06af941-77f8-4fa6-80d6-0305a3a6db2f
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (04/26/2017 06:47:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TRIXX.exe, version: 6.3.0.0, time stamp: 0x582b2c85
Faulting module name: TRIXX.exe, version: 6.3.0.0, time stamp: 0x582b2c85
Exception code: 0xc0000005
Fault offset: 0x00028a3b
Faulting process id: 0x1884
Faulting application start time: 0x01d2be6f4fea1446
Faulting application path: C:\Program Files (x86)\Sapphire TRIXX\TRIXX.exe
Faulting module path: C:\Program Files (x86)\Sapphire TRIXX\TRIXX.exe
Report Id: 8a10214a-49cd-4190-b0d7-845bf1bb96cf
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (04/26/2017 02:28:00 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004C003
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=49cd895b-53b2-4dc4-a5f7-b18aa019ad37;NotificationInterval=1440;Trigger=NetworkAvailable
 
 
System errors:
=============
Error: (04/26/2017 02:27:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Error: (04/26/2017 02:27:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error: 
The request is not supported.
 
Error: (04/26/2017 01:57:04 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Error: (04/26/2017 01:57:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error: 
The request is not supported.
 
Error: (04/26/2017 01:56:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (04/26/2017 01:56:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Dynamic Application Loader Host Interface Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/26/2017 01:56:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/26/2017 01:56:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (04/26/2017 01:56:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Message Queuing service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (04/26/2017 01:56:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel® Capability Licensing Service Interface service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
 
 
CodeIntegrity:
===================================
  Date: 2017-04-13 12:08:58.905
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-04-13 12:08:58.886
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-04-13 12:08:58.863
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-04-13 12:08:58.817
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-04-13 12:08:58.809
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-04-13 12:08:58.802
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-04-13 12:08:58.084
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-04-13 12:08:57.986
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-04-13 12:07:51.271
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-04-13 12:07:51.253
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-2600K CPU @ 3.40GHz
Percentage of memory in use: 20%
Total physical RAM: 16329.93 MB
Available physical RAM: 13024.89 MB
Total Virtual: 32713.93 MB
Available Virtual: 28930.37 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:223.02 GB) (Free:110.62 GB) NTFS
Drive d: (Goku) (Fixed) (Total:1863.02 GB) (Free:219.46 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 223.6 GB) (Disk ID: 57B83A58)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 1863 GB) (Disk ID: CF499888)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#6 k_k

k_k
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 26 April 2017 - 09:57 AM

Don't know if it makes any difference but I did run System Restore between the the Farbar runs....



#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:54 PM

Posted 26 April 2017 - 12:27 PM


This program may not be working properly.
Sapphire TRIXX 6.3.0 (HKLM-x32\...\{54CE6A44-8553-4B78-9B07-AC88A9D581E8}_is1) (Version: 6.3.0 - Sapphire Technology)

You addition.txt log shows this.

Error: (04/26/2017 06:47:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TRIXX.exe, version: 6.3.0.0, time stamp: 0x582b2c85
Faulting module name: TRIXX.exe, version: 6.3.0.0, time stamp: 0x582b2c85
Exception code: 0xc000041d
Fault offset: 0x00028a3b
Faulting process id: 0x1884
Faulting application start time: 0x01d2be6f4fea1446
Faulting application path: C:\Program Files (x86)\Sapphire TRIXX\TRIXX.exe
Faulting module path: C:\Program Files (x86)\Sapphire TRIXX\TRIXX.exe
Report Id: a06af941-77f8-4fa6-80d6-0305a3a6db2f
Faulting package full name:
Faulting package-relative application ID:


Decide if you need to update or reinstall the application.

p.s.
Your driver is located in a Temporary folder.
R3 TRIXX; C:\Users\51\AppData\Local\Temp\TRIXX.sys [27008 2017-04-24] () <==== ATTENTION

---


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(Sapphire Technology Limited) C:\Program Files (x86)\Sapphire TRIXX\TRIXX.exe
HKU\S-1-5-21-2367461741-209785116-119980550-1000\...\Run: [Power2GoExpress10] => [X]
HKU\S-1-5-21-2367461741-209785116-119980550-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Power2GoExpress10] => [X]
CHR Extension: (Norton Security Toolbar) - C:\Users\51\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2017-03-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\51\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Chrome Media Router) - C:\Users\51\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-04]
U3 idsvc; no ImagePath
S3 NAVENG; \??\C:\Program Files (x86)\Norton 360\NortonData\22.5.5.15\Definitions\SDSDefs\20170413.019\NAVENG.SYS [X]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.

#8 k_k

k_k
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 27 April 2017 - 12:05 AM

So, the 3rd line of the Farbar log that I submitted is C:\Users\51\Desktop. Is this where I should save the file? Silly question, I know...



#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:54 PM

Posted 27 April 2017 - 06:45 AM

Yes on your Desktop.

#10 k_k

k_k
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 27 April 2017 - 07:06 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 27-04-2017
Ran by 51 (27-04-2017 17:02:18) Run:1
Running from C:\Users\51\Desktop
Loaded Profiles: 51 (Available Profiles: 51)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
(Sapphire Technology Limited) C:\Program Files (x86)\Sapphire TRIXX\TRIXX.exe
HKU\S-1-5-21-2367461741-209785116-119980550-1000\...\Run: [Power2GoExpress10] => [X]
HKU\S-1-5-21-2367461741-209785116-119980550-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Power2GoExpress10] => [X]
CHR Extension: (Norton Security Toolbar) - C:\Users\51\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2017-03-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\51\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Chrome Media Router) - C:\Users\51\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-04]
U3 idsvc; no ImagePath
S3 NAVENG; \??\C:\Program Files (x86)\Norton 360\NortonData\22.5.5.15\Definitions\SDSDefs\20170413.019\NAVENG.SYS [X]
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Program Files (x86)\Sapphire TRIXX\TRIXX.exe => No running process found
HKU\S-1-5-21-2367461741-209785116-119980550-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Power2GoExpress10 => value not found.
HKU\S-1-5-21-2367461741-209785116-119980550-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Power2GoExpress10] => [X] => Error: No automatic fix found for this entry.
C:\Users\51\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe => moved successfully
C:\Users\51\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\51\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
HKLM\System\CurrentControlSet\Services\idsvc => key removed successfully
idsvc => service removed successfully
HKLM\System\CurrentControlSet\Services\NAVENG => could not remove key. Access Denied.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 9199616 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8512978 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 14369484 B
Edge => 68137887 B
Chrome => 340450340 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 71342 B
NetworkService => 7060 B
51 => 1300035536 B
 
RecycleBin => 7471167208 B
EmptyTemp: => 8.6 GB temporary data Removed.
 
================================
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 27-04-2017 17:03:33)
 
 
Result of scheduled keys to remove after reboot:
 
HKLM\System\CurrentControlSet\Services\NAVENG => could not remove key. Access Denied.
 
==== End of Fixlog 17:03:33 ====


#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:54 PM

Posted 27 April 2017 - 10:04 AM

Was your problem solved?

#12 k_k

k_k
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 27 April 2017 - 10:30 AM

I have no idea, lol.

 

That said, I haven't had any issues in the past couple of days, which is good news. Let's hope that it stays that way. If I do encounter and irregularities, I'll be sure to come back and ask for help. 

 

Thanks for your help, I know you guys volunteer here and I really do appreciate what people like you do for people like me!   

 

Take care and best wishes,

 

k_k



#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:54 PM

Posted 27 April 2017 - 12:38 PM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users