Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser opening to BestProSoft.com on computer launch


  • This topic is locked This topic is locked
22 replies to this topic

#1 OhSpazz

OhSpazz

  • Members
  • 12 posts
  • OFFLINE
  •  

Posted 26 April 2017 - 07:59 PM

my main browser will open up to BestProSoft.com when my computer restarts. very frusterating but this community seems very helpful so im taking my chances !

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-04-2017
Ran by owner (administrator) on OWNER-PC (26-04-2017 17:49:23)
Running from C:\Users\owner\Desktop
Loaded Profiles: owner (Available Profiles: owner & DefaultAppPool)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\vsserv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe
(Microsoft Corporation) C:\Windows\System32\SecurityHealthService.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\updatesrv.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
() C:\Program Files\pia_manager\pia_manager.exe
(IObit) C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe
(Koga Tech Ltd) C:\Program Files\Controller Companion\ControllerCompanion.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.14.662.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Azureus Software, Inc) C:\Program Files\Vuze\Azureus.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(hxxp://www.ruby-lang.org/) C:\Users\owner\AppData\Local\Temp\ocr3A1B.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_manager.exe
(hxxp://www.ruby-lang.org/) C:\Users\owner\AppData\Local\Temp\ocr84DF.tmp\bin\rubyw.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(The NWJS Community) C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe
(The NWJS Community) C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe
(The NWJS Community) C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe
() C:\Program Files\pia_manager\openvpn.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\bdagent.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(AgileBits Inc.) C:\Users\owner\AppData\Local\1Password\app\6\AgileBits.OnePassword.Desktop.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [THXCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15053944 2016-01-06] (Logitech Inc.)
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [1724024 2016-08-29] (Logitech, Inc.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-20] (CyberLink)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [28344776 2017-04-17] (Dropbox, Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\Run: [AirServer64] => C:\Program Files\App Dynamic\AirServer\AirServer.exe [6180360 2016-07-28] (App Dynamic ehf)
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\Run: [Lync] => C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe [23227584 2017-03-26] (Microsoft Corporation)
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\Run: [iFunBox] => C:\Program Files (x86)\i-Funbox DevTeam\iFunBox_x64.exe [2783232 2015-07-27] (i-Funbox.com)
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3019552 2017-04-20] (Valve Corporation)
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3639280 2016-04-27] (Electronic Arts)
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\Run: [KakaoTalk] => C:\Program Files (x86)\Kakao\KakaoTalk\KakaoTalk.exe [6678336 2016-03-14] (Kakao Corp. )
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\Run: [AirVideoServerHD] => C:\Program Files (x86)\AirVideoServer HD\AirVideoServerStarter.exe [2105144 2016-05-02] (inMethod)
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\Run: [KeepVidMusicService] => C:\Program Files (x86)\KeepVid\KeepVid Music\KeepVidMusicService.exe [16896 2016-09-20] (KeepVid)
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [611584 2016-03-09] (NETGEAR Inc.)
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\Run: [1Password 6] => C:\Users\owner\AppData\Local\1password\app\6\AgileBits.OnePassword.Desktop.exe [3159440 2017-04-27] (AgileBits Inc.)
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27545048 2017-03-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\Run: [Azureus] => C:\Program Files\Vuze\Azureus.exe [444552 2017-03-01] (Azureus Software, Inc)
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9363672 2017-02-07] (Piriform Ltd)
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\WLXPGSS.SCR [302448 2011-05-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2011-10-18]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2011-10-18]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2011-10-18]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
InternetURL: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download Latest Office 2016 Permanent Ultimate Activator.url -> URL: hxxp://bestprosoft.com/category/download-latest-best-professional-software-2016/
Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Slack.lnk [2016-08-26]
ShortcutTarget: Slack.lnk -> C:\Users\owner\AppData\Local\slack\Update.exe ()
Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start_process.bat.lnk [2016-07-22]
ShortcutTarget: start_process.bat.lnk -> C:\Program Files (x86)\TraktForVLC\windows_batch\start_process.bat ()
BootExecute: dfboottime \??\C:\WINDOWS\System32\dfboottime.cfgautocheck autochk *
GroupPolicy: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: [S-1-5-21-2097371829-1539454751-4000040218-1000] => localhost:8031
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{38ad25ad-f374-447e-8a19-8d96d3ceeb80}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{68a19479-9cee-4744-8110-47c48d82d8d4}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{c1566a09-2b9b-47d6-8c1b-4c3e4d2a5799}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{ee521803-393f-42b0-bf5f-ce77ea13ae2f}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2016-05-23] (IObit)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-03-05] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-04-21] (Oracle Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-03-05] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-21] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-03-05] (Microsoft Corporation)
BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\ProgramData\Wondershare\Video Converter Ultimate\WSBrowserAppMgr.dll [2017-02-16] (Wondershare)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-03-05] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-05] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-05] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-05] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-05] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\2yw0kolw.default-1487495640956 [2017-04-26]
FF Extension: (1Password) - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\2yw0kolw.default-1487495640956\Extensions\onepassword4@agilebits.com.xpi [2017-02-19]
FF HKLM\...\Firefox\Extensions: [bdwteffv20@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\antispam32\bdwteff
FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender 2017\antispam32\bdwteff [2017-04-26]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext [2017-01-19] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com
FF Extension: (Wondershare Video Converter Ultimate) - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com [2017-04-01] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2016-10-01] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [bdwteffv20@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\antispam32\bdwteff
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll [2017-04-12] ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [2011-09-21] (Best Buy)
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-21] (Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-06-08] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-12] ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [2011-09-21] (Best Buy)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-03-05] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-03-05] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2015-08-06] (Nexon)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-06-08] (Adobe Systems)
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [737984 2016-06-03] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2245232 2017-04-19] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S3 AsusUacSvc; C:\Program Files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe [113840 2010-07-27] () [File not signed]
S3 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\57.0.2987.37\remoting_host.exe [72024 2017-02-07] (Google Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3737792 2017-03-26] (Microsoft Corporation)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2015-06-17] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2015-06-17] (Creative Labs) [File not signed]
S3 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-06-09] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-06-09] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [48944 2017-04-17] (Dropbox, Inc.)
R2 DevMgmtService; C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe [100448 2017-04-20] (Bitdefender)
R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [498688 2011-06-14] (Red Bend Ltd.) [File not signed]
S3 ExpressVpnService; C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe [331264 2015-04-28] () [File not signed]
S2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [359200 2016-09-28] (IObit)
S3 JumpConnect; C:\Program Files (x86)\Phase Five Systems\Jump Desktop Connect\5.1.5.0\JumpConnect.exe [401240 2017-04-20] (Phase Five Systems)
S3 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193144 2016-01-06] (Logitech Inc.)
S3 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2016-03-09] (NETGEAR)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-05-02] (NVIDIA Corporation)
S3 NzbDrone; C:\ProgramData\NzbDrone\bin\nzbdrone.console.exe [25088 2017-04-06] (sonarr.tv) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2120712 2016-04-27] (Electronic Arts)
S3 ose; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [198192 2017-03-25] (Microsoft Corporation) [File not signed]
R2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [1986536 2017-04-12] (Plex, Inc.)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1230824 2017-02-22] (Bitdefender)
S3 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [146256 2017-01-05] (Razer Inc)
S3 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [183168 2017-01-09] (Razer Inc.)
S3 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [252688 2017-01-17] (Razer Inc.)
S3 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
S3 tvnserver; C:\Program Files\TightVNC\tvnserver.exe [2179056 2013-07-19] (GlavSoft LLC.)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2017\updatesrv.exe [218416 2017-04-24] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2017\vsserv.exe [1424224 2017-04-24] (Bitdefender)
R2 vsservp; C:\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe [524872 2016-08-25] (Bitdefender)
R3 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1049464 2016-04-19] (Western Digital Technologies, Inc.)
R3 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [314744 2016-04-19] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [986112 2011-06-14] (Intel® Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)
S3 wlpasvc; C:\WINDOWS\System32\lpasvc.dll [1295360 2017-03-18] (Microsoft Corporation)
S3 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.3.1.204\WsAppService.exe [437392 2016-11-16] (Wondershare)
S3 WsDrvInst; C:\Program Files (x86)\KeepVid\KeepVid Music\DriverInstall.exe [122528 2016-09-20] (Wondershare)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 avc3; C:\WINDOWS\System32\DRIVERS\avc3.sys [1605376 2016-09-20] (BitDefender)
R3 avckf; C:\WINDOWS\System32\DRIVERS\avckf.sys [878072 2016-09-20] (BitDefender)
S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [23672 2016-03-14] (Bitdefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [128400 2016-06-24] (BitDefender LLC)
R1 BDVEDISK; C:\WINDOWS\system32\DRIVERS\bdvedisk.sys [87912 2015-12-04] (BitDefender)
R3 Btcsrusb; C:\WINDOWS\System32\Drivers\btcusb.sys [53776 2016-06-13] (IVT Corporation.)
S3 clwvd6; C:\WINDOWS\system32\DRIVERS\clwvd6.sys [41400 2015-08-31] (CyberLink Corporation)
S3 clwvd7; C:\WINDOWS\system32\DRIVERS\clwvd7.sys [42968 2015-03-24] (CyberLink Corporation)
S3 CySmb; C:\WINDOWS\System32\drivers\cysmb.sys [10752 2016-01-16] (Cypress Semiconductor, Inc.) [File not signed]
S3 EagleX64; C:\WINDOWS\system32\drivers\EagleX64.sys [174728 2015-10-12] (AhnLab, Inc.)
R3 FLxHCIh; C:\WINDOWS\System32\drivers\FLxHCIh.sys [77040 2012-11-07] (Fresco Logic)
R0 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [182944 2016-10-29] (BitDefender LLC)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-09-11] (REALiX™)
S3 iaLPSS2i_GPIO2_BXT_P; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [85504 2017-03-18] (Intel Corporation)
S3 iaLPSS2i_I2C_BXT_P; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [168448 2017-03-18] (Intel Corporation)
R0 ignis; C:\WINDOWS\system32\DRIVERS\ignis.sys [305120 2017-03-20] (Bitdefender)
R3 kbfiltr; C:\WINDOWS\System32\drivers\kbfiltr.sys [15416 2009-07-20] ( )
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [68384 2015-06-10] (Logitech Inc.)
S3 lgLowAudio; C:\WINDOWS\system32\drivers\lgLowAudio.sys [26264 2015-11-20] (Logitech Inc.)
S3 libusb0; C:\WINDOWS\System32\drivers\libusb0.sys [32808 2009-03-18] (hxxp://libusb-win32.sourceforge.net) [File not signed]
S3 libusb0; C:\Windows\SysWOW64\drivers\libusb0.sys [16896 2007-03-20] (hxxp://libusb-win32.sourceforge.net) [File not signed]
R3 NETwNe64; C:\WINDOWS\System32\drivers\NETwew00.sys [3352336 2016-01-16] (Intel Corporation)
R2 NPF; C:\WINDOWS\system32\drivers\npf.sys [35344 2016-10-17] (CACE Technologies, Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_07462d9384409609\nvlddmkm.sys [14249416 2016-10-31] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-05-02] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [46016 2017-01-18] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [955424 2017-01-18] (Realtek                                            )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [418784 2016-10-31] (Realsil Semiconductor Corporation)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [137840 2016-06-01] (Razer, Inc.)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [520032 2016-06-22] (BitDefender S.R.L.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
U3 dmwappushsvc; no ImagePath
U3 idsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
NETSVCx32: TokenBroker -> C:\Windows\SysWOW64\TokenBroker.dll (Microsoft Corporation)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-26 17:49 - 2017-04-26 17:50 - 00034060 _____ C:\Users\owner\Desktop\FRST.txt
2017-04-26 17:48 - 2017-04-26 17:49 - 00000000 ____D C:\FRST
2017-04-26 17:48 - 2017-04-26 17:48 - 02427392 _____ (Farbar) C:\Users\owner\Desktop\FRST64.exe
2017-04-26 17:35 - 2017-04-26 17:35 - 00003024 _____ C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (owner)
2017-04-26 17:33 - 2017-04-26 17:33 - 00008192 _____ C:\WINDOWS\SysWOW64\WDPABKP.dat
2017-04-26 17:32 - 2017-04-26 17:32 - 00007749 _____ C:\Users\owner\Desktop\AdwCleaner[C0].txt
2017-04-26 17:26 - 2017-04-26 17:29 - 00000000 ____D C:\AdwCleaner
2017-04-26 16:18 - 2017-04-26 16:18 - 00001477 _____ C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\1Password 6.lnk
2017-04-26 16:04 - 2017-04-26 16:04 - 00040612 _____ C:\ProgramData\dm.update.1493247873.bdinstall.bin
2017-04-26 12:40 - 2017-04-26 12:40 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2017-04-26 12:01 - 2017-04-26 12:01 - 00000000 ____D C:\Program Files\Malwarebytes
2017-04-26 11:40 - 2017-04-03 09:56 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-04-26 11:40 - 2017-04-03 09:56 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-04-26 11:36 - 2017-04-26 11:36 - 00000258 __RSH C:\ProgramData\ntuser.pol
2017-04-26 11:35 - 2017-04-26 11:35 - 00103424 _____ C:\WINDOWS\system32\dfboottime.exe
2017-04-26 11:35 - 2017-04-26 11:35 - 00000871 _____ C:\WINDOWS\system32\dfboottime.cfg
2017-04-26 08:04 - 2017-04-26 08:05 - 00000000 ____D C:\Program Files\Defraggler
2017-04-26 08:04 - 2017-04-26 08:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
2017-04-25 22:27 - 2017-04-25 22:27 - 23680512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 21353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 20506112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 20374424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 19335168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 11870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 08321440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-04-25 22:27 - 2017-04-25 22:27 - 08246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 06296064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 04848440 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-04-25 22:27 - 2017-04-25 22:27 - 04446208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 02859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 02651648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 02635336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 02435584 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 02298880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 02158544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 02077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-04-25 22:27 - 2017-04-25 22:27 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-04-25 22:27 - 2017-04-25 22:27 - 01885696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 01803264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 01657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 01628160 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 01627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 01605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 01604312 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 01600512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 01583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 01518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 01506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 01463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 01433600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 01356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 01323880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 01320352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 01295872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 01291776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 01269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-04-25 22:27 - 2017-04-25 22:27 - 01257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 01242624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00986592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00974848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaserver.exe
2017-04-25 22:27 - 2017-04-25 22:27 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00805376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-04-25 22:27 - 2017-04-25 22:27 - 00750080 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00741784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00716440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-04-25 22:27 - 2017-04-25 22:27 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00673112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-04-25 22:27 - 2017-04-25 22:27 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-04-25 22:27 - 2017-04-25 22:27 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-04-25 22:27 - 2017-04-25 22:27 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-04-25 22:27 - 2017-04-25 22:27 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00387416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-04-25 22:27 - 2017-04-25 22:27 - 00364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsDocumentTargetPrint.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-04-25 22:27 - 2017-04-25 22:27 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsDocumentTargetPrint.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-04-25 22:27 - 2017-04-25 22:27 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00206232 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00105456 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00095584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvps.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00000000 ____D C:\Windows.old
2017-04-25 22:26 - 2017-04-25 22:26 - 06761048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 05477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 04469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-04-25 22:26 - 2017-04-25 22:26 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 03672064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-04-25 22:26 - 2017-04-25 22:26 - 02957824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-04-25 22:26 - 2017-04-25 22:26 - 02444184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-04-25 22:26 - 2017-04-25 22:26 - 02443776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 02085280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-04-25 22:26 - 2017-04-25 22:26 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 01760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 01611776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 01411640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 01285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 01147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-04-25 22:26 - 2017-04-25 22:26 - 01103872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 01074688 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 01024416 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-04-25 22:26 - 2017-04-25 22:26 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaserver.exe
2017-04-25 22:26 - 2017-04-25 22:26 - 00712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-04-25 22:26 - 2017-04-25 22:26 - 00667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 00651680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-04-25 22:26 - 2017-04-25 22:26 - 00626520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-04-25 22:26 - 2017-04-25 22:26 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 00524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 00523296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-04-25 22:26 - 2017-04-25 22:26 - 00409504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-04-25 22:26 - 2017-04-25 22:26 - 00392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-04-25 22:26 - 2017-04-25 22:26 - 00354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 00311192 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Preview.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 00142240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-04-25 22:26 - 2017-04-25 22:26 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2017-04-25 22:26 - 2017-04-25 22:26 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 00038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-04-25 22:26 - 2017-04-25 22:26 - 00032004 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-04-25 22:26 - 2017-04-25 22:26 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-04-25 22:25 - 2017-04-25 22:25 - 00543648 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-04-25 22:25 - 2017-04-25 22:25 - 00388000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-04-25 22:25 - 2017-04-25 21:30 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2017-04-25 22:24 - 2017-04-25 22:24 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2017-04-25 22:24 - 2017-04-25 22:24 - 00000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2017-04-25 22:24 - 2017-04-25 22:24 - 00000000 ____D C:\WINDOWS\system32\msmq
2017-04-25 22:24 - 2017-04-25 22:24 - 00000000 ____D C:\WINDOWS\system32\BestPractices
2017-04-25 22:24 - 2017-04-25 22:24 - 00000000 ____D C:\Program Files\Reference Assemblies
2017-04-25 22:24 - 2017-04-25 22:24 - 00000000 ____D C:\Program Files\MSBuild
2017-04-25 22:24 - 2017-04-25 22:24 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-04-25 22:24 - 2017-04-25 22:24 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-04-25 22:24 - 2017-04-25 22:24 - 00000000 ____D C:\inetpub
2017-04-25 22:23 - 2017-02-10 12:26 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-04-25 22:23 - 2017-02-10 12:26 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-04-25 22:23 - 2017-02-10 12:26 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-04-25 22:23 - 2017-02-10 12:21 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2017-04-25 22:23 - 2017-02-10 12:21 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-04-25 22:23 - 2017-02-10 12:21 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2017-04-25 22:04 - 2017-04-25 22:04 - 00002409 _____ C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-04-25 22:04 - 2017-04-25 22:04 - 00000000 ____D C:\Users\owner\AppData\Local\DBG
2017-04-25 22:04 - 2017-04-25 22:04 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2017-04-25 22:02 - 2017-04-25 22:02 - 00000020 ___SH C:\Users\owner\ntuser.ini
2017-04-25 21:48 - 2017-04-25 21:48 - 00000000 ____D C:\ProgramData\USOShared
2017-04-25 21:43 - 2017-04-25 21:43 - 00000000 _SHDL C:\Users\Default\My Documents
2017-04-25 21:41 - 2017-04-25 21:42 - 00011433 _____ C:\WINDOWS\diagwrn.xml
2017-04-25 21:41 - 2017-04-25 21:42 - 00011433 _____ C:\WINDOWS\diagerr.xml
2017-04-25 21:40 - 2017-04-26 17:37 - 00004154 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{06D40BE4-AC98-49A5-B531-417442DE378C}
2017-04-25 21:40 - 2017-04-26 17:30 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-04-25 21:40 - 2017-04-26 11:45 - 00004392 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-04-25 21:40 - 2017-04-26 11:45 - 00003970 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2017-04-25 21:40 - 2017-04-26 11:45 - 00003800 _____ C:\WINDOWS\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2017-04-25 21:40 - 2017-04-26 11:45 - 00003738 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2017-04-25 21:40 - 2017-04-26 11:45 - 00003728 _____ C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-cameron_breon@hotmail.com
2017-04-25 21:40 - 2017-04-26 11:45 - 00003264 _____ C:\WINDOWS\System32\Tasks\Adobe Uninstaller
2017-04-25 21:40 - 2017-04-26 11:45 - 00003080 _____ C:\WINDOWS\System32\Tasks\ASUS SmartLogon Console Sensor
2017-04-25 21:40 - 2017-04-26 11:45 - 00003034 _____ C:\WINDOWS\System32\Tasks\ATKOSD2
2017-04-25 21:40 - 2017-04-26 11:44 - 00003280 _____ C:\WINDOWS\System32\Tasks\ASUS Patch 10430001
2017-04-25 21:40 - 2017-04-26 11:44 - 00003110 _____ C:\WINDOWS\System32\Tasks\ACMON
2017-04-25 21:40 - 2017-04-26 11:44 - 00003090 _____ C:\WINDOWS\System32\Tasks\ASUS P4G
2017-04-25 21:40 - 2017-04-25 21:40 - 00003344 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-25 21:40 - 2017-04-25 21:40 - 00003120 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-25 21:40 - 2017-04-25 21:40 - 00002688 _____ C:\WINDOWS\System32\Tasks\SmartDefrag_AutoAnalyze
2017-04-25 21:40 - 2017-04-25 21:40 - 00002586 _____ C:\WINDOWS\System32\Tasks\Plex VPN Bypass
2017-04-25 21:40 - 2017-04-25 21:40 - 00002568 _____ C:\WINDOWS\System32\Tasks\Driver Booster Scheduler
2017-04-25 21:40 - 2017-04-25 21:40 - 00002496 _____ C:\WINDOWS\System32\Tasks\Private Internet Access Startup
2017-04-25 21:40 - 2017-04-25 21:40 - 00002450 _____ C:\WINDOWS\System32\Tasks\SmartDefrag_Startup
2017-04-25 21:40 - 2017-04-25 21:40 - 00002450 _____ C:\WINDOWS\System32\Tasks\IObitSelfCheckTask
2017-04-25 21:40 - 2017-04-25 21:40 - 00002446 _____ C:\WINDOWS\System32\Tasks\SmartDefrag_Update
2017-04-25 21:40 - 2017-04-25 21:40 - 00002388 _____ C:\WINDOWS\System32\Tasks\Bitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C
2017-04-25 21:40 - 2017-04-25 21:40 - 00002346 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_ListenToDevice
2017-04-25 21:40 - 2017-04-25 21:40 - 00002280 _____ C:\WINDOWS\System32\Tasks\RTKCPL
2017-04-25 21:40 - 2017-04-25 21:40 - 00002230 _____ C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_owner
2017-04-25 21:40 - 2017-04-25 21:40 - 00002220 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-04-25 21:40 - 2017-04-25 21:40 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2017-04-25 21:40 - 2017-04-25 21:40 - 00000000 ____D C:\WINDOWS\System32\Tasks\Western Digital
2017-04-25 21:40 - 2017-04-25 21:40 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2017-04-25 21:36 - 2017-04-25 21:36 - 00001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-04-25 21:33 - 2017-04-25 21:33 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2017-04-25 21:32 - 2017-04-26 13:02 - 00000000 ____D C:\Users\owner
2017-04-25 21:32 - 2017-04-26 12:40 - 00000000 ____D C:\Users\DefaultAppPool
2017-04-25 21:32 - 2017-04-25 21:37 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-04-25 21:32 - 2017-04-25 21:32 - 00000000 _SHDL C:\Users\owner\My Documents
2017-04-25 21:32 - 2017-04-25 21:32 - 00000000 _SHDL C:\Users\DefaultAppPool\My Documents
2017-04-25 21:32 - 2017-03-18 13:56 - 02233344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-04-25 21:31 - 2017-04-26 17:36 - 01175502 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-04-25 21:31 - 2017-04-25 21:33 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-04-25 21:31 - 2017-04-25 21:33 - 00000000 ____D C:\ProgramData\NVIDIA
2017-04-25 21:31 - 2017-04-25 21:33 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-04-25 21:31 - 2017-04-25 21:31 - 00975864 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2017-04-25 21:31 - 2017-04-25 21:31 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-04-25 21:31 - 2017-04-25 21:31 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2017-04-25 21:31 - 2017-04-25 21:31 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_bpusb_01007.Wdf
2017-04-25 21:31 - 2017-04-25 21:31 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2017-04-25 21:31 - 2017-04-25 21:31 - 00000000 ____D C:\Program Files\Synaptics
2017-04-25 21:31 - 2016-10-01 12:53 - 07422645 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-04-25 21:31 - 2016-10-01 12:53 - 06385720 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-04-25 21:31 - 2016-10-01 12:53 - 02473408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-04-25 21:31 - 2016-10-01 12:53 - 01762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-04-25 21:31 - 2016-10-01 12:53 - 01364024 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2017-04-25 21:31 - 2016-10-01 12:53 - 00546752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-04-25 21:31 - 2016-10-01 12:53 - 00393784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-04-25 21:31 - 2016-10-01 12:53 - 00081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-04-25 21:31 - 2016-10-01 12:53 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-04-25 21:30 - 2017-04-26 17:07 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-04-25 21:30 - 2017-04-26 11:36 - 05024592 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-04-25 21:30 - 2017-04-25 21:30 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_bpenum_01007.Wdf
2017-04-25 21:30 - 2017-04-25 21:30 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-04-25 21:30 - 2017-04-25 21:30 - 00000000 ____D C:\Program Files\Realtek
2017-04-25 21:08 - 2016-03-25 14:33 - 00128288 _____ (IObit) C:\WINDOWS\system32\IObitSmartDefragExtension.dll
2017-04-25 20:59 - 2017-03-18 14:38 - 00395220 __RSH C:\bootmgr
2017-04-25 20:59 - 2017-03-18 14:38 - 00000001 ___SH C:\BOOTNXT
2017-04-25 20:55 - 2017-04-25 21:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag
2017-04-25 20:55 - 2016-03-22 11:02 - 00036824 _____ (IObit) C:\WINDOWS\system32\SmartDefragBootTime.exe
2017-04-25 20:48 - 2017-04-25 22:02 - 00000000 ___DC C:\WINDOWS\Panther
2017-04-25 20:48 - 2017-04-25 20:55 - 00000000 ___HD C:\$WINDOWS.~BT
2017-04-25 20:46 - 2017-04-25 20:48 - 00000036 _____ C:\WINDOWS\progress.ini
2017-04-25 20:39 - 2017-04-25 22:02 - 00000000 ___HD C:\$GetCurrent
2017-04-25 20:39 - 2017-04-25 22:02 - 00000000 ____D C:\Windows10Upgrade
2017-04-25 20:39 - 2017-04-25 20:39 - 00000753 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Upgrade Assistant.lnk
2017-04-22 05:47 - 2017-04-22 05:47 - 00001452 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jump Desktop Connect.lnk
2017-04-21 14:57 - 2017-04-21 14:57 - 00000000 ____D C:\Users\owner\AppData\Roaming\Google
2017-04-21 14:57 - 2017-04-21 14:56 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2017-04-20 13:26 - 2017-04-25 21:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-04-18 10:31 - 2017-04-26 17:33 - 00000000 ____D C:\Program Files\KMSpico
2017-04-18 10:31 - 2017-04-18 10:31 - 00004608 _____ C:\WINDOWS\SECOH-QAD.exe
2017-04-18 10:31 - 2017-04-18 10:31 - 00003584 _____ C:\WINDOWS\SECOH-QAD.dll
2017-04-17 10:48 - 2017-04-25 21:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
2017-04-17 10:48 - 2017-04-17 10:48 - 00000000 ____D C:\Program Files (x86)\Plex
2017-04-17 08:14 - 2017-04-17 08:14 - 00048944 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-04-13 13:48 - 2017-03-27 22:37 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DdcWnsListener.dll
2017-04-13 13:48 - 2017-03-27 22:28 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-04-02 13:53 - 2017-04-02 13:53 - 00000000 ____D C:\Users\owner\AppData\Roaming\ImgBurn
2017-04-02 13:52 - 2017-04-25 21:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
2017-04-02 13:52 - 2017-04-02 13:52 - 00001952 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
2017-04-02 13:52 - 2017-04-02 13:52 - 00000000 ____D C:\Program Files (x86)\ImgBurn
2017-04-02 13:03 - 2017-04-25 20:53 - 00000000 ____D C:\ProgramData\Freemake
2017-04-02 13:03 - 2017-04-02 13:03 - 00000000 ____D C:\Users\owner\AppData\Roaming\dvdcss
2017-04-02 13:03 - 2017-04-02 13:03 - 00000000 ____D C:\Users\owner\AppData\Local\FreemakeVideoConverter
2017-04-02 12:47 - 2017-04-02 12:47 - 00000000 ____D C:\Users\owner\AppData\Roaming\HandBrake Team
2017-04-01 02:14 - 2016-11-10 15:20 - 00000232 _____ C:\WINDOWS\SysWOW64\dllhost.exe.config
2017-04-01 02:12 - 2015-02-27 14:38 - 00721263 _____ () C:\WINDOWS\SysWOW64\WSCM64.dll
2017-04-01 02:12 - 2015-02-27 14:38 - 00214528 _____ () C:\WINDOWS\SysWOW64\WSCM32.dll
2017-04-01 01:48 - 2017-04-25 21:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-04-01 01:48 - 2017-04-21 14:57 - 00000000 ____D C:\Program Files\Java
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-26 17:45 - 2015-09-18 13:06 - 00000000 ____D C:\Users\owner\AppData\Roaming\Azureus
2017-04-26 17:31 - 2016-01-16 14:57 - 00000000 ____D C:\Program Files\Bitdefender Agent
2017-04-26 17:30 - 2017-03-18 04:40 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-04-26 17:30 - 2016-01-16 15:04 - 00102960 _____ C:\bdlog.txt
2017-04-26 17:29 - 2016-01-16 09:55 - 00000000 ____D C:\Users\owner\AppData\LocalLow\IObit
2017-04-26 16:05 - 2016-02-13 12:37 - 00000000 ____D C:\Users\owner\AppData\Local\Plex Media Server
2017-04-26 16:05 - 2015-08-29 03:40 - 00000000 ____D C:\Users\owner\AppData\Local\Google
2017-04-26 16:05 - 2015-08-29 03:40 - 00000000 ____D C:\Program Files (x86)\Google
2017-04-26 16:04 - 2016-10-31 05:04 - 00000000 ____D C:\Users\owner\AppData\Local\ConnectedDevicesPlatform
2017-04-26 15:52 - 2017-03-18 14:03 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2017-04-26 15:52 - 2017-03-18 14:03 - 00000000 ___RD C:\WINDOWS\Offline Web Pages
2017-04-26 15:16 - 2011-10-18 10:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2017-04-26 15:16 - 2011-10-18 10:32 - 00000000 ____D C:\Program Files (x86)\ASUS
2017-04-26 12:20 - 2016-09-25 15:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeepVid
2017-04-26 12:20 - 2016-09-25 15:14 - 00000000 ____D C:\Program Files (x86)\KeepVid
2017-04-26 12:15 - 2016-01-16 09:55 - 00000000 ____D C:\Users\owner\AppData\Roaming\IObit
2017-04-26 12:15 - 2016-01-16 09:55 - 00000000 ____D C:\ProgramData\ProductData
2017-04-26 12:15 - 2016-01-16 09:55 - 00000000 ____D C:\ProgramData\IObit
2017-04-26 12:15 - 2016-01-16 09:55 - 00000000 ____D C:\Program Files (x86)\IObit
2017-04-26 12:15 - 2015-08-29 03:29 - 00000924 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2017-04-26 12:15 - 2015-08-29 03:29 - 00000920 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2017-04-26 12:14 - 2016-08-04 23:55 - 00000000 ____D C:\Users\owner\AppData\Local\Spotify
2017-04-26 12:13 - 2016-11-01 02:14 - 00000000 ____D C:\ProgramData\NzbDrone
2017-04-26 11:40 - 2017-03-18 13:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-04-26 11:37 - 2016-08-04 23:54 - 00000000 ____D C:\Users\owner\AppData\Roaming\Spotify
2017-04-26 09:41 - 2017-03-18 14:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-04-26 09:41 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-04-26 09:39 - 2017-03-18 14:01 - 00000000 ____D C:\WINDOWS\INF
2017-04-26 08:21 - 2016-02-17 09:56 - 00000000 ____D C:\ProgramData\TechSmith
2017-04-26 08:21 - 2016-02-17 09:56 - 00000000 ____D C:\Program Files (x86)\QuickTime
2017-04-26 08:20 - 2016-03-08 18:50 - 00000000 ____D C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-04-26 08:20 - 2016-03-08 18:47 - 00000000 ____D C:\Program Files (x86)\Steam
2017-04-26 08:14 - 2016-01-16 08:52 - 00000000 ____D C:\Users\owner\AppData\Roaming\Stardock
2017-04-26 08:13 - 2016-01-16 08:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
2017-04-26 03:45 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\appcompat
2017-04-26 02:00 - 2015-06-17 22:33 - 00000000 ____D C:\Users\owner\AppData\Local\Adobe
2017-04-25 22:29 - 2017-03-18 14:03 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-04-25 22:27 - 2017-03-18 14:06 - 00000000 ____D C:\WINDOWS\Setup
2017-04-25 22:27 - 2017-03-18 14:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-04-25 22:27 - 2017-03-18 14:03 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-04-25 22:27 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-04-25 22:27 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-04-25 22:27 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-04-25 22:27 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-04-25 22:27 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\Provisioning
2017-04-25 22:27 - 2017-03-18 14:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-04-25 22:27 - 2017-03-18 14:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-04-25 22:27 - 2017-03-18 04:40 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-04-25 22:24 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2017-04-25 22:23 - 2017-03-18 13:59 - 00611840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqsnap.dll
2017-04-25 22:23 - 2017-03-18 13:59 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqutil.dll
2017-04-25 22:23 - 2017-03-18 13:59 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.dll
2017-04-25 22:23 - 2017-03-18 13:59 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2017-04-25 22:23 - 2017-03-18 13:59 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2017-04-25 22:23 - 2017-03-18 13:59 - 00156160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqrt.dll
2017-04-25 22:23 - 2017-03-18 13:59 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.tlb
2017-04-25 22:23 - 2017-03-18 13:59 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa30.tlb
2017-04-25 22:23 - 2017-03-18 13:59 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa20.tlb
2017-04-25 22:23 - 2017-03-18 13:59 - 00054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2017-04-25 22:23 - 2017-03-18 13:59 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2017-04-25 22:23 - 2017-03-18 13:59 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2017-04-25 22:23 - 2017-03-18 13:59 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa10.tlb
2017-04-25 22:23 - 2017-03-18 13:59 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2017-04-25 22:23 - 2017-03-18 13:59 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2017-04-25 22:23 - 2017-03-18 13:59 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2017-04-25 22:23 - 2017-03-18 13:59 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2017-04-25 22:23 - 2017-03-18 13:59 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqcertui.dll
2017-04-25 22:23 - 2017-03-18 13:59 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\cngkeyhelper.dll
2017-04-25 22:23 - 2017-03-18 13:59 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2017-04-25 22:23 - 2017-03-18 13:59 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2017-04-25 22:23 - 2017-03-18 13:59 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cngkeyhelper.dll
2017-04-25 22:23 - 2017-03-18 13:59 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2017-04-25 22:23 - 2017-03-18 13:59 - 00009096 _____ C:\WINDOWS\SysWOW64\msmqtrc.mof
2017-04-25 22:23 - 2017-03-18 13:56 - 01380352 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll
2017-04-25 22:23 - 2017-03-18 13:56 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsnap.dll
2017-04-25 22:23 - 2017-03-18 13:56 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqutil.dll
2017-04-25 22:23 - 2017-03-18 13:56 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.dll
2017-04-25 22:23 - 2017-03-18 13:56 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqrt.dll
2017-04-25 22:23 - 2017-03-18 13:56 - 00177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys
2017-04-25 22:23 - 2017-03-18 13:56 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqlogmgr.dll
2017-04-25 22:23 - 2017-03-18 13:56 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.tlb
2017-04-25 22:23 - 2017-03-18 13:56 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa30.tlb
2017-04-25 22:23 - 2017-03-18 13:56 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa20.tlb
2017-04-25 22:23 - 2017-03-18 13:56 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqbkup.exe
2017-04-25 22:23 - 2017-03-18 13:56 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa10.tlb
2017-04-25 22:23 - 2017-03-18 13:56 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
2017-04-25 22:23 - 2017-03-18 13:56 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcertui.dll
2017-04-25 22:23 - 2017-03-18 13:56 - 00009096 _____ C:\WINDOWS\system32\msmqtrc.mof
2017-04-25 22:18 - 2015-08-05 21:45 - 00000000 ____D C:\Users\owner\AppData\Local\Packages
2017-04-25 22:04 - 2015-08-05 21:46 - 00000000 ___RD C:\Users\owner\OneDrive
2017-04-25 22:02 - 2017-03-18 14:03 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-04-25 22:02 - 2015-08-05 21:45 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-04-25 21:48 - 2017-03-18 14:03 - 00000000 ____D C:\ProgramData\USOPrivate
2017-04-25 21:42 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-04-25 21:40 - 2017-03-18 19:31 - 00000000 ____D C:\WINDOWS\HoloShell
2017-04-25 21:40 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\Registration
2017-04-25 21:40 - 2015-08-05 21:44 - 00022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-04-25 21:39 - 2017-03-18 14:03 - 00000000 __RSD C:\WINDOWS\Media
2017-04-25 21:39 - 2017-03-18 14:03 - 00000000 __RHD C:\Users\Public\Libraries
2017-04-25 21:39 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-04-25 21:38 - 2017-03-18 14:03 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-04-25 21:37 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-04-25 21:37 - 2017-03-18 04:40 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-04-25 21:37 - 2016-10-31 04:51 - 00000000 ____D C:\Program Files\Common Files\logishrd
2017-04-25 21:37 - 2016-06-21 14:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.5.1
2017-04-25 21:37 - 2016-06-03 10:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat
2017-04-25 21:37 - 2016-05-30 02:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\vShare Helper
2017-04-25 21:37 - 2016-05-15 21:13 - 00000000 ____D C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Private Internet Access
2017-04-25 21:37 - 2016-05-12 21:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Air Video Server HD
2017-04-25 21:37 - 2016-05-03 10:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2017-04-25 21:37 - 2016-05-02 11:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TightVNC
2017-04-25 21:37 - 2016-04-21 10:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2
2017-04-25 21:37 - 2016-04-14 16:12 - 00000000 ____D C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TransMac
2017-04-25 21:37 - 2016-03-25 09:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cygwin
2017-04-25 21:37 - 2016-03-16 09:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KakaoTalk
2017-04-25 21:37 - 2016-03-15 10:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2017-04-25 21:37 - 2016-03-08 18:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2017-04-25 21:37 - 2016-03-05 19:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TinyUmbrella
2017-04-25 21:37 - 2016-03-01 22:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2017-04-25 21:37 - 2016-02-23 12:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bulk Rename Utility
2017-04-25 21:37 - 2016-02-23 12:01 - 00000000 ____D C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
2017-04-25 21:37 - 2016-02-23 12:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
2017-04-25 21:37 - 2016-02-23 11:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LameXP v4.13
2017-04-25 21:37 - 2016-02-22 12:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\i-Funbox DevTeam
2017-04-25 21:37 - 2016-01-22 17:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-04-25 21:37 - 2016-01-21 21:40 - 00000000 ____D C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
2017-04-25 21:37 - 2016-01-16 14:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2017-04-25 21:37 - 2016-01-12 16:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExpressVPN
2017-04-25 21:37 - 2015-10-12 10:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2017-04-25 21:37 - 2015-09-22 03:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bonjour Print Services
2017-04-25 21:37 - 2015-09-10 22:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Red Giant
2017-04-25 21:37 - 2015-09-10 22:15 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-04-25 21:37 - 2015-08-29 00:05 - 00000000 ____D C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-04-25 21:37 - 2015-08-29 00:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-04-25 21:37 - 2015-06-17 21:44 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Media Suite
2017-04-25 21:37 - 2015-06-17 21:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Best Buy Connect
2017-04-25 21:37 - 2015-06-17 21:31 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2017-04-25 21:37 - 2015-06-17 21:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility
2017-04-25 21:37 - 2011-10-18 10:31 - 00000000 ____D C:\WINDOWS\en
2017-04-25 21:37 - 2011-10-18 10:29 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2017-04-25 21:37 - 2011-10-18 10:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-04-25 21:33 - 2017-03-24 09:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-04-25 21:33 - 2017-03-18 14:03 - 00000000 __SHD C:\Program Files\Windows Sidebar
2017-04-25 21:33 - 2017-03-18 14:03 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2017-04-25 21:33 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-04-25 21:33 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2017-04-25 21:33 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-04-25 21:33 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\system32\spool
2017-04-25 21:33 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-04-25 21:33 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-04-25 21:33 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\system32\IME
2017-04-25 21:33 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\schemas
2017-04-25 21:33 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-04-25 21:33 - 2017-03-18 14:03 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-04-25 21:33 - 2017-02-22 08:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TunesKit for Windows
2017-04-25 21:33 - 2017-02-07 04:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-04-25 21:33 - 2017-02-05 14:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2017
2017-04-25 21:33 - 2016-11-07 14:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\X2Go Client for Windows
2017-04-25 21:33 - 2016-11-01 02:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sonarr
2017-04-25 21:33 - 2016-10-31 05:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
2017-04-25 21:33 - 2016-10-31 02:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 4
2017-04-25 21:33 - 2016-10-17 06:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TakeOwnershipEx
2017-04-25 21:33 - 2016-08-06 18:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2017-04-25 21:33 - 2016-08-06 00:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AirServer Universal (x64)
2017-04-25 21:33 - 2016-07-06 15:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2017-04-25 21:33 - 2016-06-02 08:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sonos
2017-04-25 21:33 - 2016-06-02 08:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2017-04-25 21:33 - 2016-05-12 14:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
2017-04-25 21:33 - 2016-03-29 13:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blender Foundation
2017-04-25 21:33 - 2016-03-25 17:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2017-04-25 21:33 - 2016-03-25 09:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cygwin-X
2017-04-25 21:33 - 2016-02-28 20:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMazing
2017-04-25 21:33 - 2015-08-06 08:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon
2017-04-25 21:33 - 2015-06-17 21:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio
2017-04-25 21:33 - 2015-06-17 21:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
2017-04-25 21:33 - 2015-06-17 21:35 - 00000000 ____D C:\Program Files\Intel
2017-04-25 21:33 - 2013-06-19 12:15 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-04-25 21:33 - 2011-10-18 10:29 - 00000000 ____D C:\Program Files (x86)\Windows Live
2017-04-25 21:33 - 2011-10-18 10:28 - 00000000 ____D C:\Program Files\Windows Live
2017-04-25 21:33 - 2011-02-18 13:08 - 00000000 ____D C:\WINDOWS\system32\SPReview
2017-04-25 21:33 - 2011-02-18 12:48 - 00000000 ____D C:\WINDOWS\system32\EventProviders
2017-04-25 21:33 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files\Microsoft Games
2017-04-25 21:32 - 2017-03-22 02:43 - 00000000 ____D C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2017-04-25 21:32 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2017-04-25 21:32 - 2017-02-21 10:49 - 00000000 ____D C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileBot
2017-04-25 21:32 - 2017-01-17 01:33 - 00000000 ____D C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nexon
2017-04-25 21:32 - 2016-11-01 02:27 - 00000000 ____D C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Novaroma
2017-04-25 21:32 - 2016-11-01 01:49 - 00000000 ____D C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Alagorn
2017-04-25 21:32 - 2016-08-29 16:15 - 00000000 ____D C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wunderlist
2017-04-25 21:32 - 2016-07-22 15:33 - 00000000 ____D C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kodi
2017-04-25 21:32 - 2016-07-21 06:16 - 00000000 ____D C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 2.7
2017-04-25 21:32 - 2016-02-16 03:08 - 00000000 ____D C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sling
2017-04-25 21:32 - 2016-01-24 09:11 - 00000000 ____D C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
2017-04-25 21:32 - 2015-10-14 23:10 - 00000000 ____D C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Slack Technologies
2017-04-25 21:32 - 2009-07-13 20:20 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-04-25 21:31 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\Help
2017-04-25 21:31 - 2017-03-18 04:40 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-04-25 20:59 - 2009-07-28 23:03 - 00008192 __RSH C:\BOOTSECT.BAK
2017-04-25 20:40 - 2015-08-29 03:30 - 00000000 ___RD C:\Users\owner\Dropbox
2017-04-23 21:46 - 2016-03-13 11:10 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-04-21 14:57 - 2016-03-01 20:47 - 00000000 ____D C:\ProgramData\Oracle
2017-04-20 13:26 - 2015-08-29 03:29 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-04-17 10:48 - 2015-08-06 18:34 - 00000000 ____D C:\ProgramData\Package Cache
2017-04-14 11:55 - 2016-06-13 16:52 - 00000000 ____D C:\ProgramData\Wondershare Video Converter Ultimate
2017-04-14 06:41 - 2013-06-19 12:15 - 148601744 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-04-07 05:38 - 2011-10-18 10:18 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-04-02 21:56 - 2016-05-03 10:25 - 00000000 ____D C:\Users\owner\AppData\Roaming\vlc
2017-04-02 21:48 - 2016-03-01 22:06 - 00000000 ____D C:\Program Files (x86)\Java
2017-03-30 05:09 - 2016-06-13 16:54 - 00000000 ____D C:\Users\owner\AppData\Roaming\Wondershare Video Converter Ultimate
==================== Files in the root of some directories =======
2016-04-28 00:00 - 2016-04-28 10:44 - 0000033 _____ () C:\Users\owner\AppData\Roaming\AdobeWLCMCache.dat
2016-01-15 20:05 - 2016-07-01 20:52 - 0000600 _____ () C:\Users\owner\AppData\Roaming\winscp.rnd
2016-03-01 21:33 - 2016-03-01 22:38 - 0000600 _____ () C:\Users\owner\AppData\Local\PUTTY.RND
2016-05-24 17:11 - 2015-12-28 09:48 - 0023856 _____ () C:\Users\owner\AppData\Local\Z@!-eb7e14c6-0374-425d-97d7-7f8fee4f9e21.tmp
2016-05-24 17:35 - 2015-12-28 09:48 - 0022832 _____ () C:\Users\owner\AppData\Local\Z@S!-8e034aa6-52c5-41e7-9d16-438b623fecfc.tmp
2017-02-05 14:18 - 2017-02-05 14:18 - 0219150 _____ () C:\ProgramData\1486329465.bdinstall.bin
2017-03-02 04:48 - 2017-03-02 04:48 - 0029975 _____ () C:\ProgramData\agent.update.1488455290.bdinstall.bin
2017-02-05 14:23 - 2017-02-05 14:23 - 0378798 _____ () C:\ProgramData\cl.1486329579.bdinstall.bin
2017-02-05 14:23 - 2017-02-05 14:23 - 0055880 _____ () C:\ProgramData\dm.1486329825.bdinstall.bin
2017-04-26 16:04 - 2017-04-26 16:04 - 0040612 _____ () C:\ProgramData\dm.update.1493247873.bdinstall.bin
2017-01-17 02:05 - 2017-01-17 02:05 - 0000016 _____ () C:\ProgramData\mntemp
2015-06-17 21:44 - 2015-06-17 21:44 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2015-06-17 21:43 - 2015-06-17 21:44 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2015-06-17 21:43 - 2015-06-17 21:43 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
Some files in TEMP:
====================
2017-04-26 17:12 - 2017-04-26 17:12 - 0079904 _____ () C:\Users\owner\AppData\Local\Temp\i4jdel0.exe
2017-04-26 16:18 - 2017-04-26 16:18 - 4749736 _____ (AgileBits Inc.                                              ) C:\Users\owner\AppData\Local\Temp\tmp8462.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-04-25 21:30
==================== End of FRST.txt ============================

 

Attached Files



BC AdBot (Login to Remove)

 


#2 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:44 PM

Posted 27 April 2017 - 08:09 AM

OhSpazz:

:welcome: to the Bleeping Computer Virus, Trojans, Spyware, and Malware Removal Logs Forum. My name is Phil. May I address you by your first name?

I will be assisting you with your computer issues. I will endeavor to respond within a reasonable time, normally 48 hours after your last post.

 

I know that the posting instructions tell you to attach your Addition.txt file, but in the future I would appreciate it if you copy and paste all scan and fix logs that I request.  It makes it faster for me to analyze them.  Thank you.

I will need some time to review your FRST logs. That could take a day or two.

PLEASE DO NOT RUN ANY ADDITIONAL SCANS OR ANTI-MALWARE REMOVAL TOOLS UNTIL YOU HAVE RECEIVED A RESPONSE FROM ME.
Doing so would complicate the situation and it would cause further delays in resolving your issues. It could also potentially result in harm to your computer because my "fix" will be based on the FRST scan logs you have already submitted.

Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#3 OhSpazz

OhSpazz
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  

Posted 27 April 2017 - 09:06 AM

Thank You Phil ! You are welcome to address me by my first name! Looking forward to the support.

#4 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:44 PM

Posted 27 April 2017 - 11:59 AM

OhSpazz:

Thank you for your patience while I analyzed your FRST logs.

Thank you for your permission to address you by your first name, but I don't know what it is? :(

Before we start dealing with the problems you are experiencing, I would ask that you to take note of the following points:

  • I am a Bleeping Computer volunteer, so I ask you to be patient. I know it is frustrating when your computer is not working properly, but malware removal takes time.
  • Please also remember that I can only dedicate a limited number of hours a day to helping people. We may live in different time zones, which may cause delays in responding.
  • If I have not responded to you within 48 hours, please send me a personal message. Likewise, I expect you to respond within 48 hours, and sooner is better because we can fix your computer faster.
  • If I have not heard from you in three days, I will "bump" your post. After five days of no response, I will consider that you no longer need my assistance and this thread will be closed.
  • Logs can take a while to research, so please be patient.
  • Some issues just cannot be solved so you must be prepared for this.
  • Please read and follow the instructions in the exact sequence that they are posted to avoid making a bad situation worse.
  • Please print or copy and save the instructions.
  • Back up all your data and important files on another (external) drive before starting to run malware removal tools.
  • You should try to limit your browsing with this computer until you are given the "All Clear." Some malware applications steal passwords.
  • Please do not install or uninstall any applications, unless directed. Don't run any scripts or tools on your own because unsupervised usage may cause more harm than good.
  • Please use only the tools you have been instructed to use.
  • If you are using CD/DVD emulation software, this should be uninstalled or disabled as it can interfere with the removal of some malware. It can be turned off with Defogger and then turned back on when you get the "All Clear."
  • Please copy and paste the requested log files inside your post, unless otherwise instructed.
  • There are no silly questions. Ask for clarification, if you have any questions or concerns.
  • Bleeping Computer does not support any piracy. Evidence of illegal OS, software, cracks/keygens, etc., will be revealed by scan logs, and if found, further assistance may be suspended. Uninstall such software before proceeding!
  • Any P2P software such as uTorrent, BitTorrent, Kazaa, etc. must be uninstalled or completely disabled. P2P software is a major security risk to your computer and may have been the route the malware used to infect your computer.
  • Failure to follow these guidelines may result in assistance being withdrawn and your thread being closed.
  • I am volunteering my time to help you, and I will need you to help me. Together, we can, hopefully, disinfect your computer and get if functioning properly again. That is my only aim.

.

OK, let's get started ...

.

:step1: In going over your logs I noticed that you have Vuze installed. Please consider the following advice to reduce the possibility of being infected when surfing the web.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall Vuze, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.

.


:step2: The logs show that you have some driver booster softtware installed. You might want to refer to this link for an explanation as to why such programs are not recommended by Bleeping Computer. Please let me know if you decide to keep it (it is YOUR computer) or whether you uninstall it.


.


:step3: Unfortunately, in going over your logs, I see evidence of a software utility, or utilities, used to evade software licensing requirements for one or more programs. You might not be aware of this program, so I am NOT accusing you of knowingly installing this on your computer.

Bleeping Computer does not condone software piracy. I am going to have to ask you to remove any and all software that you do not own, and to remove the software that is evading licensing requirements. If you are not aware of that software utility, or utilities, then you must agree, that as a part of my "fix" for your computer, I will remove/disable any, and all, such software, tasks, etc., designed to evade legal software licencing requirements that I detect in the scan logs.

If that is agreeable to you, then after you have uninstalled any illicit software, please run the following scan for me.

ckscanner.jpg Scan with CKScanner

Download CKScanner by askey127 and save it to your desktop.

  • Right-click on ckscanner.jpg icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • click Search For Files.
  • When finished, click Save List To File.
  • Remember to run this tool once only, if not asked to run it again.

Please copy and paste the content of CKFiles.txt into your next reply.

.

:step4: Please run a fresh FRST scan. Please copy and paste the contents of both the "FRST.txt" and "Addition.txt" scan logs into your next reply or replies (if the logs are too large, you will have to split them between posts).

.

Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#5 OhSpazz

OhSpazz
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  

Posted 27 April 2017 - 12:48 PM

Oh Sorry my First name is Cameron ! I will not use Vuze until this is resolved. i will definitely like to make an image of my computer after this is cleaned.

 

I will be uninstalling driver booster . I don't use it much.

 

you say you see evidence of a software utility, or utilities, used to evade software licensing requirements for one or more programs. 

 

I've had this computer for awhile and it has been lent to friends... ill try to go over and see which programs are doing so .. you have permission to inform me on which ones to remove or "Fix" them

 

I will post scans in a different reply.



#6 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:44 PM

Posted 27 April 2017 - 01:13 PM

Cameron:

 

Thank you for your post.  Thank you for explaining that your friends may have been responsible for the illicit software "cracks" that I am seeing.

 

I do ask that you understand that, if you wish proceed, after I have seen the CKScanner log and a fresh set of FRST logs, that I will remove any such illicit software and associated tasks, firewall rules, etc., so that after the FRST "fixlist.txt" script is run, one more programs on your computer may become inoperative, until legitimately licensed.  For that reason, I recommend that you make a full backup of your computer as soon as possible, in case you want to revert.

 

We don't generally identify the exact files, tasks, firewall rules, etc., that alert us to possible software piracy because then it would be much easier for anyone reading these posts to figure out which entries to remove from their FRST logs before submitting them.  Bleeping Computer takes the issue of software piracy very seriously, as essentially, it is theft of intellectual property.

 

I have completed the analysis of your initial logs and I have found some issues, including the cause of the issue that you complained about initially.  I will need to analyze the fresh FRST logs, and the CKScanner log, before I can post a FRST "fixlist.txt" script for you.

 

Thank you for your understanding, Cameron.  Have a great day.

 

Regards,

-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#7 OhSpazz

OhSpazz
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  

Posted 27 April 2017 - 01:18 PM

​CK SCANNER RESULTS:

 

​Wow I didn't even realize that there was stuff in windows.old but anytime I try to delete what is in that folder it says

 

"You need permission from SYSTEM to make changes to this folder" which is weird because I thought I had full rights to the computer files

 

Also should I remove wondershare and kmspico, as I see that keeps popping up?

 

 

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\pcsx2 1.4.0\pcsx2_keys.ini.default
c:\program files (x86)\steam\steamapps\common\castlecrashers\data\sounds\sound_frost_crackle.xma
c:\program files (x86)\wondershare\video converter ultimate\skin\bar\anticrack.xml
c:\program files (x86)\wondershare\video converter ultimate\skin\deu\anticrack.xml
c:\program files (x86)\wondershare\video converter ultimate\skin\eng\anticrack.xml
c:\program files (x86)\wondershare\video converter ultimate\skin\esp\anticrack.xml
c:\program files (x86)\wondershare\video converter ultimate\skin\fra\anticrack.xml
c:\program files (x86)\wondershare\video converter ultimate\skin\ita\anticrack.xml
c:\program files (x86)\wondershare\video converter ultimate\skin\jpn\anticrack.xml
c:\program files (x86)\wondershare\video converter ultimate\skin\ptg\anticrack.xml
c:\program files (x86)\wondershare\video converter ultimate\ws_youtube_dl\extractor\cracked.py
c:\program files (x86)\wondershare\video converter ultimate\ws_youtube_dl\extractor\crackle.py
c:\program files (x86)\wondershare\video converter ultimate\youtube_dl\extractor\cracked.py
c:\program files (x86)\wondershare\video converter ultimate\youtube_dl\extractor\cracked.pyc
c:\program files (x86)\wondershare\video converter ultimate\youtube_dl\extractor\crackle.py
c:\program files (x86)\wondershare\video converter ultimate\youtube_dl\extractor\crackle.pyc
c:\users\owner\dropbox\kmspico v10.1.8.2\kmspico_setup.exe
c:\users\owner\dropbox\kmspico v10.1.8.2\readme kmspico install.txt
c:\users\owner\dropbox\kmspico v10.1.8.2\uninstall_service.cmd
c:\windows.old\windows\prefetch\kmseldi.exe-b4e2a62c.pf
c:\windows.old\windows\prefetch\kmspico_setup.tmp-1142db5b.pf
scanner sequence 3.ZZ.11.QGAPLZ
 ----- EOF -----
 

 

​FRST SCAN RESULTS:

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-04-2017
Ran by owner (administrator) on OWNER-PC (27-04-2017 11:15:15)
Running from C:\Users\owner\Desktop
Loaded Profiles: owner (Available Profiles: owner & DefaultAppPool)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\vsserv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\updatesrv.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe
(Microsoft Corporation) C:\Windows\System32\SecurityHealthService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(IObit) C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe
() C:\Program Files\pia_manager\pia_manager.exe
(Koga Tech Ltd) C:\Program Files\Controller Companion\ControllerCompanion.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.14.662.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(hxxp://www.ruby-lang.org/) C:\Users\owner\AppData\Local\Temp\ocr30E3.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_manager.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(hxxp://www.ruby-lang.org/) C:\Users\owner\AppData\Local\Temp\ocr89C1.tmp\bin\rubyw.exe
(The NWJS Community) C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe
(The NWJS Community) C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe
(The NWJS Community) C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe
() C:\Program Files\pia_manager\openvpn.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\bdagent.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
() C:\Users\owner\Desktop\CKScanner.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AgileBits Inc.) C:\Users\owner\AppData\Local\1Password\app\6\AgileBits.OnePassword.Desktop.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [THXCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15053944 2016-01-06] (Logitech Inc.)
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [1724024 2016-08-29] (Logitech, Inc.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-20] (CyberLink)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [28344776 2017-04-17] (Dropbox, Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\Run: [AirServer64] => C:\Program Files\App Dynamic\AirServer\AirServer.exe [6180360 2016-07-28] (App Dynamic ehf)
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\Run: [Lync] => "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe" /fromrunkey
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\Run: [iFunBox] => C:\Program Files (x86)\i-Funbox DevTeam\iFunBox_x64.exe [2783232 2015-07-27] (i-Funbox.com)
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3019552 2017-04-20] (Valve Corporation)
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3639280 2016-04-27] (Electronic Arts)
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\Run: [AirVideoServerHD] => C:\Program Files (x86)\AirVideoServer HD\AirVideoServerStarter.exe [2105144 2016-05-02] (inMethod)
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [611584 2016-03-09] (NETGEAR Inc.)
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\Run: [1Password 6] => C:\Users\owner\AppData\Local\1password\app\6\AgileBits.OnePassword.Desktop.exe [3159440 2017-04-27] (AgileBits Inc.)
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27545048 2017-03-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\Run: [Azureus] => C:\Program Files\Vuze\Azureus.exe [444552 2017-03-01] (Azureus Software, Inc)
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9363672 2017-02-07] (Piriform Ltd)
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\WLXPGSS.SCR [302448 2011-05-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2017-04-27]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2017-04-27]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2011-10-18]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
InternetURL: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download Latest Office 2016 Permanent Ultimate Activator.url -> URL: hxxp://bestprosoft.com/category/download-latest-best-professional-software-2016/
Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Slack.lnk [2016-08-26]
ShortcutTarget: Slack.lnk -> C:\Users\owner\AppData\Local\slack\Update.exe ()
Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start_process.bat.lnk [2016-07-22]
ShortcutTarget: start_process.bat.lnk -> C:\Program Files (x86)\TraktForVLC\windows_batch\start_process.bat ()
BootExecute: dfboottime \??\C:\WINDOWS\System32\dfboottime.cfgautocheck autochk *
GroupPolicy: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: [S-1-5-21-2097371829-1539454751-4000040218-1000] => localhost:8031
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{38ad25ad-f374-447e-8a19-8d96d3ceeb80}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{68a19479-9cee-4744-8110-47c48d82d8d4}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{c1566a09-2b9b-47d6-8c1b-4c3e4d2a5799}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{ee521803-393f-42b0-bf5f-ce77ea13ae2f}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2016-05-23] (IObit)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-04-21] (Oracle Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-21] (Oracle Corporation)
BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\ProgramData\Wondershare\Video Converter Ultimate\WSBrowserAppMgr.dll [2017-02-16] (Wondershare)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
FireFox:
========
FF ProfilePath: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\2yw0kolw.default-1487495640956 [2017-04-27]
FF Extension: (1Password) - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\2yw0kolw.default-1487495640956\Extensions\onepassword4@agilebits.com.xpi [2017-02-19]
FF HKLM\...\Firefox\Extensions: [bdwteffv20@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\antispam32\bdwteff
FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender 2017\antispam32\bdwteff [2017-04-26]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext [2017-01-19] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com
FF Extension: (Wondershare Video Converter Ultimate) - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com [2017-04-01] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2016-10-01] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [bdwteffv20@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\antispam32\bdwteff
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll [2017-04-12] ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [2011-09-21] (Best Buy)
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-21] (Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-06-08] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-12] ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [2011-09-21] (Best Buy)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2015-08-06] (Nexon)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-06-08] (Adobe Systems)
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [737984 2016-06-03] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S3 AsusUacSvc; C:\Program Files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe [113840 2010-07-27] () [File not signed]
S3 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\57.0.2987.37\remoting_host.exe [72024 2017-02-07] (Google Inc.)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2015-06-17] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2015-06-17] (Creative Labs) [File not signed]
S3 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-06-09] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-06-09] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [48944 2017-04-17] (Dropbox, Inc.)
R2 DevMgmtService; C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe [100448 2017-04-20] (Bitdefender)
R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [498688 2011-06-14] (Red Bend Ltd.) [File not signed]
S3 ExpressVpnService; C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe [331264 2015-04-28] () [File not signed]
S2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [359200 2016-09-28] (IObit)
S3 JumpConnect; C:\Program Files (x86)\Phase Five Systems\Jump Desktop Connect\5.1.5.0\JumpConnect.exe [401240 2017-04-20] (Phase Five Systems)
S3 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193144 2016-01-06] (Logitech Inc.)
S3 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2016-03-09] (NETGEAR)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-05-02] (NVIDIA Corporation)
S3 NzbDrone; C:\ProgramData\NzbDrone\bin\nzbdrone.console.exe [25088 2017-04-06] (sonarr.tv) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2120712 2016-04-27] (Electronic Arts)
R2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [1986536 2017-04-12] (Plex, Inc.)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1230824 2017-02-22] (Bitdefender)
S3 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [146256 2017-01-05] (Razer Inc)
S3 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [183168 2017-01-09] (Razer Inc.)
S3 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [252688 2017-01-17] (Razer Inc.)
S3 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
S3 tvnserver; C:\Program Files\TightVNC\tvnserver.exe [2179056 2013-07-19] (GlavSoft LLC.)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2017\updatesrv.exe [218416 2017-04-24] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2017\vsserv.exe [1424224 2017-04-24] (Bitdefender)
R2 vsservp; C:\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe [524872 2016-08-25] (Bitdefender)
R3 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1049464 2016-04-19] (Western Digital Technologies, Inc.)
R3 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [314744 2016-04-19] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [986112 2011-06-14] (Intel® Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)
S3 wlpasvc; C:\WINDOWS\System32\lpasvc.dll [1295360 2017-03-18] (Microsoft Corporation)
S3 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.3.1.204\WsAppService.exe [437392 2016-11-16] (Wondershare)
S3 WsDrvInst; C:\Program Files (x86)\KeepVid\KeepVid Music\DriverInstall.exe [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 avc3; C:\WINDOWS\System32\DRIVERS\avc3.sys [1605376 2016-09-20] (BitDefender)
R3 avckf; C:\WINDOWS\System32\DRIVERS\avckf.sys [878072 2016-09-20] (BitDefender)
S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [23672 2016-03-14] (Bitdefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [128400 2016-06-24] (BitDefender LLC)
R1 BDVEDISK; C:\WINDOWS\system32\DRIVERS\bdvedisk.sys [87912 2015-12-04] (BitDefender)
R3 Btcsrusb; C:\WINDOWS\System32\Drivers\btcusb.sys [53776 2016-06-13] (IVT Corporation.)
S3 clwvd6; C:\WINDOWS\system32\DRIVERS\clwvd6.sys [41400 2015-08-31] (CyberLink Corporation)
S3 clwvd7; C:\WINDOWS\system32\DRIVERS\clwvd7.sys [42968 2015-03-24] (CyberLink Corporation)
S3 CySmb; C:\WINDOWS\System32\drivers\cysmb.sys [10752 2016-01-16] (Cypress Semiconductor, Inc.) [File not signed]
S3 EagleX64; C:\WINDOWS\system32\drivers\EagleX64.sys [174728 2015-10-12] (AhnLab, Inc.)
R3 FLxHCIh; C:\WINDOWS\System32\drivers\FLxHCIh.sys [77040 2012-11-07] (Fresco Logic)
R0 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [182944 2016-10-29] (BitDefender LLC)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-09-11] (REALiX™)
S3 iaLPSS2i_GPIO2_BXT_P; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [85504 2017-03-18] (Intel Corporation)
S3 iaLPSS2i_I2C_BXT_P; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [168448 2017-03-18] (Intel Corporation)
R0 ignis; C:\WINDOWS\system32\DRIVERS\ignis.sys [305120 2017-03-20] (Bitdefender)
R3 kbfiltr; C:\WINDOWS\System32\drivers\kbfiltr.sys [15416 2009-07-20] ( )
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [68384 2015-06-10] (Logitech Inc.)
S3 lgLowAudio; C:\WINDOWS\system32\drivers\lgLowAudio.sys [26264 2015-11-20] (Logitech Inc.)
S3 libusb0; C:\WINDOWS\System32\drivers\libusb0.sys [32808 2009-03-18] (hxxp://libusb-win32.sourceforge.net) [File not signed]
S3 libusb0; C:\Windows\SysWOW64\drivers\libusb0.sys [16896 2007-03-20] (hxxp://libusb-win32.sourceforge.net) [File not signed]
R3 NETwNe64; C:\WINDOWS\System32\drivers\NETwew00.sys [3352336 2016-01-16] (Intel Corporation)
R2 NPF; C:\WINDOWS\system32\drivers\npf.sys [35344 2016-10-17] (CACE Technologies, Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_07462d9384409609\nvlddmkm.sys [14249416 2016-10-31] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-05-02] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [46016 2017-01-18] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [955424 2017-01-18] (Realtek                                            )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [418784 2016-10-31] (Realsil Semiconductor Corporation)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [137840 2016-06-01] (Razer, Inc.)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [520032 2016-06-22] (BitDefender S.R.L.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
U3 dmwappushsvc; no ImagePath
U3 idsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
NETSVCx32: TokenBroker -> C:\Windows\SysWOW64\TokenBroker.dll (Microsoft Corporation)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-27 11:15 - 2017-04-27 11:15 - 02427392 _____ (Farbar) C:\Users\owner\Desktop\FRST64.exe
2017-04-27 11:15 - 2017-04-27 11:15 - 00030099 _____ C:\Users\owner\Desktop\FRST.txt
2017-04-27 11:15 - 2017-04-27 11:15 - 00000000 ____D C:\Users\owner\Desktop\FRST-OlderVersion
2017-04-27 11:10 - 2017-04-27 11:10 - 00001835 _____ C:\Users\owner\Desktop\ckfiles.txt
2017-04-27 11:07 - 2017-04-27 11:07 - 00008192 _____ C:\WINDOWS\SysWOW64\WDPABKP.dat
2017-04-27 11:04 - 2017-04-27 11:04 - 00000000 ____D C:\Users\owner\AppData\Local\PackageAware
2017-04-27 11:04 - 2017-04-27 11:04 - 00000000 ____D C:\ProgramData\Best Buy pc app
2017-04-27 11:02 - 2017-04-27 11:02 - 00468480 _____ () C:\Users\owner\Desktop\CKScanner.exe
2017-04-27 10:51 - 2017-04-27 10:51 - 00086358 _____ C:\ProgramData\cl.1493315466.bdinstall.bin
2017-04-26 17:48 - 2017-04-27 11:15 - 00000000 ____D C:\FRST
2017-04-26 17:32 - 2017-04-26 17:32 - 00007749 _____ C:\Users\owner\Desktop\AdwCleaner[C0].txt
2017-04-26 17:26 - 2017-04-26 17:29 - 00000000 ____D C:\AdwCleaner
2017-04-26 16:18 - 2017-04-26 16:18 - 00001477 _____ C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\1Password 6.lnk
2017-04-26 16:04 - 2017-04-26 16:04 - 00040612 _____ C:\ProgramData\dm.update.1493247873.bdinstall.bin
2017-04-26 12:40 - 2017-04-26 12:40 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2017-04-26 12:01 - 2017-04-26 12:01 - 00000000 ____D C:\Program Files\Malwarebytes
2017-04-26 11:40 - 2017-04-03 09:56 - 00835576 ____N (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-04-26 11:40 - 2017-04-03 09:56 - 00177656 ____N (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-04-26 11:36 - 2017-04-26 11:36 - 00000258 __RSH C:\ProgramData\ntuser.pol
2017-04-26 11:35 - 2017-04-26 11:35 - 00103424 _____ C:\WINDOWS\system32\dfboottime.exe
2017-04-26 11:35 - 2017-04-26 11:35 - 00000871 _____ C:\WINDOWS\system32\dfboottime.cfg
2017-04-26 08:04 - 2017-04-26 08:05 - 00000000 ____D C:\Program Files\Defraggler
2017-04-26 08:04 - 2017-04-26 08:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
2017-04-25 22:27 - 2017-04-25 22:27 - 23680512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 21353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 20506112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 20374424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 19335168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 11870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 08321440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-04-25 22:27 - 2017-04-25 22:27 - 08246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 06296064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 04848440 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-04-25 22:27 - 2017-04-25 22:27 - 04446208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 02859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 02651648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 02635336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 02435584 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 02298880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 02158544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 02077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-04-25 22:27 - 2017-04-25 22:27 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-04-25 22:27 - 2017-04-25 22:27 - 01885696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 01803264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 01657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 01628160 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 01627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 01605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 01604312 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 01600512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 01583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 01518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 01506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 01463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 01433600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 01356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 01323880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 01320352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 01295872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 01291776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 01269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-04-25 22:27 - 2017-04-25 22:27 - 01257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 01242624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00986592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00974848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaserver.exe
2017-04-25 22:27 - 2017-04-25 22:27 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00805376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-04-25 22:27 - 2017-04-25 22:27 - 00750080 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00741784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00716440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-04-25 22:27 - 2017-04-25 22:27 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00673112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-04-25 22:27 - 2017-04-25 22:27 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-04-25 22:27 - 2017-04-25 22:27 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-04-25 22:27 - 2017-04-25 22:27 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-04-25 22:27 - 2017-04-25 22:27 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00387416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-04-25 22:27 - 2017-04-25 22:27 - 00364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsDocumentTargetPrint.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-04-25 22:27 - 2017-04-25 22:27 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsDocumentTargetPrint.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-04-25 22:27 - 2017-04-25 22:27 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00206232 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00105456 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00095584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvps.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00000000 ____D C:\Windows.old
2017-04-25 22:26 - 2017-04-25 22:26 - 06761048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 05477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 04469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-04-25 22:26 - 2017-04-25 22:26 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 03672064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-04-25 22:26 - 2017-04-25 22:26 - 02957824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-04-25 22:26 - 2017-04-25 22:26 - 02444184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-04-25 22:26 - 2017-04-25 22:26 - 02443776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 02085280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-04-25 22:26 - 2017-04-25 22:26 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 01760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 01611776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 01411640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 01285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 01147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-04-25 22:26 - 2017-04-25 22:26 - 01103872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 01074688 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 01024416 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-04-25 22:26 - 2017-04-25 22:26 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaserver.exe
2017-04-25 22:26 - 2017-04-25 22:26 - 00712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-04-25 22:26 - 2017-04-25 22:26 - 00667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 00651680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-04-25 22:26 - 2017-04-25 22:26 - 00626520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-04-25 22:26 - 2017-04-25 22:26 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 00524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 00523296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-04-25 22:26 - 2017-04-25 22:26 - 00409504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-04-25 22:26 - 2017-04-25 22:26 - 00392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-04-25 22:26 - 2017-04-25 22:26 - 00354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 00311192 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Preview.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 00142240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-04-25 22:26 - 2017-04-25 22:26 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2017-04-25 22:26 - 2017-04-25 22:26 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 00038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-04-25 22:26 - 2017-04-25 22:26 - 00032004 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-04-25 22:26 - 2017-04-25 22:26 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-04-25 22:25 - 2017-04-25 22:25 - 00543648 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-04-25 22:25 - 2017-04-25 22:25 - 00388000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-04-25 22:25 - 2017-04-25 21:30 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2017-04-25 22:24 - 2017-04-25 22:24 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2017-04-25 22:24 - 2017-04-25 22:24 - 00000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2017-04-25 22:24 - 2017-04-25 22:24 - 00000000 ____D C:\WINDOWS\system32\msmq
2017-04-25 22:24 - 2017-04-25 22:24 - 00000000 ____D C:\WINDOWS\system32\BestPractices
2017-04-25 22:24 - 2017-04-25 22:24 - 00000000 ____D C:\Program Files\Reference Assemblies
2017-04-25 22:24 - 2017-04-25 22:24 - 00000000 ____D C:\Program Files\MSBuild
2017-04-25 22:24 - 2017-04-25 22:24 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-04-25 22:24 - 2017-04-25 22:24 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-04-25 22:24 - 2017-04-25 22:24 - 00000000 ____D C:\inetpub
2017-04-25 22:23 - 2017-02-10 12:26 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-04-25 22:23 - 2017-02-10 12:26 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-04-25 22:23 - 2017-02-10 12:26 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-04-25 22:23 - 2017-02-10 12:21 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2017-04-25 22:23 - 2017-02-10 12:21 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-04-25 22:23 - 2017-02-10 12:21 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2017-04-25 22:04 - 2017-04-25 22:04 - 00002409 _____ C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-04-25 22:04 - 2017-04-25 22:04 - 00000000 ____D C:\Users\owner\AppData\Local\DBG
2017-04-25 22:04 - 2017-04-25 22:04 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2017-04-25 22:02 - 2017-04-25 22:02 - 00000020 ___SH C:\Users\owner\ntuser.ini
2017-04-25 21:48 - 2017-04-25 21:48 - 00000000 ____D C:\ProgramData\USOShared
2017-04-25 21:43 - 2017-04-25 21:43 - 00000000 _SHDL C:\Users\Default\My Documents
2017-04-25 21:41 - 2017-04-25 21:42 - 00011433 _____ C:\WINDOWS\diagwrn.xml
2017-04-25 21:41 - 2017-04-25 21:42 - 00011433 _____ C:\WINDOWS\diagerr.xml
2017-04-25 21:40 - 2017-04-27 11:10 - 00004154 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{06D40BE4-AC98-49A5-B531-417442DE378C}
2017-04-25 21:40 - 2017-04-27 11:06 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-04-25 21:40 - 2017-04-26 11:45 - 00004392 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-04-25 21:40 - 2017-04-26 11:45 - 00003970 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2017-04-25 21:40 - 2017-04-26 11:45 - 00003800 _____ C:\WINDOWS\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2017-04-25 21:40 - 2017-04-26 11:45 - 00003738 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2017-04-25 21:40 - 2017-04-26 11:45 - 00003728 _____ C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-cameron_breon@hotmail.com
2017-04-25 21:40 - 2017-04-26 11:45 - 00003264 _____ C:\WINDOWS\System32\Tasks\Adobe Uninstaller
2017-04-25 21:40 - 2017-04-26 11:45 - 00003080 _____ C:\WINDOWS\System32\Tasks\ASUS SmartLogon Console Sensor
2017-04-25 21:40 - 2017-04-26 11:45 - 00003034 _____ C:\WINDOWS\System32\Tasks\ATKOSD2
2017-04-25 21:40 - 2017-04-26 11:44 - 00003280 _____ C:\WINDOWS\System32\Tasks\ASUS Patch 10430001
2017-04-25 21:40 - 2017-04-26 11:44 - 00003110 _____ C:\WINDOWS\System32\Tasks\ACMON
2017-04-25 21:40 - 2017-04-26 11:44 - 00003090 _____ C:\WINDOWS\System32\Tasks\ASUS P4G
2017-04-25 21:40 - 2017-04-25 21:40 - 00003344 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-25 21:40 - 2017-04-25 21:40 - 00003120 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-25 21:40 - 2017-04-25 21:40 - 00002688 _____ C:\WINDOWS\System32\Tasks\SmartDefrag_AutoAnalyze
2017-04-25 21:40 - 2017-04-25 21:40 - 00002586 _____ C:\WINDOWS\System32\Tasks\Plex VPN Bypass
2017-04-25 21:40 - 2017-04-25 21:40 - 00002496 _____ C:\WINDOWS\System32\Tasks\Private Internet Access Startup
2017-04-25 21:40 - 2017-04-25 21:40 - 00002450 _____ C:\WINDOWS\System32\Tasks\SmartDefrag_Startup
2017-04-25 21:40 - 2017-04-25 21:40 - 00002450 _____ C:\WINDOWS\System32\Tasks\IObitSelfCheckTask
2017-04-25 21:40 - 2017-04-25 21:40 - 00002446 _____ C:\WINDOWS\System32\Tasks\SmartDefrag_Update
2017-04-25 21:40 - 2017-04-25 21:40 - 00002388 _____ C:\WINDOWS\System32\Tasks\Bitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C
2017-04-25 21:40 - 2017-04-25 21:40 - 00002346 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_ListenToDevice
2017-04-25 21:40 - 2017-04-25 21:40 - 00002280 _____ C:\WINDOWS\System32\Tasks\RTKCPL
2017-04-25 21:40 - 2017-04-25 21:40 - 00002230 _____ C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_owner
2017-04-25 21:40 - 2017-04-25 21:40 - 00002220 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-04-25 21:40 - 2017-04-25 21:40 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2017-04-25 21:40 - 2017-04-25 21:40 - 00000000 ____D C:\WINDOWS\System32\Tasks\Western Digital
2017-04-25 21:40 - 2017-04-25 21:40 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2017-04-25 21:36 - 2017-04-25 21:36 - 00001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-04-25 21:33 - 2017-04-25 21:33 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2017-04-25 21:32 - 2017-04-26 13:02 - 00000000 ____D C:\Users\owner
2017-04-25 21:32 - 2017-04-26 12:40 - 00000000 ____D C:\Users\DefaultAppPool
2017-04-25 21:32 - 2017-04-25 21:37 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-04-25 21:32 - 2017-04-25 21:32 - 00000000 _SHDL C:\Users\owner\My Documents
2017-04-25 21:32 - 2017-04-25 21:32 - 00000000 _SHDL C:\Users\DefaultAppPool\My Documents
2017-04-25 21:32 - 2017-03-18 13:56 - 02233344 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-04-25 21:31 - 2017-04-27 11:13 - 01195048 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-04-25 21:31 - 2017-04-25 21:33 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-04-25 21:31 - 2017-04-25 21:33 - 00000000 ____D C:\ProgramData\NVIDIA
2017-04-25 21:31 - 2017-04-25 21:33 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-04-25 21:31 - 2017-04-25 21:31 - 00975864 ____N C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2017-04-25 21:31 - 2017-04-25 21:31 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-04-25 21:31 - 2017-04-25 21:31 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2017-04-25 21:31 - 2017-04-25 21:31 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_bpusb_01007.Wdf
2017-04-25 21:31 - 2017-04-25 21:31 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2017-04-25 21:31 - 2017-04-25 21:31 - 00000000 ____D C:\Program Files\Synaptics
2017-04-25 21:31 - 2016-10-01 12:53 - 07422645 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-04-25 21:31 - 2016-10-01 12:53 - 06385720 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-04-25 21:31 - 2016-10-01 12:53 - 02473408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-04-25 21:31 - 2016-10-01 12:53 - 01762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-04-25 21:31 - 2016-10-01 12:53 - 01364024 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2017-04-25 21:31 - 2016-10-01 12:53 - 00546752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-04-25 21:31 - 2016-10-01 12:53 - 00393784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-04-25 21:31 - 2016-10-01 12:53 - 00081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-04-25 21:31 - 2016-10-01 12:53 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-04-25 21:30 - 2017-04-27 10:35 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-04-25 21:30 - 2017-04-26 11:36 - 05024592 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-04-25 21:30 - 2017-04-25 21:30 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_bpenum_01007.Wdf
2017-04-25 21:30 - 2017-04-25 21:30 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-04-25 21:30 - 2017-04-25 21:30 - 00000000 ____D C:\Program Files\Realtek
2017-04-25 21:08 - 2016-03-25 14:33 - 00128288 _____ (IObit) C:\WINDOWS\system32\IObitSmartDefragExtension.dll
2017-04-25 20:59 - 2017-03-18 14:38 - 00395220 __RSH C:\bootmgr
2017-04-25 20:59 - 2017-03-18 14:38 - 00000001 ___SH C:\BOOTNXT
2017-04-25 20:55 - 2017-04-25 21:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag
2017-04-25 20:55 - 2016-03-22 11:02 - 00036824 _____ (IObit) C:\WINDOWS\system32\SmartDefragBootTime.exe
2017-04-25 20:48 - 2017-04-25 22:02 - 00000000 ___DC C:\WINDOWS\Panther
2017-04-25 20:48 - 2017-04-25 20:55 - 00000000 ___HD C:\$WINDOWS.~BT
2017-04-25 20:46 - 2017-04-25 20:48 - 00000036 _____ C:\WINDOWS\progress.ini
2017-04-25 20:39 - 2017-04-25 22:02 - 00000000 ___HD C:\$GetCurrent
2017-04-25 20:39 - 2017-04-25 22:02 - 00000000 ____D C:\Windows10Upgrade
2017-04-25 20:39 - 2017-04-25 20:39 - 00000753 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Upgrade Assistant.lnk
2017-04-22 05:47 - 2017-04-22 05:47 - 00001452 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jump Desktop Connect.lnk
2017-04-21 14:57 - 2017-04-21 14:57 - 00000000 ____D C:\Users\owner\AppData\Roaming\Google
2017-04-21 14:57 - 2017-04-21 14:56 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2017-04-20 13:26 - 2017-04-25 21:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-04-18 10:31 - 2017-04-18 10:31 - 00004608 _____ C:\WINDOWS\SECOH-QAD.exe
2017-04-18 10:31 - 2017-04-18 10:31 - 00003584 _____ C:\WINDOWS\SECOH-QAD.dll
2017-04-17 10:48 - 2017-04-25 21:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
2017-04-17 10:48 - 2017-04-17 10:48 - 00000000 ____D C:\Program Files (x86)\Plex
2017-04-17 08:14 - 2017-04-17 08:14 - 00048944 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-04-13 13:48 - 2017-03-27 22:37 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DdcWnsListener.dll
2017-04-13 13:48 - 2017-03-27 22:28 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-04-02 13:53 - 2017-04-02 13:53 - 00000000 ____D C:\Users\owner\AppData\Roaming\ImgBurn
2017-04-02 13:52 - 2017-04-25 21:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
2017-04-02 13:52 - 2017-04-02 13:52 - 00001952 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
2017-04-02 13:52 - 2017-04-02 13:52 - 00000000 ____D C:\Program Files (x86)\ImgBurn
2017-04-02 13:03 - 2017-04-25 20:53 - 00000000 ____D C:\ProgramData\Freemake
2017-04-02 13:03 - 2017-04-02 13:03 - 00000000 ____D C:\Users\owner\AppData\Roaming\dvdcss
2017-04-02 13:03 - 2017-04-02 13:03 - 00000000 ____D C:\Users\owner\AppData\Local\FreemakeVideoConverter
2017-04-02 12:47 - 2017-04-02 12:47 - 00000000 ____D C:\Users\owner\AppData\Roaming\HandBrake Team
2017-04-01 02:14 - 2016-11-10 15:20 - 00000232 ____N C:\WINDOWS\SysWOW64\dllhost.exe.config
2017-04-01 02:12 - 2015-02-27 14:38 - 00721263 ____N () C:\WINDOWS\SysWOW64\WSCM64.dll
2017-04-01 02:12 - 2015-02-27 14:38 - 00214528 ____N () C:\WINDOWS\SysWOW64\WSCM32.dll
2017-04-01 01:48 - 2017-04-25 21:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-04-01 01:48 - 2017-04-21 14:57 - 00000000 ____D C:\Program Files\Java
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-27 11:07 - 2016-01-16 14:57 - 00000000 ____D C:\Program Files\Bitdefender Agent
2017-04-27 11:07 - 2015-09-18 13:06 - 00000000 ____D C:\Users\owner\AppData\Roaming\Azureus
2017-04-27 11:06 - 2017-03-18 04:40 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-04-27 11:06 - 2016-10-31 05:04 - 00000000 ____D C:\Users\owner\AppData\Local\ConnectedDevicesPlatform
2017-04-27 11:06 - 2016-01-16 15:04 - 00103745 _____ C:\bdlog.txt
2017-04-27 11:04 - 2016-01-21 21:40 - 00000000 ____D C:\Users\owner\AppData\Local\FluxSoftware
2017-04-27 11:03 - 2011-10-18 10:29 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2017-04-27 11:03 - 2011-10-18 10:29 - 00000000 ____D C:\Program Files (x86)\Windows Live
2017-04-27 11:02 - 2015-06-17 21:43 - 00000000 ____D C:\Program Files (x86)\CyberLink
2017-04-27 11:02 - 2015-06-17 21:31 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-04-27 11:01 - 2016-09-25 14:15 - 00000000 ____D C:\Users\owner\AppData\Roaming\Wondershare
2017-04-27 11:01 - 2016-06-02 08:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2017-04-27 11:01 - 2016-06-02 08:10 - 00000000 ____D C:\Program Files (x86)\Wondershare
2017-04-27 11:01 - 2016-03-16 09:24 - 00000000 ____D C:\Program Files (x86)\Kakao
2017-04-27 11:00 - 2016-09-25 14:15 - 00000000 ____D C:\Users\owner\.android
2017-04-27 11:00 - 2016-03-29 13:32 - 00000000 ____D C:\Program Files\Blender Foundation
2017-04-27 10:56 - 2016-01-16 09:55 - 00000000 ____D C:\Program Files (x86)\IObit
2017-04-27 10:55 - 2016-01-16 09:55 - 00000000 ____D C:\ProgramData\ProductData
2017-04-27 10:54 - 2011-10-18 10:18 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-04-27 10:53 - 2017-03-18 14:03 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-04-27 06:53 - 2017-03-18 14:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-04-27 06:53 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-04-27 05:27 - 2017-03-18 14:01 - 00000000 ____D C:\WINDOWS\INF
2017-04-26 17:29 - 2016-01-16 09:55 - 00000000 ____D C:\Users\owner\AppData\LocalLow\IObit
2017-04-26 16:05 - 2016-02-13 12:37 - 00000000 ____D C:\Users\owner\AppData\Local\Plex Media Server
2017-04-26 16:05 - 2015-08-29 03:40 - 00000000 ____D C:\Users\owner\AppData\Local\Google
2017-04-26 16:05 - 2015-08-29 03:40 - 00000000 ____D C:\Program Files (x86)\Google
2017-04-26 15:52 - 2017-03-18 14:03 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2017-04-26 15:52 - 2017-03-18 14:03 - 00000000 ___RD C:\WINDOWS\Offline Web Pages
2017-04-26 15:16 - 2011-10-18 10:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2017-04-26 15:16 - 2011-10-18 10:32 - 00000000 ____D C:\Program Files (x86)\ASUS
2017-04-26 12:15 - 2016-01-16 09:55 - 00000000 ____D C:\Users\owner\AppData\Roaming\IObit
2017-04-26 12:15 - 2016-01-16 09:55 - 00000000 ____D C:\ProgramData\IObit
2017-04-26 12:15 - 2015-08-29 03:29 - 00000924 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2017-04-26 12:15 - 2015-08-29 03:29 - 00000920 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2017-04-26 12:14 - 2016-08-04 23:55 - 00000000 ____D C:\Users\owner\AppData\Local\Spotify
2017-04-26 12:13 - 2016-11-01 02:14 - 00000000 ____D C:\ProgramData\NzbDrone
2017-04-26 11:40 - 2017-03-18 13:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-04-26 11:37 - 2016-08-04 23:54 - 00000000 ____D C:\Users\owner\AppData\Roaming\Spotify
2017-04-26 08:21 - 2016-02-17 09:56 - 00000000 ____D C:\ProgramData\TechSmith
2017-04-26 08:21 - 2016-02-17 09:56 - 00000000 ____D C:\Program Files (x86)\QuickTime
2017-04-26 08:20 - 2016-03-08 18:50 - 00000000 ____D C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-04-26 08:20 - 2016-03-08 18:47 - 00000000 ____D C:\Program Files (x86)\Steam
2017-04-26 08:14 - 2016-01-16 08:52 - 00000000 ____D C:\Users\owner\AppData\Roaming\Stardock
2017-04-26 08:13 - 2016-01-16 08:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
2017-04-26 03:45 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\appcompat
2017-04-26 02:00 - 2015-06-17 22:33 - 00000000 ____D C:\Users\owner\AppData\Local\Adobe
2017-04-25 22:29 - 2017-03-18 14:03 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-04-25 22:27 - 2017-03-18 14:06 - 00000000 ____D C:\WINDOWS\Setup
2017-04-25 22:27 - 2017-03-18 14:03 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-04-25 22:27 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\SysWOW64\F12
2017-04-25 22:27 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-04-25 22:27 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-04-25 22:27 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-04-25 22:27 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-04-25 22:27 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\Provisioning
2017-04-25 22:27 - 2017-03-18 14:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-04-25 22:27 - 2017-03-18 14:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-04-25 22:27 - 2017-03-18 04:40 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-04-25 22:24 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2017-04-25 22:23 - 2017-03-18 13:59 - 00611840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqsnap.dll
2017-04-25 22:23 - 2017-03-18 13:59 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqutil.dll
2017-04-25 22:23 - 2017-03-18 13:59 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.dll
2017-04-25 22:23 - 2017-03-18 13:59 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2017-04-25 22:23 - 2017-03-18 13:59 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2017-04-25 22:23 - 2017-03-18 13:59 - 00156160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqrt.dll
2017-04-25 22:23 - 2017-03-18 13:59 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.tlb
2017-04-25 22:23 - 2017-03-18 13:59 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa30.tlb
2017-04-25 22:23 - 2017-03-18 13:59 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa20.tlb
2017-04-25 22:23 - 2017-03-18 13:59 - 00054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2017-04-25 22:23 - 2017-03-18 13:59 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2017-04-25 22:23 - 2017-03-18 13:59 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2017-04-25 22:23 - 2017-03-18 13:59 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa10.tlb
2017-04-25 22:23 - 2017-03-18 13:59 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2017-04-25 22:23 - 2017-03-18 13:59 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2017-04-25 22:23 - 2017-03-18 13:59 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2017-04-25 22:23 - 2017-03-18 13:59 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2017-04-25 22:23 - 2017-03-18 13:59 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqcertui.dll
2017-04-25 22:23 - 2017-03-18 13:59 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\cngkeyhelper.dll
2017-04-25 22:23 - 2017-03-18 13:59 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2017-04-25 22:23 - 2017-03-18 13:59 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2017-04-25 22:23 - 2017-03-18 13:59 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cngkeyhelper.dll
2017-04-25 22:23 - 2017-03-18 13:59 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2017-04-25 22:23 - 2017-03-18 13:59 - 00009096 _____ C:\WINDOWS\SysWOW64\msmqtrc.mof
2017-04-25 22:23 - 2017-03-18 13:56 - 01380352 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll
2017-04-25 22:23 - 2017-03-18 13:56 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsnap.dll
2017-04-25 22:23 - 2017-03-18 13:56 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqutil.dll
2017-04-25 22:23 - 2017-03-18 13:56 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.dll
2017-04-25 22:23 - 2017-03-18 13:56 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqrt.dll
2017-04-25 22:23 - 2017-03-18 13:56 - 00177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys
2017-04-25 22:23 - 2017-03-18 13:56 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqlogmgr.dll
2017-04-25 22:23 - 2017-03-18 13:56 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.tlb
2017-04-25 22:23 - 2017-03-18 13:56 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa30.tlb
2017-04-25 22:23 - 2017-03-18 13:56 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa20.tlb
2017-04-25 22:23 - 2017-03-18 13:56 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqbkup.exe
2017-04-25 22:23 - 2017-03-18 13:56 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa10.tlb
2017-04-25 22:23 - 2017-03-18 13:56 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
2017-04-25 22:23 - 2017-03-18 13:56 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcertui.dll
2017-04-25 22:23 - 2017-03-18 13:56 - 00009096 _____ C:\WINDOWS\system32\msmqtrc.mof
2017-04-25 22:18 - 2015-08-05 21:45 - 00000000 ____D C:\Users\owner\AppData\Local\Packages
2017-04-25 22:04 - 2015-08-05 21:46 - 00000000 ___RD C:\Users\owner\OneDrive
2017-04-25 22:02 - 2017-03-18 14:03 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-04-25 22:02 - 2015-08-05 21:45 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-04-25 21:48 - 2017-03-18 14:03 - 00000000 ____D C:\ProgramData\USOPrivate
2017-04-25 21:42 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-04-25 21:40 - 2017-03-18 19:31 - 00000000 ____D C:\WINDOWS\HoloShell
2017-04-25 21:40 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\Registration
2017-04-25 21:40 - 2015-08-05 21:44 - 00022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-04-25 21:39 - 2017-03-18 14:03 - 00000000 __RSD C:\WINDOWS\Media
2017-04-25 21:39 - 2017-03-18 14:03 - 00000000 __RHD C:\Users\Public\Libraries
2017-04-25 21:39 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-04-25 21:37 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-04-25 21:37 - 2017-03-18 04:40 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-04-25 21:37 - 2016-10-31 04:51 - 00000000 ____D C:\Program Files\Common Files\logishrd
2017-04-25 21:37 - 2016-06-03 10:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat
2017-04-25 21:37 - 2016-05-30 02:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\vShare Helper
2017-04-25 21:37 - 2016-05-15 21:13 - 00000000 ____D C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Private Internet Access
2017-04-25 21:37 - 2016-05-12 21:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Air Video Server HD
2017-04-25 21:37 - 2016-05-03 10:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2017-04-25 21:37 - 2016-05-02 11:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TightVNC
2017-04-25 21:37 - 2016-04-21 10:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2
2017-04-25 21:37 - 2016-04-14 16:12 - 00000000 ____D C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TransMac
2017-04-25 21:37 - 2016-03-25 09:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cygwin
2017-04-25 21:37 - 2016-03-15 10:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2017-04-25 21:37 - 2016-03-08 18:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2017-04-25 21:37 - 2016-03-01 22:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2017-04-25 21:37 - 2016-02-23 12:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bulk Rename Utility
2017-04-25 21:37 - 2016-02-23 12:01 - 00000000 ____D C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
2017-04-25 21:37 - 2016-02-23 12:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
2017-04-25 21:37 - 2016-02-23 11:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LameXP v4.13
2017-04-25 21:37 - 2016-02-22 12:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\i-Funbox DevTeam
2017-04-25 21:37 - 2016-01-22 17:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-04-25 21:37 - 2016-01-16 14:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2017-04-25 21:37 - 2016-01-12 16:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExpressVPN
2017-04-25 21:37 - 2015-10-12 10:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2017-04-25 21:37 - 2015-09-22 03:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bonjour Print Services
2017-04-25 21:37 - 2015-09-10 22:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Red Giant
2017-04-25 21:37 - 2015-09-10 22:15 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-04-25 21:37 - 2015-08-29 00:05 - 00000000 ____D C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-04-25 21:37 - 2015-08-29 00:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-04-25 21:37 - 2015-06-17 21:44 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Media Suite
2017-04-25 21:37 - 2015-06-17 21:31 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2017-04-25 21:37 - 2015-06-17 21:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility
2017-04-25 21:37 - 2011-10-18 10:31 - 00000000 ____D C:\WINDOWS\en
2017-04-25 21:37 - 2011-10-18 10:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-04-25 21:33 - 2017-03-24 09:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-04-25 21:33 - 2017-03-18 14:03 - 00000000 __SHD C:\Program Files\Windows Sidebar
2017-04-25 21:33 - 2017-03-18 14:03 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2017-04-25 21:33 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-04-25 21:33 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2017-04-25 21:33 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-04-25 21:33 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\system32\spool
2017-04-25 21:33 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-04-25 21:33 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-04-25 21:33 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\system32\IME
2017-04-25 21:33 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\schemas
2017-04-25 21:33 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-04-25 21:33 - 2017-03-18 14:03 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-04-25 21:33 - 2017-02-22 08:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TunesKit for Windows
2017-04-25 21:33 - 2017-02-07 04:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-04-25 21:33 - 2017-02-05 14:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2017
2017-04-25 21:33 - 2016-11-01 02:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sonarr
2017-04-25 21:33 - 2016-10-31 05:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
2017-04-25 21:33 - 2016-10-17 06:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TakeOwnershipEx
2017-04-25 21:33 - 2016-08-06 18:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2017-04-25 21:33 - 2016-08-06 00:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AirServer Universal (x64)
2017-04-25 21:33 - 2016-07-06 15:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2017-04-25 21:33 - 2016-05-12 14:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
2017-04-25 21:33 - 2016-03-25 17:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2017-04-25 21:33 - 2016-03-25 09:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cygwin-X
2017-04-25 21:33 - 2016-02-28 20:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMazing
2017-04-25 21:33 - 2015-08-06 08:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon
2017-04-25 21:33 - 2015-06-17 21:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio
2017-04-25 21:33 - 2015-06-17 21:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
2017-04-25 21:33 - 2015-06-17 21:35 - 00000000 ____D C:\Program Files\Intel
2017-04-25 21:33 - 2013-06-19 12:15 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-04-25 21:33 - 2011-02-18 13:08 - 00000000 ____D C:\WINDOWS\system32\SPReview
2017-04-25 21:33 - 2011-02-18 12:48 - 00000000 ____D C:\WINDOWS\system32\EventProviders
2017-04-25 21:33 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files\Microsoft Games
2017-04-25 21:32 - 2017-03-22 02:43 - 00000000 ____D C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2017-04-25 21:32 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2017-04-25 21:32 - 2017-02-21 10:49 - 00000000 ____D C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileBot
2017-04-25 21:32 - 2017-01-17 01:33 - 00000000 ____D C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nexon
2017-04-25 21:32 - 2016-11-01 02:27 - 00000000 ____D C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Novaroma
2017-04-25 21:32 - 2016-11-01 01:49 - 00000000 ____D C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Alagorn
2017-04-25 21:32 - 2016-08-29 16:15 - 00000000 ____D C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wunderlist
2017-04-25 21:32 - 2016-07-21 06:16 - 00000000 ____D C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 2.7
2017-04-25 21:32 - 2016-02-16 03:08 - 00000000 ____D C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sling
2017-04-25 21:32 - 2016-01-24 09:11 - 00000000 ____D C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
2017-04-25 21:32 - 2015-10-14 23:10 - 00000000 ____D C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Slack Technologies
2017-04-25 21:32 - 2009-07-13 20:20 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-04-25 21:31 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\Help
2017-04-25 21:31 - 2017-03-18 04:40 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-04-25 20:59 - 2009-07-28 23:03 - 00008192 __RSH C:\BOOTSECT.BAK
2017-04-25 20:40 - 2015-08-29 03:30 - 00000000 ___RD C:\Users\owner\Dropbox
2017-04-23 21:46 - 2016-03-13 11:10 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-04-21 14:57 - 2016-03-01 20:47 - 00000000 ____D C:\ProgramData\Oracle
2017-04-20 13:26 - 2015-08-29 03:29 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-04-17 10:48 - 2015-08-06 18:34 - 00000000 ____D C:\ProgramData\Package Cache
2017-04-14 11:55 - 2016-06-13 16:52 - 00000000 ____D C:\ProgramData\Wondershare Video Converter Ultimate
2017-04-14 06:41 - 2013-06-19 12:15 - 148601744 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-04-02 21:56 - 2016-05-03 10:25 - 00000000 ____D C:\Users\owner\AppData\Roaming\vlc
2017-04-02 21:48 - 2016-03-01 22:06 - 00000000 ____D C:\Program Files (x86)\Java
2017-03-30 05:09 - 2016-06-13 16:54 - 00000000 ____D C:\Users\owner\AppData\Roaming\Wondershare Video Converter Ultimate
==================== Files in the root of some directories =======
2016-04-28 00:00 - 2016-04-28 10:44 - 0000033 _____ () C:\Users\owner\AppData\Roaming\AdobeWLCMCache.dat
2016-01-15 20:05 - 2016-07-01 20:52 - 0000600 _____ () C:\Users\owner\AppData\Roaming\winscp.rnd
2016-03-01 21:33 - 2016-03-01 22:38 - 0000600 _____ () C:\Users\owner\AppData\Local\PUTTY.RND
2016-05-24 17:11 - 2015-12-28 09:48 - 0023856 _____ () C:\Users\owner\AppData\Local\Z@!-eb7e14c6-0374-425d-97d7-7f8fee4f9e21.tmp
2016-05-24 17:35 - 2015-12-28 09:48 - 0022832 _____ () C:\Users\owner\AppData\Local\Z@S!-8e034aa6-52c5-41e7-9d16-438b623fecfc.tmp
2017-02-05 14:18 - 2017-02-05 14:18 - 0219150 _____ () C:\ProgramData\1486329465.bdinstall.bin
2017-03-02 04:48 - 2017-03-02 04:48 - 0029975 _____ () C:\ProgramData\agent.update.1488455290.bdinstall.bin
2017-02-05 14:23 - 2017-02-05 14:23 - 0378798 _____ () C:\ProgramData\cl.1486329579.bdinstall.bin
2017-04-27 10:51 - 2017-04-27 10:51 - 0086358 _____ () C:\ProgramData\cl.1493315466.bdinstall.bin
2017-02-05 14:23 - 2017-02-05 14:23 - 0055880 _____ () C:\ProgramData\dm.1486329825.bdinstall.bin
2017-04-26 16:04 - 2017-04-26 16:04 - 0040612 _____ () C:\ProgramData\dm.update.1493247873.bdinstall.bin
2017-01-17 02:05 - 2017-01-17 02:05 - 0000016 _____ () C:\ProgramData\mntemp
2015-06-17 21:44 - 2015-06-17 21:44 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2015-06-17 21:43 - 2015-06-17 21:44 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2015-06-17 21:43 - 2015-06-17 21:43 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
Some files in TEMP:
====================
2017-04-27 11:07 - 2017-04-27 11:07 - 0079904 _____ () C:\Users\owner\AppData\Local\Temp\i4jdel0.exe
2017-04-27 11:04 - 2015-08-06 08:11 - 0178072 _____ (Nexon) C:\Users\owner\AppData\Local\Temp\NGM.exe
2017-04-27 11:04 - 2015-08-06 08:11 - 0948120 _____ (Nexon) C:\Users\owner\AppData\Local\Temp\NGMDll.dll
2017-04-27 11:04 - 2015-08-27 22:17 - 0405504 _____ (Nexon) C:\Users\owner\AppData\Local\Temp\NGMResource.dll
2017-04-26 16:18 - 2017-04-26 16:18 - 4749736 _____ (AgileBits Inc.                                              ) C:\Users\owner\AppData\Local\Temp\tmp8462.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-04-25 21:30
==================== End of FRST.txt ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-04-2017
Ran by owner (27-04-2017 11:16:10)
Running from C:\Users\owner\Desktop
Windows 10 Home Version 1703 (X64) (2017-04-26 05:02:21)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-2097371829-1539454751-4000040218-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2097371829-1539454751-4000040218-503 - Limited - Disabled)
Guest (S-1-5-21-2097371829-1539454751-4000040218-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2097371829-1539454751-4000040218-1004 - Limited - Enabled)
owner (S-1-5-21-2097371829-1539454751-4000040218-1000 - Administrator - Enabled) => C:\Users\owner
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Antispyware (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {078AF241-05A3-0EFF-40E0-3E0D69EA140A}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
1Password 6 (HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\{507707B9-C68C-4986-A4AD-F25B24C152FA}_is1) (Version: 6.6.407 - AgileBits Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 24.0.0.180 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.7.0.272 - Adobe Systems Incorporated)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.4 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Aimersoft Helper Compact 2.5.1 (HKLM-x32\...\{405147F7-FCC5-499B-A27E-EA6BD4A80435}_is1) (Version: 2.5.1 - Aimersoft)
Air Video Server HD 2.2.3-beta7 (HKLM-x32\...\Air Video Server HD) (Version: 2.2.3-beta7 - InMethod, s.r.o.)
AirServer Universal (x64) (HKLM\...\{4609FACB-CA11-4902-9623-5E4FBD4D52FB}) (Version: 5.0.6 - App Dynamic)
AirServer Universal (x64) 4.0.31 (HKLM-x32\...\{73d28dd8-64ca-4c40-970e-62004f8767d0}) (Version: 4.0.31 - AppDynamic ehf)
Alagorn (HKLM-x32\...\Alagorn) (Version:  - )
Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ASUS AI Recovery (HKLM-x32\...\{38253529-D97D-4901-AE53-5CC9736D3A2E}) (Version: 1.0.13 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.43 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0011 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0033 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{AECA3622-E634-4A55-A696-70A511CBE06E}) (Version: 2.0.0 - AsusTek Computer Inc.)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.21 - asus)
AsusScr_G74 Series_ENG (HKLM-x32\...\AsusScr_G74 Series_ENG) (Version: 1.0.0001 - ASUS)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.7.142 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0008 - ASUS)
Atom (HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\atom) (Version: 1.9.4 - GitHub Inc.)
AVS Audio Converter 8.0 (HKLM-x32\...\AVS Audio Converter_is1) (Version: 8.0.2.541 - Online Media Technologies Ltd.)
Awesomenauts (HKLM\...\Steam App 204300) (Version:  - Ronimo Games)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Best Buy pc app (Version: 3.3.0.0 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.3.0.0 - Best Buy) Hidden
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 20.0.23.1252 - Bitdefender)
Bitdefender Device Management (HKLM\...\Bitdefender Device Management) (Version: 21.0.22.1050 - Bitdefender)
Bitdefender Total Security 2017 (HKLM\...\Bitdefender) (Version: 21.0.23.1101 - Bitdefender)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bonjour Print Services (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.)
Brawlhalla (HKLM\...\Steam App 291550) (Version:  - Blue Mammoth Games)
Bulk Rename Utility 3.0.0.1 (64-bit) (HKLM\...\Bulk Rename Utility Installation_is1) (Version:  - TGRMN Software)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Castle Crashers (HKLM\...\Steam App 204360) (Version:  - The Behemoth)
CCleaner (HKLM\...\CCleaner) (Version: 5.27 - Piriform)
Controller Companion (HKLM\...\Steam App 367670) (Version:  - Koga Tech Limited)
Crashlands (HKLM\...\Steam App 391730) (Version:  - Butterscotch Shenanigans)
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2926 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1126 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Discord (HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 24.4.16 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ExpressVPN (HKLM-x32\...\{b373232d-3c28-4f53-a88c-fed92cc79ea3}) (Version: 4.2.1.435 - ExpressVPN)
ExpressVPN (x32 Version: 4.2.1.435 - ExpressVPN) Hidden
ExpressVPN Compatibility Checks (x32 Version: 1.0.0.0 - ExpressVPN) Hidden
FileBot (HKLM\...\{5A7319F0-DD49-4716-B0DD-8FCD0111BA31}) (Version: 4.7.8 - Reinhard Pointner)
FINAL FANTASY X/X-2 HD Remaster (HKLM\...\Steam App 359870) (Version:  - SQUARE ENIX)
FINAL FANTASY XIII (HKLM\...\Steam App 292120) (Version:  - SQUARE ENIX)
Fresco Logic USB3.0 Host Controller (HKLM\...\{B1E301A1-C2B4-4B0B-AF31-C71F8A53DCDA}) (Version: 3.0.119.1 - Fresco Logic Inc.)
Genital Jousting (HKLM\...\Steam App 469820) (Version:  - Free Lives)
Google Update Helper (x32 Version: 1.3.33.3 - Google Inc.) Hidden
iFunbox (v3.0.3109.1352) (HKLM-x32\...\iFunbox_is1) (Version: v3.0.3109.1352 - iFunbox DevTeam)
iMazing 2.1.8.0 (HKLM\...\iMazing_is1) (Version: 2.1.8.0 - DigiDNA)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
Intel® PROSet/Wireless WiMAX Software (HKLM\...\{5C1DA3D9-F590-4317-A4FB-274F658E504B}) (Version: 6.05.0000 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 6.0.3.16 - IObit)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Jump Desktop Connect (HKLM-x32\...\{353A2836-D926-4E39-8B98-95001777A872}) (Version: 5.1.5.0 - Phase Five Systems)
LameXP v4.13 (HKLM-x32\...\{FBD7A67D-D700-4043-B54F-DD106D00F308}) (Version: 4.13 Final-1 [Build #1852] - LoRd_MuldeR <mulder2@gmx.de>)
Logitech Gaming Software 8.78 (HKLM\...\Logitech Gaming Software) (Version: 8.78.129 - Logitech Inc.)
Logitech Options (HKLM\...\LogiOptions) (Version:  - Logitech)
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Microsoft OneDrive (HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\OneDriveSetup.exe) (Version: 17.3.6816.0313 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 49.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 49.0.1 (x86 en-US)) (Version: 49.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.1 - Mozilla)
MusicBrainz Picard (HKLM-x32\...\MusicBrainz Picard) (Version: 1.3.2 - MusicBrainz)
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.4.28.00 - NETGEAR Inc.)
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )
Nexon Launcher (HKLM-x32\...\Nexon Nexon Launcher) (Version: 2.0.0 - Nexon)
Novaroma (HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\Novaroma 0.9.93) (Version: 0.9.93 - Novaroma)
Novaroma (x32 Version: 0.9.93 - Novaroma) Hidden
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.11.6.18139 - Electronic Arts, Inc.)
OSC Third Party Libraries (Version: 1.1 - NVIDIA Corporation) Hidden
PAYDAY 2 (HKLM\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2) (Version:  - )
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2-r5875) (Version:  - )
Plex Media Server (HKLM-x32\...\{6cfa815d-cf6e-46ac-bb70-16a5607aaccd}) (Version: 1.5.5.3634 - Plex, Inc.)
Plex Media Server (x32 Version: 1.5.3634 - Plex, Inc.) Hidden
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
Python 2.7.12 (HKLM-x32\...\{9DA28CE5-0AA5-429E-86D8-686ED898C665}) (Version: 2.7.12150 - Python Software Foundation)
Python Launcher (HKLM-x32\...\{963ECCDD-F09F-4C24-9367-8B5D748AA7C8}) (Version: 3.5.2121.0 - Python Software Foundation)
QuickTime (HKLM-x32\...\{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}) (Version: 7.64.17.73 - Apple Inc.)
Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 8.0.66.300 - Razer Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8004 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10001 - Realtek Semiconductor Corp.)
Red Giant Link (HKLM-x32\...\{10F82E5B-B611-4C65-8F29-666A9EC5680A}_is1) (Version: 1.9.6.0 - Red Giant, LLC)
Rotation Desktop for G Series.exe (HKLM\...\Rotation Desktop for G Series_is1) (Version: 1.0.0.9 - ASUSTEK Computer Inc)
Roxio CinePlayer (HKLM-x32\...\{C03F3D5B-0D83-4F81-A324-32F4E7F1BF6A}) (Version: 5.8.58232.1 - Roxio)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.3.6 - NVIDIA Corporation) Hidden
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
Slack (HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\slack) (Version: 2.1.1 - Slack Technologies)
Sling (HKLM-x32\...\{D2F5A09A-5786-432B-875E-F95D8F37AAB4}) (Version: 4.8.149 - Echostar)
Smart Defrag 5 (HKLM-x32\...\Smart Defrag_is1) (Version: 5.5.1 - IObit)
Spotify (HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\Spotify) (Version: 1.0.53.758.gde3fc4b2 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stopping Plex (x32 Version: 1.5.3634 - Plex, Inc.) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.16.1 - Synaptics Incorporated)
TakeOwnershipEx (HKLM-x32\...\TakeOwnershipEx) (Version: 1.2.0.1 - hxxp://winaero.com)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
Terraria (HKLM\...\Steam App 105600) (Version:  - Re-Logic)
THX TruStudio (HKLM-x32\...\{B11AB9C8-18A6-41DC-98B4-4988CC030136}) (Version: 1.03.01 - Creative Technology Limited)
TightVNC (HKLM\...\{D2372F87-7DA2-47F7-A102-AF2181B8EAA2}) (Version: 2.7.10.0 - GlavSoft LLC.)
TransMac version 11.1 (HKLM-x32\...\TransMac_is1) (Version: 11.1 - Acute Systems)
Trapcode Suite v12.1.9 (HKLM-x32\...\{DFD2DC6B-C634-4C1C-81CC-5EF852E71CEE}_is1) (Version: 12.1.9 - Red Giant, LLC)
TunesGo version 9.0.0.24 (HKLM-x32\...\{F6C14121-D8F5-416C-9522-FEEE5CFAA357}_is1) (Version: 9.0.0.24 - Wondershare)
TunesKit for Windows 2.8.6.135 (HKLM-x32\...\TunesKit for Windows_is1) (Version:  - TunesKit, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
vShare Helper (HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\vShare Helper) (Version: 2.0.0.0 - vShare.com Co.,LTD)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.7.5.0 - Azureus Software, Inc.)
WD Drive Utilities (HKLM-x32\...\{eab1fb93-61fb-48de-b815-b4e9b68d2ef1}) (Version: 1.3.2.2 - Western Digital Technologies, Inc.)
WD Drive Utilities (x32 Version: 1.3.2.2 - Western Digital Technologies, Inc.) Hidden
WD Quick View (HKLM-x32\...\{F4F2EF32-EAFE-4F87-B7DC-E19C9F8E76FC}) (Version: 2.4.16.16 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{515B34CA-1229-4EDA-AE7C-53CBA68B8A7A}) (Version: 2.4.16.16 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{4555885d-a64c-4234-9aac-72a8a6b5590b}) (Version: 2.4.16.16 - Western Digital Technologies, Inc.)
WinDirStat 1.1.2 (HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\WinDirStat) (Version:  - )
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17387 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.31.1 - ASUS)
WinRAR 5.30 beta 3 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.3 - win.rar GmbH)
WinSCP 5.8 beta (HKLM-x32\...\winscp3_is1) (Version: 5.8 beta - Martin Prikryl)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.19 - ASUS)
Wondershare Helper Compact 2.5.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.0 - Wondershare)
Wondershare TidyMyMusic(Build 1.0.4.1) (HKLM-x32\...\Wondershare TidyMyMusic_is1) (Version: 1.0.4.1 - Wondershare Software)
Wondershare Video Converter Ultimate(Build 9.0.1.4) (HKLM-x32\...\Wondershare Video Converter Ultimate_is1) (Version: 9.0.1.4 - Wondershare Software)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2097371829-1539454751-4000040218-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {004A58C0-8E0D-4C70-9C55-2D0CCB0C4CBF} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-cameron_breon@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-05-05] (Adobe Systems Incorporated)
Task: {01C995FF-D178-4E7B-AC4A-9E950006A207} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {0837D897-84CB-4E30-A8DD-807937A81DFC} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe
Task: {0B73674E-C6D4-48C7-819E-B30BE3B33E1D} - System32\Tasks\Bitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C => C:\Program Files\Bitdefender\Bitdefender 2017\bdagent.exe [2017-04-24] (Bitdefender)
Task: {0BC0F8F7-8717-46C4-ACF0-3C3002483B72} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS)
Task: {0F1FC558-90E6-41AA-8D37-4FBE69053762} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe
Task: {148318FC-5974-4508-A415-B3AFD16E5DDB} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe
Task: {153B39DA-63F3-418F-9204-D1DFA33706B5} - System32\Tasks\SmartDefrag_AutoAnalyze => C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe [2016-06-06] (IObit)
Task: {1B373B4F-13B7-42EC-AC4D-E84251E29056} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {1C29438F-2AEB-48A4-A281-E09E538B58FE} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {1E5B1CAD-F5CC-4874-9F77-12DADC873DDA} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2016-09-26] ()
Task: {1EA6BABF-2A17-4094-95DA-5BFC50C33BB0} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-04-12] (Adobe Systems Incorporated)
Task: {247CF5C2-8E71-4D8F-927F-6DB051425FF2} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe [2017-04-19] (IObit)
Task: {29308477-8F7E-4D4F-92D5-F1534E61B6F5} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe
Task: {294CD425-3173-4482-9F2E-F3C1486085C4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {2C1A3FD8-7157-45E6-B61F-224016A51B75} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-04-14] (Microsoft Corporation)
Task: {349FB16D-6A2A-4014-81AC-2537C1B7535E} - \ASC10_SkipUac_owner -> No File <==== ATTENTION
Task: {3C9616B2-742C-4820-AFAE-F3D2459E9677} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe
Task: {3D60A1A4-9DDA-43EC-AB58-533DF9EEC978} - System32\Tasks\Uninstaller_SkipUac_owner => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-10-10] (IObit)
Task: {3D966D87-5FE5-4FBC-8E90-DB0F48E454DB} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe
Task: {3E3E65EA-6693-4ACC-947D-206853F50D65} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe
Task: {42145BE5-4059-431F-919A-1A381C5966DE} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {4B2E98BD-5701-4ADF-8F77-897B1E96FDD4} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2016-06-08] (Adobe Systems Incorporated)
Task: {50BE01A0-B5D8-4280-AA39-6572C7534D87} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {5F09B547-1F33-4183-9C04-33A7019206DE} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-06-09] (Dropbox, Inc.)
Task: {6FECF9BE-AED8-4627-80ED-91FF5361960F} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe
Task: {71B4ADCE-DE36-481E-A675-680EC546C303} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [2017-04-10] (IObit)
Task: {72520A89-E8A0-478B-871D-E44032C0CF9D} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-06-09] (Dropbox, Inc.)
Task: {773492A6-4F08-4DAF-9C1B-778BC17ACAED} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe
Task: {78588675-6CF3-4E50-B5B1-1EC34EAA2F6B} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe
Task: {7BB7D7CD-CBF7-4160-BEAF-428FDBA82224} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-02-07] (Piriform Ltd)
Task: {7DDF9673-8D0B-4652-B795-1BEAD1206B65} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe
Task: {7EDE8F4F-F7ED-49E4-BF4C-0EB837410327} - System32\Tasks\ASUS Patch 10430001 => C:\Windows\AsPatch10430001.exe [2010-07-29] ()
Task: {84BB3679-F626-429B-8BD8-42733FEF4089} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {88415078-1A54-421E-A69A-4AFB425B8020} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {8C20D133-E9E4-4192-8A05-E42B7BAA704A} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2017-01-18] (Realtek Semiconductor)
Task: {8F83371A-5339-421C-8728-BACFA4844437} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2017-01-18] (Realtek Semiconductor)
Task: {90DBD7D5-EB63-48AD-9C6B-ECAEB11EADB1} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-12-01] (ASUS)
Task: {947FE830-2405-4886-B91E-04EBEED69470} - System32\Tasks\Plex VPN Bypass => D:\Plex\VPN Bypass for Plex Media Server.bat [2017-01-22] ()
Task: {98E5DF26-6B3D-493E-80FE-1E4310F62C80} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {A2FE042F-4953-4C9A-8E1F-002A8BAEDF69} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {AA921623-B84A-4EC8-A6DA-5D46323FC6D9} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe
Task: {BA4A5F06-F410-4109-A507-B3B6093C8DAF} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {C778374C-94FE-41B0-B705-5FC952201AC0} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe
Task: {D3AC7C52-016A-47DC-B4EB-11377F27A303} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2017-02-02] (Bitdefender)
Task: {D5A31C77-A0EF-471B-9ADC-E3DB6C21158F} - System32\Tasks\IObitSelfCheckTask => C:\Program Files (x86)\IObit\Smart Defrag\IObitSelfCheck.exe [2016-10-18] (IObit)
Task: {D675CE6F-65A6-41F3-B64B-0A46F56F1BC2} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {D6D374A6-A4E4-465B-AE81-13EF92C602C2} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2011-05-30] (ASUS)
Task: {D9CD3B63-94DB-4832-BDDF-C06A1F1D94C7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {DCF1BA67-83F4-4054-A1C2-D4157A2494EC} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec.exe
Task: {DD548504-31EE-43FF-A573-1E9BCB56DC76} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe
Task: {E1541548-2CD1-4BE8-A489-8A3CDF254F96} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {E57FADB7-5BF3-4303-A480-A62AAFC871C0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {E959E007-A71C-4952-8EA8-22DE146D6227} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe
Task: {EBC60325-212F-4351-AD13-9823CB3A5788} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2010-11-15] (ASUS)
Task: {EF0097B2-3AA2-40A6-8093-2B5278E5AB71} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate.exe
Task: {F0496437-71B1-4E96-9E9C-3BC2F52CDE46} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {F2CC6053-33BE-47D7-A0C1-1A32375B891E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {FACB8164-0888-403B-B4E6-7F59329EA90F} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe
Task: {FBC8485F-A585-489F-8E2C-C65FEABC1BEF} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {FFEE4F98-789F-4BC5-9EBF-91D4AC658C46} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_owner.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start_process.bat.lnk -> C:\Program Files (x86)\TraktForVLC\windows_batch\start_process.bat ()
==================== Loaded Modules (Whitelisted) ==============
2017-04-24 07:03 - 2017-04-24 07:03 - 00111832 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\bdmetrics.dll
2017-02-07 03:50 - 2017-02-07 03:50 - 01008448 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\otengines_02451_002\ashttpbr.mdl
2017-02-07 03:50 - 2017-02-07 03:50 - 00541952 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\otengines_02451_002\ashttpdsp.mdl
2017-02-07 03:50 - 2017-02-07 03:50 - 03243920 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\otengines_02451_002\ashttpph.mdl
2017-02-07 03:50 - 2017-02-07 03:50 - 01544568 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\otengines_02451_002\ashttprbl.mdl
2017-04-25 21:31 - 2016-10-01 12:53 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 14:56 - 2017-01-13 14:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-05-15 21:13 - 2016-09-26 10:03 - 07711966 _____ () C:\Program Files\pia_manager\pia_manager.exe
2017-03-18 13:58 - 2017-03-18 13:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2016-05-22 19:33 - 2016-05-22 19:33 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2017-04-01 02:12 - 2015-02-27 14:38 - 00721263 ____N () C:\WINDOWS\SysWOW64\WSCM64.dll
2017-03-18 13:59 - 2017-03-18 19:31 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-04-26 09:40 - 2017-04-26 09:40 - 00077312 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.14.662.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-04-26 09:40 - 2017-04-26 09:40 - 00190464 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.14.662.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-04-26 09:40 - 2017-04-26 09:40 - 43011072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.14.662.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-04-26 09:40 - 2017-04-26 09:40 - 02451456 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.14.662.0_x64__kzf8qxf38zg5c\skypert.dll
2016-12-16 13:03 - 2016-12-16 13:03 - 00054488 _____ () C:\Program Files\CCleaner\branding.dll
2016-05-15 21:13 - 2016-09-26 10:03 - 00693760 _____ () C:\Program Files\pia_manager\openvpn.exe
2016-05-15 21:13 - 2016-09-26 10:03 - 00190317 _____ () C:\Program Files\pia_manager\liblzo2-2.dll
2016-05-15 21:13 - 2016-09-26 10:03 - 00108441 _____ () C:\Program Files\pia_manager\libpkcs11-helper-1.dll
2016-05-15 21:13 - 2016-09-26 10:03 - 00144896 _____ () C:\Program Files\pia_manager\pia-openvpn.dll
2017-04-24 07:02 - 2017-04-24 07:02 - 00023328 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\lang\en-us\bdsystray.txtui
2017-04-27 11:02 - 2017-04-27 11:02 - 00468480 _____ () C:\Users\owner\Desktop\CKScanner.exe
2015-06-17 21:40 - 2010-06-08 13:23 - 00236544 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2017-04-12 14:29 - 2017-04-12 14:29 - 00083432 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
2017-04-12 14:29 - 2017-04-12 14:29 - 00203240 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
2017-04-25 21:05 - 2016-01-11 17:03 - 00899872 _____ () C:\Program Files (x86)\IObit\Smart Defrag\webres.dll
2017-04-25 21:05 - 2016-01-11 17:02 - 00630048 _____ () C:\Program Files (x86)\IObit\Smart Defrag\ProductStatistics.dll
2017-04-27 11:06 - 2017-04-27 11:06 - 00012800 _____ () C:\Users\owner\AppData\Local\Temp\ocr30E3.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2017-04-27 11:06 - 2017-04-27 11:06 - 00009728 _____ () C:\Users\owner\AppData\Local\Temp\ocr30E3.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2017-04-27 11:06 - 2017-04-27 11:06 - 00014848 _____ () C:\Users\owner\AppData\Local\Temp\ocr30E3.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2017-04-27 11:06 - 2017-04-27 11:06 - 00094208 _____ () C:\Users\owner\AppData\Local\Temp\ocr30E3.tmp\src\rgloader\rgloader193.mswin.so
2017-04-27 11:06 - 2017-04-27 11:06 - 00009216 _____ () C:\Users\owner\AppData\Local\Temp\ocr30E3.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2017-04-27 11:06 - 2017-04-27 11:06 - 00094208 _____ () C:\Users\owner\AppData\Local\Temp\ocr30E3.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2017-04-27 11:06 - 2017-04-27 11:06 - 00126976 _____ () C:\Users\owner\AppData\Local\Temp\ocr30E3.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2017-04-27 11:06 - 2017-04-27 11:06 - 00087552 _____ () C:\Users\owner\AppData\Local\Temp\ocr30E3.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2017-04-27 11:06 - 2017-04-27 11:06 - 00016384 _____ () C:\Users\owner\AppData\Local\Temp\ocr30E3.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2017-04-27 11:06 - 2017-04-27 11:06 - 00127316 _____ () C:\Users\owner\AppData\Local\Temp\ocr30E3.tmp\bin\libffi-6.dll
2017-04-27 11:06 - 2017-04-27 11:06 - 00008704 _____ () C:\Users\owner\AppData\Local\Temp\ocr30E3.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2017-04-27 11:06 - 2017-04-27 11:06 - 00013312 _____ () C:\Users\owner\AppData\Local\Temp\ocr30E3.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2017-04-27 11:06 - 2017-04-27 11:06 - 00095744 _____ () C:\Users\owner\AppData\Local\Temp\ocr30E3.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2017-04-27 11:06 - 2017-04-27 11:06 - 00026624 _____ () C:\Users\owner\AppData\Local\Temp\ocr30E3.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2017-04-27 11:06 - 2017-04-27 11:06 - 00012800 _____ () C:\Users\owner\AppData\Local\Temp\ocr89C1.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2017-04-27 11:06 - 2017-04-27 11:06 - 00009728 _____ () C:\Users\owner\AppData\Local\Temp\ocr89C1.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2017-04-27 11:06 - 2017-04-27 11:06 - 00014848 _____ () C:\Users\owner\AppData\Local\Temp\ocr89C1.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2017-04-27 11:06 - 2017-04-27 11:06 - 00094208 _____ () C:\Users\owner\AppData\Local\Temp\ocr89C1.tmp\src\rgloader\rgloader193.mswin.so
2017-04-27 11:06 - 2017-04-27 11:06 - 00094208 _____ () C:\Users\owner\AppData\Local\Temp\ocr89C1.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2017-04-27 11:06 - 2017-04-27 11:06 - 00118784 _____ () C:\Users\owner\AppData\Local\Temp\ocr89C1.tmp\lib\ruby\1.9.1\i386-mingw32\socket.so
2017-04-27 11:06 - 2017-04-27 11:06 - 00069120 _____ () C:\Users\owner\AppData\Local\Temp\ocr89C1.tmp\lib\ruby\1.9.1\i386-mingw32\zlib.so
2017-04-27 11:06 - 2017-04-27 11:06 - 00083968 _____ () C:\Users\owner\AppData\Local\Temp\ocr89C1.tmp\bin\zlib1.dll
2017-04-27 11:06 - 2017-04-27 11:06 - 00026624 _____ () C:\Users\owner\AppData\Local\Temp\ocr89C1.tmp\lib\ruby\1.9.1\i386-mingw32\stringio.so
2017-04-27 11:06 - 2017-04-27 11:06 - 00275968 _____ () C:\Users\owner\AppData\Local\Temp\ocr89C1.tmp\lib\ruby\1.9.1\i386-mingw32\openssl.so
2017-04-27 11:06 - 2017-04-27 11:06 - 00015360 _____ () C:\Users\owner\AppData\Local\Temp\ocr89C1.tmp\lib\ruby\1.9.1\i386-mingw32\digest.so
2017-04-27 11:06 - 2017-04-27 11:06 - 00008192 _____ () C:\Users\owner\AppData\Local\Temp\ocr89C1.tmp\lib\ruby\1.9.1\i386-mingw32\fcntl.so
2017-04-27 11:06 - 2017-04-27 11:06 - 00009216 _____ () C:\Users\owner\AppData\Local\Temp\ocr89C1.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2017-04-27 11:06 - 2017-04-27 11:06 - 00023552 _____ () C:\Users\owner\AppData\Local\Temp\ocr89C1.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\parser.so
2017-04-27 11:06 - 2017-04-27 11:06 - 00008704 _____ () C:\Users\owner\AppData\Local\Temp\ocr89C1.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16be.so
2017-04-27 11:06 - 2017-04-27 11:06 - 00008704 _____ () C:\Users\owner\AppData\Local\Temp\ocr89C1.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2017-04-27 11:06 - 2017-04-27 11:06 - 00008704 _____ () C:\Users\owner\AppData\Local\Temp\ocr89C1.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32be.so
2017-04-27 11:06 - 2017-04-27 11:06 - 00008704 _____ () C:\Users\owner\AppData\Local\Temp\ocr89C1.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32le.so
2017-04-27 11:06 - 2017-04-27 11:06 - 00036352 _____ () C:\Users\owner\AppData\Local\Temp\ocr89C1.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\generator.so
2017-04-27 11:06 - 2017-04-27 11:06 - 00126976 _____ () C:\Users\owner\AppData\Local\Temp\ocr89C1.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2017-04-27 11:06 - 2017-04-27 11:06 - 00087552 _____ () C:\Users\owner\AppData\Local\Temp\ocr89C1.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2017-04-27 11:06 - 2017-04-27 11:06 - 00016384 _____ () C:\Users\owner\AppData\Local\Temp\ocr89C1.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2017-04-27 11:06 - 2017-04-27 11:06 - 00127316 _____ () C:\Users\owner\AppData\Local\Temp\ocr89C1.tmp\bin\libffi-6.dll
2017-04-27 11:06 - 2017-04-27 11:06 - 00013312 _____ () C:\Users\owner\AppData\Local\Temp\ocr89C1.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2017-04-27 11:06 - 2017-04-27 11:06 - 00095744 _____ () C:\Users\owner\AppData\Local\Temp\ocr89C1.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2017-04-27 11:07 - 2017-04-27 11:07 - 00026624 _____ () C:\Users\owner\AppData\Local\Temp\ocr89C1.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2016-07-21 16:27 - 2016-09-26 10:03 - 00939520 _____ () C:\Program Files\pia_manager\pia_tray_bin\nw-win\ffmpeg.dll
2016-07-21 16:27 - 2016-09-26 10:03 - 03115520 _____ () C:\Program Files\pia_manager\pia_tray_bin\nw-win\node.dll
2016-10-31 05:15 - 2016-06-21 19:30 - 00442144 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2016-10-31 05:15 - 2016-06-21 19:29 - 00210720 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2016-10-31 05:15 - 2016-06-21 19:29 - 00059680 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2016-10-31 05:15 - 2015-12-28 13:50 - 00899872 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\webres.dll
2016-10-31 05:15 - 2016-09-26 13:59 - 00631072 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\ProductStatistics.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
AlternateDataStreams: C:\Users\owner\Amazon Drive:com.amazon.drive.sync [86]
AlternateDataStreams: C:\Users\owner\Amazon Drive:com.amazon.drive.sync.root [42]
AlternateDataStreams: C:\Users\owner\Desktop\CKScanner.exe:BDU [0]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetSetupSvc => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 19:34 - 2017-04-26 15:26 - 00003083 ____A C:\WINDOWS\system32\Drivers\etc\hosts
0.0.0.0 a.ads1.msn.com
0.0.0.0 a.ads2.msads.net
0.0.0.0 a.ads2.msn.com
0.0.0.0 a.rad.msn.com
0.0.0.0 a-0001.a-msedge.net
0.0.0.0 a-0002.a-msedge.net
0.0.0.0 a-0003.a-msedge.net
0.0.0.0 a-0004.a-msedge.net
0.0.0.0 a-0005.a-msedge.net
0.0.0.0 a-0006.a-msedge.net
0.0.0.0 a-0007.a-msedge.net
0.0.0.0 a-0008.a-msedge.net
0.0.0.0 a-0009.a-msedge.net
0.0.0.0 ac3.msn.com
0.0.0.0 ad.doubleclick.net
0.0.0.0 adnexus.net
0.0.0.0 adnxs.com
0.0.0.0 ads.msn.com
0.0.0.0 ads1.msads.net
0.0.0.0 ads1.msn.com
0.0.0.0 aidps.atdmt.com
0.0.0.0 aka-cdn-ns.adtech.de
0.0.0.0 a-msedge.net
0.0.0.0 az361816.vo.msecnd.net
0.0.0.0 az512334.vo.msecnd.net
0.0.0.0 b.ads1.msn.com
0.0.0.0 b.ads2.msads.net
0.0.0.0 b.rad.msn.com
0.0.0.0 bs.serving-sys.com
0.0.0.0 c.atdmt.com
There are 66 more lines.

==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\Control Panel\Desktop\\Wallpaper -> D:\User Files\Downloads\199174.png
DNS Servers: 192.168.1.1 - 209.222.18.222
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\Run: => "THXCfg64"
HKLM\...\StartupApproved\Run: => "Launch LCore"
HKLM\...\StartupApproved\Run: => "LogiOptions"
HKLM\...\StartupApproved\Run32: => "CLMLServer"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "LWS"
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\StartupApproved\StartupFolder: => "Slack.lnk"
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\StartupApproved\Run: => "AirVideoServerHD"
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\StartupApproved\Run: => "AirServer64"
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\StartupApproved\Run: => "iFunBox"
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\StartupApproved\Run: => "KakaoTalk"
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\StartupApproved\Run: => "NETGEARGenie"
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\StartupApproved\Run: => "Lync"
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\StartupApproved\Run: => "Jump Connect"
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\StartupApproved\Run: => "KeepVidMusicService"
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\StartupApproved\Run: => "TunesGoService"
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\StartupApproved\Run: => "Pushbullet"
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\StartupApproved\Run: => "1Password 6"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{5BE38FAB-1FD9-4459-AEE0-47A1B1694657}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{CD1CBE7A-7631-48BC-9FF0-8BFE54673FDA}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe
FirewallRules: [{A7D704C2-8F24-498B-9142-D46D90D2A056}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe
FirewallRules: [{9D0E1A68-2577-4D1F-A75B-C8FEC38E54A3}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{075E043E-8E50-4A5E-BAAB-2BD145F0AD71}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [{2D418C4E-8A46-410A-81C2-1AD29F05E455}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\57.0.2987.37\remoting_host.exe
FirewallRules: [{B7582443-9422-416A-80D3-5655621A1D62}] => (Allow) D:\SteamLibrary\steamapps\common\Awesomenauts\Beta\AwesomenautsLauncher.exe
FirewallRules: [{E26AA222-28CC-450C-A25A-8D32E744DF69}] => (Allow) D:\SteamLibrary\steamapps\common\Awesomenauts\Beta\AwesomenautsLauncher.exe
FirewallRules: [{810F5B56-92E0-4CAC-80E1-533A98FB6B67}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{69E2070A-187C-40A3-A6A3-E4B8A58AFF9E}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{2148387A-1E2E-4084-89AF-8E63827D0864}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{BAE9E7E3-17FA-40EA-9FC5-128302AFF91E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3DF42E92-3F8B-4634-A027-DA9F20F31338}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FCF41246-6005-4EA2-B12F-D5521BF4A05E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6A8737EA-DB37-4FDA-B736-AB40DD8397D8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{904C254E-04A4-48A5-8578-6FD09E7C4167}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{F55A9031-54CA-4BBF-BF48-287EF619DDB2}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{C2E39B4B-5EF0-4ADF-97D3-0EDD81B2101A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E96EB43C-9791-43D4-83DB-9430DE7EE39C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{587CFE2C-D644-4844-B38B-3347FDDF6CA9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{6819FF11-FF54-4954-9C70-ED7384512D50}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{C22CEBD6-EAA3-48FB-AB33-269B3BD7D322}] => (Allow) D:\SteamLibrary\steamapps\common\Awesomenauts\AwesomenautsLauncher.exe
FirewallRules: [{C38D9F21-D850-4B3A-B6DC-FD9C13F1B6D3}] => (Allow) D:\SteamLibrary\steamapps\common\Awesomenauts\AwesomenautsLauncher.exe
FirewallRules: [{D7774865-2E9C-4EF6-9898-E7EBDE682FB9}] => (Allow) D:\SteamLibrary\steamapps\common\GenitalJousting\GenitalJousting.exe
FirewallRules: [{61599A9F-1052-4CB5-A8FC-C750CE2C9D82}] => (Allow) D:\SteamLibrary\steamapps\common\GenitalJousting\GenitalJousting.exe
FirewallRules: [{607F3F34-81B4-4D16-996C-0B9D3CDD3DFB}] => (Allow) C:\Users\owner\AppData\Roaming\Novaroma\Novaroma.exe
FirewallRules: [{56A4FFA5-43BA-446C-A754-2755F0125314}] => (Allow) LPort=8989
FirewallRules: [{5FA00DE5-DE61-4163-93DB-6304EBC0A484}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9BC76B1D-F797-4CEE-93CB-4E622EA51C5A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{88DBF0F1-D9F9-46F3-9833-8DD3D9E3774B}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{6F815CC6-D63D-45FA-B759-C5AEA04D5144}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
FirewallRules: [TCP Query User{3B4558F2-1F8B-4482-B899-1D8FEF255F17}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{72692400-16DD-4203-A99D-9450E8E5E741}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{11B5C64F-1EB3-4A48-8181-CFCF9B3FF362}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{4170FFD9-15C9-4827-90C1-674B751AAECD}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{F7368019-4362-43EA-ADD6-B242E3F58556}C:\program files\app dynamic\airserver\airserver.exe] => (Allow) C:\program files\app dynamic\airserver\airserver.exe
FirewallRules: [UDP Query User{D9158418-781A-4E8C-8304-E5353EBE135C}C:\program files\app dynamic\airserver\airserver.exe] => (Allow) C:\program files\app dynamic\airserver\airserver.exe
FirewallRules: [{F4D5E516-0056-422D-B2B3-16A5B1CF4391}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F44DE217-0AA9-4DBA-9D57-F5C45691DC90}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{89719E5B-C111-4220-A896-76B852CD3F20}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{CB8A2247-336F-4CFA-B2CA-9CE41D3AAFB5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{9EF0B9E7-EF88-4F45-A4DE-BD68191B5606}] => (Allow) C:\Program Files (x86)\Phase Five Systems\Jump Desktop Connect\5.1.5.0\JumpConnect.exe
FirewallRules: [{BA38E6A4-85C5-4637-9BD7-D48BF7337E54}] => (Allow) C:\Program Files (x86)\Phase Five Systems\Jump Desktop Connect\5.1.5.0\JumpConnect.exe
FirewallRules: [{CC675510-1EF2-4FF1-B232-F58FB90AFFBC}] => (Allow) C:\Program Files\TightVNC\tvnserver.exe
FirewallRules: [{6BE326BF-F36D-4CB2-A9EC-B5F624A7B604}] => (Allow) C:\Program Files (x86)\AirVideoServer HD\AirVideoServerUI.exe
FirewallRules: [{BE2312E0-CBE9-4AD4-A74C-559CA905DAD6}] => (Allow) C:\Program Files (x86)\AirVideoServer HD\AirVideoServerUI.exe
FirewallRules: [{C8E69740-1B69-4B62-A72F-D90290C39AE3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{B2CFC903-D697-4BE3-80FF-1510A5D01F64}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{3647C0AB-4807-4E5A-B12C-5979EB2238BC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{F4B20004-0890-4477-A99A-A278F2B74F43}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{088188CB-3901-499C-AB6F-0FC08BD03308}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E8E9A410-B1BD-4394-AC99-6667BE8E76D8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CastleCrashers\castle.exe
FirewallRules: [{2E9564BB-1D5A-4E48-B715-1BD6C93F84DA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CastleCrashers\castle.exe
FirewallRules: [{4D6ACC6A-D419-45C5-893F-53CC72CF69CC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crashlands\Crashlands.exe
FirewallRules: [{231D5801-122A-41B2-9BB6-D0394D81A66E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crashlands\Crashlands.exe
FirewallRules: [{78FBD58E-E16C-42AF-B207-743EE2B628D9}] => (Allow) D:\SteamLibrary\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{7C1DC53C-1E8F-435B-AC44-44A9A8EC75F9}] => (Allow) D:\SteamLibrary\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{2E64AD04-5D94-4628-ACF2-88EEB37E8F0C}] => (Allow) D:\SteamLibrary\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{131786B6-E38A-4166-AB6E-D30BCE9FF960}] => (Allow) D:\SteamLibrary\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{F5575A05-9126-4679-BCE4-1996624A65C1}] => (Allow) D:\SteamLibrary\steamapps\common\Controller Companion\ControllerCompanion.exe
FirewallRules: [{36A161A5-4439-4BCB-BB05-1CF6F0E43C73}] => (Allow) D:\SteamLibrary\steamapps\common\Controller Companion\ControllerCompanion.exe
FirewallRules: [{0DA8BBB5-1C51-4309-A2F4-89ABD5757968}] => (Allow) D:\SteamLibrary\steamapps\common\FINAL FANTASY XIII\FFXiiiLauncher.exe
FirewallRules: [{541F04BD-C186-479B-8875-A1AF27566552}] => (Allow) D:\SteamLibrary\steamapps\common\FINAL FANTASY XIII\FFXiiiLauncher.exe
FirewallRules: [{25B29A49-6E43-44CD-AC0D-EEE6672A9014}] => (Allow) C:\Program Files\App Dynamic\AirServer\AirServer.exe
FirewallRules: [{7DC803B1-8620-4079-93D7-75061E6A77AC}] => (Allow) C:\Program Files\App Dynamic\AirServer\AirServer.exe
FirewallRules: [{AA37A5D9-0DE2-4AD7-8FB4-06AC98264C32}] => (Allow) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE
FirewallRules: [TCP Query User{0D3D3CB3-054A-46C0-9F61-05CEEA6291B1}C:\users\owner\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\owner\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{95E9853F-6A94-4753-A837-4C431F09690F}C:\users\owner\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\owner\appdata\roaming\spotify\spotify.exe
==================== Restore Points =========================
ATTENTION: System Restore is disabled
==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (04/27/2017 11:07:44 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.
Error: (04/27/2017 10:59:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: uninstall.exe_vShare Helper Uninstall Program, version: 2.0.0.0, time stamp: 0x57956393
Faulting module name: HwInfo.dll_unloaded, version: 0.0.0.0, time stamp: 0x429e089e
Exception code: 0xc0000005
Fault offset: 0x00003c90
Faulting process id: 0x2934
Faulting application start time: 0x01d2bf7feeefe457
Faulting application path: C:\Program Files (x86)\vShare Helper\vShare\uninstall.exe
Faulting module path: HwInfo.dll
Report Id: ebb19499-d7b6-4225-a54e-07003606febb
Faulting package full name:
Faulting package-relative application ID:
Error: (04/27/2017 03:42:52 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "c:\program files (x86)\razer\razer cortex\StreamingServicesAPI.dll.Manifest".Error in manifest or policy file "c:\program files (x86)\razer\razer cortex\StreamingServicesAPI.dll.Manifest" on line 2.
The value "F:\joju\projects\XSplitCSDemo\RazerLauncher\Components\StreamingServicesAPI.dll" of attribute "name" in element "urn:schemas-microsoft-com:asm.v1^file" is invalid.
Error: (04/27/2017 03:42:39 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "c:\program files (x86)\adobe\adobe creative cloud\utils\Creative Cloud Uninstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_583b8639f462029f.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_108e4f62dfe5d999.manifest.
Error: (04/27/2017 03:41:51 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
Error: (04/26/2017 05:29:25 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "WmiApRpl" in DLL "C:\WINDOWS\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Error: (04/26/2017 05:29:25 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: The Collect Procedure for the "C:\Windows\System32\winspool.drv" service in DLL "Spooler" generated an exception or returned an invalid status. The performance data returned by the counter DLL will not be returned in the Perf Data Block. The first four bytes (DWORD) of the Data section contains the exception code or status code.
Error: (04/26/2017 05:29:24 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Error: (04/26/2017 04:04:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DevMgmtService.exe, version: 21.0.23.1062, time stamp: 0x5857ea59
Faulting module name: fastprox.dll, version: 10.0.15063.0, time stamp: 0xe706edd1
Exception code: 0xc0000005
Fault offset: 0x00000000000038e2
Faulting process id: 0x818
Faulting application start time: 0x01d2bee168da93fa
Faulting application path: C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe
Faulting module path: C:\WINDOWS\system32\wbem\fastprox.dll
Report Id: dc42952a-f12b-448d-bc82-5a72a9ee97d5
Faulting package full name:
Faulting package-relative application ID:
Error: (04/26/2017 04:03:26 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: owner-PC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

System errors:
=============
Error: (04/27/2017 11:06:29 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The SysMain service terminated with the following error:
The request is not supported.
Error: (04/27/2017 11:06:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (04/27/2017 11:06:28 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
Error: (04/27/2017 11:06:27 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error:
The request is not supported.
Error: (04/27/2017 11:05:45 AM) (Source: DCOM) (EventID: 10010) (User: owner-PC)
Description: The server {0002DF02-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.
Error: (04/27/2017 11:05:45 AM) (Source: DCOM) (EventID: 10010) (User: owner-PC)
Description: The server {0002DF02-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.
Error: (04/26/2017 05:30:42 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The SysMain service terminated with the following error:
The request is not supported.
Error: (04/26/2017 05:30:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (04/26/2017 05:30:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error:
The request is not supported.
Error: (04/26/2017 05:30:42 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

CodeIntegrity:
===================================
  Date: 2017-04-27 11:06:28.968
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-04-27 10:52:34.086
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender 2017\active virus control\Avc3_00116_014\avcuf64.dll that did not meet the Microsoft signing level requirements.
  Date: 2017-04-27 10:38:33.070
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender 2017\active virus control\Avc3_00116_014\avcuf64.dll that did not meet the Microsoft signing level requirements.
  Date: 2017-04-27 10:35:37.434
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender 2017\active virus control\Avc3_00116_014\avcuf64.dll that did not meet the Microsoft signing level requirements.
  Date: 2017-04-27 03:42:05.376
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Red Giant Link\tools\update_installer\USERENV.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
  Date: 2017-04-26 19:01:28.885
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender 2017\active virus control\Avc3_00116_014\avcuf64.dll that did not meet the Microsoft signing level requirements.
  Date: 2017-04-26 18:52:44.768
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender 2017\active virus control\Avc3_00116_014\avcuf64.dll that did not meet the Microsoft signing level requirements.
  Date: 2017-04-26 18:14:15.236
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender 2017\active virus control\Avc3_00116_014\avcuf64.dll that did not meet the Microsoft signing level requirements.
  Date: 2017-04-26 17:42:31.966
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender 2017\active virus control\Avc3_00116_014\avcuf64.dll that did not meet the Microsoft signing level requirements.
  Date: 2017-04-26 17:32:45.667
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender 2017\active virus control\Avc3_00116_014\avcuf64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================
Processor: Intel® Core™ i7-2670QM CPU @ 2.20GHz
Percentage of memory in use: 30%
Total physical RAM: 12265.16 MB
Available physical RAM: 8583.59 MB
Total Virtual: 12265.16 MB
Available Virtual: 8523.89 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:82.95 GB) (Free:16.2 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (New Volume) (Fixed) (Total:931.51 GB) (Free:222.84 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 83.8 GB) (Disk ID: 58394586)
Partition 1: (Active) - (Size=83 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=459 MB) - (Type=27)
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: E3102A4B)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================


#8 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:44 PM

Posted 28 April 2017 - 09:03 AM

Cameron:

 

Thank you for your post.  It appears that your copy of Wondershare Ultimate Video Converter may not genuine.  Please uninstall it.  If it is legitimate, make sure that you keep a copy of the licence key for reinstallation after we have finished disinfecting your computer.

 

KMSpico, and associated files, have only one primary purpose: to defeat Microsoft Office licencing requirements.  The secondary purpose is as an attack vector for malware, as is the case with all software "cracks" and "keygens."

 

In your case, it appears from your logs that one or more of these illegal apps is responsible for your computer infections.  We will remove them first and then deal with what else they downloaded to your computer.

 

After uninstalling/deleting the Wondershare app and KMSpico files, please re-run CKScanner and provide yet another set of FRST logs.

 

I want you to please copy and paste all three logs into your next reply/replies.

 

Thank you and have a great day.

 

Regards,

-Phil

 

 


Graduate of the Bleeping Computer Malware Removal Study Hall


#9 OhSpazz

OhSpazz
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  

Posted 28 April 2017 - 10:34 AM

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\steam\steamapps\common\castlecrashers\data\sounds\sound_frost_crackle.xma
scanner sequence 3.NA.11.GWLBTA
 ----- EOF -----

 

​FRST SCAN RESULTS:

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-04-2017
Ran by owner (administrator) on OWNER-PC (28-04-2017 08:27:50)
Running from C:\Users\owner\Desktop
Loaded Profiles: owner (Available Profiles: owner & DefaultAppPool)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\vsserv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\updatesrv.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe
(Microsoft Corporation) C:\Windows\System32\SecurityHealthService.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(IObit) C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe
() C:\Program Files\pia_manager\pia_manager.exe
(Koga Tech Ltd) C:\Program Files\Controller Companion\ControllerCompanion.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.14.662.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(hxxp://www.ruby-lang.org/) C:\Users\owner\AppData\Local\Temp\ocr30E3.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_manager.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(hxxp://www.ruby-lang.org/) C:\Users\owner\AppData\Local\Temp\ocr89C1.tmp\bin\rubyw.exe
(The NWJS Community) C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe
(The NWJS Community) C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe
(The NWJS Community) C:\Program Files\pia_manager\pia_tray_bin\nw-win\pia_nw.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\bdagent.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AgileBits Inc.) C:\Users\owner\AppData\Local\1Password\app\6\AgileBits.OnePassword.Desktop.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\pia_manager\openvpn.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.3.1.204\WsAppService.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [THXCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15053944 2016-01-06] (Logitech Inc.)
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [1724024 2016-08-29] (Logitech, Inc.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-20] (CyberLink)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [28344776 2017-04-17] (Dropbox, Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\Run: [AirServer64] => C:\Program Files\App Dynamic\AirServer\AirServer.exe [6180360 2016-07-28] (App Dynamic ehf)
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\Run: [Lync] => "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe" /fromrunkey
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\Run: [iFunBox] => C:\Program Files (x86)\i-Funbox DevTeam\iFunBox_x64.exe [2783232 2015-07-27] (i-Funbox.com)
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3019552 2017-04-20] (Valve Corporation)
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3639280 2016-04-27] (Electronic Arts)
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\Run: [AirVideoServerHD] => C:\Program Files (x86)\AirVideoServer HD\AirVideoServerStarter.exe [2105144 2016-05-02] (inMethod)
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [611584 2016-03-09] (NETGEAR Inc.)
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\Run: [1Password 6] => C:\Users\owner\AppData\Local\1password\app\6\AgileBits.OnePassword.Desktop.exe [3159440 2017-04-27] (AgileBits Inc.)
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27545048 2017-03-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\Run: [Azureus] => C:\Program Files\Vuze\Azureus.exe [444552 2017-03-01] (Azureus Software, Inc)
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9363672 2017-02-07] (Piriform Ltd)
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\WLXPGSS.SCR [302448 2011-05-13] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-05-22] ()
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2017-04-27]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2017-04-27]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2011-10-18]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
InternetURL: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download Latest Office 2016 Permanent Ultimate Activator.url -> URL: hxxp://bestprosoft.com/category/download-latest-best-professional-software-2016/
Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Slack.lnk [2016-08-26]
ShortcutTarget: Slack.lnk -> C:\Users\owner\AppData\Local\slack\Update.exe ()
Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start_process.bat.lnk [2016-07-22]
ShortcutTarget: start_process.bat.lnk -> C:\Program Files (x86)\TraktForVLC\windows_batch\start_process.bat ()
BootExecute: dfboottime \??\C:\WINDOWS\System32\dfboottime.cfgautocheck autochk *
GroupPolicy: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: [S-1-5-21-2097371829-1539454751-4000040218-1000] => localhost:8031
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{38ad25ad-f374-447e-8a19-8d96d3ceeb80}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{68a19479-9cee-4744-8110-47c48d82d8d4}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{c1566a09-2b9b-47d6-8c1b-4c3e4d2a5799}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{ee521803-393f-42b0-bf5f-ce77ea13ae2f}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2016-05-23] (IObit)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-04-21] (Oracle Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-21] (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-25] (Logitech, Inc.)
FireFox:
========
FF ProfilePath: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\2yw0kolw.default-1487495640956 [2017-04-28]
FF Extension: (1Password) - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\2yw0kolw.default-1487495640956\Extensions\onepassword4@agilebits.com.xpi [2017-02-19]
FF HKLM\...\Firefox\Extensions: [bdwteffv20@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\antispam32\bdwteff
FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender 2017\antispam32\bdwteff [2017-04-26]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext [2017-01-19] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2016-10-01] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [bdwteffv20@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\antispam32\bdwteff
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll [2017-04-12] ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [2011-09-21] (Best Buy)
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-21] (Oracle Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-06-08] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-12] ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [2011-09-21] (Best Buy)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2015-08-06] (Nexon)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-06-08] (Adobe Systems)
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [737984 2016-06-03] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S3 AsusUacSvc; C:\Program Files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe [113840 2010-07-27] () [File not signed]
S3 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\57.0.2987.37\remoting_host.exe [72024 2017-02-07] (Google Inc.)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2015-06-17] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2015-06-17] (Creative Labs) [File not signed]
S3 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-06-09] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-06-09] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [48944 2017-04-17] (Dropbox, Inc.)
R2 DevMgmtService; C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe [100448 2017-04-20] (Bitdefender)
R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [498688 2011-06-14] (Red Bend Ltd.) [File not signed]
S3 ExpressVpnService; C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe [331264 2015-04-28] () [File not signed]
S2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [359200 2016-09-28] (IObit)
S3 JumpConnect; C:\Program Files (x86)\Phase Five Systems\Jump Desktop Connect\5.1.5.0\JumpConnect.exe [401240 2017-04-20] (Phase Five Systems)
S3 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193144 2016-01-06] (Logitech Inc.)
S3 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2016-03-09] (NETGEAR)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-05-02] (NVIDIA Corporation)
S3 NzbDrone; C:\ProgramData\NzbDrone\bin\nzbdrone.console.exe [25088 2017-04-06] (sonarr.tv) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2120712 2016-04-27] (Electronic Arts)
R2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [1986536 2017-04-12] (Plex, Inc.)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1230824 2017-02-22] (Bitdefender)
S3 Razer Game Manager Service; C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe [146256 2017-01-05] (Razer Inc)
S3 RzActionSvc; C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe [183168 2017-01-09] (Razer Inc.)
S3 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [252688 2017-01-17] (Razer Inc.)
S3 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
S3 tvnserver; C:\Program Files\TightVNC\tvnserver.exe [2179056 2013-07-19] (GlavSoft LLC.)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2017\updatesrv.exe [218416 2017-04-24] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2017\vsserv.exe [1424224 2017-04-24] (Bitdefender)
R2 vsservp; C:\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe [524872 2016-08-25] (Bitdefender)
R3 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1049464 2016-04-19] (Western Digital Technologies, Inc.)
R3 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [314744 2016-04-19] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [986112 2011-06-14] (Intel® Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)
S3 wlpasvc; C:\WINDOWS\System32\lpasvc.dll [1295360 2017-03-18] (Microsoft Corporation)
R3 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.3.1.204\WsAppService.exe [437392 2016-11-16] (Wondershare)
S3 WsDrvInst; C:\Program Files (x86)\KeepVid\KeepVid Music\DriverInstall.exe [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 avc3; C:\WINDOWS\System32\DRIVERS\avc3.sys [1605376 2016-09-20] (BitDefender)
R3 avckf; C:\WINDOWS\System32\DRIVERS\avckf.sys [878072 2016-09-20] (BitDefender)
S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [23672 2016-03-14] (Bitdefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [128400 2016-06-24] (BitDefender LLC)
R1 BDVEDISK; C:\WINDOWS\system32\DRIVERS\bdvedisk.sys [87912 2015-12-04] (BitDefender)
R3 Btcsrusb; C:\WINDOWS\System32\Drivers\btcusb.sys [53776 2016-06-13] (IVT Corporation.)
S3 clwvd6; C:\WINDOWS\system32\DRIVERS\clwvd6.sys [41400 2015-08-31] (CyberLink Corporation)
S3 clwvd7; C:\WINDOWS\system32\DRIVERS\clwvd7.sys [42968 2015-03-24] (CyberLink Corporation)
S3 CySmb; C:\WINDOWS\System32\drivers\cysmb.sys [10752 2016-01-16] (Cypress Semiconductor, Inc.) [File not signed]
S3 EagleX64; C:\WINDOWS\system32\drivers\EagleX64.sys [174728 2015-10-12] (AhnLab, Inc.)
R3 FLxHCIh; C:\WINDOWS\System32\drivers\FLxHCIh.sys [77040 2012-11-07] (Fresco Logic)
R0 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [182944 2016-10-29] (BitDefender LLC)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-09-11] (REALiX™)
S3 iaLPSS2i_GPIO2_BXT_P; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [85504 2017-03-18] (Intel Corporation)
S3 iaLPSS2i_I2C_BXT_P; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [168448 2017-03-18] (Intel Corporation)
R0 ignis; C:\WINDOWS\system32\DRIVERS\ignis.sys [305120 2017-03-20] (Bitdefender)
R3 kbfiltr; C:\WINDOWS\System32\drivers\kbfiltr.sys [15416 2009-07-20] ( )
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [68384 2015-06-10] (Logitech Inc.)
S3 lgLowAudio; C:\WINDOWS\system32\drivers\lgLowAudio.sys [26264 2015-11-20] (Logitech Inc.)
S3 libusb0; C:\WINDOWS\System32\drivers\libusb0.sys [32808 2009-03-18] (hxxp://libusb-win32.sourceforge.net) [File not signed]
S3 libusb0; C:\Windows\SysWOW64\drivers\libusb0.sys [16896 2007-03-20] (hxxp://libusb-win32.sourceforge.net) [File not signed]
R3 NETwNe64; C:\WINDOWS\System32\drivers\NETwew00.sys [3352336 2016-01-16] (Intel Corporation)
R2 NPF; C:\WINDOWS\system32\drivers\npf.sys [35344 2016-10-17] (CACE Technologies, Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_07462d9384409609\nvlddmkm.sys [14249416 2016-10-31] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-05-02] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [46016 2017-01-18] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [955424 2017-01-18] (Realtek                                            )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [418784 2016-10-31] (Realsil Semiconductor Corporation)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [137840 2016-06-01] (Razer, Inc.)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [520032 2016-06-22] (BitDefender S.R.L.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
U3 dmwappushsvc; no ImagePath
U3 idsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
NETSVCx32: TokenBroker -> C:\Windows\SysWOW64\TokenBroker.dll (Microsoft Corporation)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-28 08:27 - 2017-04-28 08:28 - 00030060 _____ C:\Users\owner\Desktop\FRST.txt
2017-04-28 08:26 - 2017-04-28 08:26 - 00000225 _____ C:\Users\owner\Desktop\ckfiles.txt
2017-04-27 11:15 - 2017-04-27 11:15 - 02427392 _____ (Farbar) C:\Users\owner\Desktop\FRST64.exe
2017-04-27 11:15 - 2017-04-27 11:15 - 00000000 ____D C:\Users\owner\Desktop\FRST-OlderVersion
2017-04-27 11:07 - 2017-04-27 11:07 - 00008192 _____ C:\WINDOWS\SysWOW64\WDPABKP.dat
2017-04-27 11:04 - 2017-04-27 11:04 - 00000000 ____D C:\Users\owner\AppData\Local\PackageAware
2017-04-27 11:04 - 2017-04-27 11:04 - 00000000 ____D C:\ProgramData\Best Buy pc app
2017-04-27 11:02 - 2017-04-27 11:02 - 00468480 _____ () C:\Users\owner\Desktop\CKScanner.exe
2017-04-27 10:51 - 2017-04-27 10:51 - 00086358 _____ C:\ProgramData\cl.1493315466.bdinstall.bin
2017-04-26 17:48 - 2017-04-28 08:27 - 00000000 ____D C:\FRST
2017-04-26 17:32 - 2017-04-26 17:32 - 00007749 _____ C:\Users\owner\Desktop\AdwCleaner[C0].txt
2017-04-26 17:26 - 2017-04-26 17:29 - 00000000 ____D C:\AdwCleaner
2017-04-26 16:18 - 2017-04-26 16:18 - 00001477 _____ C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\1Password 6.lnk
2017-04-26 16:04 - 2017-04-26 16:04 - 00040612 _____ C:\ProgramData\dm.update.1493247873.bdinstall.bin
2017-04-26 12:40 - 2017-04-26 12:40 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2017-04-26 12:01 - 2017-04-26 12:01 - 00000000 ____D C:\Program Files\Malwarebytes
2017-04-26 11:40 - 2017-04-03 09:56 - 00835576 ____N (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-04-26 11:40 - 2017-04-03 09:56 - 00177656 ____N (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-04-26 11:36 - 2017-04-26 11:36 - 00000258 __RSH C:\ProgramData\ntuser.pol
2017-04-26 11:35 - 2017-04-26 11:35 - 00103424 _____ C:\WINDOWS\system32\dfboottime.exe
2017-04-26 11:35 - 2017-04-26 11:35 - 00000871 _____ C:\WINDOWS\system32\dfboottime.cfg
2017-04-26 08:04 - 2017-04-26 08:05 - 00000000 ____D C:\Program Files\Defraggler
2017-04-26 08:04 - 2017-04-26 08:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
2017-04-25 22:27 - 2017-04-25 22:27 - 23680512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 21353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 20506112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 20374424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 19335168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 11870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 08321440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-04-25 22:27 - 2017-04-25 22:27 - 08246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 06296064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 04848440 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-04-25 22:27 - 2017-04-25 22:27 - 04446208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 02859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 02651648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 02635336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 02435584 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 02298880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 02158544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 02077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-04-25 22:27 - 2017-04-25 22:27 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-04-25 22:27 - 2017-04-25 22:27 - 01885696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 01803264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 01657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 01628160 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 01627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 01605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 01604312 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 01600512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 01583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 01518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 01506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 01463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 01433600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 01356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 01323880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 01320352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 01295872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 01291776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 01269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-04-25 22:27 - 2017-04-25 22:27 - 01257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 01242624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00986592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00974848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaserver.exe
2017-04-25 22:27 - 2017-04-25 22:27 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00805376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-04-25 22:27 - 2017-04-25 22:27 - 00750080 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00741784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00716440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-04-25 22:27 - 2017-04-25 22:27 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00673112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-04-25 22:27 - 2017-04-25 22:27 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-04-25 22:27 - 2017-04-25 22:27 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-04-25 22:27 - 2017-04-25 22:27 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-04-25 22:27 - 2017-04-25 22:27 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00387416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-04-25 22:27 - 2017-04-25 22:27 - 00364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsDocumentTargetPrint.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-04-25 22:27 - 2017-04-25 22:27 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsDocumentTargetPrint.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-04-25 22:27 - 2017-04-25 22:27 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00206232 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00105456 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00095584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvps.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-04-25 22:27 - 2017-04-25 22:27 - 00000000 ____D C:\Windows.old
2017-04-25 22:26 - 2017-04-25 22:26 - 06761048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 05477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 04469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-04-25 22:26 - 2017-04-25 22:26 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 03672064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-04-25 22:26 - 2017-04-25 22:26 - 02957824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-04-25 22:26 - 2017-04-25 22:26 - 02444184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-04-25 22:26 - 2017-04-25 22:26 - 02443776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 02085280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-04-25 22:26 - 2017-04-25 22:26 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 01760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 01611776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 01411640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 01285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 01147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-04-25 22:26 - 2017-04-25 22:26 - 01103872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 01074688 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 01024416 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-04-25 22:26 - 2017-04-25 22:26 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaserver.exe
2017-04-25 22:26 - 2017-04-25 22:26 - 00712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-04-25 22:26 - 2017-04-25 22:26 - 00667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 00651680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-04-25 22:26 - 2017-04-25 22:26 - 00626520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-04-25 22:26 - 2017-04-25 22:26 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 00524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 00523296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-04-25 22:26 - 2017-04-25 22:26 - 00409504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-04-25 22:26 - 2017-04-25 22:26 - 00392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-04-25 22:26 - 2017-04-25 22:26 - 00354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 00311192 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Preview.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 00142240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-04-25 22:26 - 2017-04-25 22:26 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2017-04-25 22:26 - 2017-04-25 22:26 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 00038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-04-25 22:26 - 2017-04-25 22:26 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-04-25 22:26 - 2017-04-25 22:26 - 00032004 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-04-25 22:26 - 2017-04-25 22:26 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-04-25 22:25 - 2017-04-25 22:25 - 00543648 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-04-25 22:25 - 2017-04-25 22:25 - 00388000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-04-25 22:25 - 2017-04-25 21:30 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2017-04-25 22:24 - 2017-04-25 22:24 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2017-04-25 22:24 - 2017-04-25 22:24 - 00000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2017-04-25 22:24 - 2017-04-25 22:24 - 00000000 ____D C:\WINDOWS\system32\msmq
2017-04-25 22:24 - 2017-04-25 22:24 - 00000000 ____D C:\WINDOWS\system32\BestPractices
2017-04-25 22:24 - 2017-04-25 22:24 - 00000000 ____D C:\Program Files\Reference Assemblies
2017-04-25 22:24 - 2017-04-25 22:24 - 00000000 ____D C:\Program Files\MSBuild
2017-04-25 22:24 - 2017-04-25 22:24 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-04-25 22:24 - 2017-04-25 22:24 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-04-25 22:24 - 2017-04-25 22:24 - 00000000 ____D C:\inetpub
2017-04-25 22:23 - 2017-02-10 12:26 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-04-25 22:23 - 2017-02-10 12:26 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-04-25 22:23 - 2017-02-10 12:26 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-04-25 22:23 - 2017-02-10 12:21 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2017-04-25 22:23 - 2017-02-10 12:21 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-04-25 22:23 - 2017-02-10 12:21 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2017-04-25 22:04 - 2017-04-25 22:04 - 00002409 _____ C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-04-25 22:04 - 2017-04-25 22:04 - 00000000 ____D C:\Users\owner\AppData\Local\DBG
2017-04-25 22:04 - 2017-04-25 22:04 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2017-04-25 22:02 - 2017-04-25 22:02 - 00000020 ___SH C:\Users\owner\ntuser.ini
2017-04-25 21:48 - 2017-04-25 21:48 - 00000000 ____D C:\ProgramData\USOShared
2017-04-25 21:43 - 2017-04-25 21:43 - 00000000 _SHDL C:\Users\Default\My Documents
2017-04-25 21:41 - 2017-04-25 21:42 - 00011433 _____ C:\WINDOWS\diagwrn.xml
2017-04-25 21:41 - 2017-04-25 21:42 - 00011433 _____ C:\WINDOWS\diagerr.xml
2017-04-25 21:40 - 2017-04-28 08:18 - 00004154 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{06D40BE4-AC98-49A5-B531-417442DE378C}
2017-04-25 21:40 - 2017-04-27 11:06 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-04-25 21:40 - 2017-04-26 11:45 - 00004392 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-04-25 21:40 - 2017-04-26 11:45 - 00003970 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2017-04-25 21:40 - 2017-04-26 11:45 - 00003800 _____ C:\WINDOWS\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2017-04-25 21:40 - 2017-04-26 11:45 - 00003738 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2017-04-25 21:40 - 2017-04-26 11:45 - 00003728 _____ C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-cameron_breon@hotmail.com
2017-04-25 21:40 - 2017-04-26 11:45 - 00003264 _____ C:\WINDOWS\System32\Tasks\Adobe Uninstaller
2017-04-25 21:40 - 2017-04-26 11:45 - 00003080 _____ C:\WINDOWS\System32\Tasks\ASUS SmartLogon Console Sensor
2017-04-25 21:40 - 2017-04-26 11:45 - 00003034 _____ C:\WINDOWS\System32\Tasks\ATKOSD2
2017-04-25 21:40 - 2017-04-26 11:44 - 00003280 _____ C:\WINDOWS\System32\Tasks\ASUS Patch 10430001
2017-04-25 21:40 - 2017-04-26 11:44 - 00003110 _____ C:\WINDOWS\System32\Tasks\ACMON
2017-04-25 21:40 - 2017-04-26 11:44 - 00003090 _____ C:\WINDOWS\System32\Tasks\ASUS P4G
2017-04-25 21:40 - 2017-04-25 21:40 - 00003344 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-25 21:40 - 2017-04-25 21:40 - 00003120 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-25 21:40 - 2017-04-25 21:40 - 00002688 _____ C:\WINDOWS\System32\Tasks\SmartDefrag_AutoAnalyze
2017-04-25 21:40 - 2017-04-25 21:40 - 00002586 _____ C:\WINDOWS\System32\Tasks\Plex VPN Bypass
2017-04-25 21:40 - 2017-04-25 21:40 - 00002496 _____ C:\WINDOWS\System32\Tasks\Private Internet Access Startup
2017-04-25 21:40 - 2017-04-25 21:40 - 00002450 _____ C:\WINDOWS\System32\Tasks\SmartDefrag_Startup
2017-04-25 21:40 - 2017-04-25 21:40 - 00002450 _____ C:\WINDOWS\System32\Tasks\IObitSelfCheckTask
2017-04-25 21:40 - 2017-04-25 21:40 - 00002446 _____ C:\WINDOWS\System32\Tasks\SmartDefrag_Update
2017-04-25 21:40 - 2017-04-25 21:40 - 00002388 _____ C:\WINDOWS\System32\Tasks\Bitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C
2017-04-25 21:40 - 2017-04-25 21:40 - 00002346 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_ListenToDevice
2017-04-25 21:40 - 2017-04-25 21:40 - 00002280 _____ C:\WINDOWS\System32\Tasks\RTKCPL
2017-04-25 21:40 - 2017-04-25 21:40 - 00002230 _____ C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_owner
2017-04-25 21:40 - 2017-04-25 21:40 - 00002220 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-04-25 21:40 - 2017-04-25 21:40 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2017-04-25 21:40 - 2017-04-25 21:40 - 00000000 ____D C:\WINDOWS\System32\Tasks\Western Digital
2017-04-25 21:40 - 2017-04-25 21:40 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2017-04-25 21:36 - 2017-04-25 21:36 - 00001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-04-25 21:33 - 2017-04-25 21:33 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2017-04-25 21:32 - 2017-04-26 13:02 - 00000000 ____D C:\Users\owner
2017-04-25 21:32 - 2017-04-26 12:40 - 00000000 ____D C:\Users\DefaultAppPool
2017-04-25 21:32 - 2017-04-25 21:37 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-04-25 21:32 - 2017-04-25 21:32 - 00000000 _SHDL C:\Users\owner\My Documents
2017-04-25 21:32 - 2017-04-25 21:32 - 00000000 _SHDL C:\Users\DefaultAppPool\My Documents
2017-04-25 21:32 - 2017-03-18 13:56 - 02233344 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-04-25 21:31 - 2017-04-27 11:13 - 01195048 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-04-25 21:31 - 2017-04-25 21:33 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-04-25 21:31 - 2017-04-25 21:33 - 00000000 ____D C:\ProgramData\NVIDIA
2017-04-25 21:31 - 2017-04-25 21:33 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-04-25 21:31 - 2017-04-25 21:31 - 00975864 ____N C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2017-04-25 21:31 - 2017-04-25 21:31 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-04-25 21:31 - 2017-04-25 21:31 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2017-04-25 21:31 - 2017-04-25 21:31 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_bpusb_01007.Wdf
2017-04-25 21:31 - 2017-04-25 21:31 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2017-04-25 21:31 - 2017-04-25 21:31 - 00000000 ____D C:\Program Files\Synaptics
2017-04-25 21:31 - 2016-10-01 12:53 - 07422645 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-04-25 21:31 - 2016-10-01 12:53 - 06385720 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-04-25 21:31 - 2016-10-01 12:53 - 02473408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-04-25 21:31 - 2016-10-01 12:53 - 01762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-04-25 21:31 - 2016-10-01 12:53 - 01364024 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2017-04-25 21:31 - 2016-10-01 12:53 - 00546752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-04-25 21:31 - 2016-10-01 12:53 - 00393784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-04-25 21:31 - 2016-10-01 12:53 - 00081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-04-25 21:31 - 2016-10-01 12:53 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-04-25 21:30 - 2017-04-27 10:35 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-04-25 21:30 - 2017-04-26 11:36 - 05024592 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-04-25 21:30 - 2017-04-25 21:30 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_bpenum_01007.Wdf
2017-04-25 21:30 - 2017-04-25 21:30 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-04-25 21:30 - 2017-04-25 21:30 - 00000000 ____D C:\Program Files\Realtek
2017-04-25 21:08 - 2016-03-25 14:33 - 00128288 _____ (IObit) C:\WINDOWS\system32\IObitSmartDefragExtension.dll
2017-04-25 20:59 - 2017-03-18 14:38 - 00395220 __RSH C:\bootmgr
2017-04-25 20:59 - 2017-03-18 14:38 - 00000001 ___SH C:\BOOTNXT
2017-04-25 20:55 - 2017-04-25 21:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag
2017-04-25 20:55 - 2016-03-22 11:02 - 00036824 _____ (IObit) C:\WINDOWS\system32\SmartDefragBootTime.exe
2017-04-25 20:48 - 2017-04-25 22:02 - 00000000 ___DC C:\WINDOWS\Panther
2017-04-25 20:48 - 2017-04-25 20:55 - 00000000 ___HD C:\$WINDOWS.~BT
2017-04-25 20:46 - 2017-04-25 20:48 - 00000036 _____ C:\WINDOWS\progress.ini
2017-04-25 20:39 - 2017-04-25 22:02 - 00000000 ___HD C:\$GetCurrent
2017-04-25 20:39 - 2017-04-25 22:02 - 00000000 ____D C:\Windows10Upgrade
2017-04-25 20:39 - 2017-04-25 20:39 - 00000753 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Upgrade Assistant.lnk
2017-04-22 05:47 - 2017-04-22 05:47 - 00001452 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jump Desktop Connect.lnk
2017-04-21 14:57 - 2017-04-21 14:57 - 00000000 ____D C:\Users\owner\AppData\Roaming\Google
2017-04-21 14:57 - 2017-04-21 14:56 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2017-04-20 13:26 - 2017-04-25 21:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-04-18 10:31 - 2017-04-18 10:31 - 00004608 _____ C:\WINDOWS\SECOH-QAD.exe
2017-04-18 10:31 - 2017-04-18 10:31 - 00003584 _____ C:\WINDOWS\SECOH-QAD.dll
2017-04-17 10:48 - 2017-04-25 21:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
2017-04-17 10:48 - 2017-04-17 10:48 - 00000000 ____D C:\Program Files (x86)\Plex
2017-04-17 08:14 - 2017-04-17 08:14 - 00048944 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-04-13 13:48 - 2017-03-27 22:37 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DdcWnsListener.dll
2017-04-13 13:48 - 2017-03-27 22:28 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-04-02 13:53 - 2017-04-02 13:53 - 00000000 ____D C:\Users\owner\AppData\Roaming\ImgBurn
2017-04-02 13:52 - 2017-04-25 21:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
2017-04-02 13:52 - 2017-04-02 13:52 - 00001952 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
2017-04-02 13:52 - 2017-04-02 13:52 - 00000000 ____D C:\Program Files (x86)\ImgBurn
2017-04-02 13:03 - 2017-04-25 20:53 - 00000000 ____D C:\ProgramData\Freemake
2017-04-02 13:03 - 2017-04-02 13:03 - 00000000 ____D C:\Users\owner\AppData\Roaming\dvdcss
2017-04-02 13:03 - 2017-04-02 13:03 - 00000000 ____D C:\Users\owner\AppData\Local\FreemakeVideoConverter
2017-04-02 12:47 - 2017-04-02 12:47 - 00000000 ____D C:\Users\owner\AppData\Roaming\HandBrake Team
2017-04-01 02:14 - 2016-11-10 15:20 - 00000232 ____N C:\WINDOWS\SysWOW64\dllhost.exe.config
2017-04-01 02:12 - 2015-02-27 14:38 - 00721263 ____N () C:\WINDOWS\SysWOW64\WSCM64.dll
2017-04-01 01:48 - 2017-04-25 21:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-04-01 01:48 - 2017-04-21 14:57 - 00000000 ____D C:\Program Files\Java
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-28 08:23 - 2016-04-21 10:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2
2017-04-28 08:22 - 2016-06-02 08:10 - 00000000 ____D C:\ProgramData\Wondershare
2017-04-28 08:22 - 2016-06-02 08:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2017-04-28 08:22 - 2016-06-02 08:10 - 00000000 ____D C:\Program Files (x86)\Wondershare
2017-04-28 07:43 - 2016-01-16 14:57 - 00000000 ____D C:\Program Files\Bitdefender Agent
2017-04-28 00:28 - 2017-03-18 14:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-04-28 00:28 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-04-27 11:07 - 2015-09-18 13:06 - 00000000 ____D C:\Users\owner\AppData\Roaming\Azureus
2017-04-27 11:06 - 2017-03-18 04:40 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-04-27 11:06 - 2016-10-31 05:04 - 00000000 ____D C:\Users\owner\AppData\Local\ConnectedDevicesPlatform
2017-04-27 11:06 - 2016-01-16 15:04 - 00103745 _____ C:\bdlog.txt
2017-04-27 11:04 - 2016-01-21 21:40 - 00000000 ____D C:\Users\owner\AppData\Local\FluxSoftware
2017-04-27 11:03 - 2011-10-18 10:29 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2017-04-27 11:03 - 2011-10-18 10:29 - 00000000 ____D C:\Program Files (x86)\Windows Live
2017-04-27 11:02 - 2015-06-17 21:43 - 00000000 ____D C:\Program Files (x86)\CyberLink
2017-04-27 11:02 - 2015-06-17 21:31 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-04-27 11:01 - 2016-09-25 14:15 - 00000000 ____D C:\Users\owner\AppData\Roaming\Wondershare
2017-04-27 11:01 - 2016-03-16 09:24 - 00000000 ____D C:\Program Files (x86)\Kakao
2017-04-27 11:00 - 2016-09-25 14:15 - 00000000 ____D C:\Users\owner\.android
2017-04-27 11:00 - 2016-03-29 13:32 - 00000000 ____D C:\Program Files\Blender Foundation
2017-04-27 10:56 - 2016-01-16 09:55 - 00000000 ____D C:\Program Files (x86)\IObit
2017-04-27 10:55 - 2016-01-16 09:55 - 00000000 ____D C:\ProgramData\ProductData
2017-04-27 10:54 - 2011-10-18 10:18 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-04-27 10:53 - 2017-03-18 14:03 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-04-27 05:27 - 2017-03-18 14:01 - 00000000 ____D C:\WINDOWS\INF
2017-04-26 17:29 - 2016-01-16 09:55 - 00000000 ____D C:\Users\owner\AppData\LocalLow\IObit
2017-04-26 16:05 - 2016-02-13 12:37 - 00000000 ____D C:\Users\owner\AppData\Local\Plex Media Server
2017-04-26 16:05 - 2015-08-29 03:40 - 00000000 ____D C:\Users\owner\AppData\Local\Google
2017-04-26 16:05 - 2015-08-29 03:40 - 00000000 ____D C:\Program Files (x86)\Google
2017-04-26 15:52 - 2017-03-18 14:03 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2017-04-26 15:52 - 2017-03-18 14:03 - 00000000 ___RD C:\WINDOWS\Offline Web Pages
2017-04-26 15:16 - 2011-10-18 10:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2017-04-26 15:16 - 2011-10-18 10:32 - 00000000 ____D C:\Program Files (x86)\ASUS
2017-04-26 12:15 - 2016-01-16 09:55 - 00000000 ____D C:\Users\owner\AppData\Roaming\IObit
2017-04-26 12:15 - 2016-01-16 09:55 - 00000000 ____D C:\ProgramData\IObit
2017-04-26 12:15 - 2015-08-29 03:29 - 00000924 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2017-04-26 12:15 - 2015-08-29 03:29 - 00000920 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2017-04-26 12:14 - 2016-08-04 23:55 - 00000000 ____D C:\Users\owner\AppData\Local\Spotify
2017-04-26 12:13 - 2016-11-01 02:14 - 00000000 ____D C:\ProgramData\NzbDrone
2017-04-26 11:40 - 2017-03-18 13:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-04-26 11:37 - 2016-08-04 23:54 - 00000000 ____D C:\Users\owner\AppData\Roaming\Spotify
2017-04-26 08:21 - 2016-02-17 09:56 - 00000000 ____D C:\ProgramData\TechSmith
2017-04-26 08:21 - 2016-02-17 09:56 - 00000000 ____D C:\Program Files (x86)\QuickTime
2017-04-26 08:20 - 2016-03-08 18:50 - 00000000 ____D C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-04-26 08:20 - 2016-03-08 18:47 - 00000000 ____D C:\Program Files (x86)\Steam
2017-04-26 08:14 - 2016-01-16 08:52 - 00000000 ____D C:\Users\owner\AppData\Roaming\Stardock
2017-04-26 08:13 - 2016-01-16 08:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
2017-04-26 03:45 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\appcompat
2017-04-26 02:00 - 2015-06-17 22:33 - 00000000 ____D C:\Users\owner\AppData\Local\Adobe
2017-04-25 22:29 - 2017-03-18 14:03 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-04-25 22:27 - 2017-03-18 14:06 - 00000000 ____D C:\WINDOWS\Setup
2017-04-25 22:27 - 2017-03-18 14:03 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-04-25 22:27 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\SysWOW64\F12
2017-04-25 22:27 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-04-25 22:27 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-04-25 22:27 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-04-25 22:27 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-04-25 22:27 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\Provisioning
2017-04-25 22:27 - 2017-03-18 14:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-04-25 22:27 - 2017-03-18 14:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-04-25 22:27 - 2017-03-18 04:40 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-04-25 22:24 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2017-04-25 22:23 - 2017-03-18 13:59 - 00611840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqsnap.dll
2017-04-25 22:23 - 2017-03-18 13:59 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqutil.dll
2017-04-25 22:23 - 2017-03-18 13:59 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.dll
2017-04-25 22:23 - 2017-03-18 13:59 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2017-04-25 22:23 - 2017-03-18 13:59 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2017-04-25 22:23 - 2017-03-18 13:59 - 00156160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqrt.dll
2017-04-25 22:23 - 2017-03-18 13:59 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.tlb
2017-04-25 22:23 - 2017-03-18 13:59 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa30.tlb
2017-04-25 22:23 - 2017-03-18 13:59 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa20.tlb
2017-04-25 22:23 - 2017-03-18 13:59 - 00054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2017-04-25 22:23 - 2017-03-18 13:59 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2017-04-25 22:23 - 2017-03-18 13:59 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2017-04-25 22:23 - 2017-03-18 13:59 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa10.tlb
2017-04-25 22:23 - 2017-03-18 13:59 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2017-04-25 22:23 - 2017-03-18 13:59 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2017-04-25 22:23 - 2017-03-18 13:59 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2017-04-25 22:23 - 2017-03-18 13:59 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2017-04-25 22:23 - 2017-03-18 13:59 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqcertui.dll
2017-04-25 22:23 - 2017-03-18 13:59 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\cngkeyhelper.dll
2017-04-25 22:23 - 2017-03-18 13:59 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2017-04-25 22:23 - 2017-03-18 13:59 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2017-04-25 22:23 - 2017-03-18 13:59 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cngkeyhelper.dll
2017-04-25 22:23 - 2017-03-18 13:59 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2017-04-25 22:23 - 2017-03-18 13:59 - 00009096 _____ C:\WINDOWS\SysWOW64\msmqtrc.mof
2017-04-25 22:23 - 2017-03-18 13:56 - 01380352 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll
2017-04-25 22:23 - 2017-03-18 13:56 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsnap.dll
2017-04-25 22:23 - 2017-03-18 13:56 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqutil.dll
2017-04-25 22:23 - 2017-03-18 13:56 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.dll
2017-04-25 22:23 - 2017-03-18 13:56 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqrt.dll
2017-04-25 22:23 - 2017-03-18 13:56 - 00177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys
2017-04-25 22:23 - 2017-03-18 13:56 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqlogmgr.dll
2017-04-25 22:23 - 2017-03-18 13:56 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.tlb
2017-04-25 22:23 - 2017-03-18 13:56 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa30.tlb
2017-04-25 22:23 - 2017-03-18 13:56 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa20.tlb
2017-04-25 22:23 - 2017-03-18 13:56 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqbkup.exe
2017-04-25 22:23 - 2017-03-18 13:56 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa10.tlb
2017-04-25 22:23 - 2017-03-18 13:56 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
2017-04-25 22:23 - 2017-03-18 13:56 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcertui.dll
2017-04-25 22:23 - 2017-03-18 13:56 - 00009096 _____ C:\WINDOWS\system32\msmqtrc.mof
2017-04-25 22:18 - 2015-08-05 21:45 - 00000000 ____D C:\Users\owner\AppData\Local\Packages
2017-04-25 22:04 - 2015-08-05 21:46 - 00000000 ___RD C:\Users\owner\OneDrive
2017-04-25 22:02 - 2017-03-18 14:03 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-04-25 22:02 - 2015-08-05 21:45 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-04-25 21:48 - 2017-03-18 14:03 - 00000000 ____D C:\ProgramData\USOPrivate
2017-04-25 21:42 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-04-25 21:40 - 2017-03-18 19:31 - 00000000 ____D C:\WINDOWS\HoloShell
2017-04-25 21:40 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\Registration
2017-04-25 21:40 - 2015-08-05 21:44 - 00022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-04-25 21:39 - 2017-03-18 14:03 - 00000000 __RSD C:\WINDOWS\Media
2017-04-25 21:39 - 2017-03-18 14:03 - 00000000 __RHD C:\Users\Public\Libraries
2017-04-25 21:39 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-04-25 21:37 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-04-25 21:37 - 2017-03-18 04:40 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-04-25 21:37 - 2016-10-31 04:51 - 00000000 ____D C:\Program Files\Common Files\logishrd
2017-04-25 21:37 - 2016-06-03 10:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat
2017-04-25 21:37 - 2016-05-30 02:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\vShare Helper
2017-04-25 21:37 - 2016-05-15 21:13 - 00000000 ____D C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Private Internet Access
2017-04-25 21:37 - 2016-05-12 21:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Air Video Server HD
2017-04-25 21:37 - 2016-05-03 10:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2017-04-25 21:37 - 2016-05-02 11:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TightVNC
2017-04-25 21:37 - 2016-04-14 16:12 - 00000000 ____D C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TransMac
2017-04-25 21:37 - 2016-03-25 09:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cygwin
2017-04-25 21:37 - 2016-03-15 10:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2017-04-25 21:37 - 2016-03-08 18:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2017-04-25 21:37 - 2016-03-01 22:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2017-04-25 21:37 - 2016-02-23 12:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bulk Rename Utility
2017-04-25 21:37 - 2016-02-23 12:01 - 00000000 ____D C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
2017-04-25 21:37 - 2016-02-23 12:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
2017-04-25 21:37 - 2016-02-23 11:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LameXP v4.13
2017-04-25 21:37 - 2016-02-22 12:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\i-Funbox DevTeam
2017-04-25 21:37 - 2016-01-22 17:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-04-25 21:37 - 2016-01-16 14:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2017-04-25 21:37 - 2016-01-12 16:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExpressVPN
2017-04-25 21:37 - 2015-10-12 10:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2017-04-25 21:37 - 2015-09-22 03:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bonjour Print Services
2017-04-25 21:37 - 2015-09-10 22:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Red Giant
2017-04-25 21:37 - 2015-09-10 22:15 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-04-25 21:37 - 2015-08-29 00:05 - 00000000 ____D C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-04-25 21:37 - 2015-08-29 00:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-04-25 21:37 - 2015-06-17 21:44 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Media Suite
2017-04-25 21:37 - 2015-06-17 21:31 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2017-04-25 21:37 - 2015-06-17 21:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility
2017-04-25 21:37 - 2011-10-18 10:31 - 00000000 ____D C:\WINDOWS\en
2017-04-25 21:37 - 2011-10-18 10:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-04-25 21:33 - 2017-03-24 09:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-04-25 21:33 - 2017-03-18 14:03 - 00000000 __SHD C:\Program Files\Windows Sidebar
2017-04-25 21:33 - 2017-03-18 14:03 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2017-04-25 21:33 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-04-25 21:33 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2017-04-25 21:33 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-04-25 21:33 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\system32\spool
2017-04-25 21:33 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-04-25 21:33 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-04-25 21:33 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\system32\IME
2017-04-25 21:33 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\schemas
2017-04-25 21:33 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-04-25 21:33 - 2017-03-18 14:03 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-04-25 21:33 - 2017-02-22 08:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TunesKit for Windows
2017-04-25 21:33 - 2017-02-07 04:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-04-25 21:33 - 2017-02-05 14:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2017
2017-04-25 21:33 - 2016-11-01 02:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sonarr
2017-04-25 21:33 - 2016-10-31 05:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
2017-04-25 21:33 - 2016-10-17 06:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TakeOwnershipEx
2017-04-25 21:33 - 2016-08-06 18:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2017-04-25 21:33 - 2016-08-06 00:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AirServer Universal (x64)
2017-04-25 21:33 - 2016-07-06 15:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2017-04-25 21:33 - 2016-05-12 14:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
2017-04-25 21:33 - 2016-03-25 17:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2017-04-25 21:33 - 2016-03-25 09:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cygwin-X
2017-04-25 21:33 - 2016-02-28 20:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMazing
2017-04-25 21:33 - 2015-08-06 08:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon
2017-04-25 21:33 - 2015-06-17 21:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio
2017-04-25 21:33 - 2015-06-17 21:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
2017-04-25 21:33 - 2015-06-17 21:35 - 00000000 ____D C:\Program Files\Intel
2017-04-25 21:33 - 2013-06-19 12:15 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-04-25 21:33 - 2011-02-18 13:08 - 00000000 ____D C:\WINDOWS\system32\SPReview
2017-04-25 21:33 - 2011-02-18 12:48 - 00000000 ____D C:\WINDOWS\system32\EventProviders
2017-04-25 21:33 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files\Microsoft Games
2017-04-25 21:32 - 2017-03-22 02:43 - 00000000 ____D C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2017-04-25 21:32 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2017-04-25 21:32 - 2017-02-21 10:49 - 00000000 ____D C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileBot
2017-04-25 21:32 - 2017-01-17 01:33 - 00000000 ____D C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nexon
2017-04-25 21:32 - 2016-11-01 02:27 - 00000000 ____D C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Novaroma
2017-04-25 21:32 - 2016-11-01 01:49 - 00000000 ____D C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Alagorn
2017-04-25 21:32 - 2016-08-29 16:15 - 00000000 ____D C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wunderlist
2017-04-25 21:32 - 2016-07-21 06:16 - 00000000 ____D C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 2.7
2017-04-25 21:32 - 2016-02-16 03:08 - 00000000 ____D C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sling
2017-04-25 21:32 - 2016-01-24 09:11 - 00000000 ____D C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
2017-04-25 21:32 - 2015-10-14 23:10 - 00000000 ____D C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Slack Technologies
2017-04-25 21:32 - 2009-07-13 20:20 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-04-25 21:31 - 2017-03-18 14:03 - 00000000 ____D C:\WINDOWS\Help
2017-04-25 21:31 - 2017-03-18 04:40 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-04-25 20:59 - 2009-07-28 23:03 - 00008192 __RSH C:\BOOTSECT.BAK
2017-04-25 20:40 - 2015-08-29 03:30 - 00000000 ___RD C:\Users\owner\Dropbox
2017-04-23 21:46 - 2016-03-13 11:10 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-04-21 14:57 - 2016-03-01 20:47 - 00000000 ____D C:\ProgramData\Oracle
2017-04-20 13:26 - 2015-08-29 03:29 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-04-17 10:48 - 2015-08-06 18:34 - 00000000 ____D C:\ProgramData\Package Cache
2017-04-14 11:55 - 2016-06-13 16:52 - 00000000 ____D C:\ProgramData\Wondershare Video Converter Ultimate
2017-04-14 06:41 - 2013-06-19 12:15 - 148601744 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-04-02 21:56 - 2016-05-03 10:25 - 00000000 ____D C:\Users\owner\AppData\Roaming\vlc
2017-04-02 21:48 - 2016-03-01 22:06 - 00000000 ____D C:\Program Files (x86)\Java
2017-03-30 05:09 - 2016-06-13 16:54 - 00000000 ____D C:\Users\owner\AppData\Roaming\Wondershare Video Converter Ultimate
==================== Files in the root of some directories =======
2016-04-28 00:00 - 2016-04-28 10:44 - 0000033 _____ () C:\Users\owner\AppData\Roaming\AdobeWLCMCache.dat
2016-01-15 20:05 - 2016-07-01 20:52 - 0000600 _____ () C:\Users\owner\AppData\Roaming\winscp.rnd
2016-03-01 21:33 - 2016-03-01 22:38 - 0000600 _____ () C:\Users\owner\AppData\Local\PUTTY.RND
2016-05-24 17:11 - 2015-12-28 09:48 - 0023856 _____ () C:\Users\owner\AppData\Local\Z@!-eb7e14c6-0374-425d-97d7-7f8fee4f9e21.tmp
2016-05-24 17:35 - 2015-12-28 09:48 - 0022832 _____ () C:\Users\owner\AppData\Local\Z@S!-8e034aa6-52c5-41e7-9d16-438b623fecfc.tmp
2017-02-05 14:18 - 2017-02-05 14:18 - 0219150 _____ () C:\ProgramData\1486329465.bdinstall.bin
2017-03-02 04:48 - 2017-03-02 04:48 - 0029975 _____ () C:\ProgramData\agent.update.1488455290.bdinstall.bin
2017-02-05 14:23 - 2017-02-05 14:23 - 0378798 _____ () C:\ProgramData\cl.1486329579.bdinstall.bin
2017-04-27 10:51 - 2017-04-27 10:51 - 0086358 _____ () C:\ProgramData\cl.1493315466.bdinstall.bin
2017-02-05 14:23 - 2017-02-05 14:23 - 0055880 _____ () C:\ProgramData\dm.1486329825.bdinstall.bin
2017-04-26 16:04 - 2017-04-26 16:04 - 0040612 _____ () C:\ProgramData\dm.update.1493247873.bdinstall.bin
2017-01-17 02:05 - 2017-01-17 02:05 - 0000016 _____ () C:\ProgramData\mntemp
2015-06-17 21:44 - 2015-06-17 21:44 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2015-06-17 21:43 - 2015-06-17 21:44 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2015-06-17 21:43 - 2015-06-17 21:43 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
Some files in TEMP:
====================
2017-04-27 11:07 - 2017-04-27 11:07 - 0079904 _____ () C:\Users\owner\AppData\Local\Temp\i4jdel0.exe
2017-04-27 11:04 - 2015-08-06 08:11 - 0178072 _____ (Nexon) C:\Users\owner\AppData\Local\Temp\NGM.exe
2017-04-27 11:04 - 2015-08-06 08:11 - 0948120 _____ (Nexon) C:\Users\owner\AppData\Local\Temp\NGMDll.dll
2017-04-27 11:04 - 2015-08-27 22:17 - 0405504 _____ (Nexon) C:\Users\owner\AppData\Local\Temp\NGMResource.dll
2017-04-26 16:18 - 2017-04-26 16:18 - 4749736 _____ (AgileBits Inc.                                              ) C:\Users\owner\AppData\Local\Temp\tmp8462.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-04-25 21:30
==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-04-2017
Ran by owner (28-04-2017 08:28:35)
Running from C:\Users\owner\Desktop
Windows 10 Home Version 1703 (X64) (2017-04-26 05:02:21)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-2097371829-1539454751-4000040218-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2097371829-1539454751-4000040218-503 - Limited - Disabled)
Guest (S-1-5-21-2097371829-1539454751-4000040218-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2097371829-1539454751-4000040218-1004 - Limited - Enabled)
owner (S-1-5-21-2097371829-1539454751-4000040218-1000 - Administrator - Enabled) => C:\Users\owner
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Antispyware (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {078AF241-05A3-0EFF-40E0-3E0D69EA140A}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
1Password 6 (HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\{507707B9-C68C-4986-A4AD-F25B24C152FA}_is1) (Version: 6.6.407 - AgileBits Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 24.0.0.180 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.7.0.272 - Adobe Systems Incorporated)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.4 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Aimersoft Helper Compact 2.5.1 (HKLM-x32\...\{405147F7-FCC5-499B-A27E-EA6BD4A80435}_is1) (Version: 2.5.1 - Aimersoft)
Air Video Server HD 2.2.3-beta7 (HKLM-x32\...\Air Video Server HD) (Version: 2.2.3-beta7 - InMethod, s.r.o.)
AirServer Universal (x64) (HKLM\...\{4609FACB-CA11-4902-9623-5E4FBD4D52FB}) (Version: 5.0.6 - App Dynamic)
AirServer Universal (x64) 4.0.31 (HKLM-x32\...\{73d28dd8-64ca-4c40-970e-62004f8767d0}) (Version: 4.0.31 - AppDynamic ehf)
Alagorn (HKLM-x32\...\Alagorn) (Version:  - )
Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ASUS AI Recovery (HKLM-x32\...\{38253529-D97D-4901-AE53-5CC9736D3A2E}) (Version: 1.0.13 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.43 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0011 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0033 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{AECA3622-E634-4A55-A696-70A511CBE06E}) (Version: 2.0.0 - AsusTek Computer Inc.)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.21 - asus)
AsusScr_G74 Series_ENG (HKLM-x32\...\AsusScr_G74 Series_ENG) (Version: 1.0.0001 - ASUS)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.7.142 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0008 - ASUS)
Atom (HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\atom) (Version: 1.9.4 - GitHub Inc.)
AVS Audio Converter 8.0 (HKLM-x32\...\AVS Audio Converter_is1) (Version: 8.0.2.541 - Online Media Technologies Ltd.)
Awesomenauts (HKLM\...\Steam App 204300) (Version:  - Ronimo Games)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Best Buy pc app (Version: 3.3.0.0 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.3.0.0 - Best Buy) Hidden
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 20.0.23.1252 - Bitdefender)
Bitdefender Device Management (HKLM\...\Bitdefender Device Management) (Version: 21.0.22.1050 - Bitdefender)
Bitdefender Total Security 2017 (HKLM\...\Bitdefender) (Version: 21.0.23.1101 - Bitdefender)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bonjour Print Services (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.)
Brawlhalla (HKLM\...\Steam App 291550) (Version:  - Blue Mammoth Games)
Bulk Rename Utility 3.0.0.1 (64-bit) (HKLM\...\Bulk Rename Utility Installation_is1) (Version:  - TGRMN Software)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Castle Crashers (HKLM\...\Steam App 204360) (Version:  - The Behemoth)
CCleaner (HKLM\...\CCleaner) (Version: 5.27 - Piriform)
Controller Companion (HKLM\...\Steam App 367670) (Version:  - Koga Tech Limited)
Crashlands (HKLM\...\Steam App 391730) (Version:  - Butterscotch Shenanigans)
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2926 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1126 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Discord (HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 24.4.16 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ExpressVPN (HKLM-x32\...\{b373232d-3c28-4f53-a88c-fed92cc79ea3}) (Version: 4.2.1.435 - ExpressVPN)
ExpressVPN (x32 Version: 4.2.1.435 - ExpressVPN) Hidden
ExpressVPN Compatibility Checks (x32 Version: 1.0.0.0 - ExpressVPN) Hidden
FileBot (HKLM\...\{5A7319F0-DD49-4716-B0DD-8FCD0111BA31}) (Version: 4.7.8 - Reinhard Pointner)
FINAL FANTASY X/X-2 HD Remaster (HKLM\...\Steam App 359870) (Version:  - SQUARE ENIX)
FINAL FANTASY XIII (HKLM\...\Steam App 292120) (Version:  - SQUARE ENIX)
Fresco Logic USB3.0 Host Controller (HKLM\...\{B1E301A1-C2B4-4B0B-AF31-C71F8A53DCDA}) (Version: 3.0.119.1 - Fresco Logic Inc.)
Genital Jousting (HKLM\...\Steam App 469820) (Version:  - Free Lives)
Google Update Helper (x32 Version: 1.3.33.3 - Google Inc.) Hidden
iFunbox (v3.0.3109.1352) (HKLM-x32\...\iFunbox_is1) (Version: v3.0.3109.1352 - iFunbox DevTeam)
iMazing 2.1.8.0 (HKLM\...\iMazing_is1) (Version: 2.1.8.0 - DigiDNA)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
Intel® PROSet/Wireless WiMAX Software (HKLM\...\{5C1DA3D9-F590-4317-A4FB-274F658E504B}) (Version: 6.05.0000 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 6.0.3.16 - IObit)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Jump Desktop Connect (HKLM-x32\...\{353A2836-D926-4E39-8B98-95001777A872}) (Version: 5.1.5.0 - Phase Five Systems)
LameXP v4.13 (HKLM-x32\...\{FBD7A67D-D700-4043-B54F-DD106D00F308}) (Version: 4.13 Final-1 [Build #1852] - LoRd_MuldeR <mulder2@gmx.de>)
Logitech Gaming Software 8.78 (HKLM\...\Logitech Gaming Software) (Version: 8.78.129 - Logitech Inc.)
Logitech Options (HKLM\...\LogiOptions) (Version:  - Logitech)
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Microsoft OneDrive (HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\OneDriveSetup.exe) (Version: 17.3.6816.0313 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 49.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 49.0.1 (x86 en-US)) (Version: 49.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.1 - Mozilla)
MusicBrainz Picard (HKLM-x32\...\MusicBrainz Picard) (Version: 1.3.2 - MusicBrainz)
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.4.28.00 - NETGEAR Inc.)
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version:  - )
Nexon Launcher (HKLM-x32\...\Nexon Nexon Launcher) (Version: 2.0.0 - Nexon)
Novaroma (HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\Novaroma 0.9.93) (Version: 0.9.93 - Novaroma)
Novaroma (x32 Version: 0.9.93 - Novaroma) Hidden
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.11.6.18139 - Electronic Arts, Inc.)
OSC Third Party Libraries (Version: 1.1 - NVIDIA Corporation) Hidden
PAYDAY 2 (HKLM\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
Plex Media Server (HKLM-x32\...\{6cfa815d-cf6e-46ac-bb70-16a5607aaccd}) (Version: 1.5.5.3634 - Plex, Inc.)
Plex Media Server (x32 Version: 1.5.3634 - Plex, Inc.) Hidden
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
Python 2.7.12 (HKLM-x32\...\{9DA28CE5-0AA5-429E-86D8-686ED898C665}) (Version: 2.7.12150 - Python Software Foundation)
Python Launcher (HKLM-x32\...\{963ECCDD-F09F-4C24-9367-8B5D748AA7C8}) (Version: 3.5.2121.0 - Python Software Foundation)
QuickTime (HKLM-x32\...\{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}) (Version: 7.64.17.73 - Apple Inc.)
Razer Cortex (HKLM-x32\...\Razer Cortex_is1) (Version: 8.0.66.300 - Razer Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.44.421.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8004 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10001 - Realtek Semiconductor Corp.)
Red Giant Link (HKLM-x32\...\{10F82E5B-B611-4C65-8F29-666A9EC5680A}_is1) (Version: 1.9.6.0 - Red Giant, LLC)
Rotation Desktop for G Series.exe (HKLM\...\Rotation Desktop for G Series_is1) (Version: 1.0.0.9 - ASUSTEK Computer Inc)
Roxio CinePlayer (HKLM-x32\...\{C03F3D5B-0D83-4F81-A324-32F4E7F1BF6A}) (Version: 5.8.58232.1 - Roxio)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.3.6 - NVIDIA Corporation) Hidden
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
Slack (HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\slack) (Version: 2.1.1 - Slack Technologies)
Sling (HKLM-x32\...\{D2F5A09A-5786-432B-875E-F95D8F37AAB4}) (Version: 4.8.149 - Echostar)
Smart Defrag 5 (HKLM-x32\...\Smart Defrag_is1) (Version: 5.5.1 - IObit)
Spotify (HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\Spotify) (Version: 1.0.53.758.gde3fc4b2 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stopping Plex (x32 Version: 1.5.3634 - Plex, Inc.) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.16.1 - Synaptics Incorporated)
TakeOwnershipEx (HKLM-x32\...\TakeOwnershipEx) (Version: 1.2.0.1 - hxxp://winaero.com)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
Terraria (HKLM\...\Steam App 105600) (Version:  - Re-Logic)
THX TruStudio (HKLM-x32\...\{B11AB9C8-18A6-41DC-98B4-4988CC030136}) (Version: 1.03.01 - Creative Technology Limited)
TightVNC (HKLM\...\{D2372F87-7DA2-47F7-A102-AF2181B8EAA2}) (Version: 2.7.10.0 - GlavSoft LLC.)
TransMac version 11.1 (HKLM-x32\...\TransMac_is1) (Version: 11.1 - Acute Systems)
Trapcode Suite v12.1.9 (HKLM-x32\...\{DFD2DC6B-C634-4C1C-81CC-5EF852E71CEE}_is1) (Version: 12.1.9 - Red Giant, LLC)
TunesGo version 9.0.0.24 (HKLM-x32\...\{F6C14121-D8F5-416C-9522-FEEE5CFAA357}_is1) (Version: 9.0.0.24 - Wondershare)
TunesKit for Windows 2.8.6.135 (HKLM-x32\...\TunesKit for Windows_is1) (Version:  - TunesKit, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
vShare Helper (HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\vShare Helper) (Version: 2.0.0.0 - vShare.com Co.,LTD)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.7.5.0 - Azureus Software, Inc.)
WD Drive Utilities (HKLM-x32\...\{eab1fb93-61fb-48de-b815-b4e9b68d2ef1}) (Version: 1.3.2.2 - Western Digital Technologies, Inc.)
WD Drive Utilities (x32 Version: 1.3.2.2 - Western Digital Technologies, Inc.) Hidden
WD Quick View (HKLM-x32\...\{F4F2EF32-EAFE-4F87-B7DC-E19C9F8E76FC}) (Version: 2.4.16.16 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{515B34CA-1229-4EDA-AE7C-53CBA68B8A7A}) (Version: 2.4.16.16 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{4555885d-a64c-4234-9aac-72a8a6b5590b}) (Version: 2.4.16.16 - Western Digital Technologies, Inc.)
WinDirStat 1.1.2 (HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\WinDirStat) (Version:  - )
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17387 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.31.1 - ASUS)
WinRAR 5.30 beta 3 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.3 - win.rar GmbH)
WinSCP 5.8 beta (HKLM-x32\...\winscp3_is1) (Version: 5.8 beta - Martin Prikryl)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.19 - ASUS)
Wondershare Helper Compact 2.5.0 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.0 - Wondershare)
Wondershare TidyMyMusic(Build 1.0.4.1) (HKLM-x32\...\Wondershare TidyMyMusic_is1) (Version: 1.0.4.1 - Wondershare Software)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2097371829-1539454751-4000040218-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {004A58C0-8E0D-4C70-9C55-2D0CCB0C4CBF} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-cameron_breon@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-05-05] (Adobe Systems Incorporated)
Task: {01C995FF-D178-4E7B-AC4A-9E950006A207} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {0837D897-84CB-4E30-A8DD-807937A81DFC} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe
Task: {0B73674E-C6D4-48C7-819E-B30BE3B33E1D} - System32\Tasks\Bitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C => C:\Program Files\Bitdefender\Bitdefender 2017\bdagent.exe [2017-04-24] (Bitdefender)
Task: {0BC0F8F7-8717-46C4-ACF0-3C3002483B72} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS)
Task: {0F1FC558-90E6-41AA-8D37-4FBE69053762} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe
Task: {148318FC-5974-4508-A415-B3AFD16E5DDB} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe
Task: {153B39DA-63F3-418F-9204-D1DFA33706B5} - System32\Tasks\SmartDefrag_AutoAnalyze => C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe [2016-06-06] (IObit)
Task: {1B373B4F-13B7-42EC-AC4D-E84251E29056} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {1C29438F-2AEB-48A4-A281-E09E538B58FE} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {1E5B1CAD-F5CC-4874-9F77-12DADC873DDA} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2016-09-26] ()
Task: {1EA6BABF-2A17-4094-95DA-5BFC50C33BB0} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-04-12] (Adobe Systems Incorporated)
Task: {247CF5C2-8E71-4D8F-927F-6DB051425FF2} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe [2017-04-19] (IObit)
Task: {29308477-8F7E-4D4F-92D5-F1534E61B6F5} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe
Task: {294CD425-3173-4482-9F2E-F3C1486085C4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {2C1A3FD8-7157-45E6-B61F-224016A51B75} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-04-14] (Microsoft Corporation)
Task: {349FB16D-6A2A-4014-81AC-2537C1B7535E} - \ASC10_SkipUac_owner -> No File <==== ATTENTION
Task: {3C9616B2-742C-4820-AFAE-F3D2459E9677} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe
Task: {3D60A1A4-9DDA-43EC-AB58-533DF9EEC978} - System32\Tasks\Uninstaller_SkipUac_owner => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-10-10] (IObit)
Task: {3D966D87-5FE5-4FBC-8E90-DB0F48E454DB} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe
Task: {3E3E65EA-6693-4ACC-947D-206853F50D65} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe
Task: {42145BE5-4059-431F-919A-1A381C5966DE} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {4B2E98BD-5701-4ADF-8F77-897B1E96FDD4} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2016-06-08] (Adobe Systems Incorporated)
Task: {50BE01A0-B5D8-4280-AA39-6572C7534D87} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {5F09B547-1F33-4183-9C04-33A7019206DE} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-06-09] (Dropbox, Inc.)
Task: {6FECF9BE-AED8-4627-80ED-91FF5361960F} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe
Task: {71B4ADCE-DE36-481E-A675-680EC546C303} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [2017-04-10] (IObit)
Task: {72520A89-E8A0-478B-871D-E44032C0CF9D} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-06-09] (Dropbox, Inc.)
Task: {773492A6-4F08-4DAF-9C1B-778BC17ACAED} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe
Task: {78588675-6CF3-4E50-B5B1-1EC34EAA2F6B} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe
Task: {7BB7D7CD-CBF7-4160-BEAF-428FDBA82224} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-02-07] (Piriform Ltd)
Task: {7DDF9673-8D0B-4652-B795-1BEAD1206B65} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe
Task: {7EDE8F4F-F7ED-49E4-BF4C-0EB837410327} - System32\Tasks\ASUS Patch 10430001 => C:\Windows\AsPatch10430001.exe [2010-07-29] ()
Task: {84BB3679-F626-429B-8BD8-42733FEF4089} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {88415078-1A54-421E-A69A-4AFB425B8020} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {8C20D133-E9E4-4192-8A05-E42B7BAA704A} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2017-01-18] (Realtek Semiconductor)
Task: {8F83371A-5339-421C-8728-BACFA4844437} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2017-01-18] (Realtek Semiconductor)
Task: {90DBD7D5-EB63-48AD-9C6B-ECAEB11EADB1} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-12-01] (ASUS)
Task: {947FE830-2405-4886-B91E-04EBEED69470} - System32\Tasks\Plex VPN Bypass => D:\Plex\VPN Bypass for Plex Media Server.bat [2017-01-22] ()
Task: {98E5DF26-6B3D-493E-80FE-1E4310F62C80} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {A2FE042F-4953-4C9A-8E1F-002A8BAEDF69} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {AA921623-B84A-4EC8-A6DA-5D46323FC6D9} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe
Task: {BA4A5F06-F410-4109-A507-B3B6093C8DAF} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {C778374C-94FE-41B0-B705-5FC952201AC0} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe
Task: {D3AC7C52-016A-47DC-B4EB-11377F27A303} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2017-02-02] (Bitdefender)
Task: {D5A31C77-A0EF-471B-9ADC-E3DB6C21158F} - System32\Tasks\IObitSelfCheckTask => C:\Program Files (x86)\IObit\Smart Defrag\IObitSelfCheck.exe [2016-10-18] (IObit)
Task: {D675CE6F-65A6-41F3-B64B-0A46F56F1BC2} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {D6D374A6-A4E4-465B-AE81-13EF92C602C2} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2011-05-30] (ASUS)
Task: {D9CD3B63-94DB-4832-BDDF-C06A1F1D94C7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {DCF1BA67-83F4-4054-A1C2-D4157A2494EC} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec.exe
Task: {DD548504-31EE-43FF-A573-1E9BCB56DC76} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe
Task: {E1541548-2CD1-4BE8-A489-8A3CDF254F96} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {E57FADB7-5BF3-4303-A480-A62AAFC871C0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {E959E007-A71C-4952-8EA8-22DE146D6227} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe
Task: {EBC60325-212F-4351-AD13-9823CB3A5788} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2010-11-15] (ASUS)
Task: {EF0097B2-3AA2-40A6-8093-2B5278E5AB71} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate.exe
Task: {F0496437-71B1-4E96-9E9C-3BC2F52CDE46} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {F2CC6053-33BE-47D7-A0C1-1A32375B891E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {FACB8164-0888-403B-B4E6-7F59329EA90F} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe
Task: {FBC8485F-A585-489F-8E2C-C65FEABC1BEF} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {FFEE4F98-789F-4BC5-9EBF-91D4AC658C46} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_owner.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start_process.bat.lnk -> C:\Program Files (x86)\TraktForVLC\windows_batch\start_process.bat ()
==================== Loaded Modules (Whitelisted) ==============
2017-04-24 07:03 - 2017-04-24 07:03 - 00111832 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\bdmetrics.dll
2017-02-07 03:50 - 2017-02-07 03:50 - 01008448 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\otengines_02451_002\ashttpbr.mdl
2017-02-07 03:50 - 2017-02-07 03:50 - 00541952 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\otengines_02451_002\ashttpdsp.mdl
2017-02-07 03:50 - 2017-02-07 03:50 - 03243920 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\otengines_02451_002\ashttpph.mdl
2017-02-07 03:50 - 2017-02-07 03:50 - 01544568 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\otengines_02451_002\ashttprbl.mdl
2017-04-25 21:31 - 2016-10-01 12:53 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 14:56 - 2017-01-13 14:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-05-15 21:13 - 2016-09-26 10:03 - 07711966 _____ () C:\Program Files\pia_manager\pia_manager.exe
2017-03-18 13:58 - 2017-03-18 13:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2016-05-22 19:33 - 2016-05-22 19:33 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2017-04-01 02:12 - 2015-02-27 14:38 - 00721263 ____N () C:\WINDOWS\SysWOW64\WSCM64.dll
2017-03-18 13:59 - 2017-03-18 19:31 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-04-26 09:40 - 2017-04-26 09:40 - 00077312 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.14.662.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-04-26 09:40 - 2017-04-26 09:40 - 00190464 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.14.662.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-04-26 09:40 - 2017-04-26 09:40 - 43011072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.14.662.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-04-26 09:40 - 2017-04-26 09:40 - 02451456 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.14.662.0_x64__kzf8qxf38zg5c\skypert.dll
2016-12-16 13:03 - 2016-12-16 13:03 - 00054488 _____ () C:\Program Files\CCleaner\branding.dll
2017-04-24 07:02 - 2017-04-24 07:02 - 00023328 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\lang\en-us\bdsystray.txtui
2015-06-17 21:40 - 2010-06-08 13:23 - 00236544 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2016-05-15 21:13 - 2016-09-26 10:03 - 00693760 _____ () C:\Program Files\pia_manager\openvpn.exe
2016-05-15 21:13 - 2016-09-26 10:03 - 00190317 _____ () C:\Program Files\pia_manager\liblzo2-2.dll
2016-05-15 21:13 - 2016-09-26 10:03 - 00108441 _____ () C:\Program Files\pia_manager\libpkcs11-helper-1.dll
2016-05-15 21:13 - 2016-09-26 10:03 - 00144896 _____ () C:\Program Files\pia_manager\pia-openvpn.dll
2017-04-12 14:29 - 2017-04-12 14:29 - 00083432 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
2017-04-12 14:29 - 2017-04-12 14:29 - 00203240 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
2017-04-25 21:05 - 2016-01-11 17:03 - 00899872 _____ () C:\Program Files (x86)\IObit\Smart Defrag\webres.dll
2017-04-25 21:05 - 2016-01-11 17:02 - 00630048 _____ () C:\Program Files (x86)\IObit\Smart Defrag\ProductStatistics.dll
2017-04-27 11:06 - 2017-04-27 11:06 - 00012800 _____ () C:\Users\owner\AppData\Local\Temp\ocr30E3.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2017-04-27 11:06 - 2017-04-27 11:06 - 00009728 _____ () C:\Users\owner\AppData\Local\Temp\ocr30E3.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2017-04-27 11:06 - 2017-04-27 11:06 - 00014848 _____ () C:\Users\owner\AppData\Local\Temp\ocr30E3.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2017-04-27 11:06 - 2017-04-27 11:06 - 00094208 _____ () C:\Users\owner\AppData\Local\Temp\ocr30E3.tmp\src\rgloader\rgloader193.mswin.so
2017-04-27 11:06 - 2017-04-27 11:06 - 00009216 _____ () C:\Users\owner\AppData\Local\Temp\ocr30E3.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2017-04-27 11:06 - 2017-04-27 11:06 - 00094208 _____ () C:\Users\owner\AppData\Local\Temp\ocr30E3.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2017-04-27 11:06 - 2017-04-27 11:06 - 00126976 _____ () C:\Users\owner\AppData\Local\Temp\ocr30E3.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2017-04-27 11:06 - 2017-04-27 11:06 - 00087552 _____ () C:\Users\owner\AppData\Local\Temp\ocr30E3.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2017-04-27 11:06 - 2017-04-27 11:06 - 00016384 _____ () C:\Users\owner\AppData\Local\Temp\ocr30E3.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2017-04-27 11:06 - 2017-04-27 11:06 - 00127316 _____ () C:\Users\owner\AppData\Local\Temp\ocr30E3.tmp\bin\libffi-6.dll
2017-04-27 11:06 - 2017-04-27 11:06 - 00008704 _____ () C:\Users\owner\AppData\Local\Temp\ocr30E3.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2017-04-27 11:06 - 2017-04-27 11:06 - 00013312 _____ () C:\Users\owner\AppData\Local\Temp\ocr30E3.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2017-04-27 11:06 - 2017-04-27 11:06 - 00095744 _____ () C:\Users\owner\AppData\Local\Temp\ocr30E3.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2017-04-27 11:06 - 2017-04-27 11:06 - 00026624 _____ () C:\Users\owner\AppData\Local\Temp\ocr30E3.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2017-04-27 11:06 - 2017-04-27 11:06 - 00012800 _____ () C:\Users\owner\AppData\Local\Temp\ocr89C1.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2017-04-27 11:06 - 2017-04-27 11:06 - 00009728 _____ () C:\Users\owner\AppData\Local\Temp\ocr89C1.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2017-04-27 11:06 - 2017-04-27 11:06 - 00014848 _____ () C:\Users\owner\AppData\Local\Temp\ocr89C1.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2017-04-27 11:06 - 2017-04-27 11:06 - 00094208 _____ () C:\Users\owner\AppData\Local\Temp\ocr89C1.tmp\src\rgloader\rgloader193.mswin.so
2017-04-27 11:06 - 2017-04-27 11:06 - 00094208 _____ () C:\Users\owner\AppData\Local\Temp\ocr89C1.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2017-04-27 11:06 - 2017-04-27 11:06 - 00118784 _____ () C:\Users\owner\AppData\Local\Temp\ocr89C1.tmp\lib\ruby\1.9.1\i386-mingw32\socket.so
2017-04-27 11:06 - 2017-04-27 11:06 - 00069120 _____ () C:\Users\owner\AppData\Local\Temp\ocr89C1.tmp\lib\ruby\1.9.1\i386-mingw32\zlib.so
2017-04-27 11:06 - 2017-04-27 11:06 - 00083968 _____ () C:\Users\owner\AppData\Local\Temp\ocr89C1.tmp\bin\zlib1.dll
2017-04-27 11:06 - 2017-04-27 11:06 - 00026624 _____ () C:\Users\owner\AppData\Local\Temp\ocr89C1.tmp\lib\ruby\1.9.1\i386-mingw32\stringio.so
2017-04-27 11:06 - 2017-04-27 11:06 - 00275968 _____ () C:\Users\owner\AppData\Local\Temp\ocr89C1.tmp\lib\ruby\1.9.1\i386-mingw32\openssl.so
2017-04-27 11:06 - 2017-04-27 11:06 - 00015360 _____ () C:\Users\owner\AppData\Local\Temp\ocr89C1.tmp\lib\ruby\1.9.1\i386-mingw32\digest.so
2017-04-27 11:06 - 2017-04-27 11:06 - 00008192 _____ () C:\Users\owner\AppData\Local\Temp\ocr89C1.tmp\lib\ruby\1.9.1\i386-mingw32\fcntl.so
2017-04-27 11:06 - 2017-04-27 11:06 - 00009216 _____ () C:\Users\owner\AppData\Local\Temp\ocr89C1.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2017-04-27 11:06 - 2017-04-27 11:06 - 00023552 _____ () C:\Users\owner\AppData\Local\Temp\ocr89C1.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\parser.so
2017-04-27 11:06 - 2017-04-27 11:06 - 00008704 _____ () C:\Users\owner\AppData\Local\Temp\ocr89C1.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16be.so
2017-04-27 11:06 - 2017-04-27 11:06 - 00008704 _____ () C:\Users\owner\AppData\Local\Temp\ocr89C1.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2017-04-27 11:06 - 2017-04-27 11:06 - 00008704 _____ () C:\Users\owner\AppData\Local\Temp\ocr89C1.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32be.so
2017-04-27 11:06 - 2017-04-27 11:06 - 00008704 _____ () C:\Users\owner\AppData\Local\Temp\ocr89C1.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32le.so
2017-04-27 11:06 - 2017-04-27 11:06 - 00036352 _____ () C:\Users\owner\AppData\Local\Temp\ocr89C1.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\generator.so
2017-04-27 11:06 - 2017-04-27 11:06 - 00126976 _____ () C:\Users\owner\AppData\Local\Temp\ocr89C1.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2017-04-27 11:06 - 2017-04-27 11:06 - 00087552 _____ () C:\Users\owner\AppData\Local\Temp\ocr89C1.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2017-04-27 11:06 - 2017-04-27 11:06 - 00016384 _____ () C:\Users\owner\AppData\Local\Temp\ocr89C1.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2017-04-27 11:06 - 2017-04-27 11:06 - 00127316 _____ () C:\Users\owner\AppData\Local\Temp\ocr89C1.tmp\bin\libffi-6.dll
2017-04-27 11:06 - 2017-04-27 11:06 - 00013312 _____ () C:\Users\owner\AppData\Local\Temp\ocr89C1.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2017-04-27 11:06 - 2017-04-27 11:06 - 00095744 _____ () C:\Users\owner\AppData\Local\Temp\ocr89C1.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2017-04-27 11:07 - 2017-04-27 11:07 - 00026624 _____ () C:\Users\owner\AppData\Local\Temp\ocr89C1.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.5.0-universal-mingw32\lib\win32\ruby19\win32\api.so
2016-07-21 16:27 - 2016-09-26 10:03 - 00939520 _____ () C:\Program Files\pia_manager\pia_tray_bin\nw-win\ffmpeg.dll
2016-07-21 16:27 - 2016-09-26 10:03 - 03115520 _____ () C:\Program Files\pia_manager\pia_tray_bin\nw-win\node.dll
2016-10-31 05:15 - 2016-06-21 19:30 - 00442144 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2016-10-31 05:15 - 2016-06-21 19:29 - 00210720 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2016-10-31 05:15 - 2016-06-21 19:29 - 00059680 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2016-10-31 05:15 - 2015-12-28 13:50 - 00899872 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\webres.dll
2016-10-31 05:15 - 2016-09-26 13:59 - 00631072 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\ProductStatistics.dll
2017-01-13 14:56 - 2017-01-13 14:56 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-01 18:13 - 2016-09-01 18:13 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]
AlternateDataStreams: C:\Users\owner\Amazon Drive:com.amazon.drive.sync [86]
AlternateDataStreams: C:\Users\owner\Amazon Drive:com.amazon.drive.sync.root [42]
AlternateDataStreams: C:\Users\owner\Desktop\CKScanner.exe:BDU [0]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetSetupSvc => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 19:34 - 2017-04-26 15:26 - 00003083 ____A C:\WINDOWS\system32\Drivers\etc\hosts
0.0.0.0 a.ads1.msn.com
0.0.0.0 a.ads2.msads.net
0.0.0.0 a.ads2.msn.com
0.0.0.0 a.rad.msn.com
0.0.0.0 a-0001.a-msedge.net
0.0.0.0 a-0002.a-msedge.net
0.0.0.0 a-0003.a-msedge.net
0.0.0.0 a-0004.a-msedge.net
0.0.0.0 a-0005.a-msedge.net
0.0.0.0 a-0006.a-msedge.net
0.0.0.0 a-0007.a-msedge.net
0.0.0.0 a-0008.a-msedge.net
0.0.0.0 a-0009.a-msedge.net
0.0.0.0 ac3.msn.com
0.0.0.0 ad.doubleclick.net
0.0.0.0 adnexus.net
0.0.0.0 adnxs.com
0.0.0.0 ads.msn.com
0.0.0.0 ads1.msads.net
0.0.0.0 ads1.msn.com
0.0.0.0 aidps.atdmt.com
0.0.0.0 aka-cdn-ns.adtech.de
0.0.0.0 a-msedge.net
0.0.0.0 az361816.vo.msecnd.net
0.0.0.0 az512334.vo.msecnd.net
0.0.0.0 b.ads1.msn.com
0.0.0.0 b.ads2.msads.net
0.0.0.0 b.rad.msn.com
0.0.0.0 bs.serving-sys.com
0.0.0.0 c.atdmt.com
There are 66 more lines.

==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\Control Panel\Desktop\\Wallpaper -> D:\User Files\Downloads\199174.png
DNS Servers: 192.168.1.1 - 209.222.18.222
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\Run: => "THXCfg64"
HKLM\...\StartupApproved\Run: => "Launch LCore"
HKLM\...\StartupApproved\Run: => "LogiOptions"
HKLM\...\StartupApproved\Run32: => "CLMLServer"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "LWS"
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\StartupApproved\StartupFolder: => "Slack.lnk"
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\StartupApproved\Run: => "AirVideoServerHD"
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\StartupApproved\Run: => "AirServer64"
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\StartupApproved\Run: => "iFunBox"
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\StartupApproved\Run: => "KakaoTalk"
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\StartupApproved\Run: => "NETGEARGenie"
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\StartupApproved\Run: => "EADM"
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\StartupApproved\Run: => "Lync"
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\StartupApproved\Run: => "Jump Connect"
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\StartupApproved\Run: => "KeepVidMusicService"
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\StartupApproved\Run: => "TunesGoService"
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\StartupApproved\Run: => "Pushbullet"
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\StartupApproved\Run: => "1Password 6"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{5BE38FAB-1FD9-4459-AEE0-47A1B1694657}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{CD1CBE7A-7631-48BC-9FF0-8BFE54673FDA}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe
FirewallRules: [{A7D704C2-8F24-498B-9142-D46D90D2A056}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe
FirewallRules: [{9D0E1A68-2577-4D1F-A75B-C8FEC38E54A3}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{075E043E-8E50-4A5E-BAAB-2BD145F0AD71}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [{2D418C4E-8A46-410A-81C2-1AD29F05E455}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\57.0.2987.37\remoting_host.exe
FirewallRules: [{B7582443-9422-416A-80D3-5655621A1D62}] => (Allow) D:\SteamLibrary\steamapps\common\Awesomenauts\Beta\AwesomenautsLauncher.exe
FirewallRules: [{E26AA222-28CC-450C-A25A-8D32E744DF69}] => (Allow) D:\SteamLibrary\steamapps\common\Awesomenauts\Beta\AwesomenautsLauncher.exe
FirewallRules: [{810F5B56-92E0-4CAC-80E1-533A98FB6B67}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{69E2070A-187C-40A3-A6A3-E4B8A58AFF9E}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{2148387A-1E2E-4084-89AF-8E63827D0864}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{BAE9E7E3-17FA-40EA-9FC5-128302AFF91E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3DF42E92-3F8B-4634-A027-DA9F20F31338}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FCF41246-6005-4EA2-B12F-D5521BF4A05E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6A8737EA-DB37-4FDA-B736-AB40DD8397D8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{904C254E-04A4-48A5-8578-6FD09E7C4167}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{F55A9031-54CA-4BBF-BF48-287EF619DDB2}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{C2E39B4B-5EF0-4ADF-97D3-0EDD81B2101A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E96EB43C-9791-43D4-83DB-9430DE7EE39C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{587CFE2C-D644-4844-B38B-3347FDDF6CA9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{6819FF11-FF54-4954-9C70-ED7384512D50}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{C22CEBD6-EAA3-48FB-AB33-269B3BD7D322}] => (Allow) D:\SteamLibrary\steamapps\common\Awesomenauts\AwesomenautsLauncher.exe
FirewallRules: [{C38D9F21-D850-4B3A-B6DC-FD9C13F1B6D3}] => (Allow) D:\SteamLibrary\steamapps\common\Awesomenauts\AwesomenautsLauncher.exe
FirewallRules: [{D7774865-2E9C-4EF6-9898-E7EBDE682FB9}] => (Allow) D:\SteamLibrary\steamapps\common\GenitalJousting\GenitalJousting.exe
FirewallRules: [{61599A9F-1052-4CB5-A8FC-C750CE2C9D82}] => (Allow) D:\SteamLibrary\steamapps\common\GenitalJousting\GenitalJousting.exe
FirewallRules: [{607F3F34-81B4-4D16-996C-0B9D3CDD3DFB}] => (Allow) C:\Users\owner\AppData\Roaming\Novaroma\Novaroma.exe
FirewallRules: [{56A4FFA5-43BA-446C-A754-2755F0125314}] => (Allow) LPort=8989
FirewallRules: [{5FA00DE5-DE61-4163-93DB-6304EBC0A484}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9BC76B1D-F797-4CEE-93CB-4E622EA51C5A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{88DBF0F1-D9F9-46F3-9833-8DD3D9E3774B}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{6F815CC6-D63D-45FA-B759-C5AEA04D5144}] => (Allow) C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
FirewallRules: [TCP Query User{3B4558F2-1F8B-4482-B899-1D8FEF255F17}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{72692400-16DD-4203-A99D-9450E8E5E741}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{11B5C64F-1EB3-4A48-8181-CFCF9B3FF362}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{4170FFD9-15C9-4827-90C1-674B751AAECD}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{F7368019-4362-43EA-ADD6-B242E3F58556}C:\program files\app dynamic\airserver\airserver.exe] => (Allow) C:\program files\app dynamic\airserver\airserver.exe
FirewallRules: [UDP Query User{D9158418-781A-4E8C-8304-E5353EBE135C}C:\program files\app dynamic\airserver\airserver.exe] => (Allow) C:\program files\app dynamic\airserver\airserver.exe
FirewallRules: [{F4D5E516-0056-422D-B2B3-16A5B1CF4391}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F44DE217-0AA9-4DBA-9D57-F5C45691DC90}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{89719E5B-C111-4220-A896-76B852CD3F20}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{CB8A2247-336F-4CFA-B2CA-9CE41D3AAFB5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{9EF0B9E7-EF88-4F45-A4DE-BD68191B5606}] => (Allow) C:\Program Files (x86)\Phase Five Systems\Jump Desktop Connect\5.1.5.0\JumpConnect.exe
FirewallRules: [{BA38E6A4-85C5-4637-9BD7-D48BF7337E54}] => (Allow) C:\Program Files (x86)\Phase Five Systems\Jump Desktop Connect\5.1.5.0\JumpConnect.exe
FirewallRules: [{CC675510-1EF2-4FF1-B232-F58FB90AFFBC}] => (Allow) C:\Program Files\TightVNC\tvnserver.exe
FirewallRules: [{6BE326BF-F36D-4CB2-A9EC-B5F624A7B604}] => (Allow) C:\Program Files (x86)\AirVideoServer HD\AirVideoServerUI.exe
FirewallRules: [{BE2312E0-CBE9-4AD4-A74C-559CA905DAD6}] => (Allow) C:\Program Files (x86)\AirVideoServer HD\AirVideoServerUI.exe
FirewallRules: [{C8E69740-1B69-4B62-A72F-D90290C39AE3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{B2CFC903-D697-4BE3-80FF-1510A5D01F64}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{3647C0AB-4807-4E5A-B12C-5979EB2238BC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{F4B20004-0890-4477-A99A-A278F2B74F43}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{088188CB-3901-499C-AB6F-0FC08BD03308}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E8E9A410-B1BD-4394-AC99-6667BE8E76D8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CastleCrashers\castle.exe
FirewallRules: [{2E9564BB-1D5A-4E48-B715-1BD6C93F84DA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CastleCrashers\castle.exe
FirewallRules: [{4D6ACC6A-D419-45C5-893F-53CC72CF69CC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crashlands\Crashlands.exe
FirewallRules: [{231D5801-122A-41B2-9BB6-D0394D81A66E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crashlands\Crashlands.exe
FirewallRules: [{78FBD58E-E16C-42AF-B207-743EE2B628D9}] => (Allow) D:\SteamLibrary\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{7C1DC53C-1E8F-435B-AC44-44A9A8EC75F9}] => (Allow) D:\SteamLibrary\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{2E64AD04-5D94-4628-ACF2-88EEB37E8F0C}] => (Allow) D:\SteamLibrary\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{131786B6-E38A-4166-AB6E-D30BCE9FF960}] => (Allow) D:\SteamLibrary\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{F5575A05-9126-4679-BCE4-1996624A65C1}] => (Allow) D:\SteamLibrary\steamapps\common\Controller Companion\ControllerCompanion.exe
FirewallRules: [{36A161A5-4439-4BCB-BB05-1CF6F0E43C73}] => (Allow) D:\SteamLibrary\steamapps\common\Controller Companion\ControllerCompanion.exe
FirewallRules: [{0DA8BBB5-1C51-4309-A2F4-89ABD5757968}] => (Allow) D:\SteamLibrary\steamapps\common\FINAL FANTASY XIII\FFXiiiLauncher.exe
FirewallRules: [{541F04BD-C186-479B-8875-A1AF27566552}] => (Allow) D:\SteamLibrary\steamapps\common\FINAL FANTASY XIII\FFXiiiLauncher.exe
FirewallRules: [{25B29A49-6E43-44CD-AC0D-EEE6672A9014}] => (Allow) C:\Program Files\App Dynamic\AirServer\AirServer.exe
FirewallRules: [{7DC803B1-8620-4079-93D7-75061E6A77AC}] => (Allow) C:\Program Files\App Dynamic\AirServer\AirServer.exe
FirewallRules: [{AA37A5D9-0DE2-4AD7-8FB4-06AC98264C32}] => (Allow) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE
FirewallRules: [TCP Query User{0D3D3CB3-054A-46C0-9F61-05CEEA6291B1}C:\users\owner\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\owner\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{95E9853F-6A94-4753-A837-4C431F09690F}C:\users\owner\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\owner\appdata\roaming\spotify\spotify.exe
==================== Restore Points =========================
ATTENTION: System Restore is disabled
==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (04/28/2017 03:31:00 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "c:\program files (x86)\razer\razer cortex\StreamingServicesAPI.dll.Manifest".Error in manifest or policy file "c:\program files (x86)\razer\razer cortex\StreamingServicesAPI.dll.Manifest" on line 2.
The value "F:\joju\projects\XSplitCSDemo\RazerLauncher\Components\StreamingServicesAPI.dll" of attribute "name" in element "urn:schemas-microsoft-com:asm.v1^file" is invalid.
Error: (04/28/2017 03:30:43 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "c:\program files (x86)\adobe\adobe creative cloud\utils\Creative Cloud Uninstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_583b8639f462029f.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_108e4f62dfe5d999.manifest.
Error: (04/27/2017 05:14:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 7
Error: (04/27/2017 11:07:44 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.
Error: (04/27/2017 10:59:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: uninstall.exe_vShare Helper Uninstall Program, version: 2.0.0.0, time stamp: 0x57956393
Faulting module name: HwInfo.dll_unloaded, version: 0.0.0.0, time stamp: 0x429e089e
Exception code: 0xc0000005
Fault offset: 0x00003c90
Faulting process id: 0x2934
Faulting application start time: 0x01d2bf7feeefe457
Faulting application path: C:\Program Files (x86)\vShare Helper\vShare\uninstall.exe
Faulting module path: HwInfo.dll
Report Id: ebb19499-d7b6-4225-a54e-07003606febb
Faulting package full name:
Faulting package-relative application ID:
Error: (04/27/2017 03:42:52 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Activation context generation failed for "c:\program files (x86)\razer\razer cortex\StreamingServicesAPI.dll.Manifest".Error in manifest or policy file "c:\program files (x86)\razer\razer cortex\StreamingServicesAPI.dll.Manifest" on line 2.
The value "F:\joju\projects\XSplitCSDemo\RazerLauncher\Components\StreamingServicesAPI.dll" of attribute "name" in element "urn:schemas-microsoft-com:asm.v1^file" is invalid.
Error: (04/27/2017 03:42:39 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "c:\program files (x86)\adobe\adobe creative cloud\utils\Creative Cloud Uninstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_583b8639f462029f.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_108e4f62dfe5d999.manifest.
Error: (04/27/2017 03:41:51 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
Error: (04/26/2017 05:29:25 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "WmiApRpl" in DLL "C:\WINDOWS\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Error: (04/26/2017 05:29:25 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: The Collect Procedure for the "C:\Windows\System32\winspool.drv" service in DLL "Spooler" generated an exception or returned an invalid status. The performance data returned by the counter DLL will not be returned in the Perf Data Block. The first four bytes (DWORD) of the Data section contains the exception code or status code.

System errors:
=============
Error: (04/27/2017 11:06:29 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The SysMain service terminated with the following error:
The request is not supported.
Error: (04/27/2017 11:06:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (04/27/2017 11:06:28 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.
Error: (04/27/2017 11:06:27 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error:
The request is not supported.
Error: (04/27/2017 11:05:45 AM) (Source: DCOM) (EventID: 10010) (User: owner-PC)
Description: The server {0002DF02-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.
Error: (04/27/2017 11:05:45 AM) (Source: DCOM) (EventID: 10010) (User: owner-PC)
Description: The server {0002DF02-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.
Error: (04/26/2017 05:30:42 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The SysMain service terminated with the following error:
The request is not supported.
Error: (04/26/2017 05:30:42 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Error: (04/26/2017 05:30:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error:
The request is not supported.
Error: (04/26/2017 05:30:42 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

CodeIntegrity:
===================================
  Date: 2017-04-28 08:25:54.980
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender 2017\active virus control\Avc3_00116_014\avcuf64.dll that did not meet the Microsoft signing level requirements.
  Date: 2017-04-28 03:29:46.142
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Red Giant Link\tools\update_installer\USERENV.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
  Date: 2017-04-27 21:18:15.616
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender 2017\active virus control\Avc3_00116_014\avcuf64.dll that did not meet the Microsoft signing level requirements.
  Date: 2017-04-27 21:17:51.821
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender 2017\active virus control\Avc3_00116_014\avcuf64.dll that did not meet the Microsoft signing level requirements.
  Date: 2017-04-27 21:16:36.352
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender 2017\active virus control\Avc3_00116_014\avcuf64.dll that did not meet the Microsoft signing level requirements.
  Date: 2017-04-27 21:16:28.807
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender 2017\active virus control\Avc3_00116_014\avcuf64.dll that did not meet the Microsoft signing level requirements.
  Date: 2017-04-27 16:53:11.250
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender 2017\active virus control\Avc3_00116_014\avcuf64.dll that did not meet the Microsoft signing level requirements.
  Date: 2017-04-27 16:53:11.215
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender 2017\active virus control\Avc3_00116_014\avcuf64.dll that did not meet the Microsoft signing level requirements.
  Date: 2017-04-27 11:06:28.968
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
  Date: 2017-04-27 10:52:34.086
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bitdefender\Bitdefender 2017\active virus control\Avc3_00116_014\avcuf64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================
Processor: Intel® Core™ i7-2670QM CPU @ 2.20GHz
Percentage of memory in use: 29%
Total physical RAM: 12265.16 MB
Available physical RAM: 8598.9 MB
Total Virtual: 12265.16 MB
Available Virtual: 8632.32 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:82.95 GB) (Free:16.01 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (New Volume) (Fixed) (Total:931.51 GB) (Free:222.68 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 83.8 GB) (Disk ID: 58394586)
Partition 1: (Active) - (Size=83 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=459 MB) - (Type=27)
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: E3102A4B)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================

 

 



#10 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:44 PM

Posted 28 April 2017 - 12:43 PM

Cameron:

 

Thank you for the new CKScanner log and the FRST logs.  I won't have the time today to get your newest FRST logs fully analyzed and prepare a revised FRST "fixlist.txt" script.  I can only devote several hours a day to volunteering here, and I have four other topics on the go, plus a "real life." :)

 

Thank you for your patience and understanding, and your great cooperation.  I will post back tomorrow afternoon with a FRST "fixlist.txt" script for you.

 

Have a great weekend, Cameron, and I will talk to you tomorrow.

 

Regards,

-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#11 OhSpazz

OhSpazz
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  

Posted 28 April 2017 - 12:47 PM

I understand ! Thank you so much for what you're doing i greatly aprreciate it!



#12 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:44 PM

Posted 29 April 2017 - 12:18 PM

Cameron:

Thank you for your post and for the logs.

.


:step1: The logs show that you have Apple QuickTime installed. This software is no longer supported by Apple and poses a security vulnerability to your computer. Please click this link for more details. I would recommend that you uninstall this program, but it is YOUR computer.

 

.


:step2: Please run a FRST "Fix" for me.

Copy and paste the text in the code box below into Notepad and save the file as fixlist.txt to the Desktop.

NOTE: It is important that both files, FRST64.exe and fixlist.txt are both in the same folder or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this individual computer. Running this on another computer may cause damage to your operating system.
 

CreateRestorePoint:
CloseProcesses:

HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
InternetURL: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download Latest Office 2016 Permanent Ultimate Activator.url -> URL: hxxp://bestprosoft.com/category/download-latest-best-professional-software-2016/
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download Latest Office 2016 Permanent Ultimate Activator.url
CMD: type C:\Program Files (x86)\TraktForVLC\windows_batch\start_process.bat
GroupPolicy: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
File: C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys
File: C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys
U3 dmwappushsvc; no ImagePath
U3 idsvc; no ImagePath
File: C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-04-18 10:31 - 2017-04-18 10:31 - 00004608 _____ C:\WINDOWS\SECOH-QAD.exe
2017-04-18 10:31 - 2017-04-18 10:31 - 00003584 _____ C:\WINDOWS\SECOH-QAD.dll
File: C:\Users\owner\AppData\Local\Temp\tmp8462.exe
Task: {1C29438F-2AEB-48A4-A281-E09E538B58FE} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {349FB16D-6A2A-4014-81AC-2537C1B7535E} - \ASC10_SkipUac_owner -> No File <==== ATTENTION
Task: {84BB3679-F626-429B-8BD8-42733FEF4089} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {88415078-1A54-421E-A69A-4AFB425B8020} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {98E5DF26-6B3D-493E-80FE-1E4310F62C80} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {A2FE042F-4953-4C9A-8E1F-002A8BAEDF69} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {BA4A5F06-F410-4109-A507-B3B6093C8DAF} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {D675CE6F-65A6-41F3-B64B-0A46F56F1BC2} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {D9CD3B63-94DB-4832-BDDF-C06A1F1D94C7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {E1541548-2CD1-4BE8-A489-8A3CDF254F96} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {E57FADB7-5BF3-4303-A480-A62AAFC871C0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {F2CC6053-33BE-47D7-A0C1-1A32375B891E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION

EmptyTemp:
  • Right click FRST64.exe, and select "Run as Administrator".
  • Then press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop (Fixlog.txt). Please copy and paste the contents into your reply.

.


After rebooting your computer, is it still being redirected?

Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#13 OhSpazz

OhSpazz
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  

Posted 29 April 2017 - 08:31 PM

IT WORKED !! THANK YOU !!! No longer being directed. 

 

Is there any recommended software to image my computer so I can always get it back to this point of being clean?

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 27-04-2017
Ran by owner (29-04-2017 12:21:44) Run:1
Running from C:\Users\owner\Desktop
Loaded Profiles: owner (Available Profiles: owner & DefaultAppPool)
Boot Mode: Normal
==============================================
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
InternetURL: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download Latest Office 2016 Permanent Ultimate Activator.url -> URL: hxxp://bestprosoft.com/category/download-latest-best-professional-software-2016/
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download Latest Office 2016 Permanent Ultimate Activator.url
CMD: type C:\Program Files (x86)\TraktForVLC\windows_batch\start_process.bat
GroupPolicy: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
File: C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys
File: C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys
U3 dmwappushsvc; no ImagePath
U3 idsvc; no ImagePath
File: C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-04-18 10:31 - 2017-04-18 10:31 - 00004608 _____ C:\WINDOWS\SECOH-QAD.exe
2017-04-18 10:31 - 2017-04-18 10:31 - 00003584 _____ C:\WINDOWS\SECOH-QAD.dll
File: C:\Users\owner\AppData\Local\Temp\tmp8462.exe
Task: {1C29438F-2AEB-48A4-A281-E09E538B58FE} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {349FB16D-6A2A-4014-81AC-2537C1B7535E} - \ASC10_SkipUac_owner -> No File <==== ATTENTION
Task: {84BB3679-F626-429B-8BD8-42733FEF4089} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {88415078-1A54-421E-A69A-4AFB425B8020} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {98E5DF26-6B3D-493E-80FE-1E4310F62C80} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {A2FE042F-4953-4C9A-8E1F-002A8BAEDF69} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {BA4A5F06-F410-4109-A507-B3B6093C8DAF} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {D675CE6F-65A6-41F3-B64B-0A46F56F1BC2} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {D9CD3B63-94DB-4832-BDDF-C06A1F1D94C7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {E1541548-2CD1-4BE8-A489-8A3CDF254F96} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {E57FADB7-5BF3-4303-A480-A62AAFC871C0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {F2CC6053-33BE-47D7-A0C1-1A32375B891E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
EmptyTemp:
*****************
Error: (0) Failed to create a restore point.
Processes closed successfully.
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\LinkResolveIgnoreLinkInfo => value removed successfully
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => value removed successfully
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoInternetOpenWith => value removed successfully
HKU\S-1-5-21-2097371829-1539454751-4000040218-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLowDiskSpaceChecks => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending => key removed successfully
HKCR\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced => key removed successfully
HKCR\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing => key removed successfully
HKCR\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending => key removed successfully
HKCR\Wow6432Node\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced => key removed successfully
HKCR\Wow6432Node\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202} => key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing => key removed successfully
HKCR\Wow6432Node\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637} => key not found.
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download Latest Office 2016 Permanent Ultimate Activator.url => moved successfully
"C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Download Latest Office 2016 Permanent Ultimate Activator.url" => not found.
========= type C:\Program Files (x86)\TraktForVLC\windows_batch\start_process.bat =========
The system cannot find the file specified.
Error occurred while processing: C:\Program.
The system cannot find the file specified.
Error occurred while processing: Files.
The system cannot find the path specified.
========= End of CMD: =========
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
========================= File: C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys ========================
File is digitally signed
MD5: BD47B2FEABFA48C6224D43EE9EA9BC06
Creation and modification date: 2017-03-18 13:56 - 2017-03-18 13:56
Size: 0085504
Attributes: ----A
Company Name: Intel Corporation
Internal Name: iaLPSS2i_GPIO2_BXT_P.sys
Original Name: iaLPSS2i_GPIO2_BXT_P.sys
Product: Intel® Serial IO Driver
Description: Intel® Serial IO GPIO Driver v2
File Version: 30.100.1705.5
Product Version: 30.100.1705.5
Copyright: Copyright © 2015, Intel Corporation.
====== End of File: ======

========================= File: C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys ========================
File is digitally signed
MD5: 4126F8DA08CE7924A3AE6F7235F85D5F
Creation and modification date: 2017-03-18 13:56 - 2017-03-18 13:56
Size: 0168448
Attributes: ----A
Company Name: Intel Corporation
Internal Name: iaLPSS2i_I2C_BXT_P.sys
Original Name: iaLPSS2i_I2C_BXT_P.sys
Product: Intel® Serial IO Driver
Description: Intel® Serial IO I2C Driver v2
File Version: 30.100.1705.5
Product Version: 30.100.1705.5
Copyright: Copyright © 2015, Intel Corporation.
====== End of File: ======
HKLM\System\CurrentControlSet\Services\dmwappushsvc => key removed successfully
dmwappushsvc => service removed successfully
HKLM\System\CurrentControlSet\Services\idsvc => key removed successfully
idsvc => service removed successfully
========================= File: C:\WINDOWS\system32\edgehtmlpluginpolicy.bin ========================
File is digitally signed
MD5: B0A3B85B6A2605A26B8C44B9A9C5F9B1
Creation and modification date: 2017-04-25 22:26 - 2017-04-25 22:26
Size: 0032004
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
====== End of File: ======
C:\WINDOWS\SECOH-QAD.exe => moved successfully
C:\WINDOWS\SECOH-QAD.dll => moved successfully
========================= File: C:\Users\owner\AppData\Local\Temp\tmp8462.exe ========================
File is digitally signed
MD5: FFC59C6A635263873DBC2CAC7A1DCC7B
Creation and modification date: 2017-04-26 16:18 - 2017-04-26 16:18
Size: 4749736
Attributes: ----A
Company Name: AgileBits Inc.                                             
Internal Name:
Original Name:
Product: 1Password 6                                                
Description: 1Password 6 Setup                                          
File Version:                    
Product Version: 6.6.407                                          
Copyright:                                                                                                    
====== End of File: ======
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1C29438F-2AEB-48A4-A281-E09E538B58FE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1C29438F-2AEB-48A4-A281-E09E538B58FE} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{349FB16D-6A2A-4014-81AC-2537C1B7535E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{349FB16D-6A2A-4014-81AC-2537C1B7535E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC10_SkipUac_owner => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{84BB3679-F626-429B-8BD8-42733FEF4089} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{84BB3679-F626-429B-8BD8-42733FEF4089} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{88415078-1A54-421E-A69A-4AFB425B8020} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{88415078-1A54-421E-A69A-4AFB425B8020} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{98E5DF26-6B3D-493E-80FE-1E4310F62C80} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98E5DF26-6B3D-493E-80FE-1E4310F62C80} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A2FE042F-4953-4C9A-8E1F-002A8BAEDF69} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A2FE042F-4953-4C9A-8E1F-002A8BAEDF69} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BA4A5F06-F410-4109-A507-B3B6093C8DAF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BA4A5F06-F410-4109-A507-B3B6093C8DAF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D675CE6F-65A6-41F3-B64B-0A46F56F1BC2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D675CE6F-65A6-41F3-B64B-0A46F56F1BC2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D9CD3B63-94DB-4832-BDDF-C06A1F1D94C7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D9CD3B63-94DB-4832-BDDF-C06A1F1D94C7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E1541548-2CD1-4BE8-A489-8A3CDF254F96} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1541548-2CD1-4BE8-A489-8A3CDF254F96} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E57FADB7-5BF3-4303-A480-A62AAFC871C0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E57FADB7-5BF3-4303-A480-A62AAFC871C0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F2CC6053-33BE-47D7-A0C1-1A32375B891E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F2CC6053-33BE-47D7-A0C1-1A32375B891E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
=========== EmptyTemp: ==========
BITS transfer queue => 6578176 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 43646742 B
Java, Flash, Steam htmlcache => 251178102 B
Windows/system/drivers => 946874 B
Edge => 5389 B
Chrome => 276374341 B
Firefox => 2414087 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 6148 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 26434 B
NetworkService => 0 B
owner => 78273067 B
DefaultAppPool => 6148 B
RecycleBin => 157870 B
EmptyTemp: => 629.1 MB temporary data Removed.
================================

The system needed a reboot.
==== End of Fixlog 12:22:01 ====


#14 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,793 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:44 PM

Posted 30 April 2017 - 02:17 PM

Cameron:
 
Thank you for your fixlog.txt.  Looks good.  Sorry for the delay in responding.  I am having Internet issues and also I am not receiving email notifications of your replies, so I only "discover" that you have replied when I actually search this Forum for my outstanding logs clients.
 
I am glad that your redirect issue is resolved, but I am a long way from declaring your computer "clean."  FRST is very good at what it does, but it does not detect everything, so I propose we run a suite of standard anti-malware detection scans and see what else might be infesting your computer. You are here any ways.
 
As for backup software, both Easeus Todo Backup Free and Macrium Reflect Free are excellent choices, as are the paid versions.  I own paid copies of both backup products and alternate full system images every week.  Make that you do create a bootable recovery USB or DVD for which ever product you choose.  The Windows Backup/Restore program is pretty limited and you can't "verify" that the image is good, so I don't recommend it.
 
.


:step1: ESET Online Scanner using Internet Explorer:

Note 1: These instructions are for Internet Explorer only! If you're using Chrome or Firefox, you will need to download and install the ESET Smart Installer tool before it can scan. See instructions here.
Note 2: You will need to disable your currently installed Anti-Virus, how to do so can be found here.

  • Download esetsmartinstaller_enu.exe and save it to your Desktop.
  • Double click the icon.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Then select: "Enable detection of potentially unwanted applications" - Yes.
  • Click Advanced settings.
  • Check the following items.

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Change next to Current scan targets:
  • Place a check mark in any additional drive you wish to scan then click OK.
  • Click Start.
  • ESET will then download updates and begin scanning your computer.
  • If no threats are found simply click Uninstall application on close and hit Finish.
  • If threats are found click List of found threats.
  • Click Export to text file.
  • Save the file on your Desktop as ESET.txt.
  • Click Back.
  • Check Uninstall application on close and Delete quarantined files.
  • Click Finish.
  • Close the ESET Online Scanner window.
  • Copy and paste the contents of ESET.txt into your reply, if any threats were detected.

Don't forget to re-enable your antivirus when finished!

.


:step2: Please run a Malwarebytes Anti-Malware scan for me.

  • Please download Malwarebytes to your Desktop.
  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • Then click Finish.
  • Next, please go to "Settings", "Protection", and turn on "Scan for rootkits", if it is not "On."
  • Then scroll to the bottom of that page and ensure that "Automatic Quarantine" is turned "On."
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If an update of the definitions is available, it will be downloaded and installed before the scan commences.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available through History ->Application logs. Please copy and paste the contents of the log into your next reply.

.


Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#15 OhSpazz

OhSpazz
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  

Posted 01 May 2017 - 12:25 AM

ESET SCAN

 

 

C:\Users\All Users\LogiShrd\LogiOptions\Software\6.20.43\dma_x64.dll a variant of Win64/WebBar.B potentially unwanted application 
C:\Users\All Users\LogiShrd\LogiOptions\Software\6.30.80\dma_x64.dll a variant of Win64/WebBar.B potentially unwanted application 
C:\Users\All Users\LogiShrd\LogiOptions\Software\Current\dma_x64.dll a variant of Win64/WebBar.B potentially unwanted application 
C:\Windows.old\Users\All Users\LogiShrd\LogiOptions\Software\6.20.43\dma_x64.dll a variant of Win64/WebBar.B potentially unwanted application 
C:\Windows.old\Users\All Users\LogiShrd\LogiOptions\Software\6.30.80\dma_x64.dll a variant of Win64/WebBar.B potentially unwanted application 
C:\Windows.old\Users\All Users\LogiShrd\LogiOptions\Software\Current\dma_x64.dll a variant of Win64/WebBar.B potentially unwanted application 
C:\FRST\Quarantine\C\WINDOWS\SECOH-QAD.dll.xBAD Win64/HackKMS.D potentially unsafe application cleaned by deleting
C:\FRST\Quarantine\C\WINDOWS\SECOH-QAD.exe.xBAD Win64/HackKMS.C potentially unsafe application cleaned by deleting
C:\Program Files (x86)\Wondershare\TidyMyMusic\patch.exe a variant of Win32/HackTool.Patcher.A potentially unsafe application cleaned by deleting
C:\ProgramData\LogiShrd\LogiOptions\Software\6.20.43\dma_x64.dll a variant of Win64/WebBar.B potentially unwanted application cleaned by deleting
C:\ProgramData\LogiShrd\LogiOptions\Software\6.30.80\dma_x64.dll a variant of Win64/WebBar.B potentially unwanted application cleaned by deleting
C:\ProgramData\LogiShrd\LogiOptions\Software\Current\dma_x64.dll a variant of Win64/WebBar.B potentially unwanted application cleaned by deleting
C:\Users\owner\Dropbox\Angy\DRIVER BOOSTER\Block.bat BAT/HostsChanger.A potentially unsafe application cleaned by deleting
D:\SteamLibrary\steamapps\common\PAYDAY 2\IPHLPAPI.dll Win32/GameHack.BFG potentially unsafe application cleaned by deleting
D:\User Files\Documents\Vuze Downloads\IObit Driver Booster\IObit Driver Booster Pro 4.1.0 Multilingual Portable [SadeemPC]\IObit Driver Booster Pro 4.1.0 Multilingual + License Keys + Portable [SadeemPC]\IObit Driver Booster Pro 4.1.0 Multilingual Portable [SadeemPC]\Block.bat BAT/HostsChanger.A potentially unsafe application cleaned by deleting
D:\User Files\Downloads\dfsetup221.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting
D:\User Files\Downloads\SetupImgBurn_2.5.8.0.exe Win32/FusionCore.L potentially unwanted application cleaned by deleting
 

 

 

 

Malwarebytes Scan

 

 

 

Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 4/30/17
Scan Time: 10:15 PM
Logfile: LOL.txt
Administrator: Yes
-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.75
Update Package Version: 1.0.1842
License: Trial
-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: owner-PC\owner
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 442482
Time Elapsed: 3 min, 1 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 0
(No malicious items detected)
Registry Value: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 1
PUP.Optional.BestBuy, C:\USERS\DEFAULTAPPPOOL\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\BEST BUY PC APP.LNK, Quarantined, [6193], [393596],1.0.1842
Physical Sector: 0
(No malicious items detected)

(end)





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users