Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

whole computer slows down during web loading


  • This topic is locked This topic is locked
18 replies to this topic

#1 ferrouswheel

ferrouswheel

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 11 May 2017 - 11:21 AM

Continued from https://www.bleepingcomputer.com/forums/t/642993/periodic-slowing-stuttering-for-the-past-week/

 

I was advised to post a thread here.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-05-2017
Ran by CommanderX (administrator) on THEDELL (11-05-2017 01:04:13)
Running from C:\Users\CommanderX\Downloads
Loaded Profiles: CommanderX (Available Profiles: CommanderX)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\WINDOWS\System32\wisptis.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Microsoft Corporation) C:\WINDOWS\System32\wisptis.exe
(Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\WINDOWS\System32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\System32\igfxsrvc.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Graphic Tablet Company Shenzhen) C:\PenTabletDriver\TabletDriver.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsserv.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdagent.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7194840 2013-07-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-29] (Realtek Semiconductor)
HKLM\...\Run: [TabletDriver] => C:\PenTabletDriver\TabletDriver.exe [634240 2016-05-27] (Graphic Tablet Company Shenzhen)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [144696 2017-02-14] (Check Point Software Technologies Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [132736 2013-07-03] (Qualcomm®Atheros®)
HKU\S-1-5-21-1917758672-2090528760-177207987-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1917758672-2090528760-177207987-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_25_0_0_148_Plugin.exe [1277016 2017-04-13] (Adobe Systems Incorporated)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
GroupPolicyScripts-x32: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.114.81.1 75.114.81.2
Tcpip\..\Interfaces\{1E27137A-5792-416E-9FD4-D1C001093007}: [DhcpNameServer] 75.114.81.1 75.114.81.2

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-1917758672-2090528760-177207987-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-1917758672-2090528760-177207987-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKU\S-1-5-21-1917758672-2090528760-177207987-1000 -> DefaultScope {D942FF09-9F71-4BAE-AC16-B458961DB7A0} URL =
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2013-07-03] (Qualcomm®Atheros®)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-22] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-22] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: ejp08zjb.default
FF ProfilePath: C:\Users\CommanderX\AppData\Roaming\Mozilla\Firefox\Profiles\ejp08zjb.default [2017-05-11]
FF Keyword.URL: Mozilla\Firefox\Profiles\ejp08zjb.default -> hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF Extension: (FireShot) - C:\Users\CommanderX\AppData\Roaming\Mozilla\Firefox\Profiles\ejp08zjb.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2017-04-07]
FF Extension: (Adblock Plus) - C:\Users\CommanderX\AppData\Roaming\Mozilla\Firefox\Profiles\ejp08zjb.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-01-09]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll [2017-04-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-25] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-02] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-13] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1219160.dll [2015-07-23] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.4 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-25] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-02] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin HKU\S-1-5-21-1917758672-2090528760-177207987-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\CommanderX\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-18] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1917758672-2090528760-177207987-1000: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [No File]

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\CommanderX\AppData\Local\Google\Chrome\User Data\Default [2017-05-07]
CHR Extension: (Google Slides) - C:\Users\CommanderX\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-11]
CHR Extension: (Google Docs) - C:\Users\CommanderX\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-11]
CHR Extension: (Google Drive) - C:\Users\CommanderX\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\CommanderX\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\CommanderX\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Full Page Screen Capture) - C:\Users\CommanderX\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2017-01-08]
CHR Extension: (Google Sheets) - C:\Users\CommanderX\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-11]
CHR Extension: (Google Docs Offline) - C:\Users\CommanderX\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\CommanderX\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-04-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\CommanderX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\CommanderX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-11]
CHR Extension: (Chrome Media Router) - C:\Users\CommanderX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-02]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1295376 2016-07-01] (Autodesk Inc.)
S4 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-25] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [312448 2013-07-03] (Windows ® Win 7 DDK provider) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [14696 2013-07-30] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-25] (Intel Corporation)
S4 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S4 mi-raysat_3dsmax2016_64; C:\Program Files\Autodesk\3ds Max 2016\NVIDIA\Satellite\raysat_3dsmax2016_64server.exe [86016 2011-09-15] () [File not signed]
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1230824 2017-02-22] (Bitdefender)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-19] (Realtek Semiconductor)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 updatesrv; C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe [100392 2017-03-29] (Bitdefender)
S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [4076744 2017-02-14] (Check Point Software Technologies Ltd.)
R2 vsserv; C:\Program Files\Bitdefender Antivirus Free\vsserv.exe [100392 2017-03-29] (Bitdefender)
R2 vsservppl; C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe [100392 2017-03-29] (Bitdefender)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [315768 2016-08-05] (Western Digital Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-03-06] (Microsoft Corporation)
S3 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [114936 2016-11-01] (Check Point Software Technologies, Ltd.)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2013-06-21] (Atheros) [File not signed]
R2 ZoneAlarm ICM Service; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe [1037624 2017-02-14] (Check Point Software Technologies Ltd.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1605376 2016-09-20] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [878072 2016-09-20] (BitDefender)
R1 bdfwfpf; C:\Program Files\Bitdefender Antivirus Free\bdfwfpf.sys [127312 2016-02-22] (BitDefender LLC)
S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2013-07-03] (Qualcomm Atheros)
R3 edrsensor; C:\Windows\System32\DRIVERS\edrsensor.sys [342016 2016-12-13] (BitDefender S.R.L. Bucharest, ROMANIA)
R0 gzflt; C:\Windows\System32\drivers\gzflt.sys [182944 2016-10-29] (BitDefender LLC)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-07-24] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
R2 trufos; C:\Windows\System32\drivers\trufos.sys [520032 2016-06-22] (BitDefender S.R.L.)
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2014-03-06] (Microsoft Corporation) [File not signed]
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2014-03-06] (Microsoft Corporation) [File not signed]
R3 vmulti; C:\Windows\System32\DRIVERS\vmulti.sys [19504 2016-01-13] (Windows ® Win 7 DDK provider)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [461240 2017-03-16] (Check Point Software Technologies Ltd.)
R3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64_prewin8.sys [23200 2016-08-05] (Western Digital Technologies)
U1 aswbdisk; no ImagePath
U3 iswSvc; no ImagePath
S3 NPF; system32\drivers\NPF.sys [X]
S3 WacHidRouter; system32\DRIVERS\wachidrouter.sys [X]
S3 WacHidRouterPro; system32\DRIVERS\wachidrouter.sys [X]
S3 wacommousefilter; system32\DRIVERS\wacommousefilter.sys [X]
S3 wacomrouterfilter; system32\DRIVERS\wacomrouterfilter.sys [X]
S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-11 01:04 - 2017-05-11 01:04 - 00018858 _____ C:\Users\CommanderX\Downloads\FRST.txt
2017-05-11 01:03 - 2017-05-11 01:04 - 00000000 ____D C:\FRST
2017-05-11 00:35 - 2017-05-11 00:35 - 02429440 _____ (Farbar) C:\Users\CommanderX\Downloads\FRST64.exe
2017-04-12 10:53 - 2017-03-24 18:50 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-04-12 10:53 - 2017-03-24 18:42 - 00313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-04-12 10:53 - 2017-03-22 11:32 - 03165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-04-12 10:53 - 2017-03-22 11:32 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-04-12 10:53 - 2017-03-22 11:32 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-04-12 10:53 - 2017-03-22 11:30 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2017-04-12 10:53 - 2017-03-22 11:24 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-04-12 10:53 - 2017-03-22 11:17 - 02651136 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-04-12 10:53 - 2017-03-22 11:15 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-04-12 10:53 - 2017-03-22 11:15 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-04-12 10:53 - 2017-03-22 11:15 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-04-12 10:53 - 2017-03-22 11:15 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-04-12 10:53 - 2017-03-22 11:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-04-12 10:53 - 2017-03-22 11:15 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2017-04-12 10:53 - 2017-03-22 11:05 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-04-12 10:53 - 2017-03-22 11:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-04-12 10:53 - 2017-03-22 11:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-04-12 10:53 - 2017-03-22 11:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2017-04-12 10:53 - 2017-03-14 11:34 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-04-12 10:53 - 2017-03-14 11:34 - 00265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-04-12 10:53 - 2017-03-14 11:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-04-12 10:53 - 2017-03-10 12:35 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-04-12 10:53 - 2017-03-10 12:31 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-04-12 10:53 - 2017-03-10 12:31 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-04-12 10:53 - 2017-03-10 12:31 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-04-12 10:53 - 2017-03-10 12:31 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-04-12 10:53 - 2017-03-10 12:27 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-04-12 10:53 - 2017-03-10 12:20 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2017-04-12 10:53 - 2017-03-10 12:19 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2017-04-12 10:53 - 2017-03-10 12:19 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2017-04-12 10:53 - 2017-03-10 12:00 - 03219968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-04-12 10:53 - 2017-03-10 11:53 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-04-12 10:53 - 2017-03-08 16:20 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2017-04-12 10:53 - 2017-03-08 16:10 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2017-04-12 10:53 - 2017-03-08 00:37 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-04-12 10:53 - 2017-03-08 00:36 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-04-12 10:53 - 2017-03-08 00:36 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-04-12 10:53 - 2017-03-08 00:36 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-04-12 10:53 - 2017-03-08 00:36 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-04-12 10:53 - 2017-03-08 00:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 02064384 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:26 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-04-12 10:53 - 2017-03-08 00:26 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-04-12 10:53 - 2017-03-08 00:24 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-04-12 10:53 - 2017-03-08 00:22 - 01416192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-04-12 10:53 - 2017-03-08 00:22 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-04-12 10:53 - 2017-03-08 00:22 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-04-12 10:53 - 2017-03-08 00:22 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-04-12 10:53 - 2017-03-08 00:22 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-04-12 10:53 - 2017-03-08 00:22 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-04-12 10:53 - 2017-03-08 00:22 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-04-12 10:53 - 2017-03-08 00:22 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-04-12 10:53 - 2017-03-08 00:22 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-04-12 10:53 - 2017-03-08 00:22 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-04-12 10:53 - 2017-03-08 00:22 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-04-12 10:53 - 2017-03-08 00:22 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-04-12 10:53 - 2017-03-08 00:22 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-04-12 10:53 - 2017-03-08 00:22 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-04-12 10:53 - 2017-03-08 00:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-04-12 10:53 - 2017-03-08 00:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-04-12 10:53 - 2017-03-08 00:22 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-04-12 10:53 - 2017-03-08 00:22 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-04-12 10:53 - 2017-03-08 00:22 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-04-12 10:53 - 2017-03-08 00:21 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-04-12 10:53 - 2017-03-08 00:21 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-04-12 10:53 - 2017-03-08 00:21 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-04-12 10:53 - 2017-03-08 00:21 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-04-12 10:53 - 2017-03-08 00:21 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-04-12 10:53 - 2017-03-08 00:21 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:21 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-04-12 10:53 - 2017-03-08 00:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-04-12 10:53 - 2017-03-08 00:03 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-04-12 10:53 - 2017-03-08 00:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-04-12 10:53 - 2017-03-08 00:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-04-12 10:53 - 2017-03-08 00:00 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-04-12 10:53 - 2017-03-07 23:59 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-04-12 10:53 - 2017-03-07 23:57 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-04-12 10:53 - 2017-03-07 23:56 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-04-12 10:53 - 2017-03-07 23:56 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-04-12 10:53 - 2017-03-07 23:56 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-04-12 10:53 - 2017-03-07 23:55 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-04-12 10:53 - 2017-03-07 23:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-04-12 10:53 - 2017-03-07 23:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-04-12 10:53 - 2017-03-07 23:54 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-04-12 10:53 - 2017-03-07 23:54 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-04-12 10:53 - 2017-03-07 23:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-04-12 10:53 - 2017-03-07 23:53 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-04-12 10:53 - 2017-03-07 23:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-04-12 10:53 - 2017-03-07 23:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-12 10:53 - 2017-03-07 23:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-04-12 10:53 - 2017-03-07 23:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-04-12 10:53 - 2017-03-07 12:30 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2017-04-12 10:53 - 2017-03-07 12:17 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2017-04-12 10:53 - 2017-03-03 21:27 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-04-12 10:53 - 2017-03-03 21:27 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\mfmjpegdec.dll
2017-04-12 10:53 - 2017-03-03 21:14 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-04-12 10:53 - 2017-03-03 21:14 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmjpegdec.dll
2017-04-12 10:53 - 2017-02-14 12:33 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-04-12 10:53 - 2017-02-14 12:19 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2017-04-12 10:53 - 2017-02-11 12:33 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-04-12 10:53 - 2017-02-11 12:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-04-12 10:53 - 2017-02-09 12:32 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2017-04-12 10:53 - 2017-02-09 12:32 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2017-04-12 10:53 - 2017-02-09 12:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2017-04-12 10:53 - 2017-01-18 11:36 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-04-12 10:53 - 2017-01-18 11:36 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-04-12 10:53 - 2017-01-18 11:36 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-04-12 10:53 - 2017-01-18 11:36 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-04-12 10:53 - 2017-01-18 11:36 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-04-12 10:53 - 2017-01-18 11:36 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-04-12 10:53 - 2017-01-18 11:36 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-04-12 10:53 - 2017-01-18 11:36 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-04-12 10:53 - 2017-01-18 11:36 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-04-12 10:53 - 2017-01-18 11:36 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-04-12 10:53 - 2017-01-18 11:36 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-04-12 10:53 - 2017-01-18 11:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-04-12 10:53 - 2017-01-18 11:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-04-12 10:53 - 2017-01-18 11:36 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-04-12 10:53 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-04-12 10:53 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-04-12 10:53 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-04-12 10:53 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-04-12 10:53 - 2017-01-18 11:36 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-04-12 10:53 - 2017-01-18 11:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-04-12 10:53 - 2017-01-18 11:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-04-12 10:53 - 2017-01-18 11:36 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-04-12 10:53 - 2017-01-18 11:36 - 00011608 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-04-12 10:53 - 2017-01-18 11:35 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-04-12 10:53 - 2017-01-18 11:35 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-04-12 10:53 - 2017-01-18 11:35 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-04-12 10:53 - 2017-01-18 11:35 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-04-12 10:53 - 2017-01-18 11:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-04-12 10:53 - 2017-01-18 11:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-04-12 10:53 - 2017-01-18 11:35 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-04-12 10:53 - 2017-01-18 11:35 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-04-12 10:53 - 2017-01-18 11:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-04-12 10:53 - 2017-01-18 11:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-04-12 10:53 - 2017-01-18 11:35 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-04-12 10:53 - 2017-01-18 11:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-04-12 10:53 - 2017-01-18 11:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-04-12 10:53 - 2017-01-18 11:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-04-12 10:53 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-04-12 10:53 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-04-12 10:53 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-04-12 10:53 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-04-12 10:53 - 2017-01-18 11:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-04-12 10:53 - 2017-01-18 11:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-04-12 10:53 - 2017-01-18 11:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-04-12 10:53 - 2017-01-18 11:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2017-04-12 10:53 - 2017-01-18 11:35 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-11 01:04 - 2017-03-20 21:18 - 00000000 ____D C:\Program Files\Bitdefender Antivirus Free
2017-05-11 01:04 - 2017-03-20 21:15 - 00000000 ____D C:\Program Files\Bitdefender Agent
2017-05-10 14:31 - 2009-07-14 00:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-05-10 14:31 - 2009-07-14 00:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-05-10 14:23 - 2017-02-07 06:13 - 00000000 ____D C:\Users\CommanderX\AppData\LocalLow\Mozilla
2017-05-09 20:56 - 2017-03-22 22:07 - 00000000 ____D C:\02017work
2017-05-08 20:30 - 2009-07-14 01:13 - 00754384 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-08 20:30 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2017-05-08 20:26 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-08 14:28 - 2016-07-24 16:35 - 00000000 ____D C:\PaintTool SAI English Pack
2017-05-07 16:33 - 2017-03-28 17:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-05-07 16:33 - 2015-06-28 14:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-06 17:57 - 2015-07-24 08:40 - 00000000 ____D C:\Users\CommanderX\AppData\Roaming\Audacity
2017-05-02 18:27 - 2015-06-11 17:58 - 00002159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-28 00:20 - 2015-06-11 17:57 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-28 00:20 - 2015-06-11 17:57 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-18 15:24 - 2015-06-28 12:50 - 00000000 ____D C:\Users\CommanderX\AppData\Roaming\vlc
2017-04-13 11:20 - 2015-06-11 13:29 - 00000000 ____D C:\Users\CommanderX\AppData\Local\Adobe
2017-04-13 11:19 - 2017-03-29 05:27 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-04-13 11:19 - 2017-03-29 05:27 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-04-13 11:19 - 2014-03-06 16:54 - 00000000 ____D C:\ProgramData\McAfee
2017-04-13 11:19 - 2014-03-06 16:42 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-04-13 11:19 - 2014-03-06 16:42 - 00000000 ____D C:\Windows\system32\Macromed
2017-04-13 06:46 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2017-04-12 14:31 - 2009-07-14 00:45 - 04937232 _____ C:\Windows\system32\FNTCACHE.DAT
2017-04-12 14:29 - 2015-06-11 20:16 - 00000000 ____D C:\Windows\system32\MRT
2017-04-12 14:27 - 2015-06-11 20:16 - 148601744 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-04-12 14:26 - 2011-02-10 10:33 - 00746506 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

==================== Files in the root of some directories =======

2015-06-24 16:39 - 2015-06-24 16:47 - 0000132 _____ () C:\Users\CommanderX\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-06-13 00:48 - 2015-06-26 08:18 - 0000132 _____ () C:\Users\CommanderX\AppData\Roaming\Adobe Targa Format CS5 Prefs
2015-06-28 14:50 - 2016-08-11 19:24 - 0000033 _____ () C:\Users\CommanderX\AppData\Roaming\AdobeWLCMCache.dat
2016-06-09 15:12 - 2016-06-09 15:12 - 0000059 _____ () C:\Users\CommanderX\AppData\Roaming\Camdata.ini
2016-06-09 15:12 - 2016-06-09 15:12 - 0000408 _____ () C:\Users\CommanderX\AppData\Roaming\CamLayout.ini
2016-06-09 15:12 - 2016-06-09 15:12 - 0000408 _____ () C:\Users\CommanderX\AppData\Roaming\CamShapes.ini
2016-06-09 15:12 - 2016-06-09 15:12 - 0004536 _____ () C:\Users\CommanderX\AppData\Roaming\CamStudio.cfg
2016-09-13 02:14 - 2016-09-13 02:14 - 0000112 _____ () C:\Users\CommanderX\AppData\Roaming\JP2K CS6 Prefs
2016-06-09 15:04 - 2016-06-09 15:04 - 0000096 _____ () C:\Users\CommanderX\AppData\Roaming\version2.xml
2015-08-12 01:21 - 2017-04-10 11:59 - 0001456 _____ () C:\Users\CommanderX\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-03-28 03:40 - 2017-03-28 03:40 - 0000036 _____ () C:\Users\CommanderX\AppData\Local\housecall.guid.cache
2015-06-24 17:11 - 2015-06-24 17:11 - 0000218 _____ () C:\Users\CommanderX\AppData\Local\recently-used.xbel
2017-03-26 18:48 - 2017-03-27 18:42 - 0007613 _____ () C:\Users\CommanderX\AppData\Local\resmon.resmoncfg
2015-12-22 13:26 - 2015-12-22 13:26 - 0000012 _____ () C:\ProgramData\.glInit02.dat
2017-03-20 21:15 - 2017-03-20 21:15 - 0047170 _____ () C:\ProgramData\agent.1490058912.bdinstall.bin
2017-04-01 00:00 - 2017-04-01 00:00 - 0029379 _____ () C:\ProgramData\agent.update.1491019229.bdinstall.bin
2016-02-01 10:48 - 2016-02-01 10:48 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-03-06 16:51 - 2014-03-06 16:51 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-03-28 12:02 - 2016-03-28 12:02 - 0004864 _____ () C:\ProgramData\oqztiqep.adk

Files to move or delete:
====================
C:\ProgramData\.glInit02.dat


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-05-03 16:33

==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:09:15 PM

Posted 11 May 2017 - 04:30 PM

Hello ferrouswheel

I'm Seedy21 and I will be helping you with your issues.

Please note the following information about the malware forum:
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by me
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • Please reply within 48 hours, if you are going to be away for longer please let us know or the topic will be closed for been inactive
  • If you are using Cracked or Illegal software your thread will be closed
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close.
Before I start I would highly advice you to back up as one of the error could show a possible Hard Drive failure.

Step 1


FRST.gif Fix with Farbar Recovery Scan Tool
 

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif


Press the WindowsKey.png + R on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire content of the codebox below and paste into the Notepad document:
    start
    CreateRestorePoint:
    CloseProcesses:
    GroupPolicyScripts-x32: Restriction <======= ATTENTION
    AlternateDataStreams: C:\Users\CommanderX\AppData\Local:CanMkP3cD0jnidMR75xgUUovX6wOLG [1998]
    AlternateDataStreams: C:\Users\CommanderX\AppData\Local\Application Data:CanMkP3cD0jnidMR75xgUUovX6wOLG [1998]
    AlternateDataStreams: C:\Users\CommanderX\AppData\Local\giCcRBOR:0ju8hSCy93HrSZ7vWSDyEGxOLr [1928]
    AlternateDataStreams: C:\Users\CommanderX\AppData\Local\Temp:JnQpHc44Un1E62Q54jHHzOqBp [2092]
    C:\ProgramData\.glInit02.dat
    EmptyTemp:
    end
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.

Step 2

Click on Start
Type sysdm.cpl in the search box and press <Enter>.
The User Account Control window will prompt for permission to run the program.
Click Continue .
The System Properties window appears.
Click the System Protection tab.
Please confirm if the C: Protection is turned on.


Step 3

Click on Start
Type cmd in the search box and press <Enter>.
Type chkdsk /f and press <Enter>.
If it asked to schudule on next start up type Y press <Enter>
You can now close down Command Prompt and restart your computer.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#3 ferrouswheel

ferrouswheel
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 12 May 2017 - 02:43 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 08-05-2017
Ran by CommanderX (12-05-2017 15:12:20) Run:1
Running from C:\Users\CommanderX\Downloads
Loaded Profiles: CommanderX (Available Profiles: CommanderX)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
GroupPolicyScripts-x32: Restriction <======= ATTENTION
AlternateDataStreams: C:\Users\CommanderX\AppData\Local:CanMkP3cD0jnidMR75xgUUovX6wOLG [1998]
AlternateDataStreams: C:\Users\CommanderX\AppData\Local\Application Data:CanMkP3cD0jnidMR75xgUUovX6wOLG [1998]
AlternateDataStreams: C:\Users\CommanderX\AppData\Local\giCcRBOR:0ju8hSCy93HrSZ7vWSDyEGxOLr [1928]
AlternateDataStreams: C:\Users\CommanderX\AppData\Local\Temp:JnQpHc44Un1E62Q54jHHzOqBp [2092]
C:\ProgramData\.glInit02.dat
EmptyTemp:
end
*****************

Error: (0) Failed to create a restore point.
Processes closed successfully.
C:\Windows\SysWOW64\GroupPolicy\Machine => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\Users\CommanderX\AppData\Local => ":CanMkP3cD0jnidMR75xgUUovX6wOLG" ADS removed successfully.
"C:\Users\CommanderX\AppData\Local\Application Data" => ":CanMkP3cD0jnidMR75xgUUovX6wOLG" ADS not found.
C:\Users\CommanderX\AppData\Local\giCcRBOR => ":0ju8hSCy93HrSZ7vWSDyEGxOLr" ADS removed successfully.
C:\Users\CommanderX\AppData\Local\Temp => ":JnQpHc44Un1E62Q54jHHzOqBp" ADS removed successfully.
C:\ProgramData\.glInit02.dat => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 6046731 B
Java, Flash, Steam htmlcache => 84720947 B
Windows/system/drivers => 67192504 B
Edge => 0 B
Chrome => 244315990 B
Firefox => 430449711 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 16802 B
systemprofile32 => 3224384 B
LocalService => 1633678 B
NetworkService => 26168 B
CommanderX => 39263362 B

RecycleBin => 0 B
EmptyTemp: => 844.3 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 15:16:28 ====

 

 

Protection for C: was NOT enabled. System protection was turned off. I clicked "Restore system settings and preview versions of files", but when I hit OK it brought up the following error message:

 

"There was an unexpected error in the property page:

 

The filename, directory name, or volume label syntax is incorrect. (0x8007007B)

 

Please close the property page and try again."

 

It wouldn't let me leave the Configure... menu until I hit Cancel instead, but then it started showing the protection as On for both "OS (C:) (System)" and "OS (C:) (Missing)".

 

Chkdsk is scheduled and I'm about to restart.



#4 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:09:15 PM

Posted 16 May 2017 - 03:02 AM

Hi ferrouswheel
 

 

Can I get an update on how you got on with running chkdsk command?

 

 

Thanks


“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#5 ferrouswheel

ferrouswheel
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 17 May 2017 - 02:53 PM

Chkdsk ran. It didn't find any bad sectors. I don't know where it stores the logs, if it makes any.



#6 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:09:15 PM

Posted 19 May 2017 - 02:04 AM

Hi Ferrouswheel
 
Let get another scan going :-
 
ZN3USrZ.png Emsisoft Emergency Kit

  • Click here to download Emsisoft Emergency Kit. The download will automatically start after a moment.
  • Save EmsisoftEmergencyKit.exe to your Desktop.
  • Double click on EmsisoftEmergencyKit.exe (Windows Vista/7/8 users: Accept UAC warning if it is enabled). A screen like this will appear:
    dQVDkTW.png
  • Leave everything as it is, then click Extract. This will unpack Emsisoft Emergency Kit to the EEK folder located in the root drive (usually C:\).
  • Once the extraction is done, an icon qwL1Upn.png will appear on your Desktop. Double click it to start Emsisoft Emergency Kit.
  • Wait for Emsisoft Emergency Kit to finish loading signatures. A screen like this should appear:
    yEgPemv.png
  • Choose Yes, then wait for EEK to finish updating.
  • Choose Malware Scan under the Scan button. When EEK asks to activate PUP detection, choose Yes.
  • Wait for the scan to finish.
    RUeRoi4.png
  • If EEK detects something, all detected items will be displayed. Place a checkmark before everything, then choose Quarantine Selected.
  • If Emsisoft Emergency Kit asks to reboot, please do so immediately.
  • The scan log is located in Logs -> Scan Logs. Click on the entry of the latest scan, choose Export and save the report on your Desktop.
    P7FSALs.png
  • Please Copy and Paste the contents of the scan log in your next reply.

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#7 ferrouswheel

ferrouswheel
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 19 May 2017 - 08:52 PM

Emsisoft Emergency Kit - Version 2017.4
Scan log

Date    Scan Method    Objects Scanned    Objects Detected    Duration    Type    Computer Name    
5/19/2017 9:41:27 PM    Malware    78734    0    0:03:21    Manual scan    THEDELL    
 



#8 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:09:15 PM

Posted 20 May 2017 - 04:38 AM

Hi ferrouswheel

 

I would like you to disable System Restore on the missing Drive.

 

Click on Start
Type sysdm.cpl in the search box and press <Enter>.
The User Account Control window will prompt for permission to run the program.
Click Continue .
The System Properties window appears.
Click the System Protection tab.

Click on "OS (C:) (Missing)" and then Click on Configure.

Click on the Radio Button next to Disable System Protection and Click OK.

Please restart your computer

 

 

 

Click on Start
Type sysdm.cpl in the search box and press <Enter>.
The User Account Control window will prompt for permission to run the program.
Click Continue .
The System Properties window appears.
Click the System Protection tab.

Click Create to manually create a Restore Point.

 

Please let me know how this goes.

 

Thanks


“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#9 ferrouswheel

ferrouswheel
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 20 May 2017 - 09:06 PM

The missing drive stopped showing up in the list after disabling protection, and the system restore point was created successfully.



#10 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:09:15 PM

Posted 21 May 2017 - 12:41 PM

Hi Ferrouswheel,

Can you please re-run FRST and ask it to do a scan. Please post the log it creates.

Can I also have an update on how your machine is performing

 

Thanks


“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#11 ferrouswheel

ferrouswheel
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 21 May 2017 - 11:56 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-05-2017
Ran by CommanderX (administrator) on THEDELL (22-05-2017 00:40:23)
Running from C:\Users\CommanderX\Downloads
Loaded Profiles: CommanderX (Available Profiles: CommanderX)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\WINDOWS\System32\wisptis.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Microsoft Corporation) C:\WINDOWS\System32\wisptis.exe
(Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\WINDOWS\System32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Graphic Tablet Company Shenzhen) C:\PenTabletDriver\TabletDriver.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsserv.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdagent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_25_0_0_148.exe
(Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_25_0_0_148.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems, Incorporated) C:\Program Files\Adobe\Adobe Photoshop CC 2017\Photoshop.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
() C:\Program Files\Adobe\Adobe Photoshop CC 2017\Required\Plug-Ins\Spaces\Adobe Spaces Helper.exe
() C:\Program Files\Adobe\Adobe Photoshop CC 2017\Required\Plug-Ins\Spaces\Adobe Spaces Helper.exe
(Node.js) C:\Program Files\Adobe\Adobe Photoshop CC 2017\node.exe
(The Audacity Team) C:\Program Files (x86)\Audacity\audacity.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7194840 2013-07-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-29] (Realtek Semiconductor)
HKLM\...\Run: [TabletDriver] => C:\PenTabletDriver\TabletDriver.exe [634240 2016-05-27] (Graphic Tablet Company Shenzhen)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [144696 2017-02-14] (Check Point Software Technologies Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [132736 2013-07-03] (Qualcomm®Atheros®)
HKU\S-1-5-21-1917758672-2090528760-177207987-1000\...\Run: [AdobeBridge] => [X]
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.114.81.1 75.114.81.2
Tcpip\..\Interfaces\{1E27137A-5792-416E-9FD4-D1C001093007}: [DhcpNameServer] 75.114.81.1 75.114.81.2

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-1917758672-2090528760-177207987-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-1917758672-2090528760-177207987-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKU\S-1-5-21-1917758672-2090528760-177207987-1000 -> DefaultScope {D942FF09-9F71-4BAE-AC16-B458961DB7A0} URL =
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2013-07-03] (Qualcomm®Atheros®)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-22] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-22] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: ejp08zjb.default
FF ProfilePath: C:\Users\CommanderX\AppData\Roaming\Mozilla\Firefox\Profiles\ejp08zjb.default [2017-05-22]
FF Keyword.URL: Mozilla\Firefox\Profiles\ejp08zjb.default -> hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF Extension: (FireShot) - C:\Users\CommanderX\AppData\Roaming\Mozilla\Firefox\Profiles\ejp08zjb.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2017-04-07]
FF Extension: (Adblock Plus) - C:\Users\CommanderX\AppData\Roaming\Mozilla\Firefox\Profiles\ejp08zjb.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-01-09]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll [2017-04-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-25] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-02] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-13] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1219160.dll [2015-07-23] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.4 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-25] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-02] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [No File]
FF Plugin HKU\S-1-5-21-1917758672-2090528760-177207987-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\CommanderX\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-18] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1917758672-2090528760-177207987-1000: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [No File]

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\CommanderX\AppData\Local\Google\Chrome\User Data\Default [2017-05-22]
CHR Extension: (Google Slides) - C:\Users\CommanderX\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-11]
CHR Extension: (Google Docs) - C:\Users\CommanderX\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-11]
CHR Extension: (Google Drive) - C:\Users\CommanderX\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\CommanderX\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\CommanderX\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Full Page Screen Capture) - C:\Users\CommanderX\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2017-01-08]
CHR Extension: (Google Sheets) - C:\Users\CommanderX\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-11]
CHR Extension: (Google Docs Offline) - C:\Users\CommanderX\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\CommanderX\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-04-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\CommanderX\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\CommanderX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-11]
CHR Extension: (Chrome Media Router) - C:\Users\CommanderX\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-14]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1295376 2016-07-01] (Autodesk Inc.)
S4 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-25] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [312448 2013-07-03] (Windows ® Win 7 DDK provider) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [14696 2013-07-30] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-25] (Intel Corporation)
S4 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S4 mi-raysat_3dsmax2016_64; C:\Program Files\Autodesk\3ds Max 2016\NVIDIA\Satellite\raysat_3dsmax2016_64server.exe [86016 2011-09-15] () [File not signed]
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1230824 2017-02-22] (Bitdefender)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-19] (Realtek Semiconductor)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 updatesrv; C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe [100392 2017-05-11] (Bitdefender)
S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [4076744 2017-02-14] (Check Point Software Technologies Ltd.)
R2 vsserv; C:\Program Files\Bitdefender Antivirus Free\vsserv.exe [100392 2017-05-11] (Bitdefender)
R2 vsservppl; C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe [100392 2017-05-11] (Bitdefender)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [315768 2016-08-05] (Western Digital Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-03-06] (Microsoft Corporation)
S3 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [114936 2016-11-01] (Check Point Software Technologies, Ltd.)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2013-06-21] (Atheros) [File not signed]
R2 ZoneAlarm ICM Service; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe [1037624 2017-02-14] (Check Point Software Technologies Ltd.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1612648 2017-05-11] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [878072 2016-09-20] (BitDefender)
R1 bdfwfpf; C:\Program Files\Bitdefender Antivirus Free\bdfwfpf.sys [127312 2016-02-22] (BitDefender LLC)
S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2013-07-03] (Qualcomm Atheros)
R3 edrsensor; C:\Windows\System32\DRIVERS\edrsensor.sys [370136 2017-05-11] (BitDefender S.R.L. Bucharest, ROMANIA)
R0 gzflt; C:\Windows\System32\drivers\gzflt.sys [182944 2016-10-29] (BitDefender LLC)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-07-24] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
R2 trufos; C:\Windows\System32\drivers\trufos.sys [520032 2016-06-22] (BitDefender S.R.L.)
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2014-03-06] (Microsoft Corporation) [File not signed]
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2014-03-06] (Microsoft Corporation) [File not signed]
R3 vmulti; C:\Windows\System32\DRIVERS\vmulti.sys [19504 2016-01-13] (Windows ® Win 7 DDK provider)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [461240 2017-03-16] (Check Point Software Technologies Ltd.)
S3 WDC_SAM; C:\Windows\System32\DRIVERS\wdcsam64_prewin8.sys [23200 2016-08-05] (Western Digital Technologies)
U1 aswbdisk; no ImagePath
U3 iswSvc; no ImagePath
S3 NPF; system32\drivers\NPF.sys [X]
S3 WacHidRouter; system32\DRIVERS\wachidrouter.sys [X]
S3 WacHidRouterPro; system32\DRIVERS\wachidrouter.sys [X]
S3 wacommousefilter; system32\DRIVERS\wacommousefilter.sys [X]
S3 wacomrouterfilter; system32\DRIVERS\wacomrouterfilter.sys [X]
S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-22 00:40 - 2017-05-22 00:40 - 00000000 ____D C:\Users\CommanderX\Downloads\FRST-OlderVersion
2017-05-19 21:38 - 2017-05-19 21:38 - 00000000 ____D C:\ProgramData\Emsisoft
2017-05-19 21:37 - 2017-05-19 21:50 - 00000000 ____D C:\EEK
2017-05-19 21:33 - 2017-05-19 21:36 - 314766176 _____ C:\Users\CommanderX\Downloads\EmsisoftEmergencyKit.exe
2017-05-14 20:57 - 2017-05-14 20:57 - 00680352 _____ C:\Users\CommanderX\AppData\LocalLow\wbkE9E8.tmp
2017-05-14 20:56 - 2017-05-14 20:56 - 02602492 _____ C:\Users\CommanderX\Downloads\manual.zip
2017-05-14 00:30 - 2017-05-14 20:57 - 00000000 ____D C:\Program Files\Construct 2
2017-05-14 00:30 - 2017-05-14 00:30 - 00000945 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Construct 2.lnk
2017-05-14 00:30 - 2017-05-14 00:30 - 00000849 _____ C:\Users\Public\Desktop\Construct 2.lnk
2017-05-14 00:30 - 2017-05-14 00:30 - 00000000 ____D C:\Users\CommanderX\AppData\Roaming\Construct2
2017-05-14 00:28 - 2017-05-14 00:28 - 60049624 _____ (Scirra ) C:\Users\CommanderX\Downloads\construct2-r244-setup.exe
2017-05-12 15:12 - 2017-05-12 15:16 - 00002287 _____ C:\Users\CommanderX\Downloads\Fixlog.txt
2017-05-11 01:05 - 2017-05-11 01:06 - 00049927 _____ C:\Users\CommanderX\Downloads\Addition.txt
2017-05-11 01:04 - 2017-05-22 00:40 - 00019834 _____ C:\Users\CommanderX\Downloads\FRST.txt
2017-05-11 01:03 - 2017-05-22 00:40 - 00000000 ____D C:\FRST
2017-05-11 00:35 - 2017-05-22 00:40 - 02429952 _____ (Farbar) C:\Users\CommanderX\Downloads\FRST64.exe
2017-05-10 14:30 - 2017-04-26 10:59 - 03220992 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-05-10 14:30 - 2017-04-17 11:37 - 02065408 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-05-10 14:30 - 2017-04-04 11:34 - 01895656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-05-10 14:29 - 2017-04-27 21:14 - 05547240 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-05-10 14:29 - 2017-04-27 21:14 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-05-10 14:29 - 2017-04-27 21:14 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-05-10 14:29 - 2017-04-27 21:14 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-05-10 14:29 - 2017-04-27 21:14 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-05-10 14:29 - 2017-04-27 21:11 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-05-10 14:29 - 2017-04-27 21:10 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-05-10 14:29 - 2017-04-27 21:10 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-05-10 14:29 - 2017-04-27 21:10 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-05-10 14:29 - 2017-04-27 21:10 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-05-10 14:29 - 2017-04-27 21:10 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-05-10 14:29 - 2017-04-27 21:10 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-05-10 14:29 - 2017-04-27 21:10 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-05-10 14:29 - 2017-04-27 21:10 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-05-10 14:29 - 2017-04-27 21:10 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-05-10 14:29 - 2017-04-27 21:10 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-05-10 14:29 - 2017-04-27 21:10 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-05-10 14:29 - 2017-04-27 21:10 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-05-10 14:29 - 2017-04-27 21:10 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-05-10 14:29 - 2017-04-27 21:10 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-05-10 14:29 - 2017-04-27 21:10 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-05-10 14:29 - 2017-04-27 21:10 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-05-10 14:29 - 2017-04-27 21:10 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-05-10 14:29 - 2017-04-27 21:10 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-05-10 14:29 - 2017-04-27 21:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-05-10 14:29 - 2017-04-27 21:10 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-05-10 14:29 - 2017-04-27 21:10 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-05-10 14:29 - 2017-04-27 21:10 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-05-10 14:29 - 2017-04-27 21:10 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-05-10 14:29 - 2017-04-27 21:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-05-10 14:29 - 2017-04-27 21:09 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-05-10 14:29 - 2017-04-27 21:09 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-05-10 14:29 - 2017-04-27 21:09 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-05-10 14:29 - 2017-04-27 21:09 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-05-10 14:29 - 2017-04-27 21:09 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-05-10 14:29 - 2017-04-27 21:09 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-05-10 14:29 - 2017-04-27 21:09 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-05-10 14:29 - 2017-04-27 21:09 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-05-10 14:29 - 2017-04-27 21:09 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-05-10 14:29 - 2017-04-27 21:09 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-05-10 14:29 - 2017-04-27 21:09 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-05-10 14:29 - 2017-04-27 21:09 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-05-10 14:29 - 2017-04-27 21:09 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-05-10 14:29 - 2017-04-27 21:09 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-05-10 14:29 - 2017-04-27 21:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-05-10 14:29 - 2017-04-27 21:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-05-10 14:29 - 2017-04-27 21:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-05-10 14:29 - 2017-04-27 21:09 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-05-10 14:29 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-05-10 14:29 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-05-10 14:29 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-05-10 14:29 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-05-10 14:29 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-05-10 14:29 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-05-10 14:29 - 2017-04-27 21:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-05-10 14:29 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-05-10 14:29 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-05-10 14:29 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-05-10 14:29 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-05-10 14:29 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-05-10 14:29 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-05-10 14:29 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-05-10 14:29 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-05-10 14:29 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-05-10 14:29 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-05-10 14:29 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-05-10 14:29 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-05-10 14:29 - 2017-04-27 21:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-05-10 14:29 - 2017-04-27 20:36 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-05-10 14:29 - 2017-04-27 20:36 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-05-10 14:29 - 2017-04-27 20:34 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-05-10 14:29 - 2017-04-27 20:32 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-05-10 14:29 - 2017-04-27 20:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-05-10 14:29 - 2017-04-27 20:32 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-05-10 14:29 - 2017-04-27 20:32 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-05-10 14:29 - 2017-04-27 20:32 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-05-10 14:29 - 2017-04-27 20:32 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-05-10 14:29 - 2017-04-27 20:32 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-05-10 14:29 - 2017-04-27 20:32 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-05-10 14:29 - 2017-04-27 20:32 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-05-10 14:29 - 2017-04-27 20:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-05-10 14:29 - 2017-04-27 20:32 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-05-10 14:29 - 2017-04-27 20:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-05-10 14:29 - 2017-04-27 20:32 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-05-10 14:29 - 2017-04-27 20:32 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-05-10 14:29 - 2017-04-27 20:32 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-05-10 14:29 - 2017-04-27 20:32 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-05-10 14:29 - 2017-04-27 20:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-05-10 14:29 - 2017-04-27 20:32 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-05-10 14:29 - 2017-04-27 20:32 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-05-10 14:29 - 2017-04-27 20:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-05-10 14:29 - 2017-04-27 20:32 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-05-10 14:29 - 2017-04-27 20:32 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-05-10 14:29 - 2017-04-27 20:32 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-05-10 14:29 - 2017-04-27 20:32 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-05-10 14:29 - 2017-04-27 20:32 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-05-10 14:29 - 2017-04-27 20:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-05-10 14:29 - 2017-04-27 20:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-05-10 14:29 - 2017-04-27 20:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-05-10 14:29 - 2017-04-27 20:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-05-10 14:29 - 2017-04-27 20:32 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-05-10 14:29 - 2017-04-27 20:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-05-10 14:29 - 2017-04-27 20:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-05-10 14:29 - 2017-04-27 20:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-05-10 14:29 - 2017-04-27 20:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-05-10 14:29 - 2017-04-27 20:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-05-10 14:29 - 2017-04-27 20:32 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-05-10 14:29 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-05-10 14:29 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-05-10 14:29 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-05-10 14:29 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-05-10 14:29 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-05-10 14:29 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-05-10 14:29 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-05-10 14:29 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-05-10 14:29 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-05-10 14:29 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-05-10 14:29 - 2017-04-27 20:32 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-05-10 14:29 - 2017-04-27 20:19 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-05-10 14:29 - 2017-04-27 20:19 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-05-10 14:29 - 2017-04-27 20:19 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-05-10 14:29 - 2017-04-27 20:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-05-10 14:29 - 2017-04-27 20:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-05-10 14:29 - 2017-04-27 20:14 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-05-10 14:29 - 2017-04-27 20:12 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-05-10 14:29 - 2017-04-27 20:11 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-05-10 14:29 - 2017-04-27 20:11 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-05-10 14:29 - 2017-04-27 20:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-05-10 14:29 - 2017-04-27 20:10 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-05-10 14:29 - 2017-04-27 20:10 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-05-10 14:29 - 2017-04-27 20:08 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-05-10 14:29 - 2017-04-27 20:08 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-05-10 14:29 - 2017-04-27 20:08 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-05-10 14:29 - 2017-04-27 20:08 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-05-10 14:29 - 2017-04-27 20:07 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-05-10 14:29 - 2017-04-27 20:07 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-05-10 14:29 - 2017-04-27 20:07 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-05-10 14:29 - 2017-04-27 20:07 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-05-10 14:29 - 2017-04-27 20:07 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-05-10 14:29 - 2017-04-21 11:34 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2017-05-10 14:29 - 2017-04-21 11:15 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2017-05-10 14:29 - 2017-04-17 11:37 - 00876544 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2017-05-10 14:29 - 2017-04-17 11:37 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2017-05-10 14:29 - 2017-04-17 11:37 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2017-05-10 14:29 - 2017-04-17 11:37 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2017-05-10 14:29 - 2017-04-17 11:12 - 01417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-05-10 14:29 - 2017-04-17 11:12 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2017-05-10 14:29 - 2017-04-17 11:12 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2017-05-10 14:29 - 2017-04-17 10:54 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2017-05-10 14:29 - 2017-04-12 11:32 - 01483776 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2017-05-10 14:29 - 2017-04-12 11:32 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2017-05-10 14:29 - 2017-04-12 11:32 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2017-05-10 14:29 - 2017-04-12 11:32 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2017-05-10 14:29 - 2017-04-12 11:26 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2017-05-10 14:29 - 2017-04-12 11:25 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2017-05-10 14:29 - 2017-04-12 11:25 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2017-05-10 14:29 - 2017-04-12 11:25 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2017-05-10 14:29 - 2017-04-07 11:34 - 00986856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-05-10 14:29 - 2017-04-07 11:34 - 00265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-05-10 14:29 - 2017-04-07 11:30 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-05-10 14:29 - 2017-04-07 11:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-05-10 14:29 - 2017-04-07 11:22 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-05-10 14:29 - 2017-04-05 10:55 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-05-10 14:29 - 2017-04-05 10:55 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-05-10 14:29 - 2017-04-05 10:55 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-05-10 14:29 - 2017-04-04 11:34 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-05-10 14:29 - 2017-04-04 11:34 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2017-05-10 14:29 - 2017-04-04 10:53 - 00496128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2017-05-10 14:29 - 2017-04-04 10:53 - 00117760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-05-10 14:29 - 2017-03-10 12:32 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\pla.dll
2017-05-10 14:29 - 2017-03-10 12:32 - 00300544 _____ (Microsoft Corporation) C:\Windows\system32\pdh.dll
2017-05-10 14:29 - 2017-03-10 12:20 - 01508352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pla.dll
2017-05-10 14:29 - 2017-03-10 12:20 - 00237056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdh.dll
2017-05-10 14:29 - 2017-03-10 11:57 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\plasrv.exe
2017-05-10 14:29 - 2017-03-10 11:55 - 00205312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2017-05-10 14:29 - 2017-03-10 11:55 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys
2017-05-10 14:29 - 2017-03-09 12:34 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-05-10 14:29 - 2017-03-09 12:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-22 00:40 - 2017-03-20 21:18 - 00000000 ____D C:\Program Files\Bitdefender Antivirus Free
2017-05-22 00:26 - 2017-03-20 21:15 - 00000000 ____D C:\Program Files\Bitdefender Agent
2017-05-21 10:35 - 2015-07-24 08:40 - 00000000 ____D C:\Users\CommanderX\AppData\Roaming\Audacity
2017-05-20 22:05 - 2009-07-14 00:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-05-20 22:05 - 2009-07-14 00:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-05-20 22:03 - 2009-07-14 01:13 - 00784198 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-20 22:03 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2017-05-20 21:58 - 2017-02-07 06:13 - 00000000 ____D C:\Users\CommanderX\AppData\LocalLow\Mozilla
2017-05-20 21:57 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-20 21:52 - 2017-03-28 17:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-05-20 21:52 - 2015-06-28 14:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-15 20:58 - 2015-06-11 17:58 - 00002159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-14 00:49 - 2017-03-22 22:07 - 00000000 ____D C:\02017work
2017-05-12 18:23 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2017-05-12 15:23 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-05-12 15:12 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2017-05-11 12:31 - 2017-03-20 21:30 - 01612648 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2017-05-11 12:31 - 2017-03-20 21:30 - 00370136 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\Windows\system32\Drivers\edrsensor.sys
2017-05-11 03:09 - 2009-07-14 00:45 - 04937232 _____ C:\Windows\system32\FNTCACHE.DAT
2017-05-11 03:05 - 2011-02-10 10:33 - 00746506 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-05-11 03:03 - 2015-06-11 20:16 - 00000000 ____D C:\Windows\system32\MRT
2017-05-11 03:00 - 2015-06-11 20:16 - 156335152 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-05-08 14:28 - 2016-07-24 16:35 - 00000000 ____D C:\PaintTool SAI English Pack
2017-04-28 00:20 - 2015-06-11 17:57 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-28 00:20 - 2015-06-11 17:57 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Files in the root of some directories =======

2015-06-24 16:39 - 2015-06-24 16:47 - 0000132 _____ () C:\Users\CommanderX\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-06-13 00:48 - 2015-06-26 08:18 - 0000132 _____ () C:\Users\CommanderX\AppData\Roaming\Adobe Targa Format CS5 Prefs
2015-06-28 14:50 - 2016-08-11 19:24 - 0000033 _____ () C:\Users\CommanderX\AppData\Roaming\AdobeWLCMCache.dat
2016-06-09 15:12 - 2016-06-09 15:12 - 0000059 _____ () C:\Users\CommanderX\AppData\Roaming\Camdata.ini
2016-06-09 15:12 - 2016-06-09 15:12 - 0000408 _____ () C:\Users\CommanderX\AppData\Roaming\CamLayout.ini
2016-06-09 15:12 - 2016-06-09 15:12 - 0000408 _____ () C:\Users\CommanderX\AppData\Roaming\CamShapes.ini
2016-06-09 15:12 - 2016-06-09 15:12 - 0004536 _____ () C:\Users\CommanderX\AppData\Roaming\CamStudio.cfg
2016-09-13 02:14 - 2016-09-13 02:14 - 0000112 _____ () C:\Users\CommanderX\AppData\Roaming\JP2K CS6 Prefs
2016-06-09 15:04 - 2016-06-09 15:04 - 0000096 _____ () C:\Users\CommanderX\AppData\Roaming\version2.xml
2015-08-12 01:21 - 2017-04-10 11:59 - 0001456 _____ () C:\Users\CommanderX\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-03-28 03:40 - 2017-03-28 03:40 - 0000036 _____ () C:\Users\CommanderX\AppData\Local\housecall.guid.cache
2015-06-24 17:11 - 2015-06-24 17:11 - 0000218 _____ () C:\Users\CommanderX\AppData\Local\recently-used.xbel
2017-03-26 18:48 - 2017-03-27 18:42 - 0007613 _____ () C:\Users\CommanderX\AppData\Local\resmon.resmoncfg
2017-03-20 21:15 - 2017-03-20 21:15 - 0047170 _____ () C:\ProgramData\agent.1490058912.bdinstall.bin
2017-04-01 00:00 - 2017-04-01 00:00 - 0029379 _____ () C:\ProgramData\agent.update.1491019229.bdinstall.bin
2016-02-01 10:48 - 2016-02-01 10:48 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-03-06 16:51 - 2014-03-06 16:51 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-03-28 12:02 - 2016-03-28 12:02 - 0004864 _____ () C:\ProgramData\oqztiqep.adk

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-05-13 00:13

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-05-2017
Ran by CommanderX (22-05-2017 00:41:24)
Running from C:\Users\CommanderX\Downloads
Windows 7 Professional Service Pack 1 (X64) (2015-06-10 22:13:20)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1917758672-2090528760-177207987-500 - Administrator - Disabled)
CommanderX (S-1-5-21-1917758672-2090528760-177207987-1000 - Administrator - Enabled) => C:\Users\CommanderX
Guest (S-1-5-21-1917758672-2090528760-177207987-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1917758672-2090528760-177207987-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Antivirus Free Antimalware (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe After Effects CC 2017 (HKLM-x32\...\AEFT_14_1_0) (Version: 14.1.0 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Animate CC 2017 (HKLM-x32\...\FLPR_16_2) (Version: 16.2 - Adobe Systems Incorporated)
Adobe Audition CC 2017 (HKLM-x32\...\AUDT_10_0_2) (Version: 10.0.2 - Adobe Systems Incorporated)
Adobe Bridge CC 2017 (HKLM-x32\...\KBRG_7_0) (Version: 7.0 - Adobe Systems Incorporated)
Adobe Character Animator CC (Beta) (HKLM-x32\...\ANMLBETA_1_0_5) (Version: 1.0.5 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.1.335 - Adobe Systems Incorporated)
Adobe Extension Manager CC (HKLM-x32\...\{244FD30F-63F1-49B9-9D98-1150FF4FFCB1}) (Version: 7.3.2 - Adobe Systems Incorporated)
Adobe Extension Manager CS6 (HKLM-x32\...\{83463106-DD1C-4FE5-A61C-DF6715472AD4}) (Version: 6.0.8 - Adobe Systems Incorporated)
Adobe Flash Builder 4.7 (64 Bit) (HKLM-x32\...\{848DE8E1-521D-4748-A158-517708107EF3}) (Version: 4.7 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Adobe Flash Professional CS6 (HKLM-x32\...\{BD5669B5-49FF-4490-B956-E9D7CB9B0ADC}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Fuse CC (Preview) (HKLM-x32\...\{06F1F289-ACFE-43A2-A654-7950079D6685}) (Version: 1.0 - Adobe Systems Incorporated)
Adobe Gaming SDK 1.4 (HKLM-x32\...\{2316BC3C-61AD-4289-8702-9DF0DFCA08ED}) (Version: 1.4 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2017 (HKLM-x32\...\AME_11_0_0) (Version: 11.0.0 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Muse CC 2017 (HKLM-x32\...\MUSE_2017_0_0) (Version: 2017.0.0.149 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_0_1) (Version: 18.0.1 - Adobe Systems Incorporated)
Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Prelude CC 2017 (HKLM-x32\...\PRLD_6_0_1) (Version: 6.0.1 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2017 (HKLM-x32\...\PPRO_11_0_2) (Version: 11.0.2 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.9.160 - Adobe Systems, Inc.)
Adventure Game Studio 3.4.0 P3 (HKLM-x32\...\c57ecb2e-4390-4154-b3b7-e9f5816f6edd_is1) (Version: 3.4.0.15 - AGS Project Team)
Akamai NetSession Interface (HKU\S-1-5-21-1917758672-2090528760-177207987-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
ArtRage Lite (HKLM-x32\...\ArtRage Lite 4.5.5) (Version: 4.5.5 - Ambient Design)
ArtRage Lite (Version: 4.5.5 - Ambient Design) Hidden
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Autodesk 3ds Max 2016 (HKLM\...\Autodesk 3ds Max 2016) (Version: 18.6.667.0 - Autodesk)
Autodesk 3ds Max 2016 (Version: 18.6.667.0 - Autodesk) Hidden
Autodesk 3ds Max 2016 HF1 (Version: 18.6.667.0 - Autodesk) Hidden
Autodesk 3ds Max 2016 HF2 (Version: 18.6.667.0 - Autodesk) Hidden
Autodesk 3ds Max 2016 Populate Data (HKLM\...\{57E92DED-DC7C-41E5-B9E1-76D83BD2EABE}) (Version: 18.0.0.0 - Autodesk)
Autodesk 3ds Max 2016 SP1 (Version: 18.6.667.0 - Autodesk) Hidden
Autodesk 3ds Max 2016 SP1.1 (Version: 18.6.667.0 - Autodesk) Hidden
Autodesk 3ds Max 2016 SP2 (HKLM\...\Autodesk 3ds Max 2016 SP2.1) (Version: 18.6.667.0 - Autodesk)
Autodesk 3ds Max 2016 SP2 (Version: 18.6.667.0 - Autodesk) Hidden
Autodesk 3ds Max 2017 (HKLM\...\Autodesk 3ds Max 2017) (Version: 19.0.1072.0 - Autodesk)
Autodesk 3ds Max 2017 (Version: 19.0.1072.0 - Autodesk) Hidden
Autodesk 3ds Max 2017 Populate Data (HKLM\...\{2B07E17E-A072-43BD-9DCC-369B56C16698}) (Version: 19.0.0.0 - Autodesk)
Autodesk Advanced Material Library Image Library 2016 (HKLM-x32\...\{94AD53E7-493B-4291-8714-7A3B761D2783}) (Version: 6.3.0.19 - Autodesk)
Autodesk Advanced Material Library Image Library 2017 (HKLM-x32\...\{8ED2ED41-4455-449D-993C-751C039089B9}) (Version: 15.11.3.0 - Autodesk)
Autodesk Desktop App (HKLM-x32\...\Autodesk Desktop App) (Version: 6.2.0.174 - Autodesk)
Autodesk License Service (x64) - 3.1 (HKLM\...\{EB6FE58F-8576-4272-BB9C-6B47D9EDFA4D}) (Version: 3.1.26.0 - Autodesk)
Autodesk Material Library 2016 (HKLM-x32\...\{29A7D6EC-63C2-42FD-8143-5812ABD2923F}) (Version: 6.3.0.19 - Autodesk)
Autodesk Material Library 2017 (HKLM-x32\...\{8FB9F735-D64C-4991-8D91-4CDDAB1ABDEE}) (Version: 15.11.3.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2016 (HKLM-x32\...\{6B4CFC6E-ECB0-47FE-95D3-65C680ED0687}) (Version: 6.3.0.19 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2017 (HKLM-x32\...\{3FBFBC43-9882-43FA-B979-2D53896747B3}) (Version: 15.11.3.0 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2016 (HKLM-x32\...\{415A5A54-325E-4815-9940-62A889CA3877}) (Version: 6.3.0.19 - Autodesk)
Autodesk Material Library Medium Resolution Image Library 2017 (HKLM-x32\...\{CB6E007E-701D-42CD-AF0E-4BE9C36C7F7C}) (Version: 15.11.3.0 - Autodesk)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version:  - Bandisoft.com)
Behaviors SDK (Windows Phone) for Visual Studio 2013 (x32 Version: 12.0.50716.0 - Microsoft Corporation) Hidden
Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.50429.0 - Microsoft Corporation) Hidden
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 1.0.1 - Bitdefender)
Bitdefender Antivirus Free (HKLM\...\{1FCCF41D-5F00-4FE2-9653-162D0486C8B4}) (Version: 1.0.6.12 - Bitdefender)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Blender (HKLM\...\{47A0EA10-D506-4473-AE99-5E07DD1062DE}) (Version: 2.77.1 - Blender Foundation)
Build Tools - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Construct 2 r244 (HKLM\...\Construct 2_is1) (Version: 1.0.244.0 - Scirra)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Entity Framework 6.1.1 Tools  for Visual Studio 2013 (HKLM-x32\...\{85253F13-EE42-4850-A3A5-79B90E92D7AC}) (Version: 12.0.30610.0 - Microsoft Corporation)
Epic Games Launcher (HKLM-x32\...\{23073CBA-4A21-464F-9874-0FF6B7727C7C}) (Version: 1.1.77.0 - Epic Games, Inc.)
EPUB File Reader (HKLM-x32\...\{818C5857-5C74-4CAC-9F43-E5597086852D}_is1) (Version:  - epubfilereader.com)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
eSpeak version 1.48.04 (HKLM-x32\...\eSpeak_is1) (Version:  - )
FastStone Capture 8.4 (HKLM-x32\...\FastStone Capture) (Version: 8.4 - FastStone Soft)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version:  - Image-Line)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
HP Deskjet 3050 J610 series Basic Device Software (HKLM\...\{6457BD83-98CF-4267-93D7-F173FF3E7C25}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
Icecream Screen Recorder version 3.67 (HKLM-x32\...\{7ADEC622-3230-4C9A-9DCE-9BD462B74095}_is1) (Version: 3.67 - Icecream Apps)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3272 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.7.3.1001 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Launcher Prerequisites (x64) (x32 Version: 1.0.0.0 - Epic Games, Inc.) Hidden
LocalESPC (x32 Version: 8.59.29989 - Microsoft Corporation) Hidden
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.6 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB  (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.41012.0) (HKLM-x32\...\{AC8E0CF4-42A1-4151-B684-97CF6FD726CF}) (Version: 12.0.41012.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{8C06D6DB-A391-4686-B050-99CC522A7843}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{4AEB505C-95E1-4964-9B64-8D27F3186D30}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual Studio Express 2013 for Windows Desktop - ENU with Update 4 (HKLM-x32\...\{b8a9dbc1-1fd4-4103-a83b-a2896f193ea0}) (Version: 12.0.31101.0 - Microsoft Corporation)
Mixxx 2.0.0 (64-bit) (HKLM-x32\...\Mixxx (2.0.0)) (Version: 2.0.0 - The Mixxx Development Team)
Mozilla Firefox 53.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 53.0.3 (x86 en-US)) (Version: 53.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 53.0.3.6347 - Mozilla)
Native Instruments Massive (HKLM-x32\...\Native Instruments Massive) (Version:  - )
NVIDIA mental ray and IRay feature plugins for 3ds Max 2017 (HKLM\...\{6ABEC32F-B90F-4499-B3A3-FF8A00948178}) (Version: 19.0.0.0 - Autodesk)
NVIDIA Photoshop Plug-ins 64 bit (HKLM-x32\...\{5E386C5B-CDE7-435A-B5C9-EC73A1B0553A}) (Version: 8.50 - )
OpenRL Runtime 1.3.1000.14 x64 (HKLM\...\{250C8D22-1757-11E3-818E-1803734DBB4F}) (Version: 1.3.1000.14 - Caustic Graphics, Inc.)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
PowreShellIntegration.Notifications (x32 Version: 2.5.21003.1603 - Microsoft Corporation) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Python Tools Redirection Template (x32 Version: 1.1 - Microsoft Corporation) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.230 - Qualcomm Atheros Communications)
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7004 - Realtek Semiconductor Corp.)
Sculptris Alpha 6 (HKLM-x32\...\Sculptris Alpha 6 Alpha 6) (Version: Alpha 6 - Pixologic)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Silo 2 (HKLM-x32\...\Silo 2) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stella 4.7.3 (HKLM-x32\...\Stella_is1) (Version:  - The Stella Team)
Stencyl (HKLM-x32\...\Stencyl) (Version: /root/.jenkins/jobs/Stencyl-Windows/workspace/build - Stencyl, LLC)
SuperWave P8 (HKLM-x32\...\{B681D0E8-6676-4AB9-846F-38CA5E0B5412}) (Version: 2.4 - SuperWave)
Swivel (HKLM-x32\...\Swivel) (Version: 1.11 - Newgrounds.com, Inc.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Team Fortress 2 (HKLM\...\Steam App 440) (Version:  - Valve)
The Secret of Monkey Island: Special Edition (HKLM\...\Steam App 32360) (Version:  - LucasArts)
TypeScript Power Tool (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2013 (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden
UE4 Prerequisites (x64) (Version: 1.0.10.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (x32 Version: 1.0.12.0 - Epic Games, Inc.) Hidden
UninstallTabletDeviceDriver (HKLM\...\{39089688-F09E-4DAD-8C80-647D3DF68630}_is1) (Version: 12.2.17 - )
Unity Web Player (HKU\S-1-5-21-1917758672-2090528760-177207987-1000\...\UnityWebPlayer) (Version: 5.1.3f1 - Unity Technologies ApS)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Visual Pinball (HKLM-x32\...\{B36C4994-A563-4339-8754-CCCE51314A4C}) (Version: 0.0.4.1226 - Randy Davis)
Visual Studio 2013 Update 4 (KB2829760) (HKLM-x32\...\{53d408db-eb91-43fb-9d8f-167681c19763}) (Version: 12.0.31101 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VS Update core components (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
WD Drive Utilities (HKLM-x32\...\{7c73600b-2542-4641-a960-74bed274be03}) (Version: 1.4.0.92 - Western Digital Technologies, Inc.)
WD Drive Utilities (x32 Version: 1.4.0.92 - Western Digital Technologies, Inc.) Hidden
Windows Driver Package - Graphics Tablet (WinUsb) USBDevice  (04/10/2014 8.33.30.0) (HKLM\...\142118DF51345EA02D2B1583E102C8FB95FD6D52) (Version: 04/10/2014 8.33.30.0 - Graphics Tablet)
Windward Studios Page 2 Stage 1.02 (HKLM-x32\...\Page 2 Stage) (Version:  - )
WinRAR 5.30 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
xNormal 3.19.1 (HKLM\...\xNormal 3.19.1) (Version:  - S.Orgaz)
xNormal 3.19.2 (HKLM\...\xNormal 3.19.2) (Version:  - S.Orgaz)
ZBrush 4R7 (HKLM-x32\...\ZBrush 4R7 4R7) (Version: 4R7 - Pixologic)
ZoneAlarm Firewall (x32 Version: 15.0.653.17211 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 15.0.653.17211 - Check Point)
ZoneAlarm Security (x32 Version: 15.0.653.17211 - Check Point Software Technologies Ltd.) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1917758672-2090528760-177207987-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {22C7396D-C2A9-4608-9D52-0639353693FC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-11] (Google Inc.)
Task: {4F7299BE-114A-492E-8C7E-97FAA6378A6A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-03-03] (Piriform Ltd)
Task: {72432109-18B2-483F-ACE6-94D5A4683C8A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-11] (Google Inc.)
Task: {A2394903-E2FF-40C5-95F8-CFFFE4438749} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2017-02-02] (Bitdefender)
Task: {DFBE5829-5FF4-47E1-BAC4-B2254C2FAA4B} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-10-25 10:57 - 2016-10-25 10:57 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2013-07-03 00:51 - 2013-07-03 00:51 - 00086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll
2017-03-20 21:30 - 2016-04-16 21:07 - 00280576 _____ () C:\Program Files\Bitdefender Antivirus Free\txmlutil.dll
2017-03-20 21:30 - 2017-02-07 12:29 - 01008448 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_000_000\ashttpbr.mdl
2017-03-20 21:30 - 2017-02-07 12:29 - 00541952 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_000_000\ashttpdsp.mdl
2017-03-20 21:30 - 2017-02-07 12:29 - 03243920 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_000_000\ashttpph.mdl
2017-03-20 21:30 - 2017-02-07 12:29 - 01544568 _____ () C:\Program Files\Bitdefender Antivirus Free\Signatures\OTEngines\OTEngines_000_000\ashttprbl.mdl
2016-11-30 03:06 - 2016-11-30 03:06 - 00545896 _____ () C:\Program Files\Adobe\Adobe Photoshop CC 2017\manta.dll
2016-11-30 03:06 - 2016-11-30 03:06 - 18503272 _____ () C:\Program Files\Adobe\Adobe Photoshop CC 2017\mona.dll
2016-11-30 03:06 - 2016-11-30 03:06 - 00093800 _____ () C:\Program Files\Adobe\Adobe Photoshop CC 2017\libglog.dll
2016-11-30 03:06 - 2016-11-30 03:06 - 02544232 _____ () C:\Program Files\Adobe\Adobe Photoshop CC 2017\opencv_core249.dll
2016-11-30 03:06 - 2016-11-30 03:06 - 02199656 _____ () C:\Program Files\Adobe\Adobe Photoshop CC 2017\opencv_imgproc249.dll
2016-11-30 03:08 - 2016-11-30 03:08 - 69857896 _____ () C:\Program Files\Adobe\Adobe Photoshop CC 2017\Required\Plug-Ins\Spaces\libcef.dll
2016-11-30 03:06 - 2016-11-30 03:06 - 01861224 _____ () C:\Program Files\Adobe\Adobe Photoshop CC 2017\aif.dll
2014-03-06 18:16 - 2013-08-08 11:45 - 24283136 _____ () C:\Windows\system32\igdfcl64.dll
2016-11-30 03:08 - 2016-11-30 03:08 - 01181800 _____ () C:\Program Files\Adobe\Adobe Photoshop CC 2017\Required\Plug-Ins\Spaces\Adobe Spaces Helper.exe
2016-11-30 03:08 - 2016-11-30 03:08 - 02474088 _____ () C:\Program Files\Adobe\Adobe Photoshop CC 2017\Required\Plug-Ins\Spaces\libglesv2.dll
2016-11-30 03:08 - 2016-11-30 03:08 - 00094824 _____ () C:\Program Files\Adobe\Adobe Photoshop CC 2017\Required\Plug-Ins\Spaces\libegl.dll
2014-03-06 16:45 - 2013-09-04 09:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2017-04-13 11:19 - 2017-04-13 11:19 - 19700312 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\CommanderX\Cookies:vcHUM3i0hFicI17PXSEc3wGB [2194]
AlternateDataStreams: C:\Users\CommanderX\Downloads\AdobeCreativeCloudCleanerTool.exe:BDU [0]
AlternateDataStreams: C:\Users\CommanderX\Downloads\AdwCleaner.exe:BDU [0]
AlternateDataStreams: C:\Users\CommanderX\Downloads\ccsetup528.exe:BDU [0]
AlternateDataStreams: C:\Users\CommanderX\Downloads\ComboFix.exe:BDU [0]
AlternateDataStreams: C:\Users\CommanderX\Downloads\construct2-r244-setup.exe:BDU [0]
AlternateDataStreams: C:\Users\CommanderX\Downloads\EmsisoftEmergencyKit.exe:BDU [0]
AlternateDataStreams: C:\Users\CommanderX\Downloads\esetonlinescanner_enu.exe:BDU [0]
AlternateDataStreams: C:\Users\CommanderX\Downloads\HousecallLauncher64.exe:BDU [0]
AlternateDataStreams: C:\Users\CommanderX\Downloads\JRT.exe:BDU [0]
AlternateDataStreams: C:\Users\CommanderX\Downloads\mb3-setup-1878.1878-3.0.6.1469-1075.exe:BDU [0]
AlternateDataStreams: C:\Users\CommanderX\Downloads\MiniToolBox.exe:BDU [0]
AlternateDataStreams: C:\Users\CommanderX\Downloads\SpywareTerminatorSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\CommanderX\Downloads\Stencyl-full.exe:BDU [0]
AlternateDataStreams: C:\Users\CommanderX\Downloads\tdsskiller.exe:BDU [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7931 more sites.

IE restricted site: HKU\S-1-5-21-1917758672-2090528760-177207987-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1917758672-2090528760-177207987-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1917758672-2090528760-177207987-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1917758672-2090528760-177207987-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1917758672-2090528760-177207987-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1917758672-2090528760-177207987-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1917758672-2090528760-177207987-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1917758672-2090528760-177207987-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1917758672-2090528760-177207987-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1917758672-2090528760-177207987-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1917758672-2090528760-177207987-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1917758672-2090528760-177207987-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1917758672-2090528760-177207987-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1917758672-2090528760-177207987-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1917758672-2090528760-177207987-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1917758672-2090528760-177207987-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1917758672-2090528760-177207987-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1917758672-2090528760-177207987-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1917758672-2090528760-177207987-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1917758672-2090528760-177207987-1000\...\123simsen.com -> www.123simsen.com

There are 7931 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1917758672-2090528760-177207987-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 75.114.81.1 - 75.114.81.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdAppMgrSvc => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AdobeUpdateService => 2
MSCONFIG\Services: AERTFilters => 2
MSCONFIG\Services: AxInstSV => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: FlexNet Licensing Service 64 => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HomeGroupListener => 3
MSCONFIG\Services: HomeGroupProvider => 3
MSCONFIG\Services: MBAMService => 3
MSCONFIG\Services: mi-raysat_3dsmax2016_64 => 3
MSCONFIG\Services: TabletInputService => 2
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\startupfolder: C:^Users^CommanderX^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk => C:\Windows\pss\Logitech . Product Registration.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: ADSKAppManager => "C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe" -showminimized -checkautorun
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\CommanderX\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Autodesk Desktop App => "C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe" -tray
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: DriveUtilitiesHelper => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
MSCONFIG\startupreg: IAStorIcon => "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
MSCONFIG\startupreg: Icecream_Screen_Recorder_Prefetcher => C:\Program Files (x86)\Icecream Screen Recorder\recorder.exe -prefetch
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RtHDVBg_PushButton => "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /IM
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SpybotPostWindows10UpgradeReInstall => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [RemoteAssistance-PnrpSvc-UDP-In-EdgeScope-Active] => (Block) %systemroot%\system32\svchost.exe
FirewallRules: [RemoteAssistance-SSDPSrv-In-TCP-Active] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteAssistance-SSDPSrv-In-UDP-Active] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteAssistance-In-TCP-EdgeScope-Active] => (Block) %SystemRoot%\system32\msra.exe
FirewallRules: [RemoteAssistance-DCOM-In-TCP-NoScope-Active] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteAssistance-RAServer-In-TCP-NoScope-Active] => (Block) %SystemRoot%\system32\raserver.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{990BDE35-56DE-4569-B92A-BE9133EE1D36}] => (Block) %SystemRoot%\system32\msra.exe
FirewallRules: [{7B862594-0D72-4157-A2CB-84913C099038}] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [{319EB001-A12A-4FF7-9686-7EFF9152D38D}] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [{986A630C-41B5-4C83-9459-7D2462E14002}] => (Block) %systemroot%\system32\svchost.exe
FirewallRules: [{531A3884-E2CC-4E11-A54D-0371D1DB5825}] => (Allow) C:\Program Files\Autodesk\3ds Max 2016\NVIDIA\Satellite\raysat_3dsmax2016_64server.exe
FirewallRules: [{E7B3E275-2973-4A3F-851E-B6EB7CFA5880}] => (Allow) C:\Program Files\Autodesk\3ds Max 2016\NVIDIA\Satellite\raysat_3dsmax2016_64server.exe
FirewallRules: [{6F99E17C-65EB-4D87-9D68-1F22C69DC196}] => (Allow) C:\Program Files\Autodesk\3ds Max 2016\NVIDIA\Satellite\raysat_3dsmax2016_64.exe
FirewallRules: [{9218613B-9EE5-4674-997A-441D3BA4194B}] => (Allow) C:\Program Files\Autodesk\3ds Max 2016\NVIDIA\Satellite\raysat_3dsmax2016_64.exe
FirewallRules: [{1BE540E0-4070-499A-AEAE-54475B1BDD11}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{ED760DA2-F933-4821-AE62-AFFEFFB4F900}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F96B008E-BDEB-464A-B637-37D89734FE3E}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\WDExpress.exe
FirewallRules: [TCP Query User{1C1200A6-713F-4904-BE79-8D6F5757CC40}C:\users\commanderx\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\commanderx\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{56454DB5-9A0F-48B1-99AE-3FE30CAE09E3}C:\users\commanderx\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\commanderx\appdata\local\akamai\netsession_win.exe
FirewallRules: [{B2A0C1E6-D2B6-4926-88F4-EF03E8388FEF}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe
FirewallRules: [{C76F0D45-9B31-45C9-990F-8F26A17E822B}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{A2089085-7D1D-4608-BAA8-A7C8E6F7F3AF}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{1B79BCD3-8A69-4FF5-BE89-7A1D9C41421C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8EAE59EE-68A7-4E75-8646-8770882FDC51}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9DBB3769-D410-4ECE-84AF-57ECE881B184}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{9E48CC4F-82DE-40C0-BF86-0B0A7AB6889E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{CEF1EDF0-2684-468B-A2F3-E32350B04520}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{FE2DABBF-567F-4994-9181-82383D37C3CC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{BC752C39-DC69-4270-AC08-6091C9602835}] => (Allow) C:\Program Files\Adobe\Adobe Flash Builder 4.7 (64 Bit)\FlashBuilder.exe
FirewallRules: [{B4CEE3CE-3293-48BD-8F66-307582C1C001}] => (Allow) C:\Program Files\Adobe\Adobe Flash Builder 4.7 (64 Bit)\FlashBuilder.exe
FirewallRules: [{603671D7-DF71-417C-BA2F-A9CFDD0F4C92}] => (Allow) LPort=7935
FirewallRules: [{5A9E2C04-EDDB-485C-AC02-F6CD2DDF46E3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Secret of Monkey Island Special Edition\MISE.exe
FirewallRules: [{A4939148-1C92-42B6-8FB1-C6EC23A0603C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Secret of Monkey Island Special Edition\MISE.exe
FirewallRules: [{01537D17-379C-4C0C-8444-76FB3A0E42BB}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{4AD2CB1D-AF9E-40FB-A43D-7048C5FFB7E3}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{B5A28EF6-872C-444A-9BEC-FEAA2B9D7AF9}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{0BA49F6F-EBDB-451B-8FF1-304189E0DD6D}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{56A70658-5944-4FC5-80F4-547DD10962C1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

18-05-2017 00:28:42 Scheduled Checkpoint
19-05-2017 00:02:30 Windows Update
20-05-2017 22:00:19 520restorepoint

==================== Faulty Device Manager Devices =============

Name: Dell Wireless 1705 Bluetooth
Description: Dell Wireless 1705 Bluetooth
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/20/2017 09:58:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/20/2017 09:54:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/14/2017 06:27:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/12/2017 03:51:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/12/2017 03:26:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (05/12/2017 03:26:42 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-1917758672-2090528760-177207987-1000}/">.

Error: (05/12/2017 03:26:08 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/12/2017 03:26:07 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/12/2017 03:26:07 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (05/12/2017 03:26:07 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (05/17/2017 04:50:19 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (05/15/2017 08:55:21 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: The system detected an address conflict for IP address 192.168.1.143 with the system
having network hardware address 28-BE-03-40-46-0E. Network operations on this system may
be disrupted as a result.

Error: (05/13/2017 07:54:02 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (05/12/2017 03:26:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (05/12/2017 03:26:08 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (05/12/2017 03:16:58 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\system32\athihvs.dll

Error: (05/12/2017 03:16:58 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\system32\athihvs.dll

Error: (05/12/2017 03:16:46 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\system32\athihvs.dll

Error: (05/12/2017 03:12:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/12/2017 03:12:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Management and Security Application Local Management Service service terminated unexpectedly.  It has done this 1 time(s).


==================== Memory info ===========================

Processor: Intel® Core™ i5-4440 CPU @ 3.10GHz
Percentage of memory in use: 26%
Total physical RAM: 12204.95 MB
Available physical RAM: 8990.88 MB
Total Virtual: 24408.08 MB
Available Virtual: 16856.29 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:909.81 GB) (Free:549.73 GB) NTFS
Drive d: (TEENAGE_MUTANT_NINJA_TURTLES) (CDROM) (Total:4.2 GB) (Free:0 GB) UDF
Drive e: (RECOVERY) (Fixed) (Total:21.67 GB) (Free:11.91 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive g: () (Removable) (Total:7.41 GB) (Free:6.08 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 1C226400)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=21.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=909.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7.4 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

 

 

The machine is performing about the same as it was. If I restart and turn off the Internet (disconnect from the wifi), that seems to temporarily stop the lags, but as soon as I go online it starts up again, starting as soon as there's a connection.



#12 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:09:15 PM

Posted 25 May 2017 - 02:42 PM

Hi ferrouswheel,
 
Thanks for the update. Lets continue troubleshooting ...

We need to run a Command with Command Prompt

Click on Start, click on Run and type in "cmd.exe" and click Run.
Type in the following line followed by clicking Enter

netsh winsock reset

After the command has finished,type in the following line followed by clicking Enter

netsh int ip reset

If they was no errors please exit Command Prompt.

Please restart your machine and test again.


“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#13 ferrouswheel

ferrouswheel
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 28 May 2017 - 08:48 AM

I ran those commands and restarted. Restarting alone tends to make it go away for up to an hour, and that's what happened. But then it started doing the same thing as before.



#14 seedy21

seedy21

  • Malware Response Team
  • 742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Yorkshire, UK
  • Local time:09:15 PM

Posted 28 May 2017 - 09:26 AM

Hi Ferrouswheel

Please can you boot your machine into Safemode with networking and let me know if you have the same issues.

You can follow the link below to a tutorial on how to complete this.

https://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/#windows7

Thanks

“It's only after we've lost everything that we're free to do anything.”
― Chuck Palahniuk, Fight Club

unite_blue.png


#15 ferrouswheel

ferrouswheel
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 29 May 2017 - 10:06 PM

The problem doesn't seem to appear in Safe Mode with networking.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users