Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware disabled all antivirus programs, rootkit scans coming back clean


  • This topic is locked This topic is locked
5 replies to this topic

#1 salmoncat

salmoncat

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:58 AM

Posted 21 June 2017 - 07:26 PM

A couple of months ago I had a zbot trojan, or about 100k of the same virus, which were all detected and removed by Lavasoft Adaware. I also had a few rootkits, which I was able to remove with TDSS Killer and Hitman Pro. It took about 48 hours to clean it out. In all of this, Malwarebytes detected nothing.

 

After cleaning my computer out, I added Avast and have several malware removal programs, however somewhere between uninstalling Adaware and installing the new version of it, something went wrong and I was unable to install it. I forgot to make sure I had it, thinking I would be covered by Avast. I use UBlock Origin and am running Windows 10.

 

Now about a week ago, Avast was suddenly disabled after I had been using it to clean an old external drive. Any attempts to repair or reinstall it failed. I could not open the Adaware installer or get Bitdefender to begin installing either. Malwarebytes was working, but was eventually disabled as well - but not after a few scans that came up with nothing. I ran HitmanPro, TDSS Killer and MBAR, with no results.

 

Any help would be greatly appreciated, I really need my computer back!

 

Thanks,

-salmoncat

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 Tenis

Tenis

    Bleepin' FX


  • Malware Study Hall Senior
  • 1,286 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:28 PM

Posted 22 June 2017 - 09:47 AM

Hi there,

 

My name is Tenis. I will assist you with your problem.

 

Few notes before we get started:

  • I am currently in training and analyzing logs takes time.My reply need to be approved by instructor so my responses might be delayed. I will generally reply within 48 hours - if this is not possible, I will let you know.

  • Please do not seek assistance elsewhere without letting me know.

  • Please do not run any malware removal tools unless directed.

  • Make sure to read my instructions fully before attempting a step.

  • Please understand that I am a volunteer, so I may get busy in real life, and that can further delay my responses

  • Backup your data! Malware removal can be tricky and can result in unpredictable behaviour including losing all your data!

  • Please copy and paste all logs in plain text straight into your reply, do not quote or attach logs

 

Farbar's Recovery Scan Tool

--------------------------------

  • Boot system in normal mode.
  • Right click on FRST.exe, select Run as administrator.
  • Make sure Addition.txt is checked.Then press the Scan button
  • Please copy and paste the contents of FRST.txt and Addition.txt in your reply.


#3 salmoncat

salmoncat
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:58 AM

Posted 25 June 2017 - 04:01 AM

Hi, thanks!!

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-06-2017 01
Ran by auror (16-06-2017 19:26:42)
Running from C:\Users\auror\Desktop
Windows 10 Pro Version 1607 (X64) (2016-12-27 14:10:37)
Boot Mode: Safe Mode (minimal)
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-691688320-3179706042-1884180357-500 - Administrator - Disabled)
auror (S-1-5-21-691688320-3179706042-1884180357-1001 - Administrator - Enabled) => C:\Users\auror
DefaultAccount (S-1-5-21-691688320-3179706042-1884180357-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-691688320-3179706042-1884180357-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-691688320-3179706042-1884180357-501 - Limited - Disabled)
rosss (S-1-5-21-691688320-3179706042-1884180357-1002 - Limited - Enabled) => C:\Users\rosss
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe After Effects CC 2017 (HKLM-x32\...\AEFT_14_0_0) (Version: 14.0.0 - Adobe Systems Incorporated)
Adobe Bridge CC 2017 (HKLM-x32\...\KBRG_7_0) (Version: 7.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.1.335 - Adobe Systems Incorporated)
Adobe Dreamweaver CC 2015 (HKLM-x32\...\{EE2A0AA8-0386-11E5-8603-BC82F5DB1A71}) (Version: 16.0.0 - Adobe Systems Incorporated)
Adobe Illustrator CC 2017 (HKLM-x32\...\ILST_21_0_0) (Version: 21.0.0 - Adobe Systems Incorporated)
Adobe InDesign CC 2015 (HKLM-x32\...\{DBFD0312-6E55-1014-8952-E78D43BC0147}) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_0) (Version: 18.0.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2017 (HKLM-x32\...\PPRO_11_0_0) (Version: 11.0.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.8.198 - Adobe Systems, Inc.)
AMD Settings (HKLM\...\WUCCCApp) (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{05E07D23-91E9-4E70-A4CC-EF505088F967}) (Version: 5.4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{741291DA-2B34-4D44-8FB6-58EDE21261D8}) (Version: 5.4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.4.2294 - AVAST Software)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 21.0.24.36 - Bitdefender)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Camtasia 9 (HKLM-x32\...\{1d9398f4-c133-41a0-9ea1-1600af791234}) (Version: 9.0.3.1627 - TechSmith Corporation)
Camtasia 9 (Version: 9.0.3.1627 - TechSmith Corporation) Hidden
Camtasia Studio 8 (HKLM-x32\...\{904AC0F0-F69E-467E-A719-B083940F608A}) (Version: 8.5.2.1999 - TechSmith Corporation)
Catalyst Control Center Next Localization BR (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.1206.1960.35982 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.29 - Piriform)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 12 - CyberLink Corp.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.5.0.0222 - Disc Soft Ltd)
Dell Customer Connect (HKLM-x32\...\{4FA72FF9-DD64-43A8-8704-6380A11F11D5}) (Version: 1.4.15.0 - Dell Inc.)
Dell Data Vault (Version: 4.4.2.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{99B7C4B5-DC14-441D-A5B6-7340F682BC81}) (Version: 3.1.1117.0 - Dell Products, LP)
Dell Foundation Services (HKLM\...\{BDB50421-E961-42F3-B803-6DAC6F173834}) (Version: 3.4.16100.0 - Dell Inc.)
Dell Help & Support (HKLM-x32\...\InstallShield_{E8669F4E-F2BE-48A9-B5A5-0BC12CA4CB4F}) (Version: 2.4.18.0 - Dell Inc.)
Dell Help & Support (Version: 2.4.18.0 - Dell Inc.) Hidden
Dell Product Registration (HKLM-x32\...\InstallShield_{48114909-3C3B-43E6-BF98-AE9C396500A3}) (Version: 3.0.127.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.3.6855.212 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{A10101BE-714B-42EE-B88B-5D3725B61425}) (Version: 1.4.2.2 - Dell)
Dell Update - SupportAssist Update Plugin (HKLM\...\{92F651D9-4431-469E-9B11-299D007AF656}) (Version: 2.0.2.1835 - Dell Inc.)
Dell Update (HKLM-x32\...\{49655877-33CF-4C8A-B07C-9694935431E4}) (Version: 1.9.7.0 - Dell Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 28.4.14 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
f.lux (HKU\S-1-5-21-691688320-3179706042-1884180357-1001\...\Flux) (Version:  - )
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.20.286 - SurfRight B.V.)
iCloud (HKLM\...\{7F40A9A7-B3BE-4EA8-B052-60449F6C3C02}) (Version: 6.2.1.67 - Apple Inc.)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1178 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4550 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.9.1053 - Intel Corporation)
Intel® Ready Mode Technology (HKLM\...\{7331913F-E841-469A-B151-1046F1889E7B}) (Version: 1.1.70.518 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{4DA9DC19-4E1D-4B10-A726-A5F2A1BC7265}) (Version: 18.1.1546.2762 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c5379552-10e4-4652-9536-b328ff9e4ca6}) (Version: 18.30.0 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{3D45BD48-F215-4C69-B23F-256C83D1D7F0}) (Version: 1.0.0.534 - Intel Corporation)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: 12.5.5.5 - Apple Inc.)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Maxx Audio Installer (x64) (Version: 2.6.8627.1 - Waves Audio Ltd.) Hidden
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.139 - McAfee, Inc.)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.8067.2115 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-691688320-3179706042-1884180357-1001\...\OneDriveSetup.exe) (Version: 17.3.6799.0327 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32\...\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 53.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 53.0.3 (x86 en-US)) (Version: 53.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 53.0.3.6347 - Mozilla)
NewBlue Video Essentials for Windows (HKLM-x32\...\NewBlue Video Essentials for Windows) (Version: 3.0 - NewBlue)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.8067.2115 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.8067.2115 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.8067.2115 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7967.2073 - Microsoft Corporation) Hidden
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
proDAD Adorage 3.0 (HKLM-x32\...\proDAD-Adorage-3.0) (Version: 3.0.114.1 - proDAD GmbH)
Product Registration (Version: 3.0.127.0 - Dell Inc.) Hidden
RealDownloader (x32 Version: 18.1.7.337 - RealNetworks, Inc.) Hidden
RealDownloader (x32 Version: 18.1.7.347 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (RealTimes) (HKLM-x32\...\RealPlayer 18.1) (Version: 18.1.7 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7904 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
SafeZone Stable 3.55.2393.596 (x32 Version: 3.55.2393.596 - Avast Software) Hidden
Seagate Dashboard (HKLM-x32\...\{EA266F00-A8E7-43A0-8DED-FBFE3F076934}) (Version: 4.4.1902.0 - Seagate)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Sims 2 Ultimate Collection version 1.17.0.66 (HKLM-x32\...\The Sims 2 Ultimate Collection_is1) (Version: 1.17.0.66 - Mr DJ)
TurboTax 2016 (HKLM-x32\...\{22573A7C-7F78-4C6E-931E-8E5E5BC03FCF}) (Version: 1.00.0000 - Intuit Canada)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
vc2012_redist (x32 Version: 1.0.0.0 - Realnetworks) Hidden
Video Downloader (x32 Version: 18.1.7 - RealNetworks) Hidden
vs2015_redist x86 (x32 Version: 1.0.0.0 - Realnetworks) Hidden
Vulkan Run Time Libraries 1.0.17.0 (HKLM\...\VulkanRT1.0.17.0) (Version: 1.0.17.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-691688320-3179706042-1884180357-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0FCC3C0C-112A-4D0F-8E54-35CC67EECCAB} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-691688320-3179706042-1884180357-1001 => C:\program files (x86)\real\realplayer\RealDownloader\recordingmanager.exe [2017-03-02] (RealNetworks, Inc.)
Task: {1386792C-B535-4EA4-AF28-BBD64A329B0D} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-05-27] ()
Task: {1503DB45-E203-4E27-9A6C-CC04BC25CB91} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-05-14] (Microsoft Corporation)
Task: {16BACB9E-11A1-406E-BCE6-508C47EF32FF} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-05-03] (AVAST Software)
Task: {305D3D74-9204-4CE4-898F-1433DB674AE5} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-05-27] ()
Task: {371FB648-80F3-462B-9E47-1529798F0636} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2016-10-25] (Adobe Systems Incorporated)
Task: {3934779A-5A8F-4349-AF7B-2C11EB9B26F3} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-10-06] (Realtek Semiconductor)
Task: {3C77E07B-8AB0-4969-A184-33B786B5412C} - System32\Tasks\auror => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2016-06-28] (Seagate Technology LLC)
Task: {3CD32534-F749-4F71-9938-966F1F1C2B6A} - System32\Tasks\RealDownloader Update Check => C:\program files (x86)\real\realplayer\RealDownloader\downloader2.exe
Task: {3EDCB274-6113-4E19-A4C0-10401A1E1780} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-05-14] (Microsoft Corporation)
Task: {3FE19992-162F-47F4-876E-A569A905B577} - System32\Tasks\Dell Cleanup => c:\windows\system32\oem\startmenufix.vbs [2016-09-14] ()
Task: {48552AA4-2203-4446-9B89-8ADC65904C30} - \PCDDataUploadTask -> No File <==== ATTENTION
Task: {4A2BEC5A-A246-41B0-8205-7BE1490B265C} - System32\Tasks\ReclaimerResumeInstall_auror => C:\Users\auror\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.07\agent\rnupgagent.exe [2017-06-15] (RealNetworks, Inc.)
Task: {4E2B5A24-6F38-482C-A93C-A699D9F1B2FD} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe [2016-04-27] (CyberLink)
Task: {50557A54-6F6E-4D13-AD0F-6CAAF9F47975} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2017-04-18] (PC-Doctor, Inc.)
Task: {5D9C8372-23D8-4A22-A668-897C080622DA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {67F6A311-85F1-45F0-B314-5E766BA94404} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2017-04-11] (Bitdefender)
Task: {70E15FA0-D445-4075-BA3F-F5CB59383DAA} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2017-04-25] (Dell Inc.)
Task: {738E1184-5EE4-4C7C-8741-3DC7DD623D92} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2017-04-18] (PC-Doctor, Inc.)
Task: {7576F230-F9FB-41AE-909A-D8C8D01EF839} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-27] (Google Inc.)
Task: {75AB3CA6-BD91-40CB-8385-C334285544D0} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2016-06-28] (Seagate Technology LLC)
Task: {81886ABF-5249-4F76-924E-44C061EF4CF3} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-12-27] (Dropbox, Inc.)
Task: {822B1F6B-0C04-43FC-B5AC-8AA6C56A226B} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-12-27] (Dropbox, Inc.)
Task: {82786BF2-065C-4A83-91E4-17B5BD56AA43} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLVDLauncher.exe [2015-01-28] (CyberLink Corp.)
Task: {8B23C651-7B54-48E3-B852-88A85A4E4915} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-04-10] (Piriform Ltd)
Task: {8F9D5652-696C-429E-9D2A-5B07692B763E} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2016-12-27] ()
Task: {93457F76-BA63-42AA-8880-5EB9B947FA26} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-691688320-3179706042-1884180357-1001 => C:\program files (x86)\real\realplayer\RealDownloader\RealUpgrade.exe [2017-03-02] (RealNetworks, Inc.)
Task: {B232838E-7A56-4939-AAA8-B6C4062BBA3D} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-691688320-3179706042-1884180357-1001 => C:\program files (x86)\real\realplayer\RealDownloader\RealUpgrade.exe [2017-03-02] (RealNetworks, Inc.)
Task: {B4FC5D6C-1DC5-4B79-949E-0622CF7C6412} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-27] (Google Inc.)
Task: {BA626AEB-15E5-45F8-BE6D-3F193CE45850} - System32\Tasks\auror Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2016-06-28] (Seagate Technology LLC)
Task: {BB330EAC-F7E0-4A04-94E7-84BAB3C336B3} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-26] (AVAST Software)
Task: {BD3642A5-6278-4180-BFB6-D044D9DEA782} - System32\Tasks\ReclaimerResumeInstallLogin_auror => C:\Users\auror\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.07\agent\rnupgagent.exe [2017-06-15] (RealNetworks, Inc.)
Task: {C379CD51-5321-4D87-B97E-8BC9A235645C} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-aurorapounder@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {CF46BB78-62D3-47BA-8EAC-82573A75040B} - \SystemToolsDailyTest -> No File <==== ATTENTION
Task: {CF9612B3-581A-4986-890A-A6448061AF07} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-05-27] (Microsoft Corporation)
Task: {D24D7811-246C-4E80-90AA-3257E75959FE} - System32\Tasks\SafeZone scheduled Autoupdate 1493199562 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-03-22] (Avast Software)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Avast Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\SafeZone scheduled Autoupdate 1493199562.job => C:\Program Files\AVAST Software\SZBrowser\launcher.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 05:42 - 2016-07-16 05:42 - 00231424 _____ () C:\Windows\SYSTEM32\ism32k.dll
2017-06-13 14:13 - 2017-06-03 04:01 - 02681200 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-11-24 18:31 - 2016-11-24 18:31 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-14 19:36 - 2017-03-04 00:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-14 19:36 - 2017-03-04 00:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-14 19:36 - 2017-03-04 00:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-14 19:36 - 2017-03-04 00:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-06-13 14:13 - 2017-06-03 02:47 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-06-13 14:13 - 2017-06-03 02:47 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-06-13 14:13 - 2017-06-03 02:51 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"
river"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\36971932.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\27EF97FA.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\36971932.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-07-16 05:47 - 2016-07-16 05:45 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-691688320-3179706042-1884180357-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\dell\wallpaper_pirelli_final.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKU\S-1-5-21-691688320-3179706042-1884180357-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-691688320-3179706042-1884180357-1001\...\StartupApproved\Run: => "OneDrive"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{425BE1F4-9158-4E10-80EA-1F143ACDCF0F}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{EE32B134-71DC-4A44-B23B-8C2629B75A75}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD14\PowerDVD.exe
FirewallRules: [{BCD3D9EF-2BB5-40CA-9B3C-9DD01507CE8B}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{B6C0772E-7F99-450D-8D5F-81AA7943BBAB}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{A9EC46EA-3E84-4BC5-913B-E7533FB87E86}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{45A62EBD-E953-4DAE-9CB2-5EB73E09E537}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{643EC626-07C2-4AEA-9869-5FA6861F5B6E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{C84DEEA2-14F6-4E73-AA03-C7F305109BAD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{635C16B8-BD47-46C5-8918-0AB197A67646}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{09F85E46-16AA-4EAC-A553-FE1153D426E4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{39C20B78-A38A-4488-AFC9-333EA785E016}] => (Allow) LPort=8888
FirewallRules: [TCP Query User{E1DBEFAD-E860-44D4-8787-1246214A0899}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [UDP Query User{0240FC0D-F214-476D-9C42-EA76818736F7}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [{8B219374-9721-4A5C-B0C0-026B6810742F}] => (Block) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [{4231B3CF-49A3-4CC4-9F37-1CA82188664A}] => (Block) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [{D08AEF77-E7B8-4DB2-94B5-645609F12E58}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{7C304D0C-09CB-4FEA-8823-9125554A7ACF}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{F31AB38B-ED8B-48E4-ACB7-899879D02E7E}] => (Allow) C:\Program Files (x86)\The Sims 2\The Sims 2 Ultimate Collection\The Sims 2 Mansion and Garden Stuff\TSBin\Sims2EP9.exe
FirewallRules: [{17C045F8-F92E-45C0-A4C4-56EB32D138F5}] => (Allow) C:\Program Files (x86)\The Sims 2\The Sims 2 Ultimate Collection\The Sims 2 Mansion and Garden Stuff\TSBin\Sims2EP9.exe
FirewallRules: [{1830981A-5A5B-4DB7-9103-8CEC92312441}] => (Allow) C:\Program Files (x86)\The Sims 2\The Sims 2 Ultimate Collection\The Sims 2 Mansion and Garden Stuff\CSBin\TS2BodyShop.exe
FirewallRules: [{243E51C2-AFC7-42E7-A478-07FE30EC63D1}] => (Allow) C:\Program Files (x86)\The Sims 2\The Sims 2 Ultimate Collection\The Sims 2 Mansion and Garden Stuff\CSBin\TS2BodyShop.exe
FirewallRules: [{FCADF811-D61D-4941-9CF9-8CA942EEBA3E}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{2DA01055-DF38-4F3F-B299-A4C0CF579639}] => (Allow) LPort=8318
FirewallRules: [{B4B9A9A2-2FB7-427C-9FBF-F1BEFF7DAF20}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{621CAB7D-3278-4CB6-B8CF-3FFC6981C479}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596_0\SZBrowser.exe
FirewallRules: [{F74803ED-ED24-422D-A4F6-BD844AD4B008}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{35C39EF8-2BBA-4A7B-BEE6-8744A18CDB73}] => (Allow) LPort=8317
FirewallRules: [{738C09AE-9714-4DE5-8F11-3B8CB8D52964}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{79B216D0-B52A-4546-856E-87B81F6E3E32}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.607\SZBrowser.exe
FirewallRules: [{F5C3048C-3698-475D-9520-5FDADA6861AE}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
 
==================== Restore Points =========================
 
08-06-2017 17:52:15 Windows Update
13-06-2017 14:16:31 Windows Update
13-06-2017 14:17:44 Windows Update
14-06-2017 03:42:49 computer being sketchy
 
==================== Faulty Device Manager Devices =============
 
Name: Intel® Serial IO UART Host Controller - A127
Description: Intel® Serial IO UART Host Controller - A127
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: iaLPSS2_UART2
Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/16/2017 06:42:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LOKI)
Description: Activation of app Microsoft.Getstarted_5.10.1441.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/16/2017 06:42:36 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LOKI)
Description: Activation of app Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/16/2017 06:39:37 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\auror\Desktop\mbar\mbar.exe  "C:\Users\auror\Desktop\mbar"     ; Description = Malwarebytes Anti-Rootkit Restore Point; Error = 0x8007043c).
 
Error: (06/16/2017 06:39:37 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\auror\Desktop\mbar\mbar.exe  "C:\Users\auror\Desktop\mbar"     ; Description = Malwarebytes Anti-Rootkit Restore Point; Error = 0x8007043c).
 
Error: (06/16/2017 06:05:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LOKI)
Description: Activation of app Microsoft.Getstarted_5.10.1441.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/16/2017 06:05:43 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LOKI)
Description: Activation of app Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/16/2017 03:49:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LOKI)
Description: Activation of app Microsoft.Windows.Photos_17.425.10010.0_x64__8wekyb3d8bbwe:App.AppX65n3t4j73ch7cremsjxn7q8bph1ma8jw.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/16/2017 02:55:29 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: 0x80070091.
 
Error: (06/16/2017 02:55:26 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LOKI)
Description: Activation of app Microsoft.Getstarted_5.10.1441.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (06/16/2017 02:55:12 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LOKI)
Description: Activation of app Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
 
System errors:
=============
Error: (06/16/2017 07:28:05 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "Unavailable" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (06/16/2017 07:28:03 PM) (Source: DCOM) (EventID: 10005) (User: LOKI)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (06/16/2017 07:26:44 PM) (Source: DCOM) (EventID: 10005) (User: LOKI)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (06/16/2017 07:26:44 PM) (Source: DCOM) (EventID: 10005) (User: LOKI)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (06/16/2017 07:26:41 PM) (Source: DCOM) (EventID: 10005) (User: LOKI)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (06/16/2017 07:26:41 PM) (Source: DCOM) (EventID: 10005) (User: LOKI)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (06/16/2017 07:26:41 PM) (Source: DCOM) (EventID: 10005) (User: LOKI)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (06/16/2017 07:26:10 PM) (Source: DCOM) (EventID: 10005) (User: LOKI)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (06/16/2017 07:26:10 PM) (Source: DCOM) (EventID: 10005) (User: LOKI)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (06/16/2017 07:26:10 PM) (Source: DCOM) (EventID: 10005) (User: LOKI)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-6700 CPU @ 3.40GHz
Percentage of memory in use: 9%
Total physical RAM: 16286.64 MB
Available physical RAM: 14753.22 MB
Total Virtual: 18718.64 MB
Available Virtual: 17345.39 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:1849.22 GB) (Free:1273.71 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 57B975F7)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-06-2017 01
Ran by auror (administrator) on LOKI (16-06-2017 19:47:48)
Running from C:\Users\auror\Desktop
Loaded Profiles: auror &  (Available Profiles: defaultuser0 & auror & rosss)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (minimal)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Corporation) C:\Windows\hh.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Malwarebytes Corp.) C:\Users\auror\Desktop\mbar-1.09.3.1001.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Malwarebytes) C:\Users\auror\Desktop\mbar\mbar.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8861208 2016-10-06] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1477648 2016-10-06] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322120 2016-04-28] (Intel Corporation)
HKLM\...\Run: [WavesSvc] => c:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [724400 2016-07-24] (Waves Audio Ltd.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-05-03] (AVAST Software)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [8029576 2016-12-06] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3487032 2017-06-12] (Dropbox, Inc.)
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1563424 2016-06-28] (Seagate Technology LLC)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [352648 2017-03-17] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\Real\RealDownloader\downloader2.exe [738544 2017-05-05] ()
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\RunOnce: [InnoSetupRegFile.0000000001] => "C:\Windows\is-CPKVI.exe" /REG /REGSVRMODE
HKLM-x32\...\RunOnce: [{6BB1184E-6C9C-47A8-8D9C-75C4461C2E7C}] => C:\Users\auror\AppData\Local\Temp\{A2BCB1B5-6A0C-4A22-B664-0BD648C088CE}\{6BB1184E-6C9C-47A8-8D9C-75C4461C2E7C}.cmd [281 2017-06-16] () <===== ATTENTION
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Rootkit (cleanup)] => C:\ProgramData\Malwarebytes' Anti-Malware (portable)\mbamdor.exe [54072 2015-09-10] (Malwarebytes Corporation)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <====== ATTENTION
HKU\S-1-5-21-691688320-3179706042-1884180357-1001\...\Run: [f.lux] => C:\Users\auror\AppData\Local\FluxSoftware\Flux\flux.exe [1024240 2016-12-05] (Flux Software LLC)
HKU\S-1-5-21-691688320-3179706042-1884180357-1001\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127816 2016-06-28] (Seagate Technology LLC)
HKU\S-1-5-21-691688320-3179706042-1884180357-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4701888 2016-12-22] (Disc Soft Ltd)
HKU\S-1-5-21-691688320-3179706042-1884180357-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-691688320-3179706042-1884180357-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9532120 2017-04-10] (Piriform Ltd)
HKU\S-1-5-21-691688320-3179706042-1884180357-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-03-16] (Apple Inc.)
HKU\S-1-5-21-691688320-3179706042-1884180357-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-03-16] (Apple Inc.)
HKU\S-1-5-21-691688320-3179706042-1884180357-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2017-03-16] (Apple Inc.)
HKU\S-1-5-21-691688320-3179706042-1884180357-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2017-03-16] (Apple Inc.)
HKU\S-1-5-21-691688320-3179706042-1884180357-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [f.lux] => C:\Users\auror\AppData\Local\FluxSoftware\Flux\flux.exe [1024240 2016-12-05] (Flux Software LLC)
HKU\S-1-5-21-691688320-3179706042-1884180357-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127816 2016-06-28] (Seagate Technology LLC)
HKU\S-1-5-21-691688320-3179706042-1884180357-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4701888 2016-12-22] (Disc Soft Ltd)
HKU\S-1-5-21-691688320-3179706042-1884180357-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-691688320-3179706042-1884180357-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9532120 2017-04-10] (Piriform Ltd)
HKU\S-1-5-21-691688320-3179706042-1884180357-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-03-16] (Apple Inc.)
HKU\S-1-5-21-691688320-3179706042-1884180357-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-03-16] (Apple Inc.)
HKU\S-1-5-21-691688320-3179706042-1884180357-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2017-03-16] (Apple Inc.)
HKU\S-1-5-21-691688320-3179706042-1884180357-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2017-03-16] (Apple Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-03] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2017-03-17]
ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)
BootExecute: C:\Windows\system32\autochk.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 64.59.184.17 64.59.191.229
Tcpip\..\Interfaces\{591d2d05-45fa-40fb-9b58-78d46082c8d6}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{f668fc75-5d86-4652-9749-914b381c23da}: [DhcpNameServer] 64.59.184.17 64.59.191.229
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-691688320-3179706042-1884180357-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://assemblyonline.assembly.ab.ca/Harmony/
HKU\S-1-5-21-691688320-3179706042-1884180357-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://assemblyonline.assembly.ab.ca/Harmony/
HKU\S-1-5-21-691688320-3179706042-1884180357-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell17win10.msn.com/?pc=DCTE
HKU\S-1-5-21-691688320-3179706042-1884180357-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell17win10.msn.com/?pc=DCTE
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\program files (x86)\real\realplayer\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2017-03-02] (RealDownloader)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-05-27] (Microsoft Corporation)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-05-16] (McAfee, Inc.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-05-27] (Microsoft Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\program files (x86)\real\realplayer\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2017-03-02] (RealDownloader)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-05-16] (McAfee, Inc.)
Handler-x32: intu-tt2016 - {D3619A28-0FAE-4AD2-A79F-BAD3CD6E8779} - C:\Program Files (x86)\TurboTax 2016\ic2016pp.dll [2016-12-18] (Intuit Canada, a general partnership/une société en nom collectif.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-27] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-27] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-27] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-27] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-05-16] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-05-16] (McAfee, Inc.)
 
FireFox:
========
FF DefaultProfile: mhau54zk.default
FF ProfilePath: C:\Users\auror\AppData\Roaming\Mozilla\Firefox\Profiles\mhau54zk.default [2017-06-16]
FF Extension: (Privacy Badger) - C:\Users\auror\AppData\Roaming\Mozilla\Firefox\Profiles\mhau54zk.default\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2017-06-16]
FF Extension: (Avast Passwords) - C:\Users\auror\AppData\Roaming\Mozilla\Firefox\Profiles\mhau54zk.default\Extensions\jid1-r1tDuNiNb4SEww@jetpack.xpi [2017-04-26]
FF Extension: (Avast SafePrice) - C:\Users\auror\AppData\Roaming\Mozilla\Firefox\Profiles\mhau54zk.default\Extensions\sp@avast.com.xpi [2017-05-03]
FF Extension: (uBlock Origin) - C:\Users\auror\AppData\Roaming\Mozilla\Firefox\Profiles\mhau54zk.default\Extensions\uBlock0@raymondhill.net.xpi [2017-06-16]
FF Extension: (Avast Online Security) - C:\Users\auror\AppData\Roaming\Mozilla\Firefox\Profiles\mhau54zk.default\Extensions\wrc@avast.com.xpi [2017-05-03]
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-04-18]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-25] (Adobe Systems)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1228198.dll [2017-02-27] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-27] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=18.1.7.337 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2017-03-17] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=18.1.7.337 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2017-03-17] (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-25] (Adobe Systems)
 
Chrome: 
=======
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\auror\AppData\Local\Google\Chrome\User Data\Default [2017-06-16]
CHR Extension: (Google Slides) - C:\Users\auror\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-27]
CHR Extension: (Google Docs) - C:\Users\auror\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-27]
CHR Extension: (Google Drive) - C:\Users\auror\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-27]
CHR Extension: (YouTube) - C:\Users\auror\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-27]
CHR Extension: (Adblock Plus) - C:\Users\auror\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-25]
CHR Extension: (uBlock Origin) - C:\Users\auror\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-05-19]
CHR Extension: (Avast Passwords) - C:\Users\auror\AppData\Local\Google\Chrome\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik [2017-04-26]
CHR Extension: (Google Sheets) - C:\Users\auror\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-12-27]
CHR Extension: (Google Docs Offline) - C:\Users\auror\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\auror\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Gmail) - C:\Users\auror\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-27]
CHR Extension: (Chrome Media Router) - C:\Users\auror\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-12]
CHR Extension: (Privacy Badger) - C:\Users\auror\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkehgijcmpdhfbdbbnkijodmdjhbjlgp [2017-06-16]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [155016 2016-12-06] ()
S2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-25] (Adobe Systems Incorporated)
S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7346208 2017-05-03] (AVAST Software s.r.o.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-05-03] (AVAST Software)
S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3971264 2017-05-14] (Microsoft Corporation)
S3 cphs; C:\Windows\System32\DriverStore\FileRepository\ki119562.inf_amd64_6a130ba6366a3570\IntelCpHeciSvc.exe [301528 2016-11-24] (Intel Corporation)
S3 cplspcon; C:\Windows\System32\DriverStore\FileRepository\ki119562.inf_amd64_6a130ba6366a3570\IntelCpHDCPSvc.exe [480216 2016-11-24] (Intel Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-12-27] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-12-27] (Dropbox, Inc.)
S2 DbxSvc; C:\Windows\system32\DbxSvc.exe [48944 2017-06-12] (Dropbox, Inc.)
S2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2016-12-21] (Dell Inc.)
S2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [97616 2017-01-11] (Dell)
S2 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [77648 2016-12-22] (Dell Inc.)
S2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2017-04-11] (Dell Inc.)
S2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2017-04-11] (Dell Inc.)
S2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [230248 2016-09-22] (Dell Inc.)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2016-12-22] (Disc Soft Ltd)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18504 2016-04-28] (Intel Corporation)
S2 ibtsiva; C:\Windows\system32\ibtsiva.exe [165616 2015-11-12] (Intel Corporation)
S2 igfxCUIService2.0.0.0; C:\Windows\System32\DriverStore\FileRepository\ki119562.inf_amd64_6a130ba6366a3570\igfxCUIService.exe [341976 2016-11-24] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
S3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-07-06] (Intel Corporation) [File not signed]
S2 IRMTService; c:\Program Files\Intel\Intel® Ready Mode Technology\IRMTService.exe [182336 2015-09-10] (Intel Corporation)
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-07-06] () [File not signed]
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2016-01-21] (Intel Corporation)
S2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188256 2017-05-16] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-10-28] ()
S2 Product Registration; C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [47144 2017-04-06] (Dell)
S2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1254736 2017-04-11] (Bitdefender)
S2 RealPlayerUpdateSvc; C:\program files (x86)\real\realplayer\UpdateService\RealPlayerUpdateSvc.exe [35104 2017-03-02] ()
S2 RealTimes Desktop Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [987408 2017-03-17] (RealNetworks, Inc.)
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2015-09-02] (CyberLink)
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [332040 2016-10-06] (Realtek Semiconductor)
S2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16216 2016-06-28] (Seagate Technology LLC)
S2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [143656 2016-06-28] (Seagate Technology LLC)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-11-24] (Microsoft Corporation)
S2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [32728 2017-04-25] (Dell Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-27] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831712 2015-10-28] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 27EF97FA; C:\Windows\System32\drivers\27EF97FA.sys [478392 2017-06-16] (Kaspersky Lab ZAO)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc.)
S3 amdkmdag; C:\Windows\System32\DriverStore\FileRepository\c0311000.inf_amd64_7a628daad2b6c80c\atikmdag.sys [26574344 2017-02-08] (Advanced Micro Devices, Inc.)
S3 amdkmdap; C:\Windows\System32\DriverStore\FileRepository\c0311000.inf_amd64_7a628daad2b6c80c\atikmpag.sys [529304 2017-02-08] (Advanced Micro Devices, Inc.)
S1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [311808 2017-05-03] (AVAST Software s.r.o.)
S0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [190256 2017-05-03] (AVAST Software s.r.o.)
S0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334576 2017-05-03] (AVAST Software s.r.o.)
S0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [49016 2017-05-03] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-05-03] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32600 2017-05-03] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [128648 2017-05-03] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-05-03] (AVAST Software)
S0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-05-03] (AVAST Software)
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1007160 2017-05-03] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [569192 2017-05-03] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [158880 2017-05-12] (AVAST Software)
S0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [339696 2017-05-03] (AVAST Software)
S3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [110088 2017-04-26] (Advanced Micro Devices)
S1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [32960 2017-04-11] (Dell Inc.)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [32568 2017-04-11] (Dell Computer Corporation)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2016-12-28] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2016-12-28] (Disc Soft Ltd)
S1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77376 2017-05-25] ()
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [55232 2017-06-16] ()
S3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [300304 2015-11-13] (Intel Corporation)
S3 igfx; C:\Windows\System32\DriverStore\FileRepository\ki119562.inf_amd64_6a130ba6366a3570\igdkmd64.sys [11039704 2016-11-24] (Intel Corporation)
R3 IntelReadyModeDriver; C:\Windows\System32\drivers\IntelReadyModeDriver.sys [33512 2015-09-10] (Intel Corporation)
R3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [109272 2017-06-16] (Malwarebytes)
S3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [111544 2017-05-08] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-05-08] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2017-06-16] (Malwarebytes)
S3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 Netwtw04; C:\Windows\System32\drivers\Netwtw04.sys [7116288 2016-07-16] (Intel Corporation)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U1 aswbdisk; no ImagePath
S3 dbx; system32\DRIVERS\dbx.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-16 19:35 - 2017-06-16 19:35 - 00000000 ____D C:\Users\auror\Desktop\mbam-chameleon
2017-06-16 19:28 - 2017-06-16 19:28 - 00066865 _____ C:\Users\auror\Desktop\Shortcut.txt
2017-06-16 19:26 - 2017-06-16 19:47 - 00031742 _____ C:\Users\auror\Desktop\FRST.txt
2017-06-16 19:26 - 2017-06-16 19:28 - 00042162 _____ C:\Users\auror\Desktop\Addition.txt
2017-06-16 19:25 - 2017-06-16 19:47 - 00000000 ____D C:\FRST
2017-06-16 19:25 - 2017-06-16 19:23 - 06705178 _____ C:\Users\auror\Desktop\mbam-chameleon-3.1.33.0.zip
2017-06-16 19:25 - 2017-06-16 18:30 - 02438656 _____ (Farbar) C:\Users\auror\Desktop\FRST64.exe
2017-06-16 15:54 - 2017-06-16 16:26 - 00000000 ____D C:\Users\auror\Desktop\Books I Might Read
2017-06-16 15:52 - 2017-06-16 17:00 - 00000000 ____D C:\Users\auror\Desktop\Agatha Christies
2017-06-16 15:50 - 2014-02-11 22:08 - 2277439419 _____ C:\Users\auror\Desktop\Indiana Jones 2 1984 Temple Of Doom.mp4
2017-06-16 15:50 - 2014-02-11 22:08 - 2224582358 _____ C:\Users\auror\Desktop\Indiana Jones 1 1981 Raiders Of The Lost Ark.mp4
2017-06-16 15:50 - 2014-02-11 22:05 - 2446926434 _____ C:\Users\auror\Desktop\Indiana Jones 3 1989 Last Crusade.mp4
2017-06-16 15:49 - 2014-02-11 21:21 - 2322472315 _____ C:\Users\auror\Desktop\Indiana Jones 4 2008 Kingdom Of The Crystal Skull.mp4
2017-06-16 15:47 - 2017-06-16 15:47 - 00000000 ____D C:\Users\auror\Desktop\WordPress For Dummies V413HAV
2017-06-16 15:47 - 2017-06-16 15:47 - 00000000 ____D C:\Users\auror\Desktop\Trick Photography and Special Effects (2011)-Mantesh
2017-06-16 15:45 - 2017-06-16 15:46 - 00000000 ____D C:\Users\auror\Desktop\Kindle Library (Final)
2017-06-16 15:45 - 2017-06-16 15:45 - 00000000 ____D C:\Users\auror\Desktop\Kindle Books - S
2017-06-16 15:45 - 2017-06-16 15:45 - 00000000 ____D C:\Users\auror\Desktop\Kindle Books - M, N
2017-06-16 15:45 - 2017-06-16 15:45 - 00000000 ____D C:\Users\auror\Desktop\Kindle Books - F
2017-06-16 15:45 - 2017-06-16 15:45 - 00000000 ____D C:\Users\auror\Desktop\Kindle Books - C
2017-06-16 15:06 - 2017-06-16 15:07 - 00300040 _____ C:\TDSSKiller.3.1.0.15_16.06.2017_15.06.49_log.txt
2017-06-16 14:58 - 2017-06-16 14:58 - 00000448 _____ C:\Windows\Tasks\SafeZone scheduled Autoupdate 1493199562.job
2017-06-16 14:58 - 2017-06-16 14:58 - 00000342 ____H C:\Windows\Tasks\Avast Emergency Update.job
2017-06-16 14:58 - 2017-05-03 19:33 - 00400456 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-06-16 02:47 - 2017-06-16 02:47 - 00478392 ____N (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\27EF97FA6.sys
2017-06-16 02:47 - 2017-06-16 02:47 - 00085600 ____N (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\92050185.sys
2017-06-16 02:42 - 2017-06-16 02:42 - 118791512 _____ (Kaspersky Lab ZAO) C:\Users\auror\Downloads\KVRT.exe
2017-06-16 02:42 - 2017-06-16 02:42 - 00478392 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\27EF97FA.sys
2017-06-16 02:42 - 2017-06-16 02:42 - 00000000 ____D C:\KVRT_Data
2017-06-16 02:40 - 2017-06-16 02:40 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2017-06-16 02:39 - 2017-06-16 02:40 - 193695408 _____ (Kaspersky Lab) C:\Users\auror\Downloads\kav17.0.0.611abcden_12166.exe
2017-06-16 02:36 - 2017-06-16 02:36 - 00030646 _____ C:\ProgramData\agent.update.1497602193.bdinstall.bin
2017-06-16 02:34 - 2017-06-16 02:35 - 00004160 _____ C:\Users\auror\Desktop\Rkill.txt
2017-06-16 02:34 - 2017-06-16 02:34 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\auror\Downloads\rkill.com
2017-06-16 02:33 - 2017-06-16 02:35 - 05659652 _____ (Swearware) C:\Users\auror\Downloads\ComboFix.exe
2017-06-16 02:32 - 2017-06-16 02:32 - 01192392 _____ C:\Windows\is-CPKVI.exe
2017-06-16 02:32 - 2017-06-16 02:32 - 00022709 _____ C:\Windows\is-CPKVI.msg
2017-06-16 02:32 - 2017-06-16 02:32 - 00000310 _____ C:\Windows\is-CPKVI.lst
2017-06-16 02:27 - 2017-06-16 02:31 - 64232976 _____ (Malwarebytes ) C:\Users\auror\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.141-1.0.2092.exe
2017-06-16 02:20 - 2017-06-16 02:20 - 09915528 _____ C:\Users\auror\Downloads\bitdefender_antivirus.exe
2017-06-16 02:17 - 2017-06-16 02:17 - 00028409 _____ C:\ProgramData\agent.1497601021.bdinstall.bin
2017-06-16 02:16 - 2017-06-16 02:16 - 00028410 _____ C:\ProgramData\agent.1497601012.bdinstall.bin
2017-06-16 02:14 - 2017-06-16 02:16 - 08465984 _____ C:\Users\auror\Downloads\bitdefender_online.exe
2017-06-16 02:04 - 2017-06-16 02:04 - 00000711 _____ C:\Users\auror\Desktop\JRT.txt
2017-06-16 01:45 - 2017-06-16 14:21 - 00055232 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2017-06-16 01:42 - 2017-06-16 01:42 - 00028405 _____ C:\ProgramData\agent.1497598932.bdinstall.bin
2017-06-16 01:40 - 2017-06-16 01:40 - 00000000 ____D C:\ProgramData\Lavasoft
2017-06-16 01:36 - 2017-06-16 01:37 - 02558896 _____ C:\Users\auror\Downloads\Adaware_Installer(1).exe
2017-06-16 01:30 - 2017-06-16 01:30 - 00028410 _____ C:\ProgramData\agent.1497598220.bdinstall.bin
2017-06-16 00:58 - 2017-06-16 01:02 - 00298366 _____ C:\TDSSKiller.3.1.0.15_16.06.2017_00.58.44_log.txt
2017-06-15 21:33 - 2017-06-15 21:33 - 00003354 _____ C:\Windows\System32\Tasks\ReclaimerResumeInstall_auror
2017-06-15 21:33 - 2017-06-15 21:33 - 00003324 _____ C:\Windows\System32\Tasks\ReclaimerResumeInstallLogin_auror
2017-06-15 17:42 - 2017-06-15 17:42 - 00000000 ____D C:\Temp
2017-06-14 04:02 - 2017-06-14 04:02 - 02558896 _____ C:\Users\auror\Downloads\F85.tmp
2017-06-13 17:47 - 2017-06-13 17:47 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-06-13 17:39 - 2017-06-13 17:39 - 00000000 ___SD C:\Windows\UpdateAssistantV2
2017-06-13 14:14 - 2017-06-03 04:50 - 00315744 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-06-13 14:14 - 2017-06-03 04:16 - 00279904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2017-06-13 14:14 - 2017-06-03 04:11 - 01706488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-06-13 14:14 - 2017-06-03 04:09 - 02213760 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-06-13 14:14 - 2017-06-03 04:06 - 02048496 _____ C:\Windows\SysWOW64\CoreUIComponents.dll
2017-06-13 14:14 - 2017-06-03 03:59 - 01181024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2017-06-13 14:14 - 2017-06-03 03:59 - 00118112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-06-13 14:14 - 2017-06-03 03:58 - 00340832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-06-13 14:14 - 2017-06-03 03:55 - 00780640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
2017-06-13 14:14 - 2017-06-03 03:54 - 00187232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2017-06-13 14:14 - 2017-06-03 03:52 - 01021784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxPackaging.dll
2017-06-13 14:14 - 2017-06-03 03:52 - 00607072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupEngine.dll
2017-06-13 14:14 - 2017-06-03 03:52 - 00111968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupApi.dll
2017-06-13 14:14 - 2017-06-03 03:50 - 00857440 _____ (Microsoft Corporation) C:\Windows\system32\WWAHost.exe
2017-06-13 14:14 - 2017-06-03 03:50 - 00381792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2017-06-13 14:14 - 2017-06-03 03:49 - 20967840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-06-13 14:14 - 2017-06-03 03:48 - 00857952 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupEngine.dll
2017-06-13 14:14 - 2017-06-03 03:48 - 00148832 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupApi.dll
2017-06-13 14:14 - 2017-06-03 03:45 - 22220864 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-06-13 14:14 - 2017-06-03 03:44 - 01412640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll
2017-06-13 14:14 - 2017-06-03 03:44 - 00545944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
2017-06-13 14:14 - 2017-06-03 03:39 - 05686272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2017-06-13 14:14 - 2017-06-03 03:39 - 02532192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-06-13 14:14 - 2017-06-03 03:33 - 00095232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataTimeUtil.dll
2017-06-13 14:14 - 2017-06-03 03:32 - 00002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-06-13 14:14 - 2017-06-03 03:31 - 00224256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExSMime.dll
2017-06-13 14:14 - 2017-06-03 03:31 - 00037376 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-06-13 14:14 - 2017-06-03 03:28 - 00285184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-06-13 14:14 - 2017-06-03 03:28 - 00232448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edputil.dll
2017-06-13 14:14 - 2017-06-03 03:26 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-06-13 14:14 - 2017-06-03 03:26 - 00100352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AuthBrokerUI.dll
2017-06-13 14:14 - 2017-06-03 03:23 - 00306688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieproxy.dll
2017-06-13 14:14 - 2017-06-03 03:22 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupShim.dll
2017-06-13 14:14 - 2017-06-03 03:22 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2017-06-13 14:14 - 2017-06-03 03:22 - 00181760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tcpipcfg.dll
2017-06-13 14:14 - 2017-06-03 03:20 - 00755712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-06-13 14:14 - 2017-06-03 03:19 - 01164288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2017-06-13 14:14 - 2017-06-03 03:16 - 00709120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2017-06-13 14:14 - 2017-06-03 03:16 - 00119808 _____ (Microsoft Corporation) C:\Windows\system32\UserDataTimeUtil.dll
2017-06-13 14:14 - 2017-06-03 03:15 - 19414016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-06-13 14:14 - 2017-06-03 03:15 - 18364928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2017-06-13 14:14 - 2017-06-03 03:15 - 00886272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aadtb.dll
2017-06-13 14:14 - 2017-06-03 03:15 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\musdialoghandlers.dll
2017-06-13 14:14 - 2017-06-03 03:15 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BasicRender.sys
2017-06-13 14:14 - 2017-06-03 03:14 - 00238592 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe
2017-06-13 14:14 - 2017-06-03 03:14 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-06-13 14:14 - 2017-06-03 03:14 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\MusNotificationUx.exe
2017-06-13 14:14 - 2017-06-03 03:12 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdProxy.dll
2017-06-13 14:14 - 2017-06-03 03:09 - 00441344 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2017-06-13 14:14 - 2017-06-03 03:08 - 12187648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-06-13 14:14 - 2017-06-03 03:08 - 02643968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-06-13 14:14 - 2017-06-03 03:08 - 01221120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Audio.dll
2017-06-13 14:14 - 2017-06-03 03:08 - 00691200 _____ (Microsoft Corporation) C:\Windows\system32\ieproxy.dll
2017-06-13 14:14 - 2017-06-03 03:07 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll
2017-06-13 14:14 - 2017-06-03 03:07 - 00456192 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2017-06-13 14:14 - 2017-06-03 03:06 - 03664384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-06-13 14:14 - 2017-06-03 03:05 - 01883648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Logon.dll
2017-06-13 14:14 - 2017-06-03 03:05 - 00295424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hnetcfg.dll
2017-06-13 14:14 - 2017-06-03 03:04 - 06042624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2017-06-13 14:14 - 2017-06-03 03:04 - 02006528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-06-13 14:14 - 2017-06-03 03:04 - 00773120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-06-13 14:14 - 2017-06-03 03:03 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-06-13 14:14 - 2017-06-03 03:02 - 02997760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2017-06-13 14:14 - 2017-06-03 02:56 - 13091840 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-06-13 14:14 - 2017-06-03 02:54 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Audio.dll
2017-06-13 14:14 - 2017-06-03 02:53 - 08125440 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2017-06-13 14:14 - 2017-06-03 02:52 - 03403264 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-06-13 14:14 - 2017-06-03 02:51 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupSvc.dll
2017-06-13 14:14 - 2017-06-03 02:50 - 04744704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-06-13 14:14 - 2017-06-03 02:50 - 02538496 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-06-13 14:14 - 2017-06-03 02:49 - 00903680 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-06-13 14:14 - 2017-06-03 02:48 - 01131008 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2017-06-13 14:14 - 2017-06-03 02:48 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-06-13 14:14 - 2017-06-03 02:48 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll
2017-06-13 14:14 - 2017-06-03 02:40 - 00483840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreMessaging.dll
2017-06-13 14:14 - 2017-05-24 23:56 - 00038752 _____ (Microsoft Corporation) C:\Windows\system32\OOBEUpdater.exe
2017-06-13 14:14 - 2017-03-04 00:22 - 00822784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll
2017-06-13 14:14 - 2017-03-04 00:19 - 00635904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-06-13 14:14 - 2017-03-04 00:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2017-06-13 14:14 - 2017-03-04 00:16 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\wpninprc.dll
2017-06-13 14:14 - 2016-09-06 22:53 - 00118272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppointmentActivation.dll
2017-06-13 14:13 - 2017-06-03 04:50 - 00192856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aepic.dll
2017-06-13 14:13 - 2017-06-03 04:14 - 01564512 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-06-13 14:13 - 2017-06-03 04:14 - 01214816 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-06-13 14:13 - 2017-06-03 04:14 - 00629088 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-06-13 14:13 - 2017-06-03 04:14 - 00544096 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-06-13 14:13 - 2017-06-03 04:14 - 00379232 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-06-13 14:13 - 2017-06-03 04:14 - 00335712 _____ (Microsoft Corporation) C:\Windows\system32\dcntel.dll
2017-06-13 14:13 - 2017-06-03 04:14 - 00334176 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-06-13 14:13 - 2017-06-03 04:14 - 00233824 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-06-13 14:13 - 2017-06-03 04:14 - 00136032 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-06-13 14:13 - 2017-06-03 04:14 - 00136024 _____ (Microsoft Corporation) C:\Windows\system32\ImplatSetup.dll
2017-06-13 14:13 - 2017-06-03 04:14 - 00096608 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-06-13 14:13 - 2017-06-03 04:14 - 00034648 _____ (Microsoft Corporation) C:\Windows\system32\DeviceCensus.exe
2017-06-13 14:13 - 2017-06-03 04:11 - 00128864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tm.sys
2017-06-13 14:13 - 2017-06-03 04:08 - 07783256 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-06-13 14:13 - 2017-06-03 04:01 - 02681200 _____ C:\Windows\system32\CoreUIComponents.dll
2017-06-13 14:13 - 2017-06-03 03:59 - 00764392 _____ (Microsoft Corporation) C:\Windows\system32\CoreMessaging.dll
2017-06-13 14:13 - 2017-06-03 03:53 - 00404824 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-06-13 14:13 - 2017-06-03 03:51 - 02187104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-06-13 14:13 - 2017-06-03 03:51 - 00402272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-06-13 14:13 - 2017-06-03 03:49 - 00624048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2017-06-13 14:13 - 2017-06-03 03:49 - 00509280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2017-06-13 14:13 - 2017-06-03 03:48 - 01112416 _____ (Microsoft Corporation) C:\Windows\system32\AppxPackaging.dll
2017-06-13 14:13 - 2017-06-03 03:48 - 01100128 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2017-06-13 14:13 - 2017-06-03 03:48 - 00989024 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2017-06-13 14:13 - 2017-06-03 03:44 - 01600624 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2017-06-13 14:13 - 2017-06-03 03:40 - 01566552 _____ (Microsoft Corporation) C:\Windows\system32\gdi32full.dll
2017-06-13 14:13 - 2017-06-03 03:40 - 00628552 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe
2017-06-13 14:13 - 2017-06-03 03:39 - 00455520 _____ (Microsoft Corporation) C:\Windows\system32\securekernel.exe
2017-06-13 14:13 - 2017-06-03 03:22 - 07217152 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2017-06-13 14:13 - 2017-06-03 03:18 - 22569984 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2017-06-13 14:13 - 2017-06-03 03:16 - 00002560 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-06-13 14:13 - 2017-06-03 03:14 - 00045056 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-06-13 14:13 - 2017-06-03 03:11 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\cloudAP.dll
2017-06-13 14:13 - 2017-06-03 03:10 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.BlockedShutdown.dll
2017-06-13 14:13 - 2017-06-03 03:10 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\edputil.dll
2017-06-13 14:13 - 2017-06-03 03:10 - 00117760 _____ (Microsoft Corporation) C:\Windows\system32\AuthBrokerUI.dll
2017-06-13 14:13 - 2017-06-03 03:09 - 00489472 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupShim.dll
2017-06-13 14:13 - 2017-06-03 03:09 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\NetworkBindingEngineMigPlugin.dll
2017-06-13 14:13 - 2017-06-03 03:08 - 00324608 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.LockScreen.dll
2017-06-13 14:13 - 2017-06-03 03:08 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-06-13 14:13 - 2017-06-03 03:07 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\HNetCfgClient.dll
2017-06-13 14:13 - 2017-06-03 03:06 - 00198144 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2017-06-13 14:13 - 2017-06-03 03:03 - 00932864 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-06-13 14:13 - 2017-06-03 03:01 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\efscore.dll
2017-06-13 14:13 - 2017-06-03 03:00 - 23677440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-06-13 14:13 - 2017-06-03 02:58 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\fdProxy.dll
2017-06-13 14:13 - 2017-06-03 02:52 - 02510848 _____ (Microsoft Corporation) C:\Windows\system32\NetworkMobileSettings.dll
2017-06-13 14:13 - 2017-06-03 02:52 - 00975872 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-06-13 14:13 - 2017-06-03 02:52 - 00886784 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2017-06-13 14:13 - 2017-06-03 02:51 - 01418240 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2017-06-13 14:13 - 2017-06-03 02:49 - 03615744 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2017-06-13 14:13 - 2017-06-03 02:49 - 02691072 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll
2017-06-13 14:13 - 2017-06-03 02:49 - 02475520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-06-13 14:13 - 2017-06-03 02:49 - 02318848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-06-13 14:13 - 2017-06-03 02:49 - 01845248 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-06-13 14:13 - 2017-06-03 02:49 - 01513472 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2017-06-13 14:13 - 2017-06-03 02:49 - 00351744 _____ (Microsoft Corporation) C:\Windows\system32\hnetcfg.dll
2017-06-13 14:13 - 2017-06-03 02:48 - 01490432 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-06-13 14:13 - 2017-06-03 02:46 - 01121280 _____ (Microsoft Corporation) C:\Windows\system32\aadtb.dll
2017-06-13 14:13 - 2017-06-03 00:08 - 00080078 _____ C:\Windows\system32\normidna.nls
2017-06-12 05:55 - 2017-06-12 05:55 - 00048944 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-06-06 19:34 - 2017-06-06 19:34 - 00061304 _____ () C:\Windows\system32\Drivers\lpsport.sys
2017-05-31 21:22 - 2017-06-14 12:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-05-25 15:20 - 2017-05-25 15:20 - 02262744 _____ C:\Users\auror\Downloads\2017_EBC_InterimFULLReport_WEB2.pdf
2017-05-20 17:00 - 2017-05-20 17:00 - 00452346 _____ C:\Users\auror\Downloads\Confirmation.pdf
2017-05-20 15:32 - 2017-05-20 15:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2017-05-20 15:31 - 2017-05-20 15:31 - 00000000 ____D C:\Program Files\ATI Technologies
2017-05-20 15:31 - 2017-05-20 15:31 - 00000000 ____D C:\Program Files (x86)\AMD
2017-05-20 11:29 - 2017-05-20 11:30 - 00001254 _____ C:\Users\rosss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update and Privacy Settings.lnk
2017-05-19 09:49 - 2017-05-19 09:49 - 01303786 _____ C:\Users\auror\Downloads\Unity Agreement SIGNED May 18.pdf
2017-05-17 20:24 - 2017-05-17 20:24 - 00001254 _____ C:\Users\auror\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update and Privacy Settings.lnk
2017-05-17 20:24 - 2017-05-17 20:24 - 00000000 ____D C:\Users\auror\AppData\Local\UNP
2017-05-17 18:45 - 2017-05-17 18:46 - 00000000 ____D C:\Program Files\UNP
2017-05-17 18:45 - 2017-05-17 18:45 - 00000000 ____D C:\Windows\system32\UNP
2017-05-17 17:29 - 2017-05-17 17:29 - 23764477 _____ C:\Users\auror\Desktop\MLA Mike Ellis - QP - May 17, 2017.mp4
2017-05-17 17:28 - 2017-05-17 17:28 - 00018808 _____ C:\Users\auror\Desktop\MLA Mike Ellis - QP - May 17, 2017.camproj
2017-05-17 17:26 - 2017-05-17 17:26 - 17935828 _____ C:\Users\auror\Desktop\MLA Ric McIver - QP - May 17, 2017.mp4
2017-05-17 17:25 - 2017-05-17 17:25 - 00018372 _____ C:\Users\auror\Desktop\MLA Ric McIver - QP - May 17, 2017.camproj
2017-05-17 17:23 - 2017-05-17 17:23 - 19745541 _____ C:\Users\auror\Desktop\MLA Dave Rodney - QP - May 17, 2017.mp4
2017-05-17 17:21 - 2017-05-17 17:21 - 00016941 _____ C:\Users\auror\Desktop\MLA Dave Rodney - QP - May 17, 2017.camproj
2017-05-17 17:17 - 2017-05-17 17:17 - 00016287 _____ C:\Users\auror\Desktop\hotrod.camproj
2017-05-17 17:10 - 2017-05-17 17:10 - 00001243 _____ C:\Users\Public\Desktop\Camtasia Studio 8.lnk
2017-05-17 17:10 - 2017-05-17 17:10 - 00000000 ____D C:\ProgramData\regid.1995-08.com.techsmith
2017-05-17 17:10 - 2017-05-17 17:10 - 00000000 ____D C:\Program Files (x86)\QuickTime
2017-05-17 17:09 - 2017-05-17 17:09 - 00000000 ____D C:\Program Files (x86)\TechSmith
2017-05-17 17:03 - 2017-05-17 17:05 - 00000000 ____D C:\Windows\system32\appmgmt
2017-05-17 16:57 - 2017-05-17 16:59 - 259561272 _____ C:\Users\auror\Downloads\camtasia (2).exe
2017-05-17 14:54 - 2017-05-17 15:12 - 261137096 _____ C:\Users\auror\Downloads\camtasia (1).exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-16 19:44 - 2017-04-25 02:24 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-06-16 19:44 - 2017-04-21 22:22 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-06-16 19:43 - 2017-04-25 02:23 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-06-16 19:43 - 2017-04-25 02:23 - 00000000 ____D C:\Users\auror\Desktop\mbar
2017-06-16 19:21 - 2016-11-24 18:36 - 00000000 ____D C:\Windows\system32\SleepStudy
2017-06-16 18:47 - 2016-11-24 18:48 - 01792190 _____ C:\Windows\system32\PerfStringBackup.INI
2017-06-16 18:42 - 2017-04-22 05:11 - 00000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2017-06-16 18:40 - 2016-07-16 05:47 - 00000000 ____D C:\Windows\TAPI
2017-06-16 18:40 - 2016-07-16 00:04 - 00524288 _____ C:\Windows\system32\config\BBI
2017-06-16 14:58 - 2017-04-26 03:39 - 00001090 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-06-16 14:58 - 2017-04-26 03:37 - 00001981 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2017-06-16 14:58 - 2017-04-26 03:37 - 00001969 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-06-16 14:54 - 2016-11-24 18:50 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2017-06-16 14:53 - 2016-11-24 18:36 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-16 14:17 - 2016-12-27 08:19 - 00000000 ___RD C:\Users\auror\Dropbox
2017-06-16 02:36 - 2017-04-23 03:14 - 00000000 ____D C:\Program Files\Bitdefender Agent
2017-06-16 02:32 - 2017-04-21 22:22 - 00001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-06-16 02:32 - 2017-04-21 22:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-06-16 02:06 - 2016-12-27 08:37 - 00000000 ____D C:\Users\auror\AppData\LocalLow\Mozilla
2017-06-16 02:03 - 2017-04-10 16:02 - 00000000 ____D C:\Users\auror\AppData\Local\CrashDumps
2017-06-16 01:35 - 2016-12-27 08:15 - 00000000 ____D C:\Users\auror
2017-06-15 11:25 - 2016-07-16 05:47 - 00000000 ____D C:\Windows\AppReadiness
2017-06-15 11:23 - 2016-07-16 05:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-15 02:00 - 2016-12-27 18:47 - 00000000 ____D C:\Users\auror\AppData\Local\Adobe
2017-06-14 12:31 - 2016-12-27 08:19 - 00000000 ____D C:\Users\auror\AppData\Local\Dropbox
2017-06-14 12:31 - 2016-11-24 18:53 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-06-14 04:28 - 2016-07-16 05:45 - 00000000 ____D C:\Windows\INF
2017-06-14 02:23 - 2016-07-16 05:47 - 00000000 ____D C:\Windows\rescache
2017-06-13 17:45 - 2017-05-14 23:44 - 00000000 ___RD C:\Users\auror\iCloudDrive
2017-06-13 17:43 - 2016-12-27 08:18 - 00000000 __SHD C:\Users\auror\IntelGraphicsProfiles
2017-06-13 17:41 - 2016-11-24 18:36 - 04897448 _____ C:\Windows\system32\FNTCACHE.DAT
2017-06-13 17:39 - 2016-07-16 05:47 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2017-06-13 17:39 - 2016-07-16 05:47 - 00000000 ____D C:\Windows\system32\appraiser
2017-06-13 17:39 - 2016-07-16 05:47 - 00000000 ____D C:\Windows\ShellExperiences
2017-06-13 14:29 - 2016-12-28 16:04 - 00000000 ____D C:\Windows\system32\MRT
2017-06-13 14:28 - 2016-12-27 08:05 - 00000000 ____D C:\Users\defaultuser0
2017-06-13 14:25 - 2016-12-28 16:04 - 133627792 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-06-13 14:25 - 2016-07-16 05:36 - 00000000 ____D C:\Windows\CbsTemp
2017-06-10 05:24 - 2017-02-01 17:02 - 00000000 ____D C:\ProgramData\AMD
2017-06-10 03:56 - 2017-04-26 03:37 - 00004268 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-06-06 21:00 - 2017-04-14 10:09 - 00000000 ___HD C:\OneDriveTemp
2017-06-06 21:00 - 2017-03-04 09:32 - 00000000 ___RD C:\Users\rosss\OneDrive
2017-06-06 18:12 - 2017-03-04 09:32 - 00000000 ____D C:\Users\rosss\AppData\Local\Dropbox
2017-06-06 18:11 - 2017-03-04 09:30 - 00000000 __SHD C:\Users\rosss\IntelGraphicsProfiles
2017-06-03 00:36 - 2016-07-16 05:49 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-06-03 00:36 - 2016-07-16 05:49 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-06-01 17:39 - 2017-04-26 03:39 - 00004000 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1493199562
2017-06-01 17:34 - 2016-11-24 18:46 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-06-01 17:34 - 2016-11-24 18:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2017-06-01 17:24 - 2016-11-24 19:00 - 00000000 ____D C:\Program Files (x86)\McAfee
2017-05-27 12:57 - 2016-07-16 05:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-05-27 12:55 - 2016-11-24 19:10 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-05-25 11:58 - 2017-04-21 22:22 - 00077376 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-05-24 08:40 - 2017-04-26 03:11 - 00000000 ____D C:\ProgramData\AVAST Software
2017-05-24 08:40 - 2016-12-27 08:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-24 08:40 - 2016-12-27 08:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-05-20 15:31 - 2016-11-24 18:49 - 00000000 ____D C:\Program Files\AMD
2017-05-17 17:18 - 2017-04-02 00:31 - 00000000 ____D C:\Users\auror\OneDrive\Documents\Camtasia Studio
2017-05-17 17:10 - 2017-04-02 00:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2017-05-17 17:09 - 2017-04-02 00:27 - 00000000 ____D C:\ProgramData\TechSmith
 
==================== Files in the root of some directories =======
 
2017-03-30 19:45 - 2017-03-30 19:45 - 0000033 _____ () C:\Users\auror\AppData\Roaming\AdobeWLCMCache.dat
2017-04-23 03:14 - 2017-04-23 03:14 - 0047724 _____ () C:\ProgramData\agent.1492938865.bdinstall.bin
2017-04-23 03:29 - 2017-04-23 03:29 - 0028403 _____ () C:\ProgramData\agent.1492939761.bdinstall.bin
2017-04-23 03:29 - 2017-04-23 03:29 - 0028404 _____ () C:\ProgramData\agent.1492939770.bdinstall.bin
2017-04-25 03:26 - 2017-04-25 03:26 - 0028404 _____ () C:\ProgramData\agent.1493112366.bdinstall.bin
2017-04-26 04:22 - 2017-04-26 04:22 - 0028757 _____ () C:\ProgramData\agent.1493202115.bdinstall.bin
2017-04-26 04:26 - 2017-04-26 04:26 - 0028440 _____ () C:\ProgramData\agent.1493202155.bdinstall.bin
2017-04-26 17:53 - 2017-04-26 17:53 - 0028759 _____ () C:\ProgramData\agent.1493250835.bdinstall.bin
2017-06-16 01:30 - 2017-06-16 01:30 - 0028410 _____ () C:\ProgramData\agent.1497598220.bdinstall.bin
2017-06-16 01:42 - 2017-06-16 01:42 - 0028405 _____ () C:\ProgramData\agent.1497598932.bdinstall.bin
2017-06-16 02:16 - 2017-06-16 02:16 - 0028410 _____ () C:\ProgramData\agent.1497601012.bdinstall.bin
2017-06-16 02:17 - 2017-06-16 02:17 - 0028409 _____ () C:\ProgramData\agent.1497601021.bdinstall.bin
2017-06-16 02:36 - 2017-06-16 02:36 - 0030646 _____ () C:\ProgramData\agent.update.1497602193.bdinstall.bin
2016-11-24 18:47 - 2016-11-24 18:47 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-11-24 18:55 - 2016-11-24 18:56 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2016-11-24 18:59 - 2016-11-24 18:59 - 0000105 _____ () C:\ProgramData\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}.log
2016-11-24 18:58 - 2016-11-24 18:58 - 0000100 _____ () C:\ProgramData\{6BADCD73-E925-46F7-A295-FF2448632728}.log
2016-11-24 18:59 - 2016-11-24 18:59 - 0000098 _____ () C:\ProgramData\{CEF5334F-B91A-4327-ACAE-AA50DCE3F995}.log
 
Files to move or delete:
====================
C:\Users\auror\AppData\Local\Temp\{A2BCB1B5-6A0C-4A22-B664-0BD648C088CE}\{6BB1184E-6C9C-47A8-8D9C-75C4461C2E7C}.cmd
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-06-06 18:44
 
==================== End of FRST.txt ============================


#4 Tenis

Tenis

    Bleepin' FX


  • Malware Study Hall Senior
  • 1,286 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:28 PM

Posted 26 June 2017 - 02:10 AM

you posted same log as previous.Please do a fresh scan and post the log.



#5 Tenis

Tenis

    Bleepin' FX


  • Malware Study Hall Senior
  • 1,286 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:28 PM

Posted 29 June 2017 - 02:31 AM

It's been three days.Do you still need help?



#6 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:58 AM

Posted 01 July 2017 - 12:00 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users