Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Really terrified. Someone seems to be very deep in my home network.


  • This topic is locked This topic is locked
10 replies to this topic

#1 cgrients22

cgrients22

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 24 June 2017 - 06:21 AM

Hey, i have been having some weird issues lately. Hoping you guys can help me find whats going on. Is it normal to have all those system roots with files missing? Please help.

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 6:15:36 AM, on 6/24/2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.0953)
 
 
Boot mode: Normal
 
Running processes:
C:\Program Files\AVAST Software\Avast\AvLaunch.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\Caleb Rients\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\Users\Caleb Rients\AppData\Roaming\Spotify\SpotifyWebHelper.exe
D:\Downloads\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Caleb Rients\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Caleb Rients\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [Spotify] "C:\Users\Caleb Rients\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\IntelCpHeciSvc.exe
O23 - Service: Intel® Content Protection HDCP Service (cplspcon) - Intel Corporation - C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\IntelCpHDCPSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Intel Corporation - C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igfxCUIService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Update service - Popcorn Time - C:\Program Files (x86)\Popcorn Time\Updater.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 7062 bytes
 


BC AdBot (Login to Remove)

 


#2 cgrients22

cgrients22
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 24 June 2017 - 06:43 AM

Here is my wife's log.

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 6:40:53 AM, on 6/24/2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.15063.0000)
 
 
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
C:\Users\Amy\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\PROGRA~2\RAPTRI~1\Raptr\raptr.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\PROGRA~2\RAPTRI~1\Raptr\raptr_im.exe
C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe
C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
C:\Users\Amy\Downloads\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1ewenusDefaultPack/SKY2_FRPage
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Raptr] "C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe" --startup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Amy\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'DefaultAppPool')
O4 - HKUS\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'DefaultAppPool')
O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe
O23 - Service: HitmanPro.Alert service (hmpalertsvc) - SurfRight B.V. - C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\WINDOWS\system32\mqsvc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 9305 bytes


#3 cgrients22

cgrients22
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 24 June 2017 - 06:58 AM

Some of the weird behaviors;

 

1. Bought a new router, ive set up routers so many times. When we set this one up, all of the webpages except facebook, youtube, etc were coming back with connection refused. I went to work and when I came back home everything was working normal.

2. When I went to malwarebytes, it packaged me the mac version (.dmg) of the download for some reason.

3. Someone was able to take over my mouse on numerous occasions. They would close windows and do other things to agitate me.

4. My attempt to download Hijack this failed and i had to reopen browser in incognito to get it to work. (this was on wifes computer)


Edited by cgrients22, 24 June 2017 - 07:01 AM.


#4 cgrients22

cgrients22
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 24 June 2017 - 07:24 AM

Also my wifes computer continues to show activity on the ethernet when it is shut down.



#5 Slurppa

Slurppa

  • Malware Study Hall Senior
  • 646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:40 PM

Posted 26 June 2017 - 10:31 PM

Hi cgrients22
Welcome to the Bleeping Computer!

My name is Slurppa and I am here to assist you.
Please give me some time to look over your issue and I will get back to you as soon as possible.

If you have any question please don't be afraid to ask! :)

Member of the Bleeping Computer A.I.I. early response team!


#6 Slurppa

Slurppa

  • Malware Study Hall Senior
  • 646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:40 PM

Posted 27 June 2017 - 10:27 PM

Hi cgrients22

Sorry for keeping you waiting.

Our topics are limited to one computer only so if you wish to have your wife's computer checked please create new topic for it
now or later when we are done with yours. If you do please send me or Oh My! a PM with link to the new topic
so we can start working on it immediately :)

From now on all my instructions are to be executed on your computer only.

Please familiarize yourself with the following guidelines:
  • Complete all the steps in their given order.
  • Update me about the current state of your computer.
  • If you have any problems or questions please let me know. If your are unsure how to continue please let me know.
  • Do not run any other fixes/programs that I have not instructed.
  • Copy and paste all logs into your post directly unless otherwise instructed. Don't attach logs.
  • Lack of symptoms does not mean the computer is clean. Please stick with me until I give you green light.

Is it normal to have all those system roots with files missing?


Yes, HijackThis is an old program and does not work very well with newer versions of Windows. :)
Listing system service files as missing is expected behavior.



:step1:

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce logs called FRST.txt and Addition.txt in the same directory the tool is run from.
  • Please copy and paste the logs back here.

Member of the Bleeping Computer A.I.I. early response team!


#7 cgrients22

cgrients22
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 28 June 2017 - 05:33 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-06-2017
Ran by cgrie (administrator) on DESKTOP-DU4I60U (28-06-2017 17:32:08)
Running from D:\Downloads
Loaded Profiles: Caleb Rients & cgrie (Available Profiles: defaultuser0 & Caleb Rients & cgrie)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Popcorn Time) C:\Program Files (x86)\Popcorn Time\Updater.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Spotify Ltd) C:\Users\Caleb Rients\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-05-09] (AVAST Software)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-1909762349-1440149133-2858788247-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3042592 2017-06-08] (Valve Corporation)
HKU\S-1-5-21-1909762349-1440149133-2858788247-1001\...\Run: [Spotify Web Helper] => C:\Users\Caleb Rients\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1562224 2017-06-21] (Spotify Ltd)
HKU\S-1-5-21-1909762349-1440149133-2858788247-1001\...\Run: [Spotify] => C:\Users\Caleb Rients\AppData\Roaming\Spotify\Spotify.exe [7047792 2017-06-21] (Spotify Ltd)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-09] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-09] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{380f6c07-4e49-4148-aa06-ae3bb3a10be7}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-1909762349-1440149133-2858788247-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
 
FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
 
Chrome: 
=======
CHR Profile: C:\Users\cgrie\AppData\Local\Google\Chrome\User Data\Default [2017-06-11]
CHR Extension: (Google Slides) - C:\Users\cgrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-27]
CHR Extension: (Google Docs) - C:\Users\cgrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-27]
CHR Extension: (Google Drive) - C:\Users\cgrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-27]
CHR Extension: (YouTube) - C:\Users\cgrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-27]
CHR Extension: (Avast SafePrice) - C:\Users\cgrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-12-27]
CHR Extension: (Google Sheets) - C:\Users\cgrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-12-27]
CHR Extension: (Google Docs Offline) - C:\Users\cgrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-27]
CHR Extension: (Avast Online Security) - C:\Users\cgrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-12-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\cgrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-27]
CHR Extension: (Gmail) - C:\Users\cgrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-27]
CHR Extension: (Chrome Media Router) - C:\Users\cgrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-27]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7346208 2017-05-09] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-05-09] (AVAST Software)
S3 cphs; C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\IntelCpHeciSvc.exe [301536 2016-11-02] (Intel Corporation)
S3 cplspcon; C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\IntelCpHDCPSvc.exe [480224 2016-11-02] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igfxCUIService.exe [341984 2016-11-02] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [339968 2016-08-26] (Popcorn Time) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc.)
R3 amdkmdag; C:\Windows\System32\DriverStore\FileRepository\c0309270.inf_amd64_47c09dd18e1ee4c5\atikmdag.sys [28729240 2016-12-07] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\System32\DriverStore\FileRepository\c0309270.inf_amd64_47c09dd18e1ee4c5\atikmpag.sys [530328 2016-12-07] (Advanced Micro Devices, Inc.)
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [311808 2017-05-09] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [190256 2017-05-09] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334576 2017-05-09] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [49016 2017-05-09] (AVAST Software s.r.o.)
S3 aswHdsKe; C:\Windows\system32\drivers\aswHdsKe.sys [92328 2017-06-10] (AVAST Software)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-05-09] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32600 2017-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [128648 2017-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-05-09] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1007160 2017-05-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [569192 2017-05-09] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [158880 2017-05-12] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [339696 2017-05-09] (AVAST Software)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [110104 2016-09-28] (Advanced Micro Devices)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77376 2017-06-24] ()
S3 igfx; C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igdkmd64.sys [11033056 2016-11-02] (Intel Corporation)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [188312 2017-06-24] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [113592 2017-06-28] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [44960 2017-06-28] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [252832 2017-06-28] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [93600 2017-06-28] (Malwarebytes)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-28 17:31 - 2017-06-28 17:32 - 00000000 ____D C:\FRST
2017-06-25 20:04 - 2017-06-25 20:04 - 00000000 ____D C:\Users\Caleb Rients\AppData\Roaming\Wireshark
2017-06-24 23:29 - 2017-06-24 23:29 - 36483788 _____ C:\Users\cgrie\Documents\spotify and reddit.pcapng
2017-06-24 15:32 - 2017-06-24 15:32 - 05801116 _____ C:\Users\cgrie\Documents\My Computer.pcapng
2017-06-24 11:46 - 2017-06-24 11:46 - 00001827 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2017-06-24 11:46 - 2017-06-24 11:46 - 00001815 _____ C:\Users\Public\Desktop\Wireshark.lnk
2017-06-24 11:46 - 2017-06-24 11:46 - 00001569 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark Legacy.lnk
2017-06-24 11:46 - 2017-06-24 11:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2017-06-24 11:46 - 2017-06-24 11:46 - 00000000 ____D C:\Program Files\Wireshark
2017-06-24 11:46 - 2017-06-24 11:46 - 00000000 ____D C:\Program Files (x86)\WinPcap
2017-06-24 09:08 - 2017-06-24 09:13 - 00000000 ____D C:\Users\Caleb Rients\Desktop\New folder (2)
2017-06-24 06:24 - 2017-06-28 17:24 - 00252832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-06-24 06:24 - 2017-06-28 17:24 - 00113592 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-06-24 06:24 - 2017-06-28 17:24 - 00093600 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-06-24 06:24 - 2017-06-28 17:24 - 00044960 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-06-24 06:24 - 2017-06-24 06:27 - 00077376 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-06-24 06:24 - 2017-06-24 06:24 - 00188312 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-06-24 06:24 - 2017-06-24 06:24 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-06-24 06:24 - 2017-06-24 06:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-06-24 06:24 - 2017-06-24 06:24 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-06-24 06:24 - 2017-06-24 06:24 - 00000000 ____D C:\Program Files\Malwarebytes
2017-06-21 21:13 - 2017-06-21 21:13 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-06-18 15:36 - 2017-06-18 15:36 - 00000000 ____D C:\Users\Caleb Rients\Documents\Audacity
2017-06-17 21:11 - 2017-06-18 15:51 - 00000000 ____D C:\Users\Caleb Rients\AppData\Roaming\audacity
2017-06-17 21:11 - 2017-06-17 21:11 - 00001092 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2017-06-17 21:11 - 2017-06-17 21:11 - 00001080 _____ C:\Users\Public\Desktop\Audacity.lnk
2017-06-17 21:11 - 2017-06-17 21:11 - 00000000 ____D C:\Users\Caleb Rients\AppData\Local\Audacity
2017-06-17 21:11 - 2017-06-17 21:11 - 00000000 ____D C:\Program Files (x86)\Audacity
2017-06-17 18:10 - 2017-06-17 21:16 - 00000000 ____D C:\Users\Caleb Rients\AppData\Roaming\Apowersoft
2017-06-17 18:10 - 2017-06-17 18:10 - 00000000 ____D C:\Users\Caleb Rients\AppData\Local\Apowersoft
2017-06-17 18:10 - 2017-06-17 18:10 - 00000000 ____D C:\ProgramData\Apowersoft
2017-06-17 18:09 - 2017-06-17 18:09 - 00000000 ____D C:\Users\cgrie\AppData\Roaming\Apowersoft
2017-06-17 18:09 - 2017-06-17 18:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apowersoft
2017-06-17 18:09 - 2017-06-17 18:09 - 00000000 ____D C:\Program Files (x86)\Apowersoft
2017-06-17 17:41 - 2017-06-17 18:00 - 00000000 ____D C:\Program Files (x86)\Dexpot
2017-06-17 17:41 - 2017-06-17 17:55 - 00000000 ____D C:\Users\Caleb Rients\AppData\Roaming\Dexpot
2017-06-13 22:31 - 2017-06-13 22:31 - 00000000 ___SD C:\Windows\UpdateAssistantV2
2017-06-13 19:45 - 2017-06-03 05:50 - 00315744 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-06-13 19:45 - 2017-06-03 05:50 - 00192856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aepic.dll
2017-06-13 19:45 - 2017-06-03 05:16 - 00279904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2017-06-13 19:45 - 2017-06-03 05:14 - 01564512 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-06-13 19:45 - 2017-06-03 05:14 - 01214816 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-06-13 19:45 - 2017-06-03 05:14 - 00629088 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-06-13 19:45 - 2017-06-03 05:14 - 00544096 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-06-13 19:45 - 2017-06-03 05:14 - 00379232 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-06-13 19:45 - 2017-06-03 05:14 - 00335712 _____ (Microsoft Corporation) C:\Windows\system32\dcntel.dll
2017-06-13 19:45 - 2017-06-03 05:14 - 00334176 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-06-13 19:45 - 2017-06-03 05:14 - 00233824 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-06-13 19:45 - 2017-06-03 05:14 - 00136032 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-06-13 19:45 - 2017-06-03 05:14 - 00136024 _____ (Microsoft Corporation) C:\Windows\system32\ImplatSetup.dll
2017-06-13 19:45 - 2017-06-03 05:14 - 00096608 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-06-13 19:45 - 2017-06-03 05:14 - 00034648 _____ (Microsoft Corporation) C:\Windows\system32\DeviceCensus.exe
2017-06-13 19:45 - 2017-06-03 05:11 - 01706488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-06-13 19:45 - 2017-06-03 05:11 - 00128864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tm.sys
2017-06-13 19:45 - 2017-06-03 05:09 - 02213760 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-06-13 19:45 - 2017-06-03 05:08 - 07783256 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-06-13 19:45 - 2017-06-03 05:06 - 02048496 _____ C:\Windows\SysWOW64\CoreUIComponents.dll
2017-06-13 19:45 - 2017-06-03 05:01 - 02681200 _____ C:\Windows\system32\CoreUIComponents.dll
2017-06-13 19:45 - 2017-06-03 04:59 - 01181024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2017-06-13 19:45 - 2017-06-03 04:59 - 00764392 _____ (Microsoft Corporation) C:\Windows\system32\CoreMessaging.dll
2017-06-13 19:45 - 2017-06-03 04:59 - 00118112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-06-13 19:45 - 2017-06-03 04:58 - 00340832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-06-13 19:45 - 2017-06-03 04:55 - 00780640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
2017-06-13 19:45 - 2017-06-03 04:54 - 00187232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2017-06-13 19:45 - 2017-06-03 04:53 - 00404824 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-06-13 19:45 - 2017-06-03 04:52 - 01021784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxPackaging.dll
2017-06-13 19:45 - 2017-06-03 04:52 - 00607072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupEngine.dll
2017-06-13 19:45 - 2017-06-03 04:52 - 00111968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupApi.dll
2017-06-13 19:45 - 2017-06-03 04:51 - 02187104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-06-13 19:45 - 2017-06-03 04:51 - 00402272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-06-13 19:45 - 2017-06-03 04:50 - 00857440 _____ (Microsoft Corporation) C:\Windows\system32\WWAHost.exe
2017-06-13 19:45 - 2017-06-03 04:50 - 00381792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2017-06-13 19:45 - 2017-06-03 04:49 - 20967840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-06-13 19:45 - 2017-06-03 04:49 - 00624048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2017-06-13 19:45 - 2017-06-03 04:49 - 00509280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2017-06-13 19:45 - 2017-06-03 04:48 - 01112416 _____ (Microsoft Corporation) C:\Windows\system32\AppxPackaging.dll
2017-06-13 19:45 - 2017-06-03 04:48 - 01100128 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2017-06-13 19:45 - 2017-06-03 04:48 - 00989024 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2017-06-13 19:45 - 2017-06-03 04:48 - 00857952 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupEngine.dll
2017-06-13 19:45 - 2017-06-03 04:48 - 00148832 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupApi.dll
2017-06-13 19:45 - 2017-06-03 04:45 - 22220864 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-06-13 19:45 - 2017-06-03 04:44 - 01600624 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2017-06-13 19:45 - 2017-06-03 04:44 - 01412640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll
2017-06-13 19:45 - 2017-06-03 04:44 - 00545944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
2017-06-13 19:45 - 2017-06-03 04:40 - 01566552 _____ (Microsoft Corporation) C:\Windows\system32\gdi32full.dll
2017-06-13 19:45 - 2017-06-03 04:40 - 00628552 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe
2017-06-13 19:45 - 2017-06-03 04:39 - 05686272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2017-06-13 19:45 - 2017-06-03 04:39 - 02532192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-06-13 19:45 - 2017-06-03 04:39 - 00455520 _____ (Microsoft Corporation) C:\Windows\system32\securekernel.exe
2017-06-13 19:45 - 2017-06-03 04:33 - 00095232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataTimeUtil.dll
2017-06-13 19:45 - 2017-06-03 04:32 - 00002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-06-13 19:45 - 2017-06-03 04:31 - 00224256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExSMime.dll
2017-06-13 19:45 - 2017-06-03 04:31 - 00037376 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-06-13 19:45 - 2017-06-03 04:28 - 00285184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-06-13 19:45 - 2017-06-03 04:28 - 00232448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edputil.dll
2017-06-13 19:45 - 2017-06-03 04:26 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-06-13 19:45 - 2017-06-03 04:26 - 00100352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AuthBrokerUI.dll
2017-06-13 19:45 - 2017-06-03 04:23 - 00306688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieproxy.dll
2017-06-13 19:45 - 2017-06-03 04:22 - 07217152 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2017-06-13 19:45 - 2017-06-03 04:22 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupShim.dll
2017-06-13 19:45 - 2017-06-03 04:22 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2017-06-13 19:45 - 2017-06-03 04:22 - 00181760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tcpipcfg.dll
2017-06-13 19:45 - 2017-06-03 04:20 - 00755712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-06-13 19:45 - 2017-06-03 04:19 - 01164288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2017-06-13 19:45 - 2017-06-03 04:18 - 22569984 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2017-06-13 19:45 - 2017-06-03 04:16 - 00709120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2017-06-13 19:45 - 2017-06-03 04:16 - 00119808 _____ (Microsoft Corporation) C:\Windows\system32\UserDataTimeUtil.dll
2017-06-13 19:45 - 2017-06-03 04:16 - 00002560 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-06-13 19:45 - 2017-06-03 04:15 - 19414016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-06-13 19:45 - 2017-06-03 04:15 - 18364928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2017-06-13 19:45 - 2017-06-03 04:15 - 00886272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aadtb.dll
2017-06-13 19:45 - 2017-06-03 04:15 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\musdialoghandlers.dll
2017-06-13 19:45 - 2017-06-03 04:15 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BasicRender.sys
2017-06-13 19:45 - 2017-06-03 04:14 - 00238592 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe
2017-06-13 19:45 - 2017-06-03 04:14 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-06-13 19:45 - 2017-06-03 04:14 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\MusNotificationUx.exe
2017-06-13 19:45 - 2017-06-03 04:14 - 00045056 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-06-13 19:45 - 2017-06-03 04:12 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdProxy.dll
2017-06-13 19:45 - 2017-06-03 04:11 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\cloudAP.dll
2017-06-13 19:45 - 2017-06-03 04:10 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.BlockedShutdown.dll
2017-06-13 19:45 - 2017-06-03 04:10 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\edputil.dll
2017-06-13 19:45 - 2017-06-03 04:10 - 00117760 _____ (Microsoft Corporation) C:\Windows\system32\AuthBrokerUI.dll
2017-06-13 19:45 - 2017-06-03 04:09 - 00489472 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupShim.dll
2017-06-13 19:45 - 2017-06-03 04:09 - 00441344 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2017-06-13 19:45 - 2017-06-03 04:09 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\NetworkBindingEngineMigPlugin.dll
2017-06-13 19:45 - 2017-06-03 04:08 - 12187648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-06-13 19:45 - 2017-06-03 04:08 - 02643968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-06-13 19:45 - 2017-06-03 04:08 - 01221120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Audio.dll
2017-06-13 19:45 - 2017-06-03 04:08 - 00691200 _____ (Microsoft Corporation) C:\Windows\system32\ieproxy.dll
2017-06-13 19:45 - 2017-06-03 04:08 - 00324608 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.LockScreen.dll
2017-06-13 19:45 - 2017-06-03 04:08 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-06-13 19:45 - 2017-06-03 04:07 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll
2017-06-13 19:45 - 2017-06-03 04:07 - 00456192 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2017-06-13 19:45 - 2017-06-03 04:07 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\HNetCfgClient.dll
2017-06-13 19:45 - 2017-06-03 04:06 - 03664384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-06-13 19:45 - 2017-06-03 04:06 - 00198144 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2017-06-13 19:45 - 2017-06-03 04:05 - 01883648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Logon.dll
2017-06-13 19:45 - 2017-06-03 04:05 - 00295424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hnetcfg.dll
2017-06-13 19:45 - 2017-06-03 04:04 - 06042624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2017-06-13 19:45 - 2017-06-03 04:04 - 02006528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-06-13 19:45 - 2017-06-03 04:04 - 00773120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-06-13 19:45 - 2017-06-03 04:03 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-06-13 19:45 - 2017-06-03 04:03 - 00932864 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-06-13 19:45 - 2017-06-03 04:02 - 02997760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2017-06-13 19:45 - 2017-06-03 04:01 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\efscore.dll
2017-06-13 19:45 - 2017-06-03 04:00 - 23677440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-06-13 19:45 - 2017-06-03 03:58 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\fdProxy.dll
2017-06-13 19:45 - 2017-06-03 03:56 - 13091840 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-06-13 19:45 - 2017-06-03 03:54 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Audio.dll
2017-06-13 19:45 - 2017-06-03 03:53 - 08125440 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2017-06-13 19:45 - 2017-06-03 03:52 - 03403264 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-06-13 19:45 - 2017-06-03 03:52 - 02510848 _____ (Microsoft Corporation) C:\Windows\system32\NetworkMobileSettings.dll
2017-06-13 19:45 - 2017-06-03 03:52 - 00975872 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-06-13 19:45 - 2017-06-03 03:52 - 00886784 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2017-06-13 19:45 - 2017-06-03 03:51 - 01418240 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2017-06-13 19:45 - 2017-06-03 03:51 - 00266752 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupSvc.dll
2017-06-13 19:45 - 2017-06-03 03:50 - 04744704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-06-13 19:45 - 2017-06-03 03:50 - 02538496 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-06-13 19:45 - 2017-06-03 03:49 - 03615744 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2017-06-13 19:45 - 2017-06-03 03:49 - 02691072 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll
2017-06-13 19:45 - 2017-06-03 03:49 - 02475520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-06-13 19:45 - 2017-06-03 03:49 - 02318848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-06-13 19:45 - 2017-06-03 03:49 - 01845248 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-06-13 19:45 - 2017-06-03 03:49 - 01513472 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2017-06-13 19:45 - 2017-06-03 03:49 - 00903680 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-06-13 19:45 - 2017-06-03 03:49 - 00351744 _____ (Microsoft Corporation) C:\Windows\system32\hnetcfg.dll
2017-06-13 19:45 - 2017-06-03 03:48 - 01490432 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-06-13 19:45 - 2017-06-03 03:48 - 01131008 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2017-06-13 19:45 - 2017-06-03 03:48 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-06-13 19:45 - 2017-06-03 03:48 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll
2017-06-13 19:45 - 2017-06-03 03:46 - 01121280 _____ (Microsoft Corporation) C:\Windows\system32\aadtb.dll
2017-06-13 19:45 - 2017-06-03 03:40 - 00483840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreMessaging.dll
2017-06-13 19:45 - 2017-06-03 01:08 - 00080078 _____ C:\Windows\system32\normidna.nls
2017-06-13 19:45 - 2017-05-25 00:56 - 00038752 _____ (Microsoft Corporation) C:\Windows\system32\OOBEUpdater.exe
2017-06-13 19:45 - 2017-03-04 01:22 - 00822784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll
2017-06-13 19:45 - 2017-03-04 01:19 - 00635904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-06-13 19:45 - 2017-03-04 01:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2017-06-13 19:45 - 2017-03-04 01:16 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\wpninprc.dll
2017-06-13 19:45 - 2016-09-06 23:53 - 00118272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppointmentActivation.dll
2017-06-11 21:34 - 2017-06-11 21:34 - 00242666 _____ C:\Users\Caleb Rients\Desktop\test details.pdf
2017-06-11 20:22 - 2017-06-10 19:31 - 00092328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHdsKe.sys
2017-06-11 18:29 - 2017-06-11 18:29 - 00000000 ____D C:\Users\cgrie\AppData\Local\ElevatedDiagnostics
2017-06-11 18:23 - 2017-06-11 18:23 - 00004118 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{B39B71A8-16F8-4FEF-BE11-28F949EAA8C3}
2017-06-11 18:23 - 2017-06-11 18:23 - 00000000 ____D C:\Users\cgrie\AppData\Roaming\Adobe
2017-06-11 18:23 - 2017-06-11 18:23 - 00000000 ____D C:\Users\cgrie\AppData\Local\AMD
2017-06-08 20:01 - 2017-06-08 20:01 - 00061304 _____ () C:\Windows\system32\Drivers\lpsport.sys
2017-06-08 19:48 - 2017-06-24 07:19 - 00000000 ____D C:\Windows\pss
2017-06-07 20:18 - 2017-06-07 20:22 - 00000000 ____D C:\ProgramData\Movavi Video Editor 12
2017-06-07 20:18 - 2017-06-07 20:18 - 00005111 _____ C:\ProgramData\czchsjpj.srw
2017-06-07 20:18 - 2017-06-07 20:18 - 00001193 _____ C:\Users\Public\Desktop\Movavi Video Editor 12.lnk
2017-06-07 20:18 - 2017-06-07 20:18 - 00000016 _____ C:\ProgramData\mntemp
2017-06-07 20:18 - 2017-06-07 20:18 - 00000000 ____D C:\Users\Caleb Rients\AppData\Local\VideoEditor
2017-06-07 20:18 - 2017-06-07 20:18 - 00000000 ____D C:\Users\Caleb Rients\AppData\Local\Movavi
2017-06-07 20:18 - 2017-06-07 20:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movavi Video Editor 12
2017-06-07 20:18 - 2017-06-07 20:18 - 00000000 ____D C:\Program Files (x86)\Movavi Video Editor 12
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-28 17:32 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-28 17:32 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\AppReadiness
2017-06-28 17:31 - 2016-12-27 19:32 - 00000000 ____D C:\Users\cgrie
2017-06-28 17:30 - 2016-12-27 12:38 - 01863752 _____ C:\Windows\system32\PerfStringBackup.INI
2017-06-28 17:28 - 2017-01-01 13:45 - 00000000 ____D C:\Users\Caleb Rients\AppData\Local\Spotify
2017-06-28 17:27 - 2017-01-01 13:45 - 00000000 ____D C:\Users\Caleb Rients\AppData\Roaming\Spotify
2017-06-28 17:27 - 2016-12-26 22:19 - 00000000 ____D C:\Program Files (x86)\Steam
2017-06-28 17:24 - 2016-12-27 12:33 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-28 17:24 - 2016-12-27 12:33 - 00000000 ____D C:\Windows\system32\SleepStudy
2017-06-26 18:26 - 2016-12-27 12:51 - 00004182 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{F65ADC84-62AB-4B23-81F2-5AB00D87224A}
2017-06-25 19:17 - 2016-12-27 12:42 - 00000000 ____D C:\Users\Caleb Rients
2017-06-24 21:15 - 2016-12-26 22:27 - 00000000 ____D C:\Users\Caleb Rients\AppData\Local\Battle.net
2017-06-24 21:15 - 2016-12-26 22:26 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-06-24 11:46 - 2016-12-27 19:33 - 00000000 ____D C:\ProgramData\Package Cache
2017-06-24 09:53 - 2016-12-27 12:44 - 00000000 ___RD C:\Users\Caleb Rients\OneDrive
2017-06-24 09:33 - 2017-01-01 21:26 - 00000000 ____D C:\Users\Caleb Rients\AppData\Roaming\vlc
2017-06-24 07:22 - 2016-07-16 01:04 - 00524288 _____ C:\Windows\system32\config\BBI
2017-06-24 07:19 - 2016-12-27 19:34 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2017-06-24 06:15 - 2016-12-27 12:42 - 00000000 ____D C:\Users\Caleb Rients\AppData\Local\VirtualStore
2017-06-21 15:34 - 2017-02-06 17:19 - 00000000 ____D C:\Users\Caleb Rients\Desktop\New folder
2017-06-21 15:06 - 2016-12-26 22:30 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2017-06-20 18:35 - 2016-12-27 12:44 - 00002388 _____ C:\Users\Caleb Rients\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-06-20 18:35 - 2016-12-26 21:47 - 00003304 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2
2017-06-17 17:04 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\rescache
2017-06-14 18:18 - 2016-12-27 12:42 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-06-14 18:18 - 2016-12-27 12:33 - 00194192 _____ C:\Windows\system32\FNTCACHE.DAT
2017-06-14 18:18 - 2016-07-16 06:45 - 00000000 ____D C:\Windows\INF
2017-06-13 22:31 - 2016-07-16 06:47 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2017-06-13 22:31 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\system32\appraiser
2017-06-13 22:31 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\ShellExperiences
2017-06-13 19:50 - 2016-12-27 22:13 - 00000000 ____D C:\Windows\system32\MRT
2017-06-13 19:49 - 2016-12-27 22:13 - 133627792 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-06-13 19:49 - 2016-07-16 06:36 - 00000000 ____D C:\Windows\CbsTemp
2017-06-11 21:37 - 2017-03-19 22:57 - 00004268 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-06-11 18:29 - 2016-07-16 06:47 - 00000000 ____D C:\Windows\system32\NDF
2017-06-03 01:36 - 2016-07-16 06:49 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-06-03 01:36 - 2016-07-16 06:49 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-05-31 22:08 - 2016-12-26 20:58 - 00004022 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1482803919
2017-05-31 22:08 - 2016-12-26 20:58 - 00001088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
 
==================== Files in the root of some directories =======
 
2017-06-07 20:18 - 2017-06-07 20:18 - 0005111 _____ () C:\ProgramData\czchsjpj.srw
2017-06-07 20:18 - 2017-06-07 20:18 - 0000016 _____ () C:\ProgramData\mntemp
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-06-18 12:34
 
==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-06-2017
Ran by cgrie (28-06-2017 17:32:30)
Running from D:\Downloads
Windows 10 Home Version 1607 (X64) (2016-12-27 17:42:14)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1909762349-1440149133-2858788247-500 - Administrator - Disabled)
Caleb Rients (S-1-5-21-1909762349-1440149133-2858788247-1001 - Limited - Enabled) => C:\Users\Caleb Rients
cgrie (S-1-5-21-1909762349-1440149133-2858788247-1003 - Administrator - Enabled) => C:\Users\cgrie
DefaultAccount (S-1-5-21-1909762349-1440149133-2858788247-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-1909762349-1440149133-2858788247-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-1909762349-1440149133-2858788247-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Audacity 2.1.3 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.3 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.4.2294 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Catalyst Control Center Next Localization BR (HKLM\...\{C402C2F5-0B95-5471-4222-65DF5990944B}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{865C66DE-2F96-0AB1-08BE-B9F383243908}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{1BCFB20E-BA45-D946-EF8D-3EAC2CA566C5}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{3CCD7507-7F42-BADB-BD22-0064CF9C1EF2}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{1BE2EDCF-552B-D641-AA4B-9333C376AEAF}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{101EBA1D-F8F0-1E97-D2FD-68917DC1A7AC}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{719B690B-D0DC-E4DE-30EC-F4A1EE895AAE}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{8D17B022-9CA1-C7CA-A4D6-985E160FD686}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{BE20EFC0-79CB-6273-BEC6-17C1B2F949C5}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{C9BCA81B-16E7-EC73-45BA-8180B4A476C7}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{C2088603-B655-ED5B-BBE0-5CEFE17B8DEE}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{5F8DCCF0-AD91-9DDA-59B3-5E25898415CD}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{5D247D18-F5FC-1976-E2A8-35BBB9F6DD31}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{101534C4-8ABB-3C5F-4C35-3681D1EDDAE3}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{1E1FEFF2-5AA0-DB57-BDD5-D1778ACA12BE}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{181093C9-7497-B4A8-BF51-7C59786DD43D}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{B99E3435-0B06-210C-B1B8-5954D5ADF936}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{EF3FA700-D95B-FEEA-A479-222E2FFEBD07}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{3E4EC972-F3AD-DD8D-2BC8-4BCA6A52F87F}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{3FFDB58D-66AA-0A6E-6C07-366BF048E7D3}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{E60E7ABF-D1B6-C976-3073-02D79ECD2DC5}) (Version: 2016.1204.1136.20853 - Advanced Micro Devices, Inc.) Hidden
CPUID HWMonitor 1.24 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Darkest Dungeon (HKLM\...\Steam App 262060) (Version:  - Red Hook Studios)
Discord (HKU\S-1-5-21-1909762349-1440149133-2858788247-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Divinity: Original Sin Enhanced Edition (HKLM\...\Steam App 373420) (Version:  - Larian Studios)
Don't Starve Together (HKLM\...\Steam App 322330) (Version:  - Klei Entertainment)
Dota 2 (HKLM\...\Steam App 570) (Version:  - Valve)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4534 - Intel Corporation)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-1909762349-1440149133-2858788247-1001\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649 (HKLM-x32\...\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Movavi Video Editor 12 (HKLM-x32\...\Movavi Video Editor 12) (Version: 12.4.0 - Movavi)
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: 5.6.0.2 - Popcorn Time) <==== ATTENTION
RimWorld (HKLM\...\Steam App 294100) (Version:  - Ludeon Studios)
SafeZone Stable 3.55.2393.607 (HKLM-x32\...\SafeZone 3.55.2393.607) (Version: 3.55.2393.607 - Avast Software) Hidden
Sid Meier's Civilization VI (HKLM\...\Steam App 289070) (Version:  - Firaxis)
Spotify (HKU\S-1-5-21-1909762349-1440149133-2858788247-1001\...\Spotify) (Version: 1.0.57.474.gca9c9538 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Streaming Audio Recorder V4.1.8 (HKLM-x32\...\{B6D9D06B-4B4D-4B41-B963-C056B627F704}_is1) (Version: 4.1.8 - APOWERSOFT LIMITED)
The Witcher 3: Wild Hunt (HKLM\...\Steam App 292030) (Version:  - CD PROJEKT RED)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Wireshark 2.2.7 (64-bit) (HKLM-x32\...\Wireshark) (Version: 2.2.7 - The Wireshark developer community, hxxps://www.wireshark.org)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {552BD38D-B3ED-449D-B0F2-FFCBE32B4A44} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-13] (AVAST Software)
Task: {7FD8A93D-65FB-4F9C-A3E0-B6DB2383EE6F} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2016-12-04] (Advanced Micro Devices, Inc.)
Task: {A9AEEEC1-DC71-41F6-A7C2-E0762F7FFC9B} - System32\Tasks\SafeZone scheduled Autoupdate 1482803919 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-05-17] (Avast Software)
Task: {B54E0D87-DC89-4B05-A61C-2A42A2087BB2} - System32\Tasks\OneDrive Standalone Update Task v2 => C:\Users\cgrie\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {BDC6C927-B467-40C7-AB0A-3EC1357DAB5C} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-05-09] (AVAST Software)
Task: {D4333B23-4FF5-4CBE-A681-4C6095C08CD2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-26] (Google Inc.)
Task: {FDCC63C9-CA53-4022-9622-D2D744A2F7E8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-12-26] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\Windows\SYSTEM32\ism32k.dll
2017-06-13 19:45 - 2017-06-03 05:01 - 02681200 _____ () C:\Windows\system32\CoreUIComponents.dll
2017-06-24 06:24 - 2017-06-24 06:27 - 02270664 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-09-15 01:30 - 2016-09-15 01:30 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-09-15 01:30 - 2016-09-15 01:30 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-15 01:30 - 2016-09-15 01:30 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2016-09-15 01:30 - 2016-09-15 01:30 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-09-15 01:30 - 2016-09-15 01:30 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-09-15 01:30 - 2016-09-15 01:30 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-09-15 01:30 - 2016-09-15 01:30 - 00191488 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2016-12-27 22:10 - 2016-09-06 23:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-14 21:08 - 2017-03-04 01:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-14 21:08 - 2017-03-04 01:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-14 21:08 - 2017-03-04 01:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-14 21:08 - 2017-03-04 01:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-06-13 19:45 - 2017-06-03 03:47 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-06-13 19:45 - 2017-06-03 03:47 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-06-13 19:45 - 2017-06-03 03:51 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-06-21 10:26 - 2017-06-21 10:27 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-06-21 10:26 - 2017-06-21 10:27 - 00203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-06-21 10:26 - 2017-06-21 10:27 - 43454464 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-06-21 10:26 - 2017-06-21 10:27 - 02437120 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\skypert.dll
2017-05-10 19:03 - 2017-05-09 04:13 - 03767640 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libglesv2.dll
2017-05-10 19:03 - 2017-05-09 04:13 - 00100696 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libegl.dll
2017-05-09 22:08 - 2017-05-09 22:08 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-05-09 22:08 - 2017-05-09 22:08 - 00997896 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-05-09 22:08 - 2017-05-09 22:08 - 67717632 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-05-09 22:08 - 2017-05-09 22:08 - 00176992 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-05-09 22:08 - 2017-05-09 22:08 - 00223224 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-05-09 22:08 - 2017-05-09 22:08 - 00291824 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-05-09 22:08 - 2017-05-09 22:08 - 00684656 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-12-26 22:20 - 2017-05-16 20:54 - 00678176 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-12-26 22:20 - 2016-08-31 20:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-12-26 22:20 - 2017-06-08 00:42 - 02485536 _____ () C:\Program Files (x86)\Steam\video.dll
2016-12-26 22:20 - 2016-08-31 20:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-12-26 22:20 - 2016-08-31 20:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-12-26 22:20 - 2016-01-27 02:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-12-26 22:20 - 2016-01-27 02:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-12-26 22:20 - 2016-01-27 02:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-12-26 22:20 - 2016-01-27 02:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-12-26 22:20 - 2016-01-27 02:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-12-26 22:20 - 2017-06-08 00:42 - 00877856 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-12-26 22:20 - 2016-07-04 17:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-12-26 22:21 - 2017-05-08 14:45 - 69516064 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2017-06-08 19:48 - 2017-05-16 20:54 - 00678176 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2016-12-26 22:20 - 2017-06-08 00:42 - 00385312 _____ () C:\Program Files (x86)\Steam\steam.dll
2017-01-01 13:45 - 2017-06-21 21:14 - 00189040 _____ () C:\Users\Caleb Rients\AppData\Roaming\Spotify\SpotifyWinRT.dll
2017-06-28 17:32 - 2017-06-28 17:32 - 17809408 _____ () C:\Program Files\WindowsApps\9E2F88E3.Twitter_5.8.0.0_x86__wgeqdkkx372wm\Twitter.Windows.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-07-16 06:47 - 2016-07-16 06:45 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1909762349-1440149133-2858788247-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Caleb Rients\AppData\Roaming\Dexpot\Hintergrund 1.jpg
HKU\S-1-5-21-1909762349-1440149133-2858788247-1003\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{BEBD0126-805B-4867-9E9D-9673340FB823}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5E254E7C-0938-4A9A-9E07-BBB8C6501C71}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{EB50B1C3-E54C-4204-BC79-5AE676F84784}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{352B2668-CE27-4BB8-A719-3CC550848F53}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{7D44344E-34A4-40E9-9EBC-540655E6ED91}C:\program files (x86)\heroes of the storm\versions\base49008\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base49008\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{D1A10557-29BC-401C-8A0F-9E21754358CA}C:\program files (x86)\heroes of the storm\versions\base49008\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base49008\heroesofthestorm_x64.exe
FirewallRules: [{93D49C92-E410-4152-BC86-E05928168F00}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{A4F4D836-6991-4415-9613-846CADA7888B}] => (Allow) C:\Program Files (x86)\Popcorn Time\Updater.exe
FirewallRules: [{44C0CEE6-C475-4E57-9E21-84E855B6779F}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{159C5A35-EDDB-43DA-B504-7EB87982A16F}] => (Allow) C:\Program Files (x86)\Popcorn Time\PopcornTimeDesktop.exe
FirewallRules: [{CFFD44EB-1934-499C-B1A6-6A6F6F200210}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [{0FC01F67-9134-43A1-9043-D4A94EFAD027}] => (Allow) C:\Program Files (x86)\Popcorn Time\chromecast\node.exe
FirewallRules: [TCP Query User{5F39698E-F886-474B-9C40-493266170137}C:\users\caleb rients\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\caleb rients\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{707A1A40-8E2D-45D5-B8CC-DFF9BF45412B}C:\users\caleb rients\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\caleb rients\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{91955538-53AA-423D-B41A-0D7F76DB0276}C:\program files (x86)\heroes of the storm\versions\base49076\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base49076\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{3B1DB6F4-3831-4747-ABE8-89B82C576184}C:\program files (x86)\heroes of the storm\versions\base49076\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base49076\heroesofthestorm_x64.exe
FirewallRules: [{B87BF45C-6F79-4D79-9CE2-13346997D984}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe
FirewallRules: [{0238D3B9-6FD6-4AD8-8A72-5B7CD7DA953F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe
FirewallRules: [TCP Query User{ADE64D73-6FB7-41B5-91A1-4B1CEB5519E0}C:\program files (x86)\heroes of the storm\versions\base49278\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base49278\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{23F5A1D1-A766-4217-B1DD-8F81D2FAE3F0}C:\program files (x86)\heroes of the storm\versions\base49278\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base49278\heroesofthestorm_x64.exe
FirewallRules: [{8BA65993-2560-476C-80C8-4F71FACFB13C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe
FirewallRules: [{BF34FF6D-95EC-42E1-A3CD-A5FB12B7C179}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe
FirewallRules: [TCP Query User{E473A2B6-2205-4601-9D1B-68C4DC0C26EC}C:\program files (x86)\popcorn time\chromecast\node.exe] => (Block) C:\program files (x86)\popcorn time\chromecast\node.exe
FirewallRules: [UDP Query User{420A8216-54CD-4D82-85A7-A8B0B93DFEA8}C:\program files (x86)\popcorn time\chromecast\node.exe] => (Block) C:\program files (x86)\popcorn time\chromecast\node.exe
FirewallRules: [TCP Query User{539D6A10-1AC3-4618-B07A-AAE60F695C97}C:\program files (x86)\heroes of the storm\versions\base49747\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base49747\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{29547613-9A97-4958-A372-E8AB44EEC27A}C:\program files (x86)\heroes of the storm\versions\base49747\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base49747\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{FDCBC5D7-6139-4B64-8B4C-D44328798D14}C:\program files (x86)\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe
FirewallRules: [UDP Query User{19DC5681-D98F-435C-8A06-567006AE2F93}C:\program files (x86)\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\don't starve together\bin\dontstarve_dedicated_server_nullrenderer.exe
FirewallRules: [TCP Query User{952728C2-0ED4-46B9-B5E7-0190B56A5F81}C:\program files (x86)\heroes of the storm\versions\base50286\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base50286\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{437F1CE2-C0CA-4CA9-ABE1-83ECFFE925B0}C:\program files (x86)\heroes of the storm\versions\base50286\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base50286\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{11F1C203-4DBF-48F2-A6CD-C49AD1F45801}C:\program files (x86)\heroes of the storm\versions\base50441\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base50441\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{2E487D0C-730E-4154-9DC7-3B1E42E3EA61}C:\program files (x86)\heroes of the storm\versions\base50441\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base50441\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{1071CE13-D46C-483A-8700-CFFCC86BC0A5}C:\program files (x86)\battle.net\battle.net.8394\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8394\battle.net.exe
FirewallRules: [UDP Query User{3614E261-57D9-44CE-9474-8098A1799EDF}C:\program files (x86)\battle.net\battle.net.8394\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8394\battle.net.exe
FirewallRules: [TCP Query User{DC2FA68D-3CF3-4CBC-8809-3B678B424782}C:\program files (x86)\heroes of the storm\versions\base50950\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base50950\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{DA199B60-6021-47FA-B10C-9E638C2C7ACE}C:\program files (x86)\heroes of the storm\versions\base50950\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base50950\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{C0583C71-06DF-42C9-B7F2-FEBB62ABCAD8}C:\program files (x86)\battle.net\battle.net.8423\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8423\battle.net.exe
FirewallRules: [UDP Query User{E16F6B7B-DA40-42DF-9F6D-F14DEB36535D}C:\program files (x86)\battle.net\battle.net.8423\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8423\battle.net.exe
FirewallRules: [TCP Query User{C8EC87AD-6218-4BEB-A645-EDEC936570D6}C:\program files (x86)\heroes of the storm\versions\base51375\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base51375\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{D48C223A-5045-4779-9DA6-8294CDB0CD65}C:\program files (x86)\heroes of the storm\versions\base51375\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base51375\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{6FC0BD2E-2280-47CB-B457-8F8F2EBED3E6}C:\program files (x86)\battle.net\battle.net.8518\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8518\battle.net.exe
FirewallRules: [UDP Query User{B2AE3A27-E7CF-4D7D-94BD-0EBCBA9D79B8}C:\program files (x86)\battle.net\battle.net.8518\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8518\battle.net.exe
FirewallRules: [TCP Query User{F28EC142-AFAF-47FA-B23E-731AC235E47E}C:\program files (x86)\heroes of the storm\versions\base51779\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base51779\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{30BD59C4-4E31-433F-88EF-41C0565CB4FF}C:\program files (x86)\heroes of the storm\versions\base51779\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base51779\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{00054025-5BCF-4C12-82F2-C7C26C5DDEDE}C:\program files (x86)\heroes of the storm\versions\base51923\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base51923\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{AC4FDEF0-14FC-41F3-8E77-84A3846A80EC}C:\program files (x86)\heroes of the storm\versions\base51923\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base51923\heroesofthestorm_x64.exe
FirewallRules: [{CFBE8E88-D8CE-4071-9842-89F2577B2E0A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI.exe
FirewallRules: [{91534C01-3D79-4942-B8BA-9A273A73DAAF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI.exe
FirewallRules: [{135CC174-D7CA-476D-8134-8D440BD96D4F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI_DX12.exe
FirewallRules: [{63DB963E-AC84-48FE-987E-831F87A85833}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization VI\Base\Binaries\Win64Steam\CivilizationVI_DX12.exe
FirewallRules: [{E0DC381F-455E-4E5E-8D7F-F4FA72DBF2D6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RimWorld\RimWorldWin.exe
FirewallRules: [{9EAED7A2-797B-4BF6-95B6-D1CF3EF7B3BF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RimWorld\RimWorldWin.exe
FirewallRules: [TCP Query User{C2583BF1-CF1C-43F7-9249-78892E9B0006}C:\program files (x86)\heroes of the storm\versions\base52008\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base52008\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{5143B1A2-D555-4096-8188-A8CD49BF8E2A}C:\program files (x86)\heroes of the storm\versions\base52008\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base52008\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{A4E58C41-D641-4E30-B3E3-B60A4397468E}C:\program files (x86)\heroes of the storm\versions\base52124\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base52124\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{DC358B93-278F-41CB-9802-048722020333}C:\program files (x86)\heroes of the storm\versions\base52124\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base52124\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{BD090194-9C4F-43A4-9C16-6595A4A83B53}C:\program files (x86)\heroes of the storm\versions\base52351\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base52351\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{89F6A311-28AF-4B69-92AD-048200D47464}C:\program files (x86)\heroes of the storm\versions\base52351\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base52351\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{4A0A3C76-C90A-4311-B03D-969B7A93FF0E}C:\program files (x86)\heroes of the storm\versions\base52647\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base52647\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{C757CEC7-D564-47D9-A6C2-3DD6325FC465}C:\program files (x86)\heroes of the storm\versions\base52647\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base52647\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{1CC685DB-0C79-4B10-8F34-E0F970671E51}C:\program files (x86)\heroes of the storm\versions\base52860\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base52860\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{A19FC039-DAD0-4B86-85C0-006A3C59B701}C:\program files (x86)\heroes of the storm\versions\base52860\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base52860\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{604C7576-3F47-4CEB-9CE3-373E50F884C5}C:\program files (x86)\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{9DFE7DD9-36CF-473A-B0F6-427639B0B881}C:\program files (x86)\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe
FirewallRules: [{E21AAAFB-D968-4A95-8790-D6FB5E41AF89}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596_0\SZBrowser.exe
FirewallRules: [{474BA950-1AB6-40AB-A45A-B7DC8B89947E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{5C41E1D1-7248-4B3F-A103-450DF1AFE6B4}C:\program files (x86)\heroes of the storm\versions\base53275\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base53275\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{B268D2D7-C334-46D3-9091-B49E760E297E}C:\program files (x86)\heroes of the storm\versions\base53275\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base53275\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{3263110A-B0BF-46A0-9EAC-0F47AD3A77FC}C:\program files (x86)\battle.net\battle.net.8733\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8733\battle.net.exe
FirewallRules: [UDP Query User{0B0F49A8-202F-4FD7-82F2-EF7C30AF06D1}C:\program files (x86)\battle.net\battle.net.8733\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8733\battle.net.exe
FirewallRules: [TCP Query User{974790FF-F30B-4D40-B0BE-2DA46CD277CA}C:\program files (x86)\heroes of the storm\versions\base53548\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base53548\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{E3C0C631-7EF1-49F2-840D-97861BE19BA6}C:\program files (x86)\heroes of the storm\versions\base53548\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base53548\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{CF3EC89D-6039-4C48-AFD4-A632C72675D8}C:\program files (x86)\battle.net\battle.net.8800\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8800\battle.net.exe
FirewallRules: [UDP Query User{EBDF3E20-00B2-4377-BBB6-EFFCAE1A66AF}C:\program files (x86)\battle.net\battle.net.8800\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8800\battle.net.exe
FirewallRules: [{6AB56D18-761F-4808-9BF1-07CFFE5585E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{C435F316-58C6-4187-A03E-F537C0320B85}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{D7434049-A1CD-4121-A7C2-BDA509CD9190}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1F898813-1C39-4DE1-A47C-7EF5293C2D5B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{1E80463C-64D2-4485-920F-F26DED636D0D}C:\users\caleb rients\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\caleb rients\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{B0877F7D-6CA6-47A9-8389-1D49977A27CD}C:\users\caleb rients\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\caleb rients\appdata\roaming\spotify\spotify.exe
FirewallRules: [{C6B84A5D-3C31-45A3-B3B1-B469A3876635}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{84337340-EB6A-4A20-8F19-1B015412EAED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2cfg.exe
FirewallRules: [{AD4C5187-7FA0-4E3E-AE49-673000EFFF89}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{4D72313B-E30F-4DFE-97E7-C03737E1AB13}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{6E2DD750-880A-42DE-B0C0-2F3A98BB9E0C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D7382BF8-EAD4-4548-ACD3-0EAA3AE30C39}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DE6A1FB8-D447-43EC-9952-31B94B07EA52}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{269533F1-D9E7-46BC-8F7F-D273F702128C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{DB881452-E194-47DB-8881-96D2BE6A73F1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{E31326C3-8416-4DC2-A856-628D3E1ECCC2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{3BFED724-CD3C-4FA4-80C1-5C9F5B8A6151}C:\program files (x86)\heroes of the storm\versions\base53965\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base53965\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{5227D57B-B703-4CD2-BC15-CE6FB083CB9C}C:\program files (x86)\heroes of the storm\versions\base53965\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base53965\heroesofthestorm_x64.exe
FirewallRules: [{49E939EE-3A9B-46E8-9538-A1B36D6E7E9D}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.607\SZBrowser.exe
FirewallRules: [{837C1575-9F68-42B9-A8EA-2B9F4A939571}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B1A2BACF-92A3-4117-9E6A-F96C0D0CAFDD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B7290258-A91D-4068-A46C-F08D1E978C52}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8935F714-5735-48EE-B618-18ACDECDC8AA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{7ADBFC0D-9F57-4FCE-9BA5-F4C701B44B4A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C42C2AE4-2FF7-4454-B371-769B14A2A455}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5CE6C2EC-4DB5-410A-817A-5A0D630BB130}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{77DAC81F-673A-4F72-B9C0-5954102E767C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{00218496-42F2-4220-95E2-14DF68E0EC79}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{0BA05857-2949-40AA-9C04-D22D962E7E68}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{6EC488AB-6085-42F3-A4CB-87C3AB6B89E5}C:\program files (x86)\heroes of the storm\versions\base53965\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base53965\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{B37335A4-567A-4A54-89A7-E2BFEEF2A512}C:\program files (x86)\heroes of the storm\versions\base53965\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base53965\heroesofthestorm_x64.exe
FirewallRules: [{BD80FDA2-9F91-47EA-8486-DAE6BCEE8294}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{30D46CA4-8E4B-43DA-9CC9-9DAE67973D73}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D7B29AAC-1AC7-461D-9146-C27B5D1D33B1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{71D103F6-345C-4638-9BA9-26A88E4A7A0D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{96715907-4FF5-4676-B81F-36CFC64248B4}C:\program files (x86)\heroes of the storm\versions\base54339\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base54339\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{C41E1A54-9AB4-4D0A-BA8B-BA38A28BBE24}C:\program files (x86)\heroes of the storm\versions\base54339\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base54339\heroesofthestorm_x64.exe
FirewallRules: [{C99F06F7-4111-4CCB-9AD0-CCEC07CB08A2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9C06B142-1268-4599-BAB8-49B092A6F03A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{8AC81351-C98A-43AE-A432-1B253DF495EF}C:\program files (x86)\battle.net\battle.net.8839\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8839\battle.net.exe
FirewallRules: [UDP Query User{8663EEEA-54D0-4D18-95CD-CC106D795F1A}C:\program files (x86)\battle.net\battle.net.8839\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8839\battle.net.exe
FirewallRules: [{BB84FADB-C885-4052-A261-9524BC454AB0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{1DBF37A0-6854-49AB-B6D0-E7D3D93F8B32}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{F887D19D-BC6F-43EB-8F03-A49A4E85C3E4}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Audio Recorder\Streaming Audio Recorder.exe
FirewallRules: [{FF9EF041-4224-4614-B1D4-263576EBF837}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Audio Recorder\Streaming Audio Recorder.exe
FirewallRules: [{92BD06F9-EAA9-415B-9DC4-E48ED580EC24}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Audio Recorder\ApowersoftVideoHelper.dll
FirewallRules: [{98477DC1-51B2-4F64-9FA5-4852BCBBF22C}] => (Allow) C:\Program Files (x86)\Apowersoft\Streaming Audio Recorder\ApowersoftVideoHelper.dll
FirewallRules: [{A5E9C394-434D-4B8B-A352-FDFE4C1A515F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{33439822-FD74-40FE-88CF-EF2A8B59EACC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{878D8DF5-44EA-43A3-AFAD-4C58BD375215}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{68C5AEC0-21EA-4A69-845B-3FA2FE7B4A3C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{DFC46E07-9D8D-4453-A147-A302D3D911D9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{C0CA89F1-FB25-4208-91DB-AF3238BFCC9A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{2346CD31-9F12-407E-84EC-DCFD5E86B634}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{AA33676F-2D36-45CC-AAA2-D1CC8FCAD6BE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{36E88033-FC90-4637-8B87-B81CD96C7BCC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{E3ED0B42-13AC-4E1C-BE8B-319C70A1D6BC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{697836A5-612A-487F-9C2D-60929215AE5D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{5BBFEEEA-F146-4857-8324-3BEE5C4618C1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{B24E08D8-87F0-4417-AF7F-3D7149174DE4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{FDD1A26D-9E24-45A4-8D27-239226C9576B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{1E30C97D-79BA-4A63-9B0A-4C859FB0C0A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{9B9649DB-F65E-40DC-ACF2-E633B5475FA1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{53665248-A9E7-40F3-BB5B-5DB3A5FF801F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{33A9335D-62B6-4B0C-9F2D-3C23F437F5B8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe
 
==================== Restore Points =========================
 
08-06-2017 19:59:32 Windows Update
13-06-2017 19:46:14 Windows Update
23-06-2017 12:42:42 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
Name: High Definition Audio Bus
Description: High Definition Audio Bus
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: AMD
Service: HDAudBus
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/26/2017 06:26:01 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\amd\cim\bin64\SetACL64.exe".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (06/26/2017 06:25:56 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifest.
 
Error: (06/25/2017 03:56:49 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\amd\cim\bin64\SetACL64.exe".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (06/25/2017 03:56:48 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifest.
 
Error: (06/24/2017 11:47:30 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\amd\cim\bin64\SetACL64.exe".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (06/24/2017 11:47:28 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifest.
 
Error: (06/24/2017 11:46:41 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifest.
 
Error: (06/24/2017 07:23:30 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifest.
 
Error: (06/24/2017 07:23:30 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifest.
 
Error: (06/24/2017 07:22:27 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifest.
 
 
System errors:
=============
Error: (06/28/2017 05:28:37 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/28/2017 05:24:09 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:36:46 PM on ‎6/‎26/‎2017 was unexpected.
 
Error: (06/28/2017 05:23:59 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY)
Description: 32212256841173968
 
Error: (06/26/2017 08:41:08 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/26/2017 08:36:46 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:04:47 PM on ‎6/‎25/‎2017 was unexpected.
 
Error: (06/26/2017 08:36:36 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY)
Description: 32212256841174000
 
Error: (06/26/2017 06:22:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/25/2017 08:18:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/25/2017 08:06:37 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/25/2017 08:04:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
CodeIntegrity:
===================================
  Date: 2017-05-22 20:22:20.767
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume6\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-01-30 17:51:21.114
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume6\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-01-25 10:00:36.162
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume6\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-01-15 13:28:57.571
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume6\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-01-13 21:31:57.998
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume6\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-01-13 21:31:57.841
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume6\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-01-08 16:49:30.433
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume6\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.
 
  Date: 2016-12-31 18:55:08.999
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume6\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-6600K CPU @ 3.50GHz
Percentage of memory in use: 16%
Total physical RAM: 16336.15 MB
Available physical RAM: 13703.07 MB
Total Virtual: 18768.15 MB
Available Virtual: 16014.51 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:446.58 GB) (Free:304.85 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:2794.39 GB) (Free:2513.69 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 447.1 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#8 cgrients22

cgrients22
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 28 June 2017 - 05:35 PM

I never created a cgrie profile. I dont know where that one came from.

 

Thanks so much for your assistance. I hope I can feel safe again.



#9 Slurppa

Slurppa

  • Malware Study Hall Senior
  • 646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:40 PM

Posted 30 June 2017 - 02:30 PM

Hi
 
Apologies for delay!
 
I noticed that you are running Popcorn Timer. Popcorn Timer is software that uses p2p networking which could be compromise your computer's security. I recommend that you
remove Popcorn Timer from your computer by using Programs and Features application. If you need more instructions or would like to know more about risks regarding p2p feel free to ask.
 
I noticed that mrt.exe(Microsoft Windows Malicious Software Removal Tool) is disabled through Group Policy. Is this group policy created by you? Have you perhaps had problems with
mrt.exe before?
 
 

I never created a cgrie profile. I dont know where that one came from.

 
 
There appears to be two accounts on your computer:
Caleb Rients (Limited) Folder: C:\Users\Caleb Rients
cgrie ( Administrator) Folder C:\Users\cgrie

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-06-2017
Ran by cgrie (administrator) on DESKTOP-DU4I60U (28-06-2017 17:32:08)

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-06-2017
Ran by cgrie (28-06-2017 17:32:30)

CHR Extension: (Google Slides) - C:\Users\cgrie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-27]

 
cgrie appears to be your administrator account, I take that you use Caleb Rients as your main account?
Caleb Rients account is running under limited privileges while cgrie has elevated privileges. Many online guides
tell to create two accounts to system: One with admin privileges and one with limited privileges. Could it be you created
this at some point to accomodate these guides or perhaps someone who administrated your computer?

Member of the Bleeping Computer A.I.I. early response team!


#10 Slurppa

Slurppa

  • Malware Study Hall Senior
  • 646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:40 PM

Posted 03 July 2017 - 04:45 AM

Hi cgrients22

Are you still with me? :)

Member of the Bleeping Computer A.I.I. early response team!


#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,486 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:40 AM

Posted 05 July 2017 - 09:41 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users