Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Issues installing Malwarebytes - suspect remaining malware


  • This topic is locked This topic is locked
20 replies to this topic

#1 HeadDesk

HeadDesk

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:57 PM

Posted 28 July 2017 - 08:12 PM

Hi, I tried to help myself first but am unsure if it worked.
The Windows 10 computer was running slow and freezing, Firefox blocked a hoplink redirect, and on removing Malwarebytes after a failed update I was unable to reinstall. The message was 'permission denied' even on running as administrator.

Used renamed programs in safe mode and normal mode - Processes were stopped, PUPS and PUMS removed, registry entries fixed and a gen called OpenCandy was removed. Installed Avira for a full scan and removal. Malwarebytes will complete installation now but doesn't add any shortcuts. Same for Rkill. I'm also still getting warnings that some files/sectors are unable to be scanned.

 

Can you please walk me through your process to ensure removal? Apologies if trying to fix it myself has changed anything I shouldn't have. Windows repair disc was made before these problems if necessary.

 

Thanks

(I am not able to upload so have pasted logs)

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-07-2017
Ran by Wao (administrator) on WAOMACHINE (29-07-2017 10:28:11)
Running from C:\Users\Wao\Desktop
Loaded Profiles: Wao &  (Available Profiles: Wao & Browsing account & Administrator)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel® Corporation) C:\Program Files\Intel Corporation\Intel® Technology Access\LegacyCsLoaderService.exe
(Intel® Corporation) C:\Program Files\Intel Corporation\Intel® Technology Access\IntelTechnologyAccessService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
() C:\ProgramData\Wireless Broadband\OnlineUpdate\ouc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Flux Software LLC) C:\Users\Wao\AppData\Local\FluxSoftware\Flux\flux.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Malwarebytes Corp.) C:\Users\Wao\Desktop\mbar-1.09.3.1001.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Malwarebytes) C:\Users\Wao\Desktop\mbar\mbar.exe
(Malwarebytes) C:\Users\Administrator\Desktop\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Piriform Ltd) C:\Program Files\Speccy\Speccy64.exe
(Farbar) C:\Users\Wao\Desktop\FRST64(1).exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-19] (Microsoft Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2015-10-07] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13550152 2013-05-30] (Realtek Semiconductor)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\USERS\ADMINISTRATOR\DESKTOP\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-07-14] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4127488 2015-06-16] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [97512 2017-06-13] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [918008 2017-07-04] (Avira Operations GmbH & Co. KG)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2722123353-1508981069-969149372-1001\...\Run: [f.lux] => C:\Users\Wao\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-2722123353-1508981069-969149372-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHRP.EXE [283232 2016-04-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2722123353-1508981069-969149372-1001\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHRP.EXE [283232 2016-04-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2722123353-1508981069-969149372-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-21] (Google)
HKU\S-1-5-21-2722123353-1508981069-969149372-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-2722123353-1508981069-969149372-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7946656 2017-04-08] (SUPERAntiSpyware)
HKU\S-1-5-21-2722123353-1508981069-969149372-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9364696 2017-03-04] (Piriform Ltd)
HKU\S-1-5-21-2722123353-1508981069-969149372-1001\...\Run: [CyberGhost] => "C:\Program Files\CyberGhost 6\CyberGhost.exe" /autostart /min
HKU\S-1-5-21-2722123353-1508981069-969149372-1001\...\RunOnce: [Uninstall 17.3.6917.0607\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wao\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\amd64"
HKU\S-1-5-21-2722123353-1508981069-969149372-1001\...\RunOnce: [Uninstall 17.3.6917.0607] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wao\AppData\Local\Microsoft\OneDrive\17.3.6917.0607"
HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07262017024610075\...\Run: [f.lux] => C:\Users\Wao\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07262017024610075\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHRP.EXE [283232 2016-04-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07262017024610075\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHRP.EXE [283232 2016-04-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07262017024610075\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-21] (Google)
HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07262017024610075\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07262017024610075\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7946656 2017-04-08] (SUPERAntiSpyware)
HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07262017024610075\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9364696 2017-03-04] (Piriform Ltd)
HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07262017024610075\...\Run: [CyberGhost] => "C:\Program Files\CyberGhost 6\CyberGhost.exe" /autostart /min
HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07272017024513331\...\Run: [f.lux] => C:\Users\Wao\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07272017024513331\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHRP.EXE [283232 2016-04-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07272017024513331\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHRP.EXE [283232 2016-04-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07272017024513331\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-21] (Google)
HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07272017024513331\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07272017024513331\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7946656 2017-04-08] (SUPERAntiSpyware)
HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07272017024513331\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9364696 2017-03-04] (Piriform Ltd)
HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07272017024513331\...\Run: [CyberGhost] => "C:\Program Files\CyberGhost 6\CyberGhost.exe" /autostart /min
HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07282017024514611\...\Run: [f.lux] => C:\Users\Wao\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07282017024514611\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHRP.EXE [283232 2016-04-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07282017024514611\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHRP.EXE [283232 2016-04-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07282017024514611\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-21] (Google)
HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07282017024514611\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07282017024514611\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7946656 2017-04-08] (SUPERAntiSpyware)
HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07282017024514611\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9364696 2017-03-04] (Piriform Ltd)
HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07282017024514611\...\Run: [CyberGhost] => "C:\Program Files\CyberGhost 6\CyberGhost.exe" /autostart /min
HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07292017024621281\...\Run: [f.lux] => C:\Users\Wao\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07292017024621281\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHRP.EXE [283232 2016-04-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07292017024621281\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHRP.EXE [283232 2016-04-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07292017024621281\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-21] (Google)
HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07292017024621281\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07292017024621281\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7946656 2017-04-08] (SUPERAntiSpyware)
HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07292017024621281\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9364696 2017-03-04] (Piriform Ltd)
HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07292017024621281\...\Run: [CyberGhost] => "C:\Program Files\CyberGhost 6\CyberGhost.exe" /autostart /min
HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07292017024621281\...\RunOnce: [Uninstall 17.3.6917.0607\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wao\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\amd64"
HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07292017024621281\...\RunOnce: [Uninstall 17.3.6917.0607] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Wao\AppData\Local\Microsoft\OneDrive\17.3.6917.0607"
HKU\S-1-5-21-2722123353-1508981069-969149372-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07262017024611550\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517120 2017-03-19] (Microsoft Corporation)
HKU\S-1-5-21-2722123353-1508981069-969149372-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07272017024513945\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517120 2017-03-19] (Microsoft Corporation)
HKU\S-1-5-21-2722123353-1508981069-969149372-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07282017024519144\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517120 2017-03-19] (Microsoft Corporation)
HKU\S-1-5-21-2722123353-1508981069-969149372-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07292017024625298\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517120 2017-03-19] (Microsoft Corporation)
HKU\S-1-5-21-2722123353-1508981069-969149372-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07262017024611937\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517120 2017-03-19] (Microsoft Corporation)
HKU\S-1-5-21-2722123353-1508981069-969149372-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07272017024514110\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517120 2017-03-19] (Microsoft Corporation)
HKU\S-1-5-21-2722123353-1508981069-969149372-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07282017024519328\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517120 2017-03-19] (Microsoft Corporation)
HKU\S-1-5-21-2722123353-1508981069-969149372-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07292017024626798\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517120 2017-03-19] (Microsoft Corporation)
Startup: C:\Users\Wao\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2016-02-20] ()
Startup: C:\Users\Wao\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HMA! Pro VPN.lnk [2017-01-12]
ShortcutTarget: HMA! Pro VPN.lnk -> C:\Program Files (x86)\HMA! Pro VPN\bin\HMA! Pro VPN.exe (Privax Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{71f5d648-4b1f-4d1a-aa0e-b223b01fb153}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{a6b08ba1-367c-4d19-8c9f-77e5aa135778}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{d0aeb0d1-571d-4e0e-aa06-77ac9fe63bc2}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131103652941110278&GUID=CD371777-BF1F-4A63-A839-36510C98889F
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-2722123353-1508981069-969149372-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07262017024611550\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-2722123353-1508981069-969149372-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07272017024513945\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-2722123353-1508981069-969149372-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07282017024519144\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com
HKU\S-1-5-21-2722123353-1508981069-969149372-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07282017024519144\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
HKU\S-1-5-21-2722123353-1508981069-969149372-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07292017024625298\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer13.msn.com
HKU\S-1-5-21-2722123353-1508981069-969149372-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07292017024625298\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
HKU\S-1-5-21-2722123353-1508981069-969149372-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07262017024611937\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131103652942168237&GUID=CD371777-BF1F-4A63-A839-36510C98889F
HKU\S-1-5-21-2722123353-1508981069-969149372-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07262017024611937\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-2722123353-1508981069-969149372-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07272017024514110\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131103652942168237&GUID=CD371777-BF1F-4A63-A839-36510C98889F
HKU\S-1-5-21-2722123353-1508981069-969149372-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07272017024514110\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-2722123353-1508981069-969149372-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07282017024519328\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131103652942168237&GUID=CD371777-BF1F-4A63-A839-36510C98889F
HKU\S-1-5-21-2722123353-1508981069-969149372-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07282017024519328\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
HKU\S-1-5-21-2722123353-1508981069-969149372-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07292017024626798\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131103652942168237&GUID=CD371777-BF1F-4A63-A839-36510C98889F
HKU\S-1-5-21-2722123353-1508981069-969149372-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07292017024626798\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> DefaultScope {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
SearchScopes: HKLM-x32 -> {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2722123353-1508981069-969149372-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2722123353-1508981069-969149372-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-2722123353-1508981069-969149372-1001 -> {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2722123353-1508981069-969149372-1001 -> {FDD8EA7B-4A1B-4169-A2EC-FF77C596D810} URL =
SearchScopes: HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07262017024610075 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07262017024610075 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07262017024610075 -> {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07262017024610075 -> {FDD8EA7B-4A1B-4169-A2EC-FF77C596D810} URL =
SearchScopes: HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07272017024513331 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07272017024513331 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07272017024513331 -> {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07272017024513331 -> {FDD8EA7B-4A1B-4169-A2EC-FF77C596D810} URL =
SearchScopes: HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07282017024514611 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07282017024514611 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07282017024514611 -> {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07282017024514611 -> {FDD8EA7B-4A1B-4169-A2EC-FF77C596D810} URL =
SearchScopes: HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07292017024621281 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07292017024621281 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07292017024621281 -> {8C31F27B-BE8A-4e4b-A478-17760AF1F5D9} URL = hxxps://search.avast.com/AV772/search/web?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07292017024621281 -> {FDD8EA7B-4A1B-4169-A2EC-FF77C596D810} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-07-07] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-19] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-24] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-24] (Google Inc.)
Toolbar: HKU\S-1-5-21-2722123353-1508981069-969149372-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc.)
Toolbar: HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07262017024610075 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc.)
Toolbar: HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07272017024513331 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc.)
Toolbar: HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07282017024514611 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc.)
Toolbar: HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07292017024621281 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-24] (Google Inc.)
DPF: HKLM-x32 {833BE2B4-622E-45C9-986D-BE3B64A43D72} hxxps://192.168.0.4/dlink/NvrControl.CAB?1,0,0,114
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-07] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-07] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-07] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-07] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Wao\AppData\Roaming\Mozilla\Firefox\Profiles\540a641u.default [2017-07-29]
FF NewTab: Mozilla\Firefox\Profiles\540a641u.default -> about:newtab
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\540a641u.default -> hxxps://search.avast.com/AV772/search/web?q={searchTerms}
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\540a641u.default -> Avast Search
FF Homepage: Mozilla\Firefox\Profiles\540a641u.default -> google.com.au/
FF Keyword.URL: Mozilla\Firefox\Profiles\540a641u.default -> hxxps://search.avast.com/AV772/search/web?q={searchTerms}
FF NetworkProxy: Mozilla\Firefox\Profiles\540a641u.default -> no_proxies_on", ""
FF NetworkProxy: Mozilla\Firefox\Profiles\540a641u.default -> type", 0
FF Extension: (Social Fixer for Facebook) - C:\Users\Wao\AppData\Roaming\Mozilla\Firefox\Profiles\540a641u.default\Extensions\betterfacebook@mattkruse.com.xpi [2017-06-30]
FF Extension: (Exif Viewer) - C:\Users\Wao\AppData\Roaming\Mozilla\Firefox\Profiles\540a641u.default\Extensions\exif_viewer@mozilla.doslash.org.xpi [2017-01-21]
FF Extension: (Ghostery) - C:\Users\Wao\AppData\Roaming\Mozilla\Firefox\Profiles\540a641u.default\Extensions\firefox@ghostery.com.xpi [2017-07-28]
FF Extension: (HTML5 Video Everywhere!) - C:\Users\Wao\AppData\Roaming\Mozilla\Firefox\Profiles\540a641u.default\Extensions\html5-video-everywhere@lejenome.me.xpi [2017-07-25]
FF Extension: (HTTPS Everywhere) - C:\Users\Wao\AppData\Roaming\Mozilla\Firefox\Profiles\540a641u.default\Extensions\https-everywhere@eff.org.xpi [2017-07-27]
FF Extension: (Self-Destructing Cookies) - C:\Users\Wao\AppData\Roaming\Mozilla\Firefox\Profiles\540a641u.default\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2017-07-13]
FF Extension: (Just Disable Stuff) - C:\Users\Wao\AppData\Roaming\Mozilla\Firefox\Profiles\540a641u.default\Extensions\jid1-8J7ayxTha4KqKQ@jetpack.xpi [2016-11-11]
FF Extension: (Shodan Firefox Addon) - C:\Users\Wao\AppData\Roaming\Mozilla\Firefox\Profiles\540a641u.default\Extensions\jid1-AWt6ex5aPvWtTg@jetpack.xpi [2017-04-09]
FF Extension: (JavaScript Toggle On and Off) - C:\Users\Wao\AppData\Roaming\Mozilla\Firefox\Profiles\540a641u.default\Extensions\jid1-EbhJmw1yu6Juy@jetpack.xpi [2016-11-11]
FF Extension: (Reddit Enhancement Suite) - C:\Users\Wao\AppData\Roaming\Mozilla\Firefox\Profiles\540a641u.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2017-07-25]
FF Extension: (DuckDuckGo Plus) - C:\Users\Wao\AppData\Roaming\Mozilla\Firefox\Profiles\540a641u.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2017-07-29]
FF Extension: (SQLite Manager) - C:\Users\Wao\AppData\Roaming\Mozilla\Firefox\Profiles\540a641u.default\Extensions\SQLiteManager@mrinalkant.blogspot.com.xpi [2016-12-01]
FF Extension: (uBlock Origin) - C:\Users\Wao\AppData\Roaming\Mozilla\Firefox\Profiles\540a641u.default\Extensions\uBlock0@raymondhill.net.xpi [2017-07-21]
FF Extension: (NoScript) - C:\Users\Wao\AppData\Roaming\Mozilla\Firefox\Profiles\540a641u.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-07-25]
FF Extension: (Download YouTube Videos as MP4) - C:\Users\Wao\AppData\Roaming\Mozilla\Firefox\Profiles\540a641u.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2017-02-15]
FF Extension: (Cookies Manager+) - C:\Users\Wao\AppData\Roaming\Mozilla\Firefox\Profiles\540a641u.default\Extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d} [2017-07-23]
FF Extension: (Web Developer) - C:\Users\Wao\AppData\Roaming\Mozilla\Firefox\Profiles\540a641u.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2017-04-07]
FF Extension: (Greasemonkey) - C:\Users\Wao\AppData\Roaming\Mozilla\Firefox\Profiles\540a641u.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2017-04-27]
FF Extension: (YouTube Flash Video Player) - C:\Users\Wao\AppData\Roaming\Mozilla\Firefox\Profiles\540a641u.default\Extensions\{f3bd3dd2-2888-44c5-91a2-2caeb33fb898}.xpi [2017-06-21]
FF SearchPlugin: C:\Users\Wao\AppData\Roaming\Mozilla\Firefox\Profiles\540a641u.default\searchplugins\youtube.xml [2014-10-15]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_137.dll [2017-07-12] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-12] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-09-29] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-09-29] (Intel Corporation)
FF Plugin-x32: @itstructures.com/ffactivex -> C:\Program Files\Firefox ActiveX Plugin\npffax.dll [2011-12-28] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-27] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2722123353-1508981069-969149372-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [No File]
FF Plugin HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07262017024610075: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [No File]
FF Plugin HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07272017024513331: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [No File]
FF Plugin HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07282017024514611: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [No File]
FF Plugin HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07292017024621281: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [No File]

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxps://www.google.com.au/
CHR StartupUrls: Default -> "hxxps://www.google.com.au/"
CHR Profile: C:\Users\Wao\AppData\Local\Google\Chrome\User Data\Default [2017-07-06]
CHR Extension: (Google Slides) - C:\Users\Wao\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-05]
CHR Extension: (Google Docs) - C:\Users\Wao\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\Wao\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Wao\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Adblock Plus) - C:\Users\Wao\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-27]
CHR Extension: (Blur Privacy Dashboard) - C:\Users\Wao\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjidbdiahninbecbcigapoocbkfncobc [2017-04-10]
CHR Extension: (Google Search) - C:\Users\Wao\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Facebook Customizer (by Adblock Plus)) - C:\Users\Wao\AppData\Local\Google\Chrome\User Data\Default\Extensions\deoeenbkoccjaefmmhpmlegngdjohdcm [2015-01-01]
CHR Extension: (Tampermonkey) - C:\Users\Wao\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-07-03]
CHR Extension: (Adobe Acrobat) - C:\Users\Wao\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-27]
CHR Extension: (Google Sheets) - C:\Users\Wao\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-05]
CHR Extension: (HTTPS Everywhere) - C:\Users\Wao\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2017-07-03]
CHR Extension: (Google Docs Offline) - C:\Users\Wao\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock Plus Super) - C:\Users\Wao\AppData\Local\Google\Chrome\User Data\Default\Extensions\iejpnbahifhlimlhmbdjpeodlnjabcbn [2015-01-01]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Wao\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2017-07-03]
CHR Extension: (mydlink services plugin) - C:\Users\Wao\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldibdoepbjbkkcbgndfljnphngpglhbb [2015-11-27]
CHR Extension: (Preview Short URLs) - C:\Users\Wao\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhnpeajamdliepjblldlghmpkohfjakb [2015-06-13]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Wao\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-10-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Wao\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-27]
CHR Extension: (Disconnect Facebook™ pixel & FB™ tracking) - C:\Users\Wao\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnkndeagapifodhlebifbgbonbfmlnfm [2017-04-10]
CHR Extension: (Forum Preview) - C:\Users\Wao\AppData\Local\Google\Chrome\User Data\Default\Extensions\noieegogpoppkplmcnamnbhpeafokijg [2015-10-10]
CHR Extension: (ScriptSafe) - C:\Users\Wao\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf [2017-02-13]
CHR Extension: (Gmail) - C:\Users\Wao\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\Wao\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-03]
CHR Extension: (Privacy Badger) - C:\Users\Wao\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkehgijcmpdhfbdbbnkijodmdjhbjlgp [2017-07-03]
CHR HKU\S-1-5-21-2722123353-1508981069-969149372-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07262017024610075\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07272017024513331\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07282017024514611\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07292017024621281\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-31] (SUPERAntiSpyware.com)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1128432 2017-07-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [490968 2017-07-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [490968 2017-07-04] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1524216 2017-07-04] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [377976 2017-06-13] (Avira Operations GmbH & Co. KG)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-27] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4412104 2017-07-18] (Microsoft Corporation)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [470056 2013-04-30] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated)
S3 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] ()
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144072 2015-10-07] (ELAN Microelectronics Corp.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135488 2017-05-18] (SurfRight B.V.)
S3 HmaOpenVpnService; C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe [38912 2016-12-03] (The OpenVPN Project)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
S3 Intel® TA SAM; C:\Program Files (x86)\Intel Corporation\Intel® Technology Access\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [18152 2016-08-12] (Intel Corporation)
R2 Intel® TechnologyAccessLegacyCSLoader; C:\Program Files\Intel Corporation\Intel® Technology Access\LegacyCsLoaderService.exe [153296 2016-04-26] (Intel® Corporation)
R2 Intel® TechnologyAccessService; C:\Program Files\Intel Corporation\Intel® Technology Access\IntelTechnologyAccessService.exe [478416 2016-04-26] (Intel® Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165336 2013-01-15] (Intel Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-06-17] (Acer Incorporate)
R2 MBAMService; C:\Users\Administrator\Desktop\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4230016 2013-01-28] (Symantec Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1750712 2015-06-16] (Safer-Networking Ltd.) [File not signed]
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.) [File not signed]
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.) [File not signed]
S2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [157456 2017-03-07] ()
S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-19] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
S2 Wireless Broadband. RunOuc; C:\Program Files (x86)\Wireless Broadband\UpdateDog\ouc.exe [246112 2015-08-22] ()
S2 HWDeviceService64.exe; "C:\ProgramData\DatacardService\HWDeviceService64.exe" -/service [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [60920 2017-07-04] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [167504 2017-07-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [164824 2017-07-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2017-07-04] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [88488 2017-07-04] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [38048 2017-07-04] (Avira Operations GmbH & Co. KG)
R3 ccSet_NARA; C:\WINDOWS\system32\drivers\NARAx64\0403000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R3 cpuz140; C:\Users\Wao\AppData\Local\Temp\cpuz140\cpuz140_x64.sys [43840 2017-07-29] (CPUID) <==== ATTENTION
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77376 2017-06-27] ()
R3 hmatap; C:\WINDOWS\System32\drivers\hmatap.sys [36456 2016-11-26] (The OpenVPN Project)
R3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [188352 2017-07-29] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [101784 2017-07-29] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [45472 2017-07-29] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [253856 2017-07-29] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [93600 2017-07-29] (Malwarebytes)
U1 ndisrd; C:\WINDOWS\system32\DRIVERS\ndisrfl.sys [50448 2015-07-28] (Intel Corporation)
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-19] ()
S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
R3 USBPcap; C:\WINDOWS\system32\DRIVERS\USBPcap.sys [51104 2016-08-03] (USBPcap)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-19] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-19] (Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-19] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-29 10:28 - 2017-07-29 10:30 - 00049921 _____ C:\Users\Wao\Desktop\FRST.txt
2017-07-29 10:27 - 2017-07-29 10:28 - 00000000 ____D C:\FRST
2017-07-29 10:26 - 2017-07-29 10:26 - 02381312 _____ (Farbar) C:\Users\Wao\Desktop\FRST64(1).exe
2017-07-29 10:23 - 2017-07-29 10:23 - 02381312 _____ (Farbar) C:\Users\Wao\Desktop\FRST64.exe
2017-07-29 10:03 - 2017-07-29 10:03 - 00002218 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-07-29 09:40 - 2017-07-29 09:40 - 00000000 ____D C:\Users\Wao\Desktop\mbar
2017-07-29 09:39 - 2017-07-29 09:39 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Wao\Desktop\mbar-1.09.3.1001.exe
2017-07-28 05:59 - 2017-07-28 05:59 - 00003362 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2722123353-1508981069-969149372-1001
2017-07-27 17:58 - 2017-07-27 17:58 - 00000000 ____D C:\Users\Wao\AppData\Local\Deployment
2017-07-27 05:29 - 2017-07-27 05:29 - 00000903 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-07-27 05:28 - 2017-07-27 05:29 - 00000000 ____D C:\Program Files\RogueKiller
2017-07-27 05:28 - 2017-07-27 05:28 - 08162248 _____ (Malwarebytes) C:\Users\Wao\Desktop\adwcleaner_7.0.0.0.exe
2017-07-27 05:28 - 2017-07-27 05:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-07-25 09:00 - 2017-07-25 09:00 - 00001826 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-07-25 09:00 - 2017-07-25 09:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-07-25 08:59 - 2017-07-25 09:00 - 00000000 ____D C:\Program Files\iTunes
2017-07-25 08:59 - 2017-07-25 08:59 - 00000000 ____D C:\Program Files\iPod
2017-07-23 08:38 - 2017-07-23 08:38 - 00000000 ____D C:\Users\Wao\AppData\Roaming\Avira
2017-07-23 08:33 - 2017-07-23 08:33 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
2017-07-23 08:33 - 2017-07-04 13:28 - 00167504 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2017-07-23 08:33 - 2017-07-04 13:28 - 00164824 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2017-07-23 08:33 - 2017-07-04 13:28 - 00088488 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2017-07-23 08:33 - 2017-07-04 13:28 - 00060920 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avdevprot.sys
2017-07-23 08:33 - 2017-07-04 13:28 - 00044488 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2017-07-23 08:33 - 2017-07-04 13:28 - 00038048 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avusbflt.sys
2017-07-23 08:24 - 2017-07-23 08:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-07-23 08:24 - 2017-07-23 08:32 - 00000000 ____D C:\ProgramData\Avira
2017-07-23 08:24 - 2017-07-23 08:32 - 00000000 ____D C:\Program Files (x86)\Avira
2017-07-23 08:24 - 2017-07-23 08:24 - 00001241 _____ C:\Users\Public\Desktop\Avira Connect.lnk
2017-07-23 08:23 - 2017-07-23 08:23 - 04806912 _____ (Avira Operations GmbH & Co. KG) C:\Users\Wao\Desktop\avira_en_free0___rad.exe
2017-07-23 07:45 - 2017-07-23 07:46 - 65033984 _____ (Malwarebytes ) C:\Users\Wao\Desktop\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251(1).exe
2017-07-23 07:22 - 2017-07-23 07:22 - 00501701 _____ C:\Users\Wao\Desktop\MGlogs.zip
2017-07-23 07:13 - 2017-07-23 07:22 - 00501701 _____ C:\MGlogs.zip
2017-07-23 06:23 - 2017-07-23 06:23 - 00001230 _____ C:\Users\Wao\Desktop\postproblemsmalwarebyteslog.txt
2017-07-23 06:03 - 2017-07-23 06:03 - 00004032 _____ C:\Users\Wao\Desktop\Rkillmissingservicelog.txt
2017-07-23 05:56 - 2017-07-23 08:14 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-07-23 05:31 - 2017-07-23 05:32 - 02107392 _____ (Bleeping Computer, LLC) C:\Users\Wao\Desktop\rkill-unsigned.exe
2017-07-23 05:02 - 2017-07-23 05:06 - 00835586 _____ C:\TDSSKiller.3.1.0.15_23.07.2017_05.02.47_log.txt
2017-07-23 05:02 - 2017-07-23 05:02 - 00000562 _____ C:\TDSSKiller.3.1.0.15_23.07.2017_05.02.16_log.txt
2017-07-23 05:01 - 2017-07-23 05:02 - 00015462 _____ C:\TDSSKiller.3.1.0.15_23.07.2017_05.01.00_log.txt
2017-07-23 04:57 - 2017-07-23 05:06 - 00000000 ____D C:\TDSSKiller_Quarantine
2017-07-23 04:49 - 2017-07-23 04:58 - 00188544 _____ C:\TDSSKiller.3.1.0.15_23.07.2017_04.49.13_log.txt
2017-07-23 04:42 - 2017-07-23 04:43 - 04922400 _____ (AO Kaspersky Lab) C:\Users\Wao\Desktop\tdsskiller.exe
2017-07-22 16:53 - 2017-07-22 16:56 - 35679504 _____ (Adlice Software ) C:\Users\Wao\Desktop\RogueKiller_setup.exe
2017-07-22 16:39 - 2017-07-22 16:39 - 00566128 _____ (Malwarebytes) C:\Users\Wao\Desktop\mbam-clean-2.3.0.1001(1).exe
2017-07-22 16:38 - 2017-07-22 16:38 - 00566128 _____ (Malwarebytes) C:\Users\Wao\Downloads\mbam-clean-2.3.0.1001(2).exe
2017-07-22 16:32 - 2017-07-22 16:33 - 65033984 _____ (Malwarebytes ) C:\Users\Wao\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251(1).exe
2017-07-16 22:45 - 2017-07-27 05:29 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-07-16 22:06 - 2017-07-16 22:06 - 00061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2017-07-16 21:28 - 2017-07-16 21:28 - 00000000 ____D C:\ProgramData\RogueKiller
2017-07-16 21:23 - 2017-07-16 21:23 - 00566128 _____ (Malwarebytes) C:\Users\Wao\Downloads\mbam-clean-2.3.0.1001(1).exe
2017-07-16 21:22 - 2017-07-16 21:22 - 00566128 _____ (Malwarebytes) C:\Users\Wao\Downloads\mbam-clean-2.3.0.1001.exe
2017-07-16 21:18 - 2017-07-16 21:19 - 00000380 _____ C:\Users\Wao\Downloads\Fixlist.txt
2017-07-16 21:09 - 2017-07-29 10:19 - 00093600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-07-16 21:09 - 2017-07-29 10:03 - 00188352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-07-16 21:09 - 2017-07-29 10:03 - 00045472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-07-16 20:42 - 2017-07-16 20:44 - 65033984 _____ (Malwarebytes ) C:\Users\Wao\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe
2017-07-16 20:38 - 2017-07-23 07:22 - 00000000 ____D C:\MGtools
2017-07-16 20:38 - 2017-07-16 20:38 - 01993530 _____ C:\Users\Wao\Desktop\MGtools.exe
2017-07-16 20:19 - 2017-07-29 10:03 - 00253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-07-16 20:19 - 2017-07-29 10:03 - 00101784 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-07-16 20:19 - 2017-06-27 12:06 - 00077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-07-16 20:18 - 2017-07-29 10:03 - 00000000 ____D C:\Users\Administrator\Desktop\Anti-Malware
2017-07-16 20:11 - 2017-07-16 20:16 - 64025992 _____ (Malwarebytes ) C:\Users\Wao\Downloads\mb3-setup-1879.1879-3.1.2.1733-1.0.139-1.0.2060.exe
2017-07-16 19:56 - 2017-07-16 19:59 - 35612552 _____ (Adlice Software ) C:\Users\Wao\Downloads\setup(1).exe
2017-07-12 19:48 - 2017-07-12 19:48 - 04110280 _____ C:\Users\Wao\Downloads\AdwCleaner(1).exe
2017-07-12 17:21 - 2017-07-07 17:24 - 00117664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2017-07-12 17:21 - 2017-07-07 17:20 - 02021680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2017-07-12 17:21 - 2017-07-07 17:13 - 00554392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-07-12 17:21 - 2017-07-07 17:13 - 00336320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-07-12 17:21 - 2017-07-07 17:11 - 00094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-07-12 17:21 - 2017-07-07 17:10 - 01670496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-07-12 17:21 - 2017-07-07 16:57 - 00626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-07-12 17:21 - 2017-07-07 16:57 - 00125344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2017-07-12 17:21 - 2017-07-07 16:39 - 01839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-07-12 17:21 - 2017-07-07 16:39 - 00096128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2017-07-12 17:21 - 2017-07-07 16:37 - 02259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-07-12 17:21 - 2017-07-07 16:37 - 01339352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpmde.dll
2017-07-12 17:21 - 2017-07-07 16:31 - 05820984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-07-12 17:21 - 2017-07-07 16:31 - 01518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-07-12 17:21 - 2017-07-07 16:31 - 00129184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-07-12 17:21 - 2017-07-07 16:30 - 02165752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-07-12 17:21 - 2017-07-07 16:30 - 00949920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2017-07-12 17:21 - 2017-07-07 16:30 - 00750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-07-12 17:21 - 2017-07-07 16:29 - 00349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-07-12 17:21 - 2017-07-07 16:29 - 00123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Clipc.dll
2017-07-12 17:21 - 2017-07-07 16:27 - 06759512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-07-12 17:21 - 2017-07-07 16:26 - 20373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-07-12 17:21 - 2017-07-07 16:26 - 01529384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-07-12 17:21 - 2017-07-07 16:26 - 01195240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-07-12 17:21 - 2017-07-07 16:26 - 00988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-07-12 17:21 - 2017-07-07 16:25 - 00035232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininitext.dll
2017-07-12 17:21 - 2017-07-07 16:23 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-07-12 17:21 - 2017-07-07 16:19 - 00165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-07-12 17:21 - 2017-07-07 16:18 - 00548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2017-07-12 17:21 - 2017-07-07 16:14 - 08211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-07-12 17:21 - 2017-07-07 16:14 - 02956800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-07-12 17:21 - 2017-07-07 16:14 - 01448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-07-12 17:21 - 2017-07-07 16:14 - 00790016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-07-12 17:21 - 2017-07-07 16:13 - 13839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-07-12 17:21 - 2017-07-07 16:12 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-07-12 17:21 - 2017-07-07 16:10 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-07-12 17:21 - 2017-07-07 16:10 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapprovp.dll
2017-07-12 17:21 - 2017-07-07 16:09 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-07-12 17:21 - 2017-07-07 16:08 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-07-12 17:21 - 2017-07-07 16:07 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll
2017-07-12 17:21 - 2017-07-07 16:07 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\raschap.dll
2017-07-12 17:21 - 2017-07-07 16:06 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsExt.dll
2017-07-12 17:21 - 2017-07-07 16:05 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-07-12 17:21 - 2017-07-07 16:05 - 05719040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-07-12 17:21 - 2017-07-07 16:05 - 00502784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2017-07-12 17:21 - 2017-07-07 16:05 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2017-07-12 17:21 - 2017-07-07 16:04 - 05961216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-07-12 17:21 - 2017-07-07 16:04 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-07-12 17:21 - 2017-07-07 16:04 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-07-12 17:21 - 2017-07-07 16:04 - 00506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-07-12 17:21 - 2017-07-07 16:04 - 00394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-07-12 17:21 - 2017-07-07 16:03 - 06123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-07-12 17:21 - 2017-07-07 16:03 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-07-12 17:21 - 2017-07-07 16:03 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2017-07-12 17:21 - 2017-07-07 16:02 - 00952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-07-12 17:21 - 2017-07-07 16:01 - 02859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-07-12 17:21 - 2017-07-07 16:00 - 07596544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-07-12 17:21 - 2017-07-07 16:00 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-07-12 17:21 - 2017-07-07 16:00 - 02588160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2017-07-12 17:21 - 2017-07-07 16:00 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-07-12 17:21 - 2017-07-07 16:00 - 01565184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2017-07-12 17:21 - 2017-07-07 16:00 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-07-12 17:21 - 2017-07-07 15:59 - 04417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-07-12 17:21 - 2017-07-07 15:59 - 01494016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2017-07-12 17:21 - 2017-07-07 15:59 - 01355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-07-12 17:21 - 2017-07-07 15:59 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-07-12 17:21 - 2017-07-07 15:58 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-07-12 17:21 - 2017-07-07 15:58 - 02782720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-07-12 17:21 - 2017-07-07 15:58 - 02298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-07-12 17:21 - 2017-07-07 15:58 - 01237504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll
2017-07-12 17:21 - 2017-07-07 15:55 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2017-07-12 17:21 - 2017-07-07 15:55 - 00329216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2017-07-12 17:21 - 2017-07-07 15:53 - 01301504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdc.dll
2017-07-12 17:21 - 2017-07-07 15:53 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2017-07-12 17:21 - 2017-06-20 16:06 - 00279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-07-12 17:21 - 2017-06-20 16:03 - 00820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-07-12 17:21 - 2017-06-20 16:02 - 01055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-07-12 17:21 - 2017-06-20 15:57 - 02681760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-07-12 17:21 - 2017-06-20 15:34 - 00192416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-07-12 17:21 - 2017-06-20 15:15 - 00455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2017-07-12 17:21 - 2017-06-20 15:13 - 00787712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2017-07-12 17:21 - 2017-06-20 15:13 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModelOOBE.exe
2017-07-12 17:21 - 2017-06-20 15:12 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-07-12 17:21 - 2017-06-20 15:12 - 00264192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbvideo.sys
2017-07-12 17:21 - 2017-06-20 15:12 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2017-07-12 17:21 - 2017-06-20 15:10 - 00722432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-07-12 17:21 - 2017-06-20 15:09 - 00551424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2017-07-12 17:21 - 2017-06-20 15:09 - 00406032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-07-12 17:21 - 2017-06-20 15:08 - 04469840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-07-12 17:21 - 2017-06-20 15:08 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2017-07-12 17:21 - 2017-06-20 15:08 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-07-12 17:21 - 2017-06-20 15:07 - 02475136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-07-12 17:21 - 2017-06-20 15:07 - 00632832 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2017-07-12 17:21 - 2017-06-20 15:07 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-07-12 17:21 - 2017-06-20 15:07 - 00346016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-07-12 17:21 - 2017-06-20 15:07 - 00138656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll
2017-07-12 17:21 - 2017-06-20 15:06 - 00942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-07-12 17:21 - 2017-06-20 15:06 - 00754592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-07-12 17:21 - 2017-06-20 15:06 - 00278944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2017-07-12 17:21 - 2017-06-20 15:05 - 00438096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-07-12 17:21 - 2017-06-20 15:05 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-07-12 17:21 - 2017-06-20 15:05 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-07-12 17:21 - 2017-06-20 15:05 - 00364032 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2017-07-12 17:21 - 2017-06-20 15:04 - 02330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-07-12 17:21 - 2017-06-20 15:04 - 01178528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2017-07-12 17:21 - 2017-06-20 15:04 - 01177600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2017-07-12 17:21 - 2017-06-20 15:04 - 01077496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2017-07-12 17:21 - 2017-06-20 15:04 - 00181656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-07-12 17:21 - 2017-06-20 15:04 - 00049656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msasn1.dll
2017-07-12 17:21 - 2017-06-20 15:03 - 05806048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-07-12 17:21 - 2017-06-20 15:03 - 00864240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-07-12 17:21 - 2017-06-20 15:03 - 00443728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2017-07-12 17:21 - 2017-06-20 15:02 - 03377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-07-12 17:21 - 2017-06-20 15:02 - 01121928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-07-12 17:21 - 2017-06-20 15:02 - 00354400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
2017-07-12 17:21 - 2017-06-20 15:01 - 00176032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-07-12 17:21 - 2017-06-20 15:00 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-07-12 17:21 - 2017-06-20 14:56 - 00985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-07-12 17:21 - 2017-06-20 14:49 - 00899072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfuimanager.dll
2017-07-12 17:21 - 2017-06-20 14:49 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2017-07-12 17:21 - 2017-06-20 14:46 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
2017-07-12 17:21 - 2017-06-20 14:45 - 00111104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Profile.RetailInfo.dll
2017-07-12 17:21 - 2017-06-20 14:43 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-07-12 17:21 - 2017-06-20 14:43 - 00173568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ClipboardServer.dll
2017-07-12 17:21 - 2017-06-20 14:43 - 00151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincredui.dll
2017-07-12 17:21 - 2017-06-20 14:43 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2017-07-12 17:21 - 2017-06-20 14:43 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dataclen.dll
2017-07-12 17:21 - 2017-06-20 14:42 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certca.dll
2017-07-12 17:21 - 2017-06-20 14:42 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2017-07-12 17:21 - 2017-06-20 14:42 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-07-12 17:21 - 2017-06-20 14:42 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2017-07-12 17:21 - 2017-06-20 14:41 - 00734208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-07-12 17:21 - 2017-06-20 14:41 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2017-07-12 17:21 - 2017-06-20 14:41 - 00601088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2017-07-12 17:21 - 2017-06-20 14:41 - 00433152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2017-07-12 17:21 - 2017-06-20 14:41 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2017-07-12 17:21 - 2017-06-20 14:40 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-07-12 17:21 - 2017-06-20 14:40 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-07-12 17:21 - 2017-06-20 14:40 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-07-12 17:21 - 2017-06-20 14:40 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2017-07-12 17:21 - 2017-06-20 14:40 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edputil.dll
2017-07-12 17:21 - 2017-06-20 14:40 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-07-12 17:21 - 2017-06-20 14:39 - 02814464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll
2017-07-12 17:21 - 2017-06-20 14:39 - 02671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-07-12 17:21 - 2017-06-20 14:39 - 00969728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2017-07-12 17:21 - 2017-06-20 14:39 - 00646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2017-07-12 17:21 - 2017-06-20 14:39 - 00471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll
2017-07-12 17:21 - 2017-06-20 14:39 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-07-12 17:21 - 2017-06-20 14:38 - 01451008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2017-07-12 17:21 - 2017-06-20 14:38 - 01285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-07-12 17:21 - 2017-06-20 14:38 - 01171968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-07-12 17:21 - 2017-06-20 14:38 - 00648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2017-07-12 17:21 - 2017-06-20 14:38 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-07-12 17:21 - 2017-06-20 14:36 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-07-12 17:21 - 2017-06-20 14:35 - 02679296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2017-07-12 17:21 - 2017-06-20 14:35 - 02132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-07-12 17:21 - 2017-06-20 14:35 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-07-12 17:21 - 2017-06-20 14:34 - 04056576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-07-12 17:21 - 2017-06-20 14:34 - 02750464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-07-12 17:21 - 2017-06-20 14:34 - 02211328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-07-12 17:21 - 2017-06-20 14:34 - 01492480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2017-07-12 17:21 - 2017-06-20 14:34 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-07-12 17:21 - 2017-06-20 14:31 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2017-07-12 17:21 - 2017-06-20 14:30 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdmaud.drv
2017-07-12 17:21 - 2017-06-20 14:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2017-07-12 17:21 - 2017-06-20 14:30 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-07-12 17:21 - 2017-06-20 14:28 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2017-07-12 17:20 - 2017-07-08 00:00 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
2017-07-12 17:20 - 2017-07-07 17:27 - 01147288 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-07-12 17:20 - 2017-07-07 17:27 - 01024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-07-12 17:20 - 2017-07-07 17:27 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-07-12 17:20 - 2017-07-07 17:26 - 01065104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-07-12 17:20 - 2017-07-07 17:25 - 00899824 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-07-12 17:20 - 2017-07-07 17:23 - 02399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-07-12 17:20 - 2017-07-07 17:22 - 08318880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-07-12 17:20 - 2017-07-07 17:22 - 01186464 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-07-12 17:20 - 2017-07-07 17:21 - 32688336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsRaw.dll
2017-07-12 17:20 - 2017-07-07 17:21 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-07-12 17:20 - 2017-07-07 17:20 - 00923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-07-12 17:20 - 2017-07-07 17:20 - 00519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-07-12 17:20 - 2017-07-07 17:20 - 00382368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-07-12 17:20 - 2017-07-07 17:15 - 02444696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-07-12 17:20 - 2017-07-07 17:14 - 07325584 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-07-12 17:20 - 2017-07-07 17:14 - 05477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-07-12 17:20 - 2017-07-07 17:14 - 01760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-07-12 17:20 - 2017-07-07 17:13 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-07-12 17:20 - 2017-07-07 17:12 - 00411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-07-12 17:20 - 2017-07-07 17:12 - 00318232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2017-07-12 17:20 - 2017-07-07 17:11 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-07-12 17:20 - 2017-07-07 17:10 - 21353208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-07-12 17:20 - 2017-07-07 17:10 - 01325968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-07-12 17:20 - 2017-07-07 17:10 - 00254168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-07-12 17:20 - 2017-07-07 17:09 - 00041376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininitext.dll
2017-07-12 17:20 - 2017-07-07 17:07 - 01106848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2017-07-12 17:20 - 2017-07-07 17:07 - 00058488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2017-07-12 17:20 - 2017-07-07 16:40 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-07-12 17:20 - 2017-07-07 16:37 - 31652264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsRaw.dll
2017-07-12 17:20 - 2017-07-07 16:27 - 03670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-07-12 17:20 - 2017-07-07 16:27 - 01050624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-07-12 17:20 - 2017-07-07 16:27 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2017-07-12 17:20 - 2017-07-07 16:27 - 00360960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2017-07-12 17:20 - 2017-07-07 16:26 - 17364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-07-12 17:20 - 2017-07-07 16:23 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-07-12 17:20 - 2017-07-07 16:23 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-07-12 17:20 - 2017-07-07 16:22 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-07-12 17:20 - 2017-07-07 16:21 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-07-12 17:20 - 2017-07-07 16:20 - 23681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-07-12 17:20 - 2017-07-07 16:20 - 08331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-07-12 17:20 - 2017-07-07 16:20 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\prntvpt.dll
2017-07-12 17:20 - 2017-07-07 16:19 - 07149056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-07-12 17:20 - 2017-07-07 16:19 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-07-12 17:20 - 2017-07-07 16:18 - 07336448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-07-12 17:20 - 2017-07-07 16:18 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2017-07-12 17:20 - 2017-07-07 16:18 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsExt.dll
2017-07-12 17:20 - 2017-07-07 16:17 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-07-12 17:20 - 2017-07-07 16:17 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-07-12 17:20 - 2017-07-07 16:17 - 00588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-07-12 17:20 - 2017-07-07 16:17 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-07-12 17:20 - 2017-07-07 16:16 - 12786176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-07-12 17:20 - 2017-07-07 16:16 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-07-12 17:20 - 2017-07-07 16:15 - 08238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-07-12 17:20 - 2017-07-07 16:15 - 00922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-07-12 17:20 - 2017-07-07 16:14 - 03784704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2017-07-12 17:20 - 2017-07-07 16:14 - 01802240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-07-12 17:20 - 2017-07-07 16:14 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2017-07-12 17:20 - 2017-07-07 16:13 - 05892096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-07-12 17:20 - 2017-07-07 16:13 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-07-12 17:20 - 2017-07-07 16:12 - 04730880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-07-12 17:20 - 2017-07-07 16:12 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-07-12 17:20 - 2017-07-07 16:12 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-07-12 17:20 - 2017-07-07 16:12 - 02055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-07-12 17:20 - 2017-07-07 16:12 - 01305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-07-12 17:20 - 2017-07-07 16:12 - 01142272 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-07-12 17:20 - 2017-07-07 16:12 - 00706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-07-12 17:20 - 2017-07-07 16:11 - 02829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-07-12 17:20 - 2017-07-07 16:11 - 02649600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-07-12 17:20 - 2017-07-07 16:11 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-07-12 17:20 - 2017-07-07 16:11 - 01812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-07-12 17:20 - 2017-07-07 16:10 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-07-12 17:20 - 2017-07-07 16:10 - 04707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-07-12 17:20 - 2017-07-07 16:10 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-07-12 17:20 - 2017-07-07 16:09 - 20504576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-07-12 17:20 - 2017-07-07 16:06 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2017-07-12 17:20 - 2017-07-07 16:06 - 00205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sensrsvc.dll
2017-07-12 17:20 - 2017-07-07 16:05 - 19335168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-07-12 17:20 - 2017-07-07 16:05 - 11870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-07-12 17:20 - 2017-07-07 16:04 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2017-07-12 17:20 - 2017-07-07 16:02 - 00508416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2017-07-12 17:20 - 2017-07-07 16:01 - 06287360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-07-12 17:20 - 2017-07-07 15:59 - 03656704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-07-12 17:20 - 2017-07-02 08:52 - 00031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-07-12 17:20 - 2017-06-20 16:17 - 00034720 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-07-12 17:20 - 2017-06-20 16:16 - 00335776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-07-12 17:20 - 2017-06-20 16:15 - 00233376 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-07-12 17:20 - 2017-06-20 16:11 - 01395152 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-07-12 17:20 - 2017-06-20 16:11 - 00411992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2017-07-12 17:20 - 2017-06-20 16:10 - 02327456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-07-12 17:20 - 2017-06-20 16:10 - 01930320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-07-12 17:20 - 2017-06-20 16:08 - 01242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-07-12 17:20 - 2017-06-20 16:05 - 01057832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-07-12 17:20 - 2017-06-20 16:04 - 04847424 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-07-12 17:20 - 2017-06-20 16:03 - 00102312 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialUIBroker.exe
2017-07-12 17:20 - 2017-06-20 16:02 - 02645688 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-07-12 17:20 - 2017-06-20 16:00 - 00255904 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-07-12 17:20 - 2017-06-20 16:00 - 00142752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-07-12 17:20 - 2017-06-20 15:59 - 06554928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-07-12 17:20 - 2017-06-20 15:59 - 01220072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-07-12 17:20 - 2017-06-20 15:59 - 00467504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2017-07-12 17:20 - 2017-06-20 15:58 - 00833160 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2017-07-12 17:20 - 2017-06-20 15:57 - 00204192 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-07-12 17:20 - 2017-06-20 15:15 - 01620368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-07-12 17:20 - 2017-06-20 15:14 - 01150784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-07-12 17:20 - 2017-06-20 15:12 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2017-07-12 17:20 - 2017-06-20 15:11 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-07-12 17:20 - 2017-06-20 15:11 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-07-12 17:20 - 2017-06-20 15:10 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-07-12 17:20 - 2017-06-20 15:10 - 00188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincredui.dll
2017-07-12 17:20 - 2017-06-20 15:10 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-07-12 17:20 - 2017-06-20 15:09 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Narrator.exe
2017-07-12 17:20 - 2017-06-20 15:09 - 00250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2017-07-12 17:20 - 2017-06-20 15:09 - 00208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2017-07-12 17:20 - 2017-06-20 15:09 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-07-12 17:20 - 2017-06-20 15:09 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-07-12 17:20 - 2017-06-20 15:08 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-07-12 17:20 - 2017-06-20 15:08 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-07-12 17:20 - 2017-06-20 15:08 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-07-12 17:20 - 2017-06-20 15:08 - 00251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-07-12 17:20 - 2017-06-20 15:07 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2017-07-12 17:20 - 2017-06-20 15:07 - 00823296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2017-07-12 17:20 - 2017-06-20 15:07 - 00626176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2017-07-12 17:20 - 2017-06-20 15:06 - 00847872 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-07-12 17:20 - 2017-06-20 15:06 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-07-12 17:20 - 2017-06-20 15:06 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-07-12 17:20 - 2017-06-20 15:06 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-07-12 17:20 - 2017-06-20 15:05 - 04447744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-07-12 17:20 - 2017-06-20 15:05 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-07-12 17:20 - 2017-06-20 15:05 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-07-12 17:20 - 2017-06-20 15:05 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-07-12 17:20 - 2017-06-20 15:05 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-07-12 17:20 - 2017-06-20 15:04 - 01818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2017-07-12 17:20 - 2017-06-20 15:04 - 01425920 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-07-12 17:20 - 2017-06-20 15:04 - 00899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2017-07-12 17:20 - 2017-06-20 15:04 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-07-12 17:20 - 2017-06-20 15:04 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2017-07-12 17:20 - 2017-06-20 15:03 - 02077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-07-12 17:20 - 2017-06-20 15:02 - 02804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-07-12 17:20 - 2017-06-20 15:02 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-07-12 17:20 - 2017-06-20 15:01 - 04536320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-07-12 17:20 - 2017-06-20 15:01 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-07-12 17:20 - 2017-06-20 15:01 - 03803136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-07-12 17:20 - 2017-06-20 15:01 - 01076736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-07-12 17:20 - 2017-06-20 15:00 - 02171392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2017-07-12 17:20 - 2017-06-20 14:59 - 02938880 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-07-12 17:20 - 2017-06-20 14:59 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-07-12 17:20 - 2017-06-20 14:54 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmApiSetExtImplDesktop.dll
2017-07-12 17:20 - 2017-06-20 14:45 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-07-12 17:20 - 2017-06-20 14:43 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-07-12 17:20 - 2017-06-20 14:43 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-07-12 17:20 - 2017-06-20 14:42 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-07-12 17:20 - 2017-06-20 14:42 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-07-12 17:20 - 2017-06-20 14:38 - 00663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-07-12 17:20 - 2017-06-20 14:37 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-07-12 17:19 - 2017-07-07 17:27 - 00965024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-07-12 17:19 - 2017-07-07 17:27 - 00821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-07-12 17:19 - 2017-07-07 17:22 - 00119384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2017-07-12 17:19 - 2017-07-07 17:17 - 01017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2017-07-12 17:19 - 2017-07-07 17:14 - 01171032 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2017-07-12 17:19 - 2017-07-07 17:13 - 00147800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Clipc.dll
2017-07-12 17:19 - 2017-07-07 17:12 - 00228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-07-12 17:19 - 2017-07-07 17:10 - 01337848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-07-12 17:19 - 2017-07-07 17:10 - 00372128 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-07-12 17:19 - 2017-07-07 16:27 - 01640448 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-07-12 17:19 - 2017-07-07 16:27 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2017-07-12 17:19 - 2017-07-07 16:27 - 00577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\duser.dll
2017-07-12 17:19 - 2017-07-07 16:27 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2017-07-12 17:19 - 2017-07-07 16:25 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-07-12 17:19 - 2017-07-07 16:24 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
2017-07-12 17:19 - 2017-07-07 16:23 - 00113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-07-12 17:19 - 2017-07-07 16:23 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapprovp.dll
2017-07-12 17:19 - 2017-07-07 16:22 - 00520704 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-07-12 17:19 - 2017-07-07 16:21 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncCsp.dll
2017-07-12 17:19 - 2017-07-07 16:19 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-07-12 17:19 - 2017-07-07 16:19 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\raschap.dll
2017-07-12 17:19 - 2017-07-07 16:18 - 00563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2017-07-12 17:19 - 2017-07-07 16:17 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-07-12 17:19 - 2017-07-07 16:17 - 00536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-07-12 17:19 - 2017-07-07 16:17 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-07-12 17:19 - 2017-07-07 16:16 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-07-12 17:19 - 2017-07-07 16:14 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-07-12 17:19 - 2017-07-07 16:12 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2017-07-12 17:19 - 2017-07-07 16:12 - 01420800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2017-07-12 17:19 - 2017-07-07 16:12 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-07-12 17:19 - 2017-07-07 16:11 - 03139584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-07-12 17:19 - 2017-07-07 16:11 - 02177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-07-12 17:19 - 2017-07-07 16:11 - 00986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-07-12 17:19 - 2017-07-07 16:11 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-07-12 17:19 - 2017-07-07 16:07 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2017-07-12 17:19 - 2017-07-07 16:07 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2017-07-12 17:19 - 2017-07-07 16:05 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2017-07-12 17:19 - 2017-07-07 16:04 - 01703424 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-07-12 17:19 - 2017-07-07 16:04 - 01403392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdc.dll
2017-07-12 17:19 - 2017-06-20 16:18 - 01564576 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-07-12 17:19 - 2017-06-20 16:18 - 00096672 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-07-12 17:19 - 2017-06-20 16:17 - 00629152 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-07-12 17:19 - 2017-06-20 16:17 - 00544160 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-07-12 17:19 - 2017-06-20 16:17 - 00334240 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-07-12 17:19 - 2017-06-20 16:17 - 00136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-07-12 17:19 - 2017-06-20 16:16 - 01214880 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-07-12 17:19 - 2017-06-20 16:04 - 00472728 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-07-12 17:19 - 2017-06-20 16:03 - 00179608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll
2017-07-12 17:19 - 2017-06-20 16:02 - 00426912 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-07-12 17:19 - 2017-06-20 16:00 - 00558920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-07-12 17:19 - 2017-06-20 15:59 - 01054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-07-12 17:19 - 2017-06-20 15:59 - 00583304 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2017-07-12 17:19 - 2017-06-20 15:58 - 00406072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2017-07-12 17:19 - 2017-06-20 15:58 - 00203168 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2017-07-12 17:19 - 2017-06-20 15:16 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfuimanager.dll
2017-07-12 17:19 - 2017-06-20 15:16 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2017-07-12 17:19 - 2017-06-20 15:14 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys
2017-07-12 17:19 - 2017-06-20 15:13 - 00216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
2017-07-12 17:19 - 2017-06-20 15:13 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2017-07-12 17:19 - 2017-06-20 15:13 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgr.dll
2017-07-12 17:19 - 2017-06-20 15:12 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2017-07-12 17:19 - 2017-06-20 15:12 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Profile.RetailInfo.dll
2017-07-12 17:19 - 2017-06-20 15:10 - 00778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2017-07-12 17:19 - 2017-06-20 15:10 - 00189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2017-07-12 17:19 - 2017-06-20 15:09 - 00555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgrSvc.dll
2017-07-12 17:19 - 2017-06-20 15:09 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll
2017-07-12 17:19 - 2017-06-20 15:09 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-07-12 17:19 - 2017-06-20 15:09 - 00205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipboardServer.dll
2017-07-12 17:19 - 2017-06-20 15:09 - 00135680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2017-07-12 17:19 - 2017-06-20 15:09 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dataclen.dll
2017-07-12 17:19 - 2017-06-20 15:08 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\system32\certca.dll
2017-07-12 17:19 - 2017-06-20 15:08 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2017-07-12 17:19 - 2017-06-20 15:07 - 00916992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2017-07-12 17:19 - 2017-06-20 15:07 - 00757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-07-12 17:19 - 2017-06-20 15:07 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2017-07-12 17:19 - 2017-06-20 15:07 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-07-12 17:19 - 2017-06-20 15:06 - 00455680 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-07-12 17:19 - 2017-06-20 15:06 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2017-07-12 17:19 - 2017-06-20 15:06 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll
2017-07-12 17:19 - 2017-06-20 15:06 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-07-12 17:19 - 2017-06-20 15:05 - 02873344 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2017-07-12 17:19 - 2017-06-20 15:05 - 00873472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-07-12 17:19 - 2017-06-20 15:05 - 00696320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2017-07-12 17:19 - 2017-06-20 15:05 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-07-12 17:19 - 2017-06-20 15:04 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-07-12 17:19 - 2017-06-20 15:03 - 01396224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-07-12 17:19 - 2017-06-20 15:02 - 03204096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-07-12 17:19 - 2017-06-20 15:02 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-07-12 17:19 - 2017-06-20 15:02 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinAUG.dll
2017-07-12 17:19 - 2017-06-20 15:01 - 03332096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-07-12 17:19 - 2017-06-20 15:01 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-07-12 17:19 - 2017-06-20 15:01 - 00809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-07-12 17:19 - 2017-06-20 15:01 - 00397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-07-12 17:19 - 2017-06-20 15:00 - 03057664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-07-12 17:19 - 2017-06-20 14:59 - 01357824 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-07-12 17:19 - 2017-06-20 14:58 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-07-12 17:19 - 2017-06-20 14:57 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2017-07-12 17:19 - 2017-06-20 14:57 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMPushRouterCore.dll
2017-07-12 17:19 - 2017-06-20 14:56 - 00600064 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2017-07-12 17:19 - 2017-06-20 14:56 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdmaud.drv

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-29 09:41 - 2016-11-30 09:26 - 00000000 ____D C:\Users\Wao\Desktop\tidy later
2017-07-29 09:33 - 2017-04-19 13:47 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-07-29 05:45 - 2017-05-01 20:43 - 00000000 ____D C:\Users\Wao\AppData\Roaming\RIFT
2017-07-29 03:52 - 2017-05-11 17:20 - 00000000 ____D C:\Users\Wao\AppData\Local\Glyph
2017-07-29 03:43 - 2017-05-01 20:40 - 00000000 ____D C:\Program Files (x86)\Glyph
2017-07-29 01:08 - 2017-03-19 07:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-29 01:08 - 2017-03-19 07:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-07-28 10:05 - 2017-04-19 13:52 - 00000000 ____D C:\Users\Wao
2017-07-28 06:38 - 2016-11-18 17:53 - 00000000 ____D C:\Users\Wao\AppData\LocalLow\Mozilla
2017-07-28 06:38 - 2014-10-07 17:08 - 00000000 ____D C:\Program Files (x86)\Steam
2017-07-28 05:58 - 2015-09-24 03:04 - 00002401 _____ C:\Users\Wao\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-07-28 05:58 - 2015-09-24 03:04 - 00000000 ___RD C:\Users\Wao\OneDrive
2017-07-27 17:58 - 2014-10-05 08:15 - 00000000 ____D C:\Users\Wao\AppData\Local\Packages
2017-07-27 17:57 - 2014-10-11 20:05 - 00000000 ____D C:\Users\Wao\AppData\Local\CrashDumps
2017-07-27 09:15 - 2017-01-11 03:03 - 00004126 _____ C:\Users\Wao\Desktop\Rkill.txt
2017-07-26 12:43 - 2014-10-05 11:42 - 00000000 __SHD C:\Users\Wao\IntelGraphicsProfiles
2017-07-25 13:47 - 2017-04-19 14:15 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-07-23 08:24 - 2014-12-23 00:30 - 00000000 ____D C:\ProgramData\Package Cache
2017-07-23 08:15 - 2017-03-18 21:40 - 01310720 _____ C:\WINDOWS\system32\config\BBI
2017-07-23 08:10 - 2015-09-24 02:25 - 00000000 ____D C:\Users\Wao\AppData\Local\ElevatedDiagnostics
2017-07-23 07:25 - 2017-03-19 07:01 - 00000000 ____D C:\WINDOWS\INF
2017-07-23 07:25 - 2015-08-22 01:12 - 00000000 ____D C:\ProgramData\DatacardService
2017-07-23 07:12 - 2016-11-23 23:07 - 00000000 ____D C:\AdwCleaner
2017-07-22 17:36 - 2013-11-15 15:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-07-22 14:15 - 2017-03-19 07:03 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-07-17 01:05 - 2014-10-12 20:17 - 00000000 ____D C:\Users\Wao\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-07-17 01:00 - 2014-10-28 20:57 - 00000000 ____D C:\ProgramData\AVAST Software
2017-07-17 00:38 - 2016-11-19 05:04 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2017-07-17 00:35 - 2017-05-01 20:40 - 00000000 ____D C:\ProgramData\Glyph
2017-07-17 00:32 - 2017-03-29 03:37 - 00000000 ____D C:\Program Files\CyberGhost 6
2017-07-17 00:27 - 2017-06-08 05:26 - 00000000 ____D C:\Users\Wao\AppData\Roaming\Opera Software
2017-07-17 00:27 - 2017-06-08 05:26 - 00000000 ____D C:\Users\Wao\AppData\Local\Opera Software
2017-07-17 00:27 - 2017-06-08 05:25 - 00000000 ____D C:\Program Files\Opera
2017-07-17 00:09 - 2015-09-24 02:42 - 00001612 _____ C:\Users\Administrator\Desktop\DCS-5020L(28224589).lnk
2017-07-16 21:52 - 2017-04-19 14:14 - 00942086 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-07-16 20:56 - 2017-03-18 21:40 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-07-16 20:39 - 2014-10-06 17:23 - 00000000 ____D C:\Users\Wao\AppData\Local\VirtualStore
2017-07-16 20:19 - 2015-09-24 02:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2017-07-16 20:18 - 2014-10-14 20:18 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-07-14 23:48 - 2017-03-19 07:03 - 00000000 ____D C:\WINDOWS\rescache
2017-07-14 22:08 - 2016-08-22 02:03 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-07-12 20:05 - 2016-02-13 23:20 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-07-12 19:59 - 2017-04-19 13:47 - 00382960 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-07-12 19:55 - 2017-03-19 07:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-07-12 19:55 - 2017-03-19 07:03 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-07-12 19:55 - 2017-03-19 07:03 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-07-12 19:55 - 2017-03-19 07:03 - 00000000 ___RD C:\Program Files\Windows Defender
2017-07-12 19:55 - 2017-03-19 07:03 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-07-12 19:55 - 2017-03-19 07:03 - 00000000 ____D C:\WINDOWS\system32\migwiz
2017-07-12 19:55 - 2017-03-19 07:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-07-12 19:55 - 2017-03-19 07:03 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-07-12 19:55 - 2017-03-19 07:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-07-12 19:55 - 2017-03-19 07:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-07-12 19:55 - 2017-03-19 07:03 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-07-12 17:30 - 2017-03-19 06:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-07-12 17:25 - 2014-10-29 15:44 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-07-12 17:22 - 2014-10-29 15:44 - 135225752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-07-12 06:08 - 2017-03-19 07:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-07-12 06:08 - 2017-03-19 07:03 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-07-06 03:19 - 2016-12-28 15:53 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-07-05 09:46 - 2016-10-21 09:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-07-05 09:46 - 2014-10-06 17:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-07-01 04:17 - 2017-03-19 07:03 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-07-01 00:47 - 2017-03-19 07:06 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-07-01 00:47 - 2017-03-19 07:06 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2016-12-28 15:36 - 2016-12-28 15:36 - 0193255 _____ () C:\Program Files (x86)\unins000(1).dat
2016-12-28 15:36 - 2016-12-28 15:36 - 0197891 _____ () C:\Program Files (x86)\unins000.dat
2016-06-11 22:00 - 2016-11-29 02:47 - 0087788 _____ () C:\Users\Wao\AppData\Roaming\DNR-202L.ico
2017-01-11 01:28 - 2017-01-11 01:54 - 0005120 _____ () C:\Users\Wao\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-02-16 02:40 - 2017-02-16 02:40 - 0011779 _____ () C:\Users\Wao\AppData\Local\recently-used.xbel
2016-05-31 23:31 - 2016-05-31 23:31 - 0000057 _____ () C:\ProgramData\Ament.ini
2017-03-27 02:06 - 2016-12-27 23:17 - 0353976 _____ (COMODO) C:\ProgramData\cmdres.dll

Files to move or delete:
====================
C:\ProgramData\cmdres.dll


Some files in TEMP:
====================
2017-07-27 05:29 - 2017-06-20 16:10 - 1930320 _____ (Microsoft Corporation) C:\Users\Wao\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-07-25 18:01

==================== End of FRST.txt ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-07-2017
Ran by Wao (29-07-2017 10:31:55)
Running from C:\Users\Wao\Desktop
Windows 10 Home Version 1703 (X64) (2017-04-19 04:25:13)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2722123353-1508981069-969149372-500 - Administrator - Disabled) => C:\Users\Administrator
Browsing account (S-1-5-21-2722123353-1508981069-969149372-1004 - Limited - Enabled) => C:\Users\Browsing account
DefaultAccount (S-1-5-21-2722123353-1508981069-969149372-503 - Limited - Disabled)
Guest (S-1-5-21-2722123353-1508981069-969149372-501 - Limited - Disabled)
Guestacc (S-1-5-21-2722123353-1508981069-969149372-1005 - Limited - Enabled)
Wao (S-1-5-21-2722123353-1508981069-969149372-1001 - Administrator - Enabled) => C:\Users\Wao

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Spybot - Search and Destroy (Disabled - Out of date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

. . (HKLM\...\{12B07FF1-29CB-45AC-B493-1DB88BE717BD}) (Version: 7.1 - Intel) Hidden
. . . (HKLM-x32\...\{C01175B6-6575-4526-A55B-2BC2F10BA083}) (Version: 2.7.2.4 - Intel) Hidden
µTorrent (HKU\S-1-5-21-2722123353-1508981069-969149372-1001\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07262017024610075\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07272017024513331\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07282017024514611\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
µTorrent (HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07292017024621281\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3013 - Acer Incorporated)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.3005 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3013 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.01.2008 - Acer Incorporated)
AcerCloud Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.02.2022 - Acer Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20058 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 23.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{D2FE6376-E549-4F63-A2C5-CA24DA035DE4}) (Version: 5.6 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{BB109E24-EE90-485B-A28B-ADDEFB40540B}) (Version: 5.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.28.28 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{661C79C2-D156-419C-81CA-D1A2523B0841}) (Version: 1.2.91.10326 - Avira Operations GmbH & Co. KG) Hidden
Avira Connect (HKLM-x32\...\{dd9049b8-31d1-40bd-8c8c-97a7b087a78f}) (Version: 1.2.91.10326 - Avira Operations GmbH & Co. KG)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Broadcom Card Reader Driver Installer (HKLM\...\{67AA948F-8D83-4566-B84A-7CAABCF64E3F}) (Version: 16.0.2.6 - Broadcom Corporation)
Broadcom NetLink Controller (HKLM\...\{D1D7ED66-5C08-40A0-AEC0-B6DF977697BB}) (Version: 16.0.2.4 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.02.2012 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.02.2016 - Acer Incorporated)
clear.fi SDK - Video 2 (HKLM-x32\...\{EBA33CAD-E071-48d5-A168-FBA4EEB42E93}) (Version: 2.1.2606 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (HKLM-x32\...\{35DA427D-BB23-49B8-9AFD-CFFCFE3B708D}) (Version: 2.1.2606 - CyberLink Corp.) Hidden
Curse Client (HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07262017024610075\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
Curse Client (HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07272017024513331\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)
ELAN Touchpad 11.15.0.18_X64 (HKLM\...\Elantech) (Version: 11.15.0.18 - ELAN Microelectronic Corp.)
EPSON WorkForce 435 Series Printer Uninstall (HKLM\...\EPSON WorkForce 435 Series) (Version:  - SEIKO EPSON Corporation)
EverQuest (HKU\S-1-5-21-2722123353-1508981069-969149372-1001\...\DG0-EverQuest) (Version:  - Sony Online Entertainment)
EverQuest (HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07262017024610075\...\DG0-EverQuest) (Version:  - Sony Online Entertainment)
EverQuest (HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07272017024513331\...\DG0-EverQuest) (Version:  - Sony Online Entertainment)
EverQuest (HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07282017024514611\...\DG0-EverQuest) (Version:  - Sony Online Entertainment)
EverQuest (HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07292017024621281\...\DG0-EverQuest) (Version:  - Sony Online Entertainment)
f.lux (HKU\S-1-5-21-2722123353-1508981069-969149372-1001\...\Flux) (Version:  - )
f.lux (HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07262017024610075\...\Flux) (Version:  - )
f.lux (HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07272017024513331\...\Flux) (Version:  - )
f.lux (HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07282017024514611\...\Flux) (Version:  - )
f.lux (HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07292017024621281\...\Flux) (Version:  - )
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Guild Wars (HKLM-x32\...\Guild Wars) (Version:  - )
HDD Viewer 1.3.2 (HKLM-x32\...\HDD Viewer) (Version: 1.3.2 - D-Link)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.20.286 - SurfRight B.V.)
HMA! Pro VPN 3.3.0.2 (HKLM-x32\...\HMA! Pro VPN) (Version: 3.3.0.2 - Privax Ltd)
HP Officejet Pro 8610 Basic Device Software (HKLM\...\{39DA3F40-0B9E-4002-8E01-108FEC9EFE43}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP Officejet Pro 8610 Help (HKLM-x32\...\{F9569D00-4576-46C8-B6C7-207A4FD39745}) (Version: 32.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3006 - Acer Incorporated)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Technology Access (HKLM-x32\...\{1709a432-4aab-4ad0-870d-ff74abc41bdd}) (Version: 1.9.0.1021 - Intel Corporation)
Intel® Technology Access (HKLM-x32\...\{691f5bf6-e4ed-4ebd-b2ab-8578fc3f63d2}) (Version: 1.6.1.1001 - Intel Corporation)
Intel® Technology Access (HKLM-x32\...\{810dff4d-564d-47da-b8bc-a3729815aab7}) (Version: 1.9.1.1008 - Intel Corporation)
Intel® Technology Access Software Asset Manager (HKLM-x32\...\{C1C74874-4E6F-49B8-BBCD-D43E277D8D28}) (Version: 3.4.1942 - Intel Corporation) Hidden
Intel® Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{954190cd-c66c-4650-bd15-f3dd85f2ae15}) (Version: 2.7.2.4 - Intel)
iTunes (HKLM\...\{02F95875-9527-49CC-B32F-970ADAEBD1EF}) (Version: 12.6.2.20 - Apple Inc.)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8102 - Acer Incorporated)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version:  - )
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.8229.2103 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2722123353-1508981069-969149372-1001\...\OneDriveSetup.exe) (Version: 17.3.6943.0625 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07262017024610075\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07272017024513331\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07282017024514611\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07292017024621281\...\OneDriveSetup.exe) (Version: 17.3.6943.0625 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649 (HKLM-x32\...\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.7.0.24 - Symantec Corporation)
Norton Online Backup ARA (HKLM-x32\...\NARA) (Version: 4.3.0.14 - Symantec Corporation) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.2 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8229.2103 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2103 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2103 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8201.2075 - Microsoft Corporation) Hidden
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2008 - Acer)
Office Addin 2003 (HKLM-x32\...\{1FCC073B-CC01-4443-AD20-E559F66E6E83}) (Version: 2.02.2008 - Acer)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Prerequisite installer (HKLM-x32\...\{3AAB08A3-F129-4BD5-B409-AE674F93759D}) (Version: 12.0.0003 - Nero AG) Hidden
Product Improvement Study for HP Officejet Pro 8610 (HKLM\...\{D2064264-3162-4DB1-AFE0-167BEFBBCD9C}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
Python 3.5.2 (32-bit) (HKU\S-1-5-21-2722123353-1508981069-969149372-1001\...\{cf72a2ab-2f1d-49fd-a0d7-1065e6357e1e}) (Version: 3.5.2150.0 - Python Software Foundation)
Python 3.5.2 (32-bit) (HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07262017024610075\...\{cf72a2ab-2f1d-49fd-a0d7-1065e6357e1e}) (Version: 3.5.2150.0 - Python Software Foundation)
Python 3.5.2 (32-bit) (HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07272017024513331\...\{cf72a2ab-2f1d-49fd-a0d7-1065e6357e1e}) (Version: 3.5.2150.0 - Python Software Foundation)
Python 3.5.2 (32-bit) (HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07282017024514611\...\{cf72a2ab-2f1d-49fd-a0d7-1065e6357e1e}) (Version: 3.5.2150.0 - Python Software Foundation)
Python 3.5.2 (32-bit) (HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07292017024621281\...\{cf72a2ab-2f1d-49fd-a0d7-1065e6357e1e}) (Version: 3.5.2150.0 - Python Software Foundation)
Python 3.5.2 Core Interpreter (32-bit) (HKLM-x32\...\{EB0611B2-7F10-4D97-BCF2-DCAAB1199498}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Development Libraries (32-bit) (HKLM-x32\...\{5DB2183B-62D3-407F-BBC1-EAD2F36283FA}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Documentation (32-bit) (HKLM-x32\...\{1FBA5182-78DD-4940-9F06-96E5042B7061}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Executables (32-bit) (HKLM-x32\...\{33B10015-A9B1-4210-B50A-26C6443979B0}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 pip Bootstrap (32-bit) (HKLM-x32\...\{9ADF9987-3327-48C6-91B3-B10900366491}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Standard Library (32-bit) (HKLM-x32\...\{FCBB04F4-D2CF-4F55-BE92-B3898696B318}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Tcl/Tk Support (32-bit) (HKLM-x32\...\{C1153533-FDC4-4922-892D-B71810F69566}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Test Suite (32-bit) (HKLM-x32\...\{9D50A6D7-410A-4469-87B7-35FA84CBD479}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python 3.5.2 Utility Scripts (32-bit) (HKLM-x32\...\{E6DEBF43-7ACF-4E88-9BBF-9B5945683281}) (Version: 3.5.2150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{963ECCDD-F09F-4C24-9367-8B5D748AA7C8}) (Version: 3.5.2121.0 - Python Software Foundation)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.228 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.57 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6927 - Realtek Semiconductor Corp.)
RIFT (HKLM\...\Steam App 39120) (Version:  - Trion Worlds)
RIFT (HKLM-x32\...\Glyph RIFT) (Version:  - Trion Worlds, Inc.)
RogueKiller version 12.11.7.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.7.0 - Adlice Software)
SAMSUNG Intelli-studio (HKLM-x32\...\Intelli-studio) (Version: 3.1.32.1 - Samsung Electronics Co., Ltd.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1236 - SUPERAntiSpyware.com)
Synctunes Desktop (HKLM-x32\...\{E828D6D5-E46F-49CE-8EC8-8AA0CA852F2F}) (Version: 1.1.7 - The Bit Studio)
System Requirements Lab Detection (HKLM-x32\...\{FD039EAB-8DAA-4690-A6B1-017AF0F59EC1}) (Version: 6.1.4.0 - Husdawg, LLC)
Trove North America (HKLM-x32\...\Glyph Trove North America) (Version:  - Trion Worlds, Inc.)
USBPcap 1.1.0.0-g794bf26-5 (HKLM\...\USBPcap) (Version: 1.1.0.0-g794bf26-5 - )
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Wireless Broadband (HKLM-x32\...\Wireless Broadband) (Version: 21.005.15.01.683 - Huawei Technologies Co.,Ltd)
Wireshark 2.2.5 (64-bit) (HKLM-x32\...\Wireshark) (Version: 2.2.5 - The Wireshark developer community, hxxps://www.wireshark.org)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2722123353-1508981069-969149372-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2722123353-1508981069-969149372-1001_Classes\CLSID\{a480dce0-97a3-4937-81af-bb1db9cb0bcc}\InprocServer32 -> C:\WINDOWS\system32\dfshim.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2016-05-18] ()
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2015-06-16] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2015-06-16] (Safer-Networking Ltd.)
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2017-07-04] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Users\Administrator\Desktop\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Users\Administrator\Desktop\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2015-06-16] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2015-06-16] (Safer-Networking Ltd.)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2017-07-04] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08A47C25-6F0F-4B94-88FF-69EDABFD6925} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\task.vbs"
Task: {0FF8C635-45EA-4BF4-9818-81BFC3FCF124} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {1A0C7EFE-0C4D-499C-8B7A-27B330CFBBB7} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {1C229308-3672-4BF0-9CDB-0944497A4330} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-07-18] (Microsoft Corporation)
Task: {2149696C-E263-4C3F-A7A9-0AB2CD1A9E1D} - System32\Tasks\{EF01BE72-48BC-4948-ABE5-7C0D4AF06BA6} => C:\Windows\system32\pcalua.exe -a C:\Users\Wao\Downloads\MSAoE.exe -d C:\Users\Wao\Downloads
Task: {22257E8C-2E56-4563-8B68-4383FE6BD1A1} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {2685EE85-754E-4EEB-9977-B28742EFAEAF} - System32\Tasks\HPCustParticipation HP Officejet Pro 8610 => C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPCustPartic.exe [2014-07-21] (Hewlett-Packard Development Company, LP)
Task: {2952CB63-3FA2-4A9D-9E3C-DBDD36704B11} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {30B32355-639B-49B7-87C1-CD7485B0A800} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2015-06-16] (Safer-Networking Ltd.)
Task: {35099D68-D5EA-4E15-9D81-AC915F3164B0} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {35E3036A-DC72-4FB2-A37C-CB06A497B83F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {43DBBB1C-90D2-4BB4-AF57-4EC7C9849F5C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {494F9A47-8C09-4685-81C7-7640CDD2BF12} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-03-15] (Acer Incorporated)
Task: {4E5174C7-A783-40A4-868F-42EA5006E44D} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-06-17] (Acer Incorporate)
Task: {4EDD5AEC-F220-4E28-A7AB-2CDC3CB13ABF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-03-04] (Piriform Ltd)
Task: {6116D054-68FF-4252-95FC-29CF8E086A7D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {636A8BCF-D9B2-4E95-8A3E-408E733FA312} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {655E5E37-AD55-4EBC-89E8-A3C17EB529F1} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {65D91869-88E5-4272-A675-03A02C28E92B} - System32\Tasks\{97A3EAC2-D9DA-4E5E-A0E6-5D19353F775B} => C:\Windows\system32\pcalua.exe -a D:\autorun.exe -d D:\
Task: {70A33EE0-2AF2-4D93-ABDC-1A0EAD6E1264} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-07-07] ()
Task: {78C15B47-A802-44EF-BC73-0C0EDB67ECEC} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {7A49E8D8-4711-46C2-9363-7F9F2EBE9545} - \WPD\SqmUpload_S-1-5-21-2722123353-1508981069-969149372-1001 -> No File <==== ATTENTION
Task: {7DDBE312-0F35-4C65-A7FC-A69FAC4805E3} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {819BF9BC-768B-4431-A190-4C36733E9D1C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2017-07-12] (Microsoft Corporation)
Task: {86B22158-8C73-4356-AE89-AED703F8B993} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {8FB1A5BB-2A68-4E47-ACEB-B36A4F739E03} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-07-22] (Microsoft Corporation)
Task: {934A974C-1C4E-4124-B0E2-B577B06D1981} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {9392E546-D6D2-4C78-A917-3A8DEB682805} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2016-07-06] ()
Task: {A3486E77-FFD2-4283-8106-BA7DC2B69C1E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {A74460BC-374D-4516-8E64-0E144D394CF0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {AE1802CD-F798-45B7-9A63-31489C0E2E03} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-07-07] ()
Task: {B2247915-EAF5-4598-851D-B932C72B0FF8} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {B5275604-207E-4783-A03D-603E4C61443D} - System32\Tasks\{3B7B78D0-36D2-45B0-B59F-DB2B57BBA256} => C:\Windows\system32\pcalua.exe -a D:\aoesetup.exe -d D:\ -c /autorun
Task: {BF7C6352-4075-4782-9C00-E444060935BA} - System32\Tasks\{17612180-9FC9-438C-B50A-9AD08A1536F7} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\McAfee Security Scan\uninstall.exe"
Task: {C27EE920-AB7D-4439-B16E-A5BF43BCDFAA} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2016-07-06] ()
Task: {C5320ADF-E67E-444D-A7F5-646B016875D6} - System32\Tasks\{09F85888-F5A7-4111-BDCC-78E6C4328F6B} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Overwolf\\OWUninstaller.exe" -c /S
Task: {C80F70D9-619F-4DA9-9FED-382D8CBDDF23} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {CB2B0734-48B0-4B5B-9088-669586F1FA3E} - System32\Tasks\Norton Online Backup ARA => C:\Program Files (x86)\Norton Online Backup ARA\Engine\4.3.0.14\\Ara.exe [2013-08-27] (Symantec Corporation)
Task: {D14D0FE9-652E-4CC5-858E-5309EBC151C7} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {DC4F106D-E560-446D-81D1-94B0E9627C21} - System32\Tasks\IntelTA-Upgrade-56460984-97c2-4bc7-a632-d776cf817f5d-Logon => C:\Program Files (x86)\Intel Corporation\Intel® Technology Access\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2016-08-12] (Intel Corporation)
Task: {E1714E5E-3BC0-46B9-B8C1-CE369D73BE2B} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {E2430858-D718-4FA5-8BF1-7E30CCD15548} - System32\Tasks\IntelTA-Upgrade-56460984-97c2-4bc7-a632-d776cf817f5d => C:\Program Files (x86)\Intel Corporation\Intel® Technology Access\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2016-08-12] (Intel Corporation)
Task: {E28BE618-04A8-4FA1-9C68-438C62D191AE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-07-18] (Microsoft Corporation)
Task: {E3891DC1-FF36-42FC-AB63-67CC783AF473} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {E4B353FE-5DB1-4089-9812-0F3F040286F6} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {E57567AE-2677-4EF2-8B2C-0FA93418513B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-12] (Adobe Systems Incorporated)
Task: {F8AF69AD-3739-4BE8-833E-5636755AE48F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {FE4AFCE0-0BC7-4687-AECD-7502CF15DE29} - System32\Tasks\{09F45EF4-7E7A-4991-A169-E0A3C95EAF3D} => C:\Windows\system32\pcalua.exe -a D:\AUTOMENU.EXE -d D:\

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Wao\Favorites\Acer\Acer.lnk -> hxxp://www.acer.com

==================== Loaded Modules (Whitelisted) ==============

2016-09-01 18:12 - 2016-09-01 18:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-07-13 20:50 - 2017-07-13 20:50 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-07-07 11:44 - 2015-07-07 11:44 - 00088064 _____ () C:\Program Files\Intel Corporation\Intel® Technology Access\libglog.dll
2016-04-26 14:30 - 2016-04-26 14:30 - 00367824 _____ () C:\Program Files\Intel Corporation\Intel® Technology Access\JsonCpp.dll
2015-08-22 01:37 - 2015-08-22 01:31 - 00246112 _____ () C:\ProgramData\Wireless Broadband\OnlineUpdate\ouc.exe
2017-03-19 06:58 - 2017-03-19 06:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2016-03-15 03:44 - 2017-07-07 16:49 - 08932040 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-05-18 08:42 - 2016-05-18 08:42 - 00230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2013-11-15 15:45 - 2013-02-20 21:58 - 00111176 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2017-07-12 02:31 - 2017-07-12 02:32 - 00020480 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-07-12 02:31 - 2017-07-12 02:32 - 27590144 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-07-12 02:31 - 2017-07-12 02:31 - 00428032 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.AGM.Native.Windows.dll
2017-07-12 02:31 - 2017-07-12 02:32 - 20649984 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2017-07-12 02:31 - 2017-07-12 02:31 - 02305536 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2017-07-12 02:31 - 2017-07-12 02:31 - 02856448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2017-05-23 16:26 - 2017-05-23 16:26 - 03139496 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-06-06 05:22 - 2017-06-06 05:25 - 00046080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2016-06-03 12:40 - 2016-06-03 12:40 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2017-07-12 02:31 - 2017-07-12 02:32 - 01127936 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-05-04 14:48 - 2017-05-04 14:51 - 01062400 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2017-03-19 06:59 - 2017-03-19 12:31 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-07-16 20:19 - 2017-06-27 12:06 - 02260432 _____ () C:\USERS\ADMINISTRATOR\DESKTOP\ANTI-MALWARE\MwacLib.dll
2016-12-28 15:58 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-12-28 15:58 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-12-28 15:58 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-12-28 15:58 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-08-22 01:37 - 2015-08-22 01:31 - 00011362 _____ () C:\ProgramData\Wireless Broadband\OnlineUpdate\mingwm10.dll
2015-08-22 01:37 - 2015-08-22 01:31 - 00043008 _____ () C:\ProgramData\Wireless Broadband\OnlineUpdate\libgcc_s_dw2-1.dll
2015-08-22 01:37 - 2015-08-22 01:32 - 02415104 _____ () C:\ProgramData\Wireless Broadband\OnlineUpdate\QtCore4.dll
2015-08-22 01:37 - 2015-08-22 01:32 - 01148416 _____ () C:\ProgramData\Wireless Broadband\OnlineUpdate\QtNetwork4.dll
2015-08-22 01:37 - 2015-08-22 01:32 - 00384512 _____ () C:\ProgramData\Wireless Broadband\OnlineUpdate\QueryStrategy.dll
2015-08-22 01:37 - 2015-08-22 01:32 - 00398336 _____ () C:\ProgramData\Wireless Broadband\OnlineUpdate\QtXml4.dll
2013-11-15 15:20 - 2013-01-15 04:25 - 01200088 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\67376219.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\67376219.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 23:25 - 2013-08-22 23:25 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07262017024609504\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07272017024513026\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07282017024514004\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07292017024620395\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07262017024609844\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07272017024513135\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07282017024514315\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07292017024620977\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2722123353-1508981069-969149372-1001\Control Panel\Desktop\\Wallpaper -> c:\users\wao\appdata\local\packages\microsoft.windows.photos_8wekyb3d8bbwe\localstate\photosappbackground\{ba9406f6-1e16-4835-a114-9a378daa3c11}.jpg
HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07262017024610075\Control Panel\Desktop\\Wallpaper -> c:\users\wao\appdata\local\packages\microsoft.windows.photos_8wekyb3d8bbwe\localstate\photosappbackground\{ba9406f6-1e16-4835-a114-9a378daa3c11}.jpg
HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07272017024513331\Control Panel\Desktop\\Wallpaper -> c:\users\wao\appdata\local\packages\microsoft.windows.photos_8wekyb3d8bbwe\localstate\photosappbackground\{ba9406f6-1e16-4835-a114-9a378daa3c11}.jpg
HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07282017024514611\Control Panel\Desktop\\Wallpaper -> c:\users\wao\appdata\local\packages\microsoft.windows.photos_8wekyb3d8bbwe\localstate\photosappbackground\{ba9406f6-1e16-4835-a114-9a378daa3c11}.jpg
HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07292017024621281\Control Panel\Desktop\\Wallpaper -> c:\users\wao\appdata\local\packages\microsoft.windows.photos_8wekyb3d8bbwe\localstate\photosappbackground\{ba9406f6-1e16-4835-a114-9a378daa3c11}.jpg
HKU\S-1-5-21-2722123353-1508981069-969149372-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07262017024611550\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2722123353-1508981069-969149372-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07272017024513945\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2722123353-1508981069-969149372-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07282017024519144\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2722123353-1508981069-969149372-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07292017024625298\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2722123353-1508981069-969149372-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07262017024611937\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2722123353-1508981069-969149372-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07272017024514110\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2722123353-1508981069-969149372-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07282017024519328\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2722123353-1508981069-969149372-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07292017024626798\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => ""C:\Program Files (x86)\D-Link\D-ViewCam\MainConsole.EXE""
HKU\S-1-5-21-2722123353-1508981069-969149372-1001\...\StartupApproved\StartupFolder: => "CurseClientStartup.ccip"
HKU\S-1-5-21-2722123353-1508981069-969149372-1001\...\StartupApproved\StartupFolder: => "HMA! Pro VPN.lnk"
HKU\S-1-5-21-2722123353-1508981069-969149372-1001\...\StartupApproved\StartupFolder: => "Curse.lnk"
HKU\S-1-5-21-2722123353-1508981069-969149372-1001\...\StartupApproved\StartupFolder: => "Twitch.lnk"
HKU\S-1-5-21-2722123353-1508981069-969149372-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2722123353-1508981069-969149372-1001\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-2722123353-1508981069-969149372-1001\...\StartupApproved\Run: => "CyberGhost"
HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07262017024610075\...\StartupApproved\StartupFolder: => "CurseClientStartup.ccip"
HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07262017024610075\...\StartupApproved\StartupFolder: => "HMA! Pro VPN.lnk"
HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07262017024610075\...\StartupApproved\StartupFolder: => "Curse.lnk"
HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07262017024610075\...\StartupApproved\StartupFolder: => "Twitch.lnk"
HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07262017024610075\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07262017024610075\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07262017024610075\...\StartupApproved\Run: => "CyberGhost"
HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07272017024513331\...\StartupApproved\StartupFolder: => "CurseClientStartup.ccip"
HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07272017024513331\...\StartupApproved\StartupFolder: => "HMA! Pro VPN.lnk"
HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07272017024513331\...\StartupApproved\StartupFolder: => "Curse.lnk"
HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07272017024513331\...\StartupApproved\StartupFolder: => "Twitch.lnk"
HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07272017024513331\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07272017024513331\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07272017024513331\...\StartupApproved\Run: => "CyberGhost"
HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07282017024514611\...\StartupApproved\StartupFolder: => "CurseClientStartup.ccip"
HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07282017024514611\...\StartupApproved\StartupFolder: => "HMA! Pro VPN.lnk"
HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07282017024514611\...\StartupApproved\StartupFolder: => "Curse.lnk"
HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07282017024514611\...\StartupApproved\StartupFolder: => "Twitch.lnk"
HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07282017024514611\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07282017024514611\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07282017024514611\...\StartupApproved\Run: => "CyberGhost"
HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07292017024621281\...\StartupApproved\StartupFolder: => "CurseClientStartup.ccip"
HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07292017024621281\...\StartupApproved\StartupFolder: => "HMA! Pro VPN.lnk"
HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07292017024621281\...\StartupApproved\StartupFolder: => "Curse.lnk"
HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07292017024621281\...\StartupApproved\StartupFolder: => "Twitch.lnk"
HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07292017024621281\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07292017024621281\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07292017024621281\...\StartupApproved\Run: => "CyberGhost"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{53445955-D1A8-4B21-9C30-2C1706C5F715}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{9EAC6137-17E9-486A-A96D-91C2A9550610}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{63FD9088-28E8-4AA8-B525-61677E01AEC9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\farcry3.exe
FirewallRules: [{00D969E8-A609-4A03-8467-C7E255775B58}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\farcry3.exe
FirewallRules: [{7A024339-7584-4005-B6D8-5E08E7DD6746}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{23DB5E41-54B8-4037-BD58-712493E525D4}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{61B0D412-46F2-46F9-9120-4DCDB9349A5C}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{CBC49D9C-55F4-4041-BD82-CDFF940D6231}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{E0BF5F93-4EF4-4D2C-864B-3B6E19D27ADC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{AB306711-1AE1-4862-851E-DB9154B32785}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [UDP Query User{CCF64D84-F69C-4B4A-9CE7-543A931426F1}C:\program files (x86)\battle.net\battle.net.8385\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8385\battle.net.exe
FirewallRules: [TCP Query User{765EFEAF-482A-4B9A-8D74-143B91E86496}C:\program files (x86)\battle.net\battle.net.8385\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8385\battle.net.exe
FirewallRules: [{6658227E-D1AD-431D-A44F-99AC56BD80C0}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{0D9A4C63-E6EB-4910-8CCB-D552971F1C15}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{38DFADD3-E01B-4393-BD7E-1ED3D2BBF9EC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{3E13AE58-064F-4C29-802C-4ED81F5893B8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{2714A95F-5966-4AFF-B020-5D1DFAA43162}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{1D734F4D-5C93-4C1E-93AF-99DFEC366C31}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [UDP Query User{3AD1AD36-7A82-4F22-8817-831235E24947}C:\program files\ispy\ispy.exe] => (Allow) C:\program files\ispy\ispy.exe
FirewallRules: [TCP Query User{C215113B-CFAA-4F10-B9C8-B2B55257D42B}C:\program files\ispy\ispy.exe] => (Allow) C:\program files\ispy\ispy.exe
FirewallRules: [UDP Query User{15F0406C-C916-4CE4-989F-80B250AE555C}C:\program files (x86)\fotobounce family\fotobounce\engine\fbengine.exe] => (Block) C:\program files (x86)\fotobounce family\fotobounce\engine\fbengine.exe
FirewallRules: [TCP Query User{ABA93E59-F5F6-4F89-8074-9EF4E4907B9F}C:\program files (x86)\fotobounce family\fotobounce\engine\fbengine.exe] => (Block) C:\program files (x86)\fotobounce family\fotobounce\engine\fbengine.exe
FirewallRules: [{B5DF6877-21B9-47ED-8D5E-B841BE67F04B}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{8FC10CAA-3F51-4F42-A7B5-90A44E396726}] => (Allow) C:\Program Files (x86)\Nero\Nero 12\Nero BackItUp\BackItUp.exe
FirewallRules: [{37BE0DB5-217E-4DDE-936D-C6F8C30BC374}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{812508EF-BA51-4874-99F9-53C7EF12DE0D}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{24D8DDA6-1EB9-45A3-8E77-844D7FB92ED8}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{43388351-4E50-4916-A169-D7D0A24A0057}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{35980E90-48EF-412E-832A-2F2E3E2AAD66}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{B39EE852-DA0D-4096-B1F1-CD96FB34F6A8}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{9E87EB85-08A8-4A3C-8E91-C4638CED95BB}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{ED0D7B7D-F8E7-4F44-94E9-473F76230554}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{E22E4A37-F175-47EF-8C04-8276D8A9EBF5}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK21\Video\VideoPlayer.exe
FirewallRules: [{81ED9E2E-06E8-4373-A5EA-DEBCFAB7F6D9}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{6BB53C1D-C586-4D4C-BB4A-A9CD44A0135B}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{1FA0A3B8-BB25-44FF-9497-3EA2403024AE}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{FB265D96-D0A2-49AF-A2A0-51F184AD48D1}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{389D120F-A4CF-4250-BDC4-4175DD88B8E4}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{1D58B5A0-C3C4-43AC-911F-61DA0AC23154}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\ccd.exe
FirewallRules: [{CF094BE3-1500-43C0-8FAA-256C52A49AD3}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\Sdd.exe
FirewallRules: [{F571B92A-5FB6-40DA-A62A-99157E4A74C0}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\Sdd.exe
FirewallRules: [{24F11ACB-4782-4D18-BADC-83A87DA27626}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\virtualdrive.exe
FirewallRules: [{CC105AD6-917E-407B-A6C5-2A852D6B520A}] => (Allow) C:\Program Files (x86)\Acer\Acer Cloud\virtualdrive.exe
FirewallRules: [{2FA01DC0-3B14-408F-A64A-8A923F69377F}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{653B6A69-F5D3-459E-9A4A-3D6100632689}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{AB6ED49A-3A2E-409E-84E8-870C5E250B76}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E46BA47B-07FA-431C-A1A5-2987CC95C0C0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{531A8910-A035-4198-9967-CC1483F7B6A8}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{79E48CE2-8406-40AD-8C90-139E6DC5FB71}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{B8390638-DA3B-47D4-941B-84146C2ED20B}] => (Allow) C:\Users\Wao\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{015F7DE9-786A-4E57-8D0A-45ED108EA1D8}] => (Allow) C:\Users\Wao\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{DCBCCBBF-1132-4F0F-8B41-897E000F5130}C:\program files (x86)\microsoft games\age of empires ii\empires2.icd] => (Allow) C:\program files (x86)\microsoft games\age of empires ii\empires2.icd
FirewallRules: [UDP Query User{4BCACDC3-A463-4FB7-81AA-216913CFE2AA}C:\program files (x86)\microsoft games\age of empires ii\empires2.icd] => (Allow) C:\program files (x86)\microsoft games\age of empires ii\empires2.icd
FirewallRules: [TCP Query User{5A02AD4B-3EBC-49CE-A4F5-A09E4DF0234B}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{F52765AE-0F52-4D1F-8593-CBDFD0CA6186}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [{21896B25-673B-42F6-9BE9-0B3809FA8CDC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{365C1909-D78C-4469-B5B2-DB179993C166}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{1DD4DCDF-C078-4556-A0F2-9C23F609AE37}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{C9484673-95F1-4380-8E54-2D774FC6BAEA}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{11C6855A-33F5-4F28-AE20-6C9B1A0EE2E6}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{AA4C6CA2-B502-4121-A18A-CAE5E87EA5CB}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{78F56E06-738D-4444-A4F7-557BF012BB05}] => (Allow) C:\Users\Wao\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{7E54BEBC-FA5F-4BCA-977D-0EBACD9C477D}] => (Allow) C:\Users\Wao\Downloads\wizard\autorun.exe
FirewallRules: [{E6D82878-A0D0-48A2-A273-61624952E027}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B20E9225-B4AE-4FF5-8DF6-731793DC0D47}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{ADCB87F1-848B-41DD-9C05-858F2A53FB84}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F07DDA43-F5BE-40F4-8079-7767E9880488}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{37A83A0D-E215-48E1-9AA6-468E37F02E77}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\FaxApplications.exe
FirewallRules: [{D67EEA04-A496-4AE9-A957-2C2AABCA35E7}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\DigitalWizards.exe
FirewallRules: [{812E82E9-902C-4C9B-945B-52488B29B6DE}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\SendAFax.exe
FirewallRules: [{36563B43-FFE5-413B-82B8-E650B1681A51}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\DeviceSetup.exe
FirewallRules: [{764FC186-F3E1-4853-86B8-CFF493D9233B}] => (Allow) LPort=5357
FirewallRules: [{26355DF1-745D-475B-81B4-9EF0954B3CD7}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{D544CA0E-52EC-4EEB-8FFE-535D7AC9F1E4}] => (Allow) C:\Program Files (x86)\The Bit Studio\Synctunes Desktop\Synctunes.exe
FirewallRules: [{E37C7400-0290-41BD-B784-917A644BE837}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{FDCEDFAC-201C-4BE2-87DD-E890EC40DBE0}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [TCP Query User{E10FEF75-FECC-4489-B22F-1FE062E5E6C2}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{D7672EBD-4839-4A65-A074-810820436BB7}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe
FirewallRules: [{97A09209-C7AC-4234-BDEA-E59FC1E09E6F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\RIFT\riftpatchlive.exe
FirewallRules: [{D675F041-B28E-4E56-BD04-CC2542A95583}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\RIFT\riftpatchlive.exe
FirewallRules: [{70EFF9DF-A44D-4AEA-B0F5-D6D2E6F0264C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{23FA0AE9-C5B9-4A46-9E29-D452438EE4EA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{946F5633-25B3-4834-969A-0C22862A08D5}] => (Allow) C:\Program Files\iTunes\iTunes.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

11-07-2017 06:53:33 Scheduled Checkpoint
16-07-2017 22:25:34 Installed Cybereason RansomFree 2.3.0.0
23-07-2017 09:12:21 Checkpoint by HitmanPro
27-07-2017 17:55:05 Removed Cybereason RansomFree 2.3.0.0

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/29/2017 10:02:42 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest" on line 4.
The element asmv2:clrClassInvocation appears as a child of element urn:schemas-microsoft-com:asm.v1^entryPoint which is not supported by this version of Windows.

Error: (07/29/2017 10:02:42 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest" on line 4.
The element asmv2:clrClassInvocation appears as a child of element urn:schemas-microsoft-com:asm.v1^entryPoint which is not supported by this version of Windows.

Error: (07/29/2017 10:02:42 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest" on line 4.
The element asmv2:clrClassInvocation appears as a child of element urn:schemas-microsoft-com:asm.v1^entryPoint which is not supported by this version of Windows.

Error: (07/29/2017 05:25:10 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest" on line 4.
The element asmv2:clrClassInvocation appears as a child of element urn:schemas-microsoft-com:asm.v1^entryPoint which is not supported by this version of Windows.

Error: (07/29/2017 05:25:10 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest" on line 4.
The element asmv2:clrClassInvocation appears as a child of element urn:schemas-microsoft-com:asm.v1^entryPoint which is not supported by this version of Windows.

Error: (07/29/2017 05:25:10 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest" on line 4.
The element asmv2:clrClassInvocation appears as a child of element urn:schemas-microsoft-com:asm.v1^entryPoint which is not supported by this version of Windows.

Error: (07/28/2017 11:18:42 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (07/28/2017 12:03:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6110

Error: (07/28/2017 12:03:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6110

Error: (07/28/2017 12:03:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (07/29/2017 05:43:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Device Setup Manager service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (07/29/2017 05:43:07 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Device Setup Manager service to connect.

Error: (07/28/2017 01:38:53 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/27/2017 05:51:25 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/27/2017 03:27:55 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/27/2017 03:27:53 AM) (Source: DCOM) (EventID: 10010) (User: WAOMACHINE)
Description: The server Microsoft.Windows.ShellExperienceHost_10.0.15063.332_neutral_neutral_cw5n1h2txyewy!App did not register with DCOM within the required timeout.

Error: (07/27/2017 01:24:28 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/25/2017 01:49:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (07/25/2017 01:49:40 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the FontCache3.0.0.0 service to connect.

Error: (07/25/2017 01:48:03 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Avira.ServiceHost service to connect.


CodeIntegrity:
===================================
  Date: 2017-07-29 10:30:16.169
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-07-29 10:30:16.167
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-07-29 10:30:16.115
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-07-29 10:30:16.112
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-07-29 03:47:26.252
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-07-29 03:47:26.247
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-07-28 13:17:18.013
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-07-28 13:17:17.988
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-07-28 13:13:31.605
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-07-28 13:13:31.602
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i5-3337U CPU @ 1.80GHz
Percentage of memory in use: 79%
Total physical RAM: 3985.27 MB
Available physical RAM: 825.11 MB
Total Virtual: 9394.69 MB
Available Virtual: 4864.9 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:914.7 GB) (Free:549.29 GB) NTFS
Drive d: (Jun 06 2017) (CDROM) (Total:0.69 GB) (Free:0.68 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 5BFC1822)

Partition: GPT.

==================== End of Addition.txt ============================


 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:57 PM

Posted 29 July 2017 - 08:45 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(Malwarebytes Corp.) C:\Users\Wao\Desktop\mbar-1.09.3.1001.exe
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
SearchScopes: HKU\S-1-5-21-2722123353-1508981069-969149372-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
FF Plugin HKU\S-1-5-21-2722123353-1508981069-969149372-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [No File]
FF Plugin HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07262017024610075: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [No File]
FF Plugin HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07272017024513331: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [No File]
FF Plugin HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07282017024514611: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [No File]
FF Plugin HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07292017024621281: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Wao\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-27]
CHR Extension: (Chrome Media Router) - C:\Users\Wao\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-03]
S2 HWDeviceService64.exe; "C:\ProgramData\DatacardService\HWDeviceService64.exe" -/service [X]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {0FF8C635-45EA-4BF4-9818-81BFC3FCF124} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {1A0C7EFE-0C4D-499C-8B7A-27B330CFBBB7} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {35099D68-D5EA-4E15-9D81-AC915F3164B0} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {655E5E37-AD55-4EBC-89E8-A3C17EB529F1} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {78C15B47-A802-44EF-BC73-0C0EDB67ECEC} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {7A49E8D8-4711-46C2-9363-7F9F2EBE9545} - \WPD\SqmUpload_S-1-5-21-2722123353-1508981069-969149372-1001 -> No File <==== ATTENTION
Task: {7DDBE312-0F35-4C65-A7FC-A69FAC4805E3} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {86B22158-8C73-4356-AE89-AED703F8B993} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {934A974C-1C4E-4124-B0E2-B577B06D1981} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {A74460BC-374D-4516-8E64-0E144D394CF0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {B2247915-EAF5-4598-851D-B932C72B0FF8} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {C80F70D9-619F-4DA9-9FED-382D8CBDDF23} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {D14D0FE9-652E-4CC5-858E-5309EBC151C7} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {E1714E5E-3BC0-46B9-B8C1-CE369D73BE2B} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {E4B353FE-5DB1-4089-9812-0F3F040286F6} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

It still having problems with Malwarebytes download and run their removal tool.

https://www.bleepingcomputer.com/download/malwarebytes-anti-malware-cleanup-tool/

Restart the computer normally when done.

Re-install the application from the main site.
https://www.malwarebytes.com/

Let me know what problem persists.

#3 HeadDesk

HeadDesk
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:57 PM

Posted 29 July 2017 - 05:54 PM

Hi, thank you nasdaq.

On doing that I received an error message simply saying    This computer   . (Information appeared to perhaps have been cut off but there was no option to resize the popup to see any full message.) Then the machine restarted itself before I could do anything.

However on booting up again it did give me the log you asked for. Is this normal and ok?

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-07-2017
Ran by Wao (30-07-2017 08:32:00) Run:1
Running from C:\Users\Wao\Desktop
Loaded Profiles: Wao &  (Available Profiles: Wao & Browsing account & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

(Malwarebytes Corp.) C:\Users\Wao\Desktop\mbar-1.09.3.1001.exe
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
SearchScopes: HKU\S-1-5-21-2722123353-1508981069-969149372-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
FF Plugin HKU\S-1-5-21-2722123353-1508981069-969149372-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [No File]
FF Plugin HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07262017024610075: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [No File]
FF Plugin HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07272017024513331: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [No File]
FF Plugin HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07282017024514611: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [No File]
FF Plugin HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07292017024621281: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Wao\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-27]
CHR Extension: (Chrome Media Router) - C:\Users\Wao\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-03]
S2 HWDeviceService64.exe; "C:\ProgramData\DatacardService\HWDeviceService64.exe" -/service [X]
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {0FF8C635-45EA-4BF4-9818-81BFC3FCF124} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {1A0C7EFE-0C4D-499C-8B7A-27B330CFBBB7} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {35099D68-D5EA-4E15-9D81-AC915F3164B0} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {655E5E37-AD55-4EBC-89E8-A3C17EB529F1} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {78C15B47-A802-44EF-BC73-0C0EDB67ECEC} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {7A49E8D8-4711-46C2-9363-7F9F2EBE9545} - \WPD\SqmUpload_S-1-5-21-2722123353-1508981069-969149372-1001 -> No File <==== ATTENTION
Task: {7DDBE312-0F35-4C65-A7FC-A69FAC4805E3} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {86B22158-8C73-4356-AE89-AED703F8B993} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {934A974C-1C4E-4124-B0E2-B577B06D1981} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {A74460BC-374D-4516-8E64-0E144D394CF0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {B2247915-EAF5-4598-851D-B932C72B0FF8} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {C80F70D9-619F-4DA9-9FED-382D8CBDDF23} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {D14D0FE9-652E-4CC5-858E-5309EBC151C7} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {E1714E5E-3BC0-46B9-B8C1-CE369D73BE2B} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {E4B353FE-5DB1-4089-9812-0F3F040286F6} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION

End
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Users\Wao\Desktop\mbar-1.09.3.1001.exe => No running process found
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon => key removed successfully
HKU\S-1-5-21-2722123353-1508981069-969149372-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key removed successfully
HKLM\Software\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.
HKU\S-1-5-21-2722123353-1508981069-969149372-1001\Software\MozillaPlugins\ubisoft.com/uplaypc => key removed successfully
C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll => not found.
FF Plugin HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07262017024610075: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [No File] => Error: No automatic fix found for this entry.
FF Plugin HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07272017024513331: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [No File] => Error: No automatic fix found for this entry.
FF Plugin HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07282017024514611: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [No File] => Error: No automatic fix found for this entry.
FF Plugin HKU\S-1-5-21-2722123353-1508981069-969149372-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07292017024621281: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [No File] => Error: No automatic fix found for this entry.
CHR Extension: (Chrome Web Store Payments) - C:\Users\Wao\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-27] => Error: No automatic fix found for this entry.
CHR Extension: (Chrome Media Router) - C:\Users\Wao\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-03] => Error: No automatic fix found for this entry.
HKLM\System\CurrentControlSet\Services\HWDeviceService64.exe => key removed successfully
HWDeviceService64.exe => service removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => key removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => key removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0FF8C635-45EA-4BF4-9818-81BFC3FCF124} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0FF8C635-45EA-4BF4-9818-81BFC3FCF124} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1A0C7EFE-0C4D-499C-8B7A-27B330CFBBB7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A0C7EFE-0C4D-499C-8B7A-27B330CFBBB7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{35099D68-D5EA-4E15-9D81-AC915F3164B0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{35099D68-D5EA-4E15-9D81-AC915F3164B0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{655E5E37-AD55-4EBC-89E8-A3C17EB529F1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{655E5E37-AD55-4EBC-89E8-A3C17EB529F1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{78C15B47-A802-44EF-BC73-0C0EDB67ECEC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{78C15B47-A802-44EF-BC73-0C0EDB67ECEC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7A49E8D8-4711-46C2-9363-7F9F2EBE9545} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A49E8D8-4711-46C2-9363-7F9F2EBE9545} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-2722123353-1508981069-969149372-1001 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7DDBE312-0F35-4C65-A7FC-A69FAC4805E3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7DDBE312-0F35-4C65-A7FC-A69FAC4805E3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{86B22158-8C73-4356-AE89-AED703F8B993} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{86B22158-8C73-4356-AE89-AED703F8B993} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{934A974C-1C4E-4124-B0E2-B577B06D1981} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{934A974C-1C4E-4124-B0E2-B577B06D1981} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A74460BC-374D-4516-8E64-0E144D394CF0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A74460BC-374D-4516-8E64-0E144D394CF0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B2247915-EAF5-4598-851D-B932C72B0FF8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B2247915-EAF5-4598-851D-B932C72B0FF8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C80F70D9-619F-4DA9-9FED-382D8CBDDF23} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C80F70D9-619F-4DA9-9FED-382D8CBDDF23} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D14D0FE9-652E-4CC5-858E-5309EBC151C7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D14D0FE9-652E-4CC5-858E-5309EBC151C7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E1714E5E-3BC0-46B9-B8C1-CE369D73BE2B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1714E5E-3BC0-46B9-B8C1-CE369D73BE2B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E4B353FE-5DB1-4089-9812-0F3F040286F6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E4B353FE-5DB1-4089-9812-0F3F040286F6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 7364608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 151929608 B
Java, Flash, Steam htmlcache => 493044832 B
Windows/system/drivers => 46034010 B
Edge => 314925 B
Chrome => 2925568 B
Firefox => 426282499 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 124156968 B
LocalService => 28418 B
NetworkService => 177572 B
Wao => 520845267 B
Browsing account => 29363 B
Administrator => 12177 B

RecycleBin => 194234764 B
EmptyTemp: => 1.8 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 08:34:53 ====



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:57 PM

Posted 30 July 2017 - 07:23 AM



Hi,

This computer . (Information appeared to perhaps have been cut off but there was no option to resize the popup to see any full message.) Then the machine restarted itself before I could do anything.

Everything went well after the restart. Nothing to worry about.


Did you reinstall Malwarebytes?

Any remaining issues?

#5 HeadDesk

HeadDesk
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:57 PM

Posted 30 July 2017 - 06:05 PM

I reinstalled Malwarebytes, it went smoothly and finished. The only strange thing is it didn't add a desktop shortcut despite the option being checked. And no taskbar shortcut. The computer is still slow.

What should I do?


Edited by HeadDesk, 30 July 2017 - 06:48 PM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:57 PM

Posted 31 July 2017 - 07:09 AM




Repair these services.

Please Download Tweaking.com - Windows Repair from Here
  • Install and then run the program
  • Execute the instructions on Step 1 Important
  • Click Next on Step 2 Optional, do the Pre Scan skip Step 3 and 4 Optional for now.
  • On Step 5 Backup System Restore Do a Registry backup. When you have completed this click Next
  • Click Repairs - Open Repairs in the bottom right corner
  • Uncheck the All repair button then select just the item(s) listed below

  • 01 - Repair Registry Permissions
    03 - Reset Service permissions
    04 - Register System Files
    05 - Repair WMI
    10 - Remove Policies Set By Infections
    11 - Repair Start Menu Icons Removed by Infections
    12 - Repair Icons
    17 - Repair Windows Updates
    21 - Repair MSI (Windows Installer)
    26 - Restore Important Windows Services
    27 - Set Windows Service to Default Startup
  • Click the Start button and let the process run to completion. Copy any error messages into Notepad, Save it on your Desktop. ( Reboot if asked to do so)
  • Please copy and paste the Contents of this file on your next reply.
===

Restart the computer normally.
===

How is the computer running now?

p.s.
If the icons are not repaired or created try to create an Icon on your desktop.
Use any .exe file to do it.

#7 HeadDesk

HeadDesk
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:57 PM

Posted 01 August 2017 - 09:05 PM

Hi, I did it. With the power reset step I didn't know how to boot straight into safe mode so I started in normal mode then restarted in safe mode - does that make a difference?

A Malwarebytes icon is created but I don't have permission to use it (error message). The computer is still very slow.



Here's the prescan log

┌────────────────────────────────────────────────────────────────────────────────┐
│ Tweaking.com - Windows Repair 2018 (v4.0.1) - Pre-Scan
│ Computer: WAOMACHINE (Windows 10 Home 10.0.15063.483 ) (64-bit)
│ [Started Scan - 1/08/2017 4:01:57 PM]
└────────────────────────────────────────────────────────────────────────────────┘
┌────────────────────────────────────────────────────────────────────────────────┐
│ Scanning Windows Packages Files.
│ Started at (1/08/2017 4:01:57 PM)

│ These Files Are Possibly Corrupt (Bad Digital Signature): (Total: 1)
C:\WINDOWS\servicing\Packages\Microsoft-Windows-TestRoot-and-FlightSigning-Package~31bf3856ad364e35~amd64~~10.0.15063.0.mum

1 Combined Problems were found with the packages files, these files need to be replaced (These mainly only effect installing Windows Updates.)
│ The SFC (System File Checker) doesn't scan and replace some of these files, so you may need to replace them manually.

│ THESE FILES DO NOT KEEP THE REPAIRS FROM WORKING; YOU MAY STILL RUN THE REPAIRS IN THE PROGRAM.

│ Files Checked & Verified: 4,322

│ Done Scanning Windows Packages Files.(1/08/2017 4:14:38 PM)
└────────────────────────────────────────────────────────────────────────────────┘
┌────────────────────────────────────────────────────────────────────────────────┐
│ Scanning Reparse Points.
│ Started at (1/08/2017 4:14:38 PM)

Reparse Point: (Type: SYMLINK) (Name: AppvIsvStream64.dll) (Original Path: C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\AppvIsvStream64.dll) (Target Path: C:\Program Files\Common Files\Microsoft Shared\ClickToRun\Updates\16.0.6366.2056\AppvIsvStream64.dll) (Creation Time: 23/01/2016 3:50:09 AM)
Target Path doesn't exist!

Reparse Point: (Type: SYMLINK) (Name: AppvIsvSubsystems64.dll) (Original Path: C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\AppvIsvSubsystems64.dll) (Target Path: C:\Program Files\Common Files\Microsoft Shared\ClickToRun\Updates\16.0.6366.2056\AppvIsvSubsystems64.dll) (Creation Time: 23/01/2016 3:50:09 AM)
Target Path doesn't exist!

Reparse Point: (Type: SYMLINK) (Name: C2R64.dll) (Original Path: C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\C2R64.dll) (Target Path: C:\Program Files\Common Files\Microsoft Shared\ClickToRun\Updates\16.0.6366.2056\C2R64.dll) (Creation Time: 23/01/2016 3:50:09 AM)
Target Path doesn't exist!
 

 

 

And the repair log


Log:
Tweaking.com - Windows Repair 2018 (v4.0.1)
────────────────────────────────────────────────────────────────────────────────

System Variables
────────────────────────────────────────────────────────────────────────────────
OS: Windows 10 Home
OS Architecture: 64-bit
OS Version: 10.0.15063.483
OS Service Pack:
Computer Name: WAOMACHINE
Windows Drive: C:\
Windows Path: C:\WINDOWS
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile: C:\Users\Wao
Current Profile SID: S-1-5-21-2722123353-1508981069-969149372-1001
Current Profile Classes: S-1-5-21-2722123353-1508981069-969149372-1001_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\WINDOWS\ServiceProfiles
Local Settings AppData: C:\Users\Wao\AppData\Local
────────────────────────────────────────────────────────────────────────────────

System Information
────────────────────────────────────────────────────────────────────────────────
System Up Time: 0 Days 00:34:15

Process Count: 154
Commit Total: 2.81 GB
Commit Limit: 8.14 GB
Commit Peak: 3.19 GB
Handle Count: 53983
Kernel Total: 701.20 MB
Kernel Paged: 539.49 MB
Kernel Non Paged: 161.71 MB
System Cache: 1.46 GB
Thread Count: 1651
────────────────────────────────────────────────────────────────────────────────

Memory Before Cleaning with CleanMem
────────────────────────────────────────────────────────────────────────────────
Memory Total: 3.89 GB
Memory Used: 2.38 GB(61.2759%)
Memory Avail.: 1.51 GB
────────────────────────────────────────────────────────────────────────────────

Cleaning Memory Before Starting Repairs...

Memory After Cleaning with CleanMem
────────────────────────────────────────────────────────────────────────────────
Memory Total: 3.89 GB
Memory Used: 1.75 GB(45.0039%)
Memory Avail.: 2.14 GB
────────────────────────────────────────────────────────────────────────────────

Starting Repairs...
   Started at (1/08/2017 4:30:27 PM)

Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 124
 
01 - Reset Registry Permissions
   Restore Windows 7/8/10 Default Registry Permissions
   Start (1/08/2017 4:30:30 PM)


Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\hku.7z
Done,  0.44 seconds.


Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\hklm.7z
Done,  10.44 seconds.

   Running Repair Under System Account
   Done (1/08/2017 4:32:16 PM)

03 - Reset Service Permissions
   Start (1/08/2017 4:32:16 PM)

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/08/2017 4:32:36 PM)

04 - Register System Files
   Start (1/08/2017 4:32:36 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/08/2017 4:33:51 PM)

05 - Repair WMI
   Start (1/08/2017 4:33:51 PM)

   Starting Security Center So We Can Export The Security Info.

   Exporting Antivirus Info...
   Exporting 3rd Party Firewall Info...
   Running Repair Under Current User Account
   Done (1/08/2017 4:40:00 PM)

10 - Remove Policies Set By Infections
   Start (1/08/2017 4:40:00 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/08/2017 4:40:07 PM)

11 - Repair Start Menu Icons Removed By Infections
   Start (1/08/2017 4:40:07 PM)
   Running Repair Under System Account
   Done (1/08/2017 4:40:08 PM)

12 - Repair Icons
   Start (1/08/2017 4:40:08 PM)
   Running Repair Under Current User Account
   Done (1/08/2017 4:40:19 PM)

16 - Repair Windows Updates
   Start (1/08/2017 4:40:19 PM)

Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\services.7z
Done,  0.38 seconds.

   Running Repair Under Current User Account
   Running Repair Under System Account
   Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
   Done (1/08/2017 4:40:55 PM)

20 - Repair MSI (Windows Installer)
   Start (1/08/2017 4:40:55 PM)

Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\services.7z
Done,  0.21 seconds.

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/08/2017 4:41:08 PM)

25 - Restore Important Windows Services
   Start (1/08/2017 4:41:08 PM)

Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\services.7z
Done,  0.2 seconds.

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/08/2017 4:41:19 PM)

26 - Set Windows Services To Default Startup
   Start (1/08/2017 4:41:19 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (1/08/2017 4:41:31 PM)

Cleaning up empty logs...

All Selected Repairs Done.
   Done at (1/08/2017 4:41:31 PM)
   Total Repair Time: 00:11:06


...YOU MUST RESTART YOUR SYSTEM...



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:57 PM

Posted 02 August 2017 - 06:52 AM

Delete the current version of The Tweaking tool.

Scanning Windows Packages Files.
│ Started at (1/08/2017 4:01:57 PM)

│ These Files Are Possibly Corrupt (Bad Digital Signature): (Total: 1)
C:\WINDOWS\servicing\Packages\Microsoft-Windows-TestRoot-and-FlightSigning-Package~31bf3856ad364e35~amd64~~10.0.15063.0.mum

1 Combined Problems were found with the packages files, these files need to be replaced (These mainly only effect installing Windows Updates.)
│ The SFC (System File Checker) doesn't scan and replace some of these files, so you may need to replace them manually.

│ THESE FILES DO NOT KEEP THE REPAIRS FROM WORKING; YOU MAY STILL RUN THE REPAIRS IN THE PROGRAM.

│ Files Checked & Verified: 4,322

│ Done Scanning Windows Packages Files.(1/08/2017 4:14:38 PM)
└───────


Restart the computrer normally.

Reinstall the application and run the repair function as described below.



Tweaking.com - Windows Repair All-In-One (Portable)

- Download Windows Repair All-In-One (Portable Version) from here

- Extract tweaking.com_windows_repair_aio.zip to your Desktop.

- Disable all your antivirus and antimalware software - see how to do that from here

- Right click on QfBzvq1.png and select Run as Administrator (XP users just double click) to start Windows Repair All-In-One.
(Windows Vista/7/8 users: Accept UAC warning if it is enabled.)

- A window will appear. Click Step 2.
2f8o60N.png

- Click the Open Pre-Scan button, then click Start Scan. Wait for Windows Repair to finish scanning.

- Depending on which error Windows Repair found, click Repair, Repair Reparse Point. When the button changes to "Done!", click the close button to return to Windows Repair.

- Go to Step 3, then click Check in the See If Check Disk Is Needed.
Ymy7crZ.png

- If Windows Repair stated that errors are found, click Open Check Disk At Next Boot. Choose (/R) Fixes errors on the disk also locate bad sectors and recovers readable information, then click Add To Next Boot. Reboot the computer to let Windows check the disk. https://i.imgur.com/Ymy7crZ.png

- Go to Step 4, then click Do It.
zDtdN75.png

- Go to Step 5. Under System Restore click Create.
f7lEe1N.png

- Go to Repairs and click Open Repairs. Leave all checkmarks as they are, then click Start Repairs.
PGv2vtD.png

- By default Windows Repair All-In-One will create a "Logs" folder in its folder on the Desktop. Please post the contents of the log in your next reply

Let me kn ow what problem persists.

#9 HeadDesk

HeadDesk
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:57 PM

Posted 03 August 2017 - 12:00 AM

Hi, thanks for your patience. I ran into a few difficulties on step 4 so it took long.

 

I uninstalled Avira and turned off Windows Defender + firewall and ran the tool. The results of the prescan found issues:

 

 

 

┌────────────────────────────────────────────────────────────────────────────────┐
│ Tweaking.com - Windows Repair 2018 (v4.0.1) - Pre-Scan
│ Computer: WAOMACHINE (Windows 10 Home 10.0.15063.483 ) (64-bit)
│ [Started Scan - 3/08/2017 10:39:12 AM]
└────────────────────────────────────────────────────────────────────────────────┘
┌────────────────────────────────────────────────────────────────────────────────┐
│ Scanning Windows Packages Files.
│ Started at (3/08/2017 10:39:12 AM)

│ These Files Are Possibly Corrupt (Bad Digital Signature): (Total: 1)
C:\WINDOWS\servicing\Packages\Microsoft-Windows-TestRoot-and-FlightSigning-Package~31bf3856ad364e35~amd64~~10.0.15063.0.mum

1 Combined Problems were found with the packages files, these files need to be replaced (These mainly only effect installing Windows Updates.)
│ The SFC (System File Checker) doesn't scan and replace some of these files, so you may need to replace them manually.

│ THESE FILES DO NOT KEEP THE REPAIRS FROM WORKING; YOU MAY STILL RUN THE REPAIRS IN THE PROGRAM.

│ Files Checked & Verified: 4,322

│ Done Scanning Windows Packages Files.(3/08/2017 10:49:21 AM)
└────────────────────────────────────────────────────────────────────────────────┘
┌────────────────────────────────────────────────────────────────────────────────┐
│ Scanning Reparse Points.
│ Started at (3/08/2017 10:49:21 AM)

Reparse Point: (Type: SYMLINK) (Name: AppvIsvStream64.dll) (Original Path: C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\AppvIsvStream64.dll) (Target Path: C:\Program Files\Common Files\Microsoft Shared\ClickToRun\Updates\16.0.6366.2056\AppvIsvStream64.dll) (Creation Time: 23/01/2016 3:50:09 AM)
Target Path doesn't exist!

Reparse Point: (Type: SYMLINK) (Name: AppvIsvSubsystems64.dll) (Original Path: C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\AppvIsvSubsystems64.dll) (Target Path: C:\Program Files\Common Files\Microsoft Shared\ClickToRun\Updates\16.0.6366.2056\AppvIsvSubsystems64.dll) (Creation Time: 23/01/2016 3:50:09 AM)
Target Path doesn't exist!

Reparse Point: (Type: SYMLINK) (Name: C2R64.dll) (Original Path: C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\C2R64.dll) (Target Path: C:\Program Files\Common Files\Microsoft Shared\ClickToRun\Updates\16.0.6366.2056\C2R64.dll) (Creation Time: 23/01/2016 3:50:09 AM)
Target Path doesn't exist!

│ Missing Default Reparse Point: (Original Path: C:\Users\Administrator\AppData\Local\Microsoft\Windows\INetCache\Content.IE5) (Target Path: C:\Users\Administrator\AppData\Local\Microsoft\Windows\INetCache\IE)
│ A Default Reparse Point is missing and this can cause problems on the system.

│ Missing Default Reparse Point: (Original Path: C:\Users\Browsing account\AppData\Local\Microsoft\Windows\INetCache\Content.IE5) (Target Path: C:\Users\Browsing account\AppData\Local\Microsoft\Windows\INetCache\IE)
│ A Default Reparse Point is missing and this can cause problems on the system.

│ Missing Default Reparse Point: (Original Path: C:\Users\Guest\AppData\Local\Application Data) (Target Path: C:\Users\Guest\AppData\Local)
│ A Default Reparse Point is missing and this can cause problems on the system.

│ Missing Default Reparse Point: (Original Path: C:\Users\Guest\AppData\Local\History) (Target Path: C:\Users\Guest\AppData\Local\Microsoft\Windows\History)
│ A Default Reparse Point is missing and this can cause problems on the system.

│ Missing Default Reparse Point: (Original Path: C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files) (Target Path: C:\Users\Guest\AppData\Local\Microsoft\Windows\INetCache)
│ A Default Reparse Point is missing and this can cause problems on the system.

│ Missing Default Reparse Point: (Original Path: C:\Users\Guest\AppData\Local\Temporary Internet Files) (Target Path: C:\Users\Guest\AppData\Local\Microsoft\Windows\INetCache)
│ A Default Reparse Point is missing and this can cause problems on the system.

│ Missing Default Reparse Point: (Original Path: C:\Users\Guest\AppData\Local\Microsoft\Windows\INetCache\Content.IE5) (Target Path: C:\Users\Guest\AppData\Local\Microsoft\Windows\INetCache\IE)
│ A Default Reparse Point is missing and this can cause problems on the system.

│ Missing Default Reparse Point: (Original Path: C:\Users\Guest\Cookies) (Target Path: C:\Users\Guest\AppData\Local\Microsoft\Windows\INetCookies)
│ A Default Reparse Point is missing and this can cause problems on the system.

│ Missing Default Reparse Point: (Original Path: C:\Users\Guest\Application Data) (Target Path: C:\Users\Guest\AppData\Roaming)
│ A Default Reparse Point is missing and this can cause problems on the system.

│ Missing Default Reparse Point: (Original Path: C:\Users\Guest\Documents\My Music) (Target Path: C:\Users\Guest\Music)
│ A Default Reparse Point is missing and this can cause problems on the system.

│ Missing Default Reparse Point: (Original Path: C:\Users\Guest\Documents\My Pictures) (Target Path: C:\Users\Guest\Pictures)
│ A Default Reparse Point is missing and this can cause problems on the system.

│ Missing Default Reparse Point: (Original Path: C:\Users\Guest\Documents\My Videos) (Target Path: C:\Users\Guest\Videos)
│ A Default Reparse Point is missing and this can cause problems on the system.

│ Missing Default Reparse Point: (Original Path: C:\Users\Guest\Local Settings) (Target Path: C:\Users\Guest\AppData\Local)
│ A Default Reparse Point is missing and this can cause problems on the system.

│ Missing Default Reparse Point: (Original Path: C:\Users\Guest\My Documents) (Target Path: C:\Users\Guest\Documents)
│ A Default Reparse Point is missing and this can cause problems on the system.

│ Missing Default Reparse Point: (Original Path: C:\Users\Guest\NetHood) (Target Path: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Network Shortcuts)
│ A Default Reparse Point is missing and this can cause problems on the system.

│ Missing Default Reparse Point: (Original Path: C:\Users\Guest\PrintHood) (Target Path: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Printer Shortcuts)
│ A Default Reparse Point is missing and this can cause problems on the system.

│ Missing Default Reparse Point: (Original Path: C:\Users\Guest\Recent) (Target Path: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Recent)
│ A Default Reparse Point is missing and this can cause problems on the system.

│ Missing Default Reparse Point: (Original Path: C:\Users\Guest\SendTo) (Target Path: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\SendTo)
│ A Default Reparse Point is missing and this can cause problems on the system.

│ Missing Default Reparse Point: (Original Path: C:\Users\Guest\Start Menu) (Target Path: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu)
│ A Default Reparse Point is missing and this can cause problems on the system.

│ Missing Default Reparse Point: (Original Path: C:\Users\Guest\Templates) (Target Path: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Templates)
│ A Default Reparse Point is missing and this can cause problems on the system.

│ Missing Default Reparse Point: (Original Path: C:\Users\HomeGroupUser$\AppData\Local\Application Data) (Target Path: C:\Users\HomeGroupUser$\AppData\Local)
│ A Default Reparse Point is missing and this can cause problems on the system.

│ Missing Default Reparse Point: (Original Path: C:\Users\HomeGroupUser$\AppData\Local\History) (Target Path: C:\Users\HomeGroupUser$\AppData\Local\Microsoft\Windows\History)
│ A Default Reparse Point is missing and this can cause problems on the system.

│ Missing Default Reparse Point: (Original Path: C:\Users\HomeGroupUser$\AppData\Local\Microsoft\Windows\Temporary Internet Files) (Target Path: C:\Users\HomeGroupUser$\AppData\Local\Microsoft\Windows\INetCache)
│ A Default Reparse Point is missing and this can cause problems on the system.

│ Missing Default Reparse Point: (Original Path: C:\Users\HomeGroupUser$\AppData\Local\Temporary Internet Files) (Target Path: C:\Users\HomeGroupUser$\AppData\Local\Microsoft\Windows\INetCache)
│ A Default Reparse Point is missing and this can cause problems on the system.

│ Missing Default Reparse Point: (Original Path: C:\Users\HomeGroupUser$\AppData\Local\Microsoft\Windows\INetCache\Content.IE5) (Target Path: C:\Users\HomeGroupUser$\AppData\Local\Microsoft\Windows\INetCache\IE)
│ A Default Reparse Point is missing and this can cause problems on the system.

│ Missing Default Reparse Point: (Original Path: C:\Users\HomeGroupUser$\Cookies) (Target Path: C:\Users\HomeGroupUser$\AppData\Local\Microsoft\Windows\INetCookies)
│ A Default Reparse Point is missing and this can cause problems on the system.

│ Missing Default Reparse Point: (Original Path: C:\Users\HomeGroupUser$\Application Data) (Target Path: C:\Users\HomeGroupUser$\AppData\Roaming)
│ A Default Reparse Point is missing and this can cause problems on the system.

│ Missing Default Reparse Point: (Original Path: C:\Users\HomeGroupUser$\Documents\My Music) (Target Path: C:\Users\HomeGroupUser$\Music)
│ A Default Reparse Point is missing and this can cause problems on the system.

│ Missing Default Reparse Point: (Original Path: C:\Users\HomeGroupUser$\Documents\My Pictures) (Target Path: C:\Users\HomeGroupUser$\Pictures)
│ A Default Reparse Point is missing and this can cause problems on the system.

│ Missing Default Reparse Point: (Original Path: C:\Users\HomeGroupUser$\Documents\My Videos) (Target Path: C:\Users\HomeGroupUser$\Videos)
│ A Default Reparse Point is missing and this can cause problems on the system.

│ Missing Default Reparse Point: (Original Path: C:\Users\HomeGroupUser$\Local Settings) (Target Path: C:\Users\HomeGroupUser$\AppData\Local)
│ A Default Reparse Point is missing and this can cause problems on the system.

│ Missing Default Reparse Point: (Original Path: C:\Users\HomeGroupUser$\My Documents) (Target Path: C:\Users\HomeGroupUser$\Documents)
│ A Default Reparse Point is missing and this can cause problems on the system.

│ Missing Default Reparse Point: (Original Path: C:\Users\HomeGroupUser$\NetHood) (Target Path: C:\Users\HomeGroupUser$\AppData\Roaming\Microsoft\Windows\Network Shortcuts)
│ A Default Reparse Point is missing and this can cause problems on the system.

│ Missing Default Reparse Point: (Original Path: C:\Users\HomeGroupUser$\PrintHood) (Target Path: C:\Users\HomeGroupUser$\AppData\Roaming\Microsoft\Windows\Printer Shortcuts)
│ A Default Reparse Point is missing and this can cause problems on the system.

│ Missing Default Reparse Point: (Original Path: C:\Users\HomeGroupUser$\Recent) (Target Path: C:\Users\HomeGroupUser$\AppData\Roaming\Microsoft\Windows\Recent)
│ A Default Reparse Point is missing and this can cause problems on the system.

│ Missing Default Reparse Point: (Original Path: C:\Users\HomeGroupUser$\SendTo) (Target Path: C:\Users\HomeGroupUser$\AppData\Roaming\Microsoft\Windows\SendTo)
│ A Default Reparse Point is missing and this can cause problems on the system.

│ Missing Default Reparse Point: (Original Path: C:\Users\HomeGroupUser$\Start Menu) (Target Path: C:\Users\HomeGroupUser$\AppData\Roaming\Microsoft\Windows\Start Menu)
│ A Default Reparse Point is missing and this can cause problems on the system.

│ Missing Default Reparse Point: (Original Path: C:\Users\HomeGroupUser$\Templates) (Target Path: C:\Users\HomeGroupUser$\AppData\Roaming\Microsoft\Windows\Templates)
│ A Default Reparse Point is missing and this can cause problems on the system.

│ Problems were found with the Reparse Points.
│ You can use the Repair Reparse Points Tool at the bottom of this Window to try and fix these problems.

│ Files & Folders Searched: 340,704
│ Reparse Points Found: 146

│ Done Scanning Reparse Points.(3/08/2017 10:52:31 AM)
└────────────────────────────────────────────────────────────────────────────────┘
┌────────────────────────────────────────────────────────────────────────────────┐
│ Checking Environment Variables.
│ Started at (3/08/2017 10:52:31 AM)

│ This folder in the 'Path' variable doesn't exist:

│ Problems were found with the Environment Variables.
│ You can use the Repair Environment Variables Tool at the bottom of this Window to try and fix these problems.

│ Done Checking Environment Variables. (3/08/2017 10:52:31 AM)
└────────────────────────────────────────────────────────────────────────────────┘
┌────────────────────────────────────────────────────────────────────────────────┐
│ [Finished Scan - 3/08/2017 10:52:31 AM]

│ [x] Scan Complete - Problems Found!
│ [x]
│ [x] You can use the Repair Reparse Points or Repair Environment Variables tools at the bottom of this Window if needed.
│ [x]
│ [x] While problems have been found, you can still run the repairs in the program.
│ [x] But for the best results it is recommended to fix the problems reported in this scan if possible.
└────────────────────────────────────────────────────────────────────────────────┘

 

I used the Repair Parse Points option. (Saved the output of that if you need it.)

 

On doing the Check Disk I ran into problems. On rebooting it only got to 11% and despite waiting hours it was stuck. On hitting the power button to restart for another try the same happened. Tried to repeat the disk check but got an error message. It said "Beginning verification phase of system scan. Verification 35% complete. Windows Resource Protection could not perform the requested operation. Please restart your computer when system file checker is complete."

 

I was unable to use the start button and on trying to come post a Firefox error message recommended I restart. I did so, and the process then went through to 100%.

 

 

 

Here is the chkdsk log and the full log

 

 

Microsoft Windows [Version 10.0.15063]
© 2017 Microsoft Corporation. All rights reserved.

C:\Users\Wao\Desktop\Tweaking.com - Windows Repair>CD /D C:\

C:\>set path=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SystemRoot%\System32\WindowsPowerShell\v1.0

C:\>chkdsk C:
The type of the file system is NTFS.
The volume is in use by another process. Chkdsk
might report errors when no corruption is present.
Volume label is Acer.

WARNING!  /F parameter not specified.
Running CHKDSK in read-only mode.

Stage 1: Examining basic file system structure ...
Progress: 558592 of 558592 done; Stage: 100%; Total: 35%; ETA:   0:01:13 ..
                                                                                       
                                                                                       
  558592 file records processed.                                                        

File verification completed.
Progress: 14897 of 14897 done; Stage: 100%; Total: 26%; ETA:   0:01:53 ...
                                                                                       
                                                                                       
  14897 large file records processed.                                   

Progress: 0 of 0 done; Stage: 99%; Total: 26%; ETA:   0:01:53    
                                                                                       
                                                                                       
  0 bad file records processed.                                     


Stage 2: Examining file name linkage ...
Progress: 570907 of 670328 done; Stage: 85%; Total: 59%; ETA:   0:00:49 .  

Index entry clients[1].txt in index $I30 of file 13ABA is incorrect.
Index entry CLIENT~1.TXT in index $I30 of file 13ABA is incorrect.
Progress: 608221 of 670328 done; Stage: 90%; Total: 74%; ETA:   0:00:46 .  

Index entry CHKDSK.EXE-13847046.pf in index $I30 of file 52B28 is incorrect.
Index entry CHKDSK~1.PF in index $I30 of file 52B28 is incorrect.
Index entry CMD.EXE-2EB3E6E2.pf in index $I30 of file 52B28 is incorrect.
Index entry CMDEXE~2.PF in index $I30 of file 52B28 is incorrect.
Progress: 670328 of 670328 done; Stage: 100%; Total: 75%; ETA:   0:00:44    
                                                                                       
                                                                                       
  670328 index entries processed.                                                       

Index verification completed.

Errors found.  CHKDSK cannot continue in read-only mode.

C:\>


Full log:

Microsoft Windows [Version 10.0.15063]
© 2017 Microsoft Corporation. All rights reserved.

C:\Users\Wao\Desktop\Tweaking.com - Windows Repair>CD /D C:\

C:\>set path=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SystemRoot%\System32\WindowsPowerShell\v1.0

C:\>chkdsk C:
The type of the file system is NTFS.
The volume is in use by another process. Chkdsk
might report errors when no corruption is present.
Volume label is Acer.

WARNING!  /F parameter not specified.
Running CHKDSK in read-only mode.

Stage 1: Examining basic file system structure ...
Progress: 0 of 558592 done; Stage:  0%; Total:  0%; ETA:   0:26:52    
Progress: 1172 of 558592 done; Stage:  0%; Total:  0%; ETA:   0:26:52 .  
Progress: 5470 of 558592 done; Stage:  0%; Total:  0%; ETA:   0:26:47 ..
Progress: 11530 of 558592 done; Stage:  2%; Total:  0%; ETA:   0:02:43 ...
Progress: 15617 of 558592 done; Stage:  2%; Total:  0%; ETA:   0:02:50    
Progress: 27768 of 558592 done; Stage:  4%; Total:  1%; ETA:   0:02:05 .  
Progress: 33824 of 558592 done; Stage:  6%; Total:  2%; ETA:   0:02:06 ..
Progress: 47105 of 558592 done; Stage:  8%; Total:  2%; ETA:   0:01:47 ...
Progress: 59874 of 558592 done; Stage: 10%; Total:  3%; ETA:   0:01:37    
Progress: 61507 of 558592 done; Stage: 11%; Total:  3%; ETA:   0:01:44 .  
Progress: 61826 of 558592 done; Stage: 11%; Total:  3%; ETA:   0:01:55 ..
Progress: 61953 of 558592 done; Stage: 11%; Total:  3%; ETA:   0:02:06 ...
Progress: 62085 of 558592 done; Stage: 11%; Total:  3%; ETA:   0:02:17    
Progress: 62465 of 558592 done; Stage: 11%; Total:  3%; ETA:   0:02:28 .  
Progress: 67329 of 558592 done; Stage: 12%; Total:  4%; ETA:   0:02:30 ..
Progress: 75693 of 558592 done; Stage: 13%; Total:  4%; ETA:   0:02:22 ...
Progress: 80629 of 558592 done; Stage: 14%; Total:  5%; ETA:   0:02:21    
Progress: 82910 of 558592 done; Stage: 14%; Total:  5%; ETA:   0:02:27 .  
Progress: 97793 of 558592 done; Stage: 17%; Total:  6%; ETA:   0:02:11 ..
Progress: 108649 of 558592 done; Stage: 19%; Total:  6%; ETA:   0:02:04 ...
Progress: 117717 of 558592 done; Stage: 21%; Total:  7%; ETA:   0:01:59    
Progress: 136492 of 558592 done; Stage: 24%; Total:  8%; ETA:   0:01:48 .  
Progress: 153089 of 558592 done; Stage: 27%; Total:  9%; ETA:   0:01:39 ..
Progress: 160442 of 558592 done; Stage: 28%; Total: 10%; ETA:   0:01:37 ...
Progress: 170241 of 558592 done; Stage: 30%; Total: 10%; ETA:   0:01:35    
Progress: 192195 of 558592 done; Stage: 34%; Total: 12%; ETA:   0:01:27 .  
Progress: 210253 of 558592 done; Stage: 37%; Total: 13%; ETA:   0:01:23 ..
Progress: 227090 of 558592 done; Stage: 40%; Total: 14%; ETA:   0:01:18 ...
Progress: 237591 of 558592 done; Stage: 42%; Total: 15%; ETA:   0:01:16    
Progress: 241756 of 558592 done; Stage: 43%; Total: 15%; ETA:   0:01:18 .  
Progress: 242668 of 558592 done; Stage: 43%; Total: 15%; ETA:   0:01:19 ..
Progress: 242979 of 558592 done; Stage: 43%; Total: 15%; ETA:   0:01:21 ...
Progress: 243351 of 558592 done; Stage: 43%; Total: 15%; ETA:   0:01:24    
Progress: 243690 of 558592 done; Stage: 43%; Total: 15%; ETA:   0:01:26 .  
Progress: 244406 of 558592 done; Stage: 43%; Total: 15%; ETA:   0:01:28 ..
Progress: 245322 of 558592 done; Stage: 43%; Total: 15%; ETA:   0:01:31 ...
Progress: 245665 of 558592 done; Stage: 43%; Total: 15%; ETA:   0:01:32    
Progress: 245854 of 558592 done; Stage: 44%; Total: 15%; ETA:   0:01:36 .  
Progress: 246785 of 558592 done; Stage: 44%; Total: 15%; ETA:   0:01:37 ..
Progress: 247809 of 558592 done; Stage: 44%; Total: 16%; ETA:   0:01:39 ...
Progress: 249086 of 558592 done; Stage: 44%; Total: 16%; ETA:   0:01:40    
Progress: 249345 of 558592 done; Stage: 44%; Total: 16%; ETA:   0:01:44 .  
Progress: 250113 of 558592 done; Stage: 44%; Total: 16%; ETA:   0:01:45 ..
Progress: 254721 of 558592 done; Stage: 45%; Total: 16%; ETA:   0:01:47 ...
Progress: 256786 of 558592 done; Stage: 45%; Total: 16%; ETA:   0:01:47    
Progress: 260476 of 558592 done; Stage: 46%; Total: 17%; ETA:   0:01:48 .  
Progress: 273545 of 558592 done; Stage: 48%; Total: 18%; ETA:   0:01:43 ..
Progress: 273880 of 558592 done; Stage: 49%; Total: 18%; ETA:   0:01:44 ...
Progress: 276358 of 558592 done; Stage: 49%; Total: 18%; ETA:   0:01:45    
Progress: 277061 of 558592 done; Stage: 49%; Total: 18%; ETA:   0:01:46 .  
Progress: 278538 of 558592 done; Stage: 49%; Total: 18%; ETA:   0:01:47 ..
Progress: 282588 of 558592 done; Stage: 50%; Total: 18%; ETA:   0:01:48 ...
Progress: 285536 of 558592 done; Stage: 51%; Total: 19%; ETA:   0:01:48    
Progress: 286672 of 558592 done; Stage: 51%; Total: 19%; ETA:   0:01:50 .  
Progress: 290835 of 558592 done; Stage: 52%; Total: 19%; ETA:   0:01:50 ..
Progress: 298243 of 558592 done; Stage: 53%; Total: 19%; ETA:   0:01:50 ...
Progress: 299593 of 558592 done; Stage: 53%; Total: 20%; ETA:   0:01:50    
Progress: 300345 of 558592 done; Stage: 53%; Total: 20%; ETA:   0:01:52 .  
Progress: 301632 of 558592 done; Stage: 53%; Total: 20%; ETA:   0:01:52 ..
Progress: 304035 of 558592 done; Stage: 54%; Total: 20%; ETA:   0:01:53 ...
Progress: 307457 of 558592 done; Stage: 55%; Total: 20%; ETA:   0:01:53    
Progress: 320001 of 558592 done; Stage: 57%; Total: 21%; ETA:   0:01:51 .  
Progress: 330189 of 558592 done; Stage: 59%; Total: 22%; ETA:   0:01:48 ..
Progress: 338189 of 558592 done; Stage: 60%; Total: 22%; ETA:   0:01:47 ...
Progress: 342188 of 558592 done; Stage: 61%; Total: 22%; ETA:   0:01:47    
Progress: 348110 of 558592 done; Stage: 62%; Total: 23%; ETA:   0:01:47 .  
Progress: 353673 of 558592 done; Stage: 63%; Total: 23%; ETA:   0:01:47 ..
Progress: 354527 of 558592 done; Stage: 63%; Total: 23%; ETA:   0:01:47 ...
Progress: 359911 of 558592 done; Stage: 64%; Total: 24%; ETA:   0:01:47    
Progress: 367145 of 558592 done; Stage: 65%; Total: 24%; ETA:   0:01:45 .  
Progress: 374911 of 558592 done; Stage: 67%; Total: 24%; ETA:   0:01:45 ..
Progress: 400213 of 558592 done; Stage: 71%; Total: 26%; ETA:   0:01:37 ...
Progress: 406497 of 558592 done; Stage: 72%; Total: 26%; ETA:   0:01:37    
Progress: 413750 of 558592 done; Stage: 74%; Total: 27%; ETA:   0:01:35 .  
Progress: 417804 of 558592 done; Stage: 74%; Total: 27%; ETA:   0:01:35 ..
Progress: 421095 of 558592 done; Stage: 75%; Total: 28%; ETA:   0:01:35 ...
Progress: 438721 of 558592 done; Stage: 78%; Total: 28%; ETA:   0:01:34    
Progress: 456448 of 558592 done; Stage: 81%; Total: 29%; ETA:   0:01:29 .  
Progress: 460427 of 558592 done; Stage: 82%; Total: 30%; ETA:   0:01:29 ..
Progress: 494313 of 558592 done; Stage: 88%; Total: 31%; ETA:   0:01:24 ...
Progress: 502326 of 558592 done; Stage: 89%; Total: 32%; ETA:   0:01:23    
Progress: 525057 of 558592 done; Stage: 93%; Total: 33%; ETA:   0:01:19 .  
Progress: 558592 of 558592 done; Stage: 100%; Total: 35%; ETA:   0:01:13 ..
                                                                                       
                                                                                       
  558592 file records processed.                                                        

File verification completed.
Progress: 14897 of 14897 done; Stage: 100%; Total: 26%; ETA:   0:01:53 ...
                                                                                       
                                                                                       
  14897 large file records processed.                                   

Progress: 0 of 0 done; Stage: 99%; Total: 26%; ETA:   0:01:53    
                                                                                       
                                                                                       
  0 bad file records processed.                                     


Stage 2: Examining file name linkage ...
Progress: 8880 of 670328 done; Stage:  1%; Total: 26%; ETA:   0:01:51 .  
Progress: 54716 of 670328 done; Stage:  8%; Total: 28%; ETA:   0:01:42 ..
Progress: 94267 of 670328 done; Stage: 14%; Total: 30%; ETA:   0:01:35 ...
Progress: 146439 of 670328 done; Stage: 21%; Total: 32%; ETA:   0:01:26    
Progress: 203306 of 670328 done; Stage: 30%; Total: 35%; ETA:   0:01:18 .  
Progress: 256694 of 670328 done; Stage: 38%; Total: 37%; ETA:   0:01:11 ..
Progress: 334532 of 670328 done; Stage: 49%; Total: 41%; ETA:   0:01:02 ...
Progress: 334533 of 670328 done; Stage: 49%; Total: 41%; ETA:   0:01:02    
Progress: 395651 of 670328 done; Stage: 59%; Total: 44%; ETA:   0:00:55 .  
Progress: 480517 of 670328 done; Stage: 71%; Total: 48%; ETA:   0:00:49 ..
Progress: 480518 of 670328 done; Stage: 71%; Total: 48%; ETA:   0:00:49 ...
Progress: 558604 of 670328 done; Stage: 83%; Total: 53%; ETA:   0:00:43    
Progress: 558610 of 670328 done; Stage: 83%; Total: 54%; ETA:   0:00:41 .  
Progress: 558655 of 670328 done; Stage: 83%; Total: 54%; ETA:   0:00:38 ..
Progress: 558685 of 670328 done; Stage: 83%; Total: 54%; ETA:   0:00:38 ...
Progress: 558722 of 670328 done; Stage: 83%; Total: 54%; ETA:   0:00:38    
Progress: 558748 of 670328 done; Stage: 83%; Total: 55%; ETA:   0:00:38 .  
Progress: 558948 of 670328 done; Stage: 83%; Total: 55%; ETA:   0:00:38 ..
Progress: 559253 of 670328 done; Stage: 83%; Total: 55%; ETA:   0:00:38 ...
Progress: 559393 of 670328 done; Stage: 83%; Total: 55%; ETA:   0:00:38    
Progress: 559619 of 670328 done; Stage: 83%; Total: 55%; ETA:   0:00:38 .  
Progress: 559798 of 670328 done; Stage: 83%; Total: 56%; ETA:   0:00:38 ..
Progress: 559971 of 670328 done; Stage: 83%; Total: 56%; ETA:   0:00:38 ...
Progress: 560316 of 670328 done; Stage: 83%; Total: 56%; ETA:   0:00:38    
Progress: 560699 of 670328 done; Stage: 83%; Total: 56%; ETA:   0:00:40 .  
Progress: 560978 of 670328 done; Stage: 83%; Total: 56%; ETA:   0:00:40 ..
Progress: 561263 of 670328 done; Stage: 83%; Total: 56%; ETA:   0:00:40 ...
Progress: 561458 of 670328 done; Stage: 83%; Total: 56%; ETA:   0:00:40    
Progress: 561762 of 670328 done; Stage: 83%; Total: 56%; ETA:   0:00:40 .  
Progress: 561988 of 670328 done; Stage: 83%; Total: 56%; ETA:   0:00:41 ..
Progress: 562268 of 670328 done; Stage: 83%; Total: 56%; ETA:   0:00:41 ...
Progress: 562470 of 670328 done; Stage: 83%; Total: 56%; ETA:   0:00:41    
Progress: 562603 of 670328 done; Stage: 83%; Total: 56%; ETA:   0:00:41 .  
Progress: 562747 of 670328 done; Stage: 83%; Total: 56%; ETA:   0:00:41 ..
Progress: 562941 of 670328 done; Stage: 83%; Total: 56%; ETA:   0:00:41 ...
Progress: 563172 of 670328 done; Stage: 84%; Total: 56%; ETA:   0:00:43    
Progress: 563269 of 670328 done; Stage: 84%; Total: 57%; ETA:   0:00:43 .  
Progress: 563423 of 670328 done; Stage: 84%; Total: 57%; ETA:   0:00:43 ..
Progress: 563555 of 670328 done; Stage: 84%; Total: 57%; ETA:   0:00:43 ...
Progress: 563877 of 670328 done; Stage: 84%; Total: 57%; ETA:   0:00:43    
Progress: 564034 of 670328 done; Stage: 84%; Total: 57%; ETA:   0:00:43 .  
Progress: 564301 of 670328 done; Stage: 84%; Total: 57%; ETA:   0:00:44 ..
Progress: 564577 of 670328 done; Stage: 84%; Total: 57%; ETA:   0:00:44 ...
Progress: 565168 of 670328 done; Stage: 84%; Total: 57%; ETA:   0:00:44    
Progress: 565463 of 670328 done; Stage: 84%; Total: 57%; ETA:   0:00:44 .  
Progress: 565775 of 670328 done; Stage: 84%; Total: 57%; ETA:   0:00:44 ..
Progress: 566054 of 670328 done; Stage: 84%; Total: 57%; ETA:   0:00:44 ...
Progress: 566392 of 670328 done; Stage: 84%; Total: 57%; ETA:   0:00:44    
Progress: 566682 of 670328 done; Stage: 84%; Total: 57%; ETA:   0:00:46 .  
Progress: 566874 of 670328 done; Stage: 84%; Total: 57%; ETA:   0:00:46 ..
Progress: 567356 of 670328 done; Stage: 84%; Total: 57%; ETA:   0:00:46 ...
Progress: 567663 of 670328 done; Stage: 84%; Total: 57%; ETA:   0:00:46    
Progress: 567852 of 670328 done; Stage: 84%; Total: 58%; ETA:   0:00:46 .  
Progress: 568032 of 670328 done; Stage: 84%; Total: 58%; ETA:   0:00:46 ..
Progress: 568420 of 670328 done; Stage: 84%; Total: 58%; ETA:   0:00:46 ...
Progress: 568672 of 670328 done; Stage: 84%; Total: 58%; ETA:   0:00:46    
Progress: 568876 of 670328 done; Stage: 84%; Total: 58%; ETA:   0:00:48 .  
Progress: 569002 of 670328 done; Stage: 84%; Total: 58%; ETA:   0:00:48 ..
Progress: 569229 of 670328 done; Stage: 84%; Total: 58%; ETA:   0:00:48 ...
Progress: 569518 of 670328 done; Stage: 84%; Total: 58%; ETA:   0:00:48    
Progress: 569747 of 670328 done; Stage: 84%; Total: 58%; ETA:   0:00:48 .  
Progress: 569944 of 670328 done; Stage: 85%; Total: 58%; ETA:   0:00:48 ..
Progress: 570363 of 670328 done; Stage: 85%; Total: 58%; ETA:   0:00:48 ...
Progress: 570654 of 670328 done; Stage: 85%; Total: 59%; ETA:   0:00:48    
Progress: 570907 of 670328 done; Stage: 85%; Total: 59%; ETA:   0:00:49 .  
                                                                                       
Index entry clients[1].txt in index $I30 of file 13ABA is incorrect.
Index entry CLIENT~1.TXT in index $I30 of file 13ABA is incorrect.
Progress: 571065 of 670328 done; Stage: 85%; Total: 59%; ETA:   0:00:49 ..
Progress: 571228 of 670328 done; Stage: 85%; Total: 59%; ETA:   0:00:49 ...
Progress: 571451 of 670328 done; Stage: 85%; Total: 59%; ETA:   0:00:49    
Progress: 571549 of 670328 done; Stage: 85%; Total: 59%; ETA:   0:00:49 .  
Progress: 571640 of 670328 done; Stage: 85%; Total: 59%; ETA:   0:00:49 ..
Progress: 571856 of 670328 done; Stage: 85%; Total: 59%; ETA:   0:00:49 ...
Progress: 572183 of 670328 done; Stage: 85%; Total: 59%; ETA:   0:00:49    
Progress: 572411 of 670328 done; Stage: 85%; Total: 59%; ETA:   0:00:51 .  
Progress: 572668 of 670328 done; Stage: 85%; Total: 59%; ETA:   0:00:51 ..
Progress: 573146 of 670328 done; Stage: 85%; Total: 59%; ETA:   0:00:51 ...
Progress: 573544 of 670328 done; Stage: 85%; Total: 59%; ETA:   0:00:51    
Progress: 574171 of 670328 done; Stage: 85%; Total: 59%; ETA:   0:00:51 .  
Progress: 574537 of 670328 done; Stage: 85%; Total: 59%; ETA:   0:00:51 ..
Progress: 574652 of 670328 done; Stage: 85%; Total: 60%; ETA:   0:00:51 ...
Progress: 574738 of 670328 done; Stage: 85%; Total: 60%; ETA:   0:00:51    
Progress: 574836 of 670328 done; Stage: 85%; Total: 60%; ETA:   0:00:52 .  
Progress: 575086 of 670328 done; Stage: 85%; Total: 60%; ETA:   0:00:52 ..
Progress: 575695 of 670328 done; Stage: 85%; Total: 60%; ETA:   0:00:52 ...
Progress: 576004 of 670328 done; Stage: 85%; Total: 60%; ETA:   0:00:52    
Progress: 576208 of 670328 done; Stage: 85%; Total: 60%; ETA:   0:00:52 .  
Progress: 576416 of 670328 done; Stage: 85%; Total: 60%; ETA:   0:00:52 ..
Progress: 577064 of 670328 done; Stage: 86%; Total: 60%; ETA:   0:00:52 ...
Progress: 577449 of 670328 done; Stage: 86%; Total: 60%; ETA:   0:00:52    
Progress: 577625 of 670328 done; Stage: 86%; Total: 60%; ETA:   0:00:52 .  
Progress: 577882 of 670328 done; Stage: 86%; Total: 60%; ETA:   0:00:52 ..
Progress: 578354 of 670328 done; Stage: 86%; Total: 60%; ETA:   0:00:54 ...
Progress: 578792 of 670328 done; Stage: 86%; Total: 60%; ETA:   0:00:54    
Progress: 579116 of 670328 done; Stage: 86%; Total: 61%; ETA:   0:00:54 .  
Progress: 579662 of 670328 done; Stage: 86%; Total: 61%; ETA:   0:00:54 ..
Progress: 579926 of 670328 done; Stage: 86%; Total: 61%; ETA:   0:00:54 ...
Progress: 580186 of 670328 done; Stage: 86%; Total: 61%; ETA:   0:00:54    
Progress: 580321 of 670328 done; Stage: 86%; Total: 61%; ETA:   0:00:54 .  
Progress: 580416 of 670328 done; Stage: 86%; Total: 61%; ETA:   0:00:54 ..
Progress: 580516 of 670328 done; Stage: 86%; Total: 61%; ETA:   0:00:54 ...
Progress: 580739 of 670328 done; Stage: 86%; Total: 61%; ETA:   0:00:54    
Progress: 580922 of 670328 done; Stage: 86%; Total: 61%; ETA:   0:00:54 .  
Progress: 581035 of 670328 done; Stage: 86%; Total: 61%; ETA:   0:00:54 ..
Progress: 581268 of 670328 done; Stage: 86%; Total: 61%; ETA:   0:00:54 ...
Progress: 581685 of 670328 done; Stage: 86%; Total: 61%; ETA:   0:00:56    
Progress: 581838 of 670328 done; Stage: 86%; Total: 61%; ETA:   0:00:56 .  
Progress: 582068 of 670328 done; Stage: 86%; Total: 62%; ETA:   0:00:56 ..
Progress: 582347 of 670328 done; Stage: 86%; Total: 62%; ETA:   0:00:56 ...
Progress: 582558 of 670328 done; Stage: 86%; Total: 62%; ETA:   0:00:56    
Progress: 582722 of 670328 done; Stage: 86%; Total: 62%; ETA:   0:00:56 .  
Progress: 582897 of 670328 done; Stage: 86%; Total: 62%; ETA:   0:00:56 ..
Progress: 583078 of 670328 done; Stage: 86%; Total: 62%; ETA:   0:00:56 ...
Progress: 583209 of 670328 done; Stage: 87%; Total: 62%; ETA:   0:00:56    
Progress: 583485 of 670328 done; Stage: 87%; Total: 62%; ETA:   0:00:56 .  
Progress: 583808 of 670328 done; Stage: 87%; Total: 62%; ETA:   0:00:56 ..
Progress: 584276 of 670328 done; Stage: 87%; Total: 62%; ETA:   0:00:56 ...
Progress: 584617 of 670328 done; Stage: 87%; Total: 62%; ETA:   0:00:56    
Progress: 584906 of 670328 done; Stage: 87%; Total: 62%; ETA:   0:00:56 .  
Progress: 585117 of 670328 done; Stage: 87%; Total: 63%; ETA:   0:00:57 ..
Progress: 585324 of 670328 done; Stage: 87%; Total: 63%; ETA:   0:00:57 ...
Progress: 585467 of 670328 done; Stage: 87%; Total: 63%; ETA:   0:00:57    
Progress: 585733 of 670328 done; Stage: 87%; Total: 63%; ETA:   0:00:57 .  
Progress: 585967 of 670328 done; Stage: 87%; Total: 63%; ETA:   0:00:57 ..
Progress: 586058 of 670328 done; Stage: 87%; Total: 63%; ETA:   0:00:57 ...
Progress: 586206 of 670328 done; Stage: 87%; Total: 63%; ETA:   0:00:57    
Progress: 586375 of 670328 done; Stage: 87%; Total: 63%; ETA:   0:00:57 .  
Progress: 586581 of 670328 done; Stage: 87%; Total: 63%; ETA:   0:00:57 ..
Progress: 586965 of 670328 done; Stage: 87%; Total: 63%; ETA:   0:00:57 ...
Progress: 587131 of 670328 done; Stage: 87%; Total: 63%; ETA:   0:00:57    
Progress: 587441 of 670328 done; Stage: 87%; Total: 63%; ETA:   0:00:59 .  
Progress: 587710 of 670328 done; Stage: 87%; Total: 63%; ETA:   0:00:59 ..
Progress: 588207 of 670328 done; Stage: 87%; Total: 63%; ETA:   0:00:59 ...
Progress: 588398 of 670328 done; Stage: 87%; Total: 64%; ETA:   0:00:59    
Progress: 588597 of 670328 done; Stage: 87%; Total: 64%; ETA:   0:00:59 .  
Progress: 588744 of 670328 done; Stage: 87%; Total: 64%; ETA:   0:00:59 ..
Progress: 588855 of 670328 done; Stage: 87%; Total: 64%; ETA:   0:00:59 ...
Progress: 588998 of 670328 done; Stage: 87%; Total: 64%; ETA:   0:00:59    
Progress: 589079 of 670328 done; Stage: 87%; Total: 64%; ETA:   0:00:59 .  
Progress: 589181 of 670328 done; Stage: 87%; Total: 64%; ETA:   0:00:59 ..
Progress: 589320 of 670328 done; Stage: 87%; Total: 64%; ETA:   0:00:59 ...
Progress: 590175 of 670328 done; Stage: 88%; Total: 64%; ETA:   0:00:59    
Progress: 590310 of 670328 done; Stage: 88%; Total: 65%; ETA:   0:00:57 .  
Progress: 590843 of 670328 done; Stage: 88%; Total: 65%; ETA:   0:00:57 ..
Progress: 591207 of 670328 done; Stage: 88%; Total: 65%; ETA:   0:00:57 ...
Progress: 591417 of 670328 done; Stage: 88%; Total: 66%; ETA:   0:00:57    
Progress: 591585 of 670328 done; Stage: 88%; Total: 66%; ETA:   0:00:57 .  
Progress: 591848 of 670328 done; Stage: 88%; Total: 66%; ETA:   0:00:57 ..
Progress: 592139 of 670328 done; Stage: 88%; Total: 67%; ETA:   0:00:57 ...
Progress: 592446 of 670328 done; Stage: 88%; Total: 68%; ETA:   0:00:54    
Progress: 592866 of 670328 done; Stage: 88%; Total: 68%; ETA:   0:00:54 .  
Progress: 593252 of 670328 done; Stage: 88%; Total: 68%; ETA:   0:00:54 ..
Progress: 593681 of 670328 done; Stage: 88%; Total: 68%; ETA:   0:00:54 ...
Progress: 594266 of 670328 done; Stage: 88%; Total: 68%; ETA:   0:00:54    
Progress: 594763 of 670328 done; Stage: 88%; Total: 68%; ETA:   0:00:54 .  
Progress: 595171 of 670328 done; Stage: 88%; Total: 68%; ETA:   0:00:54 ..
Progress: 595873 of 670328 done; Stage: 88%; Total: 68%; ETA:   0:00:54 ...
Progress: 596463 of 670328 done; Stage: 88%; Total: 68%; ETA:   0:00:54    
Progress: 597023 of 670328 done; Stage: 89%; Total: 68%; ETA:   0:00:54 .  
Progress: 597659 of 670328 done; Stage: 89%; Total: 68%; ETA:   0:00:54 ..
Progress: 598107 of 670328 done; Stage: 89%; Total: 69%; ETA:   0:00:54 ...
Progress: 598663 of 670328 done; Stage: 89%; Total: 69%; ETA:   0:00:54    
Progress: 599238 of 670328 done; Stage: 89%; Total: 69%; ETA:   0:00:54 .  
Progress: 599873 of 670328 done; Stage: 89%; Total: 69%; ETA:   0:00:54 ..
Progress: 600407 of 670328 done; Stage: 89%; Total: 69%; ETA:   0:00:54 ...
Progress: 600722 of 670328 done; Stage: 89%; Total: 69%; ETA:   0:00:54    
Progress: 601177 of 670328 done; Stage: 89%; Total: 70%; ETA:   0:00:54 .  
Progress: 601181 of 670328 done; Stage: 89%; Total: 72%; ETA:   0:00:53 ..
Progress: 601562 of 670328 done; Stage: 89%; Total: 72%; ETA:   0:00:46 ...
Progress: 602217 of 670328 done; Stage: 89%; Total: 72%; ETA:   0:00:46    
Progress: 602978 of 670328 done; Stage: 89%; Total: 72%; ETA:   0:00:46 .  
Progress: 603503 of 670328 done; Stage: 90%; Total: 72%; ETA:   0:00:46 ..
Progress: 604217 of 670328 done; Stage: 90%; Total: 73%; ETA:   0:00:46 ...
Progress: 605228 of 670328 done; Stage: 90%; Total: 73%; ETA:   0:00:46    
Progress: 605692 of 670328 done; Stage: 90%; Total: 73%; ETA:   0:00:46 .  
Progress: 606158 of 670328 done; Stage: 90%; Total: 73%; ETA:   0:00:46 ..
Progress: 606525 of 670328 done; Stage: 90%; Total: 73%; ETA:   0:00:46 ...
Progress: 606724 of 670328 done; Stage: 90%; Total: 73%; ETA:   0:00:46    
Progress: 607061 of 670328 done; Stage: 90%; Total: 73%; ETA:   0:00:46 .  
Progress: 607453 of 670328 done; Stage: 90%; Total: 73%; ETA:   0:00:46 ..
Progress: 607570 of 670328 done; Stage: 90%; Total: 74%; ETA:   0:00:46 ...
Progress: 607858 of 670328 done; Stage: 90%; Total: 74%; ETA:   0:00:46    
Progress: 608221 of 670328 done; Stage: 90%; Total: 74%; ETA:   0:00:46 .  
                                                                                       
Index entry CHKDSK.EXE-13847046.pf in index $I30 of file 52B28 is incorrect.
Index entry CHKDSK~1.PF in index $I30 of file 52B28 is incorrect.
Index entry CMD.EXE-2EB3E6E2.pf in index $I30 of file 52B28 is incorrect.
Index entry CMDEXE~2.PF in index $I30 of file 52B28 is incorrect.
Progress: 608527 of 670328 done; Stage: 90%; Total: 74%; ETA:   0:00:46 ..
Progress: 608733 of 670328 done; Stage: 90%; Total: 74%; ETA:   0:00:46 ...
Progress: 608947 of 670328 done; Stage: 90%; Total: 74%; ETA:   0:00:46    
Progress: 609141 of 670328 done; Stage: 90%; Total: 74%; ETA:   0:00:46 .  
Progress: 609420 of 670328 done; Stage: 90%; Total: 74%; ETA:   0:00:46 ..
Progress: 609574 of 670328 done; Stage: 90%; Total: 74%; ETA:   0:00:46 ...
Progress: 610145 of 670328 done; Stage: 91%; Total: 74%; ETA:   0:00:46    
Progress: 610879 of 670328 done; Stage: 91%; Total: 74%; ETA:   0:00:44 .  
Progress: 610974 of 670328 done; Stage: 91%; Total: 74%; ETA:   0:00:44 ..
Progress: 611213 of 670328 done; Stage: 91%; Total: 74%; ETA:   0:00:44 ...
Progress: 611665 of 670328 done; Stage: 91%; Total: 75%; ETA:   0:00:44    
Progress: 612093 of 670328 done; Stage: 91%; Total: 75%; ETA:   0:00:44 .  
Progress: 612391 of 670328 done; Stage: 91%; Total: 75%; ETA:   0:00:44 ..
Progress: 612715 of 670328 done; Stage: 91%; Total: 75%; ETA:   0:00:44 ...
Progress: 613081 of 670328 done; Stage: 91%; Total: 75%; ETA:   0:00:44    
Progress: 613935 of 670328 done; Stage: 91%; Total: 75%; ETA:   0:00:44 .  
Progress: 614150 of 670328 done; Stage: 91%; Total: 75%; ETA:   0:00:44 ..
Progress: 614423 of 670328 done; Stage: 91%; Total: 75%; ETA:   0:00:44 ...
Progress: 670328 of 670328 done; Stage: 100%; Total: 75%; ETA:   0:00:44    
                                                                                       
                                                                                       
  670328 index entries processed.                                                       

Index verification completed.

Errors found.  CHKDSK cannot continue in read-only mode.

C:\>

 

 

 

The issue seems to have resolved now so I will do the next step.

 

 

 

Edit: I've done the repairs now. Here is the log

 


Tweaking.com - Windows Repair 2018 (v4.0.1)
--------------------------------------------------------------------------------

System Variables
--------------------------------------------------------------------------------
OS: Windows 10 Home
OS Architecture: 64-bit
OS Version: 10.0.15063.483
OS Service Pack:
Computer Name: WAOMACHINE
Windows Drive: C:\
Windows Path: C:\WINDOWS
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile: C:\Users\Wao
Current Profile SID: S-1-5-21-2722123353-1508981069-969149372-1001
Current Profile Classes: S-1-5-21-2722123353-1508981069-969149372-1001_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\WINDOWS\ServiceProfiles
Local Settings AppData: C:\Users\Wao\AppData\Local
--------------------------------------------------------------------------------

System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 00:41:12

Process Count: 156
Commit Total: 2.71 GB
Commit Limit: 8.14 GB
Commit Peak: 2.94 GB
Handle Count: 55842
Kernel Total: 420.84 MB
Kernel Paged: 284.74 MB
Kernel Non Paged: 136.09 MB
System Cache: 1.55 GB
Thread Count: 1531
--------------------------------------------------------------------------------

Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 3.89 GB
Memory Used: 2.19 GB(56.2612%)
Memory Avail.: 1.70 GB
--------------------------------------------------------------------------------

Cleaning Memory Before Starting Repairs...

Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 3.89 GB
Memory Used: 1.69 GB(43.4084%)
Memory Avail.: 2.20 GB
--------------------------------------------------------------------------------

Starting Repairs...
   Started at (3/08/2017 3:20:46 PM)

Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 0
 
01 - Reset Registry Permissions
   Restore Windows 7/8/10 Default Registry Permissions
   Start (3/08/2017 3:20:48 PM)


Decompressing & Updating Windows Permission File C:\Users\Wao\Desktop\Tweaking.com - Windows Repair\files\permissions\10\hku.7z
Done,  0.4 seconds.


Decompressing & Updating Windows Permission File C:\Users\Wao\Desktop\Tweaking.com - Windows Repair\files\permissions\10\hklm.7z
Done,  10.13 seconds.

   Running Repair Under System Account
   Done (3/08/2017 3:22:00 PM)

02 - Reset File Permissions
   Restore Windows 7/8/10 Default File Permissions
   Start (3/08/2017 3:22:00 PM)


Decompressing & Updating Windows Permission File C:\Users\Wao\Desktop\Tweaking.com - Windows Repair\files\permissions\10\default.7z
Done,  0.16 seconds.


Decompressing & Updating Windows Permission File C:\Users\Wao\Desktop\Tweaking.com - Windows Repair\files\permissions\10\profile.7z
Done,  0.26 seconds.


Decompressing & Updating Windows Permission File C:\Users\Wao\Desktop\Tweaking.com - Windows Repair\files\permissions\10\program_files.7z
Done,  0.56 seconds.


Decompressing & Updating Windows Permission File C:\Users\Wao\Desktop\Tweaking.com - Windows Repair\files\permissions\10\program_files_x86.7z
Done,  0.17 seconds.


Decompressing & Updating Windows Permission File C:\Users\Wao\Desktop\Tweaking.com - Windows Repair\files\permissions\10\programdata.7z
Done,  0.21 seconds.


Decompressing & Updating Windows Permission File C:\Users\Wao\Desktop\Tweaking.com - Windows Repair\files\permissions\10\windows.7z
Done,  2.23 seconds.

   Running Repair Under System Account
   Done (3/08/2017 3:51:45 PM)

03 - Reset Service Permissions
   Start (3/08/2017 3:51:45 PM)

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/08/2017 3:52:07 PM)

04 - Register System Files
   Start (3/08/2017 3:52:07 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/08/2017 3:53:08 PM)

05 - Repair WMI
   Start (3/08/2017 3:53:08 PM)

   Starting Security Center So We Can Export The Security Info.

   Exporting Antivirus Info...
   Exporting 3rd Party Firewall Info...
   Running Repair Under Current User Account
   Done (3/08/2017 3:59:28 PM)

06 - Repair Windows Firewall
   Start (3/08/2017 3:59:28 PM)

Decompressing & Updating Windows Permission File C:\Users\Wao\Desktop\Tweaking.com - Windows Repair\files\permissions\10\services.7z
Done,  0.21 seconds.

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/08/2017 4:00:09 PM)

07 - Repair Internet Explorer
   Start (3/08/2017 4:00:09 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/08/2017 4:00:34 PM)

08 - Repair MDAC/MS Jet
   Start (3/08/2017 4:00:34 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/08/2017 4:00:45 PM)

09 - Repair Hosts File
   Start (3/08/2017 4:00:45 PM)
   Running Repair Under System Account
   Done (3/08/2017 4:00:46 PM)

10 - Remove Policies Set By Infections
   Start (3/08/2017 4:00:46 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/08/2017 4:00:50 PM)

11 - Repair Start Menu Icons Removed By Infections
   Start (3/08/2017 4:00:50 PM)
   Running Repair Under System Account
   Done (3/08/2017 4:00:51 PM)

12 - Repair Icons
   Start (3/08/2017 4:00:51 PM)
   Running Repair Under Current User Account
   Done (3/08/2017 4:01:03 PM)

13 - Repair Network
   Start (3/08/2017 4:01:03 PM)

Decompressing & Updating Windows Permission File C:\Users\Wao\Desktop\Tweaking.com - Windows Repair\files\permissions\10\services.7z
Done,  0.18 seconds.

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/08/2017 4:01:24 PM)

14 - Remove Temp Files
   Start (3/08/2017 4:01:24 PM)
   Running Repair Under System Account
   Done (3/08/2017 4:01:25 PM)

15 - Repair Proxy Settings
   Start (3/08/2017 4:01:25 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/08/2017 4:01:27 PM)

16 - Repair Windows Updates
   Start (3/08/2017 4:01:27 PM)

Decompressing & Updating Windows Permission File C:\Users\Wao\Desktop\Tweaking.com - Windows Repair\files\permissions\10\services.7z
Done,  0.17 seconds.

   Running Repair Under Current User Account
   Running Repair Under System Account
   Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
   Done (3/08/2017 4:01:57 PM)

17 - Repair CD/DVD Missing/Not Working
   Start (3/08/2017 4:01:57 PM)
   iTunes and GEARAspiWDM.sys was found, adding UpperFilters for iTunes Reg Key
   UpperFilters added?: True
   Done (3/08/2017 4:01:57 PM)

18 - Repair Volume Shadow Copy Service
   Start (3/08/2017 4:01:57 PM)

Decompressing & Updating Windows Permission File C:\Users\Wao\Desktop\Tweaking.com - Windows Repair\files\permissions\10\services.7z
Done,  0.19 seconds.

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/08/2017 4:05:35 PM)

19 - Repair Windows Sidebar/Gadgets
   Start (3/08/2017 4:05:35 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/08/2017 4:05:38 PM)

20 - Repair MSI (Windows Installer)
   Start (3/08/2017 4:05:38 PM)

Decompressing & Updating Windows Permission File C:\Users\Wao\Desktop\Tweaking.com - Windows Repair\files\permissions\10\services.7z
Done,  0.21 seconds.

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/08/2017 4:05:50 PM)

21 - Repair Windows Snipping Tool
   Start (3/08/2017 4:05:51 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/08/2017 4:05:53 PM)

22.01 - Repair bat Association
   Start (3/08/2017 4:05:53 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/08/2017 4:05:55 PM)

22.02 - Repair cmd Association
   Start (3/08/2017 4:05:55 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/08/2017 4:05:57 PM)

22.03 - Repair com Association
   Start (3/08/2017 4:05:57 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/08/2017 4:06:00 PM)

22.04 - Repair Directory Association
   Start (3/08/2017 4:06:00 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/08/2017 4:06:02 PM)

22.05 - Repair Drive Association
   Start (3/08/2017 4:06:02 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/08/2017 4:06:04 PM)

22.06 - Repair exe Association
   Start (3/08/2017 4:06:04 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/08/2017 4:06:07 PM)

22.07 - Repair Folder Association
   Start (3/08/2017 4:06:07 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/08/2017 4:06:09 PM)

22.08 - Repair inf Association
   Start (3/08/2017 4:06:09 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/08/2017 4:06:11 PM)

22.09 - Repair lnk (Shortcuts) Association
   Start (3/08/2017 4:06:11 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/08/2017 4:06:13 PM)

22.10 - Repair msc Association
   Start (3/08/2017 4:06:13 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/08/2017 4:06:16 PM)

22.11 - Repair reg Association
   Start (3/08/2017 4:06:16 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/08/2017 4:06:18 PM)

22.12 - Repair scr Association
   Start (3/08/2017 4:06:18 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/08/2017 4:06:20 PM)

23 - Repair Windows Safe Mode
   Start (3/08/2017 4:06:20 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/08/2017 4:06:23 PM)

24 - Repair Print Spooler
   Start (3/08/2017 4:06:23 PM)

Decompressing & Updating Windows Permission File C:\Users\Wao\Desktop\Tweaking.com - Windows Repair\files\permissions\10\services.7z
Done,  0.19 seconds.

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/08/2017 4:06:38 PM)

25 - Restore Important Windows Services
   Start (3/08/2017 4:06:38 PM)

Decompressing & Updating Windows Permission File C:\Users\Wao\Desktop\Tweaking.com - Windows Repair\files\permissions\10\services.7z
Done,  0.22 seconds.

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/08/2017 4:06:50 PM)

26 - Set Windows Services To Default Startup
   Start (3/08/2017 4:06:50 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/08/2017 4:07:01 PM)

27.01 - Repair Windows 8/10 App Store
   Start (3/08/2017 4:07:01 PM)

Decompressing & Updating Windows Permission File C:\Users\Wao\Desktop\Tweaking.com - Windows Repair\files\permissions\10\hku.7z
Done,  0.38 seconds.

   Running Repair Under Current User Account
   Done (3/08/2017 4:18:39 PM)

28 - Repair Windows 8/10 Component Store
   Start (3/08/2017 4:18:39 PM)
   Running Repair Under Current User Account
   Done (3/08/2017 4:38:17 PM)

29 - Restore Windows 8/10 COM+ Unmarshalers
   Start (3/08/2017 4:38:17 PM)
   Running Repair Under System Account
[X] -----Job Complete-----         Items Done: 1      
   Done (3/08/2017 4:38:20 PM)

30 - Repair Windows 'New' Submenu
   Start (3/08/2017 4:38:20 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/08/2017 4:38:22 PM)

31 - Restore UAC (User Account Control) Settings
   Start (3/08/2017 4:38:22 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (3/08/2017 4:38:25 PM)

32 - Repair Performance Counters
   Start (3/08/2017 4:38:25 PM)
   Running Repair Under Current User Account
   Done (3/08/2017 4:38:28 PM)

Cleaning up empty logs...

All Selected Repairs Done.
   Done at (3/08/2017 4:38:28 PM)
   Total Repair Time: 01:17:44


...YOU MUST RESTART YOUR SYSTEM...
 


Edited by HeadDesk, 03 August 2017 - 01:53 AM.


#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:57 PM

Posted 03 August 2017 - 08:11 AM

Hi,

What issues is persisting on this computer?

#11 HeadDesk

HeadDesk
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:57 PM

Posted 04 August 2017 - 03:25 AM

Hi, a Malwarebytes icon is being created but I'm still unable to run it.

 

(The item referred to by this shortcut cannot be accessed. You may not have the appropriate permissions.)

 


Edited by HeadDesk, 04 August 2017 - 03:26 AM.


#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:57 PM

Posted 04 August 2017 - 06:31 AM

Hi,

Right click on the Icon look at the Properties.

Is the user correct?
What are the permissions?

p.s.
You can right click on the mbam.exe and create a new icon on the Desktop.
See it it works.

#13 HeadDesk

HeadDesk
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:57 PM

Posted 04 August 2017 - 10:02 PM

Hi, the user is Administrator. 

 

I get a message saying "The folder C:\Users\Administrator\Desktop\Anti-Malware specified in the Start In box is not valid. Make sure that the folder exists and the path is correct." On running as Administrator I get "The item referred to by this shortcut cannot be accessed. You may not have the appropriate permissions."

 

Trying to create a new icon by clicking but it just creates a shortcut of the exe file, and trying to delete the icon and reinstall just creates a new nonworking icon.

The computer is still slow, things are crashing, and I got a popup saying "A program running on this computer is trying to display a message". Something about Interactive Services. It disappeared when I clicked show message. Is this an infection?

I've also noticed Winpcap on my computer when I didn't install it. (Though that may have come from Wireshark which I used to try and check neighbours weren't using my wifi.) Rkill is being detected as a virus (Win32/64 gen).

Edit: Oddly I am able to run Malwarebytes in safe mode, the shortcut will work then. Scans from that show nothing but on using Malwarebytes Antirootkit beta it said that 4 malware were found.

Here are the three I managed to screencap.
 

Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\svchost.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MsMpEng.exe -->[Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\svchost.exe --> [Security.Hijack]

Cleaned, and now updating the program
 


Edited by HeadDesk, 05 August 2017 - 04:50 AM.


#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:57 PM

Posted 05 August 2017 - 08:49 AM


You can remove this program in bold via the Control Panel > Programs > Programs and Features.
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)

If still present after a restart of the computer delete this folder in bold.

C:\Program Files (x86)\WinPcap

===

Rkill is being detected as a virus (Win32/64 gen).

Because of the nature of that file this is a false positive.
Delete the program it's no longer required.

===

Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\svchost.exe --> [Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MsMpEng.exe -->[Security.Hijack]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\svchost.exe --> [Security.Hijack]

Cleaned, and now updating the program


Were do we stand now?

#15 HeadDesk

HeadDesk
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:57 PM

Posted 05 August 2017 - 07:43 PM

I've removed Winpcap, it's gone from Program Files. And deleted the Rkill files. I had removed Malwarebytes restarted and have reinstalled again, but the newly created icon is still the plain file rather than the Malwarebytes image and I still get the error message about permissions on using it.

 

Running the updated Malwarebytes Anti-Rootkit in normal mode returns no malware but I'm still suspicious. In some of the early scans there were messages about host files being unable to be scanned and now I remove malware from a host file that was only found in safe mode and Malwarebytes still won't work. Using other antivirus but there might be traces still of something nasty.

 

Do you know what the type of infection might be? My camera is covered and I have still been using the computer but let me know if I should use a good computer to change all my passwords.


Edited by HeadDesk, 05 August 2017 - 07:57 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users