Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

RegSvr32 Error - Malware?


  • This topic is locked This topic is locked
2 replies to this topic

#1 Sharke

Sharke

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:54 PM

Posted 04 October 2017 - 11:25 AM

Each time I boot up my computer I receive a RegSvr32 error (see attachment of screen shot). I was advised to run FRST, and supply the FRST log, which is below.

 

Thank you for all your help!!!!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-10-2017 01
Ran by Diamond (administrator) on ACER (04-10-2017 11:41:58)
Running from C:\Users\Diamond\Downloads
Loaded Profiles: Diamond (Available Profiles: Diamond & Administrator)
Platform: Windows 8.1 Connected (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(Intel® Corporation) C:\Program Files\Intel\BCA\pabeSvc64.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
() C:\Windows\runSW.exe
(Realtek) C:\Windows\SwUSB.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsserv.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdagent.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Stardock Corporation) C:\Program Files (x86)\Stardock\CursorFX\CursorFX.exe
() C:\Program Files\Rainlendar2\Rainlendar2.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
() C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Matrix Software) C:\Program Files (x86)\MatrixSoftware\FooBar\FooBar.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18381792 2017-08-10] (Realtek Semiconductor)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163776 2017-08-12] (IvoSoft)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [3191728 2017-06-09] (Dominik Reichl)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [133760 2013-12-24] (Qualcomm®Atheros®)
HKLM\...\Policies\Explorer: [NoRecentDocsNetHood] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <==== ATTENTION
HKU\S-1-5-21-464718250-148747909-944752478-1001\...\Run: [CursorFX] => C:\Program Files (x86)\Stardock\CursorFX\CursorFX.exe [624296 2015-03-16] (Stardock Corporation)
HKU\S-1-5-21-464718250-148747909-944752478-1001\...\Run: [Rainlendar2] => C:\Program Files\Rainlendar2\Rainlendar2.exe [3097640 2015-11-13] ()
HKU\S-1-5-21-464718250-148747909-944752478-1001\...\Run: [Ufxgmedia] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Diamond\AppData\Local\YkvbPack\lmdqavmx.dll <==== ATTENTION
HKU\S-1-5-21-464718250-148747909-944752478-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421224 2017-08-29] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-464718250-148747909-944752478-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [479744 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-21-464718250-148747909-944752478-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-464718250-148747909-944752478-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-464718250-148747909-944752478-1001\...\Policies\Explorer: [NoPreviewPane] 0
HKU\S-1-5-21-464718250-148747909-944752478-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-464718250-148747909-944752478-1001\...\Policies\Explorer: [HideSCANetwork] 0
HKU\S-1-5-21-464718250-148747909-944752478-1001\...\Policies\Explorer: [HideSCAVolume] 0
HKU\S-1-5-21-464718250-148747909-944752478-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-464718250-148747909-944752478-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-464718250-148747909-944752478-1001\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-464718250-148747909-944752478-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-464718250-148747909-944752478-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [132608 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
HKU\S-1-5-18\...\Run: [] => [X]
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421224 2017-08-29] (Garmin Ltd. or its subsidiaries)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2016-06-18]
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
Startup: C:\Users\Diamond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FooBar 1.0.LNK [2015-05-17]
ShortcutTarget: FooBar 1.0.LNK -> C:\Program Files (x86)\MatrixSoftware\FooBar\FooBar.exe (Matrix Software)
GroupPolicy: Restriction - Chrome <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{22EA1D62-211C-4E77-AE71-5243CA943D77}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{C354796D-7339-4872-A4DC-40505937E38E}: [DhcpNameServer] 192.0.2.3
Tcpip\..\Interfaces\{EB3FA720-3133-4200-89AE-96608AA9F41A}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-464718250-148747909-944752478-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.ca/?gws_rd=ssl
HKU\S-1-5-21-464718250-148747909-944752478-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-464718250-148747909-944752478-1001 -> DefaultScope {9253AF4F-3662-41D5-88E3-2BB865A8E656} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-464718250-148747909-944752478-1001 -> {9253AF4F-3662-41D5-88E3-2BB865A8E656} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2017-05-22] (IObit)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-12] (IvoSoft)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-07-27] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-07-27] (Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2017-08-12] (IvoSoft)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-07-15] (Intel Security)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-12] (IvoSoft)
BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\ProgramData\Wondershare\Video Converter Ultimate\WSBrowserAppMgr.dll [2015-12-28] (Wondershare)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2017-08-12] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-12] (IvoSoft)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-07-15] (Intel Security)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-12] (IvoSoft)
Handler: WSIEChrome - No CLSID Value
Handler: WSWSVCUchrome - No CLSID Value
 
FireFox:
========
FF ProfilePath: C:\Users\Diamond\AppData\Roaming\Mozilla\Firefox\Profiles\dnvnlqvf.default-1491016581261 [2017-10-03]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\dnvnlqvf.default-1491016581261 -> Google
FF Homepage: Mozilla\Firefox\Profiles\dnvnlqvf.default-1491016581261 -> hxxps://www.google.ca/?gws_rd=ssl
FF Extension: (Activity Stream) - C:\Program Files\Mozilla Firefox\browser\features\activity-stream@mozilla.org.xpi [2017-09-26] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com
FF Extension: (Wondershare Video Converter Ultimate) - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com [2015-12-31] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [Player@Wondershare.com] - C:\ProgramData\Wondershare\Player\Player@Wondershare.com
FF Extension: (Wondershare Player) - C:\ProgramData\Wondershare\Player\Player@Wondershare.com [2016-01-02] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}] - C:\Program Files (x86)\Wondershare\VideoConverterFree\SVRFirefoxExt
FF Extension: (Wondershare Video Converter Ultimate) - C:\Program Files (x86)\Wondershare\VideoConverterFree\SVRFirefoxExt [2015-12-18] [not signed]
FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-07-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-07-27] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-08-22] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-08-22] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-08-22] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-08-22] (Foxit Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-09-23] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-09-23] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.ca/
CHR StartupUrls: Default -> "hxxp://google.ca/"
CHR Profile: C:\Users\Diamond\AppData\Local\Google\Chrome\User Data\Default [2017-10-04]
CHR Extension: (Google Slides) - C:\Users\Diamond\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-09-23]
CHR Extension: (Google Docs) - C:\Users\Diamond\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-09-23]
CHR Extension: (Google Drive) - C:\Users\Diamond\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-23]
CHR Extension: (YouTube) - C:\Users\Diamond\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-23]
CHR Extension: (Google Sheets) - C:\Users\Diamond\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-09-23]
CHR Extension: (Google Docs Offline) - C:\Users\Diamond\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-09-23]
CHR Extension: (Total AV Web Shield) - C:\Users\Diamond\AppData\Local\Google\Chrome\User Data\Default\Extensions\looohgelibjoplmkhecmalapkgadkfcc [2017-10-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Diamond\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-23]
CHR Extension: (Gmail) - C:\Users\Diamond\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-23]
CHR Extension: (Chrome Media Router) - C:\Users\Diamond\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-23]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [looohgelibjoplmkhecmalapkgadkfcc] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [looohgelibjoplmkhecmalapkgadkfcc] - hxxps://clients2.google.com/service/update2/crx
 
Opera: 
=======
OPR StartupUrls: "hxxp://google.ca/"
OPR Extension: (Bookmarks Import & Export) - C:\Users\Diamond\AppData\Roaming\Opera Software\Opera Stable\Extensions\omhcddilnfoiiplehpjihipcocdplljn [2017-09-28]
StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-09-28] (ArcSoft Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [318592 2013-12-24] (Windows ® Win 7 DDK provider) [File not signed]
S3 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2860760 2015-11-04] (Acer Incorporated)
R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659456 2017-08-25] (Foxit Software Inc.)
S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1102864 2017-08-29] (Garmin Ltd. or its subsidiaries)
R2 IntelBCAsvc; C:\Program Files\Intel\BCA\pabeSvc64.exe [3026584 2016-05-06] (Intel® Corporation)
R2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [206112 2017-06-14] (IObit)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1269824 2017-06-21] (Bitdefender)
R2 RunSwUSB; C:\Windows\runSW.exe [48856 2013-10-18] ()
S2 Soda PDF 8 Manager; C:\ProgramData\LULU Software\Soda PDF 8 Manager\Soda PDF 8\Soda Manager.exe [887800 2016-04-19] (LULU Software Limited)
R2 updatesrv; C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe [100392 2017-09-27] (Bitdefender)
R2 vsserv; C:\Program Files\Bitdefender Antivirus Free\vsserv.exe [100392 2017-09-27] (Bitdefender)
R2 vsservppl; C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe [100392 2017-09-27] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
S2 WiseBootAssistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [580144 2015-08-06] (WiseCleaner.com) [File not signed]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17640 2013-10-23] (Advanced Micro Devices, INC.)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [95080 2017-06-12] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-13] (Advanced Micro Devices, Inc.)
R1 amdpsp; C:\Windows\system32\DRIVERS\amdpsp.sys [239976 2017-06-12] (Advanced Micro Devices, Inc. )
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138664 2014-04-24] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [138664 2014-04-24] (SlySoft, Inc.)
R0 atc; C:\Windows\System32\DRIVERS\atc.sys [950160 2017-06-07] (BitDefender S.R.L. Bucharest, ROMANIA)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [4307192 2016-11-01] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [118848 2017-06-25] (Advanced Micro Devices)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1763744 2017-09-27] (BitDefender)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23672 2016-03-14] (Bitdefender)
R1 bdfwfpf; C:\Program Files\Bitdefender Antivirus Free\bdfwfpf.sys [127312 2016-02-22] (BitDefender LLC)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-12-24] (Qualcomm Atheros)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 edrsensor; C:\Windows\System32\DRIVERS\edrsensor.sys [250504 2017-10-03] (BitDefender S.R.L. Bucharest, ROMANIA)
R2 ei2c; C:\Windows\system32\drivers\ei2c.sys [20784 2017-08-03] (Nicomsoft Ltd.)
R0 gzflt; C:\Windows\System32\drivers\gzflt.sys [187688 2017-05-11] (BitDefender LLC)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-08-14] (REALiX™)
R3 IUFileFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUFileFilter.sys [21928 2017-06-06] (IObit.com)
R3 IURegProcessFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IURegProcessFilter.sys [27048 2017-06-13] (IObit.com)
R2 mi2c; C:\Windows\system32\drivers\mi2c.sys [20784 2017-05-01] (Nicomsoft Ltd.)
R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [3860224 2015-08-05] (Realtek Semiconductor Corporation )
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [420832 2017-08-07] (Realsil Semiconductor Corporation)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R2 trufos; C:\Windows\System32\drivers\trufos.sys [520032 2016-06-22] (BitDefender S.R.L.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
R3 WirelessKeyboardFilter; C:\Windows\System32\drivers\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)
R2 WiseFs; C:\Windows\WiseFs64.sys [66128 2017-09-19] (WiseCleaner.com)
S3 WiseHDInfo; C:\Windows\WiseHDInfo64.dll [14800 2015-08-11] (wisecleaner.com) [File not signed]
S3 NPF; system32\drivers\NPF.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-10-04 11:41 - 2017-10-04 11:43 - 000021810 _____ C:\Users\Diamond\Downloads\FRST.txt
2017-10-04 11:41 - 2017-10-04 11:41 - 000000000 ____D C:\FRST
2017-10-04 11:39 - 2017-10-04 11:39 - 002399744 _____ (Farbar) C:\Users\Diamond\Downloads\FRST64.exe
2017-10-03 13:07 - 2017-10-03 13:07 - 000001153 _____ C:\Users\Diamond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitdefender Antivirus Free.lnk
2017-10-03 12:57 - 2017-10-03 12:57 - 000560575 _____ C:\Users\Diamond\AppData\Local\census.cache
2017-10-03 12:56 - 2017-10-03 12:56 - 000850773 _____ C:\Users\Diamond\AppData\Local\ars.cache
2017-10-03 12:37 - 2017-10-03 12:37 - 000000010 _____ C:\Users\Diamond\AppData\Local\sponge.last.runtime.cache
2017-10-03 12:27 - 2017-10-03 12:27 - 000000000 ____D C:\Users\Diamond\AppData\Local\Trend Micro
2017-10-03 12:26 - 2017-10-03 12:26 - 000000000 ____D C:\Windows\Trend Micro
2017-10-03 12:26 - 2017-10-03 12:26 - 000000000 ____D C:\ProgramData\Trend Micro
2017-10-03 12:23 - 2017-10-03 12:23 - 000000036 _____ C:\Users\Diamond\AppData\Local\housecall.guid.cache
2017-10-03 12:23 - 2015-05-29 03:43 - 000307352 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2017-10-03 09:05 - 2017-10-03 09:05 - 000250504 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\Windows\system32\Drivers\edrsensor.sys
2017-10-02 23:16 - 2017-10-02 23:16 - 000003820 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1506621650
2017-10-01 08:51 - 2017-10-02 23:16 - 000000000 ____D C:\PatchMyPCUpdates
2017-09-30 01:03 - 2017-10-03 13:02 - 000000000 ____D C:\ProgramData\ProductData
2017-09-29 23:15 - 2017-09-29 23:15 - 000000000 ____D C:\Users\Diamond\AppData\Local\ESET
2017-09-29 23:03 - 2017-10-04 08:32 - 000003648 _____ C:\Windows\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2017-09-28 18:52 - 2017-09-28 18:52 - 005375402 _____ C:\Users\Diamond\Downloads\csa_travellers_checklist_en.pdf
2017-09-28 14:00 - 2017-10-02 23:16 - 000000000 ____D C:\Program Files\Opera
2017-09-28 13:05 - 2017-09-28 13:05 - 000373592 _____ C:\Windows\system32\FNTCACHE.DAT
2017-09-27 12:46 - 2017-09-27 12:46 - 001763744 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2017-09-27 12:14 - 2017-09-27 12:14 - 000000000 ____D C:\ProgramData\Bitdefender
2017-09-27 12:14 - 2017-06-07 05:04 - 000950160 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\Windows\system32\Drivers\atc.sys
2017-09-27 12:14 - 2016-03-14 22:04 - 000023672 _____ (Bitdefender) C:\Windows\system32\Drivers\bdelam.sys
2017-09-27 12:11 - 2017-09-27 12:11 - 000000000 ____D C:\Users\Diamond\AppData\Roaming\QuickScan
2017-09-27 11:34 - 2017-10-04 11:33 - 000000000 ____D C:\Program Files\Bitdefender Antivirus Free
2017-09-27 11:32 - 2017-10-04 11:33 - 000000000 ____D C:\Program Files\Bitdefender Agent
2017-09-27 11:32 - 2017-09-27 11:32 - 000050068 _____ C:\ProgramData\agent.1506526327.bdinstall.bin
2017-09-27 11:32 - 2017-09-27 11:32 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2017-09-27 10:53 - 2017-10-03 13:04 - 000000000 ____D C:\Program Files\Malwarebytes
2017-09-27 10:06 - 2017-09-27 10:14 - 000000000 ____D C:\Users\Diamond\AppData\Roaming\.jocala
2017-09-27 10:06 - 2017-09-27 10:06 - 000000000 ____D C:\adbLink
2017-09-26 19:45 - 2017-09-26 19:45 - 000000223 _____ C:\Users\Diamond\Documents\friend quotes.txt
2017-09-26 09:19 - 2017-09-26 09:19 - 000000000 ____D C:\Windows\LastGood.Tmp
2017-09-26 09:17 - 2017-09-26 09:17 - 000993264 _____ (Realtek ) C:\Windows\system32\Drivers\Rt630x64.sys
2017-09-26 09:17 - 2017-09-26 09:17 - 000131568 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2017-09-23 08:53 - 2017-09-24 09:38 - 000003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-09-23 08:53 - 2017-09-24 09:38 - 000003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-09-23 08:52 - 2017-09-23 08:52 - 000191720 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgstm.sys.150617117743703
2017-09-23 08:34 - 2017-09-23 08:34 - 000191720 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgstm.sys.150617008167103
2017-09-22 23:33 - 2017-09-22 23:33 - 000000000 ____D C:\Users\Diamond\AppData\Roaming\DVDFab10
2017-09-22 23:31 - 2017-09-22 23:31 - 000000000 ____D C:\Users\Diamond\AppData\Roaming\112
2017-09-22 22:32 - 2017-09-22 22:33 - 019783876 _____ C:\Users\Diamond\Downloads\Nikon P900 Coolpix Manual.pdf
2017-09-21 23:27 - 2017-09-21 23:27 - 000000000 ____D C:\Users\Public\Documents\AKVIS
2017-09-21 11:29 - 2017-09-21 11:31 - 000004558 _____ C:\Users\Diamond\Documents\email to Stephen.txt
2017-09-19 15:10 - 2017-08-13 15:48 - 000202592 _____ (Microsoft Corporation) C:\Windows\system32\basecsp.dll
2017-09-19 15:10 - 2017-08-13 13:52 - 000174944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\basecsp.dll
2017-09-19 15:10 - 2017-08-13 13:10 - 000277504 _____ (Microsoft Corporation) C:\Windows\system32\scksp.dll
2017-09-19 15:10 - 2017-08-13 12:33 - 000252416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scksp.dll
2017-09-19 15:10 - 2017-08-10 22:54 - 000445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-09-19 15:10 - 2017-08-10 22:22 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-09-19 15:10 - 2017-08-10 22:20 - 001436672 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-09-19 15:10 - 2017-08-10 22:16 - 000275968 _____ (Microsoft Corporation) C:\Windows\system32\authz.dll
2017-09-19 15:10 - 2017-08-10 21:57 - 000180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authz.dll
2017-09-19 15:10 - 2017-08-06 17:50 - 001080320 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2017-09-19 15:10 - 2017-08-06 17:20 - 000542720 _____ (Microsoft Corporation) C:\Windows\system32\rasmans.dll
2017-09-19 15:10 - 2017-08-06 17:13 - 000713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2017-09-19 15:10 - 2017-08-06 03:08 - 000561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2017-09-19 15:10 - 2017-08-01 22:19 - 000358912 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2017-09-19 15:10 - 2017-08-01 04:25 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2017-09-18 08:48 - 2017-09-18 08:48 - 000021712 _____ (Phoenix Technologies) C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
2017-09-17 23:22 - 2017-09-17 23:23 - 000000000 ____D C:\Users\Diamond\Documents\Debrid Info
2017-09-17 23:22 - 2017-09-17 23:22 - 000000000 ____D C:\Users\Diamond\Documents\Receipts
2017-09-15 09:25 - 2017-09-27 11:22 - 000003168 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-464718250-148747909-944752478-1001
2017-09-14 19:38 - 2017-10-03 12:40 - 000000269 _____ C:\Users\Diamond\Desktop\to do list.txt
2017-09-14 12:34 - 2017-09-01 19:54 - 000835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-09-14 12:34 - 2017-09-01 19:54 - 000177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-09-14 12:33 - 2017-08-19 13:27 - 000237568 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2017-09-14 12:33 - 2017-08-19 12:48 - 000215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2017-09-14 12:33 - 2017-08-17 18:07 - 000537200 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2017-09-14 12:33 - 2017-08-17 18:07 - 000140016 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2017-09-14 12:33 - 2017-08-17 18:03 - 000450392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2017-09-14 12:33 - 2017-08-17 18:03 - 000136832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2017-09-14 12:33 - 2017-08-15 10:06 - 015260160 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-09-14 12:33 - 2017-08-15 10:01 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-09-14 12:33 - 2017-08-15 10:01 - 000128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2017-09-14 12:33 - 2017-08-15 10:01 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-09-14 12:33 - 2017-08-15 09:58 - 013673984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-09-14 12:33 - 2017-08-13 14:58 - 025730560 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-09-14 12:33 - 2017-08-13 13:19 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nsiproxy.sys
2017-09-14 12:33 - 2017-08-13 13:05 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-09-14 12:33 - 2017-08-13 13:04 - 002899968 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-09-14 12:33 - 2017-08-13 12:54 - 020269056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-09-14 12:33 - 2017-08-13 12:51 - 005981696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-09-14 12:33 - 2017-08-13 12:50 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-09-14 12:33 - 2017-08-13 12:29 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-09-14 12:33 - 2017-08-13 12:28 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-09-14 12:33 - 2017-08-13 12:24 - 002291200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-09-14 12:33 - 2017-08-13 12:23 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-09-14 12:33 - 2017-08-13 12:21 - 000145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2017-09-14 12:33 - 2017-08-13 12:20 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-09-14 12:33 - 2017-08-13 12:17 - 000663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-09-14 12:33 - 2017-08-13 12:15 - 007078912 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2017-09-14 12:33 - 2017-08-13 12:14 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-09-14 12:33 - 2017-08-13 12:07 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-09-14 12:33 - 2017-08-13 12:05 - 000380416 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-09-14 12:33 - 2017-08-13 12:04 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-09-14 12:33 - 2017-08-13 12:04 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-09-14 12:33 - 2017-08-13 12:01 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-09-14 12:33 - 2017-08-13 11:52 - 005274624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2017-09-14 12:33 - 2017-08-13 11:52 - 000486912 _____ (Microsoft Corporation) C:\Windows\system32\tpmvsc.dll
2017-09-14 12:33 - 2017-08-13 11:51 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-09-14 12:33 - 2017-08-13 11:48 - 004547072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-09-14 12:33 - 2017-08-13 11:46 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-09-14 12:33 - 2017-08-13 11:44 - 000694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-09-14 12:33 - 2017-08-13 11:44 - 000331776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-09-14 12:33 - 2017-08-13 11:43 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-09-14 12:33 - 2017-08-13 11:40 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-09-14 12:33 - 2017-08-13 11:27 - 001544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-09-14 12:33 - 2017-08-13 11:25 - 007797248 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2017-09-14 12:33 - 2017-08-13 11:18 - 005270016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2017-09-14 12:33 - 2017-08-13 11:18 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-09-14 12:33 - 2017-08-13 11:17 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-09-14 12:33 - 2017-08-13 11:14 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-09-14 12:33 - 2017-08-13 11:13 - 001314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-09-14 12:33 - 2017-08-12 05:30 - 022361344 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-09-14 12:33 - 2017-08-12 05:26 - 019789736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-09-14 12:33 - 2017-08-11 20:39 - 001364552 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-09-14 12:33 - 2017-08-11 19:59 - 007440728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-09-14 12:33 - 2017-08-11 19:58 - 001737600 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-09-14 12:33 - 2017-08-11 19:58 - 001502000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-09-14 12:33 - 2017-08-11 16:46 - 000367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCPTpm12.dll
2017-09-14 12:33 - 2017-08-11 16:29 - 000425984 _____ (Microsoft Corporation) C:\Windows\system32\PCPTpm12.dll
2017-09-14 12:33 - 2017-08-11 16:13 - 000175616 _____ (Microsoft Corporation) C:\Windows\system32\TpmTasks.dll
2017-09-14 12:33 - 2017-08-10 23:30 - 004170240 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-09-14 12:33 - 2017-08-10 23:27 - 000281600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2017-09-14 12:33 - 2017-08-10 23:27 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-09-14 12:33 - 2017-08-10 22:38 - 000477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2017-09-14 12:33 - 2017-08-10 22:08 - 001753600 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2017-09-14 12:33 - 2017-08-10 22:08 - 000329216 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2017-09-14 12:33 - 2017-08-10 22:02 - 001084928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-09-14 12:33 - 2017-08-10 21:52 - 001491456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2017-09-14 12:33 - 2017-08-10 21:49 - 000346624 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2017-09-14 12:33 - 2017-08-10 21:44 - 001095680 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2017-09-14 12:33 - 2017-08-10 21:43 - 000865792 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-09-14 12:33 - 2017-08-10 21:41 - 000307200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2017-09-14 12:33 - 2017-08-06 17:20 - 000607232 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2017-09-14 12:33 - 2017-08-06 03:13 - 000530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2017-09-14 10:57 - 2017-09-14 10:57 - 000139112 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmonflt.sys.150540102906205
2017-09-14 10:56 - 2017-09-14 10:55 - 000139112 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmonflt.sys.150540102446801
2017-09-14 10:56 - 2017-09-14 10:54 - 001008288 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgsnx.sys.150540102906205
2017-09-14 10:22 - 2017-09-14 10:22 - 000000000 ____D C:\Users\Diamond\AppData\Local\ElevatedDiagnostics
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-10-04 11:41 - 2015-05-16 22:35 - 000000000 ____D C:\Users\Diamond\AppData\Local\ClassicShell
2017-10-04 11:35 - 2015-05-16 21:41 - 000000000 ____D C:\Users\Diamond\Documents\Kijiji Info
2017-10-04 11:34 - 2014-03-18 05:47 - 000865068 _____ C:\Windows\system32\PerfStringBackup.INI
2017-10-04 11:34 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\Inf
2017-10-04 10:11 - 2015-05-16 21:41 - 000000000 ____D C:\Users\Diamond\Documents\Word Documents
2017-10-04 10:07 - 2015-05-16 21:41 - 000000000 ____D C:\Users\Diamond\Documents\Text Files
2017-10-04 10:04 - 2015-08-27 10:47 - 000000000 ____D C:\Users\Diamond\Documents\KeyPass Backup
2017-10-04 10:04 - 2015-05-17 11:00 - 000000000 ____D C:\Users\Diamond\AppData\Roaming\KeePass
2017-10-04 10:03 - 2017-04-25 23:19 - 000000000 ____D C:\Users\Diamond\Documents\Passwords
2017-10-04 09:57 - 2015-05-16 21:41 - 000000000 ____D C:\Users\Diamond\Documents\Movie Backups
2017-10-04 09:52 - 2015-05-22 22:37 - 000000000 ____D C:\Users\Diamond\.rainlendar2
2017-10-04 09:34 - 2013-08-22 09:25 - 000262144 ___SH C:\Windows\system32\config\ELAM
2017-10-04 08:39 - 2015-05-16 18:42 - 000003774 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{C2A4B8D2-FA3C-482A-9BD0-135EFD3A41F6}
2017-10-04 08:29 - 2013-08-22 10:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-10-03 23:36 - 2015-01-22 16:31 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2017-10-03 20:01 - 2015-05-16 18:40 - 000003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-464718250-148747909-944752478-1001
2017-10-03 19:45 - 2017-08-14 22:18 - 000000000 ____D C:\Program Files\Franzis
2017-10-03 19:45 - 2016-02-19 10:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2017-10-03 19:33 - 2016-11-16 00:12 - 000000000 ____D C:\Users\Diamond\AppData\LocalLow\Mozilla
2017-10-03 13:03 - 2015-05-31 09:38 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-10-01 09:33 - 2016-02-20 10:58 - 000000000 ____D C:\AdwCleaner
2017-10-01 09:25 - 2015-05-16 18:43 - 000000000 ____D C:\Users\Diamond\AppData\Local\CrashDumps
2017-09-30 23:51 - 2013-08-22 09:25 - 000262144 ___SH C:\Windows\system32\config\BBI
2017-09-30 09:27 - 2017-03-31 16:09 - 000000000 ____D C:\Patch My PC (Updates)
2017-09-29 17:16 - 2016-04-14 19:43 - 000000000 ____D C:\Users\Diamond\AppData\Roaming\Wise Care 365
2017-09-29 16:31 - 2016-10-27 17:12 - 000000282 _____ C:\Users\Diamond\AppData\Roaming\FotoSketcher.ini
2017-09-28 18:52 - 2017-01-01 17:05 - 000000000 ____D C:\Users\Diamond\AppData\Local\Foxit Reader
2017-09-28 17:54 - 2015-05-16 22:33 - 000000000 ____D C:\ProgramData\ClassicShell
2017-09-28 17:54 - 2015-05-16 22:30 - 000000000 ____D C:\Users\Diamond\AppData\LocalLow\IObit
2017-09-28 17:48 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\registration
2017-09-28 17:43 - 2015-05-16 18:34 - 000000000 ____D C:\Users\Diamond
2017-09-28 14:01 - 2015-06-21 23:02 - 000000000 ____D C:\Users\Diamond\AppData\Roaming\Opera Software
2017-09-28 14:01 - 2015-06-21 23:02 - 000000000 ____D C:\Users\Diamond\AppData\Local\Opera Software
2017-09-28 12:59 - 2015-11-05 18:04 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-09-28 10:41 - 2013-08-22 11:20 - 000000000 ____D C:\Windows\CbsTemp
2017-09-28 08:46 - 2017-05-06 09:54 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-09-27 11:28 - 2017-06-29 23:59 - 000000000 ____D C:\ProgramData\Avg
2017-09-27 11:28 - 2015-06-02 08:51 - 000000000 ____D C:\Users\Diamond\AppData\Local\Avg
2017-09-27 11:26 - 2017-06-29 23:59 - 000000000 ____D C:\Users\Diamond\AppData\Local\AvgSetupLog
2017-09-27 11:22 - 2017-08-31 09:38 - 000003554 _____ C:\Windows\System32\Tasks\GarminUpdaterTask
2017-09-27 11:22 - 2017-08-08 19:34 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-09-27 11:22 - 2016-12-13 17:42 - 000004422 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-09-27 11:22 - 2015-01-22 15:46 - 000002890 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-464718250-148747909-944752478-500
2017-09-27 11:05 - 2016-12-22 19:26 - 000000000 ____D C:\Users\Diamond\AppData\Local\001b5
2017-09-26 14:30 - 2015-05-17 11:57 - 000000000 ____D C:\Users\Diamond\AppData\Roaming\Mp3tag
2017-09-26 09:49 - 2015-05-18 13:10 - 000000000 ____D C:\Users\Diamond\AppData\Roaming\HpUpdate
2017-09-26 09:49 - 2015-01-22 16:48 - 000000000 ____D C:\ProgramData\Temp
2017-09-26 09:09 - 2015-12-18 10:24 - 000000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2017-09-24 09:39 - 2016-12-13 17:42 - 000004288 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-09-24 09:39 - 2015-07-27 12:40 - 000003352 _____ C:\Windows\System32\Tasks\BacKGroundAgent
2017-09-24 09:39 - 2015-05-16 22:28 - 000001726 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-09-24 09:30 - 2016-08-04 09:57 - 000003704 _____ C:\Windows\System32\Tasks\Java Platform SE Auto Updater
2017-09-23 12:40 - 2015-05-16 18:35 - 000000000 ____D C:\Users\Diamond\AppData\Local\VirtualStore
2017-09-23 10:44 - 2017-06-13 08:30 - 000000000 ____D C:\Users\Diamond\AppData\Local\Google
2017-09-23 09:16 - 2016-08-10 22:35 - 000000000 ____D C:\Users\Diamond\AppData\Roaming\Raptr
2017-09-23 08:54 - 2015-06-09 09:57 - 000000000 ____D C:\Program Files (x86)\Google
2017-09-22 23:21 - 2015-05-16 21:41 - 000000000 ____D C:\Users\Diamond\Documents\PDF Documents
2017-09-22 23:20 - 2015-05-16 21:41 - 000000000 ____D C:\Users\Diamond\Documents\Excel
2017-09-21 23:39 - 2015-05-17 11:08 - 000000000 ____D C:\Program Files (x86)\FastStone Image Viewer
2017-09-21 23:23 - 2015-05-17 11:38 - 000000000 ____D C:\Users\Diamond\AppData\Local\Downloaded Installations
2017-09-20 09:29 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\rescache
2017-09-19 20:09 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\AppReadiness
2017-09-19 16:30 - 2017-05-23 18:47 - 000000142 ___SH C:\Windows\wisefs.dat
2017-09-19 16:30 - 2015-09-01 19:38 - 000066128 _____ (WiseCleaner.com) C:\Windows\WiseFs64.sys
2017-09-14 12:49 - 2013-08-22 11:36 - 000000000 ___RD C:\Windows\ToastData
2017-09-14 12:48 - 2015-05-17 00:02 - 000000000 ____D C:\Windows\system32\MRT
2017-09-14 12:42 - 2015-05-17 00:02 - 138202976 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-09-14 10:59 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-09-14 10:59 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\system32\Macromed
2017-09-14 10:47 - 2017-05-23 18:47 - 000000000 ____D C:\Users\Diamond\AppData\Roaming\Wise Folder Hider
2017-09-14 10:47 - 2015-10-15 12:08 - 000000000 ____D C:\Users\Administrator
2017-09-14 10:47 - 2015-05-20 19:28 - 000000000 ____D C:\ProgramData\Wondershare Player
2017-09-14 10:47 - 2015-05-17 10:36 - 000000000 ____D C:\Users\Diamond\AppData\Roaming\Winamp
2017-09-14 10:47 - 2015-05-16 22:28 - 000000000 ____D C:\Users\Diamond\AppData\Roaming\IObit
2017-09-14 10:47 - 2015-05-16 22:28 - 000000000 ____D C:\ProgramData\IObit
2017-09-14 10:47 - 2015-05-16 22:28 - 000000000 ____D C:\Program Files\CCleaner
2017-09-14 10:47 - 2015-05-16 22:28 - 000000000 ____D C:\Program Files (x86)\IObit
2017-09-14 10:47 - 2013-08-22 11:36 - 000000000 __RSD C:\Windows\Media
2017-09-14 10:47 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\PolicyDefinitions
2017-09-14 10:47 - 2013-08-22 11:36 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-09-14 10:47 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\system32\Sysprep
2017-09-14 10:45 - 2013-08-22 11:36 - 000000000 ___HD C:\Program Files\WindowsApps
2017-09-07 18:12 - 2015-05-17 11:38 - 000000000 ____D C:\MOO40S
2017-09-07 18:11 - 2016-12-25 13:30 - 000000000 ____D C:\Users\Diamond\Documents\Breakers List
2017-09-05 11:35 - 2015-05-17 11:56 - 000000000 ____D C:\Program Files (x86)\Mp3tag
 
==================== Files in the root of some directories =======
 
2017-05-06 09:52 - 2017-05-06 09:52 - 000000045 _____ () C:\Users\Diamond\AppData\Roaming\2xdsoft_scp.settings
2016-10-27 17:12 - 2017-09-29 16:31 - 000000282 _____ () C:\Users\Diamond\AppData\Roaming\FotoSketcher.ini
2016-02-11 10:28 - 2016-03-07 20:57 - 000000353 _____ () C:\Users\Diamond\AppData\Roaming\imagetuner.ini
2015-05-17 12:29 - 2015-05-17 12:29 - 000007859 _____ () C:\Users\Diamond\AppData\Roaming\pcouffin.cat
2015-05-17 12:29 - 2015-05-17 12:29 - 000001167 _____ () C:\Users\Diamond\AppData\Roaming\pcouffin.inf
2015-05-17 12:30 - 2015-05-17 12:30 - 000000034 _____ () C:\Users\Diamond\AppData\Roaming\pcouffin.log
2015-08-22 08:24 - 2016-03-22 14:51 - 000000400 _____ () C:\Users\Diamond\AppData\Roaming\PDFShaper.ini
2017-10-03 12:56 - 2017-10-03 12:56 - 000850773 _____ () C:\Users\Diamond\AppData\Local\ars.cache
2017-10-03 12:57 - 2017-10-03 12:57 - 000560575 _____ () C:\Users\Diamond\AppData\Local\census.cache
2015-09-25 08:45 - 2016-02-15 00:05 - 000000058 _____ () C:\Users\Diamond\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2017-10-03 12:23 - 2017-10-03 12:23 - 000000036 _____ () C:\Users\Diamond\AppData\Local\housecall.guid.cache
2015-10-20 10:03 - 2015-10-20 10:04 - 000131072 _____ () C:\Users\Diamond\AppData\Local\jpegsaver.db
2015-10-20 10:03 - 2015-10-20 10:04 - 000032768 _____ () C:\Users\Diamond\AppData\Local\jpegsaver.db-shm
2015-10-20 10:03 - 2015-10-20 10:04 - 006060552 _____ () C:\Users\Diamond\AppData\Local\jpegsaver.db-wal
2015-08-22 08:24 - 2016-02-02 11:53 - 000000024 _____ () C:\Users\Diamond\AppData\Local\pdfshaper.ini
2016-12-08 23:37 - 2016-12-08 23:37 - 000000017 _____ () C:\Users\Diamond\AppData\Local\resmon.resmoncfg
2017-10-03 12:37 - 2017-10-03 12:37 - 000000010 _____ () C:\Users\Diamond\AppData\Local\sponge.last.runtime.cache
2017-06-18 11:03 - 2017-06-18 11:03 - 000000552 _____ () C:\Users\Diamond\AppData\Local\TroubleshooterConfig.json
2015-05-17 11:16 - 2015-05-17 11:16 - 000000040 ___SH () C:\ProgramData\.zreglib
2017-09-27 11:32 - 2017-09-27 11:32 - 000050068 _____ () C:\ProgramData\agent.1506526327.bdinstall.bin
2015-05-18 13:10 - 2015-05-18 13:10 - 000000057 _____ () C:\ProgramData\Ament.ini
2015-01-22 16:34 - 2015-01-22 16:34 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
2015-06-03 11:35 - 2014-04-30 10:53 - 000019535 _____ () C:\ProgramData\empty.ico
2015-11-21 00:45 - 2015-11-21 00:45 - 000000097 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-09-28 13:20
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 Sharke

Sharke
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:54 PM

Posted 04 October 2017 - 11:27 AM

Each time I boot up my computer I receive a RegSvr32 error (see attachment of screen shot). I was advised to run FRST, and supply the FRST log, which is below.

 

Thank you for all your help!!!!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-10-2017 01
Ran by Diamond (administrator) on ACER (04-10-2017 11:41:58)
Running from C:\Users\Diamond\Downloads
Loaded Profiles: Diamond (Available Profiles: Diamond & Administrator)
Platform: Windows 8.1 Connected (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(Intel® Corporation) C:\Program Files\Intel\BCA\pabeSvc64.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
() C:\Windows\runSW.exe
(Realtek) C:\Windows\SwUSB.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsserv.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe
(Bitdefender) C:\Program Files\Bitdefender Antivirus Free\bdagent.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Stardock Corporation) C:\Program Files (x86)\Stardock\CursorFX\CursorFX.exe
() C:\Program Files\Rainlendar2\Rainlendar2.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
() C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Matrix Software) C:\Program Files (x86)\MatrixSoftware\FooBar\FooBar.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18381792 2017-08-10] (Realtek Semiconductor)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163776 2017-08-12] (IvoSoft)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [3191728 2017-06-09] (Dominik Reichl)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [133760 2013-12-24] (Qualcomm®Atheros®)
HKLM\...\Policies\Explorer: [NoRecentDocsNetHood] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig]  <==== ATTENTION
HKU\S-1-5-21-464718250-148747909-944752478-1001\...\Run: [CursorFX] => C:\Program Files (x86)\Stardock\CursorFX\CursorFX.exe [624296 2015-03-16] (Stardock Corporation)
HKU\S-1-5-21-464718250-148747909-944752478-1001\...\Run: [Rainlendar2] => C:\Program Files\Rainlendar2\Rainlendar2.exe [3097640 2015-11-13] ()
HKU\S-1-5-21-464718250-148747909-944752478-1001\...\Run: [Ufxgmedia] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Diamond\AppData\Local\YkvbPack\lmdqavmx.dll <==== ATTENTION
HKU\S-1-5-21-464718250-148747909-944752478-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421224 2017-08-29] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-464718250-148747909-944752478-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [479744 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-21-464718250-148747909-944752478-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-464718250-148747909-944752478-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-464718250-148747909-944752478-1001\...\Policies\Explorer: [NoPreviewPane] 0
HKU\S-1-5-21-464718250-148747909-944752478-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-464718250-148747909-944752478-1001\...\Policies\Explorer: [HideSCANetwork] 0
HKU\S-1-5-21-464718250-148747909-944752478-1001\...\Policies\Explorer: [HideSCAVolume] 0
HKU\S-1-5-21-464718250-148747909-944752478-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-464718250-148747909-944752478-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-464718250-148747909-944752478-1001\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-464718250-148747909-944752478-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-464718250-148747909-944752478-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [132608 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
HKU\S-1-5-18\...\Run: [] => [X]
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421224 2017-08-29] (Garmin Ltd. or its subsidiaries)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2016-06-18]
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
Startup: C:\Users\Diamond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FooBar 1.0.LNK [2015-05-17]
ShortcutTarget: FooBar 1.0.LNK -> C:\Program Files (x86)\MatrixSoftware\FooBar\FooBar.exe (Matrix Software)
GroupPolicy: Restriction - Chrome <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{22EA1D62-211C-4E77-AE71-5243CA943D77}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{C354796D-7339-4872-A4DC-40505937E38E}: [DhcpNameServer] 192.0.2.3
Tcpip\..\Interfaces\{EB3FA720-3133-4200-89AE-96608AA9F41A}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-464718250-148747909-944752478-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.ca/?gws_rd=ssl
HKU\S-1-5-21-464718250-148747909-944752478-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-464718250-148747909-944752478-1001 -> DefaultScope {9253AF4F-3662-41D5-88E3-2BB865A8E656} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-464718250-148747909-944752478-1001 -> {9253AF4F-3662-41D5-88E3-2BB865A8E656} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2017-05-22] (IObit)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-12] (IvoSoft)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-07-27] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-07-27] (Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2017-08-12] (IvoSoft)
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-07-15] (Intel Security)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-12] (IvoSoft)
BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\ProgramData\Wondershare\Video Converter Ultimate\WSBrowserAppMgr.dll [2015-12-28] (Wondershare)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2017-08-12] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-12] (IvoSoft)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-07-15] (Intel Security)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2017-08-12] (IvoSoft)
Handler: WSIEChrome - No CLSID Value
Handler: WSWSVCUchrome - No CLSID Value
 
FireFox:
========
FF ProfilePath: C:\Users\Diamond\AppData\Roaming\Mozilla\Firefox\Profiles\dnvnlqvf.default-1491016581261 [2017-10-03]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\dnvnlqvf.default-1491016581261 -> Google
FF Homepage: Mozilla\Firefox\Profiles\dnvnlqvf.default-1491016581261 -> hxxps://www.google.ca/?gws_rd=ssl
FF Extension: (Activity Stream) - C:\Program Files\Mozilla Firefox\browser\features\activity-stream@mozilla.org.xpi [2017-09-26] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com
FF Extension: (Wondershare Video Converter Ultimate) - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com [2015-12-31] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [Player@Wondershare.com] - C:\ProgramData\Wondershare\Player\Player@Wondershare.com
FF Extension: (Wondershare Player) - C:\ProgramData\Wondershare\Player\Player@Wondershare.com [2016-01-02] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}] - C:\Program Files (x86)\Wondershare\VideoConverterFree\SVRFirefoxExt
FF Extension: (Wondershare Video Converter Ultimate) - C:\Program Files (x86)\Wondershare\VideoConverterFree\SVRFirefoxExt [2015-12-18] [not signed]
FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-07-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-07-27] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-08-22] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-08-22] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-08-22] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-08-22] (Foxit Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-09-23] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-09-23] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.ca/
CHR StartupUrls: Default -> "hxxp://google.ca/"
CHR Profile: C:\Users\Diamond\AppData\Local\Google\Chrome\User Data\Default [2017-10-04]
CHR Extension: (Google Slides) - C:\Users\Diamond\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-09-23]
CHR Extension: (Google Docs) - C:\Users\Diamond\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-09-23]
CHR Extension: (Google Drive) - C:\Users\Diamond\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-23]
CHR Extension: (YouTube) - C:\Users\Diamond\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-23]
CHR Extension: (Google Sheets) - C:\Users\Diamond\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-09-23]
CHR Extension: (Google Docs Offline) - C:\Users\Diamond\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-09-23]
CHR Extension: (Total AV Web Shield) - C:\Users\Diamond\AppData\Local\Google\Chrome\User Data\Default\Extensions\looohgelibjoplmkhecmalapkgadkfcc [2017-10-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Diamond\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-23]
CHR Extension: (Gmail) - C:\Users\Diamond\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-23]
CHR Extension: (Chrome Media Router) - C:\Users\Diamond\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-23]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [looohgelibjoplmkhecmalapkgadkfcc] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [looohgelibjoplmkhecmalapkgadkfcc] - hxxps://clients2.google.com/service/update2/crx
 
Opera: 
=======
OPR StartupUrls: "hxxp://google.ca/"
OPR Extension: (Bookmarks Import & Export) - C:\Users\Diamond\AppData\Roaming\Opera Software\Opera Stable\Extensions\omhcddilnfoiiplehpjihipcocdplljn [2017-09-28]
StartMenuInternet: (HKLM) OperaStable - C:\Program Files\Opera\Launcher.exe
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-09-28] (ArcSoft Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [318592 2013-12-24] (Windows ® Win 7 DDK provider) [File not signed]
S3 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2860760 2015-11-04] (Acer Incorporated)
R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659456 2017-08-25] (Foxit Software Inc.)
S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1102864 2017-08-29] (Garmin Ltd. or its subsidiaries)
R2 IntelBCAsvc; C:\Program Files\Intel\BCA\pabeSvc64.exe [3026584 2016-05-06] (Intel® Corporation)
R2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [206112 2017-06-14] (IObit)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1269824 2017-06-21] (Bitdefender)
R2 RunSwUSB; C:\Windows\runSW.exe [48856 2013-10-18] ()
S2 Soda PDF 8 Manager; C:\ProgramData\LULU Software\Soda PDF 8 Manager\Soda PDF 8\Soda Manager.exe [887800 2016-04-19] (LULU Software Limited)
R2 updatesrv; C:\Program Files\Bitdefender Antivirus Free\updatesrv.exe [100392 2017-09-27] (Bitdefender)
R2 vsserv; C:\Program Files\Bitdefender Antivirus Free\vsserv.exe [100392 2017-09-27] (Bitdefender)
R2 vsservppl; C:\Program Files\Bitdefender Antivirus Free\vsservppl.exe [100392 2017-09-27] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation)
S2 WiseBootAssistant; C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe [580144 2015-08-06] (WiseCleaner.com) [File not signed]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17640 2013-10-23] (Advanced Micro Devices, INC.)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)
S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [95080 2017-06-12] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-13] (Advanced Micro Devices, Inc.)
R1 amdpsp; C:\Windows\system32\DRIVERS\amdpsp.sys [239976 2017-06-12] (Advanced Micro Devices, Inc. )
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138664 2014-04-24] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [138664 2014-04-24] (SlySoft, Inc.)
R0 atc; C:\Windows\System32\DRIVERS\atc.sys [950160 2017-06-07] (BitDefender S.R.L. Bucharest, ROMANIA)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [4307192 2016-11-01] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [118848 2017-06-25] (Advanced Micro Devices)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1763744 2017-09-27] (BitDefender)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23672 2016-03-14] (Bitdefender)
R1 bdfwfpf; C:\Program Files\Bitdefender Antivirus Free\bdfwfpf.sys [127312 2016-02-22] (BitDefender LLC)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-12-24] (Qualcomm Atheros)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 edrsensor; C:\Windows\System32\DRIVERS\edrsensor.sys [250504 2017-10-03] (BitDefender S.R.L. Bucharest, ROMANIA)
R2 ei2c; C:\Windows\system32\drivers\ei2c.sys [20784 2017-08-03] (Nicomsoft Ltd.)
R0 gzflt; C:\Windows\System32\drivers\gzflt.sys [187688 2017-05-11] (BitDefender LLC)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-08-14] (REALiX™)
R3 IUFileFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUFileFilter.sys [21928 2017-06-06] (IObit.com)
R3 IURegProcessFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IURegProcessFilter.sys [27048 2017-06-13] (IObit.com)
R2 mi2c; C:\Windows\system32\drivers\mi2c.sys [20784 2017-05-01] (Nicomsoft Ltd.)
R3 RtlWlanu; C:\Windows\system32\DRIVERS\rtwlanu.sys [3860224 2015-08-05] (Realtek Semiconductor Corporation )
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [420832 2017-08-07] (Realsil Semiconductor Corporation)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R2 trufos; C:\Windows\System32\drivers\trufos.sys [520032 2016-06-22] (BitDefender S.R.L.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Corporation)
R3 WirelessKeyboardFilter; C:\Windows\System32\drivers\WirelessKeyboardFilter.sys [49896 2016-07-22] (Microsoft Corporation)
R2 WiseFs; C:\Windows\WiseFs64.sys [66128 2017-09-19] (WiseCleaner.com)
S3 WiseHDInfo; C:\Windows\WiseHDInfo64.dll [14800 2015-08-11] (wisecleaner.com) [File not signed]
S3 NPF; system32\drivers\NPF.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-10-04 11:41 - 2017-10-04 11:43 - 000021810 _____ C:\Users\Diamond\Downloads\FRST.txt
2017-10-04 11:41 - 2017-10-04 11:41 - 000000000 ____D C:\FRST
2017-10-04 11:39 - 2017-10-04 11:39 - 002399744 _____ (Farbar) C:\Users\Diamond\Downloads\FRST64.exe
2017-10-03 13:07 - 2017-10-03 13:07 - 000001153 _____ C:\Users\Diamond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitdefender Antivirus Free.lnk
2017-10-03 12:57 - 2017-10-03 12:57 - 000560575 _____ C:\Users\Diamond\AppData\Local\census.cache
2017-10-03 12:56 - 2017-10-03 12:56 - 000850773 _____ C:\Users\Diamond\AppData\Local\ars.cache
2017-10-03 12:37 - 2017-10-03 12:37 - 000000010 _____ C:\Users\Diamond\AppData\Local\sponge.last.runtime.cache
2017-10-03 12:27 - 2017-10-03 12:27 - 000000000 ____D C:\Users\Diamond\AppData\Local\Trend Micro
2017-10-03 12:26 - 2017-10-03 12:26 - 000000000 ____D C:\Windows\Trend Micro
2017-10-03 12:26 - 2017-10-03 12:26 - 000000000 ____D C:\ProgramData\Trend Micro
2017-10-03 12:23 - 2017-10-03 12:23 - 000000036 _____ C:\Users\Diamond\AppData\Local\housecall.guid.cache
2017-10-03 12:23 - 2015-05-29 03:43 - 000307352 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2017-10-03 09:05 - 2017-10-03 09:05 - 000250504 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\Windows\system32\Drivers\edrsensor.sys
2017-10-02 23:16 - 2017-10-02 23:16 - 000003820 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1506621650
2017-10-01 08:51 - 2017-10-02 23:16 - 000000000 ____D C:\PatchMyPCUpdates
2017-09-30 01:03 - 2017-10-03 13:02 - 000000000 ____D C:\ProgramData\ProductData
2017-09-29 23:15 - 2017-09-29 23:15 - 000000000 ____D C:\Users\Diamond\AppData\Local\ESET
2017-09-29 23:03 - 2017-10-04 08:32 - 000003648 _____ C:\Windows\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2017-09-28 18:52 - 2017-09-28 18:52 - 005375402 _____ C:\Users\Diamond\Downloads\csa_travellers_checklist_en.pdf
2017-09-28 14:00 - 2017-10-02 23:16 - 000000000 ____D C:\Program Files\Opera
2017-09-28 13:05 - 2017-09-28 13:05 - 000373592 _____ C:\Windows\system32\FNTCACHE.DAT
2017-09-27 12:46 - 2017-09-27 12:46 - 001763744 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2017-09-27 12:14 - 2017-09-27 12:14 - 000000000 ____D C:\ProgramData\Bitdefender
2017-09-27 12:14 - 2017-06-07 05:04 - 000950160 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\Windows\system32\Drivers\atc.sys
2017-09-27 12:14 - 2016-03-14 22:04 - 000023672 _____ (Bitdefender) C:\Windows\system32\Drivers\bdelam.sys
2017-09-27 12:11 - 2017-09-27 12:11 - 000000000 ____D C:\Users\Diamond\AppData\Roaming\QuickScan
2017-09-27 11:34 - 2017-10-04 11:33 - 000000000 ____D C:\Program Files\Bitdefender Antivirus Free
2017-09-27 11:32 - 2017-10-04 11:33 - 000000000 ____D C:\Program Files\Bitdefender Agent
2017-09-27 11:32 - 2017-09-27 11:32 - 000050068 _____ C:\ProgramData\agent.1506526327.bdinstall.bin
2017-09-27 11:32 - 2017-09-27 11:32 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2017-09-27 10:53 - 2017-10-03 13:04 - 000000000 ____D C:\Program Files\Malwarebytes
2017-09-27 10:06 - 2017-09-27 10:14 - 000000000 ____D C:\Users\Diamond\AppData\Roaming\.jocala
2017-09-27 10:06 - 2017-09-27 10:06 - 000000000 ____D C:\adbLink
2017-09-26 19:45 - 2017-09-26 19:45 - 000000223 _____ C:\Users\Diamond\Documents\friend quotes.txt
2017-09-26 09:19 - 2017-09-26 09:19 - 000000000 ____D C:\Windows\LastGood.Tmp
2017-09-26 09:17 - 2017-09-26 09:17 - 000993264 _____ (Realtek ) C:\Windows\system32\Drivers\Rt630x64.sys
2017-09-26 09:17 - 2017-09-26 09:17 - 000131568 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2017-09-23 08:53 - 2017-09-24 09:38 - 000003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-09-23 08:53 - 2017-09-24 09:38 - 000003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-09-23 08:52 - 2017-09-23 08:52 - 000191720 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgstm.sys.150617117743703
2017-09-23 08:34 - 2017-09-23 08:34 - 000191720 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgstm.sys.150617008167103
2017-09-22 23:33 - 2017-09-22 23:33 - 000000000 ____D C:\Users\Diamond\AppData\Roaming\DVDFab10
2017-09-22 23:31 - 2017-09-22 23:31 - 000000000 ____D C:\Users\Diamond\AppData\Roaming\112
2017-09-22 22:32 - 2017-09-22 22:33 - 019783876 _____ C:\Users\Diamond\Downloads\Nikon P900 Coolpix Manual.pdf
2017-09-21 23:27 - 2017-09-21 23:27 - 000000000 ____D C:\Users\Public\Documents\AKVIS
2017-09-21 11:29 - 2017-09-21 11:31 - 000004558 _____ C:\Users\Diamond\Documents\email to Stephen.txt
2017-09-19 15:10 - 2017-08-13 15:48 - 000202592 _____ (Microsoft Corporation) C:\Windows\system32\basecsp.dll
2017-09-19 15:10 - 2017-08-13 13:52 - 000174944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\basecsp.dll
2017-09-19 15:10 - 2017-08-13 13:10 - 000277504 _____ (Microsoft Corporation) C:\Windows\system32\scksp.dll
2017-09-19 15:10 - 2017-08-13 12:33 - 000252416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scksp.dll
2017-09-19 15:10 - 2017-08-10 22:54 - 000445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-09-19 15:10 - 2017-08-10 22:22 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-09-19 15:10 - 2017-08-10 22:20 - 001436672 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-09-19 15:10 - 2017-08-10 22:16 - 000275968 _____ (Microsoft Corporation) C:\Windows\system32\authz.dll
2017-09-19 15:10 - 2017-08-10 21:57 - 000180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authz.dll
2017-09-19 15:10 - 2017-08-06 17:50 - 001080320 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2017-09-19 15:10 - 2017-08-06 17:20 - 000542720 _____ (Microsoft Corporation) C:\Windows\system32\rasmans.dll
2017-09-19 15:10 - 2017-08-06 17:13 - 000713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2017-09-19 15:10 - 2017-08-06 03:08 - 000561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2017-09-19 15:10 - 2017-08-01 22:19 - 000358912 _____ (Microsoft Corporation) C:\Windows\system32\Wldap32.dll
2017-09-19 15:10 - 2017-08-01 04:25 - 000324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2017-09-18 08:48 - 2017-09-18 08:48 - 000021712 _____ (Phoenix Technologies) C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
2017-09-17 23:22 - 2017-09-17 23:23 - 000000000 ____D C:\Users\Diamond\Documents\Debrid Info
2017-09-17 23:22 - 2017-09-17 23:22 - 000000000 ____D C:\Users\Diamond\Documents\Receipts
2017-09-15 09:25 - 2017-09-27 11:22 - 000003168 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-464718250-148747909-944752478-1001
2017-09-14 19:38 - 2017-10-03 12:40 - 000000269 _____ C:\Users\Diamond\Desktop\to do list.txt
2017-09-14 12:34 - 2017-09-01 19:54 - 000835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-09-14 12:34 - 2017-09-01 19:54 - 000177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-09-14 12:33 - 2017-08-19 13:27 - 000237568 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2017-09-14 12:33 - 2017-08-19 12:48 - 000215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2017-09-14 12:33 - 2017-08-17 18:07 - 000537200 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2017-09-14 12:33 - 2017-08-17 18:07 - 000140016 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2017-09-14 12:33 - 2017-08-17 18:03 - 000450392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2017-09-14 12:33 - 2017-08-17 18:03 - 000136832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2017-09-14 12:33 - 2017-08-15 10:06 - 015260160 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-09-14 12:33 - 2017-08-15 10:01 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-09-14 12:33 - 2017-08-15 10:01 - 000128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2017-09-14 12:33 - 2017-08-15 10:01 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-09-14 12:33 - 2017-08-15 09:58 - 013673984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-09-14 12:33 - 2017-08-13 14:58 - 025730560 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-09-14 12:33 - 2017-08-13 13:19 - 000040960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nsiproxy.sys
2017-09-14 12:33 - 2017-08-13 13:05 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-09-14 12:33 - 2017-08-13 13:04 - 002899968 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-09-14 12:33 - 2017-08-13 12:54 - 020269056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-09-14 12:33 - 2017-08-13 12:51 - 005981696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-09-14 12:33 - 2017-08-13 12:50 - 000817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-09-14 12:33 - 2017-08-13 12:29 - 000499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-09-14 12:33 - 2017-08-13 12:28 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-09-14 12:33 - 2017-08-13 12:24 - 002291200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-09-14 12:33 - 2017-08-13 12:23 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-09-14 12:33 - 2017-08-13 12:21 - 000145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2017-09-14 12:33 - 2017-08-13 12:20 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-09-14 12:33 - 2017-08-13 12:17 - 000663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-09-14 12:33 - 2017-08-13 12:15 - 007078912 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2017-09-14 12:33 - 2017-08-13 12:14 - 001033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-09-14 12:33 - 2017-08-13 12:07 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-09-14 12:33 - 2017-08-13 12:05 - 000380416 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-09-14 12:33 - 2017-08-13 12:04 - 000807936 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-09-14 12:33 - 2017-08-13 12:04 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-09-14 12:33 - 2017-08-13 12:01 - 002134528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-09-14 12:33 - 2017-08-13 11:52 - 005274624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2017-09-14 12:33 - 2017-08-13 11:52 - 000486912 _____ (Microsoft Corporation) C:\Windows\system32\tpmvsc.dll
2017-09-14 12:33 - 2017-08-13 11:51 - 000880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-09-14 12:33 - 2017-08-13 11:48 - 004547072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-09-14 12:33 - 2017-08-13 11:46 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-09-14 12:33 - 2017-08-13 11:44 - 000694784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-09-14 12:33 - 2017-08-13 11:44 - 000331776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-09-14 12:33 - 2017-08-13 11:43 - 002058752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-09-14 12:33 - 2017-08-13 11:40 - 003241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-09-14 12:33 - 2017-08-13 11:27 - 001544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-09-14 12:33 - 2017-08-13 11:25 - 007797248 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2017-09-14 12:33 - 2017-08-13 11:18 - 005270016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2017-09-14 12:33 - 2017-08-13 11:18 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-09-14 12:33 - 2017-08-13 11:17 - 002767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-09-14 12:33 - 2017-08-13 11:14 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-09-14 12:33 - 2017-08-13 11:13 - 001314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-09-14 12:33 - 2017-08-12 05:30 - 022361344 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-09-14 12:33 - 2017-08-12 05:26 - 019789736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-09-14 12:33 - 2017-08-11 20:39 - 001364552 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-09-14 12:33 - 2017-08-11 19:59 - 007440728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-09-14 12:33 - 2017-08-11 19:58 - 001737600 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-09-14 12:33 - 2017-08-11 19:58 - 001502000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-09-14 12:33 - 2017-08-11 16:46 - 000367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCPTpm12.dll
2017-09-14 12:33 - 2017-08-11 16:29 - 000425984 _____ (Microsoft Corporation) C:\Windows\system32\PCPTpm12.dll
2017-09-14 12:33 - 2017-08-11 16:13 - 000175616 _____ (Microsoft Corporation) C:\Windows\system32\TpmTasks.dll
2017-09-14 12:33 - 2017-08-10 23:30 - 004170240 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-09-14 12:33 - 2017-08-10 23:27 - 000281600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2017-09-14 12:33 - 2017-08-10 23:27 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-09-14 12:33 - 2017-08-10 22:38 - 000477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2017-09-14 12:33 - 2017-08-10 22:08 - 001753600 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2017-09-14 12:33 - 2017-08-10 22:08 - 000329216 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2017-09-14 12:33 - 2017-08-10 22:02 - 001084928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-09-14 12:33 - 2017-08-10 21:52 - 001491456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2017-09-14 12:33 - 2017-08-10 21:49 - 000346624 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2017-09-14 12:33 - 2017-08-10 21:44 - 001095680 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2017-09-14 12:33 - 2017-08-10 21:43 - 000865792 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-09-14 12:33 - 2017-08-10 21:41 - 000307200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2017-09-14 12:33 - 2017-08-06 17:20 - 000607232 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2017-09-14 12:33 - 2017-08-06 03:13 - 000530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2017-09-14 10:57 - 2017-09-14 10:57 - 000139112 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmonflt.sys.150540102906205
2017-09-14 10:56 - 2017-09-14 10:55 - 000139112 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmonflt.sys.150540102446801
2017-09-14 10:56 - 2017-09-14 10:54 - 001008288 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgsnx.sys.150540102906205
2017-09-14 10:22 - 2017-09-14 10:22 - 000000000 ____D C:\Users\Diamond\AppData\Local\ElevatedDiagnostics
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-10-04 11:41 - 2015-05-16 22:35 - 000000000 ____D C:\Users\Diamond\AppData\Local\ClassicShell
2017-10-04 11:35 - 2015-05-16 21:41 - 000000000 ____D C:\Users\Diamond\Documents\Kijiji Info
2017-10-04 11:34 - 2014-03-18 05:47 - 000865068 _____ C:\Windows\system32\PerfStringBackup.INI
2017-10-04 11:34 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\Inf
2017-10-04 10:11 - 2015-05-16 21:41 - 000000000 ____D C:\Users\Diamond\Documents\Word Documents
2017-10-04 10:07 - 2015-05-16 21:41 - 000000000 ____D C:\Users\Diamond\Documents\Text Files
2017-10-04 10:04 - 2015-08-27 10:47 - 000000000 ____D C:\Users\Diamond\Documents\KeyPass Backup
2017-10-04 10:04 - 2015-05-17 11:00 - 000000000 ____D C:\Users\Diamond\AppData\Roaming\KeePass
2017-10-04 10:03 - 2017-04-25 23:19 - 000000000 ____D C:\Users\Diamond\Documents\Passwords
2017-10-04 09:57 - 2015-05-16 21:41 - 000000000 ____D C:\Users\Diamond\Documents\Movie Backups
2017-10-04 09:52 - 2015-05-22 22:37 - 000000000 ____D C:\Users\Diamond\.rainlendar2
2017-10-04 09:34 - 2013-08-22 09:25 - 000262144 ___SH C:\Windows\system32\config\ELAM
2017-10-04 08:39 - 2015-05-16 18:42 - 000003774 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{C2A4B8D2-FA3C-482A-9BD0-135EFD3A41F6}
2017-10-04 08:29 - 2013-08-22 10:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-10-03 23:36 - 2015-01-22 16:31 - 000065536 _____ C:\Windows\system32\spu_storage.bin
2017-10-03 20:01 - 2015-05-16 18:40 - 000003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-464718250-148747909-944752478-1001
2017-10-03 19:45 - 2017-08-14 22:18 - 000000000 ____D C:\Program Files\Franzis
2017-10-03 19:45 - 2016-02-19 10:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2017-10-03 19:33 - 2016-11-16 00:12 - 000000000 ____D C:\Users\Diamond\AppData\LocalLow\Mozilla
2017-10-03 13:03 - 2015-05-31 09:38 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-10-01 09:33 - 2016-02-20 10:58 - 000000000 ____D C:\AdwCleaner
2017-10-01 09:25 - 2015-05-16 18:43 - 000000000 ____D C:\Users\Diamond\AppData\Local\CrashDumps
2017-09-30 23:51 - 2013-08-22 09:25 - 000262144 ___SH C:\Windows\system32\config\BBI
2017-09-30 09:27 - 2017-03-31 16:09 - 000000000 ____D C:\Patch My PC (Updates)
2017-09-29 17:16 - 2016-04-14 19:43 - 000000000 ____D C:\Users\Diamond\AppData\Roaming\Wise Care 365
2017-09-29 16:31 - 2016-10-27 17:12 - 000000282 _____ C:\Users\Diamond\AppData\Roaming\FotoSketcher.ini
2017-09-28 18:52 - 2017-01-01 17:05 - 000000000 ____D C:\Users\Diamond\AppData\Local\Foxit Reader
2017-09-28 17:54 - 2015-05-16 22:33 - 000000000 ____D C:\ProgramData\ClassicShell
2017-09-28 17:54 - 2015-05-16 22:30 - 000000000 ____D C:\Users\Diamond\AppData\LocalLow\IObit
2017-09-28 17:48 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\registration
2017-09-28 17:43 - 2015-05-16 18:34 - 000000000 ____D C:\Users\Diamond
2017-09-28 14:01 - 2015-06-21 23:02 - 000000000 ____D C:\Users\Diamond\AppData\Roaming\Opera Software
2017-09-28 14:01 - 2015-06-21 23:02 - 000000000 ____D C:\Users\Diamond\AppData\Local\Opera Software
2017-09-28 12:59 - 2015-11-05 18:04 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-09-28 10:41 - 2013-08-22 11:20 - 000000000 ____D C:\Windows\CbsTemp
2017-09-28 08:46 - 2017-05-06 09:54 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-09-27 11:28 - 2017-06-29 23:59 - 000000000 ____D C:\ProgramData\Avg
2017-09-27 11:28 - 2015-06-02 08:51 - 000000000 ____D C:\Users\Diamond\AppData\Local\Avg
2017-09-27 11:26 - 2017-06-29 23:59 - 000000000 ____D C:\Users\Diamond\AppData\Local\AvgSetupLog
2017-09-27 11:22 - 2017-08-31 09:38 - 000003554 _____ C:\Windows\System32\Tasks\GarminUpdaterTask
2017-09-27 11:22 - 2017-08-08 19:34 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-09-27 11:22 - 2016-12-13 17:42 - 000004422 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-09-27 11:22 - 2015-01-22 15:46 - 000002890 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-464718250-148747909-944752478-500
2017-09-27 11:05 - 2016-12-22 19:26 - 000000000 ____D C:\Users\Diamond\AppData\Local\001b5
2017-09-26 14:30 - 2015-05-17 11:57 - 000000000 ____D C:\Users\Diamond\AppData\Roaming\Mp3tag
2017-09-26 09:49 - 2015-05-18 13:10 - 000000000 ____D C:\Users\Diamond\AppData\Roaming\HpUpdate
2017-09-26 09:49 - 2015-01-22 16:48 - 000000000 ____D C:\ProgramData\Temp
2017-09-26 09:09 - 2015-12-18 10:24 - 000000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2017-09-24 09:39 - 2016-12-13 17:42 - 000004288 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-09-24 09:39 - 2015-07-27 12:40 - 000003352 _____ C:\Windows\System32\Tasks\BacKGroundAgent
2017-09-24 09:39 - 2015-05-16 22:28 - 000001726 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-09-24 09:30 - 2016-08-04 09:57 - 000003704 _____ C:\Windows\System32\Tasks\Java Platform SE Auto Updater
2017-09-23 12:40 - 2015-05-16 18:35 - 000000000 ____D C:\Users\Diamond\AppData\Local\VirtualStore
2017-09-23 10:44 - 2017-06-13 08:30 - 000000000 ____D C:\Users\Diamond\AppData\Local\Google
2017-09-23 09:16 - 2016-08-10 22:35 - 000000000 ____D C:\Users\Diamond\AppData\Roaming\Raptr
2017-09-23 08:54 - 2015-06-09 09:57 - 000000000 ____D C:\Program Files (x86)\Google
2017-09-22 23:21 - 2015-05-16 21:41 - 000000000 ____D C:\Users\Diamond\Documents\PDF Documents
2017-09-22 23:20 - 2015-05-16 21:41 - 000000000 ____D C:\Users\Diamond\Documents\Excel
2017-09-21 23:39 - 2015-05-17 11:08 - 000000000 ____D C:\Program Files (x86)\FastStone Image Viewer
2017-09-21 23:23 - 2015-05-17 11:38 - 000000000 ____D C:\Users\Diamond\AppData\Local\Downloaded Installations
2017-09-20 09:29 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\rescache
2017-09-19 20:09 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\AppReadiness
2017-09-19 16:30 - 2017-05-23 18:47 - 000000142 ___SH C:\Windows\wisefs.dat
2017-09-19 16:30 - 2015-09-01 19:38 - 000066128 _____ (WiseCleaner.com) C:\Windows\WiseFs64.sys
2017-09-14 12:49 - 2013-08-22 11:36 - 000000000 ___RD C:\Windows\ToastData
2017-09-14 12:48 - 2015-05-17 00:02 - 000000000 ____D C:\Windows\system32\MRT
2017-09-14 12:42 - 2015-05-17 00:02 - 138202976 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-09-14 10:59 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2017-09-14 10:59 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\system32\Macromed
2017-09-14 10:47 - 2017-05-23 18:47 - 000000000 ____D C:\Users\Diamond\AppData\Roaming\Wise Folder Hider
2017-09-14 10:47 - 2015-10-15 12:08 - 000000000 ____D C:\Users\Administrator
2017-09-14 10:47 - 2015-05-20 19:28 - 000000000 ____D C:\ProgramData\Wondershare Player
2017-09-14 10:47 - 2015-05-17 10:36 - 000000000 ____D C:\Users\Diamond\AppData\Roaming\Winamp
2017-09-14 10:47 - 2015-05-16 22:28 - 000000000 ____D C:\Users\Diamond\AppData\Roaming\IObit
2017-09-14 10:47 - 2015-05-16 22:28 - 000000000 ____D C:\ProgramData\IObit
2017-09-14 10:47 - 2015-05-16 22:28 - 000000000 ____D C:\Program Files\CCleaner
2017-09-14 10:47 - 2015-05-16 22:28 - 000000000 ____D C:\Program Files (x86)\IObit
2017-09-14 10:47 - 2013-08-22 11:36 - 000000000 __RSD C:\Windows\Media
2017-09-14 10:47 - 2013-08-22 11:36 - 000000000 ____D C:\Windows\PolicyDefinitions
2017-09-14 10:47 - 2013-08-22 11:36 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-09-14 10:47 - 2013-08-22 09:36 - 000000000 ____D C:\Windows\system32\Sysprep
2017-09-14 10:45 - 2013-08-22 11:36 - 000000000 ___HD C:\Program Files\WindowsApps
2017-09-07 18:12 - 2015-05-17 11:38 - 000000000 ____D C:\MOO40S
2017-09-07 18:11 - 2016-12-25 13:30 - 000000000 ____D C:\Users\Diamond\Documents\Breakers List
2017-09-05 11:35 - 2015-05-17 11:56 - 000000000 ____D C:\Program Files (x86)\Mp3tag
 
==================== Files in the root of some directories =======
 
2017-05-06 09:52 - 2017-05-06 09:52 - 000000045 _____ () C:\Users\Diamond\AppData\Roaming\2xdsoft_scp.settings
2016-10-27 17:12 - 2017-09-29 16:31 - 000000282 _____ () C:\Users\Diamond\AppData\Roaming\FotoSketcher.ini
2016-02-11 10:28 - 2016-03-07 20:57 - 000000353 _____ () C:\Users\Diamond\AppData\Roaming\imagetuner.ini
2015-05-17 12:29 - 2015-05-17 12:29 - 000007859 _____ () C:\Users\Diamond\AppData\Roaming\pcouffin.cat
2015-05-17 12:29 - 2015-05-17 12:29 - 000001167 _____ () C:\Users\Diamond\AppData\Roaming\pcouffin.inf
2015-05-17 12:30 - 2015-05-17 12:30 - 000000034 _____ () C:\Users\Diamond\AppData\Roaming\pcouffin.log
2015-08-22 08:24 - 2016-03-22 14:51 - 000000400 _____ () C:\Users\Diamond\AppData\Roaming\PDFShaper.ini
2017-10-03 12:56 - 2017-10-03 12:56 - 000850773 _____ () C:\Users\Diamond\AppData\Local\ars.cache
2017-10-03 12:57 - 2017-10-03 12:57 - 000560575 _____ () C:\Users\Diamond\AppData\Local\census.cache
2015-09-25 08:45 - 2016-02-15 00:05 - 000000058 _____ () C:\Users\Diamond\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2017-10-03 12:23 - 2017-10-03 12:23 - 000000036 _____ () C:\Users\Diamond\AppData\Local\housecall.guid.cache
2015-10-20 10:03 - 2015-10-20 10:04 - 000131072 _____ () C:\Users\Diamond\AppData\Local\jpegsaver.db
2015-10-20 10:03 - 2015-10-20 10:04 - 000032768 _____ () C:\Users\Diamond\AppData\Local\jpegsaver.db-shm
2015-10-20 10:03 - 2015-10-20 10:04 - 006060552 _____ () C:\Users\Diamond\AppData\Local\jpegsaver.db-wal
2015-08-22 08:24 - 2016-02-02 11:53 - 000000024 _____ () C:\Users\Diamond\AppData\Local\pdfshaper.ini
2016-12-08 23:37 - 2016-12-08 23:37 - 000000017 _____ () C:\Users\Diamond\AppData\Local\resmon.resmoncfg
2017-10-03 12:37 - 2017-10-03 12:37 - 000000010 _____ () C:\Users\Diamond\AppData\Local\sponge.last.runtime.cache
2017-06-18 11:03 - 2017-06-18 11:03 - 000000552 _____ () C:\Users\Diamond\AppData\Local\TroubleshooterConfig.json
2015-05-17 11:16 - 2015-05-17 11:16 - 000000040 ___SH () C:\ProgramData\.zreglib
2017-09-27 11:32 - 2017-09-27 11:32 - 000050068 _____ () C:\ProgramData\agent.1506526327.bdinstall.bin
2015-05-18 13:10 - 2015-05-18 13:10 - 000000057 _____ () C:\ProgramData\Ament.ini
2015-01-22 16:34 - 2015-01-22 16:34 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
2015-06-03 11:35 - 2014-04-30 10:53 - 000019535 _____ () C:\ProgramData\empty.ico
2015-11-21 00:45 - 2015-11-21 00:45 - 000000097 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-09-28 13:20
 
==================== End of FRST.txt ============================

Attached Files



#3 Jo*

Jo*

  • Malware Response Team
  • 3,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:54 AM

Posted 04 October 2017 - 11:29 AM

double post, closed!

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users