Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Had virus, wiped HD reinstalled windows, now a lack of memory


  • This topic is locked This topic is locked
9 replies to this topic

#1 ExpatChef_Matt

ExpatChef_Matt

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:14 PM

Posted 19 November 2017 - 11:03 PM

Hi

 

Last week I downloaded something that apparently had a virus in it.. Somehow I clicked the wrong thing in HP Recovery and ended up wiping the HD and doing a clean install of Windows 8.1.  I upgraded to Windows 10 immediately, and reinstalled most of the apps and programmes I had before downloading the virus.

 

Windows Defender reports no more viruses, but everything seems sluggish, which I am surprised about given that this is a clean Windows install.  Even worse, all three web browsers - Firefox, Chrome, and Edge - fail to load pages due to a lack of memory, or completely crash and close.  I have no more (actually less) browser add-ons than previously, and I'm not doing anything different to what I was before but this computer doesn't seem like it's firing on all cylinders.

 

Help please! :(


Edited by ExpatChef_Matt, 19 November 2017 - 11:04 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:14 AM

Posted 24 November 2017 - 11:05 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> https://www.bleepingcomputer.com/logreply/663306 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 ExpatChef_Matt

ExpatChef_Matt
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:14 PM

Posted 25 November 2017 - 12:47 PM

1.  Firefox and Chrome keep failing to load webpages (or they crash halfway through reading), or the browsers crash and exit completely multiple times per day, following a re-install of Windows after downloading a virus.  Memory usage in taks manager by the browsers is high.  I've disabled as many addons and extensions as I can but it hasn't helped. (see original post). I've ran SUPERantiSpyware which deleted a bunch of cookies.

2.  Can't run FRST -  Windows 10, version 1709, build 16299.64.  64 bit system, 4gb ram

3.  No original Windows DVD.

 

Thanks


Edited by ExpatChef_Matt, 25 November 2017 - 09:21 PM.


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,044 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:14 PM

Posted 27 November 2017 - 09:59 AM

Greetings ExpatChef_Matt and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

What happens when you try to run FRST in Normal Boot with a fresh download?

If necessary, try to run FRST in Safe Mode.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 ExpatChef_Matt

ExpatChef_Matt
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:14 PM

Posted 27 November 2017 - 06:20 PM

Hi Gary, you can call me Matt or Matthew

 

FRST scan worked this time:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-11-2017
Ran by Matthew (administrator) on BEDROOM (27-11-2017 14:48:37)
Running from C:\Users\Matthew\Downloads
Loaded Profiles: Matthew (Available Profiles: Matthew)
Platform: Windows 10 Home Version 1709 16299.64 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
() C:\Program Files\NetDrive2\nd2svc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(BitTorrent, Inc.) C:\Program Files (x86)\uTorrent\uTorrent.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Bdrive Inc) C:\Program Files\NetDrive2\NetDrive2.exe
Failed to access process -> firefox.exe
(ExpanDrive, Inc.) C:\Program Files (x86)\ExpanDrive\ExpanDrive.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
(Bdrive Inc) C:\Program Files\NetDrive2\NetDrive2.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe
() C:\Program Files\NetDrive2\cefs.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDSurrogateHost.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(FileZilla Project) C:\Program Files\FileZilla FTP Client\filezilla.exe
(Microsoft) C:\Program Files (x86)\ccextractor.0.85\CCExtractorGUI.exe
() C:\Program Files\MKVToolNix\mmg.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(HP) C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
(ExpanDrive, Inc.) C:\Program Files (x86)\ExpanDrive\exfs\exfs.exe
(MediaArea.net) C:\Program Files\MediaInfo\MediaInfo.exe
(MediaArea.net) C:\Program Files\MediaInfo\MediaInfo.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ActionUriServer.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8513792 2015-08-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411328 2015-08-07] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [297784 2017-09-11] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67896 2017-09-01] (Apple Inc.)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2369240 2015-10-20] (Microsoft Corp.)
HKU\S-1-5-21-1109647009-3484820730-385925201-1001\...\Run: [uTorrent] => C:\Program Files (x86)\uTorrent\uTorrent.exe [399224 2017-10-17] (BitTorrent, Inc.)
HKU\S-1-5-21-1109647009-3484820730-385925201-1001\...\Run: [NetDrive2] => C:\Program Files\NetDrive2\NetDrive2.exe [17318528 2017-10-11] (Bdrive Inc)
HKU\S-1-5-21-1109647009-3484820730-385925201-1001\...\Run: [ExpanDrive] => C:\Program Files (x86)\ExpanDrive\ExpanDrive.exe [1887272 2017-06-20] (ExpanDrive, Inc.)
HKU\S-1-5-21-1109647009-3484820730-385925201-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7964576 2017-10-17] (SUPERAntiSpyware)
SSODL: EldosMountNotificator-cbfs5 - {7E45B186-46C3-47CD-A424-20EFB9764A8C} - C:\WINDOWS\system32\cbfsMntNtf5.dll (EldoS Corporation)
SSODL: EldosMountNotificator-cbfs6 - {4EF7082D-651E-4EA4-954C-240258FD7EC4} - C:\WINDOWS\system32\cbfsMntNtf6.dll (/n software, Inc.)
SSODL-x32: EldosMountNotificator-cbfs5 - {7E45B186-46C3-47CD-A424-20EFB9764A8C} - C:\WINDOWS\SysWOW64\cbfsMntNtf5.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator-cbfs6 - {4EF7082D-651E-4EA4-954C-240258FD7EC4} - C:\WINDOWS\SysWOW64\cbfsMntNtf6.dll (/n software, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{9D226235-954B-4701-B925-AE0D1F663564}: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{DFC8DA52-9687-49C6-BF58-ADA9168E7D9A}: [DhcpNameServer] 209.18.47.62 209.18.47.61

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK14/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK14/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1
HKU\S-1-5-21-1109647009-3484820730-385925201-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1
SearchScopes: HKLM -> {5833F42E-723D-449A-8FF9-9253AEF347EA} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {5833F42E-723D-449A-8FF9-9253AEF347EA} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1109647009-3484820730-385925201-1001 -> {5833F42E-723D-449A-8FF9-9253AEF347EA} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2017-09-27] (HP Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2017-09-27] (HP Inc.)

Edge:
======
Edge Extension: (Adblock Plus) -> 10_EyeoGmbHAdblockPlus_d55gg7py3s0m0 => C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.9.0_neutral__d55gg7py3s0m0 [2017-10-17]
Edge Extension: (Microsoft Rewards) -> EdgeExtension_MicrosoftMicrosoftRewards_8wekyb3d8bbwe => C:\Program Files\WindowsApps\Microsoft.MicrosoftRewards_0.9.5.0_neutral__8wekyb3d8bbwe [2017-10-18]
Edge Extension: (LastPass: Free Password Manager) -> hdokiejnpimakedhajhdlcegeplioahd_LastPassLastPassFreePasswordManager_qq0fmhteeht3j => C:\Program Files\WindowsApps\LastPass.LastPassFreePasswordManager_4.1.45.0_neutral__qq0fmhteeht3j [2017-10-17]

FireFox:
========
FF DefaultProfile: 9vkxa11x.default-1508945841183
FF DefaultProfile: za7qk2ws.default
FF ProfilePath: C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\9vkxa11x.default-1508945841183 [2017-11-27]
FF Homepage: Mozilla\Firefox\Profiles\9vkxa11x.default-1508945841183 -> about:home
FF Extension: (Chrome Store Foxified) - C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\9vkxa11x.default-1508945841183\Extensions\Chrome-Store-Foxified@jetpack.xpi [2017-11-18]
FF Extension: (Export Cookies) - C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\9vkxa11x.default-1508945841183\Extensions\exportcookies@aag.xpi [2017-10-25] [Lagacy]
FF Extension: (HDS Link Detector) - C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\9vkxa11x.default-1508945841183\Extensions\jid0-HFFmJoceGjTSKDBEWPpzfX9By7I@jetpack.xpi [2017-10-25] [Lagacy]
FF Extension: (Pushbullet) - C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\9vkxa11x.default-1508945841183\Extensions\jid1-BYcQOfYfmBMd9A@jetpack.xpi [2017-10-25]
FF Extension: (Clean Up Google Music [De-Instant Mix/Radio]) - C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\9vkxa11x.default-1508945841183\Extensions\jid1-JPoAYi8TbF26hg@jetpack.xpi [2017-10-25] [Lagacy]
FF Extension: (fnGmail) - C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\9vkxa11x.default-1508945841183\Extensions\jid1-sqmEAwSoa3FZPc@jetpack.xpi [2017-10-25]
FF Extension: (LastPass: Free Password Manager) - C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\9vkxa11x.default-1508945841183\Extensions\support@lastpass.com.xpi [2017-11-18]
FF Extension: (TinEye Reverse Image Search) - C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\9vkxa11x.default-1508945841183\Extensions\tineye@ideeinc.com.xpi [2017-10-28]
FF Extension: (Transmogrify for Plex) - C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\9vkxa11x.default-1508945841183\Extensions\transmogrifyforplex@moussekateer.xpi [2017-10-25] [Lagacy]
FF Extension: (Web to Plex) - C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\9vkxa11x.default-1508945841183\Extensions\{05243336-ce19-46df-95af-680070c96134}.xpi [2017-10-25]
FF Extension: (Take Webpage Screenshots Entirely - FireShot) - C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\9vkxa11x.default-1508945841183\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}.xpi [2017-11-19]
FF Extension: (Multirow Bookmarks Toolbar Plus) - C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\9vkxa11x.default-1508945841183\Extensions\{4c7097f7-08f2-4ef2-9b9f-f95fa4cbb064}.xpi [2017-10-25] [Lagacy]
FF Extension: (IMDB  Search) - C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\9vkxa11x.default-1508945841183\Extensions\{c4080853-c699-4120-b8e0-618bff8a4474}.xpi [2017-10-25] [Lagacy]
FF Extension: (Adblock Plus) - C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\9vkxa11x.default-1508945841183\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-11-08]
FF Extension: (Greasemonkey) - C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\9vkxa11x.default-1508945841183\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2017-11-19]
FF Extension: (Disable Media WMF NV12 format) - C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\9vkxa11x.default-1508945841183\features\{2d3c5322-2ea2-4275-aeee-0fd830028ae3}\disable-media-wmf-nv12@mozilla.org.xpi [2017-11-21] [Lagacy]
FF ProfilePath: C:\Users\Matthew\AppData\Roaming\ChatZilla\Profiles\za7qk2ws.default [2017-11-26]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_187.dll [2017-11-14] ()
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_187.dll [2017-11-14] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)

Chrome:
=======
CHR HomePage: Default -> msn.com
CHR StartupUrls: Default -> "hxxps://atlas.feralhosting.com/mewikime/rutorrent/","hxxp://www.google.com"
CHR NewTab: Default ->  Not-active:"chrome-extension://fcfenmboojpjinhpgggodefccipikbpd/newTab.html"
CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxp://www.bing.com/osjson.aspx?FORM=__PARAM__DF&PC=__PARAM__&query={searchTerms}
CHR Profile: C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default [2017-11-26]
CHR Extension: (Slides) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-17]
CHR Extension: (Clean Up Google Music [De-Instant Mix/Radio]) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\abkfjiemhehhebdlnkjjjgapndfikjdh [2017-10-18]
CHR Extension: (Docs) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-17]
CHR Extension: (Google Drive) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-10-17]
CHR Extension: (YouTube) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-17]
CHR Extension: (Adblock Plus) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-10-18]
CHR Extension: (Pushbullet) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2017-10-18]
CHR Extension: (OneTab) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2017-10-18]
CHR Extension: (Spotify - Music for every moment) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2017-10-18]
CHR Extension: (Google Play Music) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2017-11-26]
CHR Extension: (Bing) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2017-11-07]
CHR Extension: (Full Page Screen Capture) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2017-10-18]
CHR Extension: (Sheets) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-17]
CHR Extension: (Bookmarks Menu) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffmdedmghpoipeldijkdlcckdpempkdi [2017-10-18]
CHR Extension: (Plex) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpniocchabmgenibceglhnfeimmdhdfm [2017-10-18]
CHR Extension: (Office Editing for Docs, Sheets & Slides) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2017-10-18]
CHR Extension: (Google Play Movies & TV) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdijeikdkaembjbdobgfkoidjkpbmlkd [2017-10-18]
CHR Extension: (Google Docs Offline) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-10-18]
CHR Extension: (CanIStream.It Search) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\glefnlommggdhmkanajahcaedkpnhnlo [2017-10-18]
CHR Extension: (Pinterest Save Button) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2017-11-14]
CHR Extension: (TinEye Reverse Image Search) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl [2017-11-16]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-11-17]
CHR Extension: (Google Keep - notes and lists) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2017-11-26]
CHR Extension: (Google Play Music) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2017-10-18]
CHR Extension: (Extensity) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjmflmamggggndanpgfnpelongoepncg [2017-10-18]
CHR Extension: (The Great Suspender) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2017-10-18]
CHR Extension: (Google Play) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2017-10-18]
CHR Extension: (Wikipedia Search) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\lipakennkogpodadpikgipnogamhklmk [2017-11-26]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-11-14]
CHR Extension: (Google Maps) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2017-10-18]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2017-10-18]
CHR Extension: (Google Mail Checker) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2017-10-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-10-17]
CHR Extension: (Gmail) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-10-17]
CHR Extension: (Chrome Media Router) - C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-17]
CHR Profile: C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\System Profile [2017-11-12]
CHR HKU\S-1-5-21-1109647009-3484820730-385925201-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1109647009-3484820730-385925201-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-09-07] (Apple Inc.)
R2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2251992 2013-11-13] (Broadcom Corporation.)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173784 2015-10-20] (Microsoft Corp.)
R3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [323952 2017-09-27] (HP Inc.)
R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-22] (HP Inc.)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 NetDrive2_Service_NetDrive2; C:\Program Files\NetDrive2\nd2svc.exe [851112 2017-10-11] ()
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312064 2015-08-07] (Realtek Semiconductor)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803952 2017-11-09] (TeamViewer GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [101232 2017-06-16] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [36608 2013-12-14] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\WINDOWS\System32\DRIVERS\amdpsp.sys [243048 2017-06-16] (Advanced Micro Devices, Inc. )
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWB6.sys [222720 2014-03-11] (Advanced Micro Devices)
R3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [170712 2013-11-13] (Broadcom Corporation.)
R3 BCM43XX; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [7545008 2014-01-29] (Broadcom Corporation)
R1 cbfs5; C:\WINDOWS\system32\drivers\cbfs5.sys [422080 2015-10-04] (EldoS Corporation)
R1 cbfs6; C:\WINDOWS\system32\drivers\cbfs6.sys [460992 2016-09-21] (/n software, Inc.)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R1 MpKsl255eed60; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EDF37B18-8344-47B2-8011-5664C6254AC1}\MpKsl255eed60.sys [58120 2017-11-26] (Microsoft Corporation)
R1 MpKsl89d29148; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{67C001B8-F273-4F42-8410-E85FD87782E6}\MpKsl89d29148.sys [58120 2017-11-26] (Microsoft Corporation)
R1 MpKsld27ea977; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AD777136-97D9-4FC9-B47B-CC2AB5360C30}\MpKsld27ea977.sys [58120 2017-11-24] (Microsoft Corporation)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [294104 2014-04-30] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [896760 2016-02-17] (Realtek )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-27 14:48 - 2017-11-27 14:51 - 000025787 _____ C:\Users\Matthew\Downloads\FRST.txt
2017-11-27 14:48 - 2017-11-27 14:48 - 000000000 ____D C:\FRST
2017-11-27 14:46 - 2017-11-27 14:46 - 002391552 _____ (Farbar) C:\Users\Matthew\Downloads\FRST64.exe
2017-11-27 14:40 - 2017-11-27 14:40 - 000005299 _____ C:\Users\Matthew\Downloads\Lucky Christmas.2011.1080p.HDTV.x264.MKV.528652.torrent
2017-11-27 14:39 - 2017-11-27 14:39 - 000005209 _____ C:\Users\Matthew\Downloads\Lucky.Christmas.2011.1080p.HDTV.x264-PiTBuLL.mkv.torrent
2017-11-27 13:12 - 2017-11-27 13:12 - 000004093 _____ C:\Users\Matthew\Downloads\Snowmance.2017.720p.HDTV.x264.MKV.528631.torrent
2017-11-27 13:10 - 2017-11-27 13:10 - 000007066 _____ C:\Users\Matthew\Downloads\A Very Merry Toy Store.2017.1080p.HDTV.x264.MKV.528630.torrent
2017-11-27 12:56 - 2017-11-27 12:56 - 000117022 _____ C:\Users\Matthew\Downloads\Goal!.2005.1080p.Blu-ray.x264.MKV.528436.torrent
2017-11-26 23:50 - 2017-11-26 23:50 - 000042098 _____ C:\Users\Matthew\Downloads\Spider-Man Homecoming.2017.1080p.Blu-ray.x264.MKV.516019.torrent
2017-11-26 23:35 - 2017-11-26 23:35 - 000079012 _____ C:\Users\Matthew\Downloads\Popeye the Sailor (1960-1961) NTSC 2xDVD9.torrent
2017-11-26 23:17 - 2017-11-26 23:48 - 000002857 _____ C:\Users\Matthew\Documents\popeye.txt
2017-11-26 21:57 - 2017-11-26 21:57 - 000032659 _____ C:\Users\Matthew\Downloads\Popeye the Sailor_ 1933–1938, Volume 1 [4 x DVD9].torrent
2017-11-26 21:13 - 2017-11-26 21:13 - 000006947 _____ C:\Users\Matthew\Downloads\Wrapped Up In Christmas.2017.1080p.HDTV.x264.MKV.528346.torrent
2017-11-26 21:12 - 2017-11-26 21:12 - 000006003 _____ C:\Users\Matthew\Downloads\The Christmas Train.2017.1080p.HDTV.x264.MKV.528345.torrent
2017-11-26 20:07 - 2017-11-26 20:07 - 000001187 _____ C:\Users\Matthew\Downloads\A Family for the Holidays.2017.1080p.HDTV.x264.MKV.528293.torrent
2017-11-26 10:06 - 2017-11-26 10:06 - 000025291 _____ C:\Users\Matthew\Downloads\Kingsman The Golden Circle.2017.1080p.WEB.H.264.MKV.527618.torrent
2017-11-26 00:30 - 2017-11-26 00:30 - 000028324 _____ C:\Users\Matthew\Downloads\Escape from Pleasure Planet.2016.1080p.WEB.H.264.MKV.527752.torrent
2017-11-26 00:26 - 2017-11-26 00:26 - 000014389 _____ C:\Users\Matthew\Downloads\Jimmy Carr Funny Business.2016.1080p.WEB.x264.MKV.527797.torrent
2017-11-26 00:16 - 2017-11-26 00:16 - 000005708 _____ C:\Users\Matthew\Downloads\Hitched for the Holidays.2012.1080p.HDTV.x264.MKV.527839.torrent
2017-11-25 18:19 - 2017-11-25 18:19 - 000001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-11-25 18:19 - 2017-11-25 18:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-11-25 18:19 - 2017-11-25 18:19 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-11-25 18:19 - 2017-11-25 18:19 - 000000000 ____D C:\Program Files\Malwarebytes
2017-11-25 18:19 - 2017-11-01 08:54 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-11-25 17:09 - 2017-11-26 23:00 - 000000530 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task eb38c772-14a3-431d-94c9-b18e779e8405.job
2017-11-25 17:09 - 2017-11-26 23:00 - 000000530 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 0a379c02-a074-4e7f-9c24-5c6b8a5f59f0.job
2017-11-25 17:09 - 2017-11-25 17:09 - 000003758 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task 0a379c02-a074-4e7f-9c24-5c6b8a5f59f0
2017-11-25 17:09 - 2017-11-25 17:09 - 000003676 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task eb38c772-14a3-431d-94c9-b18e779e8405
2017-11-25 17:09 - 2017-11-25 17:09 - 000000000 ____D C:\Users\Matthew\AppData\Roaming\SUPERAntiSpyware.com
2017-11-25 17:08 - 2017-11-25 17:09 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2017-11-25 17:08 - 2017-11-25 17:08 - 078346672 _____ (Malwarebytes ) C:\Users\Matthew\Downloads\mb3-setup-consumer-3.3.1.2183.exe
2017-11-25 17:08 - 2017-11-25 17:08 - 000001856 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2017-11-25 17:08 - 2017-11-25 17:08 - 000000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2017-11-25 17:08 - 2017-11-25 17:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2017-11-25 17:07 - 2017-11-25 17:07 - 031093872 _____ (SUPERAntiSpyware) C:\Users\Matthew\Downloads\SAS_2915.EXE
2017-11-23 21:22 - 2017-11-23 21:22 - 000029871 _____ C:\Users\Matthew\Downloads\Pieles 2017 1080p WEB-DL DD5.1 H.264-AJP69.torrent
2017-11-20 13:27 - 2017-11-26 11:57 - 000004446 _____ C:\Users\Matthew\Documents\text.txt
2017-11-15 16:45 - 2017-11-26 23:00 - 000000356 _____ C:\WINDOWS\Tasks\HPCeeScheduleForMatthew.job
2017-11-15 16:45 - 2017-11-26 15:18 - 000003256 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForMatthew
2017-11-15 16:45 - 2017-11-15 16:45 - 000000000 ____D C:\Users\Matthew\AppData\Local\HP_Inc
2017-11-15 16:31 - 2017-11-15 16:32 - 000000000 ____D C:\ProgramData\HP
2017-11-15 16:31 - 2017-11-15 16:31 - 000000000 ____D C:\Program Files\HP
2017-11-14 20:58 - 2017-10-25 01:11 - 017083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2017-11-14 20:58 - 2017-10-25 01:11 - 000336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicRuntimes.dll
2017-11-14 20:58 - 2017-10-25 01:09 - 021753344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2017-11-14 20:58 - 2017-10-25 00:57 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2017-11-14 20:58 - 2017-10-25 00:57 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2017-11-14 20:58 - 2017-10-25 00:56 - 000665600 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2017-11-14 20:58 - 2017-10-24 22:36 - 000618496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2017-11-14 20:58 - 2017-10-24 20:41 - 000362176 _____ (Microsoft Corporation) C:\WINDOWS\system32\BioIso.exe
2017-11-14 20:58 - 2017-10-24 20:40 - 001634288 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-11-14 20:58 - 2017-10-24 20:40 - 000612760 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-11-14 20:58 - 2017-10-24 20:40 - 000269696 _____ C:\WINDOWS\system32\FaceProcessorCore.dll
2017-11-14 20:58 - 2017-10-24 20:39 - 007831248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2017-11-14 20:58 - 2017-10-24 20:39 - 000479912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2017-11-14 20:58 - 2017-10-24 20:39 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-11-14 20:58 - 2017-10-24 20:37 - 001954048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-11-14 20:58 - 2017-10-24 20:37 - 000610712 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-11-14 20:58 - 2017-10-24 20:36 - 008590744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-11-14 20:58 - 2017-10-24 20:36 - 002400664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-11-14 20:58 - 2017-10-24 20:36 - 000187288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-11-14 20:58 - 2017-10-24 20:34 - 002573208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-11-14 20:58 - 2017-10-24 20:34 - 000839928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Perception.Stub.dll
2017-11-14 20:58 - 2017-10-24 20:34 - 000710920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-11-14 20:58 - 2017-10-24 20:32 - 000559512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-11-14 20:58 - 2017-10-24 20:32 - 000147864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-11-14 20:58 - 2017-10-24 20:31 - 000436120 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-11-14 20:58 - 2017-10-24 20:31 - 000045464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2017-11-14 20:58 - 2017-10-24 20:30 - 004487968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-11-14 20:58 - 2017-10-24 20:30 - 000555416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-11-14 20:58 - 2017-10-24 20:29 - 002269080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2017-11-14 20:58 - 2017-10-24 20:29 - 001507736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-11-14 20:58 - 2017-10-24 20:29 - 000603920 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2017-11-14 20:58 - 2017-10-24 20:28 - 001170008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-11-14 20:58 - 2017-10-24 20:27 - 006791472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-11-14 20:58 - 2017-10-24 20:27 - 001970520 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-11-14 20:58 - 2017-10-24 20:27 - 001426152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-11-14 20:58 - 2017-10-24 20:27 - 000374032 _____ (Microsoft Corporation) C:\WINDOWS\system32\vac.exe
2017-11-14 20:58 - 2017-10-24 20:24 - 000428952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2017-11-14 20:58 - 2017-10-24 20:20 - 002717392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-11-14 20:58 - 2017-10-24 19:52 - 001615720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-11-14 20:58 - 2017-10-24 19:50 - 001528904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-11-14 20:58 - 2017-10-24 19:36 - 025246208 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-11-14 20:58 - 2017-10-24 19:30 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-11-14 20:58 - 2017-10-24 19:30 - 000354200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-11-14 20:58 - 2017-10-24 19:28 - 004648528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-11-14 20:58 - 2017-10-24 19:28 - 001246432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-11-14 20:58 - 2017-10-24 19:28 - 000982016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-11-14 20:58 - 2017-10-24 19:27 - 001454568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2017-11-14 20:58 - 2017-10-24 19:27 - 001377080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-11-14 20:58 - 2017-10-24 19:27 - 001015008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-11-14 20:58 - 2017-10-24 19:24 - 000506256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll
2017-11-14 20:58 - 2017-10-24 19:22 - 006015200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-11-14 20:58 - 2017-10-24 19:22 - 002465848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-11-14 20:58 - 2017-10-24 19:19 - 003670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-11-14 20:58 - 2017-10-24 19:19 - 000097792 _____ C:\WINDOWS\system32\runexehelper.exe
2017-11-14 20:58 - 2017-10-24 19:18 - 000975872 _____ C:\WINDOWS\system32\FaceProcessor.dll
2017-11-14 20:58 - 2017-10-24 19:18 - 000328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2017-11-14 20:58 - 2017-10-24 19:18 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2017-11-14 20:58 - 2017-10-24 19:18 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2017-11-14 20:58 - 2017-10-24 19:18 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2017-11-14 20:58 - 2017-10-24 19:18 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
2017-11-14 20:58 - 2017-10-24 19:16 - 023658496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-11-14 20:58 - 2017-10-24 19:16 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2017-11-14 20:58 - 2017-10-24 19:16 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2017-11-14 20:58 - 2017-10-24 19:16 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-11-14 20:58 - 2017-10-24 19:15 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-11-14 20:58 - 2017-10-24 19:14 - 000541184 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2017-11-14 20:58 - 2017-10-24 19:14 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdrleakdiag.exe
2017-11-14 20:58 - 2017-10-24 19:13 - 013655552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-11-14 20:58 - 2017-10-24 19:13 - 002972672 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-11-14 20:58 - 2017-10-24 19:12 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2017-11-14 20:58 - 2017-10-24 19:12 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-11-14 20:58 - 2017-10-24 19:12 - 000599040 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-11-14 20:58 - 2017-10-24 19:12 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-11-14 20:58 - 2017-10-24 19:11 - 000768512 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-11-14 20:58 - 2017-10-24 19:10 - 008099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-11-14 20:58 - 2017-10-24 19:10 - 004742144 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-11-14 20:58 - 2017-10-24 19:10 - 001167360 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2017-11-14 20:58 - 2017-10-24 19:09 - 002862080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-11-14 20:58 - 2017-10-24 19:09 - 002106368 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-11-14 20:58 - 2017-10-24 19:09 - 001806336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2017-11-14 20:58 - 2017-10-24 19:09 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-11-14 20:58 - 2017-10-24 19:08 - 002905600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-11-14 20:58 - 2017-10-24 19:08 - 002781696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-11-14 20:58 - 2017-10-24 19:08 - 002633216 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-11-14 20:58 - 2017-10-24 19:08 - 002392576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2017-11-14 20:58 - 2017-10-24 19:08 - 001667584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2017-11-14 20:58 - 2017-10-24 19:08 - 000654848 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-11-14 20:58 - 2017-10-24 19:08 - 000487424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2017-11-14 20:58 - 2017-10-24 19:08 - 000465408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-11-14 20:58 - 2017-10-24 19:07 - 018914304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-11-14 20:58 - 2017-10-24 19:07 - 003478016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2017-11-14 20:58 - 2017-10-24 19:07 - 001485824 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-11-14 20:58 - 2017-10-24 19:07 - 000685056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-11-14 20:58 - 2017-10-24 19:07 - 000372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2017-11-14 20:58 - 2017-10-24 19:07 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CapabilityAccessManagerClient.dll
2017-11-14 20:58 - 2017-10-24 19:06 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-11-14 20:58 - 2017-10-24 19:05 - 019339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-11-14 20:58 - 2017-10-24 19:05 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-11-14 20:58 - 2017-10-24 19:05 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcVSp1res.dll
2017-11-14 20:58 - 2017-10-24 19:04 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2017-11-14 20:58 - 2017-10-24 19:04 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdrleakdiag.exe
2017-11-14 20:58 - 2017-10-24 19:03 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2017-11-14 20:58 - 2017-10-24 19:02 - 000591872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-11-14 20:58 - 2017-10-24 19:01 - 012687360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2017-11-14 20:58 - 2017-10-24 19:01 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-11-14 20:58 - 2017-10-24 18:59 - 003679232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-11-14 20:58 - 2017-10-24 18:59 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-11-14 20:58 - 2017-10-24 18:58 - 002467840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-11-14 20:58 - 2017-10-24 18:58 - 001322496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2017-11-14 20:58 - 2017-10-24 18:58 - 001280000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2017-11-14 20:58 - 2017-10-24 18:57 - 006035968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-11-14 20:58 - 2017-10-24 18:55 - 002864640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2017-11-14 20:58 - 2017-10-24 18:54 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcVSp1res.dll
2017-11-14 20:58 - 2017-10-21 04:25 - 003313968 _____ C:\WINDOWS\system32\Windows.Mirage.dll
2017-11-14 20:58 - 2017-10-20 06:17 - 002474584 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2017-11-14 20:58 - 2017-10-19 21:08 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-11-14 10:55 - 2017-11-14 10:55 - 005996544 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2017-11-14 00:06 - 2017-11-14 00:06 - 000002122 _____ C:\Users\Public\Desktop\Google Slides.lnk
2017-11-14 00:06 - 2017-11-14 00:06 - 000002120 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2017-11-14 00:06 - 2017-11-14 00:06 - 000002110 _____ C:\Users\Public\Desktop\Google Docs.lnk
2017-11-14 00:06 - 2017-11-14 00:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2017-11-14 00:04 - 2017-11-14 00:05 - 001129816 _____ (Google Inc.) C:\Users\Matthew\Downloads\installbackupandsync.exe
2017-11-08 12:23 - 2017-11-08 12:46 - 000000000 ____D C:\ProgramData\NZBGet
2017-11-08 12:23 - 2017-11-08 12:23 - 000001055 _____ C:\Users\Matthew\Desktop\NZBGet.lnk
2017-11-08 12:23 - 2017-11-08 12:23 - 000000000 ____D C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NZBGet
2017-11-08 12:23 - 2017-11-08 12:23 - 000000000 ____D C:\Program Files (x86)\NZBGet
2017-10-30 07:43 - 2017-10-30 07:43 - 007919012 _____ C:\Users\Matthew\Downloads\ABP Filters.ini

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-27 14:52 - 2017-10-17 15:46 - 000000000 ____D C:\Users\Matthew\AppData\Roaming\uTorrent
2017-11-27 14:41 - 2017-10-17 20:18 - 000000000 ____D C:\Users\Matthew\AppData\Local\CrashDumps
2017-11-27 13:25 - 2017-10-17 17:11 - 000000000 ____D C:\Users\Matthew\AppData\Roaming\FileZilla
2017-11-27 12:13 - 2017-10-17 14:27 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-11-27 08:50 - 2017-10-18 22:01 - 000000000 ____D C:\Users\Matthew\AppData\Roaming\mkvtoolnix
2017-11-27 07:04 - 2017-10-18 13:02 - 000000000 ____D C:\Users\Matthew\Torrents
2017-11-27 00:18 - 2017-10-17 20:13 - 000000000 ____D C:\Users\Matthew\AppData\Local\ExpanDrive
2017-11-26 23:06 - 2017-10-17 14:32 - 001502276 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-26 23:06 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2017-11-26 23:05 - 2017-10-17 12:20 - 000000000 ____D C:\Users\Matthew\Documents\Youcam
2017-11-26 23:03 - 2017-10-17 13:33 - 000000000 ____D C:\Users\Matthew\AppData\LocalLow\Mozilla
2017-11-26 23:02 - 2017-10-17 13:18 - 000000000 ____D C:\ProgramData\NetDrive2
2017-11-26 23:01 - 2017-10-17 17:25 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2017-11-26 23:00 - 2017-10-17 14:40 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-26 23:00 - 2017-10-17 14:32 - 000000000 ____D C:\Users\Matthew
2017-11-26 20:27 - 2017-10-17 19:41 - 000000600 _____ C:\Users\Matthew\AppData\Local\PUTTY.RND
2017-11-25 16:52 - 2017-09-29 00:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2017-11-25 16:52 - 2014-09-23 18:10 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2017-11-24 21:10 - 2017-10-26 21:40 - 000002234 ____H C:\Users\Matthew\Documents\Default.rdp
2017-11-24 18:23 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2017-11-23 21:41 - 2017-10-17 22:27 - 000000000 ____D C:\Users\Matthew\AppData\Roaming\VideoReDo-TVSuite5
2017-11-23 21:41 - 2014-09-23 18:47 - 000000000 ____D C:\ProgramData\Temp
2017-11-22 14:31 - 2017-10-17 16:50 - 000000000 ____D C:\Users\Matthew\Downloads\Installed apps
2017-11-22 04:00 - 2017-09-29 05:46 - 000000000 ___HD C:\Program Files\WindowsApps
2017-11-22 04:00 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-11-21 23:30 - 2017-10-17 15:06 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-11-21 23:14 - 2017-10-17 15:06 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-11-21 23:13 - 2017-10-17 15:05 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-11-20 20:28 - 2017-10-17 15:12 - 000545440 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-11-20 20:22 - 2017-09-29 05:44 - 000000000 ____D C:\WINDOWS\INF
2017-11-20 19:35 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\rescache
2017-11-20 13:29 - 2017-10-17 13:32 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-11-19 17:07 - 2017-10-17 12:36 - 000000000 ____D C:\Users\Matthew\AppData\Roaming\Mozilla
2017-11-19 17:06 - 2017-10-17 13:32 - 000000955 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-11-19 17:06 - 2017-10-17 13:31 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-11-19 16:04 - 2017-10-17 17:25 - 000001047 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-11-18 21:37 - 2017-10-17 17:33 - 000000000 ____D C:\Users\Matthew\AppData\Roaming\vlc
2017-11-18 17:24 - 2017-09-29 05:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-11-18 12:34 - 2017-10-17 17:11 - 000000000 ____D C:\Users\Matthew\AppData\Local\FileZilla
2017-11-17 19:53 - 2017-10-17 17:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2017-11-17 19:53 - 2017-10-17 17:10 - 000000000 ____D C:\Program Files\FileZilla FTP Client
2017-11-16 16:14 - 2017-10-17 17:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64
2017-11-16 16:14 - 2017-10-17 17:33 - 000000000 ____D C:\Program Files\MPC-HC
2017-11-14 23:53 - 2017-10-17 14:27 - 000239176 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-11-14 23:51 - 2017-09-29 05:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-11-14 23:51 - 2017-09-29 05:46 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-11-14 23:51 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\TextInput
2017-11-14 23:51 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-11-14 23:51 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-11-14 23:51 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-11-14 23:51 - 2017-09-29 00:45 - 000000000 ____D C:\WINDOWS\system32\Dism
2017-11-14 10:55 - 2017-10-17 17:47 - 000004422 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-11-14 10:55 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-11-14 10:55 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-11-14 00:06 - 2017-10-17 14:40 - 000003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-14 00:06 - 2017-10-17 14:40 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-11-14 00:06 - 2017-10-17 13:26 - 000000000 ____D C:\Users\Matthew\AppData\Local\Google
2017-11-14 00:06 - 2017-10-17 13:26 - 000000000 ____D C:\Program Files (x86)\Google
2017-11-13 21:59 - 2014-09-23 18:59 - 000000000 ____D C:\Users\Public\CyberLink
2017-11-13 20:47 - 2017-09-29 05:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-11-13 16:33 - 2017-10-17 13:27 - 000002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-07 20:27 - 2017-10-17 23:12 - 000000000 ____D C:\Users\Matthew\AppData\Local\Deployment
2017-11-06 14:57 - 2017-10-17 14:54 - 000003364 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1109647009-3484820730-385925201-1001
2017-11-06 14:57 - 2017-10-17 14:52 - 000002416 _____ C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-11-06 14:57 - 2017-10-17 12:23 - 000000000 ___RD C:\Users\Matthew\OneDrive
2017-11-04 10:09 - 2017-10-17 21:54 - 000001184 _____ C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaInfo.lnk
2017-11-03 17:25 - 2017-09-29 05:49 - 000835568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-11-03 17:25 - 2017-09-29 05:49 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-10-31 23:29 - 2017-10-17 15:39 - 000001495 _____ C:\Users\Matthew\Desktop\Turn off Monitor.lnk
2017-10-30 21:33 - 2017-10-17 14:45 - 000000000 ____D C:\Users\Matthew\AppData\Local\Comms
2017-10-30 21:21 - 2017-10-17 14:40 - 000000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2017-10-30 21:21 - 2014-09-23 18:31 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2017-10-28 07:19 - 2017-10-26 07:51 - 000000000 ____D C:\Users\Matthew\AppData\LocalLow\LastPass

==================== Files in the root of some directories =======

2017-10-17 13:18 - 2014-04-16 14:08 - 000658000 _____ (WildTangent, Inc.) C:\ProgramData\uninstall1139344.exe
2017-10-17 23:14 - 2013-01-07 18:19 - 018158238 _____ () C:\Users\Matthew\AppData\Local\OcrMap.bin
2017-10-17 19:41 - 2017-11-26 20:27 - 000000600 _____ () C:\Users\Matthew\AppData\Local\PUTTY.RND

Some files in TEMP:
====================
2017-10-18 16:02 - 2013-06-04 09:30 - 000050432 ____R () C:\Users\Matthew\AppData\Local\Temp\Extract.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-11-27 00:17

==================== End of FRST.txt ============================

 

 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-11-2017
Ran by Matthew (27-11-2017 14:53:01)
Running from C:\Users\Matthew\Downloads
Windows 10 Home Version 1709 16299.64 (X64) (2017-10-17 22:44:21)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1109647009-3484820730-385925201-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1109647009-3484820730-385925201-503 - Limited - Disabled)
Guest (S-1-5-21-1109647009-3484820730-385925201-501 - Limited - Enabled)
Matthew (S-1-5-21-1109647009-3484820730-385925201-1001 - Administrator - Enabled) => C:\Users\Matthew
WDAGUtilityAccount (S-1-5-21-1109647009-3484820730-385925201-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{D1822C34-F342-B6AA-6369-899C9D2A9227}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{3D1290E6-1F77-46D5-A715-A56679C8D4E3}) (Version: 6.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D0E45DEC-F4B9-4370-A9DF-66837789C2EF}) (Version: 6.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E3C4B99B-BE71-4C27-8E3C-4FAE3C46E1D5}) (Version: 11.0.0.30 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
AutoHotkey 1.1.26.01 (HKLM\...\AutoHotkey) (Version: 1.1.26.01 - Lexikos)
Backup and Sync from Google (HKLM-x32\...\{604582EB-8259-4ED6-9B1B-6F2494D4B640}) (Version: 3.37.7411.4599 - Google, Inc.)
Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.478.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 6.30.223.232 - Broadcom Corporation)
Broadcom Bluetooth Drivers (HKLM\...\{0A1B4690-E176-4533-8058-939480AEE1D0}) (Version: 12.0.0.9850 - Broadcom Corporation)
CCExtractor (HKLM-x32\...\{06994572-27AC-4B89-8EA9-CAEAE8E6BE83}) (Version: 0.77.0 - CCExtractor)
ChatZilla (HKLM-x32\...\{507FCA59-09EB-426C-87F9-E948C7EFE525}) (Version: 0.9.92 - ChatZilla)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Clumpco's Teletext Subtitle Extractor (HKU\S-1-5-21-1109647009-3484820730-385925201-1001\...\09eb288571f870b7) (Version: 1.1.0.2 - Clumpco)
CuteFTP 9 (HKLM-x32\...\{89B9E358-75C6-4C6B-BD38-803FF156CC4B}) (Version: 9.0.0 - Globalscape)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.7.4023 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM\...\{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.2.5426 - CyberLink Corp.) Hidden
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.2.5426 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.7.4016 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM\...\{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.1.3004 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.1.3004 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.4.4119 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.4.4113 - CyberLink Corp.)
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version:  - )
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
DVDFab 9.3.1.2 (17/08/2016) (HKLM-x32\...\DVDFab 9_is1) (Version:  - Fengtao Software Inc.)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
ExpanDrive (HKLM-x32\...\{25CD1BD4-0A3C-4B3C-8BFC-50542BA64D75}) (Version: 5.5.1 - ExpanDrive, Inc.)
FileZilla Client 3.29.0 (HKLM-x32\...\FileZilla Client) (Version: 3.29.0 - Tim Kosse)
GoldWave v5.70 (HKLM-x32\...\GoldWave v5.70) (Version: 5.70 - GoldWave Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
HandBrake 1.0.7 (HKLM-x32\...\HandBrake) (Version: 1.0.7 - )
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Documentation (HKLM-x32\...\{198B2800-6C16-4F2A-BC52-EA0F7FD67095}) (Version: 1.3.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7745.4851 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{4AAC4B07-77EF-4BCF-88DC-D24E4DE683E8}) (Version: 8.5.37.19 - HP Inc.)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{63F82052-C045-4F97-A3CA-C41D2CCA1FFA}) (Version: 12.8.37.11 - HP Inc.)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Inst5675 (HKLM\...\{2DE6247C-7077-451B-8BA7-FFD1A2ABBB47}) (Version: 8.01.11 - Softex Inc.) Hidden
Inst5676 (HKLM\...\{878F6913-7421-4713-97F7-0A736EE2A188}) (Version: 8.01.11 - Softex Inc.) Hidden
iTunes (HKLM\...\{94E81D4F-FB5A-4B29-B385-33896CC9BE7E}) (Version: 12.7.0.166 - Apple Inc.)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
MediaInfo 17.10 (HKLM\...\MediaInfo) (Version: 17.10 - MediaArea.net)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1109647009-3484820730-385925201-1001\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
MKVToolNix 8.3.0 (64bit) (HKLM-x32\...\MKVToolNix) (Version: 8.3.0 - Moritz Bunkus)
Mozilla Firefox 57.0 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0 (x64 en-US)) (Version: 57.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 56.0.1 - Mozilla)
MPC-HC 1.7.13 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.13 - MPC-HC Team)
My MP4Box GUI 0.6.0.6 (HKLM\...\{3FBE3061-F2BC-4D3A-B4A9-8FB15C503F87}_is1) (Version: 0.6.0.6 - Matt Bodin)
NetDrive2 (HKLM-x32\...\NetDrive2) (Version: 2.5.0.0 - Bdrive Inc.)
NZBGet (HKLM-x32\...\NZBGet) (Version:  - Andrey Prygunkov)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29080 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7548 - Realtek Semiconductor Corp.)
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.0.7316 - CyberLink Corp.) Hidden
Subtitle Edit 3.5.4 (HKLM\...\SubtitleEdit_is1) (Version: 3.5.4.0 - Nikse)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1250 - SUPERAntiSpyware.com)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.88438 - TeamViewer)
TubeDigger 5.6.9 (HKLM-x32\...\{1E3745C1-674D-4B2E-B8F7-3F4088950ED7}_is1) (Version: 5.6.9 - TubeDigger)
TunesKit for Windows 2.8.3.30 (HKLM-x32\...\TunesKit for Windows_is1) (Version:  - TunesKit, Inc.)
VideoReDo TVSuite Version 5.3.4.748 (HKLM-x32\...\VideoReDo5_is1) (Version:  - DRD Systems, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
VobSub v2.23 (Remove Only) (HKLM-x32\...\VobSub) (Version:  - )
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22256 - Microsoft Corporation)
XviD4PSP 5.10.346.0 (HKLM-x32\...\XviD4PSP5_is1) (Version:  - Winnydows & fcp team)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [    ExpanDriveOverlay01] -> {468B1701-612C-460A-9685-C7F0C336EF65} => C:\Users\Matthew\AppData\Local\ExpanDrive\ExpanDriveOverlays_x64.dll [2017-10-17] ()
ShellIconOverlayIdentifiers: [    ExpanDriveOverlay02] -> {468B1702-612C-460A-9685-C7F0C336EF65} => C:\Users\Matthew\AppData\Local\ExpanDrive\ExpanDriveOverlays_x64.dll [2017-10-17] ()
ShellIconOverlayIdentifiers: [    ExpanDriveOverlay03] -> {468B1703-612C-460A-9685-C7F0C336EF65} => C:\Users\Matthew\AppData\Local\ExpanDrive\ExpanDriveOverlays_x64.dll [2017-10-17] ()
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-01] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-01] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-01] (Google)
ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs5] -> {AE83191B-4DB4-4C5C-B2F0-275C6D6A44FE} => C:\WINDOWS\system32\cbfsMntNtf5.dll [2015-10-04] (EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs6] -> {46E1576F-6ED3-4E66-9D8B-3A5C3C9AB88B} => C:\WINDOWS\system32\cbfsMntNtf6.dll [2016-09-21] (/n software, Inc.)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs5] -> {AE83191B-4DB4-4C5C-B2F0-275C6D6A44FE} => C:\WINDOWS\system32\cbfsMntNtf5.dll [2015-10-04] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs6] -> {46E1576F-6ED3-4E66-9D8B-3A5C3C9AB88B} => C:\WINDOWS\system32\cbfsMntNtf6.dll [2016-09-21] (/n software, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2014-04-16] (Cyberlink)
ContextMenuHandlers1: [CuteShellExt] -> {A09315EC-39D3-4ED3-B6A1-262DDC54A3C5} => C:\Program Files (x86)\Globalscape\CuteFTP\CuteShell64.dll [2012-11-09] (GlobalSCAPE, Inc.)
ContextMenuHandlers1: [ExpanDriveContextMenus] -> {00472127-8960-4878-909F-A59FEA944CFA} => C:\Users\Matthew\AppData\Local\ExpanDrive\ExpanDriveContextMenus_x64.dll [2017-10-17] ()
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-01] (Google)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2014-04-16] (Cyberlink)
ContextMenuHandlers2: [CuteShellExt] -> {A09315EC-39D3-4ED3-B6A1-262DDC54A3C5} => C:\Program Files (x86)\Globalscape\CuteFTP\CuteShell64.dll [2012-11-09] (GlobalSCAPE, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers4: [CuteShellExt] -> {A09315EC-39D3-4ED3-B6A1-262DDC54A3C5} => C:\Program Files (x86)\Globalscape\CuteFTP\CuteShell64.dll [2012-11-09] (GlobalSCAPE, Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-01] (Google)
ContextMenuHandlers6: [ExpanDriveContextMenus] -> {00472127-8960-4878-909F-A59FEA944CFA} => C:\Users\Matthew\AppData\Local\ExpanDrive\ExpanDriveContextMenus_x64.dll [2017-10-17] ()
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01031471-F543-4453-8B08-D69842C3DEB7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-17] (Google Inc.)
Task: {02E281B1-8FE4-4AC9-B687-2B8495F8FF9E} - System32\Tasks\YCMServiceAgent => c:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-05-13] (CyberLink Corp.)
Task: {150E863F-9EC3-4926-A52C-D77A6937E103} - System32\Tasks\HPCeeScheduleForMatthew => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-06-24] (HP Inc.)
Task: {26991A90-6FD1-447E-9149-C9369470F5E2} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2017-08-02] (McAfee, Inc.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {4BEAD560-8622-4043-BE6D-FF6E08FEECB6} - System32\Tasks\SUPERAntiSpyware Scheduled Task eb38c772-14a3-431d-94c9-b18e779e8405 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {5459FE6A-51D7-4D49-A257-74AB42B32437} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {58B4C369-E090-4030-83FA-5F38BD48DD49} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-17] (Google Inc.)
Task: {60D0D77A-5C85-46EB-B060-B38FE291B125} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-11-08] (HP Inc.)
Task: {65942774-AFD2-448A-8EBE-331E92245761} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-11-08] (HP Inc.)
Task: {6817089D-6418-4072-8750-3250FCB12683} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-10-11] (HP Inc.)
Task: {6F8A2CD0-9EB8-437E-B6DA-40F6E55C1693} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-15] ()
Task: {9792BEDF-E2C8-4E84-9590-0AB9211A7684} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-09-27] (HP Inc.)
Task: {9DBAA8C6-732D-4988-AC36-DDDC143BD779} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {AA874672-3F3F-4858-9AD5-A8677AC81477} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-27] (HP Inc.)
Task: {C131C7C5-96F8-48ED-9348-F055DFEDB36E} - System32\Tasks\SUPERAntiSpyware Scheduled Task 0a379c02-a074-4e7f-9c24-5c6b8a5f59f0 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {D9B9E35F-5F2A-4057-931F-0A5EB0D36DFA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-09-27] (HP Inc.)
Task: {DF891899-8CFE-4552-9926-4DFF1A53E3DA} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-11-14] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\HPCeeScheduleForMatthew.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 0a379c02-a074-4e7f-9c24-5c6b8a5f59f0.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task eb38c772-14a3-431d-94c9-b18e779e8405.job => C:\Program Files\SUPERAntiSpyware\SASTask.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Keep - notes and lists.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
ShortcutWithArgument: C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Play Movies & TV.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=gdijeikdkaembjbdobgfkoidjkpbmlkd
ShortcutWithArgument: C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Play Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi
ShortcutWithArgument: C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Plex.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=fpniocchabmgenibceglhnfeimmdhdfm

==================== Loaded Modules (Whitelisted) ==============

2017-09-29 05:41 - 2017-09-29 05:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2014-03-28 12:31 - 2014-03-28 12:31 - 002110464 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2014-03-28 12:27 - 2014-03-28 12:27 - 000021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2014-03-28 12:27 - 2014-03-28 12:27 - 000035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2014-03-28 12:27 - 2014-03-28 12:27 - 000055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2014-03-28 12:48 - 2014-03-28 12:48 - 000367504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2014-03-28 12:48 - 2014-03-28 12:48 - 000712080 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2017-09-01 01:49 - 2017-09-01 01:49 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-09-01 01:49 - 2017-09-01 01:49 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-10-11 23:27 - 2017-10-11 23:27 - 000851112 _____ () C:\Program Files\NetDrive2\nd2svc.exe
2014-09-23 18:57 - 2014-04-14 17:59 - 000389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2017-11-14 20:58 - 2017-10-24 19:18 - 000975872 _____ () C:\WINDOWS\system32\FaceProcessor.dll
2017-11-14 20:58 - 2017-10-24 20:40 - 000269696 _____ () C:\WINDOWS\system32\FaceProcessorCore.dll
2017-09-29 05:41 - 2017-09-29 05:41 - 001357464 _____ () C:\WINDOWS\system32\FaceTrackerInternal.dll
2017-10-17 20:13 - 2017-10-17 20:12 - 000651776 _____ () C:\Users\Matthew\AppData\Local\ExpanDrive\ExpanDriveOverlays_x64.dll
2017-11-06 11:32 - 2017-11-06 11:32 - 000076456 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2017-10-17 20:13 - 2017-10-17 20:12 - 000642560 _____ () C:\Users\Matthew\AppData\Local\ExpanDrive\ExpanDriveContextMenus_x64.dll
2014-03-28 12:36 - 2014-03-28 12:36 - 000065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2017-09-11 13:45 - 2017-09-11 13:45 - 000092472 _____ () C:\Program Files\iTunes\zlib1.dll
2017-09-11 13:45 - 2017-09-11 13:45 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2017-10-11 23:27 - 2017-10-11 23:27 - 000152232 _____ () C:\Program Files\NetDrive2\cefs.exe
2017-11-11 21:48 - 2017-11-11 21:48 - 000087552 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-11-11 21:48 - 2017-11-11 21:48 - 000206336 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-11-11 21:48 - 2017-11-11 21:48 - 025461760 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-11-06 11:45 - 2017-11-06 11:45 - 002552832 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\skypert.dll
2017-11-11 21:48 - 2017-11-11 21:48 - 000685056 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2015-08-15 01:49 - 2015-08-15 01:49 - 015965184 _____ () C:\Program Files\MKVToolNix\mmg.exe
2017-09-29 05:42 - 2017-09-29 06:43 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-10-17 16:11 - 2017-10-17 16:11 - 039954944 _____ () C:\Program Files\WindowsApps\CAF9E577.Plex_3.2.20.0_x64__aam28m9va5cke\Plex.dll
2017-10-11 23:28 - 2017-10-11 23:28 - 001103360 _____ () C:\Program Files\NetDrive2\libxml2.dll
2017-10-11 23:28 - 2017-10-11 23:28 - 000120320 _____ () C:\Program Files\NetDrive2\jansson.dll
2017-10-11 23:28 - 2017-10-11 23:28 - 000068096 _____ () C:\Program Files\NetDrive2\zlib.dll
2017-10-11 23:28 - 2017-10-11 23:28 - 000207360 _____ () C:\Program Files\NetDrive2\libevent.dll
2017-10-11 23:27 - 2017-10-11 23:27 - 000193192 _____ () C:\Program Files\NetDrive2\oauth2.dll
2017-06-20 15:06 - 2017-06-20 15:06 - 000307240 _____ () C:\Program Files (x86)\ExpanDrive\CefSharp.dll
2017-06-20 15:06 - 2017-06-20 15:06 - 024981544 _____ () C:\Program Files (x86)\ExpanDrive\libcef.dll
2017-06-20 15:06 - 2017-06-20 15:06 - 000174632 _____ () C:\Program Files (x86)\ExpanDrive\CefSharp.WinForms.dll
2017-11-26 23:01 - 2017-11-26 23:01 - 000088064 _____ () C:\ProgramData\PyInstaller\Temp\_MEI8776\_ctypes.pyd
2017-11-26 23:01 - 2017-11-26 23:01 - 000324608 _____ () C:\ProgramData\PyInstaller\Temp\_MEI8776\PIL._imaging.pyd
2017-11-26 23:01 - 2017-11-26 23:01 - 000910336 _____ () C:\ProgramData\PyInstaller\Temp\_MEI8776\_hashlib.pyd
2017-11-26 23:01 - 2017-11-26 23:01 - 000046080 _____ () C:\ProgramData\PyInstaller\Temp\_MEI8776\_socket.pyd
2017-11-26 23:01 - 2017-11-26 23:01 - 001315328 _____ () C:\ProgramData\PyInstaller\Temp\_MEI8776\_ssl.pyd
2017-11-26 23:01 - 2017-11-26 23:01 - 000100352 _____ () C:\ProgramData\PyInstaller\Temp\_MEI8776\win32api.pyd
2017-11-26 23:01 - 2017-11-26 23:01 - 000110080 _____ () C:\ProgramData\PyInstaller\Temp\_MEI8776\pywintypes27.dll
2017-11-26 23:01 - 2017-11-26 23:01 - 000396800 _____ () C:\ProgramData\PyInstaller\Temp\_MEI8776\pythoncom27.dll
2017-11-26 23:01 - 2017-11-26 23:01 - 001176576 _____ () C:\ProgramData\PyInstaller\Temp\_MEI8776\wx._core_.pyd
2017-11-26 23:01 - 2017-11-26 23:01 - 000806400 _____ () C:\ProgramData\PyInstaller\Temp\_MEI8776\wx._gdi_.pyd
2017-11-26 23:01 - 2017-11-26 23:01 - 000816128 _____ () C:\ProgramData\PyInstaller\Temp\_MEI8776\wx._windows_.pyd
2017-11-26 23:01 - 2017-11-26 23:01 - 001067008 _____ () C:\ProgramData\PyInstaller\Temp\_MEI8776\wx._controls_.pyd
2017-11-26 23:01 - 2017-11-26 23:01 - 000733184 _____ () C:\ProgramData\PyInstaller\Temp\_MEI8776\wx._misc_.pyd
2017-11-26 23:01 - 2017-11-26 23:01 - 000014848 _____ () C:\ProgramData\PyInstaller\Temp\_MEI8776\netifaces.pyd
2017-11-26 23:01 - 2017-11-26 23:01 - 000029184 _____ () C:\ProgramData\PyInstaller\Temp\_MEI8776\Crypto.Cipher._AES.pyd
2017-11-26 23:01 - 2017-11-26 23:01 - 000381952 _____ () C:\ProgramData\PyInstaller\Temp\_MEI8776\win32com.shell.shell.pyd
2017-11-26 23:01 - 2017-11-26 23:01 - 000042496 _____ () C:\ProgramData\PyInstaller\Temp\_MEI8776\win32service.pyd
2017-11-26 23:01 - 2017-11-26 23:01 - 000167936 _____ () C:\ProgramData\PyInstaller\Temp\_MEI8776\win32gui.pyd
2017-11-26 23:01 - 2017-11-26 23:01 - 000324608 _____ () C:\ProgramData\PyInstaller\Temp\_MEI8776\_imaging.pyd
2017-11-26 23:01 - 2017-11-26 23:01 - 000188416 _____ () C:\ProgramData\PyInstaller\Temp\_MEI8776\wx._activex.pyd
2017-11-26 23:01 - 2017-11-26 23:01 - 000357376 _____ () C:\ProgramData\PyInstaller\Temp\_MEI8776\wx._html.pyd
2017-11-26 23:01 - 2017-11-26 23:01 - 000119808 _____ () C:\ProgramData\PyInstaller\Temp\_MEI8776\win32file.pyd
2017-10-17 19:29 - 2015-07-10 22:11 - 000036352 _____ () C:\Users\Matthew\AppData\Roaming\Python-Eggs\psutil-2.1.1-py2.7-win32.egg-tmp\_psutil_windows.pyd
2017-10-11 23:27 - 2017-10-11 23:27 - 000124072 _____ () C:\Program Files\NetDrive2\nd2api.dll
2017-10-11 23:27 - 2017-10-11 23:27 - 000274600 _____ () C:\Program Files\NetDrive2\browser.dll
2017-10-11 23:28 - 2017-10-11 23:28 - 040556032 _____ () C:\Program Files\NetDrive2\libcef.dll
2017-10-11 23:27 - 2017-10-11 23:27 - 001801896 _____ () C:\Program Files\NetDrive2\basicauth.dll
2017-10-11 23:28 - 2017-10-11 23:28 - 001359360 _____ () C:\Program Files\NetDrive2\libglesv2.dll
2017-10-11 23:28 - 2017-10-11 23:28 - 000212992 _____ () C:\Program Files\NetDrive2\libEGL.dll
2017-10-17 21:59 - 2014-09-05 10:55 - 000132808 _____ () C:\Users\Matthew\AppData\Local\Microsoft\BingDesktop\en-US\Apps\Wallpaper_5386c77076d04cf9a8b5d619b4cba48e\1.4.82\wallpaper.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:0888F409 [136]
AlternateDataStreams: C:\ProgramData\Temp:3440EB47 [127]
AlternateDataStreams: C:\ProgramData\Temp:66633281 [127]
AlternateDataStreams: C:\ProgramData\Temp:93433455 [504]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 05:25 - 2013-08-22 05:25 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1109647009-3484820730-385925201-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Matthew\AppData\Local\Microsoft\BingDesktop\en-US\Apps\Wallpaper_5386c77076d04cf9a8b5d619b4cba48e\VersionIndependent\images\39246.jpg
DNS Servers: 209.18.47.62 - 209.18.47.61
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{DD67E482-DE6C-4C12-9AC9-932E61D98FB6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{B6380DD3-716D-48A0-BE87-E130552815D1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{08B1D55C-450B-496C-B912-2FF5F1F69977}] => (Allow) C:\Program Files\NetDrive2\nd2cmd.exe
FirewallRules: [{4CF30B6F-4A2B-4D6F-AA29-8020D13F5411}] => (Allow) C:\Program Files\NetDrive2\nd2cmd.exe
FirewallRules: [{1862295E-AFFB-4201-82E4-C28579B65D0C}] => (Allow) C:\Program Files\NetDrive2\NetDrive2.exe
FirewallRules: [{86A8A21C-02B3-42B9-93B3-C7B3EAE920BD}] => (Allow) C:\Program Files\NetDrive2\NetDrive2.exe
FirewallRules: [{4EB3DBF0-5777-4445-96C5-5DE9DB8E33D4}] => (Allow) C:\Program Files\NetDrive2\nd2svc.exe
FirewallRules: [{296972CB-C170-44AB-811A-F461138322A1}] => (Allow) C:\Program Files\NetDrive2\nd2svc.exe
FirewallRules: [{99E0A979-9608-4DC6-821A-6186D2A9D899}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{B07D3280-1B74-42DB-B7EE-3944C9253721}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{102CBFF5-A444-40AC-ACD0-A25592C9B7B8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A581688E-C620-4571-A8B3-3150955ED1B7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{51F5BFC1-3DBA-49F4-9F58-3D7C78485D81}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F065EE21-3FA6-4036-A539-E23DD794D518}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0A3F5371-E275-4CEF-BD87-726C0EB8ACD6}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{779E51BD-952C-4F1A-AB58-6A5ABDC7AC57}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{0A773BE9-A6F2-46E5-8970-4AAAF981E6DE}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{0B9EB0D1-4C60-4F95-87E1-03530C596E6E}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{6A59AA24-664C-4231-843F-F19F5DCB3D62}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{C7C3E66B-6FD2-4471-B741-5E7E14F9CAF9}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{CE2F6AF9-C2A2-41E5-8CAB-4C474FE05EB2}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{EB64D138-139E-4764-B7D6-76E0EE89580F}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{3778BBEB-2806-4B40-AC39-0C28B24008B2}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{184052E3-8A87-4B93-BE99-725DB18CAA3B}] => (Allow) C:\Program Files (x86)\TubeDigger\TubeDigger.exe
FirewallRules: [{3C30EE54-BEF8-4327-AB24-CA799BFA5A63}] => (Allow) C:\Program Files\NetDrive2\nd2svc.exe
FirewallRules: [{25A652C2-12FD-4DA1-9CEE-67C736925E75}] => (Allow) C:\Program Files\NetDrive2\nd2svc.exe
FirewallRules: [{81DFEE7B-E99C-4243-A4C5-6D2EAB8FD612}] => (Allow) C:\Program Files\NetDrive2\NetDrive2.exe
FirewallRules: [{B44ABF67-BD79-4E51-82A0-C2CE937BBEEB}] => (Allow) C:\Program Files\NetDrive2\NetDrive2.exe
FirewallRules: [{FE733CD9-2DDD-4BE6-A34A-2091AB3BD4EA}] => (Allow) C:\Program Files\NetDrive2\nd2cmd.exe
FirewallRules: [{98853182-1F60-4FAE-84E2-8965E36F1FFF}] => (Allow) C:\Program Files\NetDrive2\nd2cmd.exe
FirewallRules: [{9BDCDC12-F65D-486E-9DF4-39570C7C5F65}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{8DFD0399-236D-4376-9ED8-2199EBF43CA1}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [TCP Query User{963569AA-6996-4E86-9A33-AF61F32A5D88}C:\program files (x86)\nzbget\nzbget.exe] => (Block) C:\program files (x86)\nzbget\nzbget.exe
FirewallRules: [UDP Query User{41001819-BCE0-45F0-A589-6F48B4A033DC}C:\program files (x86)\nzbget\nzbget.exe] => (Block) C:\program files (x86)\nzbget\nzbget.exe
FirewallRules: [{B52DCB7E-DAC1-4097-A04F-A57C0CD3EA80}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{A13148CB-CEC2-458A-9905-8794CC62038E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{1997BE50-9011-46A9-A3B2-5B13E82D235A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{5A24D36D-2BF6-4A77-855C-B44959E6D9AD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{F9A49494-DAEF-447A-BE78-EDC9D1F3EC35}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Restore Points =========================

08-11-2017 19:39:58 Scheduled Checkpoint
14-11-2017 20:57:03 Windows Update
18-11-2017 17:23:27 Windows Modules Installer
21-11-2017 23:11:25 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/27/2017 02:41:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.16299.15, time stamp: 0x290d9f78
Faulting module name: ntdll.dll, version: 10.0.16299.64, time stamp: 0x493793ea
Exception code: 0xc0000409
Fault offset: 0x00000000000a7354
Faulting process id: 0x1840
Faulting application start time: 0x01d367d0625ca0bf
Faulting application path: C:\WINDOWS\system32\backgroundTaskHost.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 55649b96-5877-4c67-b775-01f0b2d604d7
Faulting package full name: Microsoft.Windows.Cortana_1.9.6.16299_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI

Error: (11/27/2017 11:25:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DllHost.exe, version: 10.0.16299.15, time stamp: 0x5e7a01e6
Faulting module name: ntdll.dll, version: 10.0.16299.64, time stamp: 0x493793ea
Exception code: 0xc0000005
Fault offset: 0x000000000004af91
Faulting process id: 0x26dc
Faulting application start time: 0x01d367b566d39d7c
Faulting application path: C:\WINDOWS\system32\DllHost.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: c1d3d7a0-7bab-472a-a295-b8a94317f6bf
Faulting package full name:
Faulting package-relative application ID:

Error: (11/26/2017 11:01:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 57.0.0.6525, time stamp: 0x5a085587
Faulting module name: shcore.dll, version: 10.0.16299.15, time stamp: 0x6c07e48f
Exception code: 0xc0000005
Fault offset: 0x0000000000036c7a
Faulting process id: 0x3c4
Faulting application start time: 0x01d3674d8a2b2ea8
Faulting application path: C:\Program Files\Mozilla Firefox\firefox.exe
Faulting module path: C:\WINDOWS\System32\shcore.dll
Report Id: 4dd15dc1-8c73-4dbb-baa1-2892fcb070a1
Faulting package full name:
Faulting package-relative application ID:

Error: (11/26/2017 10:57:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 57.0.0.6525, time stamp: 0x5a085587
Faulting module name: mozglue.dll, version: 57.0.0.6525, time stamp: 0x5a085527
Exception code: 0x80000003
Fault offset: 0x000000000000fb98
Faulting process id: 0x2630
Faulting application start time: 0x01d36735cdc8e714
Faulting application path: C:\Program Files\Mozilla Firefox\firefox.exe
Faulting module path: C:\Program Files\Mozilla Firefox\mozglue.dll
Report Id: bf2291b5-1702-41a6-90d8-d04e1c469403
Faulting package full name:
Faulting package-relative application ID:

Error: (11/26/2017 10:57:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: bad_module_info, version: 0.0.0.0, time stamp: 0x00000000
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc00001ad
Fault offset: 0x00007ffcddfe4d4a
Faulting process id: 0x27c
Faulting application start time: 0x01d36650e72bccc4
Faulting application path: bad_module_info
Faulting module path: unknown
Report Id: 0b289960-3b35-4a78-b077-f18c3c0f7564
Faulting package full name:
Faulting package-relative application ID:

Error: (11/26/2017 09:24:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 57.0.0.6525, time stamp: 0x5a085587
Faulting module name: mozglue.dll, version: 57.0.0.6525, time stamp: 0x5a085527
Exception code: 0x80000003
Fault offset: 0x000000000000fb98
Faulting process id: 0x2c78
Faulting application start time: 0x01d36735e75b23a3
Faulting application path: C:\Program Files\Mozilla Firefox\firefox.exe
Faulting module path: C:\Program Files\Mozilla Firefox\mozglue.dll
Report Id: 09018abe-127e-4f3c-992b-60fd0020f459
Faulting package full name:
Faulting package-relative application ID:

Error: (11/26/2017 02:30:57 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (11/25/2017 04:51:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 57.0.0.6525 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 23c0

Start Time: 01d3664df1795dc6

Termination Time: 4294967295

Application Path: C:\Program Files\Mozilla Firefox\firefox.exe

Report Id: 80afe5af-f8fe-41de-902f-f9c945f749be

Faulting package full name:

Faulting package-relative application ID:

Error: (11/25/2017 04:31:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 57.0.0.6525, time stamp: 0x5a085587
Faulting module name: mozglue.dll, version: 57.0.0.6525, time stamp: 0x5a085527
Exception code: 0x80000003
Fault offset: 0x0000000000013a35
Faulting process id: 0x2cbc
Faulting application start time: 0x01d36626ec179d8e
Faulting application path: C:\Program Files\Mozilla Firefox\firefox.exe
Faulting module path: C:\Program Files\Mozilla Firefox\mozglue.dll
Report Id: 326b6130-b5fd-4659-a603-4dd258ff6afb
Faulting package full name:
Faulting package-relative application ID:

Error: (11/25/2017 03:12:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 57.0.0.6525, time stamp: 0x5a085587
Faulting module name: mozglue.dll, version: 57.0.0.6525, time stamp: 0x5a085527
Exception code: 0x80000003
Fault offset: 0x000000000000fb98
Faulting process id: 0x1980
Faulting application start time: 0x01d36626f7e2b540
Faulting application path: C:\Program Files\Mozilla Firefox\firefox.exe
Faulting module path: C:\Program Files\Mozilla Firefox\mozglue.dll
Report Id: e9660c31-3fcd-4c03-b94c-380ebe4dd718
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (11/27/2017 02:41:18 PM) (Source: DCOM) (EventID: 10016) (User: BEDROOM)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user Bedroom\Matthew SID (S-1-5-21-1109647009-3484820730-385925201-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.9.6.16299_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (11/27/2017 02:41:18 PM) (Source: DCOM) (EventID: 10016) (User: BEDROOM)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user Bedroom\Matthew SID (S-1-5-21-1109647009-3484820730-385925201-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.9.6.16299_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (11/27/2017 10:28:10 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk2\DR2, has a bad block.

Error: (11/27/2017 10:28:10 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk2\DR2, has a bad block.

Error: (11/27/2017 03:07:22 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/26/2017 11:15:42 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/26/2017 11:10:19 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/26/2017 11:00:41 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/26/2017 11:00:41 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/26/2017 11:00:41 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================
  Date: 2017-11-27 14:45:20.689
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-11-27 14:45:20.685
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-11-27 14:34:47.111
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-11-27 14:34:47.108
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-11-27 14:15:20.597
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-11-27 14:15:20.594
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-11-27 14:04:44.698
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-11-27 14:04:44.695
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-11-27 13:45:20.606
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-11-27 13:45:20.601
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

Processor: AMD A8-6410 APU with AMD Radeon R5 Graphics
Percentage of memory in use: 85%
Total physical RAM: 3518.26 MB
Available physical RAM: 525.15 MB
Total Virtual: 7212.86 MB
Available Virtual: 1222.02 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:912.03 GB) (Free:405.25 GB) NTFS
Drive d: (Recovery Image) (Fixed) (Total:16.65 GB) (Free:2.11 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (My Book) (Fixed) (Total:5589 GB) (Free:17.71 GB) exFAT
Drive g: (Elements) (Fixed) (Total:931.51 GB) (Free:6.82 GB) NTFS
Drive h: (My Book) (Fixed) (Total:3725.99 GB) (Free:67.59 GB) NTFS
Drive j: (SANDISK USB) (Removable) (Total:29.1 GB) (Free:6.73 GB) FAT32
Drive x: (CPCC Google Drive) (Network) (Total:51806.89 GB) (Free:10240 GB) ndfs

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: B987773A)

Partition: GPT.

========================================================
Disk: 1 (Size: 29.1 GB) (Disk ID: 001D6AB4)
Partition 1: (Active) - (Size=29.1 GB) - (Type=0C)
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 2.

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 000AA0F5)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (Size: 5589 GB) (Disk ID: 16F2A91F)

Partition: GPT.

==================== End of Addition.txt ============================


Edited by ExpatChef_Matt, 27 November 2017 - 06:21 PM.


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,044 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:14 PM

Posted 27 November 2017 - 09:08 PM

Greetings Matt. Thank you for the information.

Please consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have Peer 2 Peer (torrent) program(s) installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Peer 2 Peer programs, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about CryptoLocker Ransomware, a type of Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CreateRestorePoint:
CloseProcesses:
File: C:\Users\Matthew\AppData\Local\Temp\Extract.exe
AlternateDataStreams: C:\ProgramData\Temp:0888F409 [136]
AlternateDataStreams: C:\ProgramData\Temp:3440EB47 [127]
AlternateDataStreams: C:\ProgramData\Temp:66633281 [127]
AlternateDataStreams: C:\ProgramData\Temp:93433455 [504]
emptytemp:
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Check your computer/memory
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 ExpatChef_Matt

ExpatChef_Matt
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:14 PM

Posted 28 November 2017 - 11:24 PM

Hi. Removing torrent software is not really something I can do.  :wacko:  Here's the fixlog:

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 27-11-2017
Ran by Matthew (28-11-2017 20:05:37) Run:1
Running from C:\Users\Matthew\Downloads
Loaded Profiles: Matthew (Available Profiles: Matthew)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
File: C:\Users\Matthew\AppData\Local\Temp\Extract.exe
AlternateDataStreams: C:\ProgramData\Temp:0888F409 [136]
AlternateDataStreams: C:\ProgramData\Temp:3440EB47 [127]
AlternateDataStreams: C:\ProgramData\Temp:66633281 [127]
AlternateDataStreams: C:\ProgramData\Temp:93433455 [504]
emptytemp:

*****************

Restore point was successfully created.
Processes closed successfully.

========================= File: C:\Users\Matthew\AppData\Local\Temp\Extract.exe ========================

C:\Users\Matthew\AppData\Local\Temp\Extract.exe
File is digitally signed
MD5: 171F1BB73D0238A7A56126D3459ECDCD
Creation and modification date: 2017-10-18 16:02 - 2013-06-04 09:30
Size: 000050432
Attributes: ---RA
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:
VirusTotal: https://www.virustotal.com/file/271a9e5974bcd6cfd1e1653314ba6cac3c58c211c857d1637c3bd92b2ec5f5f0/analysis/1507952057/

====== End of File: ======

C:\ProgramData\Temp => ":0888F409" ADS removed successfully
C:\ProgramData\Temp => ":3440EB47" ADS removed successfully
C:\ProgramData\Temp => ":66633281" ADS removed successfully
C:\ProgramData\Temp => ":93433455" ADS removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 7364608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 47865384 B
Java, Flash, Steam htmlcache => 1175 B
Windows/system/drivers => 436834 B
Edge => 2386678 B
Chrome => 196229626 B
Firefox => 380142980 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 459458 B
Matthew => 115812255 B

RecycleBin => 62 B
EmptyTemp: => 715.9 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:10:01 ====



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,044 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:14 PM

Posted 29 November 2017 - 11:40 AM

No problem with uTorrent, I just need to make you aware of the potential dangers.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows Key + R on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CreateRestorePoint:
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Clean Boot

--------------------
  • Press the Windows Key + R on your keyboard at the same time.
  • Type msconfig and press Enter
  • If you are prompted for an administrator password or for a confirmation, type the password, or provide confirmation
  • Click the General tab then click Selective Startup
  • Check Load system services
  • Uncheck Load Startup Items
  • Click the Services tab
  • Click to select the Hide All Microsoft Services check box
  • Click Disable All, and then click OK
  • When you are prompted, click Restart and boot into Normal Mode
  • Check your computer performance
===================================================

Run a fresh FRST scan and copy/paste both reports in your reply.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Computer performance?
  • FRST log
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,044 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:14 PM

Posted 03 December 2017 - 09:13 AM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,044 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:14 PM

Posted 05 December 2017 - 09:44 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users