ProblemsRBad

Members
  • Content count

    852
  • Joined

  • Last visited

  • Time Online

    165d 11m 5s

About ProblemsRBad

  • Rank
    Member

Profile Information

  • Gender
  • OS
    Windows 10

Profile Fields

  • Country
  1. My laptop seems to be running better now! Malwarebytes is opening at boot up again. Thanks! # DelFix v1.013 - Logfile created 11/09/2016 at 11:46:36 # Updated 17/04/2016 by Xplode # Username : Dan - DAN-PC # Operating System : Windows 10 Home (64 bits) ~ Activating UAC ... OK ~ Removing disinfection tools ... Deleted : C:\FRST Deleted : C:\AdwCleaner Deleted : C:\Users\Dan\Desktop\FRST64.exe Deleted : C:\Users\Dan\Desktop\FSS.exe Deleted : C:\Users\Dan\Desktop\SecurityCheck.exe Deleted : HKLM\SOFTWARE\OldTimer Tools ~ Creating registry backup ... OK ~ Cleaning system restore ... Deleted : RP #1 [Windows Update | 09/09/2016 01:46:28] Deleted : RP #3 [Removed Sophos Virus Removal Tool. | 09/11/2016 03:24:38] New restore point created ! ~ Resetting system settings ... OK ########## - EOF - ##########
  2. Ok all finished, thank you. Sophos scanned clean so no log was produced. Here is logs: Results of screen317's Security Check version 1.014 --- 12/23/15 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! COMODO Antivirus Windows Defender Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java 8 Update 101 Java version 32-bit out of Date! Adobe Flash Player 22.0.0.209 Mozilla Firefox (48.0.2) Google Chrome (51.0.2704.103) Google Chrome (52.0.2743.116) Google Chrome (SetupMetrics...) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Comodo Firewall cmdagent.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` ------------------------------------------------------------------------------------------------------------------------------------------ Farbar Service Scanner Version: 27-01-2016 Ran by Dan (administrator) on 10-09-2016 at 23:53:02 Running from "C:\Users\Dan\Desktop" Microsoft Windows 10 Home (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Policy: ======================== Security Center: ============ Windows Update: ============ wuauserv Service is not running. Checking service configuration: The start type of wuauserv service is set to Demand. The default start type is Auto. The ImagePath of wuauserv service is OK. The ServiceDll of wuauserv service is OK. Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Demand. The default start type is Auto. The ImagePath of WinDefend service is OK. Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => File is digitally signed C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed C:\Windows\System32\drivers\afd.sys => File is digitally signed C:\Windows\System32\drivers\tdx.sys => File is digitally signed C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed C:\Windows\System32\dnsrslvr.dll => File is digitally signed C:\Windows\System32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\System32\mpssvc.dll => File is digitally signed C:\Windows\System32\bfe.dll => File is digitally signed C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed C:\Windows\System32\SDRSVC.dll => File is digitally signed C:\Windows\System32\vssvc.exe => File is digitally signed C:\Windows\System32\wscsvc.dll => File is digitally signed C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed C:\Windows\System32\wuaueng.dll => File is digitally signed C:\Windows\System32\qmgr.dll => File is digitally signed C:\Windows\System32\es.dll => File is digitally signed C:\Windows\System32\cryptsvc.dll => File is digitally signed C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed C:\Windows\System32\ipnathlp.dll => File is digitally signed C:\Windows\System32\iphlpsvc.dll => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed **** End of log ****
  3. Fix result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016 Ran by Dan (10-09-2016 19:24:02) Run:1 Running from C:\Users\Dan\Desktop Loaded Profiles: Dan (Available Profiles: Dan & DefaultAppPool) Boot Mode: Normal ============================================== fixlist content: ***************** FF HKLM-x32\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\netsight@nielsen.xpi => not found 2016-09-08 16:13 - 2016-09-08 16:13 - 0000000 ____H () C:\ProgramData\DP45977C.lfl C:\Users\Dan\AppData\Local\Temp\dllnt_dump.dll C:\Users\Dan\AppData\Local\Temp\libeay32.dll C:\Users\Dan\AppData\Local\Temp\msvcr120.dll C:\Users\Dan\AppData\Local\Temp\SkypeSetup.exe C:\Users\Dan\AppData\Local\Temp\sqlite3.dll CustomCLSID: HKU\S-1-5-21-3476291681-2796092440-1313146854-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Dan\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File AlternateDataStreams: C:\WINDOWS\system32\aclui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AppXApplicabilityBlob.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentServer.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AudioSes.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\audiosrv.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\bcastdvr.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\CastLaunch.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\cdd.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Chakra.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Chakradiag.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Chakrathunk.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ClipboardServer.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ClipUp.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\CloudExperienceHostUser.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\clusapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\combase.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\CredProvDataModel.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\C_G18030.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\c_GSM7.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\C_IS2022.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3D12.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_37.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_38.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_39.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_40.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_41.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_42.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_43.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dcsx_42.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dcsx_43.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx10_37.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\d3dx10_38.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx10_39.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx10_40.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx10_41.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx10_42.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx10_43.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx11_42.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx11_43.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DX9_37.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\D3DX9_38.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DX9_39.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DX9_40.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DX9_41.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DX9_42.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DX9_43.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\delegatorprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DscCore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DscCoreConfProv.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dwmcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\edgehtml.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\encapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\esxcwiad.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\facecredentialprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\FrameServer.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\FSClient.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\fveapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\fveapibase.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\GamePanel.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\hvax64.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\hvix64.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\hvloader.efi:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\hvloader.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\indexeddbserver.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\InstallAgent.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\InstallAgentUserBroker.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\kdhvcom.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\KnobsCore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\KnobsCsp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\LicenseManager.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\LicenseManagerSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPO4064.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MaxxVoiceAPO3064.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MCRecvSrc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfksproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfnetcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfnetsrc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfps.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfsensorgroup.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\mispace.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MRT.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\msctf.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mshtml.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mstsc.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MusNotification.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MusUpdateHandlers.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NetworkMobileSettings.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NFCProvisioningPlugin.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ntdll.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ntoskrnl.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvhdagenco6420103.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvhdap64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\provdatastore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\provengine.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\provhandlers.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\provisioningcsp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\provops.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ProvPluginEng.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\provtool.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\schannel.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_nt.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\shell32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\shutdownux.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\smphost.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\storagewmi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\storagewmi_passthru.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\StoreAgent.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\twinui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\updatepolicy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\usocore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\vmnetbridge.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\vnetinst.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\win32kfull.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wincorlib.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Audio.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Editing.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Speech.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Speech.UXRes.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\windows.storage.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Logon.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Search.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\winload.efi:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\winload.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\winresume.efi:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\winresume.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WinTypes.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wsp_fs.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\wsp_health.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wuauclt.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wuaueng.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wups2.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\wuuhext.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WWAHost.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wwanprotdim.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wwansvc.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_3.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_4.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_5.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_6.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_7.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\xactengine3_0.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\xactengine3_1.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\xactengine3_2.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\xactengine3_3.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\xactengine3_4.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\xactengine3_5.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\xactengine3_6.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\xactengine3_7.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_1.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_2.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_3.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_4.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_5.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAudio2_0.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\XAudio2_1.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAudio2_2.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAudio2_3.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAudio2_4.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAudio2_5.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAudio2_6.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAudio2_7.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XblAuthManager.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\aclui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\AudioSes.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\bcastdvr.exe:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\BcastDVRHelper.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Chakra.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\Chakradiag.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Chakrathunk.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ClipboardServer.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\clusapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\combase.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\CredProvDataModel.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\C_G18030.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\c_GSM7.DLL:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\C_IS2022.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3D12.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_37.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_38.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_39.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_40.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_41.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_42.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_43.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dcsx_42.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dcsx_43.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_37.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_38.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_39.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_40.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_41.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_42.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_43.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx11_42.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx11_43.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_37.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_38.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_39.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_40.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_42.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_43.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\delegatorprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\DscCoreConfProv.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\edgehtml.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\encapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerApp.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\FSClient.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\GamePanel.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\indexeddbserver.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\InstallAgent.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\LicenseManager.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MCRecvSrc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfksproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetsrc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfps.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsensorgroup.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mispace.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\msctf.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtml.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mstsc.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ntdll.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\schannel.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\shell32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\smphost.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\storagewmi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\storagewmi_passthru.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\StoreAgent.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\updatepolicy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\vmnat.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\vmnetdhcp.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\vsocklib.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\win32kfull.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wincorlib.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Speech.UXRes.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\windows.storage.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WinTypes.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wsp_fs.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wsp_health.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WWAHost.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_3.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_4.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_5.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_6.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_7.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_1.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_2.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_3.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_4.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_5.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_6.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_7.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_1.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_2.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_3.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_4.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_5.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_1.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_2.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_3.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_4.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_5.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_6.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_7.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\ClipSp.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\dtlitescsibus.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgkrnl.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms1.sys:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms2.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\hvservice.sys:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbam.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbamchameleon.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\mwac.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\ntfs.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\nvhda64v.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\pdc.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\tap0901.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\tcpip.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\VBoxDrv.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\VBoxNetAdp6.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmci.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmnet.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmnetadapter.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmnetbridge.sys:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\Drivers\xinputhid.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\XQHDrv.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Drivers\XQHDrv.sys:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Desktop\adwcleaner_6.010.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Desktop\adwcleaner_6.010.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Dan\Desktop\FRST64.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Desktop\FRST64.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Dan\Desktop\IE11.Win7.For.Windows.VMware.zip:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Desktop\instance-1.rdp:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Desktop\instance-2.rdp:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Desktop\instance-3.rdp:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Desktop\ipscan-win64-3.4.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Desktop\JRT.exe:$CmdZnID [29] AlternateDataStreams: C:\Users\Dan\Desktop\setup.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Desktop\setup.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Dan\Desktop\SweevaBot v1.1.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Desktop\WinFlashTool.exe:$CmdTcID [130] AlternateDataStreams: C:\Users\Dan\Downloads\0bbe499629459d556ce5702538b5779f502a61095620b.zip:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\3152159:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\3152159:$CmdZnID [26] AlternateDataStreams: C:\Users\Dan\Downloads\4kvideodownloader_4.1.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\4kvideodownloader_4.1.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Dan\Downloads\4kyoutubetomp3_3.0.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\4kyoutubetomp3_3.0.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Dan\Downloads\ArcInstall_PWI_v20160816a.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\Bitmessage.exe:$CmdTcID [130] AlternateDataStreams: C:\Users\Dan\Downloads\camfrog coin getter.apk:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\cjoverkill.zip:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\Cock hungry pov fetish babe - XVIDEOS.COM.mp3:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\Cock hungry pov fetish babe - XVIDEOS.COM.mp3:$CmdZnID [26] AlternateDataStreams: C:\Users\Dan\Downloads\CyberLink_YouCam_Downloader.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\CyberLink_YouCam_Downloader.exe:$CmdZnID [29] AlternateDataStreams: C:\Users\Dan\Downloads\ec2-52-35-99-222.us-west-2.compute.amazonaws.com.rdp:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\faucetinabox-r63.zip:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\firefox-50.0a2.en-US.win32.installer-stub.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Dan\Downloads\freebitcodotintricks.txt:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\FreemakeYouTubeToMP3BoomSetup.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\google play services.apk:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\HitLeap Viewer.msi:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\IE11.Win7.For.Windows.VMware.zip:$CmdTcID [130] AlternateDataStreams: C:\Users\Dan\Downloads\index(2).php:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\JavaSetup8u91.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Dan\Downloads\LineInst.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Dan\Downloads\mbam-setup-2.2.1.1043.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\mbam-setup-2.2.1.1043.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Dan\Downloads\paytoshi-faucet-v2.0.3.zip:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\planets vs zombies 2.apk:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\planets vs zombies 2.apk:$CmdZnID [26] AlternateDataStreams: C:\Users\Dan\Downloads\Pwi_ArcSetup.exe:$CmdZnID [29] AlternateDataStreams: C:\Users\Dan\Downloads\readme.txt:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\RoboForm-Setup-ffbn1.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\TeamViewer_Setup_en.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\TeamViewer_Setup_en.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Dan\Downloads\uthgard.setup.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Documents\README BeagleBone Black OR Raspberry PI.txt:$CmdTcID [64] AlternateDataStreams: C:\Users\Public\SwapMagic_v3.6.rar:$CmdTcID [64] AlternateDataStreams: C:\Users\Public\SwapMagic_v3.6.rar:$CmdZnID [26] ***************** HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\netsight@nielsen.com => value removed successfully C:\ProgramData\DP45977C.lfl => moved successfully C:\Users\Dan\AppData\Local\Temp\dllnt_dump.dll => moved successfully C:\Users\Dan\AppData\Local\Temp\libeay32.dll => moved successfully C:\Users\Dan\AppData\Local\Temp\msvcr120.dll => moved successfully C:\Users\Dan\AppData\Local\Temp\SkypeSetup.exe => moved successfully C:\Users\Dan\AppData\Local\Temp\sqlite3.dll => moved successfully "HKU\S-1-5-21-3476291681-2796092440-1313146854-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}" => key removed successfully "C:\WINDOWS\system32\aclui.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\AppXApplicabilityBlob.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\AppXDeploymentServer.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\AudioSes.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\audiosrv.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\bcastdvr.exe" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\CastLaunch.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\cdd.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Chakra.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Chakradiag.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Chakrathunk.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\ClipboardServer.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\ClipUp.exe" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\CloudExperienceHostUser.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\clusapi.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\combase.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\CredProvDataModel.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\C_G18030.DLL" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\c_GSM7.DLL" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\C_IS2022.DLL" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\D3D12.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\D3DCompiler_37.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\D3DCompiler_38.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\D3DCompiler_39.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\D3DCompiler_40.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\D3DCompiler_41.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\D3DCompiler_42.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\D3DCompiler_43.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\d3dcsx_42.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\d3dcsx_43.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\d3dx10_37.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\d3dx10_38.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\d3dx10_39.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\d3dx10_40.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\d3dx10_41.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\d3dx10_42.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\d3dx10_43.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\d3dx11_42.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\d3dx11_43.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\D3DX9_37.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\D3DX9_38.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\D3DX9_39.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\D3DX9_40.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\D3DX9_41.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\D3DX9_42.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\D3DX9_43.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\delegatorprovider.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\DscCore.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\DscCoreConfProv.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\dwmcore.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\edgehtml.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\encapi.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\esxcwiad.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\facecredentialprovider.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\FrameServer.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\FSClient.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\fveapi.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\fveapibase.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\GamePanel.exe" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\hvax64.exe" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\hvix64.exe" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\hvloader.efi" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\hvloader.exe" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\indexeddbserver.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\InstallAgent.exe" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\InstallAgentUserBroker.exe" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\kdhvcom.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\KnobsCore.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\KnobsCsp.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\LicenseManager.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\LicenseManagerSvc.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\MaxxAudioAPO4064.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\MaxxVoiceAPO3064.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\MCRecvSrc.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\mfcore.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\mfksproxy.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\mfnetcore.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\mfnetsrc.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\mfps.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\mfsensorgroup.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\mispace.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\MRT.exe" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\msctf.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\mshtml.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\mstsc.exe" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\MusNotification.exe" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\MusUpdateHandlers.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\NetworkMobileSettings.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\NFCProvisioningPlugin.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\ntdll.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\ntoskrnl.exe" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\nvhdagenco6420103.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\nvhdap64.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\provdatastore.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\provengine.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\provhandlers.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\provisioningcsp.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\provops.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\ProvPluginEng.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\provtool.exe" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\schannel.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\SettingsHandlers_nt.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\shell32.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\shutdownux.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\smphost.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\storagewmi.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\storagewmi_passthru.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\StoreAgent.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\twinui.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\updatepolicy.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\usocore.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\vmnetbridge.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\vnetinst.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\win32kfull.sys" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\wincorlib.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Windows.Media.Audio.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Windows.Media.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Windows.Media.Editing.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Windows.Media.Speech.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Windows.Media.Speech.UXRes.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\windows.storage.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Windows.UI.Logon.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Windows.UI.Search.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\winload.efi" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\winload.exe" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\winresume.efi" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\winresume.exe" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\WinTypes.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\wsp_fs.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\wsp_health.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\wuauclt.exe" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\wuaueng.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\wups2.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\wuuhext.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\WWAHost.exe" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\wwanprotdim.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\wwansvc.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\X3DAudio1_3.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\X3DAudio1_4.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\X3DAudio1_5.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\X3DAudio1_6.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\X3DAudio1_7.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\xactengine3_0.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\xactengine3_1.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\xactengine3_2.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\xactengine3_3.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\xactengine3_4.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\xactengine3_5.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\xactengine3_6.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\xactengine3_7.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\XAPOFX1_0.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\XAPOFX1_1.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\XAPOFX1_2.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\XAPOFX1_3.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\XAPOFX1_4.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\XAPOFX1_5.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\XAudio2_0.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\XAudio2_1.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\XAudio2_2.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\XAudio2_3.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\XAudio2_4.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\XAudio2_5.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\XAudio2_6.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\XAudio2_7.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\XblAuthManager.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\aclui.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\AudioSes.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\bcastdvr.exe" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\BcastDVRHelper.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\Chakra.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\Chakradiag.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\Chakrathunk.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\ClipboardServer.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\clusapi.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\combase.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\CredProvDataModel.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\C_G18030.DLL" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\c_GSM7.DLL" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\C_IS2022.DLL" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\D3D12.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\D3DCompiler_37.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\D3DCompiler_38.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\D3DCompiler_39.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\D3DCompiler_40.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\D3DCompiler_41.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\D3DCompiler_42.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\D3DCompiler_43.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\d3dcsx_42.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\d3dcsx_43.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\d3dx10_37.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\d3dx10_38.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\d3dx10_39.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\d3dx10_40.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\d3dx10_41.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\d3dx10_42.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\d3dx10_43.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\d3dx11_42.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\d3dx11_43.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\D3DX9_37.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\D3DX9_38.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\D3DX9_39.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\D3DX9_40.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\D3DX9_42.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\D3DX9_43.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\delegatorprovider.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\DscCoreConfProv.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\dwmcore.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\edgehtml.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\encapi.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\FlashPlayerApp.exe" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\FSClient.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\GamePanel.exe" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\indexeddbserver.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\InstallAgent.exe" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\LicenseManager.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\MCRecvSrc.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\mfcore.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\mfksproxy.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\mfnetcore.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\mfnetsrc.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\mfps.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\mfsensorgroup.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\mispace.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\msctf.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\mshtml.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\mstsc.exe" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\ntdll.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\schannel.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\shell32.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\smphost.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\storagewmi.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\storagewmi_passthru.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\StoreAgent.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\twinui.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\updatepolicy.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\vmnat.exe" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\vmnetdhcp.exe" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\vsocklib.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\win32kfull.sys" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\wincorlib.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\Windows.Media.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\Windows.Media.Speech.UXRes.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\windows.storage.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\WinTypes.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\wsp_fs.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\wsp_health.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\WWAHost.exe" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\X3DAudio1_3.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\X3DAudio1_4.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\X3DAudio1_5.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\X3DAudio1_6.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\X3DAudio1_7.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\xactengine3_0.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\xactengine3_1.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\xactengine3_2.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\xactengine3_3.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\xactengine3_4.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\xactengine3_5.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\xactengine3_6.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\xactengine3_7.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\XAPOFX1_0.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\XAPOFX1_1.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\XAPOFX1_2.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\XAPOFX1_3.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\XAPOFX1_4.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\XAPOFX1_5.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\XAudio2_0.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\XAudio2_1.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\XAudio2_2.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\XAudio2_3.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\XAudio2_4.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\XAudio2_5.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\XAudio2_6.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\XAudio2_7.dll" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Drivers\ClipSp.sys" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Drivers\dtlitescsibus.sys" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Drivers\dxgkrnl.sys" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Drivers\dxgmms1.sys" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Drivers\dxgmms2.sys" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Drivers\hvservice.sys" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Drivers\mbam.sys" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Drivers\mbamchameleon.sys" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Drivers\mwac.sys" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Drivers\ntfs.sys" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Drivers\nvhda64v.sys" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Drivers\pdc.sys" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Drivers\tap0901.sys" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Drivers\tcpip.sys" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Drivers\VBoxDrv.sys" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Drivers\VBoxNetAdp6.sys" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Drivers\vmci.sys" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Drivers\vmnet.sys" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Drivers\vmnetadapter.sys" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Drivers\vmnetbridge.sys" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Drivers\xinputhid.sys" => ":$CmdTcID" ADS not found. "C:\WINDOWS\system32\Drivers\XQHDrv.sys" => ":$CmdTcID" ADS not found. "C:\WINDOWS\SysWOW64\Drivers\XQHDrv.sys" => ":$CmdTcID" ADS not found. "C:\Users\Dan\Desktop\adwcleaner_6.010.exe" => ":$CmdTcID" ADS not found. C:\Users\Dan\Desktop\adwcleaner_6.010.exe => ":$CmdZnID" ADS removed successfully. "C:\Users\Dan\Desktop\FRST64.exe" => ":$CmdTcID" ADS not found. C:\Users\Dan\Desktop\FRST64.exe => ":$CmdZnID" ADS removed successfully. "C:\Users\Dan\Desktop\IE11.Win7.For.Windows.VMware.zip" => ":$CmdTcID" ADS not found. "C:\Users\Dan\Desktop\instance-1.rdp" => ":$CmdTcID" ADS not found. "C:\Users\Dan\Desktop\instance-2.rdp" => ":$CmdTcID" ADS not found. "C:\Users\Dan\Desktop\instance-3.rdp" => ":$CmdTcID" ADS not found. "C:\Users\Dan\Desktop\ipscan-win64-3.4.exe" => ":$CmdTcID" ADS not found. C:\Users\Dan\Desktop\JRT.exe => ":$CmdZnID" ADS removed successfully. "C:\Users\Dan\Desktop\setup.exe" => ":$CmdTcID" ADS not found. C:\Users\Dan\Desktop\setup.exe => ":$CmdZnID" ADS removed successfully. "C:\Users\Dan\Desktop\SweevaBot v1.1.exe" => ":$CmdTcID" ADS not found. "C:\Users\Dan\Desktop\WinFlashTool.exe" => ":$CmdTcID" ADS not found. "C:\Users\Dan\Downloads\0bbe499629459d556ce5702538b5779f502a61095620b.zip" => ":$CmdTcID" ADS not found. "C:\Users\Dan\Downloads\3152159" => ":$CmdTcID" ADS not found. C:\Users\Dan\Downloads\3152159 => ":$CmdZnID" ADS removed successfully. "C:\Users\Dan\Downloads\4kvideodownloader_4.1.exe" => ":$CmdTcID" ADS not found. C:\Users\Dan\Downloads\4kvideodownloader_4.1.exe => ":$CmdZnID" ADS removed successfully. "C:\Users\Dan\Downloads\4kyoutubetomp3_3.0.exe" => ":$CmdTcID" ADS not found. C:\Users\Dan\Downloads\4kyoutubetomp3_3.0.exe => ":$CmdZnID" ADS removed successfully. "C:\Users\Dan\Downloads\ArcInstall_PWI_v20160816a.exe" => ":$CmdTcID" ADS not found. "C:\Users\Dan\Downloads\Bitmessage.exe" => ":$CmdTcID" ADS not found. "C:\Users\Dan\Downloads\camfrog coin getter.apk" => ":$CmdTcID" ADS not found. "C:\Users\Dan\Downloads\cjoverkill.zip" => ":$CmdTcID" ADS not found. "C:\Users\Dan\Downloads\Cock hungry pov fetish babe - XVIDEOS.COM.mp3" => ":$CmdTcID" ADS not found. C:\Users\Dan\Downloads\Cock hungry pov fetish babe - XVIDEOS.COM.mp3 => ":$CmdZnID" ADS removed successfully. "C:\Users\Dan\Downloads\CyberLink_YouCam_Downloader.exe" => ":$CmdTcID" ADS not found. C:\Users\Dan\Downloads\CyberLink_YouCam_Downloader.exe => ":$CmdZnID" ADS removed successfully. "C:\Users\Dan\Downloads\ec2-52-35-99-222.us-west-2.compute.amazonaws.com.rdp" => ":$CmdTcID" ADS not found. "C:\Users\Dan\Downloads\faucetinabox-r63.zip" => ":$CmdTcID" ADS not found. C:\Users\Dan\Downloads\firefox-50.0a2.en-US.win32.installer-stub.exe => ":$CmdZnID" ADS removed successfully. "C:\Users\Dan\Downloads\freebitcodotintricks.txt" => ":$CmdTcID" ADS not found. "C:\Users\Dan\Downloads\FreemakeYouTubeToMP3BoomSetup.exe" => ":$CmdTcID" ADS not found. "C:\Users\Dan\Downloads\google play services.apk" => ":$CmdTcID" ADS not found. "C:\Users\Dan\Downloads\HitLeap Viewer.msi" => ":$CmdTcID" ADS not found. "C:\Users\Dan\Downloads\IE11.Win7.For.Windows.VMware.zip" => ":$CmdTcID" ADS not found. "C:\Users\Dan\Downloads\index(2).php" => ":$CmdTcID" ADS not found. C:\Users\Dan\Downloads\JavaSetup8u91.exe => ":$CmdZnID" ADS removed successfully. C:\Users\Dan\Downloads\LineInst.exe => ":$CmdZnID" ADS removed successfully. "C:\Users\Dan\Downloads\mbam-setup-2.2.1.1043.exe" => ":$CmdTcID" ADS not found. C:\Users\Dan\Downloads\mbam-setup-2.2.1.1043.exe => ":$CmdZnID" ADS removed successfully. "C:\Users\Dan\Downloads\paytoshi-faucet-v2.0.3.zip" => ":$CmdTcID" ADS not found. "C:\Users\Dan\Downloads\planets vs zombies 2.apk" => ":$CmdTcID" ADS not found. C:\Users\Dan\Downloads\planets vs zombies 2.apk => ":$CmdZnID" ADS removed successfully. C:\Users\Dan\Downloads\Pwi_ArcSetup.exe => ":$CmdZnID" ADS removed successfully. "C:\Users\Dan\Downloads\readme.txt" => ":$CmdTcID" ADS not found. "C:\Users\Dan\Downloads\RoboForm-Setup-ffbn1.exe" => ":$CmdTcID" ADS not found. "C:\Users\Dan\Downloads\TeamViewer_Setup_en.exe" => ":$CmdTcID" ADS not found. C:\Users\Dan\Downloads\TeamViewer_Setup_en.exe => ":$CmdZnID" ADS removed successfully. "C:\Users\Dan\Downloads\uthgard.setup.exe" => ":$CmdTcID" ADS not found. "C:\Users\Dan\Documents\README BeagleBone Black OR Raspberry PI.txt" => ":$CmdTcID" ADS not found. "C:\Users\Public\SwapMagic_v3.6.rar" => ":$CmdTcID" ADS not found. "C:\Users\Public\SwapMagic_v3.6.rar" => ":$CmdZnID" ADS not found. ==== End of Fixlog 19:24:04 ====
  4. Ok scans finished, thanks here is the logs: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016 Ran by Dan (administrator) on DAN-PC (10-09-2016 17:57:01) Running from C:\Users\Dan\Desktop Loaded Profiles: Dan (Available Profiles: Dan & DefaultAppPool) Platform: Windows 10 Home Version 1607 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\mqsvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Google Inc.) C:\Program Files (x86)\Google\Google Sitemap Generator\SitemapService.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe (Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-08-22] (Realtek Semiconductor) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3933496 2012-09-20] (Logitech, Inc.) HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1610936 2016-07-11] (COMODO) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944648 2015-08-22] (Synaptics Incorporated) HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\...\Run: [Google Update] => C:\Users\Dan\AppData\Local\Google\Update\GoogleUpdate.exe [107848 2015-05-14] (Google Inc.) HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files (x86)\DAEMON Tools Lite\DTAgent.exe [4468056 2015-09-15] (Disc Soft Ltd) HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3883856 2009-07-26] (Microsoft Corporation) HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110376 2016-09-02] (Siber Systems) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HandyAndy.lnk [2016-01-04] ShortcutTarget: HandyAndy.lnk -> C:\Program Files\Andy\HandyAndy.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{C932D2DC-603A-4CE0-8A4F-0007DB8566DF}: [NameServer] 8.8.8.8 8.8.4.4 Tcpip\..\Interfaces\{e9a8016c-db52-4631-8397-50afc0c28f43}: [NameServer] 71.10.216.1,71.10.216.2 Tcpip\..\Interfaces\{f4fe6a86-0552-4606-866b-4d5d78c5fee8}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset SearchScopes: HKLM -> {88B1022D-34D8-49BE-8A5B-535422D035A1} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA SearchScopes: HKLM-x32 -> {B1D1EC45-E08F-4184-8807-C75BE7B98131} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3476291681-2796092440-1313146854-1000 -> {1B67FD76-466C-4AB1-96F2-EDEEACB2E436} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA SearchScopes: HKU\S-1-5-21-3476291681-2796092440-1313146854-1000 -> {B404C806-FF88-4B55-9AF7-A78A21FE4A40} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default SearchScopes: HKU\S-1-5-21-3476291681-2796092440-1313146854-1000 -> {DDC667D0-6172-4F63-84C8-5718A7CFE10B} URL = hxxp://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-09-02] (Siber Systems Inc.) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation) BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2016-09-02] (Siber Systems Inc.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-07-22] (Oracle Corporation) BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Arc\Plugins\ArcPluginIE.dll [2016-08-12] (Perfect World Entertainment Inc) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-22] (Oracle Corporation) Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-09-02] (Siber Systems Inc.) Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2016-09-02] (Siber Systems Inc.) Toolbar: HKU\S-1-5-21-3476291681-2796092440-1313146854-1000 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-09-02] (Siber Systems Inc.) Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\q4fck7g2.default-1456504766998 FF DefaultSearchEngine.US: Google FF Homepage: google.com FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2016-02-28] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2016-02-28] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2016-02-28] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2016-02-28] (Foxit Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-22] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-22] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation) FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Arc\Plugins\npArcPluginFF.dll [2016-08-12] (Perfect World Entertainment Inc) FF Plugin-x32: @siber.com/RoboForm -> C:\Program Files (x86)\Siber Systems\AI RoboForm\chrome\plugin\np-rf-plugin.dll [2016-09-02] (Siber Systems Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN) FF Plugin HKU\S-1-5-21-3476291681-2796092440-1313146854-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Dan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google) FF Plugin HKU\S-1-5-21-3476291681-2796092440-1313146854-1000: @talk.google.com/O1DPlugin -> C:\Users\Dan\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google) FF Plugin HKU\S-1-5-21-3476291681-2796092440-1313146854-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Dan\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.) FF Plugin HKU\S-1-5-21-3476291681-2796092440-1313146854-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Dan\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.) FF Plugin HKU\S-1-5-21-3476291681-2796092440-1313146854-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Dan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-12-17] (Unity Technologies ApS) FF Plugin ProgramFiles/Appdata: C:\Users\Dan\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google) FF Plugin ProgramFiles/Appdata: C:\Users\Dan\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google) FF Extension: (Flash and Video Download) - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\q4fck7g2.default-1456504766998\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2016-08-17] FF Extension: (1-Click YouTube Video Downloader) - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\q4fck7g2.default-1456504766998\extensions\YoutubeDownloader@PeterOlayev.com.xpi [2016-08-23] FF Extension: (Firefox Hotfix) - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\q4fck7g2.default-1456504766998\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-08] FF Extension: (Video Downloader Prime) - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\q4fck7g2.default-1456504766998\Extensions\jid1-i6dUGvCrz2WZu8@jetpack.xpi [2016-08-08] FF Extension: (Video DownloadHelper) - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\q4fck7g2.default-1456504766998\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-08-08] FF Extension: (ADB Helper) - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\7z6i1g18.dev-edition-default\Extensions\adbhelper@mozilla.org [2016-08-08] FF Extension: (Valence) - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\7z6i1g18.dev-edition-default\Extensions\fxdevtools-adapters@mozilla.org [2016-08-08] FF Extension: (Skype) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25] FF HKLM-x32\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] - C:\Program Files (x86)\Fiddler2\FiddlerHook FF Extension: (FiddlerHook) - C:\Program Files (x86)\Fiddler2\FiddlerHook [2015-04-06] [not signed] FF HKLM-x32\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\netsight@nielsen.xpi => not found FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi FF Extension: (RoboForm Toolbar) - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi [2016-09-02] FF HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Firefox Developer Edition\firefox.exe Chrome: ======= CHR StartupUrls: Default -> "hxxps://us.yahoo.com/?fr=fpc-comodo&type=33010001006_8.4.0.5068_u_hp_sp" CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=orcl_default CHR DefaultSearchKeyword: Default -> Yahoo CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10 CHR Profile: C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Skype) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-06-05] CHR Extension: (Chrome RDP for Google Cloud Platform) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpbbnannobiobpnfblimoapbephgifkm [2016-05-21] CHR Extension: (Chrome Web Store Payments) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-20] CHR Extension: (Yahoo Partner) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nogdfjjfhknacchjpiccacoimeelkajb [2016-05-20] CHR Extension: (RoboForm Password Manager) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2016-03-19] CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2015-04-09] CHR HKLM-x32\...\Chrome\Extension: [gihfmmedoddijgnhkgfgnkeohkpbipol] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25] CHR HKLM-x32\...\Chrome\Extension: [nogdfjjfhknacchjpiccacoimeelkajb] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2015-04-09] Opera: ======= OPR Extension: (2048 AI - bitcoin) - C:\Users\Dan\AppData\Roaming\Opera Software\Opera Stable\Extensions\chfnopmklmpinabemlmldefhbhgkglmc [2015-12-03] OPR Extension: (RoboForm) - C:\Program Files (x86)\Siber Systems\AI RoboForm\Opera [2015-12-30] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2015-09-29] (SUPERAntiSpyware.com) S3 ArcService; C:\Program Files (x86)\Arc\ArcService.exe [88024 2016-08-12] (Perfect World Entertainment Inc) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-27] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-27] (Microsoft Corporation) S4 camfrog_update_service; C:\Program Files (x86)\Camfrog\Camfrog Video Chat\update\cf_update_service.exe [1063968 2016-03-15] (Camshare Inc.) R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70848 2015-09-13] (Comodo Security Solutions, Inc.) R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5817256 2016-07-11] (COMODO) S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2271928 2016-07-11] (COMODO) S3 Disc Soft Lite Bus Service; C:\Program Files (x86)\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-09-15] (Disc Soft Ltd) R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242880 2015-08-27] (Foxit Software Inc.) S4 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-09-13] (Comodo Security Solutions, Inc.) R2 GoogleSitemapGenerator; C:\Program Files (x86)\Google\Google Sitemap Generator\SitemapService.exe [704512 2009-12-31] (Google Inc.) [File not signed] R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-09-10] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-09-10] (Malwarebytes) S2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174088 2014-05-29] (Sandboxie Holdings, LLC) R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-06-13] (DEVGURU Co., LTD.) R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-08-22] (Synaptics Incorporated) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7534864 2016-08-31] (TeamViewer GmbH) S4 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed] S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [32224 2016-07-10] (COMODO) R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [851864 2016-07-10] (COMODO) R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [45600 2016-07-10] (COMODO) R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-09-15] (Disc Soft Ltd) R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-07-22] () R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [127232 2015-08-05] (COMODO) R3 ManyCam; C:\Windows\system32\DRIVERS\mcvidrv.sys [49304 2014-12-29] (Visicom Media Inc.) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-09-10] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-09-10] (Malwarebytes) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-09-10] (Malwarebytes Corporation) R3 mcaudrv_simple; C:\Windows\system32\drivers\mcaudrv_x64.sys [35992 2014-12-28] (Visicom Media Inc.) S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () S3 npf; C:\Windows\System32\drivers\npf.sys [36600 2015-11-15] (Riverbed Technology, Inc.) S3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek ) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-05-29] (Sandboxie Holdings, LLC) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-06-12] (Synaptics Incorporated) R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [45728 2015-08-22] (Toshiba Corporation) U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-09-09] () S1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [117768 2015-10-25] (Oracle Corporation) R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [146584 2015-10-15] (Oracle Corporation) R1 VBoxUSBMon; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [127432 2015-09-16] (BigNox Corporation) R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) R1 XQHDrv; C:\Windows\system32\DRIVERS\XQHDrv.sys [253384 2016-03-16] (BigNox Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-09-10 17:57 - 2016-09-10 17:57 - 00024670 _____ C:\Users\Dan\Desktop\FRST.txt 2016-09-10 02:12 - 2016-09-10 08:30 - 00000000 ____D C:\AdwCleaner 2016-09-10 01:26 - 2016-09-10 01:27 - 22851472 _____ (Malwarebytes ) C:\Users\Dan\Downloads\mbam-setup-2.2.1.1043.exe 2016-09-09 23:10 - 2016-09-09 23:10 - 00000000 ____D C:\WINDOWS\Panther 2016-09-09 20:57 - 2016-09-09 20:57 - 00000910 _____ C:\Users\Public\Desktop\RogueKiller.lnk 2016-09-09 20:57 - 2016-09-09 20:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller 2016-09-09 20:57 - 2016-09-09 20:57 - 00000000 ____D C:\Program Files\RogueKiller 2016-09-09 20:55 - 2016-09-10 08:55 - 01610560 _____ (Malwarebytes) C:\Users\Dan\Desktop\JRT.exe 2016-09-09 20:55 - 2016-09-10 02:12 - 03826240 _____ C:\Users\Dan\Desktop\adwcleaner_6.010.exe 2016-09-09 20:55 - 2016-09-09 20:57 - 33106704 _____ (Adlice Software ) C:\Users\Dan\Desktop\setup.exe 2016-09-09 09:27 - 2016-09-10 17:57 - 00000000 ____D C:\FRST 2016-09-09 09:10 - 2016-09-09 09:27 - 02397696 _____ (Farbar) C:\Users\Dan\Desktop\FRST64.exe 2016-09-08 21:45 - 2016-09-08 21:45 - 23682560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 22571008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 19418624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 08124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 06044672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 04612096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 04130944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 03893376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 02913104 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 02289664 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 02190688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2016-09-08 21:45 - 2016-09-08 21:45 - 02166232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 01992704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 01859264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 01453992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 01430200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 01403392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Editing.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 01282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 01081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 01077760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 01071728 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 00804864 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 00743424 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 00554496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe 2016-09-08 21:45 - 2016-09-08 21:45 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 00244816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\C_G18030.DLL 2016-09-08 21:45 - 2016-09-08 21:45 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\C_G18030.DLL 2016-09-08 21:45 - 2016-09-08 21:45 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe 2016-09-08 21:45 - 2016-09-08 21:45 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe 2016-09-08 21:45 - 2016-09-08 21:45 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe 2016-09-08 21:45 - 2016-09-08 21:45 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 00121368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 00073568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys 2016-09-08 21:45 - 2016-09-08 21:45 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\C_IS2022.DLL 2016-09-08 21:45 - 2016-09-08 21:45 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\C_IS2022.DLL 2016-09-08 21:44 - 2016-09-08 21:44 - 22218808 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 20965240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 19423232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 09128448 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 07624192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 07219672 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 05722312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 03245056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 02846208 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 02711040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 02315264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 02264064 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 02143232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 01690112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 01643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 01377008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe 2016-09-08 21:44 - 2016-09-08 21:44 - 01279328 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 01267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 01220608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 01099608 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2016-09-08 21:44 - 2016-09-08 21:44 - 01014784 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 01006080 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 00987992 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2016-09-08 21:44 - 2016-09-08 21:44 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 00857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe 2016-09-08 21:44 - 2016-09-08 21:44 - 00852824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 00846552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 00806912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 00782176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe 2016-09-08 21:44 - 2016-09-08 21:44 - 00726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 00681312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ClipSp.sys 2016-09-08 21:44 - 2016-09-08 21:44 - 00658776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2016-09-08 21:44 - 2016-09-08 21:44 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2016-09-08 21:44 - 2016-09-08 21:44 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 00204288 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\DscCoreConfProv.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 00178528 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ClipboardServer.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 00141824 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\SysWOW64\DscCoreConfProv.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe 2016-09-08 21:44 - 2016-09-08 21:44 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2016-09-08 21:44 - 2016-09-08 21:44 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerSvc.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\delegatorprovider.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi_passthru.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\smphost.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smphost.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\delegatorprovider.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi_passthru.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\c_GSM7.DLL 2016-09-08 21:43 - 2016-09-08 21:43 - 07814488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2016-09-08 21:43 - 2016-09-08 21:43 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 03617792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2016-09-08 21:43 - 2016-09-08 21:43 - 03299328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe 2016-09-08 21:43 - 2016-09-08 21:43 - 03105792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe 2016-09-08 21:43 - 2016-09-08 21:43 - 02999296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2016-09-08 21:43 - 2016-09-08 21:43 - 02680832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 02537824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2016-09-08 21:43 - 2016-09-08 21:43 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 02257248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2016-09-08 21:43 - 2016-09-08 21:43 - 01906176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 01883784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 01875456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 01570680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 01349120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2016-09-08 21:43 - 2016-09-08 21:43 - 01316352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 01264912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 01163696 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2016-09-08 21:43 - 2016-09-08 21:43 - 01106944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 01046976 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2016-09-08 21:43 - 2016-09-08 21:43 - 00944640 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 00942424 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi 2016-09-08 21:43 - 2016-09-08 21:43 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 00885832 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2016-09-08 21:43 - 2016-09-08 21:43 - 00807776 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe 2016-09-08 21:43 - 2016-09-08 21:43 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe 2016-09-08 21:43 - 2016-09-08 21:43 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 00642048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe 2016-09-08 21:43 - 2016-09-08 21:43 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe 2016-09-08 21:43 - 2016-09-08 21:43 - 00590952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.UXRes.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.UXRes.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe 2016-09-08 21:43 - 2016-09-08 21:43 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 00410624 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfksproxy.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipboardServer.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2016-09-08 21:43 - 2016-09-08 21:43 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfksproxy.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 00108384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys 2016-09-08 21:43 - 2016-09-08 21:43 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CastLaunch.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys 2016-09-08 21:43 - 2016-09-08 21:43 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\encapi.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\encapi.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 00020320 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\c_GSM7.DLL 2016-09-08 21:43 - 2016-08-20 01:21 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2016-09-08 21:43 - 2016-08-20 01:16 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2016-09-08 21:43 - 2016-08-18 21:33 - 00162850 _____ C:\WINDOWS\system32\C_932.NLS 2016-09-08 20:01 - 2016-09-08 20:01 - 00000000 ____D C:\Windows.old 2016-09-08 20:00 - 2016-09-08 20:00 - 17187328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 13867520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 13433856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 13080576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 12345344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 12174336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 09260032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmploc.DLL 2016-09-08 20:00 - 2016-09-08 20:00 - 09260032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmploc.DLL 2016-09-08 20:00 - 2016-09-08 20:00 - 05622600 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe 2016-09-08 20:00 - 2016-09-08 20:00 - 03116032 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAJApi.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 02745224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 02422784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAJApi.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 02370048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 02251432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 02095616 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2016-09-08 20:00 - 2016-09-08 20:00 - 02026496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2016-09-08 20:00 - 2016-09-08 20:00 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 01847048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 01812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 01780736 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 01694200 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 01595904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 01557296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2016-09-08 20:00 - 2016-09-08 20:00 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 01469120 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 01343928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 01176664 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 01082368 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 01066328 _____ (Microsoft Corporation) C:\WINDOWS\system32\pidgenx.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 01066096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 01062400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 01052672 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00955008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00939872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pidgenx.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00790760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00758784 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00665768 _____ (Microsoft Corporation) C:\WINDOWS\system32\GenValObj.exe 2016-09-08 20:00 - 2016-09-08 20:00 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00619368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2016-09-08 20:00 - 2016-09-08 20:00 - 00595488 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00587968 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00584032 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe 2016-09-08 20:00 - 2016-09-08 20:00 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00538112 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00529928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00526848 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\system32\w32time.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00509784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe 2016-09-08 20:00 - 2016-09-08 20:00 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00450400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys 2016-09-08 20:00 - 2016-09-08 20:00 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\das.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00435040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys 2016-09-08 20:00 - 2016-09-08 20:00 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00408600 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsmf.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00396168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00381760 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe 2016-09-08 20:00 - 2016-09-08 20:00 - 00361096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsmf.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00354264 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe 2016-09-08 20:00 - 2016-09-08 20:00 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00327680 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00321280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe 2016-09-08 20:00 - 2016-09-08 20:00 - 00313560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_WorkAccess.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe 2016-09-08 20:00 - 2016-09-08 20:00 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafpos.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpipcfg.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbvideo.sys 2016-09-08 20:00 - 2016-09-08 20:00 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00224096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys 2016-09-08 20:00 - 2016-09-08 20:00 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2016-09-08 20:00 - 2016-09-08 20:00 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tcpipcfg.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00168800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2016-09-08 20:00 - 2016-09-08 20:00 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys 2016-09-08 20:00 - 2016-09-08 20:00 - 00151224 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\slc.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00128352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys 2016-09-08 20:00 - 2016-09-08 20:00 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slc.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppc.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dasHost.exe 2016-09-08 20:00 - 2016-09-08 20:00 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncPolicy.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00077664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys 2016-09-08 20:00 - 2016-09-08 20:00 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncPolicy.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModelOOBE.exe 2016-09-08 20:00 - 2016-09-08 20:00 - 00050880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2016-09-08 20:00 - 2016-09-08 20:00 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceassociation.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00044472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe 2016-09-08 20:00 - 2016-09-08 20:00 - 00041824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SysResetErr.exe 2016-09-08 20:00 - 2016-09-08 20:00 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys 2016-09-08 20:00 - 2016-09-08 20:00 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys 2016-09-08 20:00 - 2016-09-08 20:00 - 00036168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfpmp.exe 2016-09-08 20:00 - 2016-09-08 20:00 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceassociation.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\netiougc.exe 2016-09-08 20:00 - 2016-09-08 20:00 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netiougc.exe 2016-09-08 20:00 - 2016-09-08 20:00 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanhlp.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.exe 2016-09-08 20:00 - 2016-09-08 20:00 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\spwmp.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spwmp.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdxm.ocx 2016-09-08 20:00 - 2016-09-08 20:00 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxmasf.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdxm.ocx 2016-09-08 20:00 - 2016-09-08 20:00 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxmasf.dll 2016-09-08 19:57 - 2016-09-08 19:57 - 01708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll 2016-09-08 19:57 - 2016-09-08 19:57 - 01656320 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2016-09-08 19:57 - 2016-09-08 19:57 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2016-09-08 19:57 - 2016-09-08 19:57 - 01456640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2016-09-08 19:57 - 2016-09-08 19:57 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll 2016-09-08 19:57 - 2016-09-08 19:57 - 00770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll 2016-09-08 19:57 - 2016-09-08 19:57 - 00509952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll 2016-09-08 19:57 - 2016-09-08 19:57 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll 2016-09-08 19:57 - 2016-09-08 19:57 - 00389000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll 2016-09-08 19:57 - 2016-09-08 19:57 - 00297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll 2016-09-08 19:57 - 2016-09-08 19:57 - 00062816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys 2016-09-08 19:55 - 2016-09-08 19:55 - 00008192 _____ C:\WINDOWS\system32\config\userdiff 2016-09-08 19:55 - 2016-09-08 16:08 - 00000000 ____D C:\WINDOWS\ServiceProfiles 2016-09-08 19:51 - 2016-09-08 19:51 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IIS 2016-09-08 19:51 - 2016-09-08 19:51 - 00000000 ____D C:\WINDOWS\SysWOW64\BestPractices 2016-09-08 19:51 - 2016-09-08 19:51 - 00000000 ____D C:\WINDOWS\system32\msmq 2016-09-08 19:51 - 2016-09-08 19:51 - 00000000 ____D C:\WINDOWS\system32\BestPractices 2016-09-08 19:51 - 2016-09-08 19:51 - 00000000 ____D C:\Program Files\Reference Assemblies 2016-09-08 19:51 - 2016-09-08 19:51 - 00000000 ____D C:\Program Files\MSBuild 2016-09-08 19:51 - 2016-09-08 19:51 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies 2016-09-08 19:51 - 2016-09-08 19:51 - 00000000 ____D C:\inetpub 2016-09-08 19:51 - 2016-09-08 16:21 - 00000000 ____D C:\Program Files (x86)\MSBuild 2016-09-08 19:50 - 2016-05-25 15:03 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll 2016-09-08 19:50 - 2016-05-25 15:03 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2016-09-08 19:50 - 2016-05-25 15:03 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe 2016-09-08 19:49 - 2016-09-08 19:49 - 00199008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys 2016-09-08 19:49 - 2016-05-25 18:31 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll 2016-09-08 19:49 - 2016-05-25 18:31 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2016-09-08 19:49 - 2016-05-25 18:31 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe 2016-09-08 18:45 - 2016-09-08 18:45 - 00000000 ____D C:\ProgramData\Microsoft OneDrive 2016-09-08 18:37 - 2016-09-08 18:37 - 00000000 ____D C:\ProgramData\USOShared 2016-09-08 18:36 - 2016-09-08 23:05 - 00000000 ____D C:\Users\Dan\AppData\Local\ConnectedDevicesPlatform 2016-09-08 18:36 - 2016-09-08 18:36 - 00000020 ___SH C:\Users\Dan\ntuser.ini 2016-09-08 18:35 - 2016-09-08 18:35 - 00000000 _SHDL C:\Users\Default\My Documents 2016-09-08 18:35 - 2016-09-08 18:35 - 00000000 _SHDL C:\Users\Default\Documents\My Videos 2016-09-08 18:35 - 2016-09-08 18:35 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures 2016-09-08 18:35 - 2016-09-08 18:35 - 00000000 _SHDL C:\Users\Default\Documents\My Music 2016-09-08 18:35 - 2016-09-08 18:35 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos 2016-09-08 18:35 - 2016-09-08 18:35 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures 2016-09-08 18:35 - 2016-09-08 18:35 - 00000000 _SHDL C:\Users\Default User\Documents\My Music 2016-09-08 18:32 - 2016-09-08 18:34 - 00011433 _____ C:\WINDOWS\diagwrn.xml 2016-09-08 18:32 - 2016-09-08 18:34 - 00011433 _____ C:\WINDOWS\diagerr.xml 2016-09-08 18:28 - 2016-09-10 17:58 - 00004146 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7754FD6A-40D6-4E51-A895-D19D89F09CA7} 2016-09-08 18:28 - 2016-09-10 16:10 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-09-08 18:28 - 2016-09-08 18:28 - 00003560 _____ C:\WINDOWS\System32\Tasks\Open URL by RoboForm 2016-09-08 18:28 - 2016-09-08 18:28 - 00003432 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2016-09-08 18:28 - 2016-09-08 18:28 - 00003208 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2016-09-08 18:28 - 2016-09-08 18:28 - 00003164 _____ C:\WINDOWS\System32\Tasks\TechSmith Updater 2016-09-08 18:28 - 2016-09-08 18:28 - 00003088 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2016-09-08 18:28 - 2016-09-08 18:28 - 00002942 _____ C:\WINDOWS\System32\Tasks\Run RoboForm TaskBar Icon 2016-09-08 18:28 - 2016-09-08 18:28 - 00002674 _____ C:\WINDOWS\System32\Tasks\{58C9B70C-2DDF-44F7-99E2-7129893F5876} 2016-09-08 18:28 - 2016-09-08 18:28 - 00002590 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask 2016-09-08 18:28 - 2016-09-08 18:28 - 00002352 _____ C:\WINDOWS\System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} 2016-09-08 18:28 - 2016-09-08 18:28 - 00002306 _____ C:\WINDOWS\System32\Tasks\{69747253-5E66-4A83-9329-DA7A058E0BA1} 2016-09-08 18:28 - 2016-09-08 18:28 - 00002256 _____ C:\WINDOWS\System32\Tasks\{FFAE0CB4-4EC2-4BE6-9DE3-C858B4B32D7E} 2016-09-08 18:28 - 2016-09-08 18:28 - 00002244 _____ C:\WINDOWS\System32\Tasks\{7912A3F2-D477-4D53-8473-E278F26B8463} 2016-09-08 18:28 - 2016-09-08 18:28 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD 2016-09-08 18:28 - 2016-09-08 18:28 - 00000000 ____D C:\WINDOWS\System32\Tasks\SmartFTP 2016-09-08 18:28 - 2016-09-08 18:28 - 00000000 ____D C:\WINDOWS\System32\Tasks\Games 2016-09-08 18:28 - 2016-09-08 18:28 - 00000000 ____D C:\WINDOWS\System32\Tasks\COMODO 2016-09-08 18:28 - 2015-09-13 15:50 - 00000000 _____ C:\WINDOWS\System32\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82} 2016-09-08 18:28 - 2015-09-13 15:49 - 00000000 _____ C:\WINDOWS\System32\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805} 2016-09-08 16:27 - 2016-09-08 16:27 - 00001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2016-09-08 16:27 - 2016-09-08 16:27 - 00000000 ____D C:\Users\Default\AppData\Roaming\Media Center Programs 2016-09-08 16:27 - 2016-09-08 16:27 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help 2016-09-08 16:27 - 2016-09-08 16:27 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Media Center Programs 2016-09-08 16:27 - 2016-09-08 16:27 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help 2016-09-08 16:21 - 2016-09-08 16:28 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate 2016-09-08 16:21 - 2016-09-08 16:21 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines 2016-09-08 16:18 - 2016-09-10 00:56 - 00000000 ____D C:\Users\Dan 2016-09-08 16:18 - 2016-09-08 18:22 - 00000000 ____D C:\Users\DefaultAppPool 2016-09-08 16:18 - 2016-09-08 16:18 - 00000000 _SHDL C:\Users\DefaultAppPool\My Documents 2016-09-08 16:18 - 2016-09-08 16:18 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Videos 2016-09-08 16:18 - 2016-09-08 16:18 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Pictures 2016-09-08 16:18 - 2016-09-08 16:18 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Music 2016-09-08 16:18 - 2016-09-08 16:18 - 00000000 _SHDL C:\Users\Dan\My Documents 2016-09-08 16:18 - 2016-09-08 16:18 - 00000000 _SHDL C:\Users\Dan\Documents\My Videos 2016-09-08 16:18 - 2016-09-08 16:18 - 00000000 _SHDL C:\Users\Dan\Documents\My Pictures 2016-09-08 16:18 - 2016-09-08 16:18 - 00000000 _SHDL C:\Users\Dan\Documents\My Music 2016-09-08 16:16 - 2016-09-10 09:31 - 01182916 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-09-08 16:16 - 2016-09-08 16:16 - 00975840 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI 2016-09-08 16:13 - 2016-09-08 16:22 - 00000000 ____D C:\ProgramData\NVIDIA 2016-09-08 16:13 - 2016-09-08 16:13 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf 2016-09-08 16:13 - 2016-09-08 16:13 - 00000000 ____H C:\ProgramData\DP45977C.lfl 2016-09-08 16:13 - 2016-09-08 16:13 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM 2016-09-08 16:13 - 2016-09-08 16:13 - 00000000 ____D C:\WINDOWS\system32\DAX2 2016-09-08 16:13 - 2016-09-08 16:13 - 00000000 ____D C:\Program Files\Realtek 2016-09-08 16:12 - 2016-09-08 16:12 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf 2016-09-08 16:12 - 2016-09-08 16:12 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2016-09-08 16:12 - 2016-09-08 16:12 - 00000000 ____D C:\Program Files\Synaptics 2016-09-08 16:12 - 2016-09-08 16:12 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2016-09-08 16:12 - 2016-07-16 07:41 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll 2016-09-08 16:12 - 2015-10-13 13:26 - 06783280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll 2016-09-08 16:12 - 2015-10-13 13:26 - 03522168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll 2016-09-08 16:12 - 2015-10-13 13:26 - 02557616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll 2016-09-08 16:12 - 2015-10-13 13:26 - 00933168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe 2016-09-08 16:12 - 2015-10-13 13:26 - 00384176 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll 2016-09-08 16:12 - 2015-10-13 13:26 - 00062584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll 2016-09-08 16:12 - 2015-10-13 12:19 - 05972783 _____ C:\WINDOWS\system32\nvcoproc.bin 2016-09-08 16:08 - 2016-09-10 17:32 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2016-09-08 16:08 - 2016-09-08 21:58 - 00287608 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-08-31 21:44 - 2016-08-31 21:44 - 00001926 _____ C:\Users\Dan\Desktop\Swat4X.exe - Shortcut.lnk 2016-08-31 20:08 - 2016-09-08 16:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\S.W.A.T. 4 2016-08-31 20:05 - 2016-08-31 20:21 - 00000000 ____D C:\Program Files (x86)\S.W.A.T. 4 2016-08-24 23:59 - 2016-08-25 03:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-08-19 00:57 - 2016-08-19 00:57 - 00001291 _____ C:\Users\Dan\Desktop\Hyper-qt.exe - Shortcut.lnk 2016-08-18 23:45 - 2016-08-19 01:09 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Hyper 2016-08-18 13:35 - 2016-08-18 13:35 - 00000000 ___HD C:\ArcTemp 2016-08-18 13:32 - 2016-08-18 13:35 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Arc 2016-08-18 13:32 - 2016-08-18 13:32 - 00000000 ____D C:\Users\Public\Documents\Arc 2016-08-18 13:31 - 2016-09-08 16:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment 2016-08-18 13:31 - 2016-08-18 19:31 - 00000000 ____D C:\Program Files (x86)\Arc 2016-08-18 13:31 - 2016-08-18 13:31 - 00001632 _____ C:\Users\Public\Desktop\PWI.lnk 2016-08-18 13:31 - 2016-08-18 13:31 - 00001604 _____ C:\Users\Public\Desktop\Arc.lnk 2016-08-18 13:29 - 2016-08-18 13:29 - 10890128 _____ (Perfect World Entertainment) C:\Users\Dan\Downloads\ArcInstall_PWI_v20160816a.exe 2016-08-18 13:29 - 2016-08-18 13:29 - 00000000 ____D C:\Users\Dan\Downloads\Log 2016-08-18 13:26 - 2016-08-18 13:28 - 01048232 _____ (Perfect World Entertainment) C:\Users\Dan\Downloads\Pwi_ArcSetup.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-09-10 17:50 - 2015-09-13 16:01 - 01474832 _____ C:\WINDOWS\system32\Drivers\sfi.dat 2016-09-10 16:38 - 2015-03-08 12:24 - 00000000 ____D C:\Games 2016-09-10 16:15 - 2014-12-01 09:09 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-09-10 16:09 - 2016-07-16 02:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI 2016-09-10 08:37 - 2014-12-01 09:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-09-10 01:30 - 2014-12-01 09:09 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2016-09-10 01:30 - 2014-12-01 09:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2016-09-10 01:30 - 2014-12-01 09:09 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2016-09-10 01:30 - 2014-12-01 09:09 - 00001186 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-09-10 01:30 - 2014-12-01 09:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-09-10 01:22 - 2014-11-13 12:14 - 00000000 ____D C:\Users\Dan\AppData\Local\CrashDumps 2016-09-10 00:42 - 2016-07-16 07:45 - 00000000 ____D C:\WINDOWS\INF 2016-09-09 23:20 - 2015-02-03 01:40 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys 2016-09-09 22:30 - 2015-02-04 02:04 - 00000000 ____D C:\Users\Dan\AppData\Local\ElevatedDiagnostics 2016-09-09 21:48 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-09-09 20:49 - 2014-11-05 01:37 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Skype 2016-09-09 18:49 - 2015-07-19 12:12 - 00000000 ____D C:\Users\Dan\AppData\Roaming\vlc 2016-09-09 16:32 - 2016-07-16 07:47 - 00000000 ___HD C:\Program Files\WindowsApps 2016-09-09 14:12 - 2014-11-05 01:36 - 00000000 ____D C:\ProgramData\Skype 2016-09-09 14:11 - 2015-09-25 14:59 - 00000000 ___RD C:\Program Files (x86)\Skype 2016-09-09 03:16 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\appcompat 2016-09-08 22:54 - 2015-08-22 17:52 - 00000000 __RHD C:\Users\Public\AccountPictures 2016-09-08 21:56 - 2016-07-16 07:47 - 00000000 ___SD C:\WINDOWS\system32\dsc 2016-09-08 21:56 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2016-09-08 21:56 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\lv-LV 2016-09-08 21:56 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\lt-LT 2016-09-08 21:56 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\et-EE 2016-09-08 21:56 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\es-MX 2016-09-08 21:56 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\en-GB 2016-09-08 21:55 - 2016-07-16 07:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2016-09-08 21:55 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\ShellExperiences 2016-09-08 21:55 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\Provisioning 2016-09-08 21:52 - 2016-07-16 07:49 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2016-09-08 21:52 - 2016-07-16 07:49 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2016-09-08 21:52 - 2016-07-16 07:36 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-09-08 20:06 - 2016-07-16 07:47 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template 2016-09-08 20:00 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\appraiser 2016-09-08 19:51 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv 2016-09-08 19:51 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\inetsrv 2016-09-08 19:50 - 2016-07-16 07:44 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqsnap.dll 2016-09-08 19:50 - 2016-07-16 07:44 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqutil.dll 2016-09-08 19:50 - 2016-07-16 07:44 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.dll 2016-09-08 19:50 - 2016-07-16 07:44 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll 2016-09-08 19:50 - 2016-07-16 07:44 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqrt.dll 2016-09-08 19:50 - 2016-07-16 07:44 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.tlb 2016-09-08 19:50 - 2016-07-16 07:44 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa30.tlb 2016-09-08 19:50 - 2016-07-16 07:44 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa20.tlb 2016-09-08 19:50 - 2016-07-16 07:44 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll 2016-09-08 19:50 - 2016-07-16 07:44 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa10.tlb 2016-09-08 19:50 - 2016-07-16 07:44 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll 2016-09-08 19:50 - 2016-07-16 07:44 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe 2016-09-08 19:50 - 2016-07-16 07:44 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqcertui.dll 2016-09-08 19:50 - 2016-07-16 07:44 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll 2016-09-08 19:50 - 2016-07-16 07:44 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll 2016-09-08 19:50 - 2016-07-16 07:44 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cngkeyhelper.dll 2016-09-08 19:50 - 2016-07-16 07:44 - 00009096 _____ C:\WINDOWS\SysWOW64\msmqtrc.mof 2016-09-08 19:50 - 2016-07-16 07:43 - 01414144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll 2016-09-08 19:50 - 2016-07-16 07:43 - 00785408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsnap.dll 2016-09-08 19:50 - 2016-07-16 07:43 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqutil.dll 2016-09-08 19:50 - 2016-07-16 07:43 - 00471040 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll 2016-09-08 19:50 - 2016-07-16 07:43 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll 2016-09-08 19:50 - 2016-07-16 07:43 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.dll 2016-09-08 19:50 - 2016-07-16 07:43 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqrt.dll 2016-09-08 19:50 - 2016-07-16 07:43 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll 2016-09-08 19:50 - 2016-07-16 07:43 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll 2016-09-08 19:50 - 2016-07-16 07:43 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys 2016-09-08 19:50 - 2016-07-16 07:43 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqlogmgr.dll 2016-09-08 19:50 - 2016-07-16 07:43 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.tlb 2016-09-08 19:50 - 2016-07-16 07:43 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa30.tlb 2016-09-08 19:50 - 2016-07-16 07:43 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll 2016-09-08 19:50 - 2016-07-16 07:43 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll 2016-09-08 19:50 - 2016-07-16 07:43 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa20.tlb 2016-09-08 19:50 - 2016-07-16 07:43 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll 2016-09-08 19:50 - 2016-07-16 07:43 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll 2016-09-08 19:50 - 2016-07-16 07:43 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqbkup.exe 2016-09-08 19:50 - 2016-07-16 07:43 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll 2016-09-08 19:50 - 2016-07-16 07:43 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa10.tlb 2016-09-08 19:50 - 2016-07-16 07:43 - 00029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspperf.dll 2016-09-08 19:50 - 2016-07-16 07:43 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe 2016-09-08 19:50 - 2016-07-16 07:43 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe 2016-09-08 19:50 - 2016-07-16 07:43 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspperf.dll 2016-09-08 19:50 - 2016-07-16 07:43 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll 2016-09-08 19:50 - 2016-07-16 07:43 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe 2016-09-08 19:50 - 2016-07-16 07:43 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe 2016-09-08 19:50 - 2016-07-16 07:43 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe 2016-09-08 19:50 - 2016-07-16 07:43 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcertui.dll 2016-09-08 19:50 - 2016-07-16 07:43 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll 2016-09-08 19:50 - 2016-07-16 07:43 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll 2016-09-08 19:50 - 2016-07-16 07:43 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\cngkeyhelper.dll 2016-09-08 19:50 - 2016-07-16 07:43 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll 2016-09-08 19:50 - 2016-07-16 07:43 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll 2016-09-08 19:50 - 2016-07-16 07:43 - 00009096 _____ C:\WINDOWS\system32\msmqtrc.mof 2016-09-08 19:50 - 2016-07-16 07:43 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll 2016-09-08 19:50 - 2016-07-16 07:43 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll 2016-09-08 19:50 - 2016-07-16 07:43 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnlobby.dll 2016-09-08 19:50 - 2016-07-16 07:43 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnaddr.dll 2016-09-08 19:50 - 2016-07-16 07:43 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnlobby.dll 2016-09-08 19:50 - 2016-07-16 07:43 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnaddr.dll 2016-09-08 19:36 - 2015-08-22 17:52 - 00000000 ____D C:\Users\Dan\AppData\Local\Packages 2016-09-08 19:28 - 2015-12-04 03:58 - 00000258 __RSH C:\ProgramData\ntuser.pol 2016-09-08 18:46 - 2015-08-22 18:00 - 00002409 _____ C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-09-08 18:46 - 2015-08-22 18:00 - 00000000 ___RD C:\Users\Dan\OneDrive 2016-09-08 18:45 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\rescache 2016-09-08 18:37 - 2016-07-16 07:47 - 00000000 ____D C:\ProgramData\USOPrivate 2016-09-08 18:32 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase 2016-09-08 18:32 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\Registration 2016-09-08 18:32 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated 2016-09-08 18:28 - 2015-08-22 17:36 - 00022840 _____ C:\WINDOWS\system32\emptyregdb.dat 2016-09-08 18:27 - 2016-07-16 07:47 - 00000000 __RSD C:\WINDOWS\Media 2016-09-08 18:27 - 2016-07-16 07:47 - 00000000 __RHD C:\Users\Public\Libraries 2016-09-08 16:28 - 2016-07-16 19:25 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LINE 2016-09-08 16:28 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\ModemLogs 2016-09-08 16:28 - 2016-07-16 07:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2016-09-08 16:28 - 2016-06-19 07:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2016-09-08 16:28 - 2016-05-13 14:58 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Uthgard 2016-09-08 16:28 - 2016-04-04 22:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake 2016-09-08 16:28 - 2016-03-16 19:42 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Nox 2016-09-08 16:28 - 2016-02-28 17:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader 2016-09-08 16:28 - 2016-02-23 09:50 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2016-09-08 16:28 - 2016-02-23 09:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2016-09-08 16:28 - 2016-01-07 20:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Second Life Viewer 2016-09-08 16:28 - 2016-01-05 13:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy 2016-09-08 16:28 - 2016-01-04 14:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Andy 2016-09-08 16:28 - 2016-01-04 14:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware 2016-09-08 16:28 - 2015-12-17 14:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie 2016-09-08 16:28 - 2015-12-10 13:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Altab Holdem 2016-09-08 16:28 - 2015-11-29 15:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Port Scanner v2 2016-09-08 16:28 - 2015-11-27 01:57 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nmap 2016-09-08 16:28 - 2015-11-16 18:12 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Telegram Desktop 2016-09-08 16:28 - 2015-11-14 02:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GSA Search Engine Ranker 2016-09-08 16:28 - 2015-11-12 18:23 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Article Submitter 2016-09-08 16:28 - 2015-10-30 05:07 - 00000000 ____D C:\WINDOWS\ShellNew 2016-09-08 16:28 - 2015-10-26 04:34 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cyberfetch 2016-09-08 16:28 - 2015-10-25 03:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox 2016-09-08 16:28 - 2015-10-23 17:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SL Genie 2016-09-08 16:28 - 2015-10-21 20:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Writer 2016-09-08 16:28 - 2015-10-15 12:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Technitium MAC Address Changer v6 2016-09-08 16:28 - 2015-10-13 19:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartFTP Client 2016-09-08 16:28 - 2015-09-29 18:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware 2016-09-08 16:28 - 2015-09-27 21:09 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CoffeeCup Software 2016-09-08 16:28 - 2015-09-21 02:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warships 2016-09-08 16:28 - 2015-09-15 02:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite 2016-09-08 16:28 - 2015-08-23 15:15 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Litecoin Core 2016-09-08 16:28 - 2015-08-16 19:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spellcraft Calculator 2016-09-08 16:28 - 2015-08-01 18:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Moras Equipment Planer 2016-09-08 16:28 - 2015-07-28 22:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars 2016-09-08 16:28 - 2015-07-18 22:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManyCam 2016-09-08 16:28 - 2015-06-16 16:02 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Camfrog Video Chat 2016-09-08 16:28 - 2015-06-04 18:13 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps 2016-09-08 16:28 - 2015-06-04 18:11 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome 2016-09-08 16:28 - 2015-05-26 23:56 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paltalk Messenger 2016-09-08 16:28 - 2015-05-09 18:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4K Download 2016-09-08 16:28 - 2015-05-03 17:34 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HunterCoin 2016-09-08 16:28 - 2015-04-09 15:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm 2016-09-08 16:28 - 2015-04-05 20:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech 2016-09-08 16:28 - 2015-04-02 15:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USB Scale PC Program 2016-09-08 16:28 - 2015-03-30 21:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2016-09-08 16:28 - 2015-03-02 13:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2016-09-08 16:28 - 2015-02-24 21:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Sitemap Generator 2016-09-08 16:28 - 2015-02-18 01:32 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2016-09-08 16:28 - 2015-02-11 19:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2016-09-08 16:28 - 2015-02-11 02:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC 2016-09-08 16:28 - 2015-02-09 17:45 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paycoin 2016-09-08 16:28 - 2014-12-12 16:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ KillDisk 9.1 2016-09-08 16:28 - 2014-11-24 15:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MultiBit 2016-09-08 16:28 - 2014-11-23 16:08 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Peerunity 2016-09-08 16:28 - 2014-11-23 16:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quark 2016-09-08 16:28 - 2014-11-23 16:01 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Primecoin 2016-09-08 16:28 - 2014-11-23 16:00 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Litecoin 2016-09-08 16:28 - 2014-11-22 10:20 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dogecoin Core 2016-09-08 16:28 - 2014-11-15 18:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OE Classic 2016-09-08 16:28 - 2014-11-15 18:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn 2016-09-08 16:28 - 2014-11-13 08:59 - 00000000 ____D C:\ProgramData\regid.1995-08.com.techsmith 2016-09-08 16:28 - 2014-11-13 08:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith 2016-09-08 16:28 - 2014-10-19 23:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eyeball Chat 2016-09-08 16:28 - 2014-10-12 19:32 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitcoin Core 2016-09-08 16:28 - 2014-10-12 19:15 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2016-09-08 16:28 - 2014-10-12 19:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2016-09-08 16:28 - 2014-10-12 17:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PdaNet for Android 2016-09-08 16:28 - 2014-10-10 21:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toshiba Online Backup 2016-09-08 16:28 - 2014-10-10 21:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2016-09-08 16:28 - 2014-10-10 21:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA DVD PLAYER 2016-09-08 16:28 - 2014-10-10 21:30 - 00000000 ____D C:\WINDOWS\system32\tr 2016-09-08 16:28 - 2014-10-10 21:30 - 00000000 ____D C:\WINDOWS\system32\sv 2016-09-08 16:28 - 2014-10-10 21:30 - 00000000 ____D C:\WINDOWS\system32\sk 2016-09-08 16:28 - 2014-10-10 21:30 - 00000000 ____D C:\WINDOWS\system32\ru 2016-09-08 16:28 - 2014-10-10 21:30 - 00000000 ____D C:\WINDOWS\system32\pt 2016-09-08 16:28 - 2014-10-10 21:30 - 00000000 ____D C:\WINDOWS\system32\pl 2016-09-08 16:28 - 2014-10-10 21:30 - 00000000 ____D C:\WINDOWS\system32\no 2016-09-08 16:28 - 2014-10-10 21:30 - 00000000 ____D C:\WINDOWS\system32\nl 2016-09-08 16:28 - 2014-10-10 21:30 - 00000000 ____D C:\WINDOWS\system32\it 2016-09-08 16:28 - 2014-10-10 21:30 - 00000000 ____D C:\WINDOWS\system32\hu 2016-09-08 16:28 - 2014-10-10 21:30 - 00000000 ____D C:\WINDOWS\system32\fr 2016-09-08 16:28 - 2014-10-10 21:30 - 00000000 ____D C:\WINDOWS\system32\fi 2016-09-08 16:28 - 2014-10-10 21:30 - 00000000 ____D C:\WINDOWS\system32\es 2016-09-08 16:28 - 2014-10-10 21:30 - 00000000 ____D C:\WINDOWS\system32\el 2016-09-08 16:28 - 2014-10-10 21:30 - 00000000 ____D C:\WINDOWS\system32\de 2016-09-08 16:28 - 2014-10-10 21:30 - 00000000 ____D C:\WINDOWS\system32\da 2016-09-08 16:28 - 2014-10-10 21:30 - 00000000 ____D C:\WINDOWS\system32\cs 2016-09-08 16:28 - 2014-10-10 21:16 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel 2016-09-08 16:28 - 2014-10-10 21:03 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016-09-08 16:28 - 2014-10-10 20:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works 2016-09-08 16:28 - 2014-10-10 20:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Genesis Launcher 2016-09-08 16:28 - 2009-12-12 02:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live 2016-09-08 16:28 - 2009-12-12 02:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My Toshiba 2016-09-08 16:28 - 2009-12-12 02:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA 2016-09-08 16:28 - 2009-07-14 01:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2016-09-08 16:27 - 2015-10-30 02:28 - 00000000 ____D C:\Users\Default.migrated 2016-09-08 16:22 - 2016-07-16 10:15 - 00000000 ____D C:\WINDOWS\OCR 2016-09-08 16:22 - 2016-07-16 10:14 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep 2016-09-08 16:22 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed 2016-09-08 16:22 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\SysWOW64\IME 2016-09-08 16:22 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\spool 2016-09-08 16:22 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\oobe 2016-09-08 16:22 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\NDF 2016-09-08 16:22 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\Macromed 2016-09-08 16:22 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\IME 2016-09-08 16:22 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\schemas 2016-09-08 16:22 - 2016-06-17 13:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos 2016-09-08 16:22 - 2015-12-24 22:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows 2016-09-08 16:22 - 2015-10-07 15:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits 2016-09-08 16:22 - 2015-09-29 21:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com 2016-09-08 16:22 - 2015-05-15 14:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung 2016-09-08 16:22 - 2014-11-15 23:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ooVoo 2016-09-08 16:22 - 2014-10-11 15:16 - 00000000 ____D C:\WINDOWS\system32\SPReview 2016-09-08 16:22 - 2014-10-11 15:16 - 00000000 ____D C:\WINDOWS\system32\EventProviders 2016-09-08 16:22 - 2014-10-10 21:22 - 00000000 ____D C:\WINDOWS\SysWOW64\sda 2016-09-08 16:22 - 2014-10-10 19:48 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-09-08 16:22 - 2009-07-14 03:44 - 00000000 ___RD C:\Users\Public\Recorded TV 2016-09-08 16:21 - 2016-07-16 07:47 - 00000000 __SHD C:\Program Files\Windows Sidebar 2016-09-08 16:21 - 2016-07-16 07:47 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar 2016-09-08 16:21 - 2016-07-16 07:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2016-09-08 16:21 - 2015-09-13 16:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo Security Solutions Inc 2016-09-08 16:21 - 2015-09-13 15:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo 2016-09-08 16:21 - 2015-04-28 00:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON 2016-09-08 16:21 - 2015-03-27 13:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnalogX 2016-09-08 16:21 - 2014-10-10 21:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby 2016-09-08 16:21 - 2009-12-12 02:19 - 00000000 ____D C:\Program Files (x86)\Intel 2016-09-08 16:21 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Microsoft Games 2016-09-08 16:21 - 2009-07-13 23:20 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy 2016-09-08 16:20 - 2016-04-04 22:35 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake 2016-09-08 16:20 - 2016-01-04 14:18 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Andy 2016-09-08 16:20 - 2015-09-15 03:25 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sierra 2016-09-08 16:20 - 2014-10-10 20:07 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Electronic Arts 2016-09-08 16:16 - 2016-07-16 02:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep 2016-09-08 16:14 - 2016-07-16 07:47 - 00000000 ___RD C:\WINDOWS\PrintDialog 2016-09-08 16:14 - 2016-07-16 07:47 - 00000000 ___RD C:\WINDOWS\MiracastView 2016-09-08 16:12 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\Help 2016-09-02 16:20 - 2015-09-28 14:25 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-09-02 16:10 - 2016-07-16 11:17 - 00000000 ___HD C:\$WINDOWS.~BT 2016-09-02 15:47 - 2015-09-28 14:25 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-09-01 14:33 - 2015-03-30 20:51 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2016-08-31 20:23 - 2009-12-12 02:22 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2016-08-31 20:04 - 2014-10-12 19:43 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Azureus 2016-08-31 18:54 - 2015-07-18 22:41 - 00000000 ____D C:\Users\Dan\AppData\Local\ManyCam 2016-08-31 14:53 - 2016-07-16 19:26 - 00001253 _____ C:\Users\Dan\Desktop\LINE.lnk 2016-08-31 08:26 - 2014-11-14 13:17 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2016-08-31 02:08 - 2015-12-12 14:11 - 00001051 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk 2016-08-31 02:08 - 2015-12-12 14:11 - 00001039 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk 2016-08-29 07:08 - 2014-10-14 23:11 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Camfrog 2016-08-28 16:30 - 2014-10-10 18:28 - 00000000 ____D C:\Program Installers 2016-08-27 22:22 - 2015-11-16 18:12 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Telegram Desktop 2016-08-26 00:44 - 2016-03-16 19:43 - 00000000 ____D C:\Users\Dan\.BigNox 2016-08-26 00:44 - 2016-03-16 19:39 - 00000000 ____D C:\Users\Dan\AppData\Local\Nox 2016-08-25 09:20 - 2014-10-10 19:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-08-19 00:52 - 2016-02-23 09:04 - 00000000 ____D C:\Program Files (x86)\Steam 2016-08-18 23:45 - 2014-12-01 22:11 - 00000000 ____D C:\ProgramData\boost_interprocess 2016-08-17 13:58 - 2015-02-28 14:32 - 00000000 ____D C:\Program Files (x86)\betternet 2016-08-12 11:02 - 2014-10-10 19:48 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe ==================== Files in the root of some directories ======= 2016-09-08 16:13 - 2016-09-08 16:13 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Some files in TEMP: ==================== C:\Users\Dan\AppData\Local\Temp\dllnt_dump.dll C:\Users\Dan\AppData\Local\Temp\libeay32.dll C:\Users\Dan\AppData\Local\Temp\msvcr120.dll C:\Users\Dan\AppData\Local\Temp\SkypeSetup.exe C:\Users\Dan\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-09-08 16:08 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016 Ran by Dan (10-09-2016 17:58:39) Running from C:\Users\Dan\Desktop Windows 10 Home Version 1607 (X64) (2016-09-08 22:35:44) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3476291681-2796092440-1313146854-500 - Administrator - Disabled) Dan (S-1-5-21-3476291681-2796092440-1313146854-1000 - Administrator - Enabled) => C:\Users\Dan DefaultAccount (S-1-5-21-3476291681-2796092440-1313146854-503 - Limited - Disabled) Guest (S-1-5-21-3476291681-2796092440-1313146854-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3476291681-2796092440-1313146854-1004 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: COMODO Antivirus (Enabled - Up to date) {D0CC7563-ABD2-DEBE-138E-FDD553335AF2} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 4K Video Downloader 4.1 (HKLM-x32\...\4K Video Downloader_is1) (Version: 4.1.1.2070 - Open Media LLC) 4K YouTube to MP3 3.0 (HKLM-x32\...\4K YouTube to MP3_is1) (Version: 3.0.1.1636 - Open Media LLC) Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated) Advanced Port Scanner 2.4 (HKLM-x32\...\{10F177CF-543F-4BC2-A297-DBF73709D3C5}) (Version: 2.4.2750 - Famatech) Altab Holdem (HKLM-x32\...\{695711E4-63F7-4B08-92FF-23980F3276AF}) (Version: 1.40 - Altabsoft) AnalogX Proxy (HKLM-x32\...\AnalogX Proxy_is1) (Version: 4.15 - AnalogX, LLC) Andy OS (HKLM\...\Andy OS) (Version: 0.45.5.0 - Andy OS, Inc) Andy OS (HKLM-x32\...\ANDY OS) (Version: 1.1 - andyroid.net) Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment) Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros) Betternet (HKLM-x32\...\Betternet) (Version: - ) Bitcoin Core (64-bit) (HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\...\Bitcoin Core (64-bit)) (Version: 0.12.0 - Bitcoin Core project) Camfrog Video Chat 6.11 (HKLM-x32\...\Camfrog) (Version: 6.11.549 - Camshare, Inc.) CoffeeCup Free FTP (HKLM-x32\...\{66F43DBE-6D46-4BCE-831D-0D4C13639BE8}) (Version: 4.5.20 - CoffeeCup Software Inc.) Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Cyberfetch 3.0.2 Demo (HKLM-x32\...\Cyberfetch_2.0.5) (Version: 3.0.2 Demo - ECKI.Com) DAoC Portal (HKLM-x32\...\{EC9359B3-2548-4DB1-B322-6D71A17501F9}) (Version: 2.8.2 - Dawn of Light) Dark Age of Camelot (HKLM-x32\...\Dark Age of Camelot) (Version: - Electronic Arts) Dogecoin Core (32-bit) (HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\...\Dogecoin Core (32-bit)) (Version: 1.8.0 - Dogecoin project) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) Eyeball Chat (HKLM-x32\...\{FDE9FAF8-E1EA-4EBC-A10C-A730F45C7258}) (Version: 58.26.1 - Eyeball Networks) Fiddler (HKLM-x32\...\Fiddler2) (Version: 4.5.0.0 - Telerik) Firefox Developer Edition 50.0a2 (x86 en-US) (HKLM-x32\...\Firefox Developer Edition 50.0a2 (x86 en-US)) (Version: 50.0a2 - Mozilla) Foundstone Hash Calculator (Fiddler Extension) (HKLM-x32\...\{D206D869-2C99-4E36-8B87-7BDEC994999D}) (Version: 1.0.0 - Foundstone Inc., A Division Of McAfee) Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 3.6.122.702 - Foxit Software Inc.) Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.3.0.118 - Foxit Software Inc.) Freemake YouTube To MP3 Boom (HKLM-x32\...\Freemake YouTube To MP3 Boom_is1) (Version: 1.0.4 - Ellora Assets Corporation) GameRanger (HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\...\GameRanger) (Version: - GameRanger Technologies) Genesis version Genesis Launcher 1.009 (HKLM-x32\...\{975e7799-c584-47f0-9c12-c1551f3e95f2}_is1) (Version: Genesis Launcher 1.009 - Pawel D. alias Laplume for Genesis.) Genesis version Patch (HKLM-x32\...\{9db86e9a-0b05-4202-a76c-5a795f698408}_is1) (Version: Patch - Pawel D. alias Laplume for Genesis.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.) Google Sitemap Generator (Beta) (HKLM-x32\...\{D2B963D9-9957-452C-BEB3-DA0FD7F9DA16}) (Version: 1.0.0 - Google) Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google) Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden HitLeap Viewer 2.8 (HKLM-x32\...\{31B12C11-AE4E-479F-8D6D-242DC265368D}) (Version: 2.8 - HitLeap Ltd.) HunterCoin (HKLM-x32\...\{9845CAD9-BF76-4F22-A437-FF33990B0CCB}) (Version: 1.2.0.0 - HunterCoin) ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!) Installer (x32 Version: 1.0.0 - Sierra Entertainment, Inc.) Hidden Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation) Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation) Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden Kort's Spellcraft Calculator (HKLM-x32\...\{B2163962-BFD2-4187-8B47-D9B24737DFD7}) (Version: 2.00 - kscraft project) LINE (HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\...\LINE) (Version: 4.8.3.1130 - LINE Corporation) Litecoin Core (64-bit) (HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\...\Litecoin Core (64-bit)) (Version: 0.10.4.0 - Litecoin Core project) Logitech QuickCam Software (HKLM-x32\...\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}) (Version: 8.47.0000 - Logitech, Inc.) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) ManyCam 4.1.0 (HKLM-x32\...\ManyCam) (Version: 4.1.0 - Visicom Media Inc.) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: - ) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation) Moras Equipment Planer (HKLM-x32\...\{8A33CE67-80FB-4469-9ED1-E5D116391F68}_is1) (Version: 2.4 - McKenna) Mozilla Firefox 48.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 48.0.2 (x86 en-US)) (Version: 48.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.0a2 - Mozilla) MPC-HC 1.7.7 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.7 - MPC-HC Team) MultiBit 0.5.18 (HKLM-x32\...\MultiBit 0.5.18) (Version: 0.5.18 - ) MultiTool V2 (HKLM-x32\...\MultiTool V2) (Version: 2.0.2.7 - ) Nmap 7.00 (HKLM-x32\...\Nmap) (Version: - ) Nox APP Player (HKLM-x32\...\Nox) (Version: 3.1.0.0 - Duodian Technology Co. Ltd.) OE Classic 2.1 (HKLM-x32\...\OEClassic) (Version: 2.1 - OE Classic) ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 3.6.5001 - ooVoo LLC.) OpenVPN 2.3.9-I601 (HKLM\...\OpenVPN) (Version: 2.3.9-I601 - ) Oracle VM VirtualBox 5.0.8 (HKLM\...\{C1B8ECDB-4DB0-47ED-B9CE-61638F876B0F}) (Version: 5.0.8 - Oracle Corporation) Paltalk Messenger 11.6 (HKLM-x32\...\Paltalk Messenger) (Version: 11.6.607.17218 - AVM Software Inc.) Paycoin (HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\...\Paycoin) (Version: 0.1.2.26 - Paycoin project) PdaNet+ for Android 4.15 (HKLM-x32\...\PdaNet_is1) (Version: - June Fabrics Technology Inc) Peerunity (HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\...\Peerunity) (Version: 0.1.1.0 - Peerunity project) PokerStars (HKLM-x32\...\PokerStars) (Version: - PokerStars) ProfitCoin 1.1 (HKLM-x32\...\ProfitCoin 1.1) (Version: 1.1 - Hashprofit) Quark wallet (HKLM-x32\...\Quark wallet) (Version: - ) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0008 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.) Realtek WLAN Driver (HKLM-x32\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek) RICOH R5U230 Media Driver ver.2.06.03.02 (HKLM-x32\...\{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}) (Version: 2.06.03.02 - RICOH) RoboForm 7-9-21-5 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-21-5 - Siber Systems) RogueKiller version 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software) RuneScape Launcher 1.2.7 (HKLM-x32\...\{FA52A2D0-298E-4D40-8BB7-39928627EA6A}) (Version: 1.2.7 - Jagex Ltd) S.W.A.T. 4 (HKLM-x32\...\S.W.A.T. 4_is1) (Version: - ) Safelist Genie version 1 (HKLM-x32\...\Safelist Genie_is1) (Version: 1 - ) Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16044.2 - Samsung Electronics Co., Ltd.) Samsung Kies3 (x32 Version: 3.2.16044.2 - Samsung Electronics Co., Ltd.) Hidden Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.) Sandboxie 4.12 (64-bit) (HKLM\...\Sandboxie) (Version: 4.12 - Sandboxie Holdings, LLC) SecondLifeViewer (HKLM-x32\...\SecondLifeViewer) (Version: 4.0.0.309247 - Linden Research, Inc.) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation) Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation) Skype™ 7.27 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.27.101 - Skype Technologies S.A.) SmartFTP Client Setup Files 4.0 (x64) (remove only) (HKLM-x32\...\SmartFTP Client 4.0 (x64) Setup Files) (Version: 4.0 - SmartSoft Ltd) Snagit 12 (HKLM-x32\...\{979028FC-2DBF-4BB4-A9EC-4627A9D63D50}) (Version: 12.2.2 - TechSmith Corporation) Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.5 - Sophos Limited) Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) SWAT 4 - The Stetchkov Syndicate (HKLM-x32\...\InstallShield_{97E12F84-C033-4DA2-97D2-F540C3E292EA}) (Version: 1.0.0 - Sierra Entertainment, Inc.) SWAT 4 (HKLM-x32\...\InstallShield_{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}) (Version: 1.0.31763 - Sierra Entertainment, Inc.) SWAT 4 (x32 Version: 1.0.31763 - Sierra Entertainment, Inc.) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.10.0 - Synaptics Incorporated) TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - ) TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.65452 - TeamViewer) Technitium MAC Address Changer v6.0 (HKLM-x32\...\TMACv6.0) (Version: 6.0 - Technitium) Telegram Desktop version 0.9.32 (HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 0.9.32 - Telegram Messenger LLP) Toshiba Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.0.9 - Toshiba) TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.1.07-A - TOSHIBA Corporation) TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.1.12.64 - TOSHIBA Corporation) TOSHIBA Extended Tiles for Windows Mobility Center (HKLM-x32\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: - ) TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation) TOSHIBA Hardware Setup (HKLM-x32\...\{D0387727-C89D-4774-B643-B9333EAA09DE}) (Version: 2.00.15 - TOSHIBA Corporation) TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.65 - TOSHIBA CORPORATION) Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.38 - Toshiba) TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.1 - TOSHIBA) TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{5BCC94A1-DEF1-4AB4-8046-BC13048E929A}) (Version: 1.5.07.64 - TOSHIBA Corporation) TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA) TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - ) TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version: - ) TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version: - ) TOSHIBA Supervisor Password (HKLM-x32\...\{A208044D-A88B-4ACF-AE95-E4F213E6EDC0}) (Version: 2.00.11 - TOSHIBA Corporation) TOSHIBA USB Sleep and Charge Utility (HKLM-x32\...\{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}) (Version: 1.3.2.0 - TOSHIBA Corporation) TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.2.32.64 - TOSHIBA Corporation) TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.7 - TOSHIBA Corporation) ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.3 - Toshiba) Unity Web Player (HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\...\UnityWebPlayer) (Version: 5.3.1f1 - Unity Technologies ApS) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) USB Scale PC Program Version 1.10 (HKLM-x32\...\USB Scale PC Program_is1) (Version: 1.1.0 - Xiamen Elane Electronics Company Ltd.) Uthgard Launcher (HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\...\Uthgard Launcher) (Version: 1.00.00.00 - Uthgard) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.0 - VideoLAN) VMware Player (Version: 6.0.7 - VMware, Inc.) Hidden VMware VIX (HKLM-x32\...\{F99FC179-EA67-4BBC-8955-BDDA0CB94B88}) (Version: 1.13.7.62285 - VMware, Inc.) Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.6.0.0 - Azureus Software, Inc.) Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers) Windows Driver Package - BigNox Corporation (VBoxUSB) USB (09/16/2015 4.3.12) (HKLM\...\76B144D15273552931249392EDB13C0BBD52C84E) (Version: 09/16/2015 4.3.12 - BigNox Corporation) Windows Driver Package - BigNox Corporation VBoxUSBMon System (09/16/2015 4.3.12) (HKLM\...\39F54A37125643D2E1E90FA7D81F36ACC9441510) (Version: 09/16/2015 4.3.12 - BigNox Corporation) Windows Driver Package - BigNox Corporation XQHDrv System (09/16/2015 4.3.12) (HKLM\...\0147813640F7AF69F569581EE672B6BE1E71798E) (Version: 09/16/2015 4.3.12 - BigNox Corporation) Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation) Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation) Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation) Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies) WinSCP 5.7.3 (HKLM-x32\...\winscp3_is1) (Version: 5.7.3 - Martin Prikryl) World of Warships (HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C814na}_is1) (Version: - Wargaming.net) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3476291681-2796092440-1313146854-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Dan\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\FileCoAuth.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3476291681-2796092440-1313146854-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Dan\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-3476291681-2796092440-1313146854-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Dan\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3476291681-2796092440-1313146854-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Dan\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0192B5B9-AFFB-44E3-B966-46B0B6967F99} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe Task: {022E74B1-841D-4299-8D0E-D4D356EFEC4F} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe Task: {0C93139E-9671-46BE-A7D6-C1D0D661DA0E} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe Task: {0E0F9BD2-34D0-47EC-9481-2D8390440323} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-07-11] (COMODO) Task: {188BE237-3573-48D5-8C72-0A5151642C19} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2014-07-31] (TechSmith Corporation) Task: {207A9441-30AE-47E0-A2F9-D29A8E0F6648} - System32\Tasks\{69747253-5E66-4A83-9329-DA7A058E0BA1} => pcalua.exe -a C:\Users\Dan\Downloads\TCA0027600J_os2010160b_64(1).exe -d C:\Users\Dan\Downloads Task: {22452AD0-861C-40E1-937E-FBC7E2B5440D} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe Task: {3419BAF7-234B-4E4C-AC60-9FA3012B4AA4} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe Task: {3B462A03-4740-454A-99C3-D2B2A6FA7BE5} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe Task: {4477695B-E2C7-4191-BA29-B2A91EE804F3} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK Task: {4AA9D3DD-7979-4DE2-B866-7DAA5AFB232D} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {61D8982A-6D4E-437C-8FFA-7B5D72BC333A} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe Task: {6AF11C3D-418B-4854-ADF1-292B84782B9B} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe Task: {7122597C-72AA-4FB8-ACD6-3710295E315C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-28] (Google Inc.) Task: {71933A55-26C8-4A39-8F41-23D1F79E5095} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe Task: {7207A0B8-0334-4A3D-9A46-14F34404A71D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-08-12] (Microsoft Corporation) Task: {7371444D-C41F-4524-9400-220330CA7CDC} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe Task: {7AAADE0B-7962-401A-93FD-DB9AF9C56C92} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-12] (Adobe Systems Incorporated) Task: {8455EE72-3397-45D0-A1BD-65590D05F627} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe Task: {84C4D5DA-5F96-4C67-9AC3-235631944FF7} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {90359CF7-E9B2-4EAE-9061-B210CA758877} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-07-11] (COMODO) Task: {9F3B8EEC-62FC-4181-8E39-2BE281090FFA} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe Task: {A0D1A882-C427-445C-BC1B-C484B7E4B68F} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-07-11] (COMODO) Task: {A459C5E0-1993-4F7E-8022-3716095E41D0} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {A880DC7D-361A-4552-9DBA-3EF100D4B00F} - System32\Tasks\{FFAE0CB4-4EC2-4BE6-9DE3-C858B4B32D7E} => pcalua.exe -a "C:\Program Files (x86)\Itibiti Soft Phone\unins000.exe" Task: {A9FE1D60-ECB5-4729-8AFD-02014808FBF7} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-07-11] (COMODO) Task: {AE48AF7B-8C65-4E51-9D55-5552199C11F7} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-07-11] (COMODO) Task: {B1FD145D-D653-4C48-88AE-36A8E32B9879} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-07-11] (COMODO) Task: {B6F2DC6A-6A18-49A3-A2B3-70D53A84E1B1} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe Task: {B86838E9-52A8-47AE-9507-87CC4E928AAC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-28] (Google Inc.) Task: {C44702E3-4ACB-4A6E-97C2-1FE792F6F0FA} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMPMJMJJOMNMOJKMJMCNNMKJMMMJCNLMOJNJKMCNGMKMMJOMCNKJNMHMNJMMOMMMMMKMPMLMNJJNJICMIMCNGMCNNMOMFMOMOMCNKMLMKMCNOMPMKMHMJMFMPMCNPMCNOMPMKMHMJMCNNMJNPICMOMFMEKMICNJJCKFMKMOMNMJNHICMEKMICNJJCKJNBJCMLLOJBJJNKJCMJNNICMJNDJCMKJBJJNMJCM (the data entry has 49 more characters). Task: {CF1E6585-C460-41B0-B55F-5E7B22959BC3} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe Task: {CFA8336C-029A-48A3-B1E6-2538EB941CE8} - System32\Tasks\{58C9B70C-2DDF-44F7-99E2-7129893F5876} => pcalua.exe -a "C:\Users\Dan\Desktop\IPAD unlock\doulCi™ iCloud Activator V2\DoulCi™ Activator Official For Windows v2.0.14\iCloud Bypass Doulci Activator Setup.exe" -d "C:\Users\Dan\Desktop\IPAD unlock\doulCi™ iCloud Activator V2\DoulCi™ Activator Official For Windows v2.0.14" Task: {D46C5443-75C3-4F7E-9633-A6FB2198E213} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe Task: {DB3D845E-6A60-45AC-BF77-0705E4750C63} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe Task: {E0ADF1AC-5EF1-46AC-A9C7-7480CB5B3704} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {E1292DDC-289D-47BE-869E-BCAC023152A5} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2016-09-02] (Siber Systems) Task: {EB157855-4677-4553-B42A-2EC34B4E70D1} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe Task: {F387C2C7-47D2-4B3A-91D6-838C1092DE29} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {FCAA4DCD-C484-48E8-9A72-4FEF61B5D7ED} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {FF486AF9-BE87-4B87-86B6-3853CE87759B} - System32\Tasks\{7912A3F2-D477-4D53-8473-E278F26B8463} => Firefox.exe hxxp://ui.skype.com/ui/0/7.14.0.106/en/go/help.faq.installer?LastError=1603 (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) Shortcut: C:\Users\Dan\AppData\Local\Microsoft\Windows\GameExplorer\{37E7AB68-5689-4AD2-81B8-547AC886760A}\SupportTasks\0\More Games from Microsoft.lnk -> hxxp://www.guildwars.com/ ShortcutWithArgument: C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome RDP for Google Cloud Platform (1).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=mpbbnannobiobpnfblimoapbephgifkm ==================== Loaded Modules (Whitelisted) ============== 2016-07-16 07:42 - 2016-07-16 07:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-07-16 07:42 - 2016-07-16 07:42 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-09-08 16:12 - 2015-10-13 13:26 - 00125616 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2016-07-16 07:42 - 2016-07-16 07:42 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll 2016-09-08 18:46 - 2016-09-08 18:46 - 00959168 _____ () C:\Users\Dan\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\ClientTelemetry.dll 2016-07-16 07:42 - 2016-07-16 07:42 - 00130048 _____ () C:\WINDOWS\SYSTEM32\CHARTV.dll 2015-01-08 23:02 - 2016-03-16 06:25 - 00073912 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav 2016-07-16 07:42 - 2016-07-16 07:42 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2016-07-16 07:43 - 2016-07-16 07:43 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2016-07-16 07:43 - 2016-07-16 10:27 - 09761280 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 01401344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-07-16 07:43 - 2016-07-16 10:27 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2016-07-16 07:43 - 2016-07-16 10:27 - 01033728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 02438144 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2014-10-11 14:06 - 2014-10-11 14:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\WINDOWS\system32\aclui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AppXApplicabilityBlob.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentServer.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AudioSes.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\audiosrv.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\bcastdvr.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\CastLaunch.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\cdd.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Chakra.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Chakradiag.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Chakrathunk.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ClipboardServer.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ClipUp.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\CloudExperienceHostUser.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\clusapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\combase.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\CredProvDataModel.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\C_G18030.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\c_GSM7.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\C_IS2022.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3D12.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_37.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_38.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_39.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_40.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_41.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_42.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_43.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dcsx_42.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dcsx_43.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx10_37.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\d3dx10_38.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx10_39.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx10_40.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx10_41.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx10_42.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx10_43.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx11_42.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx11_43.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DX9_37.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\D3DX9_38.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DX9_39.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DX9_40.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DX9_41.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DX9_42.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DX9_43.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\delegatorprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DscCore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DscCoreConfProv.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dwmcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\edgehtml.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\encapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\esxcwiad.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\facecredentialprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\FrameServer.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\FSClient.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\fveapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\fveapibase.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\GamePanel.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\hvax64.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\hvix64.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\hvloader.efi:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\hvloader.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\indexeddbserver.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\InstallAgent.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\InstallAgentUserBroker.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\kdhvcom.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\KnobsCore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\KnobsCsp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\LicenseManager.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\LicenseManagerSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPO4064.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MaxxVoiceAPO3064.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MCRecvSrc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfksproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfnetcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfnetsrc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfps.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfsensorgroup.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\mispace.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MRT.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\msctf.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mshtml.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mstsc.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MusNotification.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MusUpdateHandlers.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NetworkMobileSettings.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NFCProvisioningPlugin.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ntdll.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ntoskrnl.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvhdagenco6420103.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvhdap64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\provdatastore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\provengine.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\provhandlers.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\provisioningcsp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\provops.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ProvPluginEng.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\provtool.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\schannel.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_nt.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\shell32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\shutdownux.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\smphost.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\storagewmi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\storagewmi_passthru.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\StoreAgent.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\twinui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\updatepolicy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\usocore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\vmnetbridge.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\vnetinst.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\win32kfull.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wincorlib.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Audio.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Editing.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Speech.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Speech.UXRes.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\windows.storage.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Logon.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Search.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\winload.efi:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\winload.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\winresume.efi:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\winresume.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WinTypes.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wsp_fs.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\wsp_health.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wuauclt.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wuaueng.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wups2.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\wuuhext.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WWAHost.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wwanprotdim.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wwansvc.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_3.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_4.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_5.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_6.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_7.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\xactengine3_0.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\xactengine3_1.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\xactengine3_2.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\xactengine3_3.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\xactengine3_4.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\xactengine3_5.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\xactengine3_6.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\xactengine3_7.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_1.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_2.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_3.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_4.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_5.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAudio2_0.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\XAudio2_1.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAudio2_2.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAudio2_3.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAudio2_4.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAudio2_5.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAudio2_6.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAudio2_7.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XblAuthManager.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\aclui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\AudioSes.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\bcastdvr.exe:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\BcastDVRHelper.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Chakra.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\Chakradiag.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Chakrathunk.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ClipboardServer.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\clusapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\combase.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\CredProvDataModel.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\C_G18030.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\c_GSM7.DLL:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\C_IS2022.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3D12.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_37.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_38.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_39.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_40.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_41.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_42.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_43.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dcsx_42.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dcsx_43.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_37.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_38.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_39.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_40.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_41.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_42.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_43.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx11_42.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx11_43.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_37.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_38.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_39.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_40.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_42.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_43.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\delegatorprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\DscCoreConfProv.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\edgehtml.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\encapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerApp.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\FSClient.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\GamePanel.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\indexeddbserver.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\InstallAgent.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\LicenseManager.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MCRecvSrc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfksproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetsrc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfps.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsensorgroup.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mispace.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\msctf.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtml.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mstsc.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ntdll.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\schannel.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\shell32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\smphost.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\storagewmi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\storagewmi_passthru.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\StoreAgent.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\updatepolicy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\vmnat.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\vmnetdhcp.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\vsocklib.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\win32kfull.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wincorlib.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Speech.UXRes.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\windows.storage.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WinTypes.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wsp_fs.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wsp_health.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WWAHost.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_3.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_4.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_5.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_6.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_7.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_1.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_2.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_3.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_4.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_5.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_6.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_7.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_1.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_2.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_3.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_4.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_5.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_1.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_2.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_3.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_4.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_5.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_6.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_7.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\ClipSp.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\dtlitescsibus.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgkrnl.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms1.sys:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms2.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\hvservice.sys:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbam.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbamchameleon.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\mwac.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\ntfs.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\nvhda64v.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\pdc.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\tap0901.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\tcpip.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\VBoxDrv.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\VBoxNetAdp6.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmci.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmnet.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmnetadapter.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmnetbridge.sys:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\Drivers\xinputhid.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\XQHDrv.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Drivers\XQHDrv.sys:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Desktop\adwcleaner_6.010.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Desktop\adwcleaner_6.010.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Dan\Desktop\FRST64.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Desktop\FRST64.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Dan\Desktop\IE11.Win7.For.Windows.VMware.zip:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Desktop\instance-1.rdp:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Desktop\instance-2.rdp:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Desktop\instance-3.rdp:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Desktop\ipscan-win64-3.4.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Desktop\JRT.exe:$CmdZnID [29] AlternateDataStreams: C:\Users\Dan\Desktop\setup.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Desktop\setup.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Dan\Desktop\SweevaBot v1.1.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Desktop\WinFlashTool.exe:$CmdTcID [130] AlternateDataStreams: C:\Users\Dan\Downloads\0bbe499629459d556ce5702538b5779f502a61095620b.zip:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\3152159:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\3152159:$CmdZnID [26] AlternateDataStreams: C:\Users\Dan\Downloads\4kvideodownloader_4.1.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\4kvideodownloader_4.1.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Dan\Downloads\4kyoutubetomp3_3.0.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\4kyoutubetomp3_3.0.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Dan\Downloads\ArcInstall_PWI_v20160816a.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\Bitmessage.exe:$CmdTcID [130] AlternateDataStreams: C:\Users\Dan\Downloads\camfrog coin getter.apk:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\cjoverkill.zip:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\Cock hungry pov fetish babe - XVIDEOS.COM.mp3:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\Cock hungry pov fetish babe - XVIDEOS.COM.mp3:$CmdZnID [26] AlternateDataStreams: C:\Users\Dan\Downloads\CyberLink_YouCam_Downloader.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\CyberLink_YouCam_Downloader.exe:$CmdZnID [29] AlternateDataStreams: C:\Users\Dan\Downloads\ec2-52-35-99-222.us-west-2.compute.amazonaws.com.rdp:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\faucetinabox-r63.zip:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\firefox-50.0a2.en-US.win32.installer-stub.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Dan\Downloads\freebitcodotintricks.txt:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\FreemakeYouTubeToMP3BoomSetup.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\google play services.apk:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\HitLeap Viewer.msi:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\IE11.Win7.For.Windows.VMware.zip:$CmdTcID [130] AlternateDataStreams: C:\Users\Dan\Downloads\index(2).php:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\JavaSetup8u91.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Dan\Downloads\LineInst.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Dan\Downloads\mbam-setup-2.2.1.1043.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\mbam-setup-2.2.1.1043.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Dan\Downloads\paytoshi-faucet-v2.0.3.zip:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\planets vs zombies 2.apk:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\planets vs zombies 2.apk:$CmdZnID [26] AlternateDataStreams: C:\Users\Dan\Downloads\Pwi_ArcSetup.exe:$CmdZnID [29] AlternateDataStreams: C:\Users\Dan\Downloads\readme.txt:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\RoboForm-Setup-ffbn1.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\TeamViewer_Setup_en.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\TeamViewer_Setup_en.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Dan\Downloads\uthgard.setup.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Documents\README BeagleBone Black OR Raspberry PI.txt:$CmdTcID [64] AlternateDataStreams: C:\Users\Public\SwapMagic_v3.6.rar:$CmdTcID [64] AlternateDataStreams: C:\Users\Public\SwapMagic_v3.6.rar:$CmdZnID [26] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\...\driversupport.com -> hxxp://apps.driversupport.com IE trusted site: HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\...\driversupport.com -> hxxps://apps.driversupport.com IE trusted site: HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\...\hola.org -> hxxp://hola.org ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-07-20 08:21 - 2015-09-30 00:30 - 00000855 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Innovation\Aqua.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: !SASCORE => 2 MSCONFIG\Services: camfrog_update_service => 2 MSCONFIG\Services: cfWiMAXService => 2 MSCONFIG\Services: ConfigFree Service => 2 MSCONFIG\Services: GeekBuddyRSP => 2 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: iPod Service => 3 MSCONFIG\Services: iRacingService => 2 MSCONFIG\Services: lohynoni => 2 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: Steam Client Service => 3 MSCONFIG\Services: TeamViewer => 2 MSCONFIG\Services: Thpsrv => 2 MSCONFIG\Services: TMachInfo => 3 MSCONFIG\Services: TODDSrv => 2 MSCONFIG\Services: TosCoSrv => 2 MSCONFIG\Services: TOSHIBA eco Utility Service => 2 MSCONFIG\Services: TOSHIBA HDD SSD Alert Service => 3 MSCONFIG\Services: UNS => 2 MSCONFIG\Services: VMAuthdService => 2 MSCONFIG\Services: VMnetDHCP => 2 MSCONFIG\Services: VMUSBArbService => 2 MSCONFIG\Services: VMware NAT Service => 2 MSCONFIG\startupfolder: C:^Users^Dan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PalTalk.lnk => C:\windows\pss\PalTalk.lnk.Startup MSCONFIG\startupfolder: C:^Users^Dan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PdaNet Desktop.lnk => C:\windows\pss\PdaNet Desktop.lnk.Startup MSCONFIG\startupreg: 00TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe MSCONFIG\startupreg: Application Experience => C:\Users\Dan\AppData\Roaming\Microsoft\AeLookupSvi.exe MSCONFIG\startupreg: HSON => %ProgramFiles%\TOSHIBA\TBS\HSON.exe MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: MurGee.com Auto Clicker => C:\Users\Dan\AppData\Local\Auto Clicker\AutoClicker.exe :silent MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe" MSCONFIG\startupreg: SmartFaceVWatcher => %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe MSCONFIG\startupreg: Start WingMan Profiler => C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe MSCONFIG\startupreg: Teco => "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r MSCONFIG\startupreg: ThpSrv => C:\windows\system32\thpsrv /logon MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 MSCONFIG\startupreg: TosReelTimeMonitor => %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE MSCONFIG\startupreg: TUSBSleepChargeSrv => %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe MSCONFIG\startupreg: TWebCamera => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun HKLM\...\StartupApproved\StartupFolder: => "Start GeekBuddy.lnk" HKLM\...\StartupApproved\StartupFolder: => "HandyAndy.lnk" HKLM\...\StartupApproved\Run: => "COMODO Internet Security" HKLM\...\StartupApproved\Run32: => "LogitechVideoTray" HKLM\...\StartupApproved\Run32: => "LogitechVideoRepair" HKLM\...\StartupApproved\Run32: => "Malwarebytes Anti-Exploit" HKLM\...\StartupApproved\Run32: => "tvncontrol" HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\...\StartupApproved\Run: => "Google Update" HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\...\StartupApproved\Run: => "LogitechSoftwareUpdate" HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\...\StartupApproved\Run: => "DAEMON Tools Lite Automount" HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\...\StartupApproved\Run: => "SandboxieControl" HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\...\StartupApproved\Run: => "msnmsgr" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808 FirewallRules: [{9329D342-A448-4B4A-8025-7A8B0BDF9B03}] => (Allow) C:\Program Files (x86)\S.W.A.T. 4\ContentExpansion\System\Swat4XDedicatedServer.exe FirewallRules: [{5D348A7E-D12F-4654-B065-1A50FE52DE77}] => (Allow) C:\Program Files (x86)\S.W.A.T. 4\ContentExpansion\System\Swat4XDedicatedServer.exe FirewallRules: [{FDEEE96C-C61C-4959-AB01-10119AEAB9CD}] => (Allow) C:\Program Files (x86)\S.W.A.T. 4\ContentExpansion\System\Swat4X.exe FirewallRules: [{4EFA7064-F16C-4FDB-A376-1A3B8E421F93}] => (Allow) C:\Program Files (x86)\S.W.A.T. 4\ContentExpansion\System\Swat4X.exe FirewallRules: [{EE1EEF87-4EB2-407B-8E8E-D75A6888E3B5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{7019C075-0175-4643-9C54-1957EFC6B50D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{5611B8E4-ABFD-4D4C-8AAE-D3D56D1F751F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{710F6DF8-4560-4019-BAF1-9CD23D79E72F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [UDP Query User{82F0E83A-7781-4278-A957-E93614FF78D6}E:\hypercoin wallet\hyper-qt-win32-1.5.3.2\hyper-qt.exe] => (Allow) E:\hypercoin wallet\hyper-qt-win32-1.5.3.2\hyper-qt.exe FirewallRules: [TCP Query User{CED9FD88-C099-48E4-8FAE-F66B858C50B5}E:\hypercoin wallet\hyper-qt-win32-1.5.3.2\hyper-qt.exe] => (Allow) E:\hypercoin wallet\hyper-qt-win32-1.5.3.2\hyper-qt.exe FirewallRules: [UDP Query User{C8EEB4F0-846E-4D87-BBCE-FCC1ECA92915}C:\users\dan\appdata\local\temp\temp2_hyper-qt-win32-1.5.3.2.zip\hyper-qt.exe] => (Block) C:\users\dan\appdata\local\temp\temp2_hyper-qt-win32-1.5.3.2.zip\hyper-qt.exe FirewallRules: [TCP Query User{92A11D27-9416-4614-A7C1-E2E6FF56AF1E}C:\users\dan\appdata\local\temp\temp2_hyper-qt-win32-1.5.3.2.zip\hyper-qt.exe] => (Block) C:\users\dan\appdata\local\temp\temp2_hyper-qt-win32-1.5.3.2.zip\hyper-qt.exe FirewallRules: [UDP Query User{867145BA-1805-4EE0-84CC-E4AB9DB4B948}C:\users\dan\appdata\local\temp\temp1_hyper-qt-win32-1.5.3.2.zip\hyper-qt.exe] => (Allow) C:\users\dan\appdata\local\temp\temp1_hyper-qt-win32-1.5.3.2.zip\hyper-qt.exe FirewallRules: [TCP Query User{ABC0F501-E072-4448-BE74-5457D92353A8}C:\users\dan\appdata\local\temp\temp1_hyper-qt-win32-1.5.3.2.zip\hyper-qt.exe] => (Allow) C:\users\dan\appdata\local\temp\temp1_hyper-qt-win32-1.5.3.2.zip\hyper-qt.exe FirewallRules: [UDP Query User{8ABD27EF-57A2-4BE1-AB5E-51383D6DDDB8}C:\program files (x86)\manycam\manycam.exe] => (Allow) C:\program files (x86)\manycam\manycam.exe FirewallRules: [TCP Query User{AA48DBC8-DB55-47F5-B45A-17DF2A78E20A}C:\program files (x86)\manycam\manycam.exe] => (Allow) C:\program files (x86)\manycam\manycam.exe FirewallRules: [UDP Query User{0F51F772-3E8A-4242-B77D-0D0C021D1C4F}C:\program files (x86)\firefox developer edition\firefox.exe] => (Allow) C:\program files (x86)\firefox developer edition\firefox.exe FirewallRules: [TCP Query User{1198B163-D549-4891-ACB2-F55E347D79BA}C:\program files (x86)\firefox developer edition\firefox.exe] => (Allow) C:\program files (x86)\firefox developer edition\firefox.exe FirewallRules: [{53C8BD3A-5FCC-4F99-8487-6880C73EFAE7}] => (Allow) C:\Program Files (x86)\Firefox Developer Edition\firefox.exe FirewallRules: [{808EF229-A91C-4D59-96AB-9EE5C5C60F1E}] => (Allow) C:\Program Files (x86)\Firefox Developer Edition\firefox.exe FirewallRules: [{BF17F605-D857-48D7-B3F0-620719E0B7EA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{28A487B4-8FCB-4910-8CCB-EEFD0FB5EEB8}] => (Allow) C:\Users\Dan\AppData\Local\Line\bin\4.7.2.1043\LineUpdater.exe FirewallRules: [{E6EA43BB-565C-447A-B80B-D5F5C8310CBF}] => (Allow) C:\Users\Dan\AppData\Local\Line\bin\4.7.2.1043\LineUpdater.exe FirewallRules: [{4D9E7115-60C3-414B-A17B-4A56557141A3}] => (Allow) C:\Users\Dan\AppData\Local\Line\bin\4.7.2.1043\LINE.exe FirewallRules: [{6E0D7DD4-B34C-421A-946E-A5E9B7F8C371}] => (Allow) C:\Users\Dan\AppData\Local\Line\bin\4.7.2.1043\LINE.exe FirewallRules: [{5BFA5EA5-7FDB-4F98-9F6A-1561EA43EF70}] => (Allow) C:\Users\Dan\AppData\Local\Line\bin\4.7.0.1027\LineUpdater.exe FirewallRules: [{A456D0B6-27D8-49FF-9333-3227DEAF8ED5}] => (Allow) C:\Users\Dan\AppData\Local\Line\bin\4.7.0.1027\LineUpdater.exe FirewallRules: [{00A15F65-1CD2-48A3-8C48-D71F8485296A}] => (Allow) C:\Users\Dan\AppData\Local\Line\bin\4.7.0.1027\LINE.exe FirewallRules: [{9C6FBC50-1AE2-48CA-978D-01B55CF210A3}] => (Allow) C:\Users\Dan\AppData\Local\Line\bin\4.7.0.1027\LINE.exe FirewallRules: [UDP Query User{39031DE4-B4FE-459F-897F-D2C09F08B929}C:\program files (x86)\vuze\azureus.exe] => (Allow) C:\program files (x86)\vuze\azureus.exe FirewallRules: [TCP Query User{53466685-B65E-4DAF-8ACC-20A6AA3531C4}C:\program files (x86)\vuze\azureus.exe] => (Allow) C:\program files (x86)\vuze\azureus.exe FirewallRules: [{000BEDE2-6BE5-43C6-9D9B-7F4D64C62568}] => (Allow) C:\Program Files\Bignox\BigNoxVM\RTNoxVMHandle.exe FirewallRules: [{6ADF1189-1ACF-4440-BD73-3448D42C39ED}] => (Allow) C:\Users\Dan\AppData\Roaming\Nox\bin\Nox.exe FirewallRules: [{07EE5FE7-51B4-42E7-928D-C2F1CC0F477B}] => (Allow) C:\Games\World_of_Warships\worldofwarships.exe FirewallRules: [{D4AC4E76-4554-4F3E-8802-BB2764D79C57}] => (Allow) C:\Games\World_of_Warships\worldofwarships.exe FirewallRules: [{0B6FABD3-43BD-4FED-B5BA-AB5A29368D0B}] => (Allow) C:\Games\World_of_Warships\WoWSLauncher.exe FirewallRules: [{29F10EA1-2174-4084-BF80-D4C1D0797D2A}] => (Allow) C:\Games\World_of_Warships\WoWSLauncher.exe FirewallRules: [{CE0815F6-7355-437C-839D-6B0EE0D7FE15}] => (Block) E:\games\steamapps\common\steamcabal\launcher\launcher.exe FirewallRules: [{82B06EC6-5DFB-4E0F-929A-963B031BF8C7}] => (Block) E:\games\steamapps\common\steamcabal\launcher\launcher.exe FirewallRules: [UDP Query User{36CF998D-4106-4F26-BDBA-A015A87562D1}E:\games\steamapps\common\steamcabal\launcher\launcher.exe] => (Allow) E:\games\steamapps\common\steamcabal\launcher\launcher.exe FirewallRules: [TCP Query User{CC182FD1-CBF9-493B-946A-F62DD02AE5EB}E:\games\steamapps\common\steamcabal\launcher\launcher.exe] => (Allow) E:\games\steamapps\common\steamcabal\launcher\launcher.exe FirewallRules: [UDP Query User{76BF5BE1-DB89-4F7B-9262-C20C12DE71F2}C:\games\grand theft auto v\gta5.exe] => (Allow) C:\games\grand theft auto v\gta5.exe FirewallRules: [TCP Query User{72E3D121-E5A8-4DD8-B9C7-C94CC11B8AC5}C:\games\grand theft auto v\gta5.exe] => (Allow) C:\games\grand theft auto v\gta5.exe FirewallRules: [UDP Query User{4EF974FE-AC8E-4517-A277-A083B2D3FD39}C:\users\dan\appdata\roaming\quarkcoin\quarkcoin-qt.exe] => (Allow) C:\users\dan\appdata\roaming\quarkcoin\quarkcoin-qt.exe FirewallRules: [TCP Query User{92070E17-90CD-4417-945B-EBBBD58DA9B8}C:\users\dan\appdata\roaming\quarkcoin\quarkcoin-qt.exe] => (Allow) C:\users\dan\appdata\roaming\quarkcoin\quarkcoin-qt.exe FirewallRules: [{25B72BCC-1D73-47F3-9470-FF15A290F120}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{EAF501E1-5D96-4FF0-B0E4-4E25AF53C7BB}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{97343B23-F928-48A7-B230-54AAF1F62F50}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{D447A730-1E75-441D-B259-239D4A20444F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [UDP Query User{9475B6DA-8BE4-4C9A-A792-07AB83E533DF}C:\program files\litecoin\litecoin-qt.exe] => (Allow) C:\program files\litecoin\litecoin-qt.exe FirewallRules: [TCP Query User{D2C50B7B-92A8-4CB9-8FC7-F92000EA5C2E}C:\program files\litecoin\litecoin-qt.exe] => (Allow) C:\program files\litecoin\litecoin-qt.exe FirewallRules: [UDP Query User{0F45ABD3-ACCE-45BE-B8F5-579D00CF348E}C:\program files (x86)\litecoin\litecoin-qt.exe] => (Allow) C:\program files (x86)\litecoin\litecoin-qt.exe FirewallRules: [TCP Query User{1D1D8730-C8F5-4456-BDFE-9E7BD87DDCB4}C:\program files (x86)\litecoin\litecoin-qt.exe] => (Allow) C:\program files (x86)\litecoin\litecoin-qt.exe FirewallRules: [UDP Query User{5E6EA196-D91D-4316-96B4-7E71DB72589C}C:\program files (x86)\sierra\swat 4\content\system\swat4.exe] => (Allow) C:\program files (x86)\sierra\swat 4\content\system\swat4.exe FirewallRules: [TCP Query User{0A50A62C-BA9A-4758-A9D9-8B60E73C1555}C:\program files (x86)\sierra\swat 4\content\system\swat4.exe] => (Allow) C:\program files (x86)\sierra\swat 4\content\system\swat4.exe FirewallRules: [{4089D4E4-D792-4818-8E34-FFE83CD51A9D}] => (Block) C:\program files (x86)\secondlifeviewer\slvoice.exe FirewallRules: [{B7F78630-5862-4B00-94E9-965D983F1110}] => (Block) C:\program files (x86)\secondlifeviewer\slvoice.exe FirewallRules: [UDP Query User{58763A45-FC5E-4555-A4F8-CD48F9FB5E4B}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Allow) C:\program files (x86)\secondlifeviewer\slvoice.exe FirewallRules: [TCP Query User{5E00907F-C967-4077-A424-262A80969312}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Allow) C:\program files (x86)\secondlifeviewer\slvoice.exe FirewallRules: [{581448B7-7528-4419-8492-E1BE3CE25C10}] => (Allow) C:\Program Files\Andy\HandyAndy.exe FirewallRules: [{50FC2FE4-841A-4D7F-9343-7DF412DC4055}] => (Allow) C:\Program Files\Andy\HandyAndy.exe FirewallRules: [{909F40BD-3C18-47A6-BFE9-E415D1D72B38}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe FirewallRules: [{3C7C0EE8-26A8-4368-A7EB-69EEF7FC7BD5}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe FirewallRules: [{1A9A7BF5-42DF-40F9-911F-929190DE9E9B}] => (Allow) C:\Program Files\Andy\andy.exe FirewallRules: [{78F04EB0-EC69-4AE3-9BCD-BC26E32CE6D8}] => (Allow) C:\Program Files\Andy\andy.exe FirewallRules: [{D6D7210A-05B2-4950-AE25-C13DAF47B440}] => (Allow) C:\Users\Dan\AppData\Local\Temp\Andy_45.5_x64\Setup.exe FirewallRules: [{4B70166A-05F4-4FEB-B0DE-581E697B8852}] => (Allow) C:\Users\Dan\AppData\Local\Temp\Andy_45.5_x64\Setup.exe FirewallRules: [{ABD97CD1-F655-452C-8F7C-099E52CE82BB}] => (Allow) C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe FirewallRules: [{5304BBB2-75D9-4A1F-A8AC-13A21832115F}] => (Allow) C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe FirewallRules: [{FCF0B1F0-830F-44C5-8D22-D240C0272CA9}] => (Block) C:\users\dan\downloads\bitmessage.exe FirewallRules: [{EB91E122-84C1-47CF-9DBF-C3DFDD78C9A2}] => (Block) C:\users\dan\downloads\bitmessage.exe FirewallRules: [UDP Query User{C0D2160E-45C5-4CB2-9EEC-4984B8BC9A76}C:\users\dan\downloads\bitmessage.exe] => (Allow) C:\users\dan\downloads\bitmessage.exe FirewallRules: [TCP Query User{BFEDA0B8-46DC-4093-BE3A-BA59C4D68D08}C:\users\dan\downloads\bitmessage.exe] => (Allow) C:\users\dan\downloads\bitmessage.exe FirewallRules: [{EC974912-5797-43E8-B9D2-0883FE3BE882}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{6C984D23-E2E0-4E7A-8CB2-CE5D82A236AD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{1E6D4AB4-0E1E-4ABD-9068-6269334F882A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{B02DD16F-0A8E-4ABD-A2D9-C05930BBFB62}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{3603665B-8EAE-41CA-9938-D1614B6804FD}] => (Allow) C:\Program Files (x86)\Naver\LINE\Line.exe FirewallRules: [{B1CE1354-FF59-4A46-AA7F-4F593535F352}] => (Allow) C:\Program Files (x86)\Naver\LINE\Line.exe FirewallRules: [UDP Query User{E757250F-A42C-4677-BDAD-249C01D1A130}C:\program files (x86)\peerunity\peerunity.exe] => (Allow) C:\program files (x86)\peerunity\peerunity.exe FirewallRules: [TCP Query User{4A14BFF1-CB80-42BA-A0E6-33823C906F7F}C:\program files (x86)\peerunity\peerunity.exe] => (Allow) C:\program files (x86)\peerunity\peerunity.exe FirewallRules: [UDP Query User{CC14FE42-BF9E-40E2-B84B-257AE8266B87}C:\users\dan\appdata\roaming\quarkcoin\quarkcoin-qt.exe] => (Allow) C:\users\dan\appdata\roaming\quarkcoin\quarkcoin-qt.exe FirewallRules: [TCP Query User{4BD39E76-691E-464D-8F94-5394CED0138E}C:\users\dan\appdata\roaming\quarkcoin\quarkcoin-qt.exe] => (Allow) C:\users\dan\appdata\roaming\quarkcoin\quarkcoin-qt.exe FirewallRules: [UDP Query User{A1E56447-F348-4D92-B67C-6C7A7029C787}C:\program files (x86)\primecoin\primecoin-qt.exe] => (Allow) C:\program files (x86)\primecoin\primecoin-qt.exe FirewallRules: [TCP Query User{B9D7F293-EAED-4519-BBBA-F4C51A693983}C:\program files (x86)\primecoin\primecoin-qt.exe] => (Allow) C:\program files (x86)\primecoin\primecoin-qt.exe FirewallRules: [UDP Query User{1F21AF50-F4CF-4351-A343-A370F60E53E2}C:\program files (x86)\litecoin\litecoin-qt.exe] => (Allow) C:\program files (x86)\litecoin\litecoin-qt.exe FirewallRules: [TCP Query User{423D0705-D32A-4308-9D26-01FE0E0FCB1A}C:\program files (x86)\litecoin\litecoin-qt.exe] => (Allow) C:\program files (x86)\litecoin\litecoin-qt.exe FirewallRules: [{6EBA80BF-6D84-4B5C-AA1C-B431D3C0428B}] => (Allow) %ProgramFiles% (x86)\MultiTool V2\MultiTool.exe FirewallRules: [{61301D62-466C-462C-AD4C-65B61B8F3C1E}] => (Allow) %ProgramFiles% (x86)\MultiTool V2\MultiTool.exe FirewallRules: [UDP Query User{F7CCECFE-A733-4A0F-A5FF-31B086EAB3D0}C:\program files (x86)\manycam\manycam.exe] => (Allow) C:\program files (x86)\manycam\manycam.exe FirewallRules: [TCP Query User{FC927C80-A0E0-4F1F-A65F-C5D31AD1E580}C:\program files (x86)\manycam\manycam.exe] => (Allow) C:\program files (x86)\manycam\manycam.exe FirewallRules: [UDP Query User{39DE6EC8-05F8-4097-B06F-75750CE53C96}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe FirewallRules: [TCP Query User{8B5066A1-BC8E-442A-B40D-2EDBA50B1C44}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe FirewallRules: [UDP Query User{365FAF24-A8AC-4099-85F2-A337E8D975A0}C:\program files (x86)\huntercoin\huntercoin-qt.exe] => (Allow) C:\program files (x86)\huntercoin\huntercoin-qt.exe FirewallRules: [TCP Query User{3227BCC3-4339-43C9-933F-021828564E6B}C:\program files (x86)\huntercoin\huntercoin-qt.exe] => (Allow) C:\program files (x86)\huntercoin\huntercoin-qt.exe FirewallRules: [UDP Query User{8BE6C761-757C-418E-A153-4BC1103CC44A}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe FirewallRules: [TCP Query User{F2ADD05A-8589-4644-9AD1-4FA275E7411D}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe FirewallRules: [{4933C144-A0E9-400E-9525-0626BBE4E321}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe FirewallRules: [{9BBA9312-6158-48FE-BD0F-83621CFAF46A}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe FirewallRules: [{15D59E53-E5FA-4F04-9135-8837328F22DE}] => (Allow) C:\Program Files (x86)\Fiddler2\Fiddler.exe FirewallRules: [{9C3DCE6D-90B4-49FF-BB29-96DDBB6642D7}] => (Allow) C:\Program Files (x86)\Naver\LINE\Line.exe FirewallRules: [{6C330BB5-0C96-4FF5-951C-8CB6F3CDFDCE}] => (Allow) C:\Program Files (x86)\Naver\LINE\Line.exe FirewallRules: [{2B0A9CD2-BBE3-43C4-BE2F-74EF522E90CD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{8DB29B7B-BEBA-4E79-82D9-138EB1870934}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{CB68F697-494E-4251-8CEB-E36E7A05A6EB}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe FirewallRules: [{5069F59E-CB6F-43B8-93A0-F07702870259}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{4285960A-CBE1-4DB3-9095-191E85F1F1AB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{849B581F-4293-4BE1-B02B-1E9BF319955E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{FC1F660B-688D-4924-8566-BB2974A509AA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{AB08FFC9-1DA7-4F94-AE32-C5CC76BDBD0A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{BE2CC715-F6E1-496A-903E-8C50EAECEA54}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{0B8D8B44-BD54-4BCC-82C0-54409558B759}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{CFEA6052-80A5-42C1-859A-2D2B5BE3708E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [UDP Query User{024AE92D-D783-4744-A956-3B228F4562C3}C:\program files (x86)\dogecoin\dogecoin-qt.exe] => (Allow) C:\program files (x86)\dogecoin\dogecoin-qt.exe FirewallRules: [TCP Query User{4216ACCD-CBA0-4E17-9533-C2F0EFD04F7C}C:\program files (x86)\dogecoin\dogecoin-qt.exe] => (Allow) C:\program files (x86)\dogecoin\dogecoin-qt.exe FirewallRules: [{4EB637AF-7AAD-4A1E-B0C5-73C2ABE7B4E6}] => (Allow) C:\Program Files (x86)\DTLSoft\DriveTheLife\download\MiniThunderPlatform.exe FirewallRules: [{E2622863-3207-4880-964D-7BD7D33F9FE5}] => (Allow) C:\Program Files (x86)\DTLSoft\DriveTheLife\DTLService.exe FirewallRules: [{E5ACC65C-B4CA-4FD8-8A90-62E93113658D}] => (Allow) C:\Program Files (x86)\DTLSoft\DriveTheLife\DriveTheLife.exe FirewallRules: [{7C1154A3-AA4A-4C90-AB3F-E3060D7DB9C5}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [UDP Query User{1C4365BE-3505-449D-9F7D-9EAFB4B20AE4}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe] => (Block) C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe FirewallRules: [TCP Query User{A0B70BDB-77C0-4382-B4EA-9C96DBC3BE3E}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe] => (Block) C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe FirewallRules: [UDP Query User{7119C0A7-9483-434B-8F14-8F28FC0D39AC}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe FirewallRules: [TCP Query User{943405E3-0C3F-4EFE-860A-4FDCACD04AD9}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe FirewallRules: [UDP Query User{AC6162A9-F647-4250-8775-0C3E4C2AFCD6}C:\users\dan\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Block) C:\users\dan\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe FirewallRules: [TCP Query User{B9139CB5-7D9B-4368-897C-266FA08CD8FB}C:\users\dan\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Block) C:\users\dan\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe FirewallRules: [UDP Query User{371F154F-D1CD-40A8-AE47-5D200F9B295E}C:\program files (x86)\paycoin\paycoin.exe] => (Allow) C:\program files (x86)\paycoin\paycoin.exe FirewallRules: [TCP Query User{D67F8877-930A-49AA-8E96-0F5923F3565A}C:\program files (x86)\paycoin\paycoin.exe] => (Allow) C:\program files (x86)\paycoin\paycoin.exe FirewallRules: [UDP Query User{E12CE1E4-6018-4D64-8551-2A38C7B71BA5}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{6190AC66-CF36-4434-895E-FA80A4A1B5A1}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{A1F832CD-6118-4F7B-8AC7-FCA1FF6A827E}C:\program files (x86)\paycoin\paycoin.exe] => (Allow) C:\program files (x86)\paycoin\paycoin.exe FirewallRules: [TCP Query User{ABE029C0-7BD3-425B-A886-7E8CBCD7B6E8}C:\program files (x86)\paycoin\paycoin.exe] => (Allow) C:\program files (x86)\paycoin\paycoin.exe FirewallRules: [UDP Query User{6DCBDF40-F763-4364-ACEC-E0160D48CD35}F:\e-currencys\quarkcoin\quarkcoin-qt.exe] => (Allow) F:\e-currencys\quarkcoin\quarkcoin-qt.exe FirewallRules: [TCP Query User{B716E153-A905-4BEB-8777-B6C0E6D96401}F:\e-currencys\quarkcoin\quarkcoin-qt.exe] => (Allow) F:\e-currencys\quarkcoin\quarkcoin-qt.exe FirewallRules: [UDP Query User{3DBB2C7A-2ED0-4476-845E-5514523B50F2}F:\bitcoins\dogecoin\dogecoin-qt.exe] => (Allow) F:\bitcoins\dogecoin\dogecoin-qt.exe FirewallRules: [TCP Query User{E23A0796-1231-4C28-A288-488866DBCBCE}F:\bitcoins\dogecoin\dogecoin-qt.exe] => (Allow) F:\bitcoins\dogecoin\dogecoin-qt.exe FirewallRules: [UDP Query User{8BBCE6E3-05EE-47A7-9A9B-1DEC058AA7D0}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe FirewallRules: [TCP Query User{0155E8D8-568B-4322-9241-4CA641320B31}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe FirewallRules: [UDP Query User{8F4419C7-837D-4ABF-90FC-1B5D7868E1E3}C:\program files (x86)\dogecoin\dogecoin-qt.exe] => (Allow) C:\program files (x86)\dogecoin\dogecoin-qt.exe FirewallRules: [TCP Query User{4E932DD0-9FA0-48B2-A612-9092051DD111}C:\program files (x86)\dogecoin\dogecoin-qt.exe] => (Allow) C:\program files (x86)\dogecoin\dogecoin-qt.exe FirewallRules: [UDP Query User{0D95B1A8-7002-42D9-83DA-1B6F6EB71430}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{F4FF90B7-6A72-4127-9F4F-0CE161DDFD19}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{0409F56D-68FE-42CB-91FD-82D11AE229DA}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe] => (Allow) C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe FirewallRules: [TCP Query User{7E097C68-0FD9-4FC9-B2D5-E641DCDCE35C}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe] => (Allow) C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe FirewallRules: [TCP Query User{56EE4C9B-E05E-4111-AB5C-B16212489435}C:\program files\litecoin\litecoin-qt.exe] => (Allow) C:\program files\litecoin\litecoin-qt.exe FirewallRules: [UDP Query User{376E2F4F-47E5-417F-B2D6-0D101FD56CA7}C:\program files\litecoin\litecoin-qt.exe] => (Allow) C:\program files\litecoin\litecoin-qt.exe FirewallRules: [TCP Query User{CAD8F543-A4F1-4D25-B66F-7D98E216D6B2}C:\games\grand theft auto v\gta5.exe] => (Allow) C:\games\grand theft auto v\gta5.exe FirewallRules: [UDP Query User{6E09CCB1-51F8-4A2E-8D58-F12CE16E4EB3}C:\games\grand theft auto v\gta5.exe] => (Allow) C:\games\grand theft auto v\gta5.exe FirewallRules: [TCP Query User{898B091E-8385-4317-A4AB-CCD1EF2C1217}C:\users\dan\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\dan\appdata\roaming\gameranger\gameranger\gameranger.exe FirewallRules: [UDP Query User{1DBE744F-3EB6-4468-9C76-83FEC83991A0}C:\users\dan\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\dan\appdata\roaming\gameranger\gameranger\gameranger.exe FirewallRules: [TCP Query User{EAAF68A2-3828-4673-81BF-DAE70F9D4D9B}C:\program files (x86)\sierra\swat 4\content\system\swat4dedicatedserver.exe] => (Allow) C:\program files (x86)\sierra\swat 4\content\system\swat4dedicatedserver.exe FirewallRules: [UDP Query User{A7476AE7-C311-4D3A-97FA-BF9FDF04FDE1}C:\program files (x86)\sierra\swat 4\content\system\swat4dedicatedserver.exe] => (Allow) C:\program files (x86)\sierra\swat 4\content\system\swat4dedicatedserver.exe FirewallRules: [TCP Query User{CA957408-8F22-412A-9E22-D6EA56EA4BC5}C:\program files (x86)\sierra\swat 4\content\system\swat4.exe] => (Allow) C:\program files (x86)\sierra\swat 4\content\system\swat4.exe FirewallRules: [UDP Query User{D6FC9DC7-62D9-41C8-B555-F5A2A466E1EB}C:\program files (x86)\sierra\swat 4\content\system\swat4.exe] => (Allow) C:\program files (x86)\sierra\swat 4\content\system\swat4.exe FirewallRules: [{3C99E3FE-7139-4F4E-B148-F189DA88567D}] => (Allow) LPort=10488 FirewallRules: [{FFA315B5-7C9B-433B-BC10-C1EBEE787CA6}] => (Allow) LPort=10487 FirewallRules: [TCP Query User{067F1ACC-D4C0-4D95-9991-974A3AC31362}C:\program files (x86)\coffeecup software\free ftp\freeftp.exe] => (Allow) C:\program files (x86)\coffeecup software\free ftp\freeftp.exe FirewallRules: [UDP Query User{F19758DA-1CF8-4C40-B954-D564FD64F75E}C:\program files (x86)\coffeecup software\free ftp\freeftp.exe] => (Allow) C:\program files (x86)\coffeecup software\free ftp\freeftp.exe FirewallRules: [{65B44933-31DD-49BE-8C25-F55B389C7FE2}] => (Allow) C:\Program Files\SmartFTP Client\SmartFTP.exe FirewallRules: [{90203753-796C-4B5C-BBCD-8514E89FA660}] => (Allow) C:\Program Files\SmartFTP Client\SmartFTP.exe FirewallRules: [TCP Query User{E5FF00C4-4D85-4FD1-9997-99F8CA4F1276}C:\program files (x86)\peerunity\peerunity.exe] => (Allow) C:\program files (x86)\peerunity\peerunity.exe FirewallRules: [UDP Query User{3A26E908-D349-43F0-8E42-8DD4F130D886}C:\program files (x86)\peerunity\peerunity.exe] => (Allow) C:\program files (x86)\peerunity\peerunity.exe FirewallRules: [TCP Query User{43A31637-0F31-4B03-8DDE-0F2468BF2C32}C:\users\dan\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\dan\appdata\roaming\gameranger\gameranger\gameranger.exe FirewallRules: [UDP Query User{907F8EE1-8A10-4946-AE8A-082DC4954980}C:\users\dan\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\dan\appdata\roaming\gameranger\gameranger\gameranger.exe FirewallRules: [TCP Query User{B2572667-9AFD-4AED-9483-1AE85D58BAB6}C:\program files\java\jre1.8.0_65\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_65\bin\javaw.exe FirewallRules: [UDP Query User{97170B63-1D1D-47FA-8C43-8B34A1B310F1}C:\program files\java\jre1.8.0_65\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_65\bin\javaw.exe FirewallRules: [{36ABAECB-0795-4258-BA74-D57DFE4241D1}] => (Allow) C:\Users\Dan\Downloads\betternetInstaller-65198032.exe FirewallRules: [{85E6FDBF-C508-4799-BCD7-67646705AD70}] => (Allow) C:\Users\Dan\Downloads\betternetInstaller-65198032.exe FirewallRules: [{498DC84F-A3A9-4FA4-9E63-5C4BE1D30E69}] => (Allow) C:\Program Files (x86)\GSA Search Engine Ranker\Search_Engine_Ranker.exe FirewallRules: [{C2B368B8-7FFD-4D94-95AF-372C2F69F9F7}] => (Allow) C:\Program Files (x86)\GSA Search Engine Ranker\Search_Engine_Ranker.exe FirewallRules: [{B19A0A66-3346-43F7-8B57-930ABF46090B}] => (Allow) C:\Program Files (x86)\GSA Search Engine Ranker\Search_Engine_Ranker.exe FirewallRules: [{C58D8741-8EF1-4E8C-BA6F-1A5F13EA3EFC}] => (Block) LPort=554 FirewallRules: [{7493A75B-648C-41F4-AB3A-5154C6630A10}] => (Block) LPort=445 FirewallRules: [{DD4225A5-E79F-4F2D-BA25-BD10CBE602B5}] => (Block) LPort=139 FirewallRules: [{EA69B1BE-6CDE-4C2C-A0A9-C9C9D9920581}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{19334ADA-22F3-4279-825A-F5DF01724C1D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{4527199B-D204-422E-9AF0-A7CE6E9FED49}E:\camfrog server\camfrogserver.exe] => (Allow) E:\camfrog server\camfrogserver.exe FirewallRules: [UDP Query User{E20D83F4-CF41-42EE-8C3D-526CE5CDE482}E:\camfrog server\camfrogserver.exe] => (Allow) E:\camfrog server\camfrogserver.exe FirewallRules: [{F7539AE6-707F-4EF5-A0F9-F772CD888884}] => (Block) E:\camfrog server\camfrogserver.exe FirewallRules: [{C9E55730-EDA8-49DC-B593-464CD95C4C00}] => (Block) E:\camfrog server\camfrogserver.exe ==================== Restore Points ========================= 08-09-2016 21:46:28 Windows Update ==================== Faulty Device Manager Devices ============= Name: TAP-Windows Adapter V9 Description: TAP-Windows Adapter V9 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: TAP-Windows Provider V9 Service: tap0901 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: PdaNet Broadband Adapter Description: PdaNet Broadband Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: June Fabrics Technology Inc. Service: pneteth Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: VMware Virtual Ethernet Adapter for VMnet1 Description: VMware Virtual Ethernet Adapter for VMnet1 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: VMware, Inc. Service: VMnetAdapter Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: VMware Virtual Ethernet Adapter for VMnet8 Description: VMware Virtual Ethernet Adapter for VMnet8 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: VMware, Inc. Service: VMnetAdapter Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Realtek PCIe FE Family Controller Description: Realtek PCIe FE Family Controller Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Realtek Service: rt640x64 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (09/10/2016 05:32:57 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Dan-PC) Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023673 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (09/10/2016 04:05:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Dan-PC) Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023673 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (09/10/2016 10:27:03 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Dan-PC) Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023673 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (09/10/2016 08:58:09 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid. . Operation: Executing Asynchronous Operation Context: Current State: DoSnapshotSet Error: (09/10/2016 08:30:29 AM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8. Component identity found in manifest does not match the identity of the component requested. Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use sxstrace.exe for detailed diagnosis. Error: (09/10/2016 01:32:33 AM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8. Component identity found in manifest does not match the identity of the component requested. Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use sxstrace.exe for detailed diagnosis. Error: (09/10/2016 01:22:05 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 2.3.173.0, time stamp: 0x56e065b4 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id: 0x1be4 Faulting application start time: 0x01d20b21d4eec56d Faulting application path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe Faulting module path: C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll Report Id: bb22472d-1919-4727-a77d-977c6c794b7e Faulting package full name: Faulting package-relative application ID: Error: (09/10/2016 01:11:58 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbamservice.exe, version: 3.2.21.0, time stamp: 0x56bd3616 Faulting module name: mbamservice.exe, version: 3.2.21.0, time stamp: 0x56bd3616 Exception code: 0x40000015 Fault offset: 0x000ad2a6 Faulting process id: 0x77c Faulting application start time: 0x01d20b21d7f0817a Faulting application path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe Faulting module path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe Report Id: 3bb1fae1-7cbf-4afb-b102-a52b60d2d03b Faulting package full name: Faulting package-relative application ID: Error: (09/10/2016 01:02:08 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Dan-PC) Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2147023673 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (09/10/2016 01:00:51 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbamservice.exe, version: 3.2.21.0, time stamp: 0x56bd3616 Faulting module name: mbamservice.exe, version: 3.2.21.0, time stamp: 0x56bd3616 Exception code: 0x40000015 Fault offset: 0x000ad2a6 Faulting process id: 0x9b4 Faulting application start time: 0x01d20b20378696b1 Faulting application path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe Faulting module path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe Report Id: 7e123048-d981-4c82-9917-f2b5202ac29e Faulting package full name: Faulting package-relative application ID: System errors: ============= Error: (09/10/2016 04:13:50 PM) (Source: DCOM) (EventID: 10010) (User: Dan-PC) Description: The server {21F282D1-A881-49E1-9A3A-26E44E39B86C} did not register with DCOM within the required timeout. Error: (09/10/2016 04:11:50 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (09/10/2016 04:11:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The MBAMScheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (09/10/2016 04:11:36 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect. Error: (09/10/2016 04:11:33 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion. Error: (09/10/2016 04:11:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The NetTcpPortSharing service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (09/10/2016 04:11:33 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the NetTcpPortSharing service to connect. Error: (09/10/2016 04:11:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The MBAMService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (09/10/2016 04:11:33 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the MBAMService service to connect. Error: (09/10/2016 04:11:03 PM) (Source: SbieSvc) (EventID: 9234) (User: ) Description: SBIE9234 Service startup error level 9153 status=C0000001 error=-1073741823 CodeIntegrity: =================================== Date: 2016-09-10 16:10:54.605 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-09-10 09:23:54.807 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-09-10 08:37:26.288 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-09-10 01:00:01.637 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-09-09 23:09:45.313 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-09-09 22:14:36.524 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-09-09 21:50:10.675 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-09-09 21:41:50.612 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-09-09 02:10:05.424 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-09-09 01:09:10.793 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz Percentage of memory in use: 29% Total physical RAM: 8054.84 MB Available physical RAM: 5679.83 MB Total Virtual: 16246.84 MB Available Virtual: 13695.98 MB ==================== Drives ================================ Drive c: (TI105322W0F) (Fixed) (Total:453.08 GB) (Free:65.15 GB) NTFS ==>[system with boot components (obtained from drive)] Drive e: (New Volume) (Fixed) (Total:596.17 GB) (Free:459.52 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: B9FF68F3) Partition 1: (Active) - (Size=1.5 GB) - (Type=27) Partition 2: (Not Active) - (Size=453.1 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=833 MB) - (Type=27) Partition 4: (Not Active) - (Size=10.4 GB) - (Type=17) ======================================================== Disk: 1 (Size: 596.2 GB) (Disk ID: 564F5F95) Partition 1: (Not Active) - (Size=596.2 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
  5. Ok, scans finished thanks you here is logs: RogueKiller V12.6.1.0 (x64) [Sep 6 2016] (Free) by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/download/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 10 (10.0.14393) 64 bits version Started in : Normal mode User : Dan [Administrator] Started from : C:\Program Files\RogueKiller\RogueKiller64.exe Mode : Delete -- Date : 09/09/2016 23:20:00 (Duration : 01:23:28) ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 2 ¤¤¤ [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{2a7802c7-7593-4530-bf6f-4ea1aac18ac4} | DhcpNameServer : 10.4.0.1 ([]) -> Replaced () [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{2a7802c7-7593-4530-bf6f-4ea1aac18ac4} | DhcpNameServer : 10.4.0.1 ([]) -> Replaced () ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS545050B9A300 +++++ --- User --- [MBR] 3eac25a1516445ceb54c4b59009d1217 [BSP] 33e8435467f816891a07df950e551886 : HP MBR Code Partition table: 0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 463950 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 953245696 | Size: 833 MB 3 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 954951680 | Size: 10655 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: WD Elements 1023 USB Device +++++ --- User --- [MBR] 9b40f9b9fa797f6bc1c411a6383b2433 [BSP] a5de100328dd96295994e8e7d6fccb65 : Unknown MBR Code Partition table: 0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 610475 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK Error reading LL2 MBR! ([32] The request is not supported. ) ------------------------------------------------------------------------------------------------------------------------------------------ Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 9/10/2016 Scan Time: 1:38 AM Logfile: mbam.txt Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.09.10.01 Rootkit Database: v2016.08.15.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 10 CPU: x64 File System: NTFS User: Dan Scan Type: Threat Scan Result: Completed Objects Scanned: 415105 Time Elapsed: 51 min, 30 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) ---------------------------------------------------------------------------------------------------------------------------------------- # AdwCleaner v6.010 - Logfile created 10/09/2016 at 08:30:24 # Updated on 12/08/2016 by ToolsLib # Database : 2016-09-10.1 [Server] # Operating System : Windows 10 Home (X64) # Username : Dan - DAN-PC # Running from : C:\Users\Dan\Desktop\adwcleaner_6.010.exe # Mode: Clean # Support : https://toolslib.net/forum ***** [ Services ] ***** ***** [ Folders ] ***** [-] Folder deleted: C:\ScreenShot ***** [ Files ] ***** [-] File deleted: C:\Users\Dan\AppData\Local\Microsoft\Internet Explorer\DOMStore\DXJ239K6\televisionfanatic.dl.tb.ask[1].xml ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled Tasks ] ***** ***** [ Registry ] ***** ***** [ Web browsers ] ***** ************************* :: "Tracing" keys deleted :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [892 Bytes] - [10/09/2016 08:30:24] C:\AdwCleaner\AdwCleaner[S0].txt - [1218 Bytes] - [10/09/2016 02:15:20] C:\AdwCleaner\AdwCleaner[S1].txt - [1291 Bytes] - [10/09/2016 08:18:49] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1110 Bytes] ########## -------------------------------------------------------------------------------------------------------------------------------- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.0.7 (07.03.2016) Operating System: Windows 10 Home x64 Ran by Dan (Administrator) on Sat 09/10/2016 at 8:57:11.08 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 1 Successfully deleted: C:\Users\Dan\AppData\Local\crashrpt (Folder) Registry: 1 Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{88B1022D-34D8-49BE-8A5B-535422D035A1} (Registry Key) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sat 09/10/2016 at 9:17:58.22 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  6. My Malwarebytes wont start up with windows sometimes. Also I can see my antivirus just go away from my task bar. Not sure whats going on please help here is FRST log: wqoScan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016 Ran by Dan (administrator) on DAN-PC (09-09-2016 09:27:32) Running from C:\Users\Dan\Desktop Loaded Profiles: Dan (Available Profiles: Dan & DefaultAppPool) Platform: Windows 10 Home Version 1607 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Edge) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Windows\System32\mqsvc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Google Inc.) C:\Program Files (x86)\Google\Google Sitemap Generator\SitemapService.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe (Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-08-22] (Realtek Semiconductor) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3933496 2012-09-20] (Logitech, Inc.) HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1610936 2016-07-11] (COMODO) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944648 2015-08-22] (Synaptics Incorporated) HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\...\Run: [Google Update] => C:\Users\Dan\AppData\Local\Google\Update\GoogleUpdate.exe [107848 2015-05-14] (Google Inc.) HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files (x86)\DAEMON Tools Lite\DTAgent.exe [4468056 2015-09-15] (Disc Soft Ltd) HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3883856 2009-07-26] (Microsoft Corporation) HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110376 2016-09-02] (Siber Systems) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HandyAndy.lnk [2016-01-04] ShortcutTarget: HandyAndy.lnk -> C:\Program Files\Andy\HandyAndy.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{2a7802c7-7593-4530-bf6f-4ea1aac18ac4}: [DhcpNameServer] 10.4.0.1 Tcpip\..\Interfaces\{C932D2DC-603A-4CE0-8A4F-0007DB8566DF}: [NameServer] 8.8.8.8 8.8.4.4 Tcpip\..\Interfaces\{e9a8016c-db52-4631-8397-50afc0c28f43}: [NameServer] 71.10.216.1,71.10.216.2 Tcpip\..\Interfaces\{f4fe6a86-0552-4606-866b-4d5d78c5fee8}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset SearchScopes: HKLM -> {88B1022D-34D8-49BE-8A5B-535422D035A1} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA SearchScopes: HKLM-x32 -> {B1D1EC45-E08F-4184-8807-C75BE7B98131} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-3476291681-2796092440-1313146854-1000 -> {1B67FD76-466C-4AB1-96F2-EDEEACB2E436} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA SearchScopes: HKU\S-1-5-21-3476291681-2796092440-1313146854-1000 -> {88B1022D-34D8-49BE-8A5B-535422D035A1} URL = SearchScopes: HKU\S-1-5-21-3476291681-2796092440-1313146854-1000 -> {B404C806-FF88-4B55-9AF7-A78A21FE4A40} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default SearchScopes: HKU\S-1-5-21-3476291681-2796092440-1313146854-1000 -> {DDC667D0-6172-4F63-84C8-5718A7CFE10B} URL = hxxp://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-09-02] (Siber Systems Inc.) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation) BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2016-09-02] (Siber Systems Inc.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-07-22] (Oracle Corporation) BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> C:\Program Files (x86)\Arc\Plugins\ArcPluginIE.dll [2016-08-12] (Perfect World Entertainment Inc) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-22] (Oracle Corporation) Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-09-02] (Siber Systems Inc.) Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2016-09-02] (Siber Systems Inc.) Toolbar: HKU\S-1-5-21-3476291681-2796092440-1313146854-1000 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-09-02] (Siber Systems Inc.) Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\q4fck7g2.default-1456504766998 FF DefaultSearchEngine.US: Google FF Homepage: google.com FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2016-02-28] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2016-02-28] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2016-02-28] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2016-02-28] (Foxit Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-22] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-22] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation) FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin -> C:\Program Files (x86)\Arc\Plugins\npArcPluginFF.dll [2016-08-12] (Perfect World Entertainment Inc) FF Plugin-x32: @siber.com/RoboForm -> C:\Program Files (x86)\Siber Systems\AI RoboForm\chrome\plugin\np-rf-plugin.dll [2016-09-02] (Siber Systems Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN) FF Plugin HKU\S-1-5-21-3476291681-2796092440-1313146854-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Dan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google) FF Plugin HKU\S-1-5-21-3476291681-2796092440-1313146854-1000: @talk.google.com/O1DPlugin -> C:\Users\Dan\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google) FF Plugin HKU\S-1-5-21-3476291681-2796092440-1313146854-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Dan\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.) FF Plugin HKU\S-1-5-21-3476291681-2796092440-1313146854-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Dan\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.) FF Plugin HKU\S-1-5-21-3476291681-2796092440-1313146854-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Dan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-12-17] (Unity Technologies ApS) FF Plugin ProgramFiles/Appdata: C:\Users\Dan\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google) FF Plugin ProgramFiles/Appdata: C:\Users\Dan\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google) FF Extension: (Flash and Video Download) - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\q4fck7g2.default-1456504766998\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2016-08-17] FF Extension: (1-Click YouTube Video Downloader) - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\q4fck7g2.default-1456504766998\extensions\YoutubeDownloader@PeterOlayev.com.xpi [2016-08-23] FF Extension: (Firefox Hotfix) - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\q4fck7g2.default-1456504766998\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-08] FF Extension: (Video Downloader Prime) - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\q4fck7g2.default-1456504766998\Extensions\jid1-i6dUGvCrz2WZu8@jetpack.xpi [2016-08-08] FF Extension: (Video DownloadHelper) - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\q4fck7g2.default-1456504766998\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-08-08] FF Extension: (ADB Helper) - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\7z6i1g18.dev-edition-default\Extensions\adbhelper@mozilla.org [2016-08-08] FF Extension: (Valence) - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\7z6i1g18.dev-edition-default\Extensions\fxdevtools-adapters@mozilla.org [2016-08-08] FF Extension: (Skype) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25] FF HKLM-x32\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] - C:\Program Files (x86)\Fiddler2\FiddlerHook FF Extension: (FiddlerHook) - C:\Program Files (x86)\Fiddler2\FiddlerHook [2015-04-06] [not signed] FF HKLM-x32\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\netsight@nielsen.xpi => not found FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi FF Extension: (RoboForm Toolbar) - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi [2016-09-02] FF HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Firefox Developer Edition\firefox.exe Chrome: ======= CHR StartupUrls: Default -> "hxxps://us.yahoo.com/?fr=fpc-comodo&type=33010001006_8.4.0.5068_u_hp_sp" CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=orcl_default CHR DefaultSearchKeyword: Default -> Yahoo CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10 CHR Profile: C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Skype) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-06-05] CHR Extension: (Chrome RDP for Google Cloud Platform) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpbbnannobiobpnfblimoapbephgifkm [2016-05-21] CHR Extension: (Chrome Web Store Payments) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-20] CHR Extension: (Yahoo Partner) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nogdfjjfhknacchjpiccacoimeelkajb [2016-05-20] CHR Extension: (RoboForm Password Manager) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2016-03-19] CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2015-04-09] CHR HKLM-x32\...\Chrome\Extension: [gihfmmedoddijgnhkgfgnkeohkpbipol] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25] CHR HKLM-x32\...\Chrome\Extension: [nogdfjjfhknacchjpiccacoimeelkajb] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2015-04-09] Opera: ======= OPR Extension: (2048 AI - bitcoin) - C:\Users\Dan\AppData\Roaming\Opera Software\Opera Stable\Extensions\chfnopmklmpinabemlmldefhbhgkglmc [2015-12-03] OPR Extension: (RoboForm) - C:\Program Files (x86)\Siber Systems\AI RoboForm\Opera [2015-12-30] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2015-09-29] (SUPERAntiSpyware.com) S3 ArcService; C:\Program Files (x86)\Arc\ArcService.exe [88024 2016-08-12] (Perfect World Entertainment Inc) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-27] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-27] (Microsoft Corporation) S4 camfrog_update_service; C:\Program Files (x86)\Camfrog\Camfrog Video Chat\update\cf_update_service.exe [1063968 2016-03-15] (Camshare Inc.) R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70848 2015-09-13] (Comodo Security Solutions, Inc.) R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5817256 2016-07-11] (COMODO) S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2271928 2016-07-11] (COMODO) S3 Disc Soft Lite Bus Service; C:\Program Files (x86)\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-09-15] (Disc Soft Ltd) R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [242880 2015-08-27] (Foxit Software Inc.) S4 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-09-13] (Comodo Security Solutions, Inc.) R2 GoogleSitemapGenerator; C:\Program Files (x86)\Google\Google Sitemap Generator\SitemapService.exe [704512 2009-12-31] (Google Inc.) [File not signed] R2 LMS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [262144 2009-09-30] (Intel Corporation) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-27] (Malwarebytes) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-27] (Malwarebytes) S2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174088 2014-05-29] (Sandboxie Holdings, LLC) R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-06-13] (DEVGURU Co., LTD.) R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-08-22] (Synaptics Incorporated) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7534864 2016-08-31] (TeamViewer GmbH) S4 UNS; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2314240 2009-09-30] (Intel Corporation) [File not signed] S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [32224 2016-07-10] (COMODO) R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [851864 2016-07-10] (COMODO) R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [45600 2016-07-10] (COMODO) R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-09-15] (Disc Soft Ltd) R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-07-22] () R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [127232 2015-08-05] (COMODO) R3 ManyCam; C:\Windows\system32\DRIVERS\mcvidrv.sys [49304 2014-12-29] (Visicom Media Inc.) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-27] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-09-09] (Malwarebytes) S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-27] (Malwarebytes Corporation) R3 mcaudrv_simple; C:\Windows\system32\drivers\mcaudrv_x64.sys [35992 2014-12-28] (Visicom Media Inc.) S3 MWAC; \??\C:\WINDOWS\SysWOW64\drivers\ [0 ] () <==== ATTENTION (zero byte File/Folder) S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () S3 npf; C:\Windows\System32\drivers\npf.sys [36600 2015-11-15] (Riverbed Technology, Inc.) S3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek ) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-05-29] (Sandboxie Holdings, LLC) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-06-12] (Synaptics Incorporated) R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [45728 2015-08-22] (Toshiba Corporation) S1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [117768 2015-10-25] (Oracle Corporation) R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [146584 2015-10-15] (Oracle Corporation) R1 VBoxUSBMon; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [127432 2015-09-16] (BigNox Corporation) R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) R1 XQHDrv; C:\Windows\system32\DRIVERS\XQHDrv.sys [253384 2016-03-16] (BigNox Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-09-09 09:27 - 2016-09-09 09:28 - 00024614 _____ C:\Users\Dan\Desktop\FRST.txt 2016-09-09 09:27 - 2016-09-09 09:27 - 00000000 ____D C:\FRST 2016-09-09 09:10 - 2016-09-09 09:27 - 02397696 _____ (Farbar) C:\Users\Dan\Desktop\FRST64.exe 2016-09-08 21:45 - 2016-09-08 21:45 - 23682560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 22571008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 19418624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 08124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 06044672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 04612096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 04130944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 03893376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 02913104 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 02289664 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 02190688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2016-09-08 21:45 - 2016-09-08 21:45 - 02166232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 01992704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 01859264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 01453992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 01430200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 01403392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Editing.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 01282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 01081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 01077760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 01071728 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 00804864 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 00743424 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 00554496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe 2016-09-08 21:45 - 2016-09-08 21:45 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 00244816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\C_G18030.DLL 2016-09-08 21:45 - 2016-09-08 21:45 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\C_G18030.DLL 2016-09-08 21:45 - 2016-09-08 21:45 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe 2016-09-08 21:45 - 2016-09-08 21:45 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe 2016-09-08 21:45 - 2016-09-08 21:45 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe 2016-09-08 21:45 - 2016-09-08 21:45 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 00121368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 00073568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys 2016-09-08 21:45 - 2016-09-08 21:45 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll 2016-09-08 21:45 - 2016-09-08 21:45 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\C_IS2022.DLL 2016-09-08 21:45 - 2016-09-08 21:45 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\C_IS2022.DLL 2016-09-08 21:44 - 2016-09-08 21:44 - 22218808 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 20965240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 19423232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 09128448 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 07624192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 07219672 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 05722312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 03245056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 02846208 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 02711040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 02315264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 02264064 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 02143232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 01690112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 01643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 01377008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe 2016-09-08 21:44 - 2016-09-08 21:44 - 01279328 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 01267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 01220608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 01099608 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2016-09-08 21:44 - 2016-09-08 21:44 - 01014784 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 01006080 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 00987992 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2016-09-08 21:44 - 2016-09-08 21:44 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 00857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe 2016-09-08 21:44 - 2016-09-08 21:44 - 00852824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 00846552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 00806912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 00782176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe 2016-09-08 21:44 - 2016-09-08 21:44 - 00726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 00681312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ClipSp.sys 2016-09-08 21:44 - 2016-09-08 21:44 - 00658776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2016-09-08 21:44 - 2016-09-08 21:44 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2016-09-08 21:44 - 2016-09-08 21:44 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 00204288 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\DscCoreConfProv.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 00178528 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ClipboardServer.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 00141824 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\SysWOW64\DscCoreConfProv.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe 2016-09-08 21:44 - 2016-09-08 21:44 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2016-09-08 21:44 - 2016-09-08 21:44 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerSvc.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\delegatorprovider.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi_passthru.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\smphost.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smphost.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\delegatorprovider.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi_passthru.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\c_GSM7.DLL 2016-09-08 21:43 - 2016-09-08 21:43 - 07814488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2016-09-08 21:43 - 2016-09-08 21:43 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 03617792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2016-09-08 21:43 - 2016-09-08 21:43 - 03299328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe 2016-09-08 21:43 - 2016-09-08 21:43 - 03105792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe 2016-09-08 21:43 - 2016-09-08 21:43 - 02999296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2016-09-08 21:43 - 2016-09-08 21:43 - 02680832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 02537824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2016-09-08 21:43 - 2016-09-08 21:43 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 02257248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2016-09-08 21:43 - 2016-09-08 21:43 - 01906176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 01883784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 01875456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 01570680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 01349120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2016-09-08 21:43 - 2016-09-08 21:43 - 01316352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 01264912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 01163696 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2016-09-08 21:43 - 2016-09-08 21:43 - 01106944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 01046976 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2016-09-08 21:43 - 2016-09-08 21:43 - 00944640 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 00942424 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi 2016-09-08 21:43 - 2016-09-08 21:43 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 00885832 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2016-09-08 21:43 - 2016-09-08 21:43 - 00807776 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe 2016-09-08 21:43 - 2016-09-08 21:43 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe 2016-09-08 21:43 - 2016-09-08 21:43 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 00642048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe 2016-09-08 21:43 - 2016-09-08 21:43 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe 2016-09-08 21:43 - 2016-09-08 21:43 - 00590952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.UXRes.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.UXRes.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe 2016-09-08 21:43 - 2016-09-08 21:43 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 00410624 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfksproxy.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipboardServer.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2016-09-08 21:43 - 2016-09-08 21:43 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfksproxy.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 00108384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys 2016-09-08 21:43 - 2016-09-08 21:43 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CastLaunch.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys 2016-09-08 21:43 - 2016-09-08 21:43 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\encapi.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\encapi.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 00020320 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\c_GSM7.DLL 2016-09-08 21:43 - 2016-08-20 01:21 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2016-09-08 21:43 - 2016-08-20 01:16 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2016-09-08 21:43 - 2016-08-18 21:33 - 00162850 _____ C:\WINDOWS\system32\C_932.NLS 2016-09-08 20:07 - 2016-09-08 18:35 - 00000000 ___DC C:\WINDOWS\Panther 2016-09-08 20:01 - 2016-09-08 20:01 - 00000000 ____D C:\Windows.old 2016-09-08 20:00 - 2016-09-08 20:00 - 17187328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 13867520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 13433856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 13080576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 12345344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 12174336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 09260032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmploc.DLL 2016-09-08 20:00 - 2016-09-08 20:00 - 09260032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmploc.DLL 2016-09-08 20:00 - 2016-09-08 20:00 - 05622600 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe 2016-09-08 20:00 - 2016-09-08 20:00 - 03116032 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAJApi.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 02745224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 02422784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAJApi.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 02370048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 02251432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 02095616 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2016-09-08 20:00 - 2016-09-08 20:00 - 02026496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2016-09-08 20:00 - 2016-09-08 20:00 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 01847048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 01812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 01780736 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 01694200 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 01595904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 01557296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2016-09-08 20:00 - 2016-09-08 20:00 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 01469120 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 01343928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 01176664 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 01082368 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 01066328 _____ (Microsoft Corporation) C:\WINDOWS\system32\pidgenx.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 01066096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 01062400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 01052672 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00955008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00939872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pidgenx.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00790760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00758784 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00665768 _____ (Microsoft Corporation) C:\WINDOWS\system32\GenValObj.exe 2016-09-08 20:00 - 2016-09-08 20:00 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00619368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2016-09-08 20:00 - 2016-09-08 20:00 - 00595488 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00587968 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00584032 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe 2016-09-08 20:00 - 2016-09-08 20:00 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00538112 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00529928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00526848 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\system32\w32time.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00509784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe 2016-09-08 20:00 - 2016-09-08 20:00 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00450400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys 2016-09-08 20:00 - 2016-09-08 20:00 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\das.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00435040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys 2016-09-08 20:00 - 2016-09-08 20:00 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00408600 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsmf.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00396168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00381760 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe 2016-09-08 20:00 - 2016-09-08 20:00 - 00361096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsmf.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00354264 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe 2016-09-08 20:00 - 2016-09-08 20:00 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00327680 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00321280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe 2016-09-08 20:00 - 2016-09-08 20:00 - 00313560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_WorkAccess.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe 2016-09-08 20:00 - 2016-09-08 20:00 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafpos.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpipcfg.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbvideo.sys 2016-09-08 20:00 - 2016-09-08 20:00 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00224096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys 2016-09-08 20:00 - 2016-09-08 20:00 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2016-09-08 20:00 - 2016-09-08 20:00 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tcpipcfg.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00168800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2016-09-08 20:00 - 2016-09-08 20:00 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys 2016-09-08 20:00 - 2016-09-08 20:00 - 00151224 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\slc.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00128352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys 2016-09-08 20:00 - 2016-09-08 20:00 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slc.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppc.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dasHost.exe 2016-09-08 20:00 - 2016-09-08 20:00 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncPolicy.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00077664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys 2016-09-08 20:00 - 2016-09-08 20:00 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncPolicy.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModelOOBE.exe 2016-09-08 20:00 - 2016-09-08 20:00 - 00050880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2016-09-08 20:00 - 2016-09-08 20:00 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceassociation.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00044472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe 2016-09-08 20:00 - 2016-09-08 20:00 - 00041824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SysResetErr.exe 2016-09-08 20:00 - 2016-09-08 20:00 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys 2016-09-08 20:00 - 2016-09-08 20:00 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys 2016-09-08 20:00 - 2016-09-08 20:00 - 00036168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfpmp.exe 2016-09-08 20:00 - 2016-09-08 20:00 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceassociation.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\netiougc.exe 2016-09-08 20:00 - 2016-09-08 20:00 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netiougc.exe 2016-09-08 20:00 - 2016-09-08 20:00 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanhlp.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.exe 2016-09-08 20:00 - 2016-09-08 20:00 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\spwmp.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spwmp.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdxm.ocx 2016-09-08 20:00 - 2016-09-08 20:00 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxmasf.dll 2016-09-08 20:00 - 2016-09-08 20:00 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdxm.ocx 2016-09-08 20:00 - 2016-09-08 20:00 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxmasf.dll 2016-09-08 19:57 - 2016-09-08 19:57 - 01708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll 2016-09-08 19:57 - 2016-09-08 19:57 - 01656320 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2016-09-08 19:57 - 2016-09-08 19:57 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2016-09-08 19:57 - 2016-09-08 19:57 - 01456640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2016-09-08 19:57 - 2016-09-08 19:57 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll 2016-09-08 19:57 - 2016-09-08 19:57 - 00770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll 2016-09-08 19:57 - 2016-09-08 19:57 - 00509952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll 2016-09-08 19:57 - 2016-09-08 19:57 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll 2016-09-08 19:57 - 2016-09-08 19:57 - 00389000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll 2016-09-08 19:57 - 2016-09-08 19:57 - 00297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll 2016-09-08 19:57 - 2016-09-08 19:57 - 00062816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys 2016-09-08 19:55 - 2016-09-08 19:55 - 00008192 _____ C:\WINDOWS\system32\config\userdiff 2016-09-08 19:55 - 2016-09-08 16:08 - 00000000 ____D C:\WINDOWS\ServiceProfiles 2016-09-08 19:51 - 2016-09-08 19:51 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IIS 2016-09-08 19:51 - 2016-09-08 19:51 - 00000000 ____D C:\WINDOWS\SysWOW64\BestPractices 2016-09-08 19:51 - 2016-09-08 19:51 - 00000000 ____D C:\WINDOWS\system32\msmq 2016-09-08 19:51 - 2016-09-08 19:51 - 00000000 ____D C:\WINDOWS\system32\BestPractices 2016-09-08 19:51 - 2016-09-08 19:51 - 00000000 ____D C:\Program Files\Reference Assemblies 2016-09-08 19:51 - 2016-09-08 19:51 - 00000000 ____D C:\Program Files\MSBuild 2016-09-08 19:51 - 2016-09-08 19:51 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies 2016-09-08 19:51 - 2016-09-08 19:51 - 00000000 ____D C:\inetpub 2016-09-08 19:51 - 2016-09-08 16:21 - 00000000 ____D C:\Program Files (x86)\MSBuild 2016-09-08 19:50 - 2016-05-25 15:03 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll 2016-09-08 19:50 - 2016-05-25 15:03 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2016-09-08 19:50 - 2016-05-25 15:03 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe 2016-09-08 19:49 - 2016-09-08 19:49 - 00199008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys 2016-09-08 19:49 - 2016-05-25 18:31 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll 2016-09-08 19:49 - 2016-05-25 18:31 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2016-09-08 19:49 - 2016-05-25 18:31 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe 2016-09-08 18:45 - 2016-09-08 18:45 - 00000000 ____D C:\ProgramData\Microsoft OneDrive 2016-09-08 18:37 - 2016-09-08 18:37 - 00000000 ____D C:\ProgramData\USOShared 2016-09-08 18:36 - 2016-09-08 23:05 - 00000000 ____D C:\Users\Dan\AppData\Local\ConnectedDevicesPlatform 2016-09-08 18:36 - 2016-09-08 18:36 - 00000020 ___SH C:\Users\Dan\ntuser.ini 2016-09-08 18:35 - 2016-09-08 18:35 - 00000000 _SHDL C:\Users\Default\My Documents 2016-09-08 18:35 - 2016-09-08 18:35 - 00000000 _SHDL C:\Users\Default\Documents\My Videos 2016-09-08 18:35 - 2016-09-08 18:35 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures 2016-09-08 18:35 - 2016-09-08 18:35 - 00000000 _SHDL C:\Users\Default\Documents\My Music 2016-09-08 18:35 - 2016-09-08 18:35 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos 2016-09-08 18:35 - 2016-09-08 18:35 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures 2016-09-08 18:35 - 2016-09-08 18:35 - 00000000 _SHDL C:\Users\Default User\Documents\My Music 2016-09-08 18:32 - 2016-09-08 18:34 - 00011433 _____ C:\WINDOWS\diagwrn.xml 2016-09-08 18:32 - 2016-09-08 18:34 - 00011433 _____ C:\WINDOWS\diagerr.xml 2016-09-08 18:28 - 2016-09-09 02:10 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-09-08 18:28 - 2016-09-08 20:09 - 00004146 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7754FD6A-40D6-4E51-A895-D19D89F09CA7} 2016-09-08 18:28 - 2016-09-08 18:28 - 00003560 _____ C:\WINDOWS\System32\Tasks\Open URL by RoboForm 2016-09-08 18:28 - 2016-09-08 18:28 - 00003432 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2016-09-08 18:28 - 2016-09-08 18:28 - 00003208 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2016-09-08 18:28 - 2016-09-08 18:28 - 00003164 _____ C:\WINDOWS\System32\Tasks\TechSmith Updater 2016-09-08 18:28 - 2016-09-08 18:28 - 00003088 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2016-09-08 18:28 - 2016-09-08 18:28 - 00002942 _____ C:\WINDOWS\System32\Tasks\Run RoboForm TaskBar Icon 2016-09-08 18:28 - 2016-09-08 18:28 - 00002674 _____ C:\WINDOWS\System32\Tasks\{58C9B70C-2DDF-44F7-99E2-7129893F5876} 2016-09-08 18:28 - 2016-09-08 18:28 - 00002590 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask 2016-09-08 18:28 - 2016-09-08 18:28 - 00002352 _____ C:\WINDOWS\System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} 2016-09-08 18:28 - 2016-09-08 18:28 - 00002306 _____ C:\WINDOWS\System32\Tasks\{69747253-5E66-4A83-9329-DA7A058E0BA1} 2016-09-08 18:28 - 2016-09-08 18:28 - 00002256 _____ C:\WINDOWS\System32\Tasks\{FFAE0CB4-4EC2-4BE6-9DE3-C858B4B32D7E} 2016-09-08 18:28 - 2016-09-08 18:28 - 00002244 _____ C:\WINDOWS\System32\Tasks\{7912A3F2-D477-4D53-8473-E278F26B8463} 2016-09-08 18:28 - 2016-09-08 18:28 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD 2016-09-08 18:28 - 2016-09-08 18:28 - 00000000 ____D C:\WINDOWS\System32\Tasks\SmartFTP 2016-09-08 18:28 - 2016-09-08 18:28 - 00000000 ____D C:\WINDOWS\System32\Tasks\Games 2016-09-08 18:28 - 2016-09-08 18:28 - 00000000 ____D C:\WINDOWS\System32\Tasks\COMODO 2016-09-08 18:28 - 2015-09-13 15:50 - 00000000 _____ C:\WINDOWS\System32\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82} 2016-09-08 18:28 - 2015-09-13 15:49 - 00000000 _____ C:\WINDOWS\System32\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805} 2016-09-08 16:27 - 2016-09-08 16:27 - 00001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2016-09-08 16:27 - 2016-09-08 16:27 - 00000000 ____D C:\Users\Default\AppData\Roaming\Media Center Programs 2016-09-08 16:27 - 2016-09-08 16:27 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help 2016-09-08 16:27 - 2016-09-08 16:27 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Media Center Programs 2016-09-08 16:27 - 2016-09-08 16:27 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help 2016-09-08 16:21 - 2016-09-08 16:28 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate 2016-09-08 16:21 - 2016-09-08 16:21 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines 2016-09-08 16:18 - 2016-09-08 21:53 - 00000000 ____D C:\Users\Dan 2016-09-08 16:18 - 2016-09-08 18:22 - 00000000 ____D C:\Users\DefaultAppPool 2016-09-08 16:18 - 2016-09-08 16:18 - 00000000 _SHDL C:\Users\DefaultAppPool\My Documents 2016-09-08 16:18 - 2016-09-08 16:18 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Videos 2016-09-08 16:18 - 2016-09-08 16:18 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Pictures 2016-09-08 16:18 - 2016-09-08 16:18 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Music 2016-09-08 16:18 - 2016-09-08 16:18 - 00000000 _SHDL C:\Users\Dan\My Documents 2016-09-08 16:18 - 2016-09-08 16:18 - 00000000 _SHDL C:\Users\Dan\Documents\My Videos 2016-09-08 16:18 - 2016-09-08 16:18 - 00000000 _SHDL C:\Users\Dan\Documents\My Pictures 2016-09-08 16:18 - 2016-09-08 16:18 - 00000000 _SHDL C:\Users\Dan\Documents\My Music 2016-09-08 16:16 - 2016-09-09 00:08 - 01104732 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-09-08 16:16 - 2016-09-08 16:16 - 00975840 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI 2016-09-08 16:13 - 2016-09-08 16:22 - 00000000 ____D C:\ProgramData\NVIDIA 2016-09-08 16:13 - 2016-09-08 16:13 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf 2016-09-08 16:13 - 2016-09-08 16:13 - 00000000 ____H C:\ProgramData\DP45977C.lfl 2016-09-08 16:13 - 2016-09-08 16:13 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM 2016-09-08 16:13 - 2016-09-08 16:13 - 00000000 ____D C:\WINDOWS\system32\DAX2 2016-09-08 16:13 - 2016-09-08 16:13 - 00000000 ____D C:\Program Files\Realtek 2016-09-08 16:12 - 2016-09-08 16:12 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf 2016-09-08 16:12 - 2016-09-08 16:12 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2016-09-08 16:12 - 2016-09-08 16:12 - 00000000 ____D C:\Program Files\Synaptics 2016-09-08 16:12 - 2016-09-08 16:12 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2016-09-08 16:12 - 2016-07-16 07:41 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll 2016-09-08 16:12 - 2015-10-13 13:26 - 06783280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll 2016-09-08 16:12 - 2015-10-13 13:26 - 03522168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll 2016-09-08 16:12 - 2015-10-13 13:26 - 02557616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll 2016-09-08 16:12 - 2015-10-13 13:26 - 00933168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe 2016-09-08 16:12 - 2015-10-13 13:26 - 00384176 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll 2016-09-08 16:12 - 2015-10-13 13:26 - 00062584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll 2016-09-08 16:12 - 2015-10-13 12:19 - 05972783 _____ C:\WINDOWS\system32\nvcoproc.bin 2016-09-08 16:08 - 2016-09-09 08:39 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2016-09-08 16:08 - 2016-09-08 21:58 - 00287608 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-08-31 21:44 - 2016-08-31 21:44 - 00001926 _____ C:\Users\Dan\Desktop\Swat4X.exe - Shortcut.lnk 2016-08-31 20:08 - 2016-09-08 16:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\S.W.A.T. 4 2016-08-31 20:05 - 2016-08-31 20:21 - 00000000 ____D C:\Program Files (x86)\S.W.A.T. 4 2016-08-24 23:59 - 2016-08-25 03:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-08-19 00:57 - 2016-08-19 00:57 - 00001291 _____ C:\Users\Dan\Desktop\Hyper-qt.exe - Shortcut.lnk 2016-08-18 23:45 - 2016-08-19 01:09 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Hyper 2016-08-18 13:35 - 2016-08-18 13:35 - 00000000 ___HD C:\ArcTemp 2016-08-18 13:32 - 2016-08-18 13:35 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Arc 2016-08-18 13:32 - 2016-08-18 13:32 - 00000000 ____D C:\Users\Public\Documents\Arc 2016-08-18 13:31 - 2016-09-08 16:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment 2016-08-18 13:31 - 2016-08-18 19:31 - 00000000 ____D C:\Program Files (x86)\Arc 2016-08-18 13:31 - 2016-08-18 13:31 - 00001632 _____ C:\Users\Public\Desktop\PWI.lnk 2016-08-18 13:31 - 2016-08-18 13:31 - 00001604 _____ C:\Users\Public\Desktop\Arc.lnk 2016-08-18 13:29 - 2016-08-18 13:29 - 10890128 _____ (Perfect World Entertainment) C:\Users\Dan\Downloads\ArcInstall_PWI_v20160816a.exe 2016-08-18 13:29 - 2016-08-18 13:29 - 00000000 ____D C:\Users\Dan\Downloads\Log 2016-08-18 13:26 - 2016-08-18 13:28 - 01048232 _____ (Perfect World Entertainment) C:\Users\Dan\Downloads\Pwi_ArcSetup.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-09-09 09:19 - 2015-09-13 16:01 - 01474832 _____ C:\WINDOWS\system32\Drivers\sfi.dat 2016-09-09 08:49 - 2014-12-01 09:09 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-09-09 03:16 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\appcompat 2016-09-09 02:09 - 2016-07-16 02:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI 2016-09-08 23:00 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-09-08 22:57 - 2016-07-16 07:45 - 00000000 ____D C:\WINDOWS\INF 2016-09-08 22:54 - 2015-08-22 17:52 - 00000000 __RHD C:\Users\Public\AccountPictures 2016-09-08 21:56 - 2016-07-16 07:47 - 00000000 ___SD C:\WINDOWS\system32\dsc 2016-09-08 21:56 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2016-09-08 21:56 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\lv-LV 2016-09-08 21:56 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\lt-LT 2016-09-08 21:56 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\et-EE 2016-09-08 21:56 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\es-MX 2016-09-08 21:56 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\en-GB 2016-09-08 21:55 - 2016-07-16 07:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2016-09-08 21:55 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\ShellExperiences 2016-09-08 21:55 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\Provisioning 2016-09-08 21:52 - 2016-07-16 07:49 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2016-09-08 21:52 - 2016-07-16 07:49 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2016-09-08 21:52 - 2016-07-16 07:36 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-09-08 20:06 - 2016-07-16 07:47 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template 2016-09-08 20:00 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\appraiser 2016-09-08 19:58 - 2016-07-16 07:47 - 00000000 ___HD C:\Program Files\WindowsApps 2016-09-08 19:51 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv 2016-09-08 19:51 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\inetsrv 2016-09-08 19:50 - 2016-07-16 07:44 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqsnap.dll 2016-09-08 19:50 - 2016-07-16 07:44 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqutil.dll 2016-09-08 19:50 - 2016-07-16 07:44 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.dll 2016-09-08 19:50 - 2016-07-16 07:44 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll 2016-09-08 19:50 - 2016-07-16 07:44 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqrt.dll 2016-09-08 19:50 - 2016-07-16 07:44 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.tlb 2016-09-08 19:50 - 2016-07-16 07:44 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa30.tlb 2016-09-08 19:50 - 2016-07-16 07:44 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa20.tlb 2016-09-08 19:50 - 2016-07-16 07:44 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll 2016-09-08 19:50 - 2016-07-16 07:44 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa10.tlb 2016-09-08 19:50 - 2016-07-16 07:44 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll 2016-09-08 19:50 - 2016-07-16 07:44 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe 2016-09-08 19:50 - 2016-07-16 07:44 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqcertui.dll 2016-09-08 19:50 - 2016-07-16 07:44 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll 2016-09-08 19:50 - 2016-07-16 07:44 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll 2016-09-08 19:50 - 2016-07-16 07:44 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cngkeyhelper.dll 2016-09-08 19:50 - 2016-07-16 07:44 - 00009096 _____ C:\WINDOWS\SysWOW64\msmqtrc.mof 2016-09-08 19:50 - 2016-07-16 07:43 - 01414144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll 2016-09-08 19:50 - 2016-07-16 07:43 - 00785408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsnap.dll 2016-09-08 19:50 - 2016-07-16 07:43 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqutil.dll 2016-09-08 19:50 - 2016-07-16 07:43 - 00471040 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll 2016-09-08 19:50 - 2016-07-16 07:43 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll 2016-09-08 19:50 - 2016-07-16 07:43 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.dll 2016-09-08 19:50 - 2016-07-16 07:43 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqrt.dll 2016-09-08 19:50 - 2016-07-16 07:43 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll 2016-09-08 19:50 - 2016-07-16 07:43 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll 2016-09-08 19:50 - 2016-07-16 07:43 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys 2016-09-08 19:50 - 2016-07-16 07:43 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqlogmgr.dll 2016-09-08 19:50 - 2016-07-16 07:43 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.tlb 2016-09-08 19:50 - 2016-07-16 07:43 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa30.tlb 2016-09-08 19:50 - 2016-07-16 07:43 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll 2016-09-08 19:50 - 2016-07-16 07:43 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll 2016-09-08 19:50 - 2016-07-16 07:43 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa20.tlb 2016-09-08 19:50 - 2016-07-16 07:43 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll 2016-09-08 19:50 - 2016-07-16 07:43 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll 2016-09-08 19:50 - 2016-07-16 07:43 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqbkup.exe 2016-09-08 19:50 - 2016-07-16 07:43 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll 2016-09-08 19:50 - 2016-07-16 07:43 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa10.tlb 2016-09-08 19:50 - 2016-07-16 07:43 - 00029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspperf.dll 2016-09-08 19:50 - 2016-07-16 07:43 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe 2016-09-08 19:50 - 2016-07-16 07:43 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe 2016-09-08 19:50 - 2016-07-16 07:43 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspperf.dll 2016-09-08 19:50 - 2016-07-16 07:43 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll 2016-09-08 19:50 - 2016-07-16 07:43 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe 2016-09-08 19:50 - 2016-07-16 07:43 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe 2016-09-08 19:50 - 2016-07-16 07:43 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe 2016-09-08 19:50 - 2016-07-16 07:43 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcertui.dll 2016-09-08 19:50 - 2016-07-16 07:43 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll 2016-09-08 19:50 - 2016-07-16 07:43 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll 2016-09-08 19:50 - 2016-07-16 07:43 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\cngkeyhelper.dll 2016-09-08 19:50 - 2016-07-16 07:43 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll 2016-09-08 19:50 - 2016-07-16 07:43 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll 2016-09-08 19:50 - 2016-07-16 07:43 - 00009096 _____ C:\WINDOWS\system32\msmqtrc.mof 2016-09-08 19:50 - 2016-07-16 07:43 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll 2016-09-08 19:50 - 2016-07-16 07:43 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll 2016-09-08 19:50 - 2016-07-16 07:43 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnlobby.dll 2016-09-08 19:50 - 2016-07-16 07:43 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnaddr.dll 2016-09-08 19:50 - 2016-07-16 07:43 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnlobby.dll 2016-09-08 19:50 - 2016-07-16 07:43 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnaddr.dll 2016-09-08 19:36 - 2015-08-22 17:52 - 00000000 ____D C:\Users\Dan\AppData\Local\Packages 2016-09-08 19:28 - 2015-12-04 03:58 - 00000258 __RSH C:\ProgramData\ntuser.pol 2016-09-08 18:46 - 2015-08-22 18:00 - 00002409 _____ C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-09-08 18:46 - 2015-08-22 18:00 - 00000000 ___RD C:\Users\Dan\OneDrive 2016-09-08 18:45 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\rescache 2016-09-08 18:37 - 2016-07-16 07:47 - 00000000 ____D C:\ProgramData\USOPrivate 2016-09-08 18:32 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase 2016-09-08 18:32 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\Registration 2016-09-08 18:32 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated 2016-09-08 18:28 - 2015-08-22 17:36 - 00022840 _____ C:\WINDOWS\system32\emptyregdb.dat 2016-09-08 18:27 - 2016-07-16 07:47 - 00000000 __RSD C:\WINDOWS\Media 2016-09-08 18:27 - 2016-07-16 07:47 - 00000000 __RHD C:\Users\Public\Libraries 2016-09-08 16:28 - 2016-07-16 19:25 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LINE 2016-09-08 16:28 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\ModemLogs 2016-09-08 16:28 - 2016-07-16 07:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2016-09-08 16:28 - 2016-06-19 07:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2016-09-08 16:28 - 2016-05-13 14:58 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Uthgard 2016-09-08 16:28 - 2016-04-04 22:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake 2016-09-08 16:28 - 2016-03-16 19:42 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Nox 2016-09-08 16:28 - 2016-02-28 17:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader 2016-09-08 16:28 - 2016-02-23 09:50 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2016-09-08 16:28 - 2016-02-23 09:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2016-09-08 16:28 - 2016-01-07 20:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Second Life Viewer 2016-09-08 16:28 - 2016-01-05 13:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy 2016-09-08 16:28 - 2016-01-04 14:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Andy 2016-09-08 16:28 - 2016-01-04 14:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware 2016-09-08 16:28 - 2015-12-17 14:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie 2016-09-08 16:28 - 2015-12-10 13:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Altab Holdem 2016-09-08 16:28 - 2015-11-29 15:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Port Scanner v2 2016-09-08 16:28 - 2015-11-27 01:57 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nmap 2016-09-08 16:28 - 2015-11-16 18:12 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Telegram Desktop 2016-09-08 16:28 - 2015-11-14 02:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GSA Search Engine Ranker 2016-09-08 16:28 - 2015-11-12 18:23 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Article Submitter 2016-09-08 16:28 - 2015-10-30 05:07 - 00000000 ____D C:\WINDOWS\ShellNew 2016-09-08 16:28 - 2015-10-26 04:34 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cyberfetch 2016-09-08 16:28 - 2015-10-25 03:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox 2016-09-08 16:28 - 2015-10-23 17:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SL Genie 2016-09-08 16:28 - 2015-10-21 20:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Writer 2016-09-08 16:28 - 2015-10-15 12:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Technitium MAC Address Changer v6 2016-09-08 16:28 - 2015-10-13 19:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartFTP Client 2016-09-08 16:28 - 2015-09-29 18:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware 2016-09-08 16:28 - 2015-09-27 21:09 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CoffeeCup Software 2016-09-08 16:28 - 2015-09-21 02:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warships 2016-09-08 16:28 - 2015-09-15 02:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite 2016-09-08 16:28 - 2015-08-23 15:15 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Litecoin Core 2016-09-08 16:28 - 2015-08-16 19:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spellcraft Calculator 2016-09-08 16:28 - 2015-08-01 18:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Moras Equipment Planer 2016-09-08 16:28 - 2015-07-28 22:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars 2016-09-08 16:28 - 2015-07-18 22:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManyCam 2016-09-08 16:28 - 2015-06-16 16:02 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Camfrog Video Chat 2016-09-08 16:28 - 2015-06-04 18:13 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps 2016-09-08 16:28 - 2015-06-04 18:11 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome 2016-09-08 16:28 - 2015-05-26 23:56 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paltalk Messenger 2016-09-08 16:28 - 2015-05-09 18:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4K Download 2016-09-08 16:28 - 2015-05-03 17:34 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HunterCoin 2016-09-08 16:28 - 2015-04-09 15:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm 2016-09-08 16:28 - 2015-04-05 20:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech 2016-09-08 16:28 - 2015-04-02 15:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USB Scale PC Program 2016-09-08 16:28 - 2015-03-30 21:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2016-09-08 16:28 - 2015-03-02 13:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2016-09-08 16:28 - 2015-02-24 21:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Sitemap Generator 2016-09-08 16:28 - 2015-02-18 01:32 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2016-09-08 16:28 - 2015-02-11 19:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2016-09-08 16:28 - 2015-02-11 02:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC 2016-09-08 16:28 - 2015-02-09 17:45 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paycoin 2016-09-08 16:28 - 2014-12-12 16:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ KillDisk 9.1 2016-09-08 16:28 - 2014-12-01 09:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-09-08 16:28 - 2014-11-24 15:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MultiBit 2016-09-08 16:28 - 2014-11-23 16:08 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Peerunity 2016-09-08 16:28 - 2014-11-23 16:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quark 2016-09-08 16:28 - 2014-11-23 16:01 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Primecoin 2016-09-08 16:28 - 2014-11-23 16:00 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Litecoin 2016-09-08 16:28 - 2014-11-22 10:20 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dogecoin Core 2016-09-08 16:28 - 2014-11-15 18:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OE Classic 2016-09-08 16:28 - 2014-11-15 18:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn 2016-09-08 16:28 - 2014-11-13 08:59 - 00000000 ____D C:\ProgramData\regid.1995-08.com.techsmith 2016-09-08 16:28 - 2014-11-13 08:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith 2016-09-08 16:28 - 2014-10-19 23:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eyeball Chat 2016-09-08 16:28 - 2014-10-12 19:32 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitcoin Core 2016-09-08 16:28 - 2014-10-12 19:15 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2016-09-08 16:28 - 2014-10-12 19:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2016-09-08 16:28 - 2014-10-12 17:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PdaNet for Android 2016-09-08 16:28 - 2014-10-10 21:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toshiba Online Backup 2016-09-08 16:28 - 2014-10-10 21:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2016-09-08 16:28 - 2014-10-10 21:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA DVD PLAYER 2016-09-08 16:28 - 2014-10-10 21:30 - 00000000 ____D C:\WINDOWS\system32\tr 2016-09-08 16:28 - 2014-10-10 21:30 - 00000000 ____D C:\WINDOWS\system32\sv 2016-09-08 16:28 - 2014-10-10 21:30 - 00000000 ____D C:\WINDOWS\system32\sk 2016-09-08 16:28 - 2014-10-10 21:30 - 00000000 ____D C:\WINDOWS\system32\ru 2016-09-08 16:28 - 2014-10-10 21:30 - 00000000 ____D C:\WINDOWS\system32\pt 2016-09-08 16:28 - 2014-10-10 21:30 - 00000000 ____D C:\WINDOWS\system32\pl 2016-09-08 16:28 - 2014-10-10 21:30 - 00000000 ____D C:\WINDOWS\system32\no 2016-09-08 16:28 - 2014-10-10 21:30 - 00000000 ____D C:\WINDOWS\system32\nl 2016-09-08 16:28 - 2014-10-10 21:30 - 00000000 ____D C:\WINDOWS\system32\it 2016-09-08 16:28 - 2014-10-10 21:30 - 00000000 ____D C:\WINDOWS\system32\hu 2016-09-08 16:28 - 2014-10-10 21:30 - 00000000 ____D C:\WINDOWS\system32\fr 2016-09-08 16:28 - 2014-10-10 21:30 - 00000000 ____D C:\WINDOWS\system32\fi 2016-09-08 16:28 - 2014-10-10 21:30 - 00000000 ____D C:\WINDOWS\system32\es 2016-09-08 16:28 - 2014-10-10 21:30 - 00000000 ____D C:\WINDOWS\system32\el 2016-09-08 16:28 - 2014-10-10 21:30 - 00000000 ____D C:\WINDOWS\system32\de 2016-09-08 16:28 - 2014-10-10 21:30 - 00000000 ____D C:\WINDOWS\system32\da 2016-09-08 16:28 - 2014-10-10 21:30 - 00000000 ____D C:\WINDOWS\system32\cs 2016-09-08 16:28 - 2014-10-10 21:16 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel 2016-09-08 16:28 - 2014-10-10 21:03 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016-09-08 16:28 - 2014-10-10 20:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works 2016-09-08 16:28 - 2014-10-10 20:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Genesis Launcher 2016-09-08 16:28 - 2009-12-12 02:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live 2016-09-08 16:28 - 2009-12-12 02:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My Toshiba 2016-09-08 16:28 - 2009-12-12 02:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA 2016-09-08 16:28 - 2009-07-14 01:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2016-09-08 16:27 - 2015-10-30 02:28 - 00000000 ____D C:\Users\Default.migrated 2016-09-08 16:22 - 2016-07-16 10:15 - 00000000 ____D C:\WINDOWS\OCR 2016-09-08 16:22 - 2016-07-16 10:14 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep 2016-09-08 16:22 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed 2016-09-08 16:22 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\SysWOW64\IME 2016-09-08 16:22 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\spool 2016-09-08 16:22 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\oobe 2016-09-08 16:22 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\NDF 2016-09-08 16:22 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\Macromed 2016-09-08 16:22 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\IME 2016-09-08 16:22 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\schemas 2016-09-08 16:22 - 2016-06-17 13:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos 2016-09-08 16:22 - 2015-12-24 22:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows 2016-09-08 16:22 - 2015-10-07 15:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits 2016-09-08 16:22 - 2015-09-29 21:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com 2016-09-08 16:22 - 2015-05-15 14:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung 2016-09-08 16:22 - 2014-11-15 23:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ooVoo 2016-09-08 16:22 - 2014-10-11 15:16 - 00000000 ____D C:\WINDOWS\system32\SPReview 2016-09-08 16:22 - 2014-10-11 15:16 - 00000000 ____D C:\WINDOWS\system32\EventProviders 2016-09-08 16:22 - 2014-10-10 21:22 - 00000000 ____D C:\WINDOWS\SysWOW64\sda 2016-09-08 16:22 - 2014-10-10 19:48 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-09-08 16:22 - 2009-07-14 03:44 - 00000000 ___RD C:\Users\Public\Recorded TV 2016-09-08 16:21 - 2016-07-16 07:47 - 00000000 __SHD C:\Program Files\Windows Sidebar 2016-09-08 16:21 - 2016-07-16 07:47 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar 2016-09-08 16:21 - 2016-07-16 07:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2016-09-08 16:21 - 2015-09-13 16:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo Security Solutions Inc 2016-09-08 16:21 - 2015-09-13 15:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo 2016-09-08 16:21 - 2015-04-28 00:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON 2016-09-08 16:21 - 2015-03-27 13:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnalogX 2016-09-08 16:21 - 2014-10-10 21:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby 2016-09-08 16:21 - 2009-12-12 02:19 - 00000000 ____D C:\Program Files (x86)\Intel 2016-09-08 16:21 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Microsoft Games 2016-09-08 16:21 - 2009-07-13 23:20 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy 2016-09-08 16:20 - 2016-04-04 22:35 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake 2016-09-08 16:20 - 2016-01-04 14:18 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Andy 2016-09-08 16:20 - 2015-09-15 03:25 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sierra 2016-09-08 16:20 - 2014-10-10 20:07 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Electronic Arts 2016-09-08 16:16 - 2016-07-16 02:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep 2016-09-08 16:14 - 2016-07-16 07:47 - 00000000 ___RD C:\WINDOWS\PrintDialog 2016-09-08 16:14 - 2016-07-16 07:47 - 00000000 ___RD C:\WINDOWS\MiracastView 2016-09-08 16:12 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\Help 2016-09-02 16:20 - 2015-09-28 14:25 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-09-02 16:10 - 2016-07-16 11:17 - 00000000 ___HD C:\$WINDOWS.~BT 2016-09-02 15:47 - 2015-09-28 14:25 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-09-01 14:33 - 2015-03-30 20:51 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2016-09-01 14:26 - 2014-11-05 01:37 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Skype 2016-08-31 20:23 - 2009-12-12 02:22 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2016-08-31 20:20 - 2014-11-13 12:14 - 00000000 ____D C:\Users\Dan\AppData\Local\CrashDumps 2016-08-31 20:04 - 2014-10-12 19:43 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Azureus 2016-08-31 18:54 - 2015-07-18 22:41 - 00000000 ____D C:\Users\Dan\AppData\Local\ManyCam 2016-08-31 14:53 - 2016-07-16 19:26 - 00001253 _____ C:\Users\Dan\Desktop\LINE.lnk 2016-08-31 08:26 - 2014-11-14 13:17 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2016-08-31 02:08 - 2015-12-12 14:11 - 00001051 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk 2016-08-31 02:08 - 2015-12-12 14:11 - 00001039 _____ C:\Users\Public\Desktop\TeamViewer 11.lnk 2016-08-29 07:08 - 2014-10-14 23:11 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Camfrog 2016-08-28 16:30 - 2014-10-10 18:28 - 00000000 ____D C:\Program Installers 2016-08-27 22:22 - 2015-11-16 18:12 - 00000000 ____D C:\Users\Dan\AppData\Roaming\Telegram Desktop 2016-08-26 00:44 - 2016-03-16 19:43 - 00000000 ____D C:\Users\Dan\.BigNox 2016-08-26 00:44 - 2016-03-16 19:39 - 00000000 ____D C:\Users\Dan\AppData\Local\Nox 2016-08-25 09:20 - 2014-10-10 19:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-08-23 20:28 - 2015-07-19 12:12 - 00000000 ____D C:\Users\Dan\AppData\Roaming\vlc 2016-08-19 00:52 - 2016-02-23 09:04 - 00000000 ____D C:\Program Files (x86)\Steam 2016-08-18 23:45 - 2014-12-01 22:11 - 00000000 ____D C:\ProgramData\boost_interprocess 2016-08-17 13:58 - 2015-02-28 14:32 - 00000000 ____D C:\Program Files (x86)\betternet 2016-08-12 11:02 - 2014-10-10 19:48 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-08-10 16:30 - 2014-10-12 19:42 - 00000000 ____D C:\Program Files (x86)\Vuze ==================== Files in the root of some directories ======= 2016-09-08 16:13 - 2016-09-08 16:13 - 0000000 ____H () C:\ProgramData\DP45977C.lfl ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-09-08 16:08 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016 Ran by Dan (09-09-2016 09:29:17) Running from C:\Users\Dan\Desktop Windows 10 Home Version 1607 (X64) (2016-09-08 22:35:44) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3476291681-2796092440-1313146854-500 - Administrator - Disabled) Dan (S-1-5-21-3476291681-2796092440-1313146854-1000 - Administrator - Enabled) => C:\Users\Dan DefaultAccount (S-1-5-21-3476291681-2796092440-1313146854-503 - Limited - Disabled) Guest (S-1-5-21-3476291681-2796092440-1313146854-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3476291681-2796092440-1313146854-1004 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: COMODO Antivirus (Enabled - Up to date) {D0CC7563-ABD2-DEBE-138E-FDD553335AF2} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 4K Video Downloader 4.1 (HKLM-x32\...\4K Video Downloader_is1) (Version: 4.1.1.2070 - Open Media LLC) 4K YouTube to MP3 3.0 (HKLM-x32\...\4K YouTube to MP3_is1) (Version: 3.0.1.1636 - Open Media LLC) Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated) Advanced Port Scanner 2.4 (HKLM-x32\...\{10F177CF-543F-4BC2-A297-DBF73709D3C5}) (Version: 2.4.2750 - Famatech) Altab Holdem (HKLM-x32\...\{695711E4-63F7-4B08-92FF-23980F3276AF}) (Version: 1.40 - Altabsoft) AnalogX Proxy (HKLM-x32\...\AnalogX Proxy_is1) (Version: 4.15 - AnalogX, LLC) Andy OS (HKLM\...\Andy OS) (Version: 0.45.5.0 - Andy OS, Inc) Andy OS (HKLM-x32\...\ANDY OS) (Version: 1.1 - andyroid.net) Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9668 - Perfect World Entertainment) Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros) Betternet (HKLM-x32\...\Betternet) (Version: - ) Bitcoin Core (64-bit) (HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\...\Bitcoin Core (64-bit)) (Version: 0.12.0 - Bitcoin Core project) Camfrog Video Chat 6.11 (HKLM-x32\...\Camfrog) (Version: 6.11.549 - Camshare, Inc.) CoffeeCup Free FTP (HKLM-x32\...\{66F43DBE-6D46-4BCE-831D-0D4C13639BE8}) (Version: 4.5.20 - CoffeeCup Software Inc.) Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Cyberfetch 3.0.2 Demo (HKLM-x32\...\Cyberfetch_2.0.5) (Version: 3.0.2 Demo - ECKI.Com) DAoC Portal (HKLM-x32\...\{EC9359B3-2548-4DB1-B322-6D71A17501F9}) (Version: 2.8.2 - Dawn of Light) Dark Age of Camelot (HKLM-x32\...\Dark Age of Camelot) (Version: - Electronic Arts) Dogecoin Core (32-bit) (HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\...\Dogecoin Core (32-bit)) (Version: 1.8.0 - Dogecoin project) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) Eyeball Chat (HKLM-x32\...\{FDE9FAF8-E1EA-4EBC-A10C-A730F45C7258}) (Version: 58.26.1 - Eyeball Networks) Fiddler (HKLM-x32\...\Fiddler2) (Version: 4.5.0.0 - Telerik) Firefox Developer Edition 50.0a2 (x86 en-US) (HKLM-x32\...\Firefox Developer Edition 50.0a2 (x86 en-US)) (Version: 50.0a2 - Mozilla) Foundstone Hash Calculator (Fiddler Extension) (HKLM-x32\...\{D206D869-2C99-4E36-8B87-7BDEC994999D}) (Version: 1.0.0 - Foundstone Inc., A Division Of McAfee) Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 3.6.122.702 - Foxit Software Inc.) Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.3.0.118 - Foxit Software Inc.) Freemake YouTube To MP3 Boom (HKLM-x32\...\Freemake YouTube To MP3 Boom_is1) (Version: 1.0.4 - Ellora Assets Corporation) GameRanger (HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\...\GameRanger) (Version: - GameRanger Technologies) Genesis version Genesis Launcher 1.009 (HKLM-x32\...\{975e7799-c584-47f0-9c12-c1551f3e95f2}_is1) (Version: Genesis Launcher 1.009 - Pawel D. alias Laplume for Genesis.) Genesis version Patch (HKLM-x32\...\{9db86e9a-0b05-4202-a76c-5a795f698408}_is1) (Version: Patch - Pawel D. alias Laplume for Genesis.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.) Google Sitemap Generator (Beta) (HKLM-x32\...\{D2B963D9-9957-452C-BEB3-DA0FD7F9DA16}) (Version: 1.0.0 - Google) Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google) Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden Grand Theft Auto V v.1.0.350.1 (HKLM-x32\...\Grand Theft Auto V_is1) (Version: - ) HitLeap Viewer 2.8 (HKLM-x32\...\{31B12C11-AE4E-479F-8D6D-242DC265368D}) (Version: 2.8 - HitLeap Ltd.) HunterCoin (HKLM-x32\...\{9845CAD9-BF76-4F22-A437-FF33990B0CCB}) (Version: 1.2.0.0 - HunterCoin) ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!) Installer (x32 Version: 1.0.0 - Sierra Entertainment, Inc.) Hidden Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.00.01.1002 - Intel Corporation) Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation) Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden Kort's Spellcraft Calculator (HKLM-x32\...\{B2163962-BFD2-4187-8B47-D9B24737DFD7}) (Version: 2.00 - kscraft project) LINE (HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\...\LINE) (Version: 4.8.3.1130 - LINE Corporation) Litecoin Core (64-bit) (HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\...\Litecoin Core (64-bit)) (Version: 0.10.4.0 - Litecoin Core project) Logitech QuickCam Software (HKLM-x32\...\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}) (Version: 8.47.0000 - Logitech, Inc.) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) ManyCam 4.1.0 (HKLM-x32\...\ManyCam) (Version: 4.1.0 - Visicom Media Inc.) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: - ) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation) Moras Equipment Planer (HKLM-x32\...\{8A33CE67-80FB-4469-9ED1-E5D116391F68}_is1) (Version: 2.4 - McKenna) Mozilla Firefox 48.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 48.0.2 (x86 en-US)) (Version: 48.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.0a2 - Mozilla) MPC-HC 1.7.7 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.7 - MPC-HC Team) MultiBit 0.5.18 (HKLM-x32\...\MultiBit 0.5.18) (Version: 0.5.18 - ) MultiTool V2 (HKLM-x32\...\MultiTool V2) (Version: 2.0.2.7 - ) Nmap 7.00 (HKLM-x32\...\Nmap) (Version: - ) Nox APP Player (HKLM-x32\...\Nox) (Version: 3.1.0.0 - Duodian Technology Co. Ltd.) OE Classic 2.1 (HKLM-x32\...\OEClassic) (Version: 2.1 - OE Classic) ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 3.6.5001 - ooVoo LLC.) OpenVPN 2.3.9-I601 (HKLM\...\OpenVPN) (Version: 2.3.9-I601 - ) Oracle VM VirtualBox 5.0.8 (HKLM\...\{C1B8ECDB-4DB0-47ED-B9CE-61638F876B0F}) (Version: 5.0.8 - Oracle Corporation) Paltalk Messenger 11.6 (HKLM-x32\...\Paltalk Messenger) (Version: 11.6.607.17218 - AVM Software Inc.) Paycoin (HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\...\Paycoin) (Version: 0.1.2.26 - Paycoin project) PdaNet+ for Android 4.15 (HKLM-x32\...\PdaNet_is1) (Version: - June Fabrics Technology Inc) Peerunity (HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\...\Peerunity) (Version: 0.1.1.0 - Peerunity project) PokerStars (HKLM-x32\...\PokerStars) (Version: - PokerStars) ProfitCoin 1.1 (HKLM-x32\...\ProfitCoin 1.1) (Version: 1.1 - Hashprofit) Quark wallet (HKLM-x32\...\Quark wallet) (Version: - ) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0008 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.) Realtek WLAN Driver (HKLM-x32\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek) RICOH R5U230 Media Driver ver.2.06.03.02 (HKLM-x32\...\{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}) (Version: 2.06.03.02 - RICOH) RoboForm 7-9-21-5 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-21-5 - Siber Systems) RuneScape Launcher 1.2.7 (HKLM-x32\...\{FA52A2D0-298E-4D40-8BB7-39928627EA6A}) (Version: 1.2.7 - Jagex Ltd) S.W.A.T. 4 (HKLM-x32\...\S.W.A.T. 4_is1) (Version: - ) Safelist Genie version 1 (HKLM-x32\...\Safelist Genie_is1) (Version: 1 - ) Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16044.2 - Samsung Electronics Co., Ltd.) Samsung Kies3 (x32 Version: 3.2.16044.2 - Samsung Electronics Co., Ltd.) Hidden Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.) Sandboxie 4.12 (64-bit) (HKLM\...\Sandboxie) (Version: 4.12 - Sandboxie Holdings, LLC) SecondLifeViewer (HKLM-x32\...\SecondLifeViewer) (Version: 4.0.0.309247 - Linden Research, Inc.) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation) Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation) Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.) SmartFTP Client Setup Files 4.0 (x64) (remove only) (HKLM-x32\...\SmartFTP Client 4.0 (x64) Setup Files) (Version: 4.0 - SmartSoft Ltd) Snagit 12 (HKLM-x32\...\{979028FC-2DBF-4BB4-A9EC-4627A9D63D50}) (Version: 12.2.2 - TechSmith Corporation) Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.5 - Sophos Limited) Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) SWAT 4 - The Stetchkov Syndicate (HKLM-x32\...\InstallShield_{97E12F84-C033-4DA2-97D2-F540C3E292EA}) (Version: 1.0.0 - Sierra Entertainment, Inc.) SWAT 4 (HKLM-x32\...\InstallShield_{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}) (Version: 1.0.31763 - Sierra Entertainment, Inc.) SWAT 4 (x32 Version: 1.0.31763 - Sierra Entertainment, Inc.) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.10.0 - Synaptics Incorporated) TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - ) TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.65452 - TeamViewer) Technitium MAC Address Changer v6.0 (HKLM-x32\...\TMACv6.0) (Version: 6.0 - Technitium) Telegram Desktop version 0.9.32 (HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 0.9.32 - Telegram Messenger LLP) Toshiba Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.0.9 - Toshiba) TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.1.07-A - TOSHIBA Corporation) TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.1.12.64 - TOSHIBA Corporation) TOSHIBA Extended Tiles for Windows Mobility Center (HKLM-x32\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: - ) TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation) TOSHIBA Hardware Setup (HKLM-x32\...\{D0387727-C89D-4774-B643-B9333EAA09DE}) (Version: 2.00.15 - TOSHIBA Corporation) TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.65 - TOSHIBA CORPORATION) Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.38 - Toshiba) TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.1 - TOSHIBA) TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{5BCC94A1-DEF1-4AB4-8046-BC13048E929A}) (Version: 1.5.07.64 - TOSHIBA Corporation) TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA) TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - ) TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version: - ) TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version: - ) TOSHIBA Supervisor Password (HKLM-x32\...\{A208044D-A88B-4ACF-AE95-E4F213E6EDC0}) (Version: 2.00.11 - TOSHIBA Corporation) TOSHIBA USB Sleep and Charge Utility (HKLM-x32\...\{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}) (Version: 1.3.2.0 - TOSHIBA Corporation) TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.2.32.64 - TOSHIBA Corporation) TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.7 - TOSHIBA Corporation) ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.3 - Toshiba) Unity Web Player (HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\...\UnityWebPlayer) (Version: 5.3.1f1 - Unity Technologies ApS) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) USB Scale PC Program Version 1.10 (HKLM-x32\...\USB Scale PC Program_is1) (Version: 1.1.0 - Xiamen Elane Electronics Company Ltd.) Uthgard Launcher (HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\...\Uthgard Launcher) (Version: 1.00.00.00 - Uthgard) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.0 - VideoLAN) VMware Player (Version: 6.0.7 - VMware, Inc.) Hidden VMware VIX (HKLM-x32\...\{F99FC179-EA67-4BBC-8955-BDDA0CB94B88}) (Version: 1.13.7.62285 - VMware, Inc.) Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.6.0.0 - Azureus Software, Inc.) Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers) Windows Driver Package - BigNox Corporation (VBoxUSB) USB (09/16/2015 4.3.12) (HKLM\...\76B144D15273552931249392EDB13C0BBD52C84E) (Version: 09/16/2015 4.3.12 - BigNox Corporation) Windows Driver Package - BigNox Corporation VBoxUSBMon System (09/16/2015 4.3.12) (HKLM\...\39F54A37125643D2E1E90FA7D81F36ACC9441510) (Version: 09/16/2015 4.3.12 - BigNox Corporation) Windows Driver Package - BigNox Corporation XQHDrv System (09/16/2015 4.3.12) (HKLM\...\0147813640F7AF69F569581EE672B6BE1E71798E) (Version: 09/16/2015 4.3.12 - BigNox Corporation) Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation) Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation) Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation) Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation) WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies) WinSCP 5.7.3 (HKLM-x32\...\winscp3_is1) (Version: 5.7.3 - Martin Prikryl) World of Warships (HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C814na}_is1) (Version: - Wargaming.net) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3476291681-2796092440-1313146854-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Dan\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\FileCoAuth.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3476291681-2796092440-1313146854-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Dan\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-3476291681-2796092440-1313146854-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Dan\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File CustomCLSID: HKU\S-1-5-21-3476291681-2796092440-1313146854-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Dan\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0192B5B9-AFFB-44E3-B966-46B0B6967F99} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe Task: {022E74B1-841D-4299-8D0E-D4D356EFEC4F} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe Task: {0C93139E-9671-46BE-A7D6-C1D0D661DA0E} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe Task: {0E0F9BD2-34D0-47EC-9481-2D8390440323} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-07-11] (COMODO) Task: {188BE237-3573-48D5-8C72-0A5151642C19} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2014-07-31] (TechSmith Corporation) Task: {207A9441-30AE-47E0-A2F9-D29A8E0F6648} - System32\Tasks\{69747253-5E66-4A83-9329-DA7A058E0BA1} => pcalua.exe -a C:\Users\Dan\Downloads\TCA0027600J_os2010160b_64(1).exe -d C:\Users\Dan\Downloads Task: {22452AD0-861C-40E1-937E-FBC7E2B5440D} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe Task: {3419BAF7-234B-4E4C-AC60-9FA3012B4AA4} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe Task: {3B462A03-4740-454A-99C3-D2B2A6FA7BE5} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe Task: {4477695B-E2C7-4191-BA29-B2A91EE804F3} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK Task: {4AA9D3DD-7979-4DE2-B866-7DAA5AFB232D} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {61D8982A-6D4E-437C-8FFA-7B5D72BC333A} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe Task: {6AF11C3D-418B-4854-ADF1-292B84782B9B} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe Task: {7122597C-72AA-4FB8-ACD6-3710295E315C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-28] (Google Inc.) Task: {71933A55-26C8-4A39-8F41-23D1F79E5095} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe Task: {7207A0B8-0334-4A3D-9A46-14F34404A71D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-08-12] (Microsoft Corporation) Task: {7371444D-C41F-4524-9400-220330CA7CDC} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe Task: {7AAADE0B-7962-401A-93FD-DB9AF9C56C92} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-12] (Adobe Systems Incorporated) Task: {8455EE72-3397-45D0-A1BD-65590D05F627} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe Task: {84C4D5DA-5F96-4C67-9AC3-235631944FF7} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {90359CF7-E9B2-4EAE-9061-B210CA758877} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-07-11] (COMODO) Task: {9F3B8EEC-62FC-4181-8E39-2BE281090FFA} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe Task: {A0D1A882-C427-445C-BC1B-C484B7E4B68F} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-07-11] (COMODO) Task: {A459C5E0-1993-4F7E-8022-3716095E41D0} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {A880DC7D-361A-4552-9DBA-3EF100D4B00F} - System32\Tasks\{FFAE0CB4-4EC2-4BE6-9DE3-C858B4B32D7E} => pcalua.exe -a "C:\Program Files (x86)\Itibiti Soft Phone\unins000.exe" Task: {A9FE1D60-ECB5-4729-8AFD-02014808FBF7} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-07-11] (COMODO) Task: {AE48AF7B-8C65-4E51-9D55-5552199C11F7} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-07-11] (COMODO) Task: {B1FD145D-D653-4C48-88AE-36A8E32B9879} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-07-11] (COMODO) Task: {B6F2DC6A-6A18-49A3-A2B3-70D53A84E1B1} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe Task: {B86838E9-52A8-47AE-9507-87CC4E928AAC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-28] (Google Inc.) Task: {C44702E3-4ACB-4A6E-97C2-1FE792F6F0FA} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMPMJMJJOMNMOJKMJMCNNMKJMMMJCNLMOJNJKMCNGMKMMJOMCNKJNMHMNJMMOMMMMMKMPMLMNJJNJICMIMCNGMCNNMOMFMOMOMCNKMLMKMCNOMPMKMHMJMFMPMCNPMCNOMPMKMHMJMCNNMJNPICMOMFMEKMICNJJCKFMKMOMNMJNHICMEKMICNJJCKJNBJCMLLOJBJJNKJCMJNNICMJNDJCMKJBJJNMJCM (the data entry has 49 more characters). Task: {CF1E6585-C460-41B0-B55F-5E7B22959BC3} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe Task: {CFA8336C-029A-48A3-B1E6-2538EB941CE8} - System32\Tasks\{58C9B70C-2DDF-44F7-99E2-7129893F5876} => pcalua.exe -a "C:\Users\Dan\Desktop\IPAD unlock\doulCi™ iCloud Activator V2\DoulCi™ Activator Official For Windows v2.0.14\iCloud Bypass Doulci Activator Setup.exe" -d "C:\Users\Dan\Desktop\IPAD unlock\doulCi™ iCloud Activator V2\DoulCi™ Activator Official For Windows v2.0.14" Task: {D46C5443-75C3-4F7E-9633-A6FB2198E213} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe Task: {DB3D845E-6A60-45AC-BF77-0705E4750C63} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe Task: {E0ADF1AC-5EF1-46AC-A9C7-7480CB5B3704} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {E1292DDC-289D-47BE-869E-BCAC023152A5} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2016-09-02] (Siber Systems) Task: {EB157855-4677-4553-B42A-2EC34B4E70D1} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe Task: {F387C2C7-47D2-4B3A-91D6-838C1092DE29} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {FCAA4DCD-C484-48E8-9A72-4FEF61B5D7ED} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {FF486AF9-BE87-4B87-86B6-3853CE87759B} - System32\Tasks\{7912A3F2-D477-4D53-8473-E278F26B8463} => Firefox.exe hxxp://ui.skype.com/ui/0/7.14.0.106/en/go/help.faq.installer?LastError=1603 (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) Shortcut: C:\Users\Dan\AppData\Local\Microsoft\Windows\GameExplorer\{37E7AB68-5689-4AD2-81B8-547AC886760A}\SupportTasks\0\More Games from Microsoft.lnk -> hxxp://www.guildwars.com/ ShortcutWithArgument: C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome RDP for Google Cloud Platform (1).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=mpbbnannobiobpnfblimoapbephgifkm ==================== Loaded Modules (Whitelisted) ============== 2016-07-16 07:42 - 2016-07-16 07:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-07-16 07:42 - 2016-07-16 07:42 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-09-08 16:12 - 2015-10-13 13:26 - 00125616 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2015-01-08 23:02 - 2016-03-16 06:25 - 00073912 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav 2016-07-16 07:42 - 2016-07-16 07:42 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll 2016-09-08 18:46 - 2016-09-08 18:46 - 00959168 _____ () C:\Users\Dan\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\ClientTelemetry.dll 2016-07-16 07:42 - 2016-07-16 07:42 - 00130048 _____ () C:\WINDOWS\SYSTEM32\CHARTV.dll 2016-07-16 07:42 - 2016-07-16 07:42 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2016-07-16 07:43 - 2016-07-16 07:43 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2016-07-16 07:43 - 2016-07-16 10:27 - 09761280 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 01401344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-07-16 07:43 - 2016-07-16 10:27 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2016-07-16 07:43 - 2016-07-16 10:27 - 01033728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2016-09-08 21:43 - 2016-09-08 21:43 - 02438144 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-09-08 21:44 - 2016-09-08 21:44 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-07-16 07:43 - 2016-07-16 10:27 - 04046848 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Signals.dll 2016-07-16 07:43 - 2016-07-16 10:27 - 01475584 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.IntentExtraction.dll 2014-10-11 14:06 - 2014-10-11 14:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\WINDOWS\system32\aclui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AppXApplicabilityBlob.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentServer.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\AudioSes.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\audiosrv.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\bcastdvr.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\CastLaunch.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\cdd.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Chakra.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Chakradiag.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Chakrathunk.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ClipboardServer.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ClipUp.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\CloudExperienceHostUser.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\clusapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\combase.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\CredProvDataModel.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\C_G18030.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\c_GSM7.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\C_IS2022.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3D12.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_37.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_38.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_39.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_40.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_41.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_42.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_43.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dcsx_42.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dcsx_43.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx10_37.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\d3dx10_38.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx10_39.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx10_40.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx10_41.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx10_42.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx10_43.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx11_42.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\d3dx11_43.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DX9_37.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\D3DX9_38.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DX9_39.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DX9_40.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DX9_41.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DX9_42.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\D3DX9_43.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\delegatorprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DscCore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\DscCoreConfProv.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\dwmcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\edgehtml.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\encapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\esxcwiad.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\facecredentialprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\FrameServer.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\FSClient.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\fveapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\fveapibase.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\GamePanel.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\hvax64.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\hvix64.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\hvloader.efi:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\hvloader.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\indexeddbserver.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\InstallAgent.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\InstallAgentUserBroker.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\kdhvcom.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\KnobsCore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\KnobsCsp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\LicenseManager.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\LicenseManagerSvc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPO4064.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MaxxVoiceAPO3064.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MCRecvSrc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfksproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfnetcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfnetsrc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfps.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mfsensorgroup.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\mispace.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MRT.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\msctf.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mshtml.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\mstsc.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MusNotification.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\MusUpdateHandlers.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NetworkMobileSettings.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\NFCProvisioningPlugin.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ntdll.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ntoskrnl.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvhdagenco6420103.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\nvhdap64.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\provdatastore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\provengine.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\provhandlers.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\provisioningcsp.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\provops.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\ProvPluginEng.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\provtool.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\schannel.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_nt.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\shell32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\shutdownux.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\smphost.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\storagewmi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\storagewmi_passthru.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\StoreAgent.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\twinui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\updatepolicy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\usocore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\vmnetbridge.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\vnetinst.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\win32kfull.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wincorlib.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Audio.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Editing.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Speech.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Speech.UXRes.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\windows.storage.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Logon.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Search.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\winload.efi:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\winload.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\winresume.efi:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\winresume.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WinTypes.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wsp_fs.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\wsp_health.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wuauclt.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wuaueng.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wups2.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\wuuhext.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\WWAHost.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wwanprotdim.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\wwansvc.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_3.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_4.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_5.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_6.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_7.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\xactengine3_0.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\xactengine3_1.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\xactengine3_2.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\xactengine3_3.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\xactengine3_4.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\xactengine3_5.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\xactengine3_6.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\xactengine3_7.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_1.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_2.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_3.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_4.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_5.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAudio2_0.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\XAudio2_1.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAudio2_2.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAudio2_3.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAudio2_4.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAudio2_5.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAudio2_6.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XAudio2_7.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\XblAuthManager.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\aclui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\AudioSes.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\bcastdvr.exe:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\BcastDVRHelper.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Chakra.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\Chakradiag.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Chakrathunk.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ClipboardServer.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\clusapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\combase.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\CredProvDataModel.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\C_G18030.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\c_GSM7.DLL:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\C_IS2022.DLL:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3D12.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_37.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_38.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_39.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_40.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_41.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_42.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_43.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dcsx_42.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dcsx_43.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_37.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_38.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_39.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_40.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_41.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_42.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_43.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx11_42.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx11_43.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_37.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_38.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_39.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_40.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_42.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_43.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\delegatorprovider.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\DscCoreConfProv.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\edgehtml.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\encapi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerApp.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\FSClient.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\GamePanel.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\indexeddbserver.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\InstallAgent.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\LicenseManager.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\MCRecvSrc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfksproxy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetcore.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetsrc.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfps.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsensorgroup.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mispace.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\msctf.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtml.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\mstsc.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\ntdll.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\schannel.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\shell32.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\smphost.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\storagewmi.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\storagewmi_passthru.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\StoreAgent.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\updatepolicy.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\vmnat.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\vmnetdhcp.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\vsocklib.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\win32kfull.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wincorlib.dll:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Speech.UXRes.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\windows.storage.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WinTypes.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wsp_fs.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\wsp_health.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\WWAHost.exe:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_3.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_4.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_5.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_6.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_7.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_1.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_2.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_3.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_4.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_5.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_6.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_7.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_1.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_2.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_3.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_4.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_5.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_0.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_1.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_2.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_3.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_4.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_5.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_6.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_7.dll:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\ClipSp.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\dtlitescsibus.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgkrnl.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms1.sys:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms2.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\hvservice.sys:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbam.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\mbamchameleon.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\mwac.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\ntfs.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\nvhda64v.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\pdc.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\tap0901.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\tcpip.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\VBoxDrv.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\VBoxNetAdp6.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmci.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmnet.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmnetadapter.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\vmnetbridge.sys:$CmdTcID [130] AlternateDataStreams: C:\WINDOWS\system32\Drivers\xinputhid.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\system32\Drivers\XQHDrv.sys:$CmdTcID [64] AlternateDataStreams: C:\WINDOWS\SysWOW64\Drivers\XQHDrv.sys:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Desktop\FRST64.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Desktop\FRST64.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Dan\Desktop\IE11.Win7.For.Windows.VMware.zip:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Desktop\instance-1.rdp:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Desktop\instance-2.rdp:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Desktop\instance-3.rdp:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Desktop\ipscan-win64-3.4.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Desktop\SweevaBot v1.1.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Desktop\WinFlashTool.exe:$CmdTcID [130] AlternateDataStreams: C:\Users\Dan\Downloads\0bbe499629459d556ce5702538b5779f502a61095620b.zip:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\3152159:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\3152159:$CmdZnID [26] AlternateDataStreams: C:\Users\Dan\Downloads\4kvideodownloader_4.1.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\4kvideodownloader_4.1.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Dan\Downloads\4kyoutubetomp3_3.0.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\4kyoutubetomp3_3.0.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Dan\Downloads\ArcInstall_PWI_v20160816a.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\Bitmessage.exe:$CmdTcID [130] AlternateDataStreams: C:\Users\Dan\Downloads\camfrog coin getter.apk:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\cjoverkill.zip:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\Cock hungry pov fetish babe - XVIDEOS.COM.mp3:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\Cock hungry pov fetish babe - XVIDEOS.COM.mp3:$CmdZnID [26] AlternateDataStreams: C:\Users\Dan\Downloads\CyberLink_YouCam_Downloader.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\CyberLink_YouCam_Downloader.exe:$CmdZnID [29] AlternateDataStreams: C:\Users\Dan\Downloads\ec2-52-35-99-222.us-west-2.compute.amazonaws.com.rdp:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\faucetinabox-r63.zip:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\firefox-50.0a2.en-US.win32.installer-stub.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Dan\Downloads\freebitcodotintricks.txt:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\FreemakeYouTubeToMP3BoomSetup.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\google play services.apk:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\HitLeap Viewer.msi:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\IE11.Win7.For.Windows.VMware.zip:$CmdTcID [130] AlternateDataStreams: C:\Users\Dan\Downloads\index(2).php:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\JavaSetup8u91.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Dan\Downloads\LineInst.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Dan\Downloads\paytoshi-faucet-v2.0.3.zip:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\planets vs zombies 2.apk:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\planets vs zombies 2.apk:$CmdZnID [26] AlternateDataStreams: C:\Users\Dan\Downloads\Pwi_ArcSetup.exe:$CmdZnID [29] AlternateDataStreams: C:\Users\Dan\Downloads\readme.txt:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\RoboForm-Setup-ffbn1.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\TeamViewer_Setup_en.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Downloads\TeamViewer_Setup_en.exe:$CmdZnID [26] AlternateDataStreams: C:\Users\Dan\Downloads\uthgard.setup.exe:$CmdTcID [64] AlternateDataStreams: C:\Users\Dan\Documents\README BeagleBone Black OR Raspberry PI.txt:$CmdTcID [64] AlternateDataStreams: C:\Users\Public\SwapMagic_v3.6.rar:$CmdTcID [64] AlternateDataStreams: C:\Users\Public\SwapMagic_v3.6.rar:$CmdZnID [26] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\...\driversupport.com -> hxxp://apps.driversupport.com IE trusted site: HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\...\driversupport.com -> hxxps://apps.driversupport.com IE trusted site: HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\...\hola.org -> hxxp://hola.org ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-07-20 08:21 - 2015-09-30 00:30 - 00000855 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Innovation\Aqua.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: !SASCORE => 2 MSCONFIG\Services: camfrog_update_service => 2 MSCONFIG\Services: cfWiMAXService => 2 MSCONFIG\Services: ConfigFree Service => 2 MSCONFIG\Services: GeekBuddyRSP => 2 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: iPod Service => 3 MSCONFIG\Services: iRacingService => 2 MSCONFIG\Services: lohynoni => 2 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: Steam Client Service => 3 MSCONFIG\Services: TeamViewer => 2 MSCONFIG\Services: Thpsrv => 2 MSCONFIG\Services: TMachInfo => 3 MSCONFIG\Services: TODDSrv => 2 MSCONFIG\Services: TosCoSrv => 2 MSCONFIG\Services: TOSHIBA eco Utility Service => 2 MSCONFIG\Services: TOSHIBA HDD SSD Alert Service => 3 MSCONFIG\Services: UNS => 2 MSCONFIG\Services: VMAuthdService => 2 MSCONFIG\Services: VMnetDHCP => 2 MSCONFIG\Services: VMUSBArbService => 2 MSCONFIG\Services: VMware NAT Service => 2 MSCONFIG\startupfolder: C:^Users^Dan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PalTalk.lnk => C:\windows\pss\PalTalk.lnk.Startup MSCONFIG\startupfolder: C:^Users^Dan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PdaNet Desktop.lnk => C:\windows\pss\PdaNet Desktop.lnk.Startup MSCONFIG\startupreg: 00TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe MSCONFIG\startupreg: Application Experience => C:\Users\Dan\AppData\Roaming\Microsoft\AeLookupSvi.exe MSCONFIG\startupreg: HSON => %ProgramFiles%\TOSHIBA\TBS\HSON.exe MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: MurGee.com Auto Clicker => C:\Users\Dan\AppData\Local\Auto Clicker\AutoClicker.exe :silent MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED MSCONFIG\startupreg: SandboxieControl => "C:\Program Files\Sandboxie\SbieCtrl.exe" MSCONFIG\startupreg: SmartFaceVWatcher => %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe MSCONFIG\startupreg: Start WingMan Profiler => C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe MSCONFIG\startupreg: Teco => "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r MSCONFIG\startupreg: ThpSrv => C:\windows\system32\thpsrv /logon MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 MSCONFIG\startupreg: TosReelTimeMonitor => %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE MSCONFIG\startupreg: TUSBSleepChargeSrv => %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe MSCONFIG\startupreg: TWebCamera => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun HKLM\...\StartupApproved\StartupFolder: => "Start GeekBuddy.lnk" HKLM\...\StartupApproved\StartupFolder: => "HandyAndy.lnk" HKLM\...\StartupApproved\Run: => "COMODO Internet Security" HKLM\...\StartupApproved\Run32: => "LogitechVideoTray" HKLM\...\StartupApproved\Run32: => "LogitechVideoRepair" HKLM\...\StartupApproved\Run32: => "Malwarebytes Anti-Exploit" HKLM\...\StartupApproved\Run32: => "tvncontrol" HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\...\StartupApproved\Run: => "Google Update" HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\...\StartupApproved\Run: => "LogitechSoftwareUpdate" HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\...\StartupApproved\Run: => "DAEMON Tools Lite Automount" HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\...\StartupApproved\Run: => "SandboxieControl" HKU\S-1-5-21-3476291681-2796092440-1313146854-1000\...\StartupApproved\Run: => "msnmsgr" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808 FirewallRules: [{9329D342-A448-4B4A-8025-7A8B0BDF9B03}] => (Allow) C:\Program Files (x86)\S.W.A.T. 4\ContentExpansion\System\Swat4XDedicatedServer.exe FirewallRules: [{5D348A7E-D12F-4654-B065-1A50FE52DE77}] => (Allow) C:\Program Files (x86)\S.W.A.T. 4\ContentExpansion\System\Swat4XDedicatedServer.exe FirewallRules: [{FDEEE96C-C61C-4959-AB01-10119AEAB9CD}] => (Allow) C:\Program Files (x86)\S.W.A.T. 4\ContentExpansion\System\Swat4X.exe FirewallRules: [{4EFA7064-F16C-4FDB-A376-1A3B8E421F93}] => (Allow) C:\Program Files (x86)\S.W.A.T. 4\ContentExpansion\System\Swat4X.exe FirewallRules: [{EE1EEF87-4EB2-407B-8E8E-D75A6888E3B5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{7019C075-0175-4643-9C54-1957EFC6B50D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{5611B8E4-ABFD-4D4C-8AAE-D3D56D1F751F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{710F6DF8-4560-4019-BAF1-9CD23D79E72F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [UDP Query User{82F0E83A-7781-4278-A957-E93614FF78D6}E:\hypercoin wallet\hyper-qt-win32-1.5.3.2\hyper-qt.exe] => (Allow) E:\hypercoin wallet\hyper-qt-win32-1.5.3.2\hyper-qt.exe FirewallRules: [TCP Query User{CED9FD88-C099-48E4-8FAE-F66B858C50B5}E:\hypercoin wallet\hyper-qt-win32-1.5.3.2\hyper-qt.exe] => (Allow) E:\hypercoin wallet\hyper-qt-win32-1.5.3.2\hyper-qt.exe FirewallRules: [UDP Query User{C8EEB4F0-846E-4D87-BBCE-FCC1ECA92915}C:\users\dan\appdata\local\temp\temp2_hyper-qt-win32-1.5.3.2.zip\hyper-qt.exe] => (Block) C:\users\dan\appdata\local\temp\temp2_hyper-qt-win32-1.5.3.2.zip\hyper-qt.exe FirewallRules: [TCP Query User{92A11D27-9416-4614-A7C1-E2E6FF56AF1E}C:\users\dan\appdata\local\temp\temp2_hyper-qt-win32-1.5.3.2.zip\hyper-qt.exe] => (Block) C:\users\dan\appdata\local\temp\temp2_hyper-qt-win32-1.5.3.2.zip\hyper-qt.exe FirewallRules: [UDP Query User{867145BA-1805-4EE0-84CC-E4AB9DB4B948}C:\users\dan\appdata\local\temp\temp1_hyper-qt-win32-1.5.3.2.zip\hyper-qt.exe] => (Allow) C:\users\dan\appdata\local\temp\temp1_hyper-qt-win32-1.5.3.2.zip\hyper-qt.exe FirewallRules: [TCP Query User{ABC0F501-E072-4448-BE74-5457D92353A8}C:\users\dan\appdata\local\temp\temp1_hyper-qt-win32-1.5.3.2.zip\hyper-qt.exe] => (Allow) C:\users\dan\appdata\local\temp\temp1_hyper-qt-win32-1.5.3.2.zip\hyper-qt.exe FirewallRules: [UDP Query User{8ABD27EF-57A2-4BE1-AB5E-51383D6DDDB8}C:\program files (x86)\manycam\manycam.exe] => (Allow) C:\program files (x86)\manycam\manycam.exe FirewallRules: [TCP Query User{AA48DBC8-DB55-47F5-B45A-17DF2A78E20A}C:\program files (x86)\manycam\manycam.exe] => (Allow) C:\program files (x86)\manycam\manycam.exe FirewallRules: [UDP Query User{0F51F772-3E8A-4242-B77D-0D0C021D1C4F}C:\program files (x86)\firefox developer edition\firefox.exe] => (Allow) C:\program files (x86)\firefox developer edition\firefox.exe FirewallRules: [TCP Query User{1198B163-D549-4891-ACB2-F55E347D79BA}C:\program files (x86)\firefox developer edition\firefox.exe] => (Allow) C:\program files (x86)\firefox developer edition\firefox.exe FirewallRules: [{53C8BD3A-5FCC-4F99-8487-6880C73EFAE7}] => (Allow) C:\Program Files (x86)\Firefox Developer Edition\firefox.exe FirewallRules: [{808EF229-A91C-4D59-96AB-9EE5C5C60F1E}] => (Allow) C:\Program Files (x86)\Firefox Developer Edition\firefox.exe FirewallRules: [{BF17F605-D857-48D7-B3F0-620719E0B7EA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{28A487B4-8FCB-4910-8CCB-EEFD0FB5EEB8}] => (Allow) C:\Users\Dan\AppData\Local\Line\bin\4.7.2.1043\LineUpdater.exe FirewallRules: [{E6EA43BB-565C-447A-B80B-D5F5C8310CBF}] => (Allow) C:\Users\Dan\AppData\Local\Line\bin\4.7.2.1043\LineUpdater.exe FirewallRules: [{4D9E7115-60C3-414B-A17B-4A56557141A3}] => (Allow) C:\Users\Dan\AppData\Local\Line\bin\4.7.2.1043\LINE.exe FirewallRules: [{6E0D7DD4-B34C-421A-946E-A5E9B7F8C371}] => (Allow) C:\Users\Dan\AppData\Local\Line\bin\4.7.2.1043\LINE.exe FirewallRules: [{5BFA5EA5-7FDB-4F98-9F6A-1561EA43EF70}] => (Allow) C:\Users\Dan\AppData\Local\Line\bin\4.7.0.1027\LineUpdater.exe FirewallRules: [{A456D0B6-27D8-49FF-9333-3227DEAF8ED5}] => (Allow) C:\Users\Dan\AppData\Local\Line\bin\4.7.0.1027\LineUpdater.exe FirewallRules: [{00A15F65-1CD2-48A3-8C48-D71F8485296A}] => (Allow) C:\Users\Dan\AppData\Local\Line\bin\4.7.0.1027\LINE.exe FirewallRules: [{9C6FBC50-1AE2-48CA-978D-01B55CF210A3}] => (Allow) C:\Users\Dan\AppData\Local\Line\bin\4.7.0.1027\LINE.exe FirewallRules: [UDP Query User{39031DE4-B4FE-459F-897F-D2C09F08B929}C:\program files (x86)\vuze\azureus.exe] => (Allow) C:\program files (x86)\vuze\azureus.exe FirewallRules: [TCP Query User{53466685-B65E-4DAF-8ACC-20A6AA3531C4}C:\program files (x86)\vuze\azureus.exe] => (Allow) C:\program files (x86)\vuze\azureus.exe FirewallRules: [{000BEDE2-6BE5-43C6-9D9B-7F4D64C62568}] => (Allow) C:\Program Files\Bignox\BigNoxVM\RTNoxVMHandle.exe FirewallRules: [{6ADF1189-1ACF-4440-BD73-3448D42C39ED}] => (Allow) C:\Users\Dan\AppData\Roaming\Nox\bin\Nox.exe FirewallRules: [{07EE5FE7-51B4-42E7-928D-C2F1CC0F477B}] => (Allow) C:\Games\World_of_Warships\worldofwarships.exe FirewallRules: [{D4AC4E76-4554-4F3E-8802-BB2764D79C57}] => (Allow) C:\Games\World_of_Warships\worldofwarships.exe FirewallRules: [{0B6FABD3-43BD-4FED-B5BA-AB5A29368D0B}] => (Allow) C:\Games\World_of_Warships\WoWSLauncher.exe FirewallRules: [{29F10EA1-2174-4084-BF80-D4C1D0797D2A}] => (Allow) C:\Games\World_of_Warships\WoWSLauncher.exe FirewallRules: [{CE0815F6-7355-437C-839D-6B0EE0D7FE15}] => (Block) E:\games\steamapps\common\steamcabal\launcher\launcher.exe FirewallRules: [{82B06EC6-5DFB-4E0F-929A-963B031BF8C7}] => (Block) E:\games\steamapps\common\steamcabal\launcher\launcher.exe FirewallRules: [UDP Query User{36CF998D-4106-4F26-BDBA-A015A87562D1}E:\games\steamapps\common\steamcabal\launcher\launcher.exe] => (Allow) E:\games\steamapps\common\steamcabal\launcher\launcher.exe FirewallRules: [TCP Query User{CC182FD1-CBF9-493B-946A-F62DD02AE5EB}E:\games\steamapps\common\steamcabal\launcher\launcher.exe] => (Allow) E:\games\steamapps\common\steamcabal\launcher\launcher.exe FirewallRules: [UDP Query User{76BF5BE1-DB89-4F7B-9262-C20C12DE71F2}C:\games\grand theft auto v\gta5.exe] => (Allow) C:\games\grand theft auto v\gta5.exe FirewallRules: [TCP Query User{72E3D121-E5A8-4DD8-B9C7-C94CC11B8AC5}C:\games\grand theft auto v\gta5.exe] => (Allow) C:\games\grand theft auto v\gta5.exe FirewallRules: [UDP Query User{4EF974FE-AC8E-4517-A277-A083B2D3FD39}C:\users\dan\appdata\roaming\quarkcoin\quarkcoin-qt.exe] => (Allow) C:\users\dan\appdata\roaming\quarkcoin\quarkcoin-qt.exe FirewallRules: [TCP Query User{92070E17-90CD-4417-945B-EBBBD58DA9B8}C:\users\dan\appdata\roaming\quarkcoin\quarkcoin-qt.exe] => (Allow) C:\users\dan\appdata\roaming\quarkcoin\quarkcoin-qt.exe FirewallRules: [{25B72BCC-1D73-47F3-9470-FF15A290F120}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{EAF501E1-5D96-4FF0-B0E4-4E25AF53C7BB}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{97343B23-F928-48A7-B230-54AAF1F62F50}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{D447A730-1E75-441D-B259-239D4A20444F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [UDP Query User{9475B6DA-8BE4-4C9A-A792-07AB83E533DF}C:\program files\litecoin\litecoin-qt.exe] => (Allow) C:\program files\litecoin\litecoin-qt.exe FirewallRules: [TCP Query User{D2C50B7B-92A8-4CB9-8FC7-F92000EA5C2E}C:\program files\litecoin\litecoin-qt.exe] => (Allow) C:\program files\litecoin\litecoin-qt.exe FirewallRules: [UDP Query User{0F45ABD3-ACCE-45BE-B8F5-579D00CF348E}C:\program files (x86)\litecoin\litecoin-qt.exe] => (Allow) C:\program files (x86)\litecoin\litecoin-qt.exe FirewallRules: [TCP Query User{1D1D8730-C8F5-4456-BDFE-9E7BD87DDCB4}C:\program files (x86)\litecoin\litecoin-qt.exe] => (Allow) C:\program files (x86)\litecoin\litecoin-qt.exe FirewallRules: [UDP Query User{5E6EA196-D91D-4316-96B4-7E71DB72589C}C:\program files (x86)\sierra\swat 4\content\system\swat4.exe] => (Allow) C:\program files (x86)\sierra\swat 4\content\system\swat4.exe FirewallRules: [TCP Query User{0A50A62C-BA9A-4758-A9D9-8B60E73C1555}C:\program files (x86)\sierra\swat 4\content\system\swat4.exe] => (Allow) C:\program files (x86)\sierra\swat 4\content\system\swat4.exe FirewallRules: [{4089D4E4-D792-4818-8E34-FFE83CD51A9D}] => (Block) C:\program files (x86)\secondlifeviewer\slvoice.exe FirewallRules: [{B7F78630-5862-4B00-94E9-965D983F1110}] => (Block) C:\program files (x86)\secondlifeviewer\slvoice.exe FirewallRules: [UDP Query User{58763A45-FC5E-4555-A4F8-CD48F9FB5E4B}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Allow) C:\program files (x86)\secondlifeviewer\slvoice.exe FirewallRules: [TCP Query User{5E00907F-C967-4077-A424-262A80969312}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Allow) C:\program files (x86)\secondlifeviewer\slvoice.exe FirewallRules: [{581448B7-7528-4419-8492-E1BE3CE25C10}] => (Allow) C:\Program Files\Andy\HandyAndy.exe FirewallRules: [{50FC2FE4-841A-4D7F-9343-7DF412DC4055}] => (Allow) C:\Program Files\Andy\HandyAndy.exe FirewallRules: [{909F40BD-3C18-47A6-BFE9-E415D1D72B38}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe FirewallRules: [{3C7C0EE8-26A8-4368-A7EB-69EEF7FC7BD5}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe FirewallRules: [{1A9A7BF5-42DF-40F9-911F-929190DE9E9B}] => (Allow) C:\Program Files\Andy\andy.exe FirewallRules: [{78F04EB0-EC69-4AE3-9BCD-BC26E32CE6D8}] => (Allow) C:\Program Files\Andy\andy.exe FirewallRules: [{D6D7210A-05B2-4950-AE25-C13DAF47B440}] => (Allow) C:\Users\Dan\AppData\Local\Temp\Andy_45.5_x64\Setup.exe FirewallRules: [{4B70166A-05F4-4FEB-B0DE-581E697B8852}] => (Allow) C:\Users\Dan\AppData\Local\Temp\Andy_45.5_x64\Setup.exe FirewallRules: [{ABD97CD1-F655-452C-8F7C-099E52CE82BB}] => (Allow) C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe FirewallRules: [{5304BBB2-75D9-4A1F-A8AC-13A21832115F}] => (Allow) C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe FirewallRules: [{FCF0B1F0-830F-44C5-8D22-D240C0272CA9}] => (Block) C:\users\dan\downloads\bitmessage.exe FirewallRules: [{EB91E122-84C1-47CF-9DBF-C3DFDD78C9A2}] => (Block) C:\users\dan\downloads\bitmessage.exe FirewallRules: [UDP Query User{C0D2160E-45C5-4CB2-9EEC-4984B8BC9A76}C:\users\dan\downloads\bitmessage.exe] => (Allow) C:\users\dan\downloads\bitmessage.exe FirewallRules: [TCP Query User{BFEDA0B8-46DC-4093-BE3A-BA59C4D68D08}C:\users\dan\downloads\bitmessage.exe] => (Allow) C:\users\dan\downloads\bitmessage.exe FirewallRules: [{EC974912-5797-43E8-B9D2-0883FE3BE882}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{6C984D23-E2E0-4E7A-8CB2-CE5D82A236AD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{1E6D4AB4-0E1E-4ABD-9068-6269334F882A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{B02DD16F-0A8E-4ABD-A2D9-C05930BBFB62}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{3603665B-8EAE-41CA-9938-D1614B6804FD}] => (Allow) C:\Program Files (x86)\Naver\LINE\Line.exe FirewallRules: [{B1CE1354-FF59-4A46-AA7F-4F593535F352}] => (Allow) C:\Program Files (x86)\Naver\LINE\Line.exe FirewallRules: [UDP Query User{E757250F-A42C-4677-BDAD-249C01D1A130}C:\program files (x86)\peerunity\peerunity.exe] => (Allow) C:\program files (x86)\peerunity\peerunity.exe FirewallRules: [TCP Query User{4A14BFF1-CB80-42BA-A0E6-33823C906F7F}C:\program files (x86)\peerunity\peerunity.exe] => (Allow) C:\program files (x86)\peerunity\peerunity.exe FirewallRules: [UDP Query User{CC14FE42-BF9E-40E2-B84B-257AE8266B87}C:\users\dan\appdata\roaming\quarkcoin\quarkcoin-qt.exe] => (Allow) C:\users\dan\appdata\roaming\quarkcoin\quarkcoin-qt.exe FirewallRules: [TCP Query User{4BD39E76-691E-464D-8F94-5394CED0138E}C:\users\dan\appdata\roaming\quarkcoin\quarkcoin-qt.exe] => (Allow) C:\users\dan\appdata\roaming\quarkcoin\quarkcoin-qt.exe FirewallRules: [UDP Query User{A1E56447-F348-4D92-B67C-6C7A7029C787}C:\program files (x86)\primecoin\primecoin-qt.exe] => (Allow) C:\program files (x86)\primecoin\primecoin-qt.exe FirewallRules: [TCP Query User{B9D7F293-EAED-4519-BBBA-F4C51A693983}C:\program files (x86)\primecoin\primecoin-qt.exe] => (Allow) C:\program files (x86)\primecoin\primecoin-qt.exe FirewallRules: [UDP Query User{1F21AF50-F4CF-4351-A343-A370F60E53E2}C:\program files (x86)\litecoin\litecoin-qt.exe] => (Allow) C:\program files (x86)\litecoin\litecoin-qt.exe FirewallRules: [TCP Query User{423D0705-D32A-4308-9D26-01FE0E0FCB1A}C:\program files (x86)\litecoin\litecoin-qt.exe] => (Allow) C:\program files (x86)\litecoin\litecoin-qt.exe FirewallRules: [{6EBA80BF-6D84-4B5C-AA1C-B431D3C0428B}] => (Allow) %ProgramFiles% (x86)\MultiTool V2\MultiTool.exe FirewallRules: [{61301D62-466C-462C-AD4C-65B61B8F3C1E}] => (Allow) %ProgramFiles% (x86)\MultiTool V2\MultiTool.exe FirewallRules: [UDP Query User{F7CCECFE-A733-4A0F-A5FF-31B086EAB3D0}C:\program files (x86)\manycam\manycam.exe] => (Allow) C:\program files (x86)\manycam\manycam.exe FirewallRules: [TCP Query User{FC927C80-A0E0-4F1F-A65F-C5D31AD1E580}C:\program files (x86)\manycam\manycam.exe] => (Allow) C:\program files (x86)\manycam\manycam.exe FirewallRules: [UDP Query User{39DE6EC8-05F8-4097-B06F-75750CE53C96}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe FirewallRules: [TCP Query User{8B5066A1-BC8E-442A-B40D-2EDBA50B1C44}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Allow) C:\program files (x86)\paltalk messenger\paltalk.exe FirewallRules: [UDP Query User{365FAF24-A8AC-4099-85F2-A337E8D975A0}C:\program files (x86)\huntercoin\huntercoin-qt.exe] => (Allow) C:\program files (x86)\huntercoin\huntercoin-qt.exe FirewallRules: [TCP Query User{3227BCC3-4339-43C9-933F-021828564E6B}C:\program files (x86)\huntercoin\huntercoin-qt.exe] => (Allow) C:\program files (x86)\huntercoin\huntercoin-qt.exe FirewallRules: [UDP Query User{8BE6C761-757C-418E-A153-4BC1103CC44A}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe FirewallRules: [TCP Query User{F2ADD05A-8589-4644-9AD1-4FA275E7411D}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe FirewallRules: [{4933C144-A0E9-400E-9525-0626BBE4E321}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe FirewallRules: [{9BBA9312-6158-48FE-BD0F-83621CFAF46A}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe FirewallRules: [{15D59E53-E5FA-4F04-9135-8837328F22DE}] => (Allow) C:\Program Files (x86)\Fiddler2\Fiddler.exe FirewallRules: [{9C3DCE6D-90B4-49FF-BB29-96DDBB6642D7}] => (Allow) C:\Program Files (x86)\Naver\LINE\Line.exe FirewallRules: [{6C330BB5-0C96-4FF5-951C-8CB6F3CDFDCE}] => (Allow) C:\Program Files (x86)\Naver\LINE\Line.exe FirewallRules: [{2B0A9CD2-BBE3-43C4-BE2F-74EF522E90CD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{8DB29B7B-BEBA-4E79-82D9-138EB1870934}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{CB68F697-494E-4251-8CEB-E36E7A05A6EB}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe FirewallRules: [{5069F59E-CB6F-43B8-93A0-F07702870259}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{4285960A-CBE1-4DB3-9095-191E85F1F1AB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{849B581F-4293-4BE1-B02B-1E9BF319955E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{FC1F660B-688D-4924-8566-BB2974A509AA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{AB08FFC9-1DA7-4F94-AE32-C5CC76BDBD0A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{BE2CC715-F6E1-496A-903E-8C50EAECEA54}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{0B8D8B44-BD54-4BCC-82C0-54409558B759}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{CFEA6052-80A5-42C1-859A-2D2B5BE3708E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [UDP Query User{024AE92D-D783-4744-A956-3B228F4562C3}C:\program files (x86)\dogecoin\dogecoin-qt.exe] => (Allow) C:\program files (x86)\dogecoin\dogecoin-qt.exe FirewallRules: [TCP Query User{4216ACCD-CBA0-4E17-9533-C2F0EFD04F7C}C:\program files (x86)\dogecoin\dogecoin-qt.exe] => (Allow) C:\program files (x86)\dogecoin\dogecoin-qt.exe FirewallRules: [{4EB637AF-7AAD-4A1E-B0C5-73C2ABE7B4E6}] => (Allow) C:\Program Files (x86)\DTLSoft\DriveTheLife\download\MiniThunderPlatform.exe FirewallRules: [{E2622863-3207-4880-964D-7BD7D33F9FE5}] => (Allow) C:\Program Files (x86)\DTLSoft\DriveTheLife\DTLService.exe FirewallRules: [{E5ACC65C-B4CA-4FD8-8A90-62E93113658D}] => (Allow) C:\Program Files (x86)\DTLSoft\DriveTheLife\DriveTheLife.exe FirewallRules: [{7C1154A3-AA4A-4C90-AB3F-E3060D7DB9C5}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [UDP Query User{1C4365BE-3505-449D-9F7D-9EAFB4B20AE4}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe] => (Block) C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe FirewallRules: [TCP Query User{A0B70BDB-77C0-4382-B4EA-9C96DBC3BE3E}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe] => (Block) C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe FirewallRules: [UDP Query User{7119C0A7-9483-434B-8F14-8F28FC0D39AC}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe FirewallRules: [TCP Query User{943405E3-0C3F-4EFE-860A-4FDCACD04AD9}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe FirewallRules: [UDP Query User{AC6162A9-F647-4250-8775-0C3E4C2AFCD6}C:\users\dan\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Block) C:\users\dan\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe FirewallRules: [TCP Query User{B9139CB5-7D9B-4368-897C-266FA08CD8FB}C:\users\dan\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Block) C:\users\dan\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe FirewallRules: [UDP Query User{371F154F-D1CD-40A8-AE47-5D200F9B295E}C:\program files (x86)\paycoin\paycoin.exe] => (Allow) C:\program files (x86)\paycoin\paycoin.exe FirewallRules: [TCP Query User{D67F8877-930A-49AA-8E96-0F5923F3565A}C:\program files (x86)\paycoin\paycoin.exe] => (Allow) C:\program files (x86)\paycoin\paycoin.exe FirewallRules: [UDP Query User{E12CE1E4-6018-4D64-8551-2A38C7B71BA5}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{6190AC66-CF36-4434-895E-FA80A4A1B5A1}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{A1F832CD-6118-4F7B-8AC7-FCA1FF6A827E}C:\program files (x86)\paycoin\paycoin.exe] => (Allow) C:\program files (x86)\paycoin\paycoin.exe FirewallRules: [TCP Query User{ABE029C0-7BD3-425B-A886-7E8CBCD7B6E8}C:\program files (x86)\paycoin\paycoin.exe] => (Allow) C:\program files (x86)\paycoin\paycoin.exe FirewallRules: [UDP Query User{6DCBDF40-F763-4364-ACEC-E0160D48CD35}F:\e-currencys\quarkcoin\quarkcoin-qt.exe] => (Allow) F:\e-currencys\quarkcoin\quarkcoin-qt.exe FirewallRules: [TCP Query User{B716E153-A905-4BEB-8777-B6C0E6D96401}F:\e-currencys\quarkcoin\quarkcoin-qt.exe] => (Allow) F:\e-currencys\quarkcoin\quarkcoin-qt.exe FirewallRules: [UDP Query User{3DBB2C7A-2ED0-4476-845E-5514523B50F2}F:\bitcoins\dogecoin\dogecoin-qt.exe] => (Allow) F:\bitcoins\dogecoin\dogecoin-qt.exe FirewallRules: [TCP Query User{E23A0796-1231-4C28-A288-488866DBCBCE}F:\bitcoins\dogecoin\dogecoin-qt.exe] => (Allow) F:\bitcoins\dogecoin\dogecoin-qt.exe FirewallRules: [UDP Query User{8BBCE6E3-05EE-47A7-9A9B-1DEC058AA7D0}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe FirewallRules: [TCP Query User{0155E8D8-568B-4322-9241-4CA641320B31}C:\program files\bitcoin\bitcoin-qt.exe] => (Allow) C:\program files\bitcoin\bitcoin-qt.exe FirewallRules: [UDP Query User{8F4419C7-837D-4ABF-90FC-1B5D7868E1E3}C:\program files (x86)\dogecoin\dogecoin-qt.exe] => (Allow) C:\program files (x86)\dogecoin\dogecoin-qt.exe FirewallRules: [TCP Query User{4E932DD0-9FA0-48B2-A612-9092051DD111}C:\program files (x86)\dogecoin\dogecoin-qt.exe] => (Allow) C:\program files (x86)\dogecoin\dogecoin-qt.exe FirewallRules: [UDP Query User{0D95B1A8-7002-42D9-83DA-1B6F6EB71430}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{F4FF90B7-6A72-4127-9F4F-0CE161DDFD19}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{0409F56D-68FE-42CB-91FD-82D11AE229DA}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe] => (Allow) C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe FirewallRules: [TCP Query User{7E097C68-0FD9-4FC9-B2D5-E641DCDCE35C}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe] => (Allow) C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe FirewallRules: [TCP Query User{56EE4C9B-E05E-4111-AB5C-B16212489435}C:\program files\litecoin\litecoin-qt.exe] => (Allow) C:\program files\litecoin\litecoin-qt.exe FirewallRules: [UDP Query User{376E2F4F-47E5-417F-B2D6-0D101FD56CA7}C:\program files\litecoin\litecoin-qt.exe] => (Allow) C:\program files\litecoin\litecoin-qt.exe FirewallRules: [TCP Query User{CAD8F543-A4F1-4D25-B66F-7D98E216D6B2}C:\games\grand theft auto v\gta5.exe] => (Allow) C:\games\grand theft auto v\gta5.exe FirewallRules: [UDP Query User{6E09CCB1-51F8-4A2E-8D58-F12CE16E4EB3}C:\games\grand theft auto v\gta5.exe] => (Allow) C:\games\grand theft auto v\gta5.exe FirewallRules: [TCP Query User{898B091E-8385-4317-A4AB-CCD1EF2C1217}C:\users\dan\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\dan\appdata\roaming\gameranger\gameranger\gameranger.exe FirewallRules: [UDP Query User{1DBE744F-3EB6-4468-9C76-83FEC83991A0}C:\users\dan\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\dan\appdata\roaming\gameranger\gameranger\gameranger.exe FirewallRules: [TCP Query User{EAAF68A2-3828-4673-81BF-DAE70F9D4D9B}C:\program files (x86)\sierra\swat 4\content\system\swat4dedicatedserver.exe] => (Allow) C:\program files (x86)\sierra\swat 4\content\system\swat4dedicatedserver.exe FirewallRules: [UDP Query User{A7476AE7-C311-4D3A-97FA-BF9FDF04FDE1}C:\program files (x86)\sierra\swat 4\content\system\swat4dedicatedserver.exe] => (Allow) C:\program files (x86)\sierra\swat 4\content\system\swat4dedicatedserver.exe FirewallRules: [TCP Query User{CA957408-8F22-412A-9E22-D6EA56EA4BC5}C:\program files (x86)\sierra\swat 4\content\system\swat4.exe] => (Allow) C:\program files (x86)\sierra\swat 4\content\system\swat4.exe FirewallRules: [UDP Query User{D6FC9DC7-62D9-41C8-B555-F5A2A466E1EB}C:\program files (x86)\sierra\swat 4\content\system\swat4.exe] => (Allow) C:\program files (x86)\sierra\swat 4\content\system\swat4.exe FirewallRules: [{3C99E3FE-7139-4F4E-B148-F189DA88567D}] => (Allow) LPort=10488 FirewallRules: [{FFA315B5-7C9B-433B-BC10-C1EBEE787CA6}] => (Allow) LPort=10487 FirewallRules: [TCP Query User{067F1ACC-D4C0-4D95-9991-974A3AC31362}C:\program files (x86)\coffeecup software\free ftp\freeftp.exe] => (Allow) C:\program files (x86)\coffeecup software\free ftp\freeftp.exe FirewallRules: [UDP Query User{F19758DA-1CF8-4C40-B954-D564FD64F75E}C:\program files (x86)\coffeecup software\free ftp\freeftp.exe] => (Allow) C:\program files (x86)\coffeecup software\free ftp\freeftp.exe FirewallRules: [{65B44933-31DD-49BE-8C25-F55B389C7FE2}] => (Allow) C:\Program Files\SmartFTP Client\SmartFTP.exe FirewallRules: [{90203753-796C-4B5C-BBCD-8514E89FA660}] => (Allow) C:\Program Files\SmartFTP Client\SmartFTP.exe FirewallRules: [TCP Query User{E5FF00C4-4D85-4FD1-9997-99F8CA4F1276}C:\program files (x86)\peerunity\peerunity.exe] => (Allow) C:\program files (x86)\peerunity\peerunity.exe FirewallRules: [UDP Query User{3A26E908-D349-43F0-8E42-8DD4F130D886}C:\program files (x86)\peerunity\peerunity.exe] => (Allow) C:\program files (x86)\peerunity\peerunity.exe FirewallRules: [TCP Query User{43A31637-0F31-4B03-8DDE-0F2468BF2C32}C:\users\dan\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\dan\appdata\roaming\gameranger\gameranger\gameranger.exe FirewallRules: [UDP Query User{907F8EE1-8A10-4946-AE8A-082DC4954980}C:\users\dan\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\dan\appdata\roaming\gameranger\gameranger\gameranger.exe FirewallRules: [TCP Query User{B2572667-9AFD-4AED-9483-1AE85D58BAB6}C:\program files\java\jre1.8.0_65\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_65\bin\javaw.exe FirewallRules: [UDP Query User{97170B63-1D1D-47FA-8C43-8B34A1B310F1}C:\program files\java\jre1.8.0_65\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_65\bin\javaw.exe FirewallRules: [{36ABAECB-0795-4258-BA74-D57DFE4241D1}] => (Allow) C:\Users\Dan\Downloads\betternetInstaller-65198032.exe FirewallRules: [{85E6FDBF-C508-4799-BCD7-67646705AD70}] => (Allow) C:\Users\Dan\Downloads\betternetInstaller-65198032.exe FirewallRules: [{498DC84F-A3A9-4FA4-9E63-5C4BE1D30E69}] => (Allow) C:\Program Files (x86)\GSA Search Engine Ranker\Search_Engine_Ranker.exe FirewallRules: [{C2B368B8-7FFD-4D94-95AF-372C2F69F9F7}] => (Allow) C:\Program Files (x86)\GSA Search Engine Ranker\Search_Engine_Ranker.exe FirewallRules: [{B19A0A66-3346-43F7-8B57-930ABF46090B}] => (Allow) C:\Program Files (x86)\GSA Search Engine Ranker\Search_Engine_Ranker.exe FirewallRules: [{C58D8741-8EF1-4E8C-BA6F-1A5F13EA3EFC}] => (Block) LPort=554 FirewallRules: [{7493A75B-648C-41F4-AB3A-5154C6630A10}] => (Block) LPort=445 FirewallRules: [{DD4225A5-E79F-4F2D-BA25-BD10CBE602B5}] => (Block) LPort=139 FirewallRules: [{EA69B1BE-6CDE-4C2C-A0A9-C9C9D9920581}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{19334ADA-22F3-4279-825A-F5DF01724C1D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{4527199B-D204-422E-9AF0-A7CE6E9FED49}E:\camfrog server\camfrogserver.exe] => (Allow) E:\camfrog server\camfrogserver.exe FirewallRules: [UDP Query User{E20D83F4-CF41-42EE-8C3D-526CE5CDE482}E:\camfrog server\camfrogserver.exe] => (Allow) E:\camfrog server\camfrogserver.exe FirewallRules: [{F7539AE6-707F-4EF5-A0F9-F772CD888884}] => (Block) E:\camfrog server\camfrogserver.exe FirewallRules: [{C9E55730-EDA8-49DC-B593-464CD95C4C00}] => (Block) E:\camfrog server\camfrogserver.exe ==================== Restore Points ========================= 08-09-2016 21:46:28 Windows Update ==================== Faulty Device Manager Devices ============= Name: TAP-Windows Adapter V9 Description: TAP-Windows Adapter V9 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: TAP-Windows Provider V9 Service: tap0901 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: PdaNet Broadband Adapter Description: PdaNet Broadband Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: June Fabrics Technology Inc. Service: pneteth Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: VMware Virtual Ethernet Adapter for VMnet1 Description: VMware Virtual Ethernet Adapter for VMnet1 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: VMware, Inc. Service: VMnetAdapter Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: VMware Virtual Ethernet Adapter for VMnet8 Description: VMware Virtual Ethernet Adapter for VMnet8 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: VMware, Inc. Service: VMnetAdapter Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Realtek PCIe FE Family Controller Description: Realtek PCIe FE Family Controller Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Realtek Service: rt640x64 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (09/09/2016 08:59:36 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbam.exe, version: 2.3.173.0, time stamp: 0x56e065b4 Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e Exception code: 0x40000015 Fault offset: 0x0008d6fd Faulting process id: 0x1734 Faulting application start time: 0x01d20a98933a8b23 Faulting application path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe Faulting module path: C:\Program Files (x86)\Malwarebytes Anti-Malware\MSVCR100.dll Report Id: d48b8af4-85cc-478a-a96a-478a755eaeeb Faulting package full name: Faulting package-relative application ID: Error: (09/09/2016 08:49:20 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbamservice.exe, version: 3.2.21.0, time stamp: 0x56bd3616 Faulting module name: mbamservice.exe, version: 3.2.21.0, time stamp: 0x56bd3616 Exception code: 0x40000015 Fault offset: 0x000ad2a6 Faulting process id: 0x19f4 Faulting application start time: 0x01d20a98949b417a Faulting application path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe Faulting module path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe Report Id: d662a7c3-07c2-4133-9515-193db0927ccf Faulting package full name: Faulting package-relative application ID: Error: (09/09/2016 08:48:59 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbamservice.exe, version: 3.2.21.0, time stamp: 0x56bd3616 Faulting module name: mbamservice.exe, version: 3.2.21.0, time stamp: 0x56bd3616 Exception code: 0x40000015 Fault offset: 0x000ad2a6 Faulting process id: 0x16a0 Faulting application start time: 0x01d20a9887cdf934 Faulting application path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe Faulting module path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe Report Id: 550b6cc1-c78b-4d09-86db-1b5016abd322 Faulting package full name: Faulting package-relative application ID: Error: (09/09/2016 08:48:56 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbamservice.exe, version: 3.2.21.0, time stamp: 0x56bd3616 Faulting module name: mbamservice.exe, version: 3.2.21.0, time stamp: 0x56bd3616 Exception code: 0x40000015 Fault offset: 0x000ad2a6 Faulting process id: 0x1b38 Faulting application start time: 0x01d20a98867d100e Faulting application path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe Faulting module path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe Report Id: e407d219-1dd7-4899-bd78-fc7c8310fc35 Faulting package full name: Faulting package-relative application ID: Error: (09/09/2016 08:48:49 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbamservice.exe, version: 3.2.21.0, time stamp: 0x56bd3616 Faulting module name: mbamservice.exe, version: 3.2.21.0, time stamp: 0x56bd3616 Exception code: 0x40000015 Fault offset: 0x000ad2a6 Faulting process id: 0x78c Faulting application start time: 0x01d20a98817137af Faulting application path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe Faulting module path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe Report Id: b1ca4211-0e7a-4f72-bd8d-3abd46d8d289 Faulting package full name: Faulting package-relative application ID: Error: (09/09/2016 02:10:26 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbamservice.exe, version: 3.2.21.0, time stamp: 0x56bd3616 Faulting module name: mbamservice.exe, version: 3.2.21.0, time stamp: 0x56bd3616 Exception code: 0x40000015 Fault offset: 0x000ad2a6 Faulting process id: 0xbac Faulting application start time: 0x01d20a60d534454f Faulting application path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe Faulting module path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe Report Id: 1edc880c-dbf9-40ea-a705-4ea0a7f9b08a Faulting package full name: Faulting package-relative application ID: Error: (09/09/2016 01:09:46 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbamservice.exe, version: 3.2.21.0, time stamp: 0x56bd3616 Faulting module name: mbamservice.exe, version: 3.2.21.0, time stamp: 0x56bd3616 Exception code: 0x40000015 Fault offset: 0x000ad2a6 Faulting process id: 0xa90 Faulting application start time: 0x01d20a5858915bc9 Faulting application path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe Faulting module path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe Report Id: c7612572-3361-4579-8de5-0d4ca55c0cce Faulting package full name: Faulting package-relative application ID: Error: (09/09/2016 01:07:34 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbamservice.exe, version: 3.2.21.0, time stamp: 0x56bd3616 Faulting module name: mbamservice.exe, version: 3.2.21.0, time stamp: 0x56bd3616 Exception code: 0x40000015 Fault offset: 0x000ad2a6 Faulting process id: 0x1a68 Faulting application start time: 0x01d20a581268a6da Faulting application path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe Faulting module path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe Report Id: 6fab04f4-8ea7-4270-9e36-5d90c501e2af Faulting package full name: Faulting package-relative application ID: Error: (09/09/2016 01:07:32 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbamservice.exe, version: 3.2.21.0, time stamp: 0x56bd3616 Faulting module name: mbamservice.exe, version: 3.2.21.0, time stamp: 0x56bd3616 Exception code: 0x40000015 Fault offset: 0x000ad2a6 Faulting process id: 0x19f8 Faulting application start time: 0x01d20a581103b176 Faulting application path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe Faulting module path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe Report Id: 0545e7aa-092c-45fd-803c-3f939103ecd7 Faulting package full name: Faulting package-relative application ID: Error: (09/09/2016 01:07:26 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mbamservice.exe, version: 3.2.21.0, time stamp: 0x56bd3616 Faulting module name: mbamservice.exe, version: 3.2.21.0, time stamp: 0x56bd3616 Exception code: 0x40000015 Fault offset: 0x000ad2a6 Faulting process id: 0x1810 Faulting application start time: 0x01d20a580d97d672 Faulting application path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe Faulting module path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe Report Id: 7bca6649-6f4a-4dc3-b421-82f003e16b45 Faulting package full name: Faulting package-relative application ID: System errors: ============= Error: (09/09/2016 08:59:29 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (09/09/2016 08:49:21 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The MBAMService service terminated unexpectedly. It has done this 5 time(s). Error: (09/09/2016 08:48:59 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The MBAMService service terminated unexpectedly. It has done this 4 time(s). Error: (09/09/2016 08:48:57 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The MBAMService service terminated unexpectedly. It has done this 3 time(s). Error: (09/09/2016 08:48:49 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The MBAMService service terminated unexpectedly. It has done this 2 time(s). Error: (09/09/2016 02:11:13 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s). Error: (09/09/2016 02:11:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Net.Pipe Listener Adapter service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (09/09/2016 02:11:13 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the NetPipeActivator service to connect. Error: (09/09/2016 02:10:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The NetMsmqActivator service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (09/09/2016 02:10:49 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the NetMsmqActivator service to connect. CodeIntegrity: =================================== Date: 2016-09-09 02:10:05.424 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-09-09 01:09:10.793 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-09-09 00:29:07.099 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-09-09 00:00:00.999 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-09-08 23:45:27.199 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-09-08 23:32:39.577 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-09-08 23:07:48.367 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-09-08 22:51:47.611 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-09-08 21:59:00.133 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2016-09-08 19:25:52.694 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz Percentage of memory in use: 27% Total physical RAM: 8054.84 MB Available physical RAM: 5873.52 MB Total Virtual: 16246.84 MB Available Virtual: 13929.44 MB ==================== Drives ================================ Drive c: (TI105322W0F) (Fixed) (Total:453.08 GB) (Free:3.7 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: B9FF68F3) Partition 1: (Active) - (Size=1.5 GB) - (Type=27) Partition 2: (Not Active) - (Size=453.1 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=833 MB) - (Type=27) Partition 4: (Not Active) - (Size=10.4 GB) - (Type=17) ==================== End of Addition.txt ============================
  7. Thanks Broni! Pc working much better now! Thanks for all your help!
  8. Sophos scanned clean so I don't have a log for that. Here is other logs: Results of screen317's Security Check version 1.014 --- 12/23/15 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! COMODO Cloud Antivirus (On Access scanning disabled!) Error obtaining update status for antivirus! `````````Anti-malware/Other Utilities Check:````````` Secunia PSI (3.0.0.11005) Java 8 Update 101 Java version 32-bit out of Date! Adobe Reader XI Mozilla Firefox (48.0.1) Google Chrome (51.0.2704.103) Google Chrome (52.0.2743.116) Google Chrome (SetupMetrics...) ````````Process Check: objlist.exe by Laurent```````` COMODO COMODO Cloud Antivirus ccavsrv.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 2% ````````````````````End of Log`````````````````````` ------------------------------------------------------------------------------------------- Farbar Service Scanner Version: 27-01-2016 Ran by Hanna (administrator) on 27-08-2016 at 13:52:08 Running from "C:\Users\Hanna\Desktop" Microsoft Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => File is digitally signed C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed C:\Windows\System32\dhcpcore.dll => File is digitally signed C:\Windows\System32\drivers\afd.sys => File is digitally signed C:\Windows\System32\drivers\tdx.sys => File is digitally signed C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed C:\Windows\System32\dnsrslvr.dll => File is digitally signed C:\Windows\System32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\System32\mpssvc.dll => File is digitally signed C:\Windows\System32\bfe.dll => File is digitally signed C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed C:\Windows\System32\SDRSVC.dll => File is digitally signed C:\Windows\System32\vssvc.exe => File is digitally signed C:\Windows\System32\wscsvc.dll => File is digitally signed C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed C:\Windows\System32\wuaueng.dll => File is digitally signed C:\Windows\System32\qmgr.dll => File is digitally signed C:\Windows\System32\es.dll => File is digitally signed C:\Windows\System32\cryptsvc.dll => File is digitally signed C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed C:\Windows\System32\ipnathlp.dll => File is digitally signed C:\Windows\System32\iphlpsvc.dll => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed **** End of log ****
  9. Ok Mcafee removed. Here is FRST fix log: Fix result of Farbar Recovery Scan Tool (x64) Version: 21-08-2016 01 Ran by Hanna (27-08-2016 12:37:58) Run:1 Running from C:\Users\Hanna\Desktop Loaded Profiles: Hanna (Available Profiles: Hanna) Boot Mode: Normal ============================================== fixlist content: ***************** HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-2353525251-3153904798-3974892558-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION 2016-07-27 23:54 - 2016-07-27 23:54 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc C:\Users\Hanna\AppData\Local\Temp\dllnt_dump.dll Task: {B46291B0-9954-47A3-8AC5-C99CB6BE2AD6} - System32\Tasks\{1C35AF9C-4102-EB46-2DC1-514C7A9A651C} => C:\Users\Hanna\AppData\Roaming\PRICEF~1\PRICEF~1.EXE <==== ATTENTION C:\Users\Hanna\AppData\Roaming\PRICEF~1 ***************** "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully "HKU\S-1-5-21-2353525251-3153904798-3974892558-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc => moved successfully C:\Users\Hanna\AppData\Local\Temp\dllnt_dump.dll => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B46291B0-9954-47A3-8AC5-C99CB6BE2AD6}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B46291B0-9954-47A3-8AC5-C99CB6BE2AD6}" => key removed successfully C:\Windows\System32\Tasks\{1C35AF9C-4102-EB46-2DC1-514C7A9A651C} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1C35AF9C-4102-EB46-2DC1-514C7A9A651C}" => key removed successfully "C:\Users\Hanna\AppData\Roaming\PRICEF~1" => not found. ==== End of Fixlog 12:37:58 ====
  10. Ok, scan finished here is the logs: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-08-2016 01 Ran by Hanna (administrator) on HANNA-PC (26-08-2016 11:54:29) Running from C:\Users\Hanna\Desktop Loaded Profiles: Hanna (Available Profiles: Hanna) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (Camshare Inc.) C:\Program Files (x86)\Camfrog\Camfrog Video Chat\update\cf_update_service.exe (COMODO) C:\Program Files (x86)\COMODO\COMODO Cloud Antivirus\ccavsrv.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (COMODO) C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (COMODO) C:\Program Files (x86)\COMODO\COMODO Cloud Antivirus\ccavsrv.exe (COMODO) C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-15] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1767944 2016-06-15] (NVIDIA Corporation) HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" HKLM-x32\...\Run: [CCAV] => C:\Program Files (x86)\COMODO\COMODO Cloud Antivirus\ccavsrv.exe [5162192 2016-08-25] (COMODO) HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe [3170504 2016-08-17] (COMODO) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [23889496 2016-08-24] (Dropbox, Inc.) HKU\S-1-5-21-2353525251-3153904798-3974892558-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2857248 2016-08-24] (Valve Corporation) HKU\S-1-5-21-2353525251-3153904798-3974892558-1000\...\Policies\Explorer: [] ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2014-04-15] (Autodesk, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.42.dll [2016-08-24] (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{9B600081-1220-4ADF-A474-73AD8682340D}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-2353525251-3153904798-3974892558-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-2353525251-3153904798-3974892558-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-07-31] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-31] (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-07-31] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-31] (Oracle Corporation) FireFox: ======== FF ProfilePath: C:\Users\Hanna\AppData\Roaming\Mozilla\Firefox\Profiles\ieovjxsy.default FF Homepage: hxxp://google.com FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-31] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-31] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-31] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-31] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-06-03] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-06-03] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-06-24] (Adobe Systems Inc.) Chrome: ======= CHR Profile: C:\Users\Hanna\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Slaid Google) - C:\Users\Hanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-23] CHR Extension: (Dokumen Google) - C:\Users\Hanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-23] CHR Extension: (Google Drive) - C:\Users\Hanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-23] CHR Extension: (YouTube) - C:\Users\Hanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-23] CHR Extension: (Helaian Google) - C:\Users\Hanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-23] CHR Extension: (Dokumen Google Luar Talian) - C:\Users\Hanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-23] CHR Extension: (Chrome Web Store Payments) - C:\Users\Hanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-23] CHR Extension: (Gmail) - C:\Users\Hanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-23] CHR Extension: (Chrome Media Router) - C:\Users\Hanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-19] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [31192 2014-02-07] (Autodesk, Inc.) R2 camfrog_update_service; C:\Program Files (x86)\Camfrog\Camfrog Video Chat\update\cf_update_service.exe [1063968 2016-03-15] (Camshare Inc.) R2 ccavsrv; C:\Program Files (x86)\COMODO\COMODO Cloud Antivirus\ccavsrv.exe [5162192 2016-08-25] (COMODO) S4 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-06-23] (Dropbox, Inc.) S4 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-06-23] (Dropbox, Inc.) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-15] (NVIDIA Corporation) R2 isesrv; C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe [124104 2016-08-17] (COMODO) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes) R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382488 2016-01-26] (McAfee, Inc.) S3 mfevtp; C:\Windows\system32\mfevtps.exe [279488 2016-01-26] (McAfee, Inc.) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-15] (NVIDIA Corporation) R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-15] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-15] (NVIDIA Corporation) S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1570520 2016-02-02] (Secunia) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7248144 2016-08-09] (TeamViewer GmbH) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R0 cmdccav; C:\Windows\System32\drivers\CmdCCAV.sys [150056 2016-08-25] (COMODO) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation) R1 isedrv; C:\Windows\system32\drivers\isedrv.sys [48800 2016-08-17] (COMODO) R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-15] (Visicom Media Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-08-26] (Malwarebytes) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation) R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-15] (Visicom Media Inc.) R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [422184 2016-01-29] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [351656 2016-01-29] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [847608 2016-01-29] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [245096 2016-01-29] (McAfee, Inc.) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-15] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-06-03] (NVIDIA Corporation) S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2016-02-02] (Secunia) U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-08-25] () ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-08-26 11:54 - 2016-08-26 11:55 - 00017385 _____ C:\Users\Hanna\Desktop\FRST.txt 2016-08-25 22:26 - 2016-08-25 22:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO 2016-08-25 12:50 - 2016-08-25 12:50 - 00031797 _____ C:\Users\Hanna\Desktop\combo.txt 2016-08-25 12:41 - 2016-08-25 12:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2016-08-25 12:20 - 2016-08-25 12:20 - 00031797 _____ C:\ComboFix.txt 2016-08-25 12:05 - 2016-08-25 12:20 - 00000000 ____D C:\Qoobox 2016-08-25 12:05 - 2011-06-26 14:45 - 00256000 _____ C:\Windows\PEV.exe 2016-08-25 12:05 - 2010-11-08 01:20 - 00208896 _____ C:\Windows\MBR.exe 2016-08-25 12:05 - 2009-04-20 12:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2016-08-25 12:05 - 2000-08-31 08:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2016-08-25 12:05 - 2000-08-31 08:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2016-08-25 12:05 - 2000-08-31 08:00 - 00098816 _____ C:\Windows\sed.exe 2016-08-25 12:05 - 2000-08-31 08:00 - 00080412 _____ C:\Windows\grep.exe 2016-08-25 12:05 - 2000-08-31 08:00 - 00068096 _____ C:\Windows\zip.exe 2016-08-25 12:04 - 2016-08-25 12:17 - 00000000 ____D C:\Windows\erdnt 2016-08-25 11:57 - 2016-08-25 11:58 - 05659484 ____R (Swearware) C:\Users\Hanna\Desktop\ComboFix.exe 2016-08-25 10:23 - 2016-08-25 10:23 - 00599208 _____ (COMODO) C:\Windows\system32\CcavGuard64.dll 2016-08-25 10:22 - 2016-08-25 10:22 - 00460456 _____ (COMODO) C:\Windows\SysWOW64\CcavGuard32.dll 2016-08-25 10:22 - 2016-08-25 10:22 - 00150056 _____ (COMODO) C:\Windows\system32\Drivers\CmdCCAV.sys 2016-08-25 07:47 - 2016-08-25 07:47 - 00000000 ____D C:\Users\Hanna\AppData\Local\CrashRpt 2016-08-25 06:06 - 2016-08-25 06:06 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys 2016-08-25 05:25 - 2016-08-25 05:25 - 00000858 _____ C:\Users\Public\Desktop\RogueKiller.lnk 2016-08-25 05:25 - 2016-08-25 05:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller 2016-08-25 05:25 - 2016-08-25 05:25 - 00000000 ____D C:\Program Files\RogueKiller 2016-08-25 05:22 - 2016-08-25 05:22 - 00000000 ____D C:\ProgramData\RogueKiller 2016-08-25 05:06 - 2016-08-25 05:07 - 01610560 _____ (Malwarebytes) C:\Users\Hanna\Desktop\JRT.exe 2016-08-24 23:54 - 2016-08-25 00:01 - 31926992 _____ (Adlice Software ) C:\Users\Hanna\Downloads\setup.exe 2016-08-24 09:33 - 2016-08-24 09:33 - 525085372 _____ C:\Windows\MEMORY.DMP 2016-08-24 09:33 - 2016-08-24 09:33 - 00405744 _____ C:\Windows\Minidump\082416-16317-01.dmp 2016-08-24 09:33 - 2016-08-24 09:33 - 00000000 ____D C:\Windows\Minidump 2016-08-24 07:59 - 2016-08-24 08:01 - 03784256 _____ C:\Users\Hanna\Desktop\adwcleaner_6.000.exe 2016-08-24 06:37 - 2016-08-26 11:54 - 00000000 ____D C:\FRST 2016-08-24 06:31 - 2016-08-24 06:31 - 02396672 _____ (Farbar) C:\Users\Hanna\Desktop\FRST64.exe 2016-08-24 06:04 - 2016-08-24 06:04 - 00001374 _____ C:\Users\Hanna\Desktop\ManyCam - Shortcut.lnk 2016-08-24 06:00 - 2016-08-25 22:21 - 00000000 ____D C:\Users\Hanna\AppData\Local\ManyCam 2016-08-24 05:59 - 2016-08-24 05:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManyCam 2016-08-24 05:58 - 2016-08-24 06:01 - 00000000 ____D C:\ProgramData\ManyCam 2016-08-24 05:58 - 2016-08-24 05:58 - 00000000 ____D C:\Users\Hanna\AppData\Roaming\ManyCam 2016-08-24 05:18 - 2016-08-24 05:18 - 00001033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk 2016-08-24 05:18 - 2016-08-24 05:18 - 00000000 ____D C:\Program Files (x86)\Secunia 2016-08-24 05:00 - 2016-08-24 05:00 - 04002104 _____ (Secunia) C:\Users\Hanna\Downloads\PSISetup.exe 2016-08-23 23:56 - 2016-08-24 00:00 - 00448512 _____ (OldTimer Tools) C:\Users\Hanna\Desktop\TFC.exe 2016-08-23 09:01 - 2016-08-26 11:54 - 00110032 _____ C:\Windows\system32\Drivers\ccavsfi.dat 2016-08-23 07:42 - 2016-08-23 09:33 - 00000000 ____D C:\AdwCleaner 2016-08-23 06:41 - 2016-08-17 15:58 - 00300600 _____ (COMODO) C:\Windows\system32\iseguard64.dll 2016-08-23 06:41 - 2016-08-17 15:57 - 00230464 _____ (COMODO) C:\Windows\SysWOW64\iseguard32.dll 2016-08-23 06:41 - 2016-08-17 15:57 - 00048800 _____ (COMODO) C:\Windows\system32\Drivers\isedrv.sys 2016-08-23 06:40 - 2016-08-25 22:26 - 00002075 _____ C:\Users\Public\Desktop\COMODO Cloud Antivirus.lnk 2016-08-23 06:40 - 2016-08-25 22:26 - 00000000 ____D C:\Program Files (x86)\COMODO 2016-08-23 06:39 - 2016-08-23 06:50 - 00000000 ____D C:\ProgramData\COMODO 2016-08-23 06:18 - 2016-08-23 06:20 - 06251792 _____ (COMODO) C:\Users\Hanna\Downloads\ccav_installer.exe 2016-08-23 04:34 - 2016-08-26 11:46 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-08-23 04:34 - 2016-08-23 04:34 - 00001066 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-08-23 04:34 - 2016-08-23 04:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-08-23 04:34 - 2016-08-23 04:34 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-08-23 04:34 - 2016-08-23 04:34 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-08-23 04:34 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2016-08-23 04:34 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2016-08-23 04:34 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2016-08-22 21:51 - 2016-08-22 21:55 - 22851472 _____ (Malwarebytes ) C:\Users\Hanna\Downloads\mbam-setup-2.2.1.1043.exe 2016-08-22 12:07 - 2016-08-22 12:14 - 00000000 ____D C:\Users\Hanna\AppData\Local\Mozilla 2016-08-22 12:07 - 2016-08-22 12:08 - 00000000 ____D C:\Users\Hanna\AppData\Roaming\Mozilla 2016-08-22 12:07 - 2016-08-22 12:07 - 00001123 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2016-08-22 12:07 - 2016-08-22 12:07 - 00001111 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2016-08-22 12:07 - 2016-08-22 12:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-08-22 12:07 - 2016-08-22 12:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-08-22 11:59 - 2016-08-22 11:59 - 00242160 _____ C:\Users\Hanna\Downloads\Firefox Setup Stub 48.0.1 (1).exe 2016-08-22 11:57 - 2016-08-22 11:57 - 00242160 _____ C:\Users\Hanna\Downloads\Firefox Setup Stub 48.0.1.exe 2016-08-19 10:41 - 2016-08-19 10:41 - 00603640 _____ (Visicom Media inc.) C:\Users\Hanna\Downloads\ManyCamWebInstaller (1).exe 2016-08-17 15:26 - 2016-07-08 23:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2016-08-17 15:26 - 2016-07-08 23:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2016-08-14 18:33 - 2016-08-14 18:33 - 00000000 ____D C:\ShadowPlay 2016-08-10 13:12 - 2016-08-02 22:08 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2016-08-10 13:12 - 2016-08-02 14:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2016-08-10 13:12 - 2016-08-02 14:31 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2016-08-10 13:12 - 2016-08-02 14:23 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2016-08-10 13:12 - 2016-08-02 14:19 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2016-08-10 13:12 - 2016-08-02 14:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2016-08-10 13:12 - 2016-08-02 13:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2016-08-10 13:12 - 2016-08-02 13:54 - 20343808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-08-10 13:12 - 2016-08-02 13:51 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-08-10 13:12 - 2016-08-02 13:51 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2016-08-10 13:12 - 2016-08-02 13:50 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2016-08-10 13:12 - 2016-08-02 13:44 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2016-08-10 13:12 - 2016-08-02 13:38 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2016-08-10 13:12 - 2016-08-02 13:29 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2016-08-10 13:12 - 2016-08-02 13:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2016-08-10 13:12 - 2016-08-02 13:25 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2016-08-10 13:12 - 2016-08-02 13:24 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2016-08-10 13:12 - 2016-08-02 13:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2016-08-10 13:12 - 2016-08-02 13:15 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-08-10 13:12 - 2016-08-02 12:53 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-08-10 13:11 - 2016-08-02 22:54 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2016-08-10 13:11 - 2016-08-02 14:54 - 25808384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-08-10 13:11 - 2016-08-02 14:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2016-08-10 13:11 - 2016-08-02 14:32 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-08-10 13:11 - 2016-08-02 14:32 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2016-08-10 13:11 - 2016-08-02 14:31 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-08-10 13:11 - 2016-08-02 14:31 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2016-08-10 13:11 - 2016-08-02 14:31 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2016-08-10 13:11 - 2016-08-02 14:24 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2016-08-10 13:11 - 2016-08-02 14:20 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2016-08-10 13:11 - 2016-08-02 14:19 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2016-08-10 13:11 - 2016-08-02 14:18 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-08-10 13:11 - 2016-08-02 14:18 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-08-10 13:11 - 2016-08-02 14:18 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2016-08-10 13:11 - 2016-08-02 14:11 - 00969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2016-08-10 13:11 - 2016-08-02 14:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2016-08-10 13:11 - 2016-08-02 14:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2016-08-10 13:11 - 2016-08-02 13:56 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2016-08-10 13:11 - 2016-08-02 13:55 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-08-10 13:11 - 2016-08-02 13:53 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2016-08-10 13:11 - 2016-08-02 13:51 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2016-08-10 13:11 - 2016-08-02 13:51 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2016-08-10 13:11 - 2016-08-02 13:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2016-08-10 13:11 - 2016-08-02 13:47 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2016-08-10 13:11 - 2016-08-02 13:45 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2016-08-10 13:11 - 2016-08-02 13:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2016-08-10 13:11 - 2016-08-02 13:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-08-10 13:11 - 2016-08-02 13:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2016-08-10 13:11 - 2016-08-02 13:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2016-08-10 13:11 - 2016-08-02 13:40 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2016-08-10 13:11 - 2016-08-02 13:38 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-08-10 13:11 - 2016-08-02 13:37 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2016-08-10 13:11 - 2016-08-02 13:36 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-08-10 13:11 - 2016-08-02 13:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2016-08-10 13:11 - 2016-08-02 13:28 - 15412224 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-08-10 13:11 - 2016-08-02 13:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2016-08-10 13:11 - 2016-08-02 13:23 - 02868224 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-08-10 13:11 - 2016-08-02 13:21 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-08-10 13:11 - 2016-08-02 13:16 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2016-08-10 13:11 - 2016-08-02 13:14 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2016-08-10 13:11 - 2016-08-02 13:14 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2016-08-10 13:11 - 2016-08-02 13:11 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-08-10 13:11 - 2016-08-02 13:10 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-08-10 13:11 - 2016-08-02 12:59 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-08-10 13:11 - 2016-08-02 12:56 - 02393088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-08-10 13:11 - 2016-08-02 12:51 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2016-08-10 13:01 - 2016-07-08 23:37 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2016-08-10 13:01 - 2016-07-08 23:37 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2016-08-10 13:01 - 2016-07-08 23:32 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2016-08-10 13:01 - 2016-07-08 23:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2016-08-10 13:01 - 2016-07-08 23:32 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2016-08-10 13:01 - 2016-07-08 23:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2016-08-10 13:01 - 2016-07-08 23:32 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2016-08-10 13:01 - 2016-07-08 23:32 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2016-08-10 13:01 - 2016-07-08 23:32 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2016-08-10 13:01 - 2016-07-08 23:32 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2016-08-10 13:01 - 2016-07-08 23:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2016-08-10 13:01 - 2016-07-08 23:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2016-08-10 13:01 - 2016-07-08 23:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2016-08-10 13:01 - 2016-07-08 23:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2016-08-10 13:01 - 2016-07-08 23:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2016-08-10 13:01 - 2016-07-08 23:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2016-08-10 13:01 - 2016-07-08 23:32 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2016-08-10 13:01 - 2016-07-08 23:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2016-08-10 13:01 - 2016-07-08 23:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2016-08-10 13:01 - 2016-07-08 23:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2016-08-10 13:01 - 2016-07-08 23:17 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2016-08-10 13:01 - 2016-07-08 23:17 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2016-08-10 13:01 - 2016-07-08 23:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2016-08-10 13:01 - 2016-07-08 23:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2016-08-10 13:01 - 2016-07-08 23:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2016-08-10 13:01 - 2016-07-08 23:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2016-08-10 13:01 - 2016-07-08 23:16 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2016-08-10 13:01 - 2016-07-08 23:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2016-08-10 13:01 - 2016-07-08 23:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2016-08-10 13:01 - 2016-07-08 23:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2016-08-10 13:01 - 2016-07-08 23:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll 2016-08-10 13:01 - 2016-07-08 23:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2016-08-10 13:01 - 2016-07-08 23:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2016-08-10 13:01 - 2016-07-08 23:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2016-08-10 13:01 - 2016-07-08 23:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2016-08-10 13:01 - 2016-07-08 23:03 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2016-08-10 13:01 - 2016-07-08 22:57 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2016-08-10 13:01 - 2016-07-08 22:56 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2016-08-10 13:01 - 2016-07-08 22:56 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2016-08-10 13:01 - 2016-07-08 22:55 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2016-08-10 13:01 - 2016-07-08 22:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2016-08-10 13:01 - 2016-07-08 22:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2016-08-10 12:57 - 2016-07-08 23:01 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-08-09 10:19 - 2016-08-09 10:19 - 00000000 ____D C:\Users\Hanna\AppData\Roaming\NVIDIA 2016-08-08 09:36 - 2016-08-08 09:36 - 00000000 ____D C:\Users\Hanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2016-08-08 09:32 - 2016-08-08 09:32 - 00000144 _____ C:\Windows\Sierra.ini 2016-08-08 09:32 - 2016-08-08 09:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra 2016-08-08 09:30 - 2016-08-08 09:30 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2016-08-08 09:30 - 2016-08-08 09:30 - 00000000 ____D C:\Sierra 2016-08-08 09:27 - 2016-08-08 09:28 - 00000000 ____D C:\Users\Hanna\Downloads\Emperor_Rise_of_the_Middle_Kingdom 2016-08-08 07:33 - 2016-08-08 09:25 - 661213913 _____ C:\Users\Hanna\Downloads\Emperor_Rise_of_the_Middle_Kingdom.zip 2016-07-31 21:01 - 2016-07-31 21:00 - 00110144 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-64.dll 2016-07-30 22:21 - 2016-07-30 22:21 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2016-07-29 23:30 - 2016-07-30 22:46 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2016-07-29 23:30 - 2016-07-29 23:30 - 00001979 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk 2016-07-29 23:30 - 2016-07-29 23:30 - 00000000 ____D C:\Program Files (x86)\Adobe 2016-07-29 23:29 - 2016-07-30 22:20 - 00000000 ____D C:\ProgramData\Adobe 2016-07-29 23:14 - 2016-07-29 23:14 - 01202888 _____ (Adobe Systems Incorporated) C:\Users\Hanna\Downloads\reader11_en_xa_install.exe 2016-07-28 18:41 - 2016-07-28 18:41 - 00001055 _____ C:\Users\Public\Desktop\StarCraft II.lnk 2016-07-28 18:41 - 2016-07-28 18:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II 2016-07-28 11:49 - 2016-08-23 20:34 - 00000000 ____D C:\Program Files (x86)\StarCraft II 2016-07-28 11:49 - 2016-08-09 13:03 - 00000000 ____D C:\Users\Hanna\Documents\StarCraft II 2016-07-28 08:45 - 2016-07-28 08:45 - 00000000 ____D C:\ProgramData\FLEXnet 2016-07-28 01:03 - 2016-08-13 15:09 - 00000000 ____D C:\Users\Hanna\Documents\Autodesk Application Manager 2016-07-28 00:57 - 2016-07-28 00:57 - 00002039 _____ C:\Users\Public\Desktop\Autodesk ReCap.lnk 2016-07-28 00:49 - 2016-07-28 00:49 - 00002098 _____ C:\Users\Public\Desktop\AutoCAD 2015 - English.lnk 2016-07-28 00:49 - 2016-07-28 00:49 - 00000000 ____D C:\Users\Hanna\Documents\Inventor Server SDK ACAD 2015 2016-07-28 00:23 - 2016-08-09 09:30 - 00000000 ____D C:\Users\Hanna\AppData\Local\Autodesk 2016-07-28 00:20 - 2016-07-28 00:20 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared 2016-07-28 00:16 - 2016-07-28 01:03 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared 2016-07-28 00:16 - 2016-07-28 00:16 - 00000000 ____D C:\Users\Public\Documents\Autodesk 2016-07-27 23:54 - 2016-07-27 23:54 - 00000153 _____ C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc 2016-07-27 23:54 - 2016-07-27 23:54 - 00000000 ____D C:\Program Files (x86)\Autodesk 2016-07-27 23:51 - 2016-08-22 11:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk 2016-07-27 23:51 - 2016-07-28 00:57 - 00000000 ____D C:\Program Files\Autodesk 2016-07-27 23:51 - 2016-07-27 23:51 - 00001219 _____ C:\Users\Public\Desktop\LMTOOLS Utility.lnk 2016-07-27 23:43 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll 2016-07-27 23:43 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll 2016-07-27 23:43 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll 2016-07-27 23:43 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll 2016-07-27 23:43 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll 2016-07-27 23:43 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll 2016-07-27 23:43 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll 2016-07-27 23:43 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll 2016-07-27 23:43 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll 2016-07-27 23:43 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll 2016-07-27 23:42 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll 2016-07-27 23:42 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll 2016-07-27 23:42 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll 2016-07-27 23:42 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll 2016-07-27 23:42 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll 2016-07-27 23:42 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll 2016-07-27 23:42 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll 2016-07-27 23:42 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll 2016-07-27 23:38 - 2016-08-22 11:52 - 00000000 ____D C:\ProgramData\Autodesk 2016-07-27 23:38 - 2016-08-09 09:50 - 00000000 ____D C:\Users\Hanna\AppData\Roaming\Autodesk 2016-07-27 23:38 - 2016-07-27 23:38 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-08-26 11:53 - 2009-07-14 12:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-08-26 11:53 - 2009-07-14 12:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-08-26 11:46 - 2016-06-24 10:14 - 00000000 ____D C:\Program Files (x86)\Steam 2016-08-26 11:46 - 2016-06-23 22:23 - 00000960 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job 2016-08-26 11:46 - 2016-06-23 09:56 - 00001004 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-08-26 11:45 - 2016-06-24 11:06 - 00000000 ____D C:\ProgramData\NVIDIA 2016-08-26 11:45 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-08-26 11:28 - 2016-06-23 22:23 - 00000964 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job 2016-08-26 11:12 - 2016-06-23 09:56 - 00001008 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-08-26 11:02 - 2016-06-25 20:37 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-08-25 22:43 - 2016-06-23 09:33 - 00000000 ____D C:\Users\Hanna\AppData\Roaming\Camfrog 2016-08-25 12:41 - 2016-06-23 22:23 - 00000000 ____D C:\Program Files (x86)\Dropbox 2016-08-25 12:16 - 2009-07-14 10:34 - 00000215 _____ C:\Windows\system.ini 2016-08-25 07:41 - 2016-06-23 22:49 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2016-08-24 06:03 - 2016-07-14 15:14 - 00000000 ____D C:\Program Files (x86)\ManyCam 2016-08-24 05:59 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\inf 2016-08-24 04:47 - 2016-06-24 00:11 - 00000000 ___RD C:\Users\Hanna\Dropbox 2016-08-24 04:46 - 2016-06-23 22:23 - 00000000 ____D C:\Users\Hanna\AppData\Local\Dropbox 2016-08-24 03:53 - 2016-06-24 00:19 - 00000000 ____D C:\Users\Hanna\AppData\Roaming\vlc 2016-08-23 21:36 - 2016-07-04 20:25 - 00000000 ____D C:\Users\Hanna\AppData\Local\Battle.net 2016-08-23 20:25 - 2016-07-04 19:52 - 00000000 ____D C:\Program Files (x86)\Battle.net 2016-08-23 09:32 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\NDF 2016-08-22 13:26 - 2009-07-14 13:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI 2016-08-21 05:53 - 2016-06-25 20:37 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job 2016-08-19 03:01 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\rescache 2016-08-15 22:54 - 2016-06-23 22:49 - 00000931 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk 2016-08-15 22:00 - 2016-06-24 22:13 - 00000000 ____D C:\Users\Hanna\AppData\Local\CrashDumps 2016-08-14 08:41 - 2016-07-19 09:12 - 00000000 ____D C:\Program Files (x86)\Diablo III 2016-08-11 23:10 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\LiveKernelReports 2016-08-11 03:27 - 2009-07-14 12:45 - 00341776 _____ C:\Windows\system32\FNTCACHE.DAT 2016-08-11 03:10 - 2016-06-28 19:41 - 00000000 ____D C:\Windows\system32\MRT 2016-08-11 03:01 - 2016-06-28 19:41 - 147640136 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-08-08 13:44 - 2016-06-23 02:35 - 00000000 ____D C:\Users\Hanna\AppData\Local\VirtualStore 2016-08-05 09:17 - 2016-06-23 10:12 - 00002145 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-08-05 09:17 - 2016-06-23 10:12 - 00002133 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-08-03 06:13 - 2016-07-01 01:18 - 00000000 ____D C:\Users\Hanna\AppData\Local\ElevatedDiagnostics 2016-08-01 10:23 - 2016-07-04 20:25 - 00000000 ____D C:\Users\Hanna\AppData\Local\Blizzard Entertainment 2016-08-01 10:21 - 2016-07-04 20:25 - 00000000 ____D C:\ProgramData\Blizzard Entertainment 2016-07-31 21:26 - 2016-06-23 21:00 - 00000000 ____D C:\ProgramData\Oracle 2016-07-31 21:02 - 2016-06-24 14:52 - 00000000 ____D C:\Program Files (x86)\Java 2016-07-31 21:01 - 2016-06-23 21:00 - 00000000 ____D C:\Users\Hanna\.oracle_jre_usage 2016-07-31 21:01 - 2016-06-23 21:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2016-07-31 21:01 - 2016-06-23 21:00 - 00000000 ____D C:\Program Files\Java 2016-07-31 21:00 - 2016-06-23 21:00 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2016-07-31 20:59 - 2016-06-24 14:53 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2016-07-29 23:14 - 2016-06-24 22:01 - 00000000 ____D C:\Users\Hanna\AppData\Local\Adobe 2016-07-29 04:07 - 2016-06-23 09:56 - 00004004 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-07-29 04:07 - 2016-06-23 09:56 - 00003752 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2016-07-28 01:03 - 2016-06-24 18:04 - 00000000 ____D C:\ProgramData\Package Cache 2016-07-28 00:50 - 2016-06-23 09:31 - 00090032 _____ C:\Users\Hanna\AppData\Local\GDIPFONTCACHEV1.DAT 2016-07-28 00:49 - 2009-07-14 13:32 - 00000000 ____D C:\Windows\Downloaded Program Files 2016-07-27 23:40 - 2009-07-14 11:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared ==================== Files in the root of some directories ======= 2016-07-27 23:54 - 2016-07-27 23:54 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc Some files in TEMP: ==================== C:\Users\Hanna\AppData\Local\Temp\dllnt_dump.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-08-19 02:54 ==================== End of FRST.txt ============================ ----------------------------------------------------------------------------------------------------- Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-08-2016 01 Ran by Hanna (26-08-2016 11:55:26) Running from C:\Users\Hanna\Desktop Windows 7 Home Premium Service Pack 1 (X64) (2016-06-22 18:35:15) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2353525251-3153904798-3974892558-500 - Administrator - Disabled) Guest (S-1-5-21-2353525251-3153904798-3974892558-501 - Limited - Disabled) Hanna (S-1-5-21-2353525251-3153904798-3974892558-1000 - Administrator - Enabled) => C:\Users\Hanna HomeGroupUser$ (S-1-5-21-2353525251-3153904798-3974892558-1002 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: COMODO Cloud Antivirus (Enabled - Up to date) {D0CC7563-ABD2-DEBE-138E-FDD553335AF2} AS: COMODO Sandbox (Disabled - Up to date) {6BAD9487-8DE8-D130-293E-C6A728B4104F} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 22 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated) Adobe Reader XI (11.0.17) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.17 - Adobe Systems Incorporated) AutoCAD 2015 - English (Version: 20.0.51.0 - Autodesk) Hidden AutoCAD 2015 Help - English (Version: 20.0.51.0 - Autodesk) Hidden AutoCAD 2015 Language Pack - English (Version: 20.0.51.0 - Autodesk) Hidden Autodesk App Manager (HKLM-x32\...\{C8125548-F2D5-4059-823F-1F3C5BBD9F19}) (Version: 1.2.0 - Autodesk) Autodesk AutoCAD 2015 - English (HKLM\...\AutoCAD 2015 - English) (Version: 20.0.51.0 - Autodesk) Autodesk AutoCAD 2015 Help - English (HKLM\...\AutoCAD 2015 Help - English) (Version: 20.0.51.0 - Autodesk) Autodesk AutoCAD Performance Feedback Tool Version 1.2.2 (HKLM-x32\...\{85735431-6CD3-4B16-BEC8-95332034E53B}) (Version: 1.2.2.0 - Autodesk) Autodesk BIM 360 Glue AutoCAD 2015 Add-in 64 bit (HKLM\...\{9D589081-AFC2-4932-9071-AC585AC1EA83}) (Version: 3.32.3004 - Autodesk) Autodesk CAD Manager Tools (HKLM\...\{5783F2D7-0111-0409-0110-0060B0CE6BBA}) (Version: 16.0.0.65 - Autodesk) Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.2.0.0 - Autodesk) Autodesk Content Service (x32 Version: 3.2.0.0 - Autodesk) Hidden Autodesk Content Service Language Pack (x32 Version: 3.2.0.0 - Autodesk) Hidden Autodesk Featured Apps (HKLM-x32\...\{EDDEE94B-214D-4B07-9727-A3E46F3E379A}) (Version: 1.2.0 - Autodesk) Autodesk Material Library 2015 (HKLM-x32\...\{427F733F-4D6C-45BC-9324-EB743104C321}) (Version: 5.2.9.100 - Autodesk) Autodesk Material Library Base Resolution Image Library 2015 (HKLM-x32\...\{ABE2F70B-8D94-44E9-AA04-F0DB35063D62}) (Version: 5.2.9.100 - Autodesk) Autodesk Network License Manager (HKLM\...\{4BE91685-1632-47FC-B563-A8A542C6664C}) (Version: 11.12.0 - Autodesk) Autodesk ReCap (HKLM\...\Autodesk ReCap) (Version: 1.3.1.39 - Autodesk) Autodesk ReCap (Version: 1.3.1.39 - Autodesk) Hidden CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden Camfrog Video Chat 6.11 (HKLM-x32\...\Camfrog) (Version: 6.11.549 - Camshare, Inc.) COMODO Cloud Antivirus (HKLM-x32\...\COMODO Cloud Antivirus_list_uninstall) (Version: 1.5.398119.328 - COMODO) COMODO Cloud Antivirus (x32 Version: 1.5.328.0 - COMODO) Hidden Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment) Dota 2 (HKLM\...\Steam App 570) (Version: - Valve) Dropbox (HKLM-x32\...\Dropbox) (Version: 8.4.21 - Dropbox, Inc.) Dropbox Update Helper (x32 Version: 1.3.45.1 - Dropbox, Inc.) Hidden Emperor: Rise of the Middle Kingdom (HKLM-x32\...\{821DABD6-26F2-49E5-AE55-40A589ADBE6D}) (Version: - ) erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.) Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden Internet Security Essentials (HKLM-x32\...\ComodoIse) (Version: 1.1.397428.24 - Comodo) Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation) Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation) Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) ManyCam 4.1.0 (HKLM-x32\...\ManyCam) (Version: 4.1.0 - Visicom Media Inc.) Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Mozilla Firefox 48.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 48.0.1 (x86 en-US)) (Version: 48.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.1 - Mozilla) NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation) NVIDIA 3D Vision Driver 368.39 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 368.39 - NVIDIA Corporation) NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation) NVIDIA Graphics Driver 368.39 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 368.39 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.34.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.14 - NVIDIA Corporation) NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation) RogueKiller version 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software) Secunia PSI (3.0.0.11005) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.11005 - Secunia) SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 2.11.4.0 - NVIDIA Corporation) Hidden SketchUp Import (HKLM-x32\...\{C403E867-FCF1-432B-BCC1-8FFD40A10A6E}) (Version: 1.2.0 - Autodesk) StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.64630 - TeamViewer) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN) Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.) Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17323 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2353525251-3153904798-3974892558-1000_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-2353525251-3153904798-3974892558-1000_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-2353525251-3153904798-3974892558-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2015\en-US\acadficn.dll (Autodesk, Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {048C540D-3ACC-47E4-9936-04C67BC299CB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-23] (Google Inc.) Task: {14193DF9-29DC-45F5-8FA1-F218C8882967} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe [2016-07-14] (Adobe Systems Incorporated) Task: {1AFD00AE-D6E4-49B1-8A01-B082176B5860} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-06-23] (Dropbox, Inc.) Task: {5E2936EF-A4E6-4F5F-849C-0AFEFC83922B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-14] (Adobe Systems Incorporated) Task: {8B75D45E-39B0-4E15-8C1C-6D27D3170285} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated) Task: {A0369758-8D7C-4748-BBAD-470788E0906B} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-06-23] (Dropbox, Inc.) Task: {B46291B0-9954-47A3-8AC5-C99CB6BE2AD6} - System32\Tasks\{1C35AF9C-4102-EB46-2DC1-514C7A9A651C} => C:\Users\Hanna\AppData\Roaming\PRICEF~1\PRICEF~1.EXE <==== ATTENTION Task: {C2C57B2F-3907-4152-8AD5-A0B9110850AD} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {F2909B79-687A-4820-BCED-1A867D76102E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-23] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-06-24 18:24 - 2016-06-03 11:26 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2016-06-24 18:26 - 2016-06-15 04:03 - 00367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll 2016-06-24 18:26 - 2016-06-15 04:03 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll 2016-06-24 18:26 - 2016-06-15 04:03 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll 2016-06-24 18:26 - 2016-06-15 04:03 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll 2016-06-24 18:26 - 2016-06-15 04:03 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll 2016-06-24 18:26 - 2016-06-15 04:03 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll 2016-06-24 18:26 - 2016-06-15 04:03 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll 2016-06-24 18:26 - 2016-06-15 04:03 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll 2016-06-24 18:26 - 2016-06-15 04:03 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll 2016-06-24 18:26 - 2016-06-15 04:03 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll 2016-06-24 18:26 - 2016-06-15 04:03 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2016-06-25 11:36 - 2016-08-09 07:27 - 00785920 _____ () C:\Program Files (x86)\Steam\SDL2.dll 2016-06-25 11:36 - 2015-07-02 06:06 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll 2016-06-25 11:36 - 2015-07-02 06:06 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll 2016-06-25 11:36 - 2015-07-02 06:06 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll 2016-06-25 11:36 - 2016-08-24 03:33 - 02321184 _____ () C:\Program Files (x86)\Steam\video.dll 2016-06-25 11:36 - 2016-01-27 15:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll 2016-06-25 11:36 - 2016-01-27 15:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll 2016-06-25 11:36 - 2016-01-27 15:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll 2016-06-25 11:36 - 2016-01-27 15:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll 2016-06-25 11:36 - 2016-01-27 15:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll 2016-06-25 11:36 - 2016-08-24 03:33 - 00835360 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL 2016-06-25 11:36 - 2016-07-05 06:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll 2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll 2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll 2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll 2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll 2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll 2016-06-25 11:36 - 2016-08-05 04:56 - 49825056 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) HKU\S-1-5-21-2353525251-3153904798-3974892558-1000\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1" ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 10:34 - 2016-06-25 12:54 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2353525251-3153904798-3974892558-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Hanna\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: Autodesk Content Service => 2 MSCONFIG\Services: dbupdate => 2 MSCONFIG\Services: dbupdatem => 3 MSCONFIG\Services: FlexNet Licensing Service 64 => 3 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\startupreg: Dropbox => "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{FF092E04-D25E-4D2F-A3F3-57B9E61228BB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{EA73D585-5CD4-4EC4-BB19-F1020647524B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{E35CC08F-7CFB-443B-BA1A-25B3A384F88C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{D8C25251-6094-4849-AC01-CB05A9166902}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{21850165-6B43-4F04-B539-4F7B3656209B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{B2824062-98AA-4A4D-9564-32C7F2F53819}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{75413E2C-8675-4163-8D8F-DF5D186A976A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{8C5439FF-FA54-4EAB-ACE3-51111D4EFB27}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{5E5A0F09-C218-4E70-A6C7-A47AF9A15966}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{FEBECEC9-C5E1-47E0-9DE3-B1668417C134}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{4809DDA0-E46C-44B8-ABDC-A5038F1D8ECD}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [TCP Query User{AFDF6392-4DC4-4474-A21B-F0E93714E130}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe] => (Allow) C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe FirewallRules: [UDP Query User{DFE12F7D-8301-47A6-9FA4-00302131C9E1}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe] => (Allow) C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe FirewallRules: [TCP Query User{C3931B49-7483-49C8-A7C6-1A36A2F7466F}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe] => (Allow) C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe FirewallRules: [UDP Query User{214249F7-FE5E-40A0-A7EA-F0959E9DF606}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe] => (Allow) C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe FirewallRules: [{4D66D214-72A0-4344-BF73-19562EB6EB9D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{279639FF-6197-4C98-B4A4-AB34E0C18725}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{94F50EF5-31A5-4D29-BEE1-90578528592F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{A19598BA-56C5-49E5-809E-DD7447060ABB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [TCP Query User{A666417D-83DE-426C-9516-FD2818B81B95}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe FirewallRules: [UDP Query User{89556781-296E-41CF-AFA4-2C9F2BD4474F}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe FirewallRules: [{0829652C-EA11-4516-BE2A-B234CDB05CF4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{AE9E9DF5-3C1E-418B-8245-D006ECF79B14}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{245E316A-3A9B-4BB5-A170-FA528C3028AE}] => (Allow) LPort=50248 FirewallRules: [TCP Query User{35E358A7-172F-46AE-B9E0-61ED6A7EB698}C:\program files (x86)\starcraft ii\versions\base44983\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base44983\sc2_x64.exe FirewallRules: [UDP Query User{E215D426-5D4A-4F12-9A10-D41BF98A91AE}C:\program files (x86)\starcraft ii\versions\base44983\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base44983\sc2_x64.exe FirewallRules: [{143B16E3-85D2-4FC1-8736-74392FAC08DB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{B2B589A4-C909-4844-B5CB-FFFA48C6C05D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{DF3603B6-7F14-4E88-BEFC-6C0AFB9B0834}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{65D273E7-7754-4691-825D-1A96C59360A2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{0B74481A-0BE1-4C64-99C3-966A0BFBC124}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{D94D15A2-9EE2-4772-90A9-0F691FAE2872}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{AAC6A394-A08D-4ED2-8917-9DB978AE911C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{3CFAA92C-A506-46F8-AACC-5B93A1348731}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe ==================== Restore Points ========================= 21-08-2016 19:00:14 Windows Backup 23-08-2016 06:39:56 Installed COMODO Cloud Antivirus 23-08-2016 20:09:25 Windows Update 24-08-2016 05:58:57 Device Driver Package Install: Visicom Media Inc. Imaging devices 24-08-2016 05:59:34 Device Driver Package Install: Visicom Media Inc. Sound, video and game controllers 25-08-2016 06:53:41 JRT Pre-Junkware Removal 25-08-2016 22:24:23 Installed COMODO Cloud Antivirus ==================== Faulty Device Manager Devices ============= Name: SM Bus Controller Description: SM Bus Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Ethernet Controller Description: Ethernet Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (08/26/2016 11:46:48 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/25/2016 11:11:26 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/25/2016 10:20:24 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/25/2016 07:41:20 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/25/2016 07:33:56 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/25/2016 07:03:33 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/24/2016 08:50:23 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/24/2016 11:11:31 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/24/2016 09:35:36 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/24/2016 01:50:05 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (08/25/2016 11:09:45 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 23:07:33 on ‎25/‎08/‎2016 was unexpected. Error: (08/25/2016 10:25:34 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ccavsrv service. Error: (08/25/2016 10:18:40 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 12:54:13 on ‎25/‎08/‎2016 was unexpected. Error: (08/25/2016 12:16:51 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (08/25/2016 12:12:43 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (08/25/2016 07:38:13 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 40. Error: (08/25/2016 07:33:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Steam Client Service service failed to start due to the following error: %%1053 = The service did not respond to the start or control request in a timely fashion. Error: (08/25/2016 07:33:35 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect. Error: (08/25/2016 06:54:32 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The ccavsrv service terminated unexpectedly. It has done this 1 time(s). Error: (08/24/2016 08:48:39 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 20:45:23 on ‎24/‎08/‎2016 was unexpected. CodeIntegrity: =================================== Date: 2016-08-26 11:45:20.746 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-08-26 11:45:20.746 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CcavGuard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-08-25 23:09:59.667 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-08-25 23:09:59.667 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CcavGuard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-08-25 22:18:57.778 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-08-25 22:18:57.778 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CcavGuard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-08-25 12:18:24.557 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-08-25 12:18:24.542 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CcavGuard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-08-25 07:39:48.488 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-08-25 07:39:48.488 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CcavGuard64.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: AMD A6-3500 APU with Radeon(tm) HD Graphics Percentage of memory in use: 45% Total physical RAM: 4093.43 MB Available physical RAM: 2215.32 MB Total Virtual: 8185.04 MB Available Virtual: 6057.47 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:232.83 GB) (Free:137.49 GB) NTFS Drive d: () (Fixed) (Total:232.83 GB) (Free:24.42 GB) NTFS Drive e: (Feb 12 2014) (CDROM) (Total:3.73 GB) (Free:0 GB) UDF ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E3BD4EDE) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
  11. I did not need RKill. Here is Combofix log: ComboFix 16-08-21.02 - Hanna 25/08/2016 12:08:20.1.3 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.60.1033.18.4093.2592 [GMT 8:00] Running from: c:\users\Hanna\Desktop\ComboFix.exe AV: COMODO Cloud Antivirus *Enabled/Updated* {D0CC7563-ABD2-DEBE-138E-FDD553335AF2} SP: COMODO Sandbox *Disabled/Updated* {6BAD9487-8DE8-D130-293E-C6A728B4104F} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2016-07-25 to 2016-08-25 ))))))))))))))))))))))))))))))) . . 2016-08-25 04:16 . 2016-08-25 04:16 -------- d-----w- c:\users\Default\AppData\Local\temp 2016-08-25 04:14 . 2016-08-25 04:14 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{98554866-F625-4059-9914-EF205A46F531}\offreg.4316.dll 2016-08-24 23:47 . 2016-08-24 23:47 -------- d-----w- c:\users\Hanna\AppData\Local\CrashRpt 2016-08-24 22:06 . 2016-08-24 22:06 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys 2016-08-24 21:25 . 2016-08-24 21:25 -------- d-----w- c:\program files\RogueKiller 2016-08-24 21:22 . 2016-08-24 21:22 -------- d-----w- c:\programdata\RogueKiller 2016-08-23 22:37 . 2016-08-23 22:40 -------- d-----w- C:\FRST 2016-08-23 22:00 . 2016-08-24 23:42 -------- d-----w- c:\users\Hanna\AppData\Local\ManyCam 2016-08-23 21:58 . 2016-08-23 21:58 -------- d-----w- c:\users\Hanna\AppData\Roaming\ManyCam 2016-08-23 21:58 . 2016-08-23 22:01 -------- d-----w- c:\programdata\ManyCam 2016-08-23 21:26 . 2016-08-23 21:26 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{98554866-F625-4059-9914-EF205A46F531}\offreg.3516.dll 2016-08-23 21:18 . 2016-08-23 21:18 -------- d-----w- c:\program files (x86)\Secunia 2016-08-23 12:09 . 2016-08-02 22:36 11847048 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{98554866-F625-4059-9914-EF205A46F531}\mpengine.dll 2016-08-22 23:42 . 2016-08-23 01:33 -------- d-----w- C:\AdwCleaner 2016-08-22 22:41 . 2016-08-17 07:58 300600 ----a-w- c:\windows\system32\iseguard64.dll 2016-08-22 22:41 . 2016-08-17 07:57 230464 ----a-w- c:\windows\SysWow64\iseguard32.dll 2016-08-22 22:41 . 2016-08-17 07:57 48800 ----a-w- c:\windows\system32\drivers\isedrv.sys 2016-08-22 22:40 . 2016-08-22 22:41 -------- d-----w- c:\program files (x86)\COMODO 2016-08-22 22:39 . 2016-08-22 22:50 -------- d-----w- c:\programdata\COMODO 2016-08-22 20:34 . 2016-08-25 03:35 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2016-08-22 20:34 . 2016-08-22 20:34 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware 2016-08-22 20:34 . 2016-08-22 20:34 -------- d-----w- c:\programdata\Malwarebytes 2016-08-22 20:34 . 2016-03-10 06:09 64896 ----a-w- c:\windows\system32\drivers\mwac.sys 2016-08-22 20:34 . 2016-03-10 06:08 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2016-08-22 20:34 . 2016-03-10 06:08 27008 ----a-w- c:\windows\system32\drivers\mbam.sys 2016-08-22 04:07 . 2016-08-22 04:14 -------- d-----w- c:\users\Hanna\AppData\Local\Mozilla 2016-08-22 04:07 . 2016-08-22 04:07 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2016-08-17 07:26 . 2016-07-08 15:32 2048 ----a-w- c:\windows\system32\tzres.dll 2016-08-17 07:26 . 2016-07-08 15:16 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2016-08-17 01:30 . 2016-08-17 01:30 569520 ----a-w- c:\windows\system32\CcavGuard64.dll 2016-08-17 01:30 . 2016-08-17 01:30 441000 ----a-w- c:\windows\SysWow64\CcavGuard32.dll 2016-08-17 01:29 . 2016-08-17 01:29 140152 ----a-w- c:\windows\system32\drivers\CmdCCAV.sys 2016-08-14 10:33 . 2016-08-14 10:33 -------- d-----w- C:\ShadowPlay 2016-08-10 05:11 . 2016-08-02 06:03 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb 2016-08-10 05:01 . 2016-07-08 15:32 343552 ----a-w- c:\windows\system32\schannel.dll 2016-08-10 04:57 . 2016-07-08 15:01 3218944 ----a-w- c:\windows\system32\win32k.sys 2016-08-09 02:19 . 2016-08-09 02:19 -------- d-----w- c:\users\Hanna\AppData\Roaming\NVIDIA 2016-08-08 01:30 . 2016-08-08 01:30 -------- d-----w- C:\Sierra 2016-08-08 01:30 . 2016-08-08 01:30 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information 2016-08-08 01:29 . 2016-08-08 01:29 -------- d-----w- c:\program files (x86)\Common Files\InstallShield 2016-07-31 13:01 . 2016-07-31 13:00 110144 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-64.dll 2016-07-31 13:01 . 2016-07-31 13:01 -------- d-----w- c:\program files (x86)\Common Files\Java 2016-07-29 15:30 . 2016-07-30 14:46 -------- d-----w- c:\program files (x86)\Common Files\Adobe 2016-07-28 03:49 . 2016-08-23 12:34 -------- d-----w- c:\program files (x86)\StarCraft II 2016-07-28 00:45 . 2016-07-28 00:45 -------- d-----w- c:\programdata\FLEXnet 2016-07-27 16:57 . 2016-07-27 16:57 520584 ----a-r- c:\users\Hanna\AppData\Roaming\Microsoft\Installer\{9D589081-AFC2-4932-9071-AC585AC1EA83}\UninstallTool.D01EB5D5_0EC4_4BDF_A131_1989F9F14A91.exe 2016-07-27 16:23 . 2016-08-09 01:30 -------- d-----w- c:\users\Hanna\AppData\Local\Autodesk 2016-07-27 16:20 . 2016-07-27 16:20 -------- d-----w- c:\program files\Common Files\Macrovision Shared 2016-07-27 16:16 . 2016-07-27 17:03 -------- d-----w- c:\program files\Common Files\Autodesk Shared 2016-07-27 15:54 . 2016-08-22 03:52 -------- d-----w- c:\program files (x86)\Common Files\Autodesk Shared 2016-07-27 15:54 . 2016-07-27 15:54 -------- d-----w- c:\program files (x86)\Autodesk 2016-07-27 15:51 . 2016-07-27 16:57 -------- d-----w- c:\program files\Autodesk 2016-07-27 15:43 . 2010-06-01 20:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll 2016-07-27 15:43 . 2010-06-01 20:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll 2016-07-27 15:43 . 2010-06-01 20:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll 2016-07-27 15:43 . 2010-06-01 20:55 518488 ----a-w- c:\windows\system32\XAudio2_7.dll 2016-07-27 15:43 . 2010-06-01 20:55 239960 ----a-w- c:\windows\SysWow64\xactengine3_7.dll 2016-07-27 15:43 . 2010-06-01 20:55 176984 ----a-w- c:\windows\system32\xactengine3_7.dll 2016-07-27 15:43 . 2010-05-26 03:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll 2016-07-27 15:43 . 2010-05-26 03:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll 2016-07-27 15:43 . 2010-05-26 03:41 1907552 ----a-w- c:\windows\system32\d3dcsx_43.dll 2016-07-27 15:43 . 2010-05-26 03:41 1868128 ----a-w- c:\windows\SysWow64\d3dcsx_43.dll 2016-07-27 15:42 . 2006-03-31 04:40 352464 ----a-w- c:\windows\system32\xactengine2_1.dll 2016-07-27 15:42 . 2006-03-31 04:39 83664 ----a-w- c:\windows\system32\xinput1_1.dll 2016-07-27 15:42 . 2006-02-03 00:41 16592 ----a-w- c:\windows\system32\x3daudio1_0.dll 2016-07-27 15:42 . 2006-03-31 04:41 3927248 ----a-w- c:\windows\system32\d3dx9_30.dll 2016-07-27 15:38 . 2016-08-22 03:52 -------- d-----w- c:\programdata\Autodesk 2016-07-27 15:38 . 2016-08-09 01:50 -------- d-----w- c:\users\Hanna\AppData\Roaming\Autodesk . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2016-08-10 19:01 . 2016-06-28 11:41 147640136 -c--a-w- c:\windows\system32\MRT.exe 2016-07-31 13:00 . 2016-06-23 13:00 110144 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2016-07-31 12:59 . 2016-06-24 06:53 97856 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2016-07-26 06:24 . 2010-11-21 03:27 504488 ------w- c:\windows\system32\MpSigStub.exe 2016-07-14 10:07 . 2016-06-25 12:37 796352 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2016-07-14 10:07 . 2016-06-25 12:37 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2016-07-12 14:31 . 2016-07-12 14:31 1598 ----a-w- c:\windows\system32\cc_20160712_223133.reg 2016-06-26 00:35 . 2016-07-13 10:01 41704 ----a-w- c:\windows\system32\CompatTelRunner.exe 2016-06-26 00:27 . 2016-07-13 10:01 756736 ----a-w- c:\windows\system32\win32spl.dll 2016-06-26 00:27 . 2016-07-13 10:01 344576 ----a-w- c:\windows\system32\ntprint.dll 2016-06-26 00:27 . 2016-07-13 10:01 970240 ----a-w- c:\windows\system32\localspl.dll 2016-06-26 00:27 . 2016-07-13 10:01 22528 ----a-w- c:\windows\system32\inetppui.dll 2016-06-26 00:27 . 2016-07-13 10:01 166400 ----a-w- c:\windows\system32\inetpp.dll 2016-06-26 00:27 . 2016-07-13 10:01 1208320 ----a-w- c:\windows\system32\aeinv.dll 2016-06-25 19:54 . 2016-07-13 10:01 497152 ----a-w- c:\windows\SysWow64\win32spl.dll 2016-06-25 19:53 . 2016-07-13 10:01 297472 ----a-w- c:\windows\SysWow64\ntprint.dll 2016-06-25 19:53 . 2016-07-13 10:01 48640 ----a-w- c:\windows\system32\wpnpinst.exe 2016-06-25 19:53 . 2016-07-13 10:01 61952 ----a-w- c:\windows\system32\ntprint.exe 2016-06-25 19:41 . 2016-07-13 10:01 61952 ----a-w- c:\windows\SysWow64\ntprint.exe 2016-06-24 06:22 . 2016-06-24 06:22 194048 ----a-w- c:\windows\SysWow64\elshyph.dll 2016-06-24 06:22 . 2016-06-24 06:22 942592 ----a-w- c:\windows\system32\jsIntl.dll 2016-06-24 06:22 . 2016-06-24 06:22 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2016-06-24 06:22 . 2016-06-24 06:22 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll 2016-06-24 06:22 . 2016-06-24 06:22 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2016-06-24 06:22 . 2016-06-24 06:22 81408 ----a-w- c:\windows\system32\icardie.dll 2016-06-24 06:22 . 2016-06-24 06:22 77312 ----a-w- c:\windows\system32\tdc.ocx 2016-06-24 06:22 . 2016-06-24 06:22 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2016-06-24 06:22 . 2016-06-24 06:22 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2016-06-24 06:22 . 2016-06-24 06:22 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll 2016-06-24 06:22 . 2016-06-24 06:22 62464 ----a-w- c:\windows\SysWow64\tdc.ocx 2016-06-24 06:22 . 2016-06-24 06:22 62464 ----a-w- c:\windows\system32\pngfilt.dll 2016-06-24 06:22 . 2016-06-24 06:22 616104 ----a-w- c:\windows\system32\ieapfltr.dat 2016-06-24 06:22 . 2016-06-24 06:22 52224 ----a-w- c:\windows\system32\msfeedsbs.dll 2016-06-24 06:22 . 2016-06-24 06:22 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2016-06-24 06:22 . 2016-06-24 06:22 48640 ----a-w- c:\windows\system32\mshtmler.dll 2016-06-24 06:22 . 2016-06-24 06:22 48128 ----a-w- c:\windows\system32\imgutil.dll 2016-06-24 06:22 . 2016-06-24 06:22 36352 ----a-w- c:\windows\SysWow64\imgutil.dll 2016-06-24 06:22 . 2016-06-24 06:22 30208 ----a-w- c:\windows\system32\licmgr10.dll 2016-06-24 06:22 . 2016-06-24 06:22 247808 ----a-w- c:\windows\system32\msls31.dll 2016-06-24 06:22 . 2016-06-24 06:22 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll 2016-06-24 06:22 . 2016-06-24 06:22 235520 ----a-w- c:\windows\system32\url.dll 2016-06-24 06:22 . 2016-06-24 06:22 235008 ----a-w- c:\windows\system32\elshyph.dll 2016-06-24 06:22 . 2016-06-24 06:22 182272 ----a-w- c:\windows\SysWow64\msls31.dll 2016-06-24 06:22 . 2016-06-24 06:22 167424 ----a-w- c:\windows\system32\iexpress.exe 2016-06-24 06:22 . 2016-06-24 06:22 151552 ----a-w- c:\windows\SysWow64\iexpress.exe 2016-06-24 06:22 . 2016-06-24 06:22 143872 ----a-w- c:\windows\system32\wextract.exe 2016-06-24 06:22 . 2016-06-24 06:22 139264 ----a-w- c:\windows\SysWow64\wextract.exe 2016-06-24 06:22 . 2016-06-24 06:22 13824 ----a-w- c:\windows\system32\mshta.exe 2016-06-24 06:22 . 2016-06-24 06:22 135680 ----a-w- c:\windows\system32\iepeers.dll 2016-06-24 06:22 . 2016-06-24 06:22 13312 ----a-w- c:\windows\SysWow64\mshta.exe 2016-06-24 06:22 . 2016-06-24 06:22 13312 ----a-w- c:\windows\system32\msfeedssync.exe 2016-06-24 06:22 . 2016-06-24 06:22 131072 ----a-w- c:\windows\system32\IEAdvpack.dll 2016-06-24 06:22 . 2016-06-24 06:22 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2016-06-24 06:22 . 2016-06-24 06:22 105984 ----a-w- c:\windows\system32\iesysprep.dll 2016-06-23 12:27 . 2016-06-23 12:27 53248 ----a-r- c:\users\Hanna\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2016-06-23 02:22 . 2016-06-23 02:22 68608 ----a-w- c:\windows\system32\taskhost.exe 2016-06-23 02:21 . 2016-06-23 02:21 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2016-06-23 02:21 . 2016-06-23 02:21 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2016-06-23 02:21 . 2016-06-23 02:21 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2016-06-23 02:21 . 2016-06-23 02:21 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll 2016-06-23 02:21 . 2016-06-23 02:21 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2016-06-23 02:21 . 2016-06-23 02:21 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll 2016-06-23 02:21 . 2016-06-23 02:21 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2016-06-23 02:21 . 2016-06-23 02:21 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll 2016-06-23 02:21 . 2016-06-23 02:21 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll 2016-06-23 02:21 . 2016-06-23 02:21 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll 2016-06-23 02:21 . 2016-06-23 02:21 363008 ----a-w- c:\windows\system32\dxgi.dll 2016-06-23 02:21 . 2016-06-23 02:21 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2016-06-23 02:21 . 2016-06-23 02:21 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2016-06-23 02:21 . 2016-06-23 02:21 333312 ----a-w- c:\windows\system32\d3d10_1core.dll 2016-06-23 02:21 . 2016-06-23 02:21 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll 2016-06-23 02:21 . 2016-06-23 02:21 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll 2016-06-23 02:21 . 2016-06-23 02:21 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll 2016-06-23 02:21 . 2016-06-23 02:21 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll 2016-06-23 02:21 . 2016-06-23 02:21 296960 ----a-w- c:\windows\system32\d3d10core.dll 2016-06-23 02:21 . 2016-06-23 02:21 293376 ----a-w- c:\windows\SysWow64\dxgi.dll 2016-06-23 02:21 . 2016-06-23 02:21 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll 2016-06-23 02:21 . 2016-06-23 02:21 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2016-06-23 02:21 . 2016-06-23 02:21 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll 2016-06-23 02:21 . 2016-06-23 02:21 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2016-06-23 02:21 . 2016-06-23 02:21 221184 ----a-w- c:\windows\system32\UIAnimation.dll 2016-06-23 02:21 . 2016-06-23 02:21 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll 2016-06-23 02:21 . 2016-06-23 02:21 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll 2016-06-23 02:21 . 2016-06-23 02:21 194560 ----a-w- c:\windows\system32\d3d10_1.dll 2016-06-23 02:21 . 2016-06-23 02:21 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll 2016-06-23 02:21 . 2016-06-23 02:21 1682432 ----a-w- c:\windows\system32\XpsPrint.dll 2016-06-23 02:21 . 2016-06-23 02:21 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll 2016-06-23 02:21 . 2016-06-23 02:21 1238528 ----a-w- c:\windows\system32\d3d10.dll 2016-06-23 02:21 . 2016-06-23 02:21 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll 2016-06-23 02:21 . 2016-06-23 02:21 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll 2016-06-23 02:21 . 2016-06-23 02:21 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll 2016-06-23 02:21 . 2016-06-23 02:21 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll 2016-06-23 02:19 . 2016-06-23 02:19 1887232 ----a-w- c:\windows\system32\d3d11.dll 2016-06-23 02:19 . 2016-06-23 02:19 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll 2016-06-22 13:06 . 2016-07-13 10:01 268800 ----a-w- c:\windows\system32\centel.dll 2016-06-17 18:24 . 2016-07-13 10:01 571904 ----a-w- c:\windows\system32\generaltel.dll 2016-06-17 18:24 . 2016-07-13 10:01 544256 ----a-w- c:\windows\system32\devinv.dll 2016-06-17 18:24 . 2016-07-13 10:01 294912 ----a-w- c:\windows\system32\invagent.dll 2016-06-17 18:24 . 2016-07-13 10:01 76800 ----a-w- c:\windows\system32\acmigration.dll 2016-06-17 18:24 . 2016-07-13 10:01 219136 ----a-w- c:\windows\system32\aepic.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2016-08-16 18:53 216896 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.40.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt10] @="{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}] 2016-08-16 18:53 216896 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.40.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2016-08-16 18:53 216896 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.40.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3] @="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}] 2016-08-16 18:53 216896 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.40.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4] @="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}] 2016-08-16 18:53 216896 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.40.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2016-08-16 18:53 216896 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.40.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6] @="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}] 2016-08-16 18:53 216896 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.40.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2016-08-16 18:53 216896 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.40.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8] @="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}] 2016-08-16 18:53 216896 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.40.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt9] @="{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}] 2016-08-16 18:53 216896 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt.40.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files (x86)\Steam\steam.exe" [2016-08-23 2857248] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2012-09-12 204136] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2016-06-21 598552] "CCAV"="c:\program files (x86)\COMODO\COMODO Cloud Antivirus\ccavsrv.exe" [2016-08-17 5335664] "IseUI"="c:\program files (x86)\COMODO\Internet Security Essentials\vkise.exe" [2016-08-17 3170504] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x] R3 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x] R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x] R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x] R4 dbupdate;Perkhidmatan Kemas Kini Dropbox (dbupdate);c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe;c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe [x] R4 dbupdatem;Perkhidmatan Kemas Kini Dropbox (dbupdatem);c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe;c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe [x] R4 FlexNet Licensing Service 64;FlexNet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe [x] S0 cmdccav;cmdccav;c:\windows\system32\drivers\CmdCCAV.sys;c:\windows\SYSNATIVE\drivers\CmdCCAV.sys [x] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x] S1 isedrv;Internet Security Essentials;c:\windows\system32\drivers\isedrv.sys;c:\windows\SYSNATIVE\drivers\isedrv.sys [x] S2 camfrog_update_service;Camfrog Update Service;c:\program files (x86)\Camfrog\Camfrog Video Chat\update\cf_update_service.exe;c:\program files (x86)\Camfrog\Camfrog Video Chat\update\cf_update_service.exe [x] S2 ccavsrv;ccavsrv;c:\program files (x86)\COMODO\COMODO Cloud Antivirus\ccavsrv.exe;c:\program files (x86)\COMODO\COMODO Cloud Antivirus\ccavsrv.exe [x] S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x] S2 isesrv;isesrv;c:\program files (x86)\COMODO\Internet Security Essentials\isesrv.exe;c:\program files (x86)\COMODO\Internet Security Essentials\isesrv.exe [x] S2 mfemms;McAfee Service Controller;c:\program files\Common Files\McAfee\SystemCore\\mfemms.exe;c:\program files\Common Files\McAfee\SystemCore\\mfemms.exe [x] S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x] S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe [x] S3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys;c:\windows\SYSNATIVE\DRIVERS\lvbflt64.sys [x] S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x] S3 LVUVC64;Logitech HD Webcam C525(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x] S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv.sys [x] S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x] S3 mfeaack;McAfee Inc. mfeaack;c:\windows\system32\drivers\mfeaack.sys;c:\windows\SYSNATIVE\drivers\mfeaack.sys [x] S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x] S3 NvStreamNetworkSvc;NVIDIA Streamer Network Service;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [x] S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x] S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc . Contents of the 'Scheduled Tasks' folder . 2016-08-20 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job - c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe [2016-07-14 10:07] . 2016-08-25 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-25 10:07] . 2016-08-24 c:\windows\Tasks\DropboxUpdateTaskMachineCore.job - c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-06-23 14:23] . 2016-08-25 c:\windows\Tasks\DropboxUpdateTaskMachineUA.job - c:\program files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-06-23 14:23] . 2016-08-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-06-23 01:56] . 2016-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-06-23 01:56] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2016-08-16 18:53 260928 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.40.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt10] @="{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}] 2016-08-16 18:53 260928 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.40.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2016-08-16 18:53 260928 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.40.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt3] @="{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}] 2016-08-16 18:53 260928 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.40.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt4] @="{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}] 2016-08-16 18:53 260928 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.40.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt5] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2016-08-16 18:53 260928 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.40.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt6] @="{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}] 2016-08-16 18:53 260928 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.40.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt7] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2016-08-16 18:53 260928 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.40.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt8] @="{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}] 2016-08-16 18:53 260928 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.40.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ DropboxExt9] @="{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}] 2016-08-16 18:53 260928 ----a-w- c:\program files (x86)\Dropbox\Client\DropboxExt64.40.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2016-06-14 2397120] "ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2016-06-14 1767944] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Hanna\AppData\Roaming\Mozilla\Firefox\Profiles\ieovjxsy.default\ FF - prefs.js: browser.startup.homepage - hxxp://google.com . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2016-08-25 12:20:33 ComboFix-quarantined-files.txt 2016-08-25 04:20 . Pre-Run: 142,908,207,104 bytes free Post-Run: 142,579,150,848 bytes free . - - End Of File - - B2732CBF57F4A5148A0461DC5846AF18 A36C5E4F47E84449FF07ED3517B43A31
  12. Ok thanks! Scans finished, here is the log files: RogueKiller V12.5.1.0 (x64) [Aug 22 2016] (Free) by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/download/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Hanna [Administrator] Started from : C:\Program Files\RogueKiller\RogueKiller64.exe Mode : Delete -- Date : 08/25/2016 06:06:32 (Duration : 00:40:34) ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 0 ¤¤¤ ¤¤¤ Tasks : 2 ¤¤¤ [Suspicious.Path] %WINDIR%\Tasks\{1C35AF9C-4102-EB46-2DC1-514C7A9A651C}.job -- C:\Users\Hanna\AppData\Roaming\PRICEF~1\PRICEF~1.EXE (/Check) -> Not selected [Suspicious.Path] \{1C35AF9C-4102-EB46-2DC1-514C7A9A651C} -- C:\Users\Hanna\AppData\Roaming\PRICEF~1\PRICEF~1.EXE (/Check) -> Not selected ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: ST500DM002-1BD142 ATA Device +++++ --- User --- [MBR] 9e16ea85824da21bad5fb35bec49e26a [BSP] bb583f63d1ba254b791e2520857e91df : Windows Vista/7/8|VT.Unknown MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 238419 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 488488960 | Size: 238419 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK ----------------------------------------------------------------------------------------- Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 25/8/2016 Scan Time: 2:20 AM Logfile: mbamlog.txt Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.08.24.10 Rootkit Database: v2016.08.15.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Hanna Scan Type: Threat Scan Result: Completed Objects Scanned: 305282 Time Elapsed: 10 min, 38 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) --------------------------------------------------------------------------------- # AdwCleaner v6.000 - Logfile created 23/08/2016 at 09:33:17 # Updated on 12/08/2016 by ToolsLib # Database : 2016-08-12.4 [Local] # Operating System : Windows 7 Home Premium Service Pack 1 (X64) # Username : Hanna - HANNA-PC # Running from : C:\Users\Hanna\Desktop\AdwCleaner.exe # Mode: Scan # Support : https://toolslib.net/forum ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** No malicious folders found. ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious keys found. ***** [ Shortcuts ] ***** No infected shortcut found. ***** [ Scheduled Tasks ] ***** No malicious task found. ***** [ Registry ] ***** No malicious registry element found. ***** [ Web browsers ] ***** No malicious Firefox based browser items found. No malicious Chromium based browser items found. ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [974 Bytes] - [23/08/2016 08:20:43] C:\AdwCleaner\AdwCleaner[S0].txt - [1142 Bytes] - [23/08/2016 07:57:34] C:\AdwCleaner\AdwCleaner[S1].txt - [1135 Bytes] - [23/08/2016 09:33:17] ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1208 Bytes] ########## ------------------------------------------------------------------------------------------- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.0.7 (07.03.2016) Operating System: Windows 7 Home Premium x64 Ran by Hanna (Administrator) on Thu 25/08/2016 at 6:53:35.40 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 11 Successfully deleted: C:\Users\Hanna\AppData\Local\{DDCAEB96-F962-872E-94FA-A2C6B0925E5E} (Empty Folder) Successfully deleted: C:\Users\Hanna\AppData\Local\crashrpt (Folder) Successfully deleted: C:\Windows\system32\Tasks\HannaSpeciosityStitchersV2 (Task) Successfully deleted: C:\Users\Hanna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FHOOIZ0Y (Temporary Internet Files Folder) Successfully deleted: C:\Users\Hanna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O0ITGB44 (Temporary Internet Files Folder) Successfully deleted: C:\Users\Hanna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RQJDN7YL (Temporary Internet Files Folder) Successfully deleted: C:\Users\Hanna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZVOE101H (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FHOOIZ0Y (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O0ITGB44 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RQJDN7YL (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZVOE101H (Temporary Internet Files Folder) Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Thu 25/08/2016 at 6:59:07.17 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  13. I'm logged in her machine thru Teamviewer. There was no anti-virus. I installed Comodo and Malwarebytes. I'm not sure if its clean or not please have a look. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-08-2016 01 Ran by Hanna (administrator) on HANNA-PC (24-08-2016 06:37:59) Running from C:\Users\Hanna\Desktop Loaded Profiles: Hanna (Available Profiles: Hanna) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe (Camshare Inc.) C:\Program Files (x86)\Camfrog\Camfrog Video Chat\update\cf_update_service.exe (COMODO) C:\Program Files (x86)\COMODO\COMODO Cloud Antivirus\ccavsrv.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (COMODO) C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (COMODO) C:\Program Files (x86)\COMODO\COMODO Cloud Antivirus\ccavsrv.exe (COMODO) C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (Camshare, Inc.) C:\Program Files (x86)\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe (Visicom Media Inc.) C:\Program Files (x86)\ManyCam\ManyCam.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-15] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1767944 2016-06-15] (NVIDIA Corporation) HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [23892200 2016-08-17] (Dropbox, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" HKLM-x32\...\Run: [CCAV] => C:\Program Files (x86)\COMODO\COMODO Cloud Antivirus\ccavsrv.exe [5335664 2016-08-17] (COMODO) HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe [3170504 2016-08-17] (COMODO) HKU\S-1-5-21-2353525251-3153904798-3974892558-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2857248 2016-08-17] (Valve Corporation) HKU\S-1-5-21-2353525251-3153904798-3974892558-1000\...\Policies\Explorer: [] ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.40.dll [2016-08-17] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.40.dll [2016-08-17] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.40.dll [2016-08-17] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.40.dll [2016-08-17] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.40.dll [2016-08-17] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.40.dll [2016-08-17] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.40.dll [2016-08-17] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.40.dll [2016-08-17] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.40.dll [2016-08-17] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.40.dll [2016-08-17] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2014-04-15] (Autodesk, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.40.dll [2016-08-17] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.40.dll [2016-08-17] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.40.dll [2016-08-17] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.40.dll [2016-08-17] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.40.dll [2016-08-17] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.40.dll [2016-08-17] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.40.dll [2016-08-17] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.40.dll [2016-08-17] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.40.dll [2016-08-17] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.40.dll [2016-08-17] (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{9B600081-1220-4ADF-A474-73AD8682340D}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-07-31] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-31] (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-07-31] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-31] (Oracle Corporation) FireFox: ======== FF ProfilePath: C:\Users\Hanna\AppData\Roaming\Mozilla\Firefox\Profiles\ieovjxsy.default FF Homepage: hxxp://google.com FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-31] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-31] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-31] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-31] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-06-03] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-06-03] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-06-24] (Adobe Systems Inc.) Chrome: ======= CHR Profile: C:\Users\Hanna\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Slaid Google) - C:\Users\Hanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-23] CHR Extension: (Dokumen Google) - C:\Users\Hanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-23] CHR Extension: (Google Drive) - C:\Users\Hanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-23] CHR Extension: (YouTube) - C:\Users\Hanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-23] CHR Extension: (Helaian Google) - C:\Users\Hanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-23] CHR Extension: (Dokumen Google Luar Talian) - C:\Users\Hanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-23] CHR Extension: (Chrome Web Store Payments) - C:\Users\Hanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-23] CHR Extension: (Gmail) - C:\Users\Hanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-23] CHR Extension: (Chrome Media Router) - C:\Users\Hanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-19] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [31192 2014-02-07] (Autodesk, Inc.) R2 camfrog_update_service; C:\Program Files (x86)\Camfrog\Camfrog Video Chat\update\cf_update_service.exe [1063968 2016-03-15] (Camshare Inc.) R2 ccavsrv; C:\Program Files (x86)\COMODO\COMODO Cloud Antivirus\ccavsrv.exe [5335664 2016-08-17] (COMODO) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-06-23] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-06-23] (Dropbox, Inc.) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-15] (NVIDIA Corporation) R2 isesrv; C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe [124104 2016-08-17] (COMODO) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes) R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382488 2016-01-26] (McAfee, Inc.) S3 mfevtp; C:\Windows\system32\mfevtps.exe [279488 2016-01-26] (McAfee, Inc.) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-15] (NVIDIA Corporation) R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-15] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-15] (NVIDIA Corporation) S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1570520 2016-02-02] (Secunia) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7248144 2016-08-09] (TeamViewer GmbH) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 cmdccav; C:\Windows\System32\drivers\CmdCCAV.sys [140152 2016-08-17] (COMODO) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation) R1 isedrv; C:\Windows\system32\drivers\isedrv.sys [48800 2016-08-17] (COMODO) R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-15] (Visicom Media Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-08-24] (Malwarebytes) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation) R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-15] (Visicom Media Inc.) R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [422184 2016-01-29] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [351656 2016-01-29] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [847608 2016-01-29] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [245096 2016-01-29] (McAfee, Inc.) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-15] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-06-03] (NVIDIA Corporation) S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2016-02-02] (Secunia) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-08-24 06:37 - 2016-08-24 06:38 - 00016679 _____ C:\Users\Hanna\Desktop\FRST.txt 2016-08-24 06:37 - 2016-08-24 06:37 - 00000000 ____D C:\FRST 2016-08-24 06:31 - 2016-08-24 06:31 - 02396672 _____ (Farbar) C:\Users\Hanna\Desktop\FRST64.exe 2016-08-24 06:04 - 2016-08-24 06:04 - 00001374 _____ C:\Users\Hanna\Desktop\ManyCam - Shortcut.lnk 2016-08-24 06:00 - 2016-08-24 06:11 - 00000000 ____D C:\Users\Hanna\AppData\Local\ManyCam 2016-08-24 05:59 - 2016-08-24 05:59 - 00000000 ____D C:\Windows\LastGood 2016-08-24 05:59 - 2016-08-24 05:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManyCam 2016-08-24 05:58 - 2016-08-24 06:01 - 00000000 ____D C:\ProgramData\ManyCam 2016-08-24 05:58 - 2016-08-24 05:58 - 00000000 ____D C:\Users\Hanna\AppData\Roaming\ManyCam 2016-08-24 05:18 - 2016-08-24 05:18 - 00001033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk 2016-08-24 05:18 - 2016-08-24 05:18 - 00000000 ____D C:\Program Files (x86)\Secunia 2016-08-24 05:00 - 2016-08-24 05:00 - 04002104 _____ (Secunia) C:\Users\Hanna\Downloads\PSISetup.exe 2016-08-23 23:56 - 2016-08-24 00:00 - 00448512 _____ (OldTimer Tools) C:\Users\Hanna\Desktop\TFC.exe 2016-08-23 09:01 - 2016-08-24 06:38 - 00097040 _____ C:\Windows\system32\Drivers\ccavsfi.dat 2016-08-23 07:42 - 2016-08-23 09:33 - 00000000 ____D C:\AdwCleaner 2016-08-23 06:41 - 2016-08-17 15:58 - 00300600 _____ (COMODO) C:\Windows\system32\iseguard64.dll 2016-08-23 06:41 - 2016-08-17 15:57 - 00230464 _____ (COMODO) C:\Windows\SysWOW64\iseguard32.dll 2016-08-23 06:41 - 2016-08-17 15:57 - 00048800 _____ (COMODO) C:\Windows\system32\Drivers\isedrv.sys 2016-08-23 06:40 - 2016-08-23 06:41 - 00000000 ____D C:\Program Files (x86)\COMODO 2016-08-23 06:40 - 2016-08-23 06:40 - 00002075 _____ C:\Users\Public\Desktop\COMODO Cloud Antivirus.lnk 2016-08-23 06:40 - 2016-08-23 06:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO 2016-08-23 06:39 - 2016-08-23 06:50 - 00000000 ____D C:\ProgramData\COMODO 2016-08-23 06:18 - 2016-08-23 06:20 - 06251792 _____ (COMODO) C:\Users\Hanna\Downloads\ccav_installer.exe 2016-08-23 04:34 - 2016-08-24 04:19 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-08-23 04:34 - 2016-08-23 04:34 - 00001066 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-08-23 04:34 - 2016-08-23 04:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-08-23 04:34 - 2016-08-23 04:34 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-08-23 04:34 - 2016-08-23 04:34 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-08-23 04:34 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2016-08-23 04:34 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2016-08-23 04:34 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2016-08-22 21:51 - 2016-08-22 21:55 - 22851472 _____ (Malwarebytes ) C:\Users\Hanna\Downloads\mbam-setup-2.2.1.1043.exe 2016-08-22 21:38 - 2016-08-22 21:38 - 00000000 ____D C:\Users\Hanna\AppData\Local\CrashRpt 2016-08-22 12:07 - 2016-08-22 12:14 - 00000000 ____D C:\Users\Hanna\AppData\Local\Mozilla 2016-08-22 12:07 - 2016-08-22 12:08 - 00000000 ____D C:\Users\Hanna\AppData\Roaming\Mozilla 2016-08-22 12:07 - 2016-08-22 12:07 - 00001123 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2016-08-22 12:07 - 2016-08-22 12:07 - 00001111 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2016-08-22 12:07 - 2016-08-22 12:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-08-22 12:07 - 2016-08-22 12:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-08-22 11:59 - 2016-08-22 11:59 - 00242160 _____ C:\Users\Hanna\Downloads\Firefox Setup Stub 48.0.1 (1).exe 2016-08-22 11:57 - 2016-08-22 11:57 - 00242160 _____ C:\Users\Hanna\Downloads\Firefox Setup Stub 48.0.1.exe 2016-08-20 03:42 - 2016-08-20 03:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2016-08-19 10:41 - 2016-08-19 10:41 - 00603640 _____ (Visicom Media inc.) C:\Users\Hanna\Downloads\ManyCamWebInstaller (1).exe 2016-08-17 15:26 - 2016-07-08 23:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2016-08-17 15:26 - 2016-07-08 23:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2016-08-17 09:30 - 2016-08-17 09:30 - 00569520 _____ (COMODO) C:\Windows\system32\CcavGuard64.dll 2016-08-17 09:30 - 2016-08-17 09:30 - 00441000 _____ (COMODO) C:\Windows\SysWOW64\CcavGuard32.dll 2016-08-17 09:29 - 2016-08-17 09:29 - 00140152 _____ (COMODO) C:\Windows\system32\Drivers\CmdCCAV.sys 2016-08-14 18:33 - 2016-08-14 18:33 - 00000000 ____D C:\ShadowPlay 2016-08-10 13:12 - 2016-08-02 22:08 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2016-08-10 13:12 - 2016-08-02 14:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2016-08-10 13:12 - 2016-08-02 14:31 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2016-08-10 13:12 - 2016-08-02 14:23 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2016-08-10 13:12 - 2016-08-02 14:19 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2016-08-10 13:12 - 2016-08-02 14:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2016-08-10 13:12 - 2016-08-02 13:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2016-08-10 13:12 - 2016-08-02 13:54 - 20343808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-08-10 13:12 - 2016-08-02 13:51 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-08-10 13:12 - 2016-08-02 13:51 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2016-08-10 13:12 - 2016-08-02 13:50 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2016-08-10 13:12 - 2016-08-02 13:44 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2016-08-10 13:12 - 2016-08-02 13:38 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2016-08-10 13:12 - 2016-08-02 13:29 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2016-08-10 13:12 - 2016-08-02 13:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2016-08-10 13:12 - 2016-08-02 13:25 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2016-08-10 13:12 - 2016-08-02 13:24 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2016-08-10 13:12 - 2016-08-02 13:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2016-08-10 13:12 - 2016-08-02 13:15 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-08-10 13:12 - 2016-08-02 12:53 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-08-10 13:11 - 2016-08-02 22:54 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2016-08-10 13:11 - 2016-08-02 14:54 - 25808384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-08-10 13:11 - 2016-08-02 14:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2016-08-10 13:11 - 2016-08-02 14:32 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-08-10 13:11 - 2016-08-02 14:32 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2016-08-10 13:11 - 2016-08-02 14:31 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-08-10 13:11 - 2016-08-02 14:31 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2016-08-10 13:11 - 2016-08-02 14:31 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2016-08-10 13:11 - 2016-08-02 14:24 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2016-08-10 13:11 - 2016-08-02 14:20 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2016-08-10 13:11 - 2016-08-02 14:19 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2016-08-10 13:11 - 2016-08-02 14:18 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-08-10 13:11 - 2016-08-02 14:18 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-08-10 13:11 - 2016-08-02 14:18 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2016-08-10 13:11 - 2016-08-02 14:11 - 00969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2016-08-10 13:11 - 2016-08-02 14:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2016-08-10 13:11 - 2016-08-02 14:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2016-08-10 13:11 - 2016-08-02 13:56 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2016-08-10 13:11 - 2016-08-02 13:55 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-08-10 13:11 - 2016-08-02 13:53 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2016-08-10 13:11 - 2016-08-02 13:51 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2016-08-10 13:11 - 2016-08-02 13:51 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2016-08-10 13:11 - 2016-08-02 13:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2016-08-10 13:11 - 2016-08-02 13:47 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2016-08-10 13:11 - 2016-08-02 13:45 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2016-08-10 13:11 - 2016-08-02 13:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2016-08-10 13:11 - 2016-08-02 13:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-08-10 13:11 - 2016-08-02 13:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2016-08-10 13:11 - 2016-08-02 13:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2016-08-10 13:11 - 2016-08-02 13:40 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2016-08-10 13:11 - 2016-08-02 13:38 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-08-10 13:11 - 2016-08-02 13:37 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2016-08-10 13:11 - 2016-08-02 13:36 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-08-10 13:11 - 2016-08-02 13:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2016-08-10 13:11 - 2016-08-02 13:28 - 15412224 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-08-10 13:11 - 2016-08-02 13:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2016-08-10 13:11 - 2016-08-02 13:23 - 02868224 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-08-10 13:11 - 2016-08-02 13:21 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-08-10 13:11 - 2016-08-02 13:16 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2016-08-10 13:11 - 2016-08-02 13:14 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2016-08-10 13:11 - 2016-08-02 13:14 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2016-08-10 13:11 - 2016-08-02 13:11 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-08-10 13:11 - 2016-08-02 13:10 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-08-10 13:11 - 2016-08-02 12:59 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-08-10 13:11 - 2016-08-02 12:56 - 02393088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-08-10 13:11 - 2016-08-02 12:51 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2016-08-10 13:01 - 2016-07-08 23:37 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2016-08-10 13:01 - 2016-07-08 23:37 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2016-08-10 13:01 - 2016-07-08 23:32 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2016-08-10 13:01 - 2016-07-08 23:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2016-08-10 13:01 - 2016-07-08 23:32 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2016-08-10 13:01 - 2016-07-08 23:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2016-08-10 13:01 - 2016-07-08 23:32 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2016-08-10 13:01 - 2016-07-08 23:32 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2016-08-10 13:01 - 2016-07-08 23:32 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2016-08-10 13:01 - 2016-07-08 23:32 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2016-08-10 13:01 - 2016-07-08 23:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2016-08-10 13:01 - 2016-07-08 23:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2016-08-10 13:01 - 2016-07-08 23:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2016-08-10 13:01 - 2016-07-08 23:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2016-08-10 13:01 - 2016-07-08 23:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2016-08-10 13:01 - 2016-07-08 23:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2016-08-10 13:01 - 2016-07-08 23:32 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2016-08-10 13:01 - 2016-07-08 23:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2016-08-10 13:01 - 2016-07-08 23:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2016-08-10 13:01 - 2016-07-08 23:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2016-08-10 13:01 - 2016-07-08 23:17 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2016-08-10 13:01 - 2016-07-08 23:17 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2016-08-10 13:01 - 2016-07-08 23:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2016-08-10 13:01 - 2016-07-08 23:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2016-08-10 13:01 - 2016-07-08 23:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2016-08-10 13:01 - 2016-07-08 23:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2016-08-10 13:01 - 2016-07-08 23:16 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2016-08-10 13:01 - 2016-07-08 23:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2016-08-10 13:01 - 2016-07-08 23:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2016-08-10 13:01 - 2016-07-08 23:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2016-08-10 13:01 - 2016-07-08 23:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll 2016-08-10 13:01 - 2016-07-08 23:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2016-08-10 13:01 - 2016-07-08 23:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2016-08-10 13:01 - 2016-07-08 23:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2016-08-10 13:01 - 2016-07-08 23:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2016-08-10 13:01 - 2016-07-08 23:03 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2016-08-10 13:01 - 2016-07-08 22:57 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2016-08-10 13:01 - 2016-07-08 22:56 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2016-08-10 13:01 - 2016-07-08 22:56 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2016-08-10 13:01 - 2016-07-08 22:55 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2016-08-10 13:01 - 2016-07-08 22:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2016-08-10 13:01 - 2016-07-08 22:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2016-08-10 12:57 - 2016-07-08 23:01 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-08-09 10:19 - 2016-08-09 10:19 - 00000000 ____D C:\Users\Hanna\AppData\Roaming\NVIDIA 2016-08-08 09:36 - 2016-08-08 09:36 - 00000000 ____D C:\Users\Hanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games 2016-08-08 09:32 - 2016-08-08 09:32 - 00000144 _____ C:\Windows\Sierra.ini 2016-08-08 09:32 - 2016-08-08 09:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra 2016-08-08 09:30 - 2016-08-08 09:30 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2016-08-08 09:30 - 2016-08-08 09:30 - 00000000 ____D C:\Sierra 2016-08-08 09:27 - 2016-08-08 09:28 - 00000000 ____D C:\Users\Hanna\Downloads\Emperor_Rise_of_the_Middle_Kingdom 2016-08-08 07:33 - 2016-08-08 09:25 - 661213913 _____ C:\Users\Hanna\Downloads\Emperor_Rise_of_the_Middle_Kingdom.zip 2016-07-31 21:01 - 2016-07-31 21:00 - 00110144 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-64.dll 2016-07-30 22:21 - 2016-07-30 22:21 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2016-07-29 23:30 - 2016-07-30 22:46 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2016-07-29 23:30 - 2016-07-29 23:30 - 00001979 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk 2016-07-29 23:30 - 2016-07-29 23:30 - 00000000 ____D C:\Program Files (x86)\Adobe 2016-07-29 23:29 - 2016-07-30 22:20 - 00000000 ____D C:\ProgramData\Adobe 2016-07-29 23:14 - 2016-07-29 23:14 - 01202888 _____ (Adobe Systems Incorporated) C:\Users\Hanna\Downloads\reader11_en_xa_install.exe 2016-07-28 18:41 - 2016-07-28 18:41 - 00001055 _____ C:\Users\Public\Desktop\StarCraft II.lnk 2016-07-28 18:41 - 2016-07-28 18:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II 2016-07-28 11:49 - 2016-08-23 20:34 - 00000000 ____D C:\Program Files (x86)\StarCraft II 2016-07-28 11:49 - 2016-08-09 13:03 - 00000000 ____D C:\Users\Hanna\Documents\StarCraft II 2016-07-28 08:45 - 2016-07-28 08:45 - 00000000 ____D C:\ProgramData\FLEXnet 2016-07-28 01:03 - 2016-08-13 15:09 - 00000000 ____D C:\Users\Hanna\Documents\Autodesk Application Manager 2016-07-28 00:57 - 2016-07-28 00:57 - 00002039 _____ C:\Users\Public\Desktop\Autodesk ReCap.lnk 2016-07-28 00:49 - 2016-07-28 00:49 - 00002098 _____ C:\Users\Public\Desktop\AutoCAD 2015 - English.lnk 2016-07-28 00:49 - 2016-07-28 00:49 - 00000000 ____D C:\Users\Hanna\Documents\Inventor Server SDK ACAD 2015 2016-07-28 00:23 - 2016-08-09 09:30 - 00000000 ____D C:\Users\Hanna\AppData\Local\Autodesk 2016-07-28 00:20 - 2016-07-28 00:20 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared 2016-07-28 00:16 - 2016-07-28 01:03 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared 2016-07-28 00:16 - 2016-07-28 00:16 - 00000000 ____D C:\Users\Public\Documents\Autodesk 2016-07-27 23:54 - 2016-07-27 23:54 - 00000153 _____ C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc 2016-07-27 23:54 - 2016-07-27 23:54 - 00000000 ____D C:\Program Files (x86)\Autodesk 2016-07-27 23:51 - 2016-08-22 11:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk 2016-07-27 23:51 - 2016-07-28 00:57 - 00000000 ____D C:\Program Files\Autodesk 2016-07-27 23:51 - 2016-07-27 23:51 - 00001219 _____ C:\Users\Public\Desktop\LMTOOLS Utility.lnk 2016-07-27 23:43 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll 2016-07-27 23:43 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll 2016-07-27 23:43 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll 2016-07-27 23:43 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll 2016-07-27 23:43 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll 2016-07-27 23:43 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll 2016-07-27 23:43 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll 2016-07-27 23:43 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll 2016-07-27 23:43 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll 2016-07-27 23:43 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll 2016-07-27 23:42 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll 2016-07-27 23:42 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll 2016-07-27 23:42 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll 2016-07-27 23:42 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll 2016-07-27 23:42 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll 2016-07-27 23:42 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll 2016-07-27 23:42 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll 2016-07-27 23:42 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll 2016-07-27 23:38 - 2016-08-22 11:52 - 00000000 ____D C:\ProgramData\Autodesk 2016-07-27 23:38 - 2016-08-09 09:50 - 00000000 ____D C:\Users\Hanna\AppData\Roaming\Autodesk 2016-07-27 23:38 - 2016-07-27 23:38 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-08-24 06:36 - 2009-07-14 12:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-08-24 06:36 - 2009-07-14 12:45 - 00021888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-08-24 06:28 - 2016-06-23 22:23 - 00000964 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job 2016-08-24 06:12 - 2016-06-23 09:56 - 00001008 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-08-24 06:03 - 2016-07-14 15:14 - 00000000 ____D C:\Program Files (x86)\ManyCam 2016-08-24 06:02 - 2016-06-25 20:37 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-08-24 05:59 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\inf 2016-08-24 05:55 - 2016-06-23 22:49 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2016-08-24 04:47 - 2016-06-24 00:11 - 00000000 ___RD C:\Users\Hanna\Dropbox 2016-08-24 04:46 - 2016-06-23 22:23 - 00000000 ____D C:\Users\Hanna\AppData\Local\Dropbox 2016-08-24 04:12 - 2016-06-23 09:56 - 00001004 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-08-24 03:53 - 2016-06-24 00:19 - 00000000 ____D C:\Users\Hanna\AppData\Roaming\vlc 2016-08-24 03:16 - 2016-06-24 10:14 - 00000000 ____D C:\Program Files (x86)\Steam 2016-08-24 01:49 - 2016-06-23 22:23 - 00000960 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job 2016-08-24 01:48 - 2016-06-24 11:06 - 00000000 ____D C:\ProgramData\NVIDIA 2016-08-24 01:48 - 2009-07-14 13:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-08-23 22:43 - 2016-06-23 09:33 - 00000000 ____D C:\Users\Hanna\AppData\Roaming\Camfrog 2016-08-23 21:36 - 2016-07-04 20:25 - 00000000 ____D C:\Users\Hanna\AppData\Local\Battle.net 2016-08-23 20:25 - 2016-07-04 19:52 - 00000000 ____D C:\Program Files (x86)\Battle.net 2016-08-23 09:32 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\system32\NDF 2016-08-22 13:26 - 2009-07-14 13:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI 2016-08-21 05:53 - 2016-06-25 20:37 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job 2016-08-20 03:42 - 2016-06-23 22:23 - 00000000 ____D C:\Program Files (x86)\Dropbox 2016-08-19 03:01 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\rescache 2016-08-15 22:54 - 2016-06-23 22:49 - 00000931 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk 2016-08-15 22:00 - 2016-06-24 22:13 - 00000000 ____D C:\Users\Hanna\AppData\Local\CrashDumps 2016-08-14 08:41 - 2016-07-19 09:12 - 00000000 ____D C:\Program Files (x86)\Diablo III 2016-08-11 23:10 - 2009-07-14 11:20 - 00000000 ____D C:\Windows\LiveKernelReports 2016-08-11 03:27 - 2009-07-14 12:45 - 00341776 _____ C:\Windows\system32\FNTCACHE.DAT 2016-08-11 03:10 - 2016-06-28 19:41 - 00000000 ____D C:\Windows\system32\MRT 2016-08-11 03:01 - 2016-06-28 19:41 - 147640136 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-08-08 13:44 - 2016-06-23 02:35 - 00000000 ____D C:\Users\Hanna\AppData\Local\VirtualStore 2016-08-05 09:17 - 2016-06-23 10:12 - 00002145 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-08-05 09:17 - 2016-06-23 10:12 - 00002133 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-08-03 06:13 - 2016-07-01 01:18 - 00000000 ____D C:\Users\Hanna\AppData\Local\ElevatedDiagnostics 2016-08-01 10:23 - 2016-07-04 20:25 - 00000000 ____D C:\Users\Hanna\AppData\Local\Blizzard Entertainment 2016-08-01 10:21 - 2016-07-04 20:25 - 00000000 ____D C:\ProgramData\Blizzard Entertainment 2016-07-31 21:26 - 2016-06-23 21:00 - 00000000 ____D C:\ProgramData\Oracle 2016-07-31 21:02 - 2016-06-24 14:52 - 00000000 ____D C:\Program Files (x86)\Java 2016-07-31 21:01 - 2016-06-23 21:00 - 00000000 ____D C:\Users\Hanna\.oracle_jre_usage 2016-07-31 21:01 - 2016-06-23 21:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2016-07-31 21:01 - 2016-06-23 21:00 - 00000000 ____D C:\Program Files\Java 2016-07-31 21:00 - 2016-06-23 21:00 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2016-07-31 20:59 - 2016-06-24 14:53 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2016-07-29 23:14 - 2016-06-24 22:01 - 00000000 ____D C:\Users\Hanna\AppData\Local\Adobe 2016-07-29 04:07 - 2016-06-23 09:56 - 00004004 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-07-29 04:07 - 2016-06-23 09:56 - 00003752 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2016-07-28 01:03 - 2016-06-24 18:04 - 00000000 ____D C:\ProgramData\Package Cache 2016-07-28 00:50 - 2016-06-23 09:31 - 00090032 _____ C:\Users\Hanna\AppData\Local\GDIPFONTCACHEV1.DAT 2016-07-28 00:49 - 2009-07-14 13:32 - 00000000 ____D C:\Windows\Downloaded Program Files 2016-07-27 23:40 - 2009-07-14 11:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2016-07-26 14:24 - 2010-11-21 11:27 - 00504488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe ==================== Files in the root of some directories ======= 2016-07-27 23:54 - 2016-07-27 23:54 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc Files to move or delete: ==================== C:\Windows\Tasks\{1C35AF9C-4102-EB46-2DC1-514C7A9A651C}.job ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-08-19 02:54 ==================== End of FRST.txt ============================ -------------------- Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-08-2016 01 Ran by Hanna (24-08-2016 06:39:33) Running from C:\Users\Hanna\Desktop Windows 7 Home Premium Service Pack 1 (X64) (2016-06-22 18:35:15) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2353525251-3153904798-3974892558-500 - Administrator - Disabled) Guest (S-1-5-21-2353525251-3153904798-3974892558-501 - Limited - Disabled) Hanna (S-1-5-21-2353525251-3153904798-3974892558-1000 - Administrator - Enabled) => C:\Users\Hanna HomeGroupUser$ (S-1-5-21-2353525251-3153904798-3974892558-1002 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: COMODO Cloud Antivirus (Enabled - Up to date) {D0CC7563-ABD2-DEBE-138E-FDD553335AF2} AS: COMODO Sandbox (Disabled - Up to date) {6BAD9487-8DE8-D130-293E-C6A728B4104F} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 22 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated) Adobe Reader XI (11.0.17) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.17 - Adobe Systems Incorporated) AutoCAD 2015 - English (Version: 20.0.51.0 - Autodesk) Hidden AutoCAD 2015 Help - English (Version: 20.0.51.0 - Autodesk) Hidden AutoCAD 2015 Language Pack - English (Version: 20.0.51.0 - Autodesk) Hidden Autodesk App Manager (HKLM-x32\...\{C8125548-F2D5-4059-823F-1F3C5BBD9F19}) (Version: 1.2.0 - Autodesk) Autodesk AutoCAD 2015 - English (HKLM\...\AutoCAD 2015 - English) (Version: 20.0.51.0 - Autodesk) Autodesk AutoCAD 2015 Help - English (HKLM\...\AutoCAD 2015 Help - English) (Version: 20.0.51.0 - Autodesk) Autodesk AutoCAD Performance Feedback Tool Version 1.2.2 (HKLM-x32\...\{85735431-6CD3-4B16-BEC8-95332034E53B}) (Version: 1.2.2.0 - Autodesk) Autodesk BIM 360 Glue AutoCAD 2015 Add-in 64 bit (HKLM\...\{9D589081-AFC2-4932-9071-AC585AC1EA83}) (Version: 3.32.3004 - Autodesk) Autodesk CAD Manager Tools (HKLM\...\{5783F2D7-0111-0409-0110-0060B0CE6BBA}) (Version: 16.0.0.65 - Autodesk) Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.2.0.0 - Autodesk) Autodesk Content Service (x32 Version: 3.2.0.0 - Autodesk) Hidden Autodesk Content Service Language Pack (x32 Version: 3.2.0.0 - Autodesk) Hidden Autodesk Featured Apps (HKLM-x32\...\{EDDEE94B-214D-4B07-9727-A3E46F3E379A}) (Version: 1.2.0 - Autodesk) Autodesk Material Library 2015 (HKLM-x32\...\{427F733F-4D6C-45BC-9324-EB743104C321}) (Version: 5.2.9.100 - Autodesk) Autodesk Material Library Base Resolution Image Library 2015 (HKLM-x32\...\{ABE2F70B-8D94-44E9-AA04-F0DB35063D62}) (Version: 5.2.9.100 - Autodesk) Autodesk Network License Manager (HKLM\...\{4BE91685-1632-47FC-B563-A8A542C6664C}) (Version: 11.12.0 - Autodesk) Autodesk ReCap (HKLM\...\Autodesk ReCap) (Version: 1.3.1.39 - Autodesk) Autodesk ReCap (Version: 1.3.1.39 - Autodesk) Hidden CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden Camfrog Video Chat 6.11 (HKLM-x32\...\Camfrog) (Version: 6.11.549 - Camshare, Inc.) COMODO Cloud Antivirus (HKLM-x32\...\COMODO Cloud Antivirus_list_uninstall) (Version: 1.4.397436.312 - COMODO) COMODO Cloud Antivirus (x32 Version: 1.4.312.0 - COMODO) Hidden Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment) Dota 2 (HKLM\...\Steam App 570) (Version: - Valve) Dropbox (HKLM-x32\...\Dropbox) (Version: 8.4.19 - Dropbox, Inc.) Dropbox Update Helper (x32 Version: 1.3.45.1 - Dropbox, Inc.) Hidden Emperor: Rise of the Middle Kingdom (HKLM-x32\...\{821DABD6-26F2-49E5-AE55-40A589ADBE6D}) (Version: - ) erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.) Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden Internet Security Essentials (HKLM-x32\...\ComodoIse) (Version: 1.1.397428.24 - Comodo) Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation) Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation) Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) ManyCam 4.1.0 (HKLM-x32\...\ManyCam) (Version: 4.1.0 - Visicom Media Inc.) Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Mozilla Firefox 48.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 48.0.1 (x86 en-US)) (Version: 48.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.1 - Mozilla) NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation) NVIDIA 3D Vision Driver 368.39 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 368.39 - NVIDIA Corporation) NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation) NVIDIA Graphics Driver 368.39 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 368.39 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.34.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.14 - NVIDIA Corporation) NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation) Secunia PSI (3.0.0.11005) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.11005 - Secunia) SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 2.11.4.0 - NVIDIA Corporation) Hidden SketchUp Import (HKLM-x32\...\{C403E867-FCF1-432B-BCC1-8FFD40A10A6E}) (Version: 1.2.0 - Autodesk) StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.64630 - TeamViewer) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN) Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1) (Version: 1.0.11.1 - LunarG, Inc.) Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17323 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2353525251-3153904798-3974892558-1000_Classes\CLSID\{0B628DE4-07AD-4284-81CA-5B439F67C5E6}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-2353525251-3153904798-3974892558-1000_Classes\CLSID\{149DD748-EA85-45A6-93C5-AC50D0260C98}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2015\acad.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-2353525251-3153904798-3974892558-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2015\en-US\acadficn.dll (Autodesk, Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {048C540D-3ACC-47E4-9936-04C67BC299CB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-23] (Google Inc.) Task: {14193DF9-29DC-45F5-8FA1-F218C8882967} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe [2016-07-14] (Adobe Systems Incorporated) Task: {1AFD00AE-D6E4-49B1-8A01-B082176B5860} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-06-23] (Dropbox, Inc.) Task: {5E2936EF-A4E6-4F5F-849C-0AFEFC83922B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-14] (Adobe Systems Incorporated) Task: {8B75D45E-39B0-4E15-8C1C-6D27D3170285} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated) Task: {A0369758-8D7C-4748-BBAD-470788E0906B} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-06-23] (Dropbox, Inc.) Task: {A189F785-D96B-4F91-91B2-BBF2AC7175C6} - System32\Tasks\HannaSpeciosityStitchersV2 => Rundll32.exe RottedRetypes.dll,main 7 1 <==== ATTENTION Task: {B46291B0-9954-47A3-8AC5-C99CB6BE2AD6} - System32\Tasks\{1C35AF9C-4102-EB46-2DC1-514C7A9A651C} => C:\Users\Hanna\AppData\Roaming\PRICEF~1\PRICEF~1.EXE <==== ATTENTION Task: {C2C57B2F-3907-4152-8AD5-A0B9110850AD} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {F2909B79-687A-4820-BCED-1A867D76102E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-06-23] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_22_0_0_209_pepper.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\{1C35AF9C-4102-EB46-2DC1-514C7A9A651C}.job => C:\Users\Hanna\AppData\Roaming\PRICEF~1\PRICEF~1.EXE <==== ATTENTION ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-06-24 18:24 - 2016-06-03 11:26 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2016-06-24 18:26 - 2016-06-15 04:03 - 00367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll 2016-06-24 18:26 - 2016-06-15 04:03 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll 2016-06-24 18:26 - 2016-06-15 04:03 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll 2016-06-24 18:26 - 2016-06-15 04:03 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll 2016-06-24 18:26 - 2016-06-15 04:03 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll 2016-06-24 18:26 - 2016-06-15 04:03 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll 2016-06-24 18:26 - 2016-06-15 04:03 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll 2016-06-24 18:26 - 2016-06-15 04:03 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll 2016-06-24 18:26 - 2016-06-15 04:03 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll 2016-06-24 18:26 - 2016-06-15 04:03 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll 2016-06-24 18:26 - 2016-06-15 04:03 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll 2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll 2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll 2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll 2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll 2012-11-14 11:22 - 2012-11-14 11:22 - 02010624 _____ () C:\Program Files (x86)\ManyCam\opencv_core220.dll 2012-11-14 11:23 - 2012-11-14 11:23 - 01241088 _____ () C:\Program Files (x86)\ManyCam\opencv_imgproc220.dll 2012-11-14 11:23 - 2012-11-14 11:23 - 00241152 _____ () C:\Program Files (x86)\ManyCam\opencv_objdetect220.dll 2012-11-14 11:23 - 2012-11-14 11:23 - 00775680 _____ () C:\Program Files (x86)\ManyCam\opencv_highgui220.dll 2012-11-14 11:23 - 2012-11-14 11:23 - 00201216 _____ () C:\Program Files (x86)\ManyCam\opencv_video220.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) HKU\S-1-5-21-2353525251-3153904798-3974892558-1000\Software\Classes\.scr: AutoCADScriptFile => C:\Windows\system32\notepad.exe "%1" ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 10:34 - 2016-06-25 12:54 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2353525251-3153904798-3974892558-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Hanna\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{FF092E04-D25E-4D2F-A3F3-57B9E61228BB}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{EA73D585-5CD4-4EC4-BB19-F1020647524B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{E35CC08F-7CFB-443B-BA1A-25B3A384F88C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{D8C25251-6094-4849-AC01-CB05A9166902}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{21850165-6B43-4F04-B539-4F7B3656209B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{B2824062-98AA-4A4D-9564-32C7F2F53819}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{75413E2C-8675-4163-8D8F-DF5D186A976A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{8C5439FF-FA54-4EAB-ACE3-51111D4EFB27}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{5E5A0F09-C218-4E70-A6C7-A47AF9A15966}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{FEBECEC9-C5E1-47E0-9DE3-B1668417C134}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{4809DDA0-E46C-44B8-ABDC-A5038F1D8ECD}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [TCP Query User{AFDF6392-4DC4-4474-A21B-F0E93714E130}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe] => (Allow) C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe FirewallRules: [UDP Query User{DFE12F7D-8301-47A6-9FA4-00302131C9E1}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe] => (Allow) C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe FirewallRules: [TCP Query User{C3931B49-7483-49C8-A7C6-1A36A2F7466F}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe] => (Allow) C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe FirewallRules: [UDP Query User{214249F7-FE5E-40A0-A7EA-F0959E9DF606}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe] => (Allow) C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe FirewallRules: [{4D66D214-72A0-4344-BF73-19562EB6EB9D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{279639FF-6197-4C98-B4A4-AB34E0C18725}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{94F50EF5-31A5-4D29-BEE1-90578528592F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{A19598BA-56C5-49E5-809E-DD7447060ABB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [TCP Query User{A666417D-83DE-426C-9516-FD2818B81B95}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe FirewallRules: [UDP Query User{89556781-296E-41CF-AFA4-2C9F2BD4474F}C:\program files (x86)\diablo iii\diablo iii.exe] => (Allow) C:\program files (x86)\diablo iii\diablo iii.exe FirewallRules: [{0829652C-EA11-4516-BE2A-B234CDB05CF4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{AE9E9DF5-3C1E-418B-8245-D006ECF79B14}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe FirewallRules: [{245E316A-3A9B-4BB5-A170-FA528C3028AE}] => (Allow) LPort=50248 FirewallRules: [TCP Query User{35E358A7-172F-46AE-B9E0-61ED6A7EB698}C:\program files (x86)\starcraft ii\versions\base44983\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base44983\sc2_x64.exe FirewallRules: [UDP Query User{E215D426-5D4A-4F12-9A10-D41BF98A91AE}C:\program files (x86)\starcraft ii\versions\base44983\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base44983\sc2_x64.exe FirewallRules: [{143B16E3-85D2-4FC1-8736-74392FAC08DB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{B2B589A4-C909-4844-B5CB-FFFA48C6C05D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{DF3603B6-7F14-4E88-BEFC-6C0AFB9B0834}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{65D273E7-7754-4691-825D-1A96C59360A2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{0B74481A-0BE1-4C64-99C3-966A0BFBC124}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{02A2E419-E838-4163-88C2-C4A7C7EFBB84}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe FirewallRules: [{D94D15A2-9EE2-4772-90A9-0F691FAE2872}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{AAC6A394-A08D-4ED2-8917-9DB978AE911C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Restore Points ========================= 16-08-2016 20:18:28 Windows Update 17-08-2016 16:18:05 Windows Update 21-08-2016 19:00:14 Windows Backup 23-08-2016 06:39:56 Installed COMODO Cloud Antivirus 23-08-2016 20:09:25 Windows Update 24-08-2016 05:58:57 Device Driver Package Install: Visicom Media Inc. Imaging devices 24-08-2016 05:59:34 Device Driver Package Install: Visicom Media Inc. Sound, video and game controllers ==================== Faulty Device Manager Devices ============= Name: SM Bus Controller Description: SM Bus Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Ethernet Controller Description: Ethernet Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (08/24/2016 01:50:05 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/23/2016 08:02:42 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/23/2016 08:02:39 PM) (Source: NvStreamSvc) (EventID: 2001) (User: ) Description: An error has occurred (StartServiceCtrlDispatcher failed [1063]). Error: (08/23/2016 09:03:39 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/22/2016 09:38:45 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/22/2016 07:11:17 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/22/2016 01:22:26 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/22/2016 12:45:28 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/22/2016 11:00:32 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/22/2016 10:09:58 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (08/24/2016 12:11:55 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly. It has done this 1 time(s). Error: (08/23/2016 08:00:58 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 11:35:15 on ‎23/‎08/‎2016 was unexpected. Error: (08/23/2016 08:20:39 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The ccavsrv service terminated unexpectedly. It has done this 1 time(s). Error: (08/23/2016 08:20:39 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Internet Security Essentials Service service terminated unexpectedly. It has done this 1 time(s). Error: (08/23/2016 08:20:39 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s). Error: (08/23/2016 08:20:39 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s). Error: (08/23/2016 08:20:38 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (08/23/2016 08:20:38 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (08/23/2016 08:20:38 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The NVIDIA Streamer Network Service service terminated unexpectedly. It has done this 1 time(s). Error: (08/23/2016 08:20:38 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The TeamViewer 11 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 2000 milliseconds: Restart the service. CodeIntegrity: =================================== Date: 2016-08-24 05:56:18.301 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-08-24 05:56:18.275 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CcavGuard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-08-24 04:40:17.965 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-08-24 04:40:17.944 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CcavGuard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-08-24 03:32:54.680 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-08-24 03:32:54.665 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CcavGuard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-08-24 01:48:48.479 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-08-24 01:48:48.448 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CcavGuard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-08-24 00:44:28.588 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\iseguard64.dll because the set of per-page image hashes could not be found on the system. Date: 2016-08-24 00:44:28.572 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CcavGuard64.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: AMD A6-3500 APU with Radeon(tm) HD Graphics Percentage of memory in use: 66% Total physical RAM: 4093.43 MB Available physical RAM: 1355.44 MB Total Virtual: 8185.04 MB Available Virtual: 4897.07 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:232.83 GB) (Free:134.9 GB) NTFS Drive d: () (Fixed) (Total:232.83 GB) (Free:24.42 GB) NTFS Drive e: (Feb 12 2014) (CDROM) (Total:3.73 GB) (Free:0 GB) UDF ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E3BD4EDE) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
  14. I am but I have to close this thread. My friend sold the computer and buy a new one.
  15. Thanks a lot Broni the machine is working much better now.