ProblemsRBad

Members
  • Content count

    976
  • Joined

  • Last visited

  • Days Won

    1
  • Time Online

    387d 15h 57m 5s

About ProblemsRBad

  • Rank
    $ Supporting Member

Profile Information

  • Gender
    Not Telling
  • OS
    Windows 10

Profile Fields

  • Country
  1. My desktop seems dirty

    Great thanks Win finished installing updates all is well now.
  2. My desktop seems dirty

    Ok I deleted the folder. Windows update continues.
  3. My desktop seems dirty

    No, there is no uninstaller.
  4. My desktop seems dirty

    I don't have steam. I did find Glyph in C:\Program Files (x86)\Glyph should I just delete this folder?
  5. My desktop seems dirty

    I am not able to see Glyph Client in add/remove programs. How do I remove it so I can allow Windows update please?
  6. My desktop seems dirty

    Ok thats better thanks! Fix result of Farbar Recovery Scan Tool (x64) Version: 25-06-2017 01 Ran by bobby (25-06-2017 17:44:11) Run:1 Running from C:\Users\bobby\Desktop Loaded Profiles: bobby & MSSQLSERVER (Available Profiles: bobby & Dan & SQLTELEMETRY & MSSQLSERVER & DefaultAppPool) Boot Mode: Normal ============================================== fixlist content: ***************** HKLM-x32\...\Run: [DXM6Patch_981116] => C:\WINDOWS\p_981116.exe [497376 1998-11-30] (Microsoft Corporation) ***************** HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\DXM6Patch_981116 => value removed successfully ==== End of Fixlog 17:44:12 ====
  7. My desktop seems dirty

    No nothing like this, only to change UAC settings.
  8. My desktop seems dirty

    I allow it but when I reboot again it asks again. What do I change to make it stop asking me every time Windows loads?
  9. My desktop seems dirty

    Before Win updates I rebooted. Now after Windows loads, I have a pop up coming. P_981116.exe asking me to allow or deny. I always deny every time. I don't know what it is. How do I remove it? https://answers.microsoft.com/en-us/windows/forum/windows_vista-files/p981116exe-file/744b72c6-d5b1-4085-89f1-e10b80bb4149?auth=1 I check here to remove it but there is nothing in startup to stop it. Not much help from MS site/google .
  10. My desktop seems dirty

    Thanks its taking windows updates now.
  11. My desktop seems dirty

    Ok , I do remember installing some server tools, this where it must have came from. Sophos scanned clean so I did not get a log. Here is the rest: Results of screen317's Security Check version 1.014 --- 12/23/15 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Avast Antivirus Windows Defender Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java 8 Update 131 Java version 32-bit out of Date! Adobe Flash Player 26.0.0.131 Mozilla Firefox (54.0) Google Chrome (58.0.3029.110) Google Chrome (SetupMetrics...) ````````Process Check: objlist.exe by Laurent```````` Oracle Java javapath AvastSvc.exe -?- AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` ------------------------------------------------------------------------------------------------------------------------------------- Farbar Service Scanner Version: 27-01-2016 Ran by bobby (administrator) on 23-06-2017 at 20:59:18 Running from "C:\Users\bobby\Desktop" Microsoft Windows 10 Home (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Policy: ======================== Security Center: ============ Windows Update: ============ wuauserv Service is not running. Checking service configuration: The start type of wuauserv service is set to Demand. The default start type is Auto. The ImagePath of wuauserv service is OK. The ServiceDll of wuauserv service is OK. Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Demand. The default start type is Auto. The ImagePath of WinDefend service is OK. Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => File is digitally signed C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed C:\Windows\System32\drivers\afd.sys => File is digitally signed C:\Windows\System32\drivers\tdx.sys => File is digitally signed C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed C:\Windows\System32\dnsrslvr.dll => File is digitally signed C:\Windows\System32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\System32\mpssvc.dll => File is digitally signed C:\Windows\System32\bfe.dll => File is digitally signed C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed C:\Windows\System32\SDRSVC.dll => File is digitally signed C:\Windows\System32\vssvc.exe => File is digitally signed C:\Windows\System32\wscsvc.dll => File is digitally signed C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed C:\Windows\System32\wuaueng.dll => File is digitally signed C:\Windows\System32\qmgr.dll => File is digitally signed C:\Windows\System32\es.dll => File is digitally signed C:\Windows\System32\cryptsvc.dll => File is digitally signed C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed C:\Windows\System32\ipnathlp.dll => File is digitally signed C:\Windows\System32\iphlpsvc.dll => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed **** End of log ****
  12. My desktop seems dirty

    Ok, couple questions on this one. :) What are these extra profiles? Can we delete them and go with the one bobby profile? Loaded Profiles: bobby & SQLTELEMETRY & MSSQLSERVER (Available Profiles: bobby & SQLTELEMETRY & MSSQLSERVER & DefaultAppPool) Also about the partition, What is this partition 2 (not active) taking half of the harddrive? Can we clean the partitions without loosing anything in the active partition? Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1862.6 GB) (Disk ID: B1A1F069) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=1845.2 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=450 MB) - (Type=27) Partition 4: (Not Active) - (Size=16.9 GB) - (Type=07 NTFS) Here is the FRST fix log: Fix result of Farbar Recovery Scan Tool (x64) Version: 21-06-2017 01 Ran by bobby (23-06-2017 10:48:39) Run:1 Running from C:\Users\bobby\Desktop Loaded Profiles: bobby & SQLTELEMETRY & MSSQLSERVER (Available Profiles: bobby & SQLTELEMETRY & MSSQLSERVER & DefaultAppPool) Boot Mode: Normal ============================================== fixlist content: ***************** HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <====== ATTENTION HKU\S-1-5-21-956974598-3299727750-65723944-1001\...\MountPoints2: {74f05d1d-e975-11e6-8ecd-806e6f6e6963} - "F:\setup.exe" HKU\S-1-5-21-956974598-3299727750-65723944-1001\...\MountPoints2: {c8f67b2c-8946-11e5-8d70-74de2b79f7ca} - "M:\autorun.exe" S4 AMD_RAIDXpert; "C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe" -s [X] 2017-04-09 07:45 - 2017-04-09 16:04 - 0000469 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc 2017-02-02 13:54 - 2017-02-02 14:18 - 1177480 _____ () C:\Users\bobby\AppData\Local\Temp\AMDCleanupUtility.exe 2017-02-03 23:36 - 2007-12-14 09:23 - 0640248 _____ (Electronic Arts Inc.) C:\Users\bobby\AppData\Local\Temp\AutoRun.exe 2017-02-03 23:36 - 2007-12-14 09:23 - 0591096 _____ (Electronic Arts Inc.) C:\Users\bobby\AppData\Local\Temp\AutoRunGUI.dll 2017-02-02 13:54 - 2017-02-02 14:18 - 0250248 _____ () C:\Users\bobby\AppData\Local\Temp\Cleanup.dll 2017-02-02 13:54 - 2017-02-02 14:18 - 0065536 _____ (Windows (R) Server 2003 DDK provider) C:\Users\bobby\AppData\Local\Temp\ddu.exe 2017-02-03 11:47 - 2016-11-11 06:13 - 1886344 _____ (Microsoft Corporation) C:\Users\bobby\AppData\Local\Temp\dllnt_dump.dll 2017-02-03 23:36 - 2007-12-14 09:23 - 0881912 _____ (Electronic Arts Inc.) C:\Users\bobby\AppData\Local\Temp\EAInstall.dll 2017-05-28 16:22 - 2016-12-22 19:03 - 3698888 _____ (Foxit Corporation) C:\Users\bobby\AppData\Local\Temp\FoxitUpdater.exe 2017-05-13 16:21 - 2017-05-13 16:21 - 0739904 _____ (Oracle Corporation) C:\Users\bobby\AppData\Local\Temp\jre-8u131-windows-au.exe 2017-02-02 13:54 - 2017-02-02 14:18 - 0516096 _____ (Microsoft Corporation) C:\Users\bobby\AppData\Local\Temp\msvcm80.dll 2017-02-02 13:54 - 2017-02-02 14:18 - 1061376 _____ (Microsoft Corporation) C:\Users\bobby\AppData\Local\Temp\msvcp80.dll 2017-02-02 13:54 - 2017-02-02 14:18 - 0796672 _____ (Microsoft Corporation) C:\Users\bobby\AppData\Local\Temp\msvcr80.dll 2017-02-02 13:40 - 2017-02-02 13:40 - 90992232 _____ () C:\Users\bobby\AppData\Local\Temp\playstv_patch.exe 2017-02-03 12:00 - 2017-02-03 12:00 - 44809728 _____ (Logitech, Inc.) C:\Users\bobby\AppData\Local\Temp\qc_a402013b_7656_4f6f_b57f_5a8ef69f5fc4_32.exe 2017-02-02 13:39 - 2017-02-02 13:39 - 59432328 _____ () C:\Users\bobby\AppData\Local\Temp\raptrpatch.exe 2017-02-02 13:39 - 2017-02-02 13:39 - 0221632 _____ () C:\Users\bobby\AppData\Local\Temp\raptr_stub.exe 2017-03-15 17:11 - 2017-03-15 17:11 - 14456872 _____ (Microsoft Corporation) C:\Users\bobby\AppData\Local\Temp\vc_redist.x86.exe ***************** HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <====== ATTENTION => restored successfully HKU\S-1-5-21-956974598-3299727750-65723944-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74f05d1d-e975-11e6-8ecd-806e6f6e6963} => key removed successfully HKLM\Software\Classes\CLSID\{74f05d1d-e975-11e6-8ecd-806e6f6e6963} => key not found. HKU\S-1-5-21-956974598-3299727750-65723944-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8f67b2c-8946-11e5-8d70-74de2b79f7ca} => key removed successfully HKLM\Software\Classes\CLSID\{c8f67b2c-8946-11e5-8d70-74de2b79f7ca} => key not found. HKLM\System\CurrentControlSet\Services\AMD_RAIDXpert => key removed successfully AMD_RAIDXpert => service removed successfully C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc => moved successfully C:\Users\bobby\AppData\Local\Temp\AMDCleanupUtility.exe => moved successfully C:\Users\bobby\AppData\Local\Temp\AutoRun.exe => moved successfully C:\Users\bobby\AppData\Local\Temp\AutoRunGUI.dll => moved successfully C:\Users\bobby\AppData\Local\Temp\Cleanup.dll => moved successfully C:\Users\bobby\AppData\Local\Temp\ddu.exe => moved successfully C:\Users\bobby\AppData\Local\Temp\dllnt_dump.dll => moved successfully C:\Users\bobby\AppData\Local\Temp\EAInstall.dll => moved successfully C:\Users\bobby\AppData\Local\Temp\FoxitUpdater.exe => moved successfully C:\Users\bobby\AppData\Local\Temp\jre-8u131-windows-au.exe => moved successfully C:\Users\bobby\AppData\Local\Temp\msvcm80.dll => moved successfully C:\Users\bobby\AppData\Local\Temp\msvcp80.dll => moved successfully C:\Users\bobby\AppData\Local\Temp\msvcr80.dll => moved successfully C:\Users\bobby\AppData\Local\Temp\playstv_patch.exe => moved successfully C:\Users\bobby\AppData\Local\Temp\qc_a402013b_7656_4f6f_b57f_5a8ef69f5fc4_32.exe => moved successfully C:\Users\bobby\AppData\Local\Temp\raptrpatch.exe => moved successfully C:\Users\bobby\AppData\Local\Temp\raptr_stub.exe => moved successfully C:\Users\bobby\AppData\Local\Temp\vc_redist.x86.exe => moved successfully ==== End of Fixlog 10:48:53 ====
  13. Friends win 10 desktop seems infected

    1RogueKiller V12.11.3.0 (x64) [Jun 19 2017] (Free) by Adlice Software mail : http://www.adlice.com/contact/ Feedback : https://forum.adlice.com Website : http://www.adlice.com/download/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 10 (10.0.14393) 64 bits version Started in : Normal mode User : owner [Administrator] Started from : C:\Program Files\RogueKiller\RogueKiller64.exe Mode : Delete -- Date : 06/23/2017 00:13:32 (Duration : 00:20:26) Switches : -refid ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 4 ¤¤¤ [PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} -> Deleted [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.3.0.1 ([X]) -> Replaced () [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{659a997d-c771-41c7-b3fd-2400acbf1ea9} | DhcpNameServer : 10.3.0.1 ([X]) -> Replaced () [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{b3e8033e-ed92-4dd6-8b8f-5d6dc8aaeced} | DhcpNameServer : 71.10.216.1 71.10.216.2 ([X][X]) -> Replaced () ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 2 ¤¤¤ [PUM.SearchEngine][Firefox:Config] p1p9jmbm.default : user_pref("browser.search.selectedEngine", "Bing®"); -> Deleted [PUM.SearchEngine][Firefox:Config] p1p9jmbm.default : user_pref("browser.search.defaultenginename", "Bing®"); -> Deleted ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: ST1000DM003-1SB10C +++++ --- User --- [MBR] 17a7091cb8378192b57dd0576d9cfffb [BSP] 800ed2b4c9a24f257902fec2a71e9780 : Legit.Unknown MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MB [Unknown Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: CT240BX200SSD1 +++++ --- User --- [MBR] 1de09facdbcc2bce62c7ab41920cdf33 [BSP] 111823e600b331a79f9d486d122e5989 : Empty MBR Code Partition table: 0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 450 MB 1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 923648 | Size: 100 MB 2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1128448 | Size: 16 MB 3 - Basic data partition | Offset (sectors): 1161216 | Size: 228369 MB User = LL1 ... OK User = LL2 ... OK ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 6/22/2017 Scan Time: 1:24 PM Logfile: mbamlog.txt Administrator: Yes Version: 2.2.1.1043 Malware Database: v2017.06.22.08 Rootkit Database: v2017.05.27.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 10 CPU: x64 File System: NTFS User: owner Scan Type: Threat Scan Result: Completed Objects Scanned: 289906 Time Elapsed: 4 min, 7 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 1 PUP.Optional.Conduit, HKU\S-1-5-21-3808737855-1502716943-3396329800-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarantined, [dd63053debbe78be2f4a8b4e55adf50b], Registry Values: 1 PUP.Optional.Conduit, HKU\S-1-5-21-3808737855-1502716943-3396329800-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, http://www.bing.com/search?pc=COSP&ptag=D110116-ACB9BF08CB3&form=CONBDF&conlogo=CT3335445&q={searchTerms}, Quarantined, [dd63053debbe78be2f4a8b4e55adf50b] Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ # AdwCleaner v6.047 - Logfile created 22/06/2017 at 13:40:16 # Updated on 19/05/2017 by Malwarebytes # Database : 2017-06-22.1 [Server] # Operating System : Windows 10 Home (X64) # Username : owner - DESKTOP-LRA92O6 # Running from : C:\Users\owner\Desktop\adwcleaner_6.047.exe # Mode: Clean # Support : https://www.malwarebytes.com/support ***** [ Services ] ***** ***** [ Folders ] ***** [-] Folder deleted: C:\Program Files (x86)\lavasoft\web companion [-] Folder deleted: C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Local\LavasoftTcpService [-] Folder deleted: C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn ***** [ Files ] ***** [-] File deleted: C:\WINDOWS\SysNative\LavasoftTcpService64.dll [-] File deleted: C:\WINDOWS\SysNative\LavasoftTcpServiceOff.ini [-] File deleted: C:\WINDOWS\SysWOW64\lavasofttcpservice.dll [-] File deleted: C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini [-] File deleted: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\p1p9jmbm.default\searchplugins\bing-lavasoft.xml ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled Tasks ] ***** ***** [ Registry ] ***** [-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer [-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer.1 [-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController [-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController.1 [-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable [-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable.1 [-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields [-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields.1 [-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder [-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder.1 [-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic [-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic.1 [-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager [-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager.1 [-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController [-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController.1 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer.1 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController.1 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable.1 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields.1 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder.1 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic.1 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager.1 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController.1 [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{2CE0F1DC-C504-4B7B-A385-D94A2531DFFB} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{0015CAC9-FC30-4CD0-BFAA-7412CC2C4DD9} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{26C7AFDB-3690-449E-B979-B0AF5CC56DD4} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{3A5A5381-DAAF-4C0D-B032-2C66B3EE4A8D} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{472EF1D2-4AAE-470D-AE85-6AF8177916FD} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{8F010D54-C023-457F-AF03-497EACB6D519} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{9A754403-27B1-4ED7-96D7-588F07888EBF} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{CB31FF8F-BF80-4D2B-ADBE-12C6F5347890} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{FCAA532B-E807-4027-940C-BA16B9D50105} [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057} [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A} [-] Key deleted: HKU\S-1-5-21-3808737855-1502716943-3396329800-1001\Software\APN PIP [-] Key deleted: HKU\S-1-5-21-3808737855-1502716943-3396329800-1001\Software\Lavasoft\Web Companion [#] Key deleted on reboot: HKCU\Software\APN PIP [#] Key deleted on reboot: HKCU\Software\Lavasoft\Web Companion [-] Key deleted: HKLM\SOFTWARE\Lavasoft\Web Companion [#] Key deleted on reboot: [x64] HKCU\Software\APN PIP [#] Key deleted on reboot: [x64] HKCU\Software\Lavasoft\Web Companion [-] Key deleted: HKU\S-1-5-21-3808737855-1502716943-3396329800-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} [-] Key deleted: HKU\S-1-5-21-3808737855-1502716943-3396329800-1001\Software\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353} [#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} [#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353} [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353} [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com [-] Key deleted: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\LavasoftTcpService.exe ***** [ Web browsers ] ***** [-] [C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com [-] [C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com ************************* :: "Tracing" keys deleted :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [6864 Bytes] - [22/06/2017 13:40:16] C:\AdwCleaner\AdwCleaner[S0].txt - [6828 Bytes] - [22/06/2017 13:39:45] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [7010 Bytes] ########## ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.1.3 (04.10.2017) Operating System: Windows 10 Home x64 Ran by owner (Administrator) on Fri 06/23/2017 at 9:21:34.91 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 0 Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Fri 06/23/2017 at 9:23:54.12 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  14. The dasktop would just freeze up after bootup. I installed and ran Superantispyware and ran Malwarebytes, both scanned dirty. Have a look please: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-06-2017 01 Ran by owner (administrator) on DESKTOP-LRA92O6 (22-06-2017 13:48:39) Running from C:\Users\owner\Desktop Loaded Profiles: owner (Available Profiles: owner) Platform: Windows 10 Home Version 1607 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe (Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe (Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe (AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.1439_none_7efe016621f50bd0\TiWorker.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-06-20] (AVAST Software) HKLM-x32\...\Run: [RzWizard] => C:\Program Files (x86)\Razer\RzWizard\RzWizard.exe [263112 2016-03-22] (Razer Inc.) HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1480336713\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.) HKLM-x32\...\Run: [AvgUi] => "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation) HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <====== ATTENTION ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-06-20] (AVAST Software) ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-06-20] (AVAST Software) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2016-09-08] ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{401FADAA-1C16-4721-9F02-19067E1A1CA8}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC) GroupPolicy: Restriction - Chrome <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 71.10.216.1 71.10.216.2 Tcpip\..\Interfaces\{20e0338c-715b-437e-9310-42cfb334a4f2}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{3da5fc42-8a40-49b8-b932-bc0137222f12}: [DhcpNameServer] 192.168.0.1 4.2.2.2 8.8.8.8 Tcpip\..\Interfaces\{b3e8033e-ed92-4dd6-8b8f-5d6dc8aaeced}: [DhcpNameServer] 71.10.216.1 71.10.216.2 Internet Explorer: ================== HKU\S-1-5-21-3808737855-1502716943-3396329800-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com SearchScopes: HKU\S-1-5-21-3808737855-1502716943-3396329800-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-06-20] (Oracle Corporation) BHO: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-06-20] (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-06-20] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-06-20] (Oracle Corporation) FireFox: ======== FF DefaultProfile: p1p9jmbm.default FF ProfilePath: C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\p1p9jmbm.default [2017-06-22] FF NewTab: Mozilla\Firefox\Profiles\p1p9jmbm.default -> about:home FF DefaultSearchEngine: Mozilla\Firefox\Profiles\p1p9jmbm.default -> Bing® FF SelectedSearchEngine: Mozilla\Firefox\Profiles\p1p9jmbm.default -> Bing® FF Homepage: Mozilla\Firefox\Profiles\p1p9jmbm.default -> google.com FF Extension: (leethax.net extension) - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\p1p9jmbm.default\Extensions\leethax@leethax.net.xpi [2016-12-27] FF Extension: (Avast SafePrice) - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\p1p9jmbm.default\Extensions\sp@avast.com.xpi [2017-06-20] FF Extension: (uBlock Origin) - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\p1p9jmbm.default\Extensions\uBlock0@raymondhill.net.xpi [2017-06-20] FF Extension: (Avast Online Security) - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\p1p9jmbm.default\Extensions\wrc@avast.com.xpi [2017-06-20] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-06-16] () FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-06-20] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-06-20] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-16] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1229199.dll [2017-03-31] (Adobe Systems, Inc.) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-04-06] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-04-06] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-04-06] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-04-06] (Foxit Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-06-20] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-06-20] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.) Chrome: ======= CHR Profile: C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default [2017-06-22] CHR Extension: (Google Slides) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-08] CHR Extension: (Google Docs) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-08] CHR Extension: (Google Drive) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-08] CHR Extension: (YouTube) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-08] CHR Extension: (uBlock Origin) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-12-20] CHR Extension: (Google Sheets) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-08] CHR Extension: (Google Docs Offline) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-16] CHR Extension: (Chrome Web Store Payments) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-26] CHR Extension: (Gmail) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-08] CHR Extension: (Chrome Media Router) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-15] CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-30] (SUPERAntiSpyware.com) R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7346208 2017-06-20] (AVAST Software s.r.o.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-06-20] (AVAST Software) R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659592 2017-04-13] (Foxit Software Inc.) R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [343040 2013-08-08] (Qualcomm Atheros) [File not signed] S4 RzWizardService; C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe [376272 2016-03-22] (Razer Inc.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0313676.inf_amd64_96bbc33bec5c7fae\atikmdag.sys [36558208 2017-05-16] (Advanced Micro Devices, Inc.) R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0313676.inf_amd64_96bbc33bec5c7fae\atikmpag.sys [528760 2017-05-16] (Advanced Micro Devices, Inc.) R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [311808 2017-06-20] (AVAST Software s.r.o.) R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [190256 2017-06-20] (AVAST Software s.r.o.) R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334576 2017-06-20] (AVAST Software s.r.o.) R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [49016 2017-06-20] (AVAST Software s.r.o.) S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-06-20] (AVAST Software) R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [32600 2017-06-20] (AVAST Software) R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [128648 2017-06-20] (AVAST Software) R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [101152 2017-06-20] (AVAST Software) R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [75704 2017-06-20] (AVAST Software) R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1007160 2017-06-20] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [569192 2017-06-20] (AVAST Software) R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [158880 2017-06-20] (AVAST Software) R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [339696 2017-06-20] (AVAST Software) R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [110096 2016-04-25] (Advanced Micro Devices) R1 BfLwf; C:\WINDOWS\system32\DRIVERS\bwcW8x64.sys [75056 2013-02-13] (Qualcomm Atheros, Inc.) R3 Ke2200; C:\WINDOWS\System32\drivers\e22w8x64.sys [163536 2013-03-20] (Qualcomm Atheros, Inc.) S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) U1 aswbdisk; no ImagePath S1 MpKsl534bc877; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{330B0F5F-6040-46EA-AAFC-721D72CB21F9}\MpKsl534bc877.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-06-22 13:48 - 2017-06-22 13:48 - 02439680 _____ (Farbar) C:\Users\owner\Desktop\FRST64.exe 2017-06-22 13:48 - 2017-06-22 13:48 - 00014796 _____ C:\Users\owner\Desktop\FRST.txt 2017-06-22 13:48 - 2017-06-22 13:48 - 00000000 ____D C:\ProgramData\SWCUTemp 2017-06-22 13:48 - 2017-06-22 13:48 - 00000000 ____D C:\FRST 2017-06-22 13:42 - 2017-06-22 13:42 - 00007169 _____ C:\Users\owner\Desktop\AdwCleaner[C0].txt 2017-06-22 13:37 - 2017-06-22 13:40 - 00000000 ____D C:\AdwCleaner 2017-06-22 13:35 - 2017-06-22 13:35 - 00001849 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk 2017-06-22 13:35 - 2017-06-22 13:35 - 00000000 ____D C:\Users\owner\AppData\Roaming\SUPERAntiSpyware.com 2017-06-22 13:35 - 2017-06-22 13:35 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com 2017-06-22 13:35 - 2017-06-22 13:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware 2017-06-22 13:35 - 2017-06-22 13:35 - 00000000 ____D C:\Program Files\SUPERAntiSpyware 2017-06-22 13:32 - 2017-06-22 13:33 - 00000000 ____D C:\ProgramData\TEMP 2017-06-22 13:32 - 2017-06-22 13:33 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster 2017-06-22 13:32 - 2017-06-22 13:32 - 00001152 _____ C:\Users\Public\Desktop\SpywareBlaster.lnk 2017-06-22 13:32 - 2017-06-22 13:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster 2017-06-22 13:32 - 2012-05-02 12:17 - 01070152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSCOMCTL.OCX 2017-06-22 13:32 - 2009-03-24 13:52 - 00129872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSSTDFMT.DLL 2017-06-22 13:29 - 2017-06-22 13:29 - 00001515 _____ C:\Users\owner\Desktop\mbamlog.txt 2017-06-22 13:28 - 2017-06-22 13:28 - 01663672 _____ (Malwarebytes) C:\Users\owner\Desktop\JRT.exe 2017-06-22 13:27 - 2017-06-22 13:37 - 04110280 _____ C:\Users\owner\Desktop\adwcleaner_6.047.exe 2017-06-22 13:27 - 2017-06-22 13:33 - 30277464 _____ (SUPERAntiSpyware) C:\Users\owner\Downloads\SUPERAntiSpyware.exe 2017-06-22 13:27 - 2017-06-22 13:30 - 04291320 _____ (BrightFort LLC ) C:\Users\owner\Downloads\spywareblastersetup55.exe 2017-06-22 13:27 - 2017-06-22 13:27 - 00448512 _____ (OldTimer Tools) C:\Users\owner\Desktop\TFC.exe 2017-06-22 13:11 - 2014-02-25 14:56 - 00034520 ____R (America Online) C:\WINDOWS\system32\Drivers\ATWPKT264.SYS 2017-06-22 13:04 - 2017-06-22 13:04 - 00000000 ____D C:\Users\owner\AppData\Roaming\AOL 2017-06-21 17:57 - 2017-06-20 16:02 - 00104600 ____N (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys 2017-06-20 16:11 - 2017-06-20 16:09 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-64.dll 2017-06-20 16:08 - 2017-06-20 16:08 - 00001428 _____ C:\Users\Public\Desktop\Foxit Reader.lnk 2017-06-20 16:08 - 2017-06-20 16:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader 2017-06-20 16:08 - 2017-06-20 16:08 - 00000000 ____D C:\Program Files (x86)\Foxit Software 2017-06-20 16:02 - 2017-06-21 18:02 - 00004022 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1497988935 2017-06-20 16:02 - 2017-06-21 18:02 - 00001088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk 2017-06-20 16:02 - 2017-06-20 16:02 - 00001088 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk 2017-06-20 16:01 - 2017-06-20 16:01 - 00032600 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys 2017-06-20 16:01 - 2017-06-20 16:01 - 00000000 ____D C:\Users\owner\AppData\Roaming\AVAST Software 2017-06-20 16:00 - 2017-06-22 13:00 - 00004268 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update 2017-06-20 16:00 - 2017-06-20 16:00 - 00569192 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2017-06-20 16:00 - 2017-06-20 16:00 - 00400456 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2017-06-20 16:00 - 2017-06-20 16:00 - 00339696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys 2017-06-20 16:00 - 2017-06-20 16:00 - 00158880 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys 2017-06-20 16:00 - 2017-06-20 16:00 - 00128648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2017-06-20 16:00 - 2017-06-20 16:00 - 00101152 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2017-06-20 16:00 - 2017-06-20 16:00 - 00075704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys 2017-06-20 16:00 - 2017-06-20 16:00 - 00061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys 2017-06-20 16:00 - 2017-06-20 16:00 - 00038296 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys 2017-06-20 16:00 - 2017-06-20 16:00 - 00001979 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk 2017-06-20 16:00 - 2017-06-20 16:00 - 00001967 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2017-06-20 16:00 - 2017-06-20 15:59 - 01007160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2017-06-20 16:00 - 2017-06-20 15:59 - 00334576 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbloga.sys 2017-06-20 16:00 - 2017-06-20 15:59 - 00311808 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys 2017-06-20 16:00 - 2017-06-20 15:59 - 00190256 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbidsha.sys 2017-06-20 16:00 - 2017-06-20 15:59 - 00049016 _____ (AVAST Software s.r.o.) C:\WINDOWS\system32\Drivers\aswbuniva.sys 2017-06-20 15:58 - 2017-06-20 18:09 - 00000000 ____D C:\ProgramData\AVAST Software 2017-06-20 15:58 - 2017-06-20 16:01 - 00000000 ____D C:\Program Files\AVAST Software 2017-06-20 15:58 - 2017-06-20 15:58 - 06919904 _____ (AVAST Software) C:\Users\owner\Downloads\avast_free_antivirus_setup_online.exe 2017-06-20 15:55 - 2017-06-20 15:55 - 00000000 ___HD C:\OneDriveTemp 2017-06-15 17:37 - 2017-06-15 17:37 - 00000000 ___SD C:\WINDOWS\UpdateAssistantV2 2017-06-14 18:48 - 2017-06-03 06:50 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll 2017-06-14 18:48 - 2017-06-03 06:16 - 00279904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys 2017-06-14 18:48 - 2017-06-03 06:11 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2017-06-14 18:48 - 2017-06-03 06:09 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2017-06-14 18:48 - 2017-06-03 06:06 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll 2017-06-14 18:48 - 2017-06-03 05:59 - 01181024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys 2017-06-14 18:48 - 2017-06-03 05:59 - 00118112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys 2017-06-14 18:48 - 2017-06-03 05:58 - 00340832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll 2017-06-14 18:48 - 2017-06-03 05:55 - 00780640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe 2017-06-14 18:48 - 2017-06-03 05:54 - 00187232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys 2017-06-14 18:48 - 2017-06-03 05:52 - 01021784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll 2017-06-14 18:48 - 2017-06-03 05:52 - 00607072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll 2017-06-14 18:48 - 2017-06-03 05:52 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll 2017-06-14 18:48 - 2017-06-03 05:50 - 00857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe 2017-06-14 18:48 - 2017-06-03 05:50 - 00381792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS 2017-06-14 18:48 - 2017-06-03 05:49 - 20967840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2017-06-14 18:48 - 2017-06-03 05:48 - 00857952 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll 2017-06-14 18:48 - 2017-06-03 05:48 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll 2017-06-14 18:48 - 2017-06-03 05:45 - 22220864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2017-06-14 18:48 - 2017-06-03 05:44 - 01412640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll 2017-06-14 18:48 - 2017-06-03 05:44 - 00545944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe 2017-06-14 18:48 - 2017-06-03 05:39 - 05686272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2017-06-14 18:48 - 2017-06-03 05:39 - 02532192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2017-06-14 18:48 - 2017-06-03 05:33 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll 2017-06-14 18:48 - 2017-06-03 05:32 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll 2017-06-14 18:48 - 2017-06-03 05:31 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll 2017-06-14 18:48 - 2017-06-03 05:31 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll 2017-06-14 18:48 - 2017-06-03 05:28 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll 2017-06-14 18:48 - 2017-06-03 05:28 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edputil.dll 2017-06-14 18:48 - 2017-06-03 05:26 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll 2017-06-14 18:48 - 2017-06-03 05:26 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBrokerUI.dll 2017-06-14 18:48 - 2017-06-03 05:22 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll 2017-06-14 18:48 - 2017-06-03 05:22 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcorehc.dll 2017-06-14 18:48 - 2017-06-03 05:22 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tcpipcfg.dll 2017-06-14 18:48 - 2017-06-03 05:20 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2017-06-14 18:48 - 2017-06-03 05:19 - 01164288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe 2017-06-14 18:48 - 2017-06-03 05:16 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll 2017-06-14 18:48 - 2017-06-03 05:16 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll 2017-06-14 18:48 - 2017-06-03 05:15 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll 2017-06-14 18:48 - 2017-06-03 05:15 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys 2017-06-14 18:48 - 2017-06-03 05:14 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2017-06-14 18:48 - 2017-06-03 05:14 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll 2017-06-14 18:48 - 2017-06-03 05:14 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe 2017-06-14 18:48 - 2017-06-03 05:12 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdProxy.dll 2017-06-14 18:48 - 2017-06-03 05:08 - 02643968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll 2017-06-14 18:48 - 2017-06-03 05:08 - 01221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll 2017-06-14 18:48 - 2017-06-03 05:07 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2017-06-14 18:48 - 2017-06-03 05:07 - 00456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll 2017-06-14 18:48 - 2017-06-03 05:05 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll 2017-06-14 18:48 - 2017-06-03 05:05 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hnetcfg.dll 2017-06-14 18:48 - 2017-06-03 05:04 - 02006528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll 2017-06-14 18:48 - 2017-06-03 05:04 - 00773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe 2017-06-14 18:48 - 2017-06-03 05:03 - 01988096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll 2017-06-14 18:48 - 2017-06-03 05:02 - 02997760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2017-06-14 18:48 - 2017-06-03 04:54 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll 2017-06-14 18:48 - 2017-06-03 04:52 - 03403264 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll 2017-06-14 18:48 - 2017-06-03 04:51 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll 2017-06-14 18:48 - 2017-06-03 04:50 - 02538496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll 2017-06-14 18:48 - 2017-06-03 04:49 - 00903680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe 2017-06-14 18:48 - 2017-06-03 04:48 - 01131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll 2017-06-14 18:48 - 2017-06-03 04:48 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll 2017-06-14 18:48 - 2017-06-03 04:48 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2017-06-14 18:48 - 2017-06-03 04:40 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll 2017-06-14 18:48 - 2017-05-25 01:56 - 00038752 _____ (Microsoft Corporation) C:\WINDOWS\system32\OOBEUpdater.exe 2017-06-14 18:48 - 2017-03-04 02:16 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll 2017-06-14 18:48 - 2017-03-04 02:16 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll 2017-06-14 18:48 - 2016-09-07 00:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll 2017-06-14 18:47 - 2017-06-03 06:50 - 00192856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll 2017-06-14 18:47 - 2017-06-03 06:14 - 01564512 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2017-06-14 18:47 - 2017-06-03 06:14 - 01214816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2017-06-14 18:47 - 2017-06-03 06:14 - 00629088 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2017-06-14 18:47 - 2017-06-03 06:14 - 00544096 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2017-06-14 18:47 - 2017-06-03 06:14 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll 2017-06-14 18:47 - 2017-06-03 06:14 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll 2017-06-14 18:47 - 2017-06-03 06:14 - 00334176 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2017-06-14 18:47 - 2017-06-03 06:14 - 00233824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2017-06-14 18:47 - 2017-06-03 06:14 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2017-06-14 18:47 - 2017-06-03 06:14 - 00136024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll 2017-06-14 18:47 - 2017-06-03 06:14 - 00096608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2017-06-14 18:47 - 2017-06-03 06:14 - 00034648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe 2017-06-14 18:47 - 2017-06-03 06:11 - 00128864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys 2017-06-14 18:47 - 2017-06-03 06:08 - 07783256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2017-06-14 18:47 - 2017-06-03 06:01 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll 2017-06-14 18:47 - 2017-06-03 05:59 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll 2017-06-14 18:47 - 2017-06-03 05:53 - 00404824 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll 2017-06-14 18:47 - 2017-06-03 05:51 - 02187104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2017-06-14 18:47 - 2017-06-03 05:51 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2017-06-14 18:47 - 2017-06-03 05:49 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2017-06-14 18:47 - 2017-06-03 05:49 - 00509280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys 2017-06-14 18:47 - 2017-06-03 05:48 - 01112416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll 2017-06-14 18:47 - 2017-06-03 05:48 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2017-06-14 18:47 - 2017-06-03 05:48 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2017-06-14 18:47 - 2017-06-03 05:44 - 01600624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2017-06-14 18:47 - 2017-06-03 05:40 - 01566552 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll 2017-06-14 18:47 - 2017-06-03 05:40 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2017-06-14 18:47 - 2017-06-03 05:39 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe 2017-06-14 18:47 - 2017-06-03 05:23 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll 2017-06-14 18:47 - 2017-06-03 05:22 - 07217152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2017-06-14 18:47 - 2017-06-03 05:18 - 22569984 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2017-06-14 18:47 - 2017-06-03 05:16 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll 2017-06-14 18:47 - 2017-06-03 05:15 - 19414016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2017-06-14 18:47 - 2017-06-03 05:15 - 18364928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2017-06-14 18:47 - 2017-06-03 05:15 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll 2017-06-14 18:47 - 2017-06-03 05:14 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2017-06-14 18:47 - 2017-06-03 05:11 - 00353792 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll 2017-06-14 18:47 - 2017-06-03 05:10 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll 2017-06-14 18:47 - 2017-06-03 05:10 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll 2017-06-14 18:47 - 2017-06-03 05:10 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBrokerUI.dll 2017-06-14 18:47 - 2017-06-03 05:09 - 00489472 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll 2017-06-14 18:47 - 2017-06-03 05:09 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcorehc.dll 2017-06-14 18:47 - 2017-06-03 05:09 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll 2017-06-14 18:47 - 2017-06-03 05:08 - 12187648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2017-06-14 18:47 - 2017-06-03 05:08 - 00691200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll 2017-06-14 18:47 - 2017-06-03 05:08 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll 2017-06-14 18:47 - 2017-06-03 05:08 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll 2017-06-14 18:47 - 2017-06-03 05:07 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\HNetCfgClient.dll 2017-06-14 18:47 - 2017-06-03 05:06 - 03664384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2017-06-14 18:47 - 2017-06-03 05:06 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll 2017-06-14 18:47 - 2017-06-03 05:04 - 06042624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2017-06-14 18:47 - 2017-06-03 05:03 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2017-06-14 18:47 - 2017-06-03 05:01 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll 2017-06-14 18:47 - 2017-06-03 05:00 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2017-06-14 18:47 - 2017-06-03 04:58 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll 2017-06-14 18:47 - 2017-06-03 04:56 - 13091840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2017-06-14 18:47 - 2017-06-03 04:53 - 08125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2017-06-14 18:47 - 2017-06-03 04:52 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll 2017-06-14 18:47 - 2017-06-03 04:52 - 00975872 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe 2017-06-14 18:47 - 2017-06-03 04:52 - 00886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll 2017-06-14 18:47 - 2017-06-03 04:51 - 01418240 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe 2017-06-14 18:47 - 2017-06-03 04:50 - 04744704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2017-06-14 18:47 - 2017-06-03 04:49 - 03615744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2017-06-14 18:47 - 2017-06-03 04:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll 2017-06-14 18:47 - 2017-06-03 04:49 - 02475520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll 2017-06-14 18:47 - 2017-06-03 04:49 - 02318848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2017-06-14 18:47 - 2017-06-03 04:49 - 01845248 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll 2017-06-14 18:47 - 2017-06-03 04:49 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2017-06-14 18:47 - 2017-06-03 04:49 - 00351744 _____ (Microsoft Corporation) C:\WINDOWS\system32\hnetcfg.dll 2017-06-14 18:47 - 2017-06-03 04:48 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2017-06-14 18:47 - 2017-06-03 04:46 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll 2017-06-14 18:47 - 2017-06-03 02:08 - 00080078 _____ C:\WINDOWS\system32\normidna.nls 2017-06-14 18:47 - 2017-03-04 02:22 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll 2017-06-14 18:47 - 2017-03-04 02:19 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll 2017-06-01 13:02 - 2017-06-01 13:02 - 00301314 _____ C:\Users\owner\Downloads\EligibilityNotice.pdf 2017-05-30 12:43 - 2017-06-16 09:13 - 00000000 _____ C:\WINDOWS\SysWOW64\last.dump 2017-05-30 10:02 - 2017-05-30 10:02 - 00000000 ____D C:\Icons 2017-05-25 18:53 - 2017-05-25 18:53 - 00412036 _____ C:\WINDOWS\Minidump\052517-59000-01.dmp ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-06-22 13:46 - 2016-11-18 08:58 - 00000000 ____D C:\Users\owner\AppData\LocalLow\Mozilla 2017-06-22 13:44 - 2016-09-25 07:07 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-06-22 13:44 - 2016-09-25 07:03 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin 2017-06-22 13:44 - 2016-07-16 02:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI 2017-06-22 13:40 - 2016-11-01 08:59 - 00000000 ____D C:\Program Files (x86)\Lavasoft 2017-06-22 13:40 - 2016-09-25 07:04 - 00000000 ____D C:\Users\owner 2017-06-22 13:33 - 2016-12-09 09:07 - 00000258 __RSH C:\ProgramData\ntuser.pol 2017-06-22 13:30 - 2016-11-10 09:36 - 00000000 ____D C:\Program Files (x86)\Steam 2017-06-22 13:28 - 2016-09-07 16:02 - 03181402 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-06-22 13:23 - 2016-09-18 20:43 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2017-06-22 13:22 - 2016-09-25 07:02 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2017-06-22 13:17 - 2016-07-16 07:47 - 00000000 ___HD C:\Program Files\WindowsApps 2017-06-22 13:17 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\AppReadiness 2017-06-22 12:51 - 2016-11-29 09:23 - 00000000 ____D C:\Users\owner\AppData\Roaming\AVG 2017-06-22 12:51 - 2016-11-29 09:20 - 00000000 ____D C:\Program Files (x86)\AVG 2017-06-22 12:51 - 2016-11-29 09:19 - 00000000 ____D C:\ProgramData\Avg 2017-06-22 10:58 - 2016-11-17 09:56 - 00004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7EB55AD7-453E-4A8C-A7C7-76966ED324FF} 2017-06-20 16:29 - 2016-10-27 11:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-06-20 16:12 - 2016-09-08 10:19 - 00000916 _____ C:\Users\Public\Desktop\VLC media player.lnk 2017-06-20 16:11 - 2016-09-08 10:18 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2017-06-20 16:11 - 2016-09-08 10:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2017-06-20 16:11 - 2016-09-08 10:17 - 00000000 ____D C:\Program Files (x86)\Java 2017-06-20 16:09 - 2016-11-18 09:05 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll 2017-06-20 16:09 - 2016-11-18 09:05 - 00000000 ____D C:\Program Files\Java 2017-06-20 16:08 - 2016-09-08 10:19 - 00000000 ____D C:\ProgramData\Foxit Software 2017-06-20 16:06 - 2016-09-08 10:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2017-06-20 16:06 - 2016-09-08 10:19 - 00000000 ____D C:\Program Files\7-Zip 2017-06-20 16:04 - 2016-11-01 08:58 - 00000000 ____D C:\Program Files (x86)\Camfrog 2017-06-20 15:57 - 2016-11-29 09:19 - 00000000 ____D C:\Users\owner\AppData\Local\AvgSetupLog 2017-06-20 15:55 - 2016-12-13 15:59 - 00003290 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2 2017-06-20 15:55 - 2016-09-07 16:02 - 00002367 _____ C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2017-06-20 15:55 - 2016-09-07 16:02 - 00000000 ___RD C:\Users\owner\OneDrive 2017-06-20 15:54 - 2016-11-01 08:58 - 00000000 ____D C:\Users\owner\AppData\Roaming\Camfrog 2017-06-19 22:54 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports 2017-06-19 18:48 - 2016-07-16 07:45 - 00000000 ____D C:\WINDOWS\INF 2017-06-16 23:43 - 2017-05-10 22:43 - 05427200 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe 2017-06-16 23:43 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed 2017-06-16 23:43 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\Macromed 2017-06-16 08:45 - 2016-09-07 16:00 - 00000000 __RHD C:\Users\Public\AccountPictures 2017-06-15 17:38 - 2016-09-25 07:02 - 00258016 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2017-06-15 17:38 - 2016-09-08 10:16 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2017-06-15 17:38 - 2016-09-08 10:16 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2017-06-15 17:37 - 2016-07-16 07:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2017-06-15 17:37 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\appraiser 2017-06-15 17:37 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\ShellExperiences 2017-06-15 13:29 - 2016-07-16 07:36 - 00000000 ____D C:\WINDOWS\CbsTemp 2017-06-14 08:08 - 2016-11-01 08:11 - 00000000 ____D C:\Users\owner\AppData\Local\Battle.net 2017-06-13 17:22 - 2016-09-07 16:29 - 00000000 ____D C:\WINDOWS\system32\MRT 2017-06-13 17:21 - 2016-09-07 16:29 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2017-06-13 17:20 - 2016-09-08 10:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2017-06-13 10:46 - 2016-11-01 08:14 - 00000000 ____D C:\Program Files (x86)\World of Warcraft 2017-06-05 08:37 - 2016-11-01 08:10 - 00000000 ____D C:\Program Files (x86)\Battle.net 2017-06-03 02:36 - 2016-07-16 07:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2017-06-03 02:36 - 2016-07-16 07:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2017-05-31 08:00 - 2016-09-07 16:30 - 00565416 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2017-05-30 10:28 - 2016-09-08 10:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-05-25 18:53 - 2016-12-14 00:06 - 00000000 ____D C:\WINDOWS\Minidump 2017-05-25 18:52 - 2016-09-17 09:51 - 4244352000 ____N C:\WINDOWS\MEMORY.DMP 2017-05-24 17:51 - 2017-04-23 08:24 - 00159496 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgstm.sys.149566270607801 ==================== Files in the root of some directories ======= 2016-09-08 09:53 - 2016-09-08 09:53 - 0000000 _____ () C:\Users\owner\AppData\Local\Driver_LOM_8161Present.flag 2017-03-06 18:52 - 2017-03-06 18:52 - 0000000 _____ () C:\Users\owner\AppData\Local\{0FDEFA91-9177-4402-9B2C-38D52CB216DB} Some files in TEMP: ==================== 2014-02-25 14:56 - 2014-02-25 14:56 - 0115816 _____ (AOL Inc.) C:\Users\owner\AppData\Local\Temp\AcsInstall.dll 2017-06-20 16:08 - 2016-08-05 11:51 - 5570760 _____ (Foxit Corporation) C:\Users\owner\AppData\Local\Temp\FoxitUpdater.exe 2016-11-18 09:04 - 2016-11-18 09:04 - 0737856 _____ (Oracle Corporation) C:\Users\owner\AppData\Local\Temp\jre-8u111-windows-au.exe 2017-04-18 20:57 - 2017-04-18 20:57 - 0739904 _____ (Oracle Corporation) C:\Users\owner\AppData\Local\Temp\jre-8u131-windows-au.exe 2003-10-23 14:27 - 2003-10-23 14:27 - 0022528 _____ (Microsoft Corporation) C:\Users\owner\AppData\Local\Temp\SHFOLDER.DLL 2017-05-17 10:36 - 2017-05-17 10:36 - 0729368 _____ (adaware) C:\Users\owner\AppData\Local\Temp\wcupdater.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-06-15 13:24 ==================== End of FRST.txt ============================ ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-06-2017 01 Ran by owner (22-06-2017 13:49:08) Running from C:\Users\owner\Desktop Windows 10 Home Version 1607 (X64) (2016-09-25 11:08:47) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3808737855-1502716943-3396329800-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3808737855-1502716943-3396329800-503 - Limited - Disabled) Guest (S-1-5-21-3808737855-1502716943-3396329800-501 - Limited - Disabled) owner (S-1-5-21-3808737855-1502716943-3396329800-1001 - Administrator - Enabled) => C:\Users\owner ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov) 7-Zip 16.04 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1604-000001000000}) (Version: 16.04.00.0 - Igor Pavlov) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 25.0.0.134 - Adobe Systems Incorporated) Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated) Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.9.199 - Adobe Systems, Inc.) AMD Radeon Settings (HKLM\...\WUCCCApp) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.4.2294 - AVAST Software) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Catalyst Control Center Next Localization BR (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization BR (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization BR (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization BR (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization BR (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHS (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHS (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHS (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHS (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHS (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHT (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHT (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHT (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHT (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHT (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CS (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CS (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CS (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CS (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CS (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DA (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DA (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DA (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DA (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DA (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DE (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DE (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DE (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DE (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DE (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization EL (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization EL (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization EL (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization EL (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization EL (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization ES (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization ES (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization ES (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization ES (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization ES (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FI (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FI (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FI (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FI (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FI (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FR (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FR (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FR (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FR (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FR (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization HU (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization HU (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization HU (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization HU (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization HU (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization IT (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization IT (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization IT (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization IT (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization IT (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization JA (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization JA (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization JA (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization JA (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization JA (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization KO (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization KO (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization KO (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization KO (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization KO (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NL (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NL (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NL (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NL (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NL (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NO (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NO (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NO (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NO (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NO (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization PL (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization PL (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization PL (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization PL (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization PL (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization RU (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization RU (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization RU (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization RU (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization RU (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization SV (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization SV (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization SV (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization SV (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization SV (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TH (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TH (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TH (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TH (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TH (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TR (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TR (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TR (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TR (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TR (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.3.0.14878 - Foxit Software Inc.) Google Chrome (HKLM-x32\...\{363BF6FC-3A14-3806-ADF6-69F23C73DC2F}) (Version: 58.0.3029.110 - Google, Inc.) Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden Java 8 Update 111 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180111F0}) (Version: 8.0.1110.14 - Oracle Corporation) Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation) Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation) Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation) LibreOffice 5.2.1.2 (HKLM\...\{4A18AA03-C78A-40A0-A355-38AB43B2FE78}) (Version: 5.2.1.2 - The Document Foundation) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft OneDrive (HKU\S-1-5-21-3808737855-1502716943-3396329800-1001\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Mozilla Firefox 54.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0 (x86 en-US)) (Version: 54.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 53.0.3.6347 - Mozilla) Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.0.30.1259 - Qualcomm Atheros) Hidden Qualcomm Atheros Killer E220x Drivers (Version: 1.0.30.1259 - Qualcomm Atheros) Hidden Qualcomm Atheros Killer Network Manager Suite (HKLM-x32\...\{FE5DFB80-6937-4154-A2C7-EF845C1301F8}) (Version: 1.0.30.1259 - Qualcomm Atheros) Qualcomm Atheros Network Manager (Version: 1.0.30.1259 - Qualcomm Atheros) Hidden SafeZone Stable 3.55.2393.607 (x32 Version: 3.55.2393.607 - Avast Software) Hidden SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1244 - SUPERAntiSpyware.com) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Team Fortress 2 (HKLM\...\Steam App 440) (Version: - Valve) VEGA Conflict (HKLM\...\Steam App 339600) (Version: - KIXEYE) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN) Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation) World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {1BA1818D-5AFE-477C-A361-6B5767704DF1} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-04-24] (Advanced Micro Devices, Inc.) Task: {257EEC95-86AD-4D63-89CE-CE152C3F495C} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-06-20] (AVAST Software) Task: {303B32DD-31E3-46CA-9594-8CB38051469B} - System32\Tasks\SafeZone scheduled Autoupdate 1497988935 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-05-17] (Avast Software) Task: {50AFEB88-C518-424C-AFB5-8A4CAA642B68} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\owner\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe Task: {9E4EEFBB-EC1A-4B08-8D7C-A5413EFE85CC} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-06-16] (Adobe Systems Incorporated) Task: {D355820B-651E-4061-B0F6-3DA01A3735B9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-08] (Google Inc.) Task: {E9AA8A5B-04B5-4E8E-AC14-C4DAC40F9F9E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-08] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-07-16 07:42 - 2016-07-16 07:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2017-06-14 18:47 - 2017-06-03 06:01 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-09-25 10:59 - 2016-09-25 10:59 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2017-03-15 09:52 - 2017-03-04 02:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2017-03-15 09:50 - 2017-03-04 02:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2017-03-15 09:50 - 2017-03-04 02:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-03-15 09:50 - 2017-03-04 02:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2017-06-14 18:47 - 2017-06-03 04:47 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2017-06-14 18:47 - 2017-06-03 04:47 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2017-06-14 18:47 - 2017-06-03 04:51 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2017-06-22 13:17 - 2017-06-22 13:17 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2017-06-22 13:17 - 2017-06-22 13:17 - 00203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2017-06-22 13:17 - 2017-06-22 13:17 - 43454464 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkyWrap.dll 2017-06-22 13:17 - 2017-06-22 13:17 - 02437120 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\skypert.dll 2016-09-25 07:40 - 2016-09-25 07:40 - 04319744 _____ () C:\Program Files\WindowsApps\Microsoft.XboxIdentityProvider_11.19.19003.0_x64__8wekyb3d8bbwe\XboxIdp.dll 2016-09-25 07:40 - 2016-09-25 07:40 - 00055296 _____ () C:\Program Files\WindowsApps\Microsoft.XboxIdentityProvider_11.19.19003.0_x64__8wekyb3d8bbwe\XboxIdp.Native.dll 2017-06-20 16:00 - 2017-06-20 16:00 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2017-06-20 16:00 - 2017-06-20 16:00 - 00997896 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll 2017-06-20 16:00 - 2017-06-20 16:00 - 67717632 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2017-06-20 16:00 - 2017-06-20 16:00 - 00176992 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll 2017-06-20 16:00 - 2017-06-20 16:00 - 00223224 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll 2017-06-20 15:59 - 2017-06-20 15:59 - 00291824 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\.DEFAULT\...\localhost -> localhost IE trusted site: HKU\S-1-5-21-3808737855-1502716943-3396329800-1001\...\localhost -> localhost IE restricted site: HKU\S-1-5-21-3808737855-1502716943-3396329800-1001\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-3808737855-1502716943-3396329800-1001\...\008k.com -> 008k.com IE restricted site: HKU\S-1-5-21-3808737855-1502716943-3396329800-1001\...\00hq.com -> 00hq.com IE restricted site: HKU\S-1-5-21-3808737855-1502716943-3396329800-1001\...\0190-dialers.com -> 0190-dialers.com IE restricted site: HKU\S-1-5-21-3808737855-1502716943-3396329800-1001\...\01i.info -> 01i.info IE restricted site: HKU\S-1-5-21-3808737855-1502716943-3396329800-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com IE restricted site: HKU\S-1-5-21-3808737855-1502716943-3396329800-1001\...\0411dd.com -> 0411dd.com IE restricted site: HKU\S-1-5-21-3808737855-1502716943-3396329800-1001\...\0511zfhl.com -> 0511zfhl.com IE restricted site: HKU\S-1-5-21-3808737855-1502716943-3396329800-1001\...\05p.com -> 05p.com IE restricted site: HKU\S-1-5-21-3808737855-1502716943-3396329800-1001\...\0632qyw.com -> 0632qyw.com IE restricted site: HKU\S-1-5-21-3808737855-1502716943-3396329800-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com IE restricted site: HKU\S-1-5-21-3808737855-1502716943-3396329800-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com IE restricted site: HKU\S-1-5-21-3808737855-1502716943-3396329800-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com IE restricted site: HKU\S-1-5-21-3808737855-1502716943-3396329800-1001\...\0calories.net -> 0calories.net IE restricted site: HKU\S-1-5-21-3808737855-1502716943-3396329800-1001\...\0cj.net -> 0cj.net IE restricted site: HKU\S-1-5-21-3808737855-1502716943-3396329800-1001\...\0scan.com -> 0scan.com IE restricted site: HKU\S-1-5-21-3808737855-1502716943-3396329800-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com IE restricted site: HKU\S-1-5-21-3808737855-1502716943-3396329800-1001\...\1-domains-registrations.com -> 1-domains-registrations.com IE restricted site: HKU\S-1-5-21-3808737855-1502716943-3396329800-1001\...\1-se.com -> 1-se.com IE restricted site: HKU\S-1-5-21-3808737855-1502716943-3396329800-1001\...\1001movie.com -> 1001movie.com There are 6091 more sites. ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-10-30 03:24 - 2015-10-30 03:21 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3808737855-1502716943-3396329800-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg DNS Servers: 71.10.216.1 - 71.10.216.2 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\Services: AOL ACS => 3 MSCONFIG\Services: RzWizardService => 2 MSCONFIG\Services: Steam Client Service => 3 HKLM\...\StartupApproved\StartupFolder: => "Killer Network Manager.lnk" HKLM\...\StartupApproved\Run32: => "RzWizard" HKLM\...\StartupApproved\Run32: => "HostManager" HKLM\...\StartupApproved\Run32: => "AvgUi" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{4D9A301A-8622-49E6-BD58-9C67574469B6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{03BF63AF-1A7B-48FF-B0DB-AD5185A66E2F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{863BB747-3E35-48A6-A6A3-4E329E5C10B9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{2809AAB1-1120-49ED-A3AF-C797CE4495C1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{339B096B-E9EF-49E9-B7B3-8A49ECE6E6F5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VEGA Conflict\VEGAConflict.exe FirewallRules: [{BC016FC6-0E48-45D1-BBC6-B688821F3E75}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\VEGA Conflict\VEGAConflict.exe FirewallRules: [{E87A84E6-0074-4F7F-A4A5-D1528AEB3829}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe FirewallRules: [{AEC43C9F-C8A6-465E-ACA0-E2FBF8F9EF70}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe FirewallRules: [TCP Query User{6231CAD7-EAA1-47AB-9771-22E442CC7212}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe] => (Block) C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe FirewallRules: [UDP Query User{F8A80154-0F40-4ABD-A1D3-224162FFE393}C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe] => (Block) C:\program files (x86)\camfrog\camfrog video chat\camfrog video chat.exe FirewallRules: [TCP Query User{B125D0EB-8832-4EA3-8173-60107AC6242E}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Block) C:\program files (x86)\paltalk messenger\paltalk.exe FirewallRules: [UDP Query User{F212BE1D-21D9-4F07-9FD0-34A37385ADE7}C:\program files (x86)\paltalk messenger\paltalk.exe] => (Block) C:\program files (x86)\paltalk messenger\paltalk.exe FirewallRules: [{CA25552E-6EB1-4353-A9BA-04758A2C5C98}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe FirewallRules: [{78841D33-0099-4B16-92A0-36050A66B703}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLDial.exe FirewallRules: [{48EE8BA4-0A36-48F2-8B47-5FC290DC8FB4}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe FirewallRules: [{1055AF86-FDD1-4260-9608-41F0651A53C0}] => (Allow) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe FirewallRules: [{DF275E8F-26DF-47EE-99DC-2EFDC80890F1}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1480336713\ee\aolsoftware.exe FirewallRules: [{7CD7473C-9974-4F8C-96C4-92FA6470819F}] => (Allow) C:\Program Files (x86)\Common Files\AOL\1480336713\ee\aolsoftware.exe FirewallRules: [{28349D70-A7A4-4626-A2F3-257B9CB90BD4}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{77B2E9DE-77F9-4031-86A3-96D0BBA71D91}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{F3F149D9-4B00-4380-B4CD-A63D51F16CAA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{9C247876-8C39-4B39-85E9-85208671112B}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{F2A5FD7F-FA93-420E-AD65-967EC625C524}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{20D39C2D-E337-4920-B545-9C804A155E3A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{3659B711-C4B6-4CE3-9422-DDEB73D6329D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{E3DAAFF3-EDB5-4607-A450-E06D767F34F2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [TCP Query User{8861AAFC-3F4E-4156-B59D-EF1E55320F05}C:\program files (x86)\microsoft research\microsoft worldwide telescope\wwtexplorer.exe] => (Allow) C:\program files (x86)\microsoft research\microsoft worldwide telescope\wwtexplorer.exe FirewallRules: [UDP Query User{CEA25D42-885B-4A4A-B1DB-F0A16947693D}C:\program files (x86)\microsoft research\microsoft worldwide telescope\wwtexplorer.exe] => (Allow) C:\program files (x86)\microsoft research\microsoft worldwide telescope\wwtexplorer.exe FirewallRules: [{2464FDE7-BFDC-48EA-8896-104D8F7D744E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{E6031E5E-E541-4656-ABE2-094398EC8E6C}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe FirewallRules: [{B23F49D8-F068-4786-9AAF-A11048E9A6B0}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.607\SZBrowser.exe ==================== Restore Points ========================= 20-06-2017 16:05:32 Removed WorldWide Telescope ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/22/2017 01:44:30 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-LRA92O6) Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (06/22/2017 01:41:56 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: RzWizard.exe, version: 1.0.6.1000, time stamp: 0x56f20403 Faulting module name: KERNELBASE.dll, version: 10.0.14393.1358, time stamp: 0x59327ae2 Exception code: 0xe0434352 Fault offset: 0x000da9f2 Faulting process id: 0x1554 Faulting application start time: 0x01d2eb7ed628fdc3 Faulting application path: C:\Program Files (x86)\Razer\RzWizard\RzWizard.exe Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll Report Id: 2faabf52-619b-47eb-ba51-1a5377d09775 Faulting package full name: Faulting package-relative application ID: Error: (06/22/2017 01:41:56 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: RzWizard.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.Xml.XmlException at System.Xml.XmlTextReaderImpl.Throw(System.Exception) at System.Xml.XmlTextReaderImpl.Throw(System.String, System.String[]) at System.Xml.XmlTextReaderImpl.ParseText(Int32 ByRef, Int32 ByRef, Int32 ByRef) at System.Xml.XmlTextReaderImpl.ParseText() at System.Xml.XmlTextReaderImpl.ParseElementContent() at System.Xml.XmlTextReaderImpl.Read() at System.Xml.XmlTextReader.Read() at System.Configuration.XmlUtil.StrictReadToNextElement(System.Configuration.ExceptionAction) at System.Configuration.BaseConfigurationRecord.ScanSectionsRecursive(System.Configuration.XmlUtil, System.String, Boolean, System.String, System.Configuration.OverrideModeSetting, Boolean) at System.Configuration.BaseConfigurationRecord.ScanSectionsRecursive(System.Configuration.XmlUtil, System.String, Boolean, System.String, System.Configuration.OverrideModeSetting, Boolean) at System.Configuration.BaseConfigurationRecord.ScanSections(System.Configuration.XmlUtil) at System.Configuration.BaseConfigurationRecord.InitConfigFromFile() Exception Info: System.Configuration.ConfigurationErrorsException at System.Configuration.ConfigurationSchemaErrors.ThrowIfErrors(Boolean) at System.Configuration.BaseConfigurationRecord.ThrowIfParseErrors(System.Configuration.ConfigurationSchemaErrors) at System.Configuration.BaseConfigurationRecord.ThrowIfInitErrors() at System.Configuration.ClientConfigurationSystem.OnConfigRemoved(System.Object, System.Configuration.Internal.InternalConfigEventArgs) Exception Info: System.Configuration.ConfigurationErrorsException at System.Configuration.ClientConfigurationSystem.OnConfigRemoved(System.Object, System.Configuration.Internal.InternalConfigEventArgs) at System.Configuration.Internal.InternalConfigRoot.OnConfigRemoved(System.Configuration.Internal.InternalConfigEventArgs) at System.Configuration.Internal.InternalConfigRoot.RemoveConfigImpl(System.String, System.Configuration.BaseConfigurationRecord) at System.Configuration.BaseConfigurationRecord.GetSectionRecursive(System.String, Boolean, Boolean, Boolean, Boolean, System.Object ByRef, System.Object ByRef) at System.Configuration.BaseConfigurationRecord.GetSection(System.String) at System.Configuration.ClientConfigurationSystem.System.Configuration.Internal.IInternalConfigSystem.GetSection(System.String) at System.Configuration.ConfigurationManager.GetSection(System.String) at System.Configuration.ClientSettingsStore.ReadSettings(System.String, Boolean) at System.Configuration.LocalFileSettingsProvider.GetPropertyValues(System.Configuration.SettingsContext, System.Configuration.SettingsPropertyCollection) at System.Configuration.SettingsBase.GetPropertiesFromProvider(System.Configuration.SettingsProvider) at System.Configuration.SettingsBase.GetPropertyValueByName(System.String) at System.Configuration.SettingsBase.get_Item(System.String) at System.Configuration.ApplicationSettingsBase.GetPropertyValue(System.String) at System.Configuration.ApplicationSettingsBase.get_Item(System.String) at Razer.UpdateNInstallManagerUI.Properties.Settings.get_PopupWay() at Razer.UpdateNInstallManagerUI.MiniInstallerUI.MiniInstallerUI_Controller() at Razer.UpdateNInstallManagerUI.MiniInstallerUI..ctor(Boolean) at Razer.MiniInstaller.MiniInstallerVIewModel..ctor() at Razer.MiniInstaller.App.OnStartup(System.Windows.StartupEventArgs) at System.Windows.Application.<.ctor>b__1_0(System.Object) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate) at System.Windows.Threading.DispatcherOperation.InvokeImpl() at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) at MS.Internal.CulturePreservingExecutionContext.Run(MS.Internal.CulturePreservingExecutionContext, System.Threading.ContextCallback, System.Object) at System.Windows.Threading.DispatcherOperation.Invoke() at System.Windows.Threading.Dispatcher.ProcessQueue() at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate) at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32) at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr) at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef) at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame) at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame) at System.Windows.Application.RunDispatcher(System.Object) at System.Windows.Application.RunInternal(System.Windows.Window) at System.Windows.Application.Run(System.Windows.Window) at Razer.MiniInstaller.App.Main() Error: (06/22/2017 01:23:17 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: RzWizard.exe, version: 1.0.6.1000, time stamp: 0x56f20403 Faulting module name: KERNELBASE.dll, version: 10.0.14393.1358, time stamp: 0x59327ae2 Exception code: 0xe0434352 Fault offset: 0x000da9f2 Faulting process id: 0x1570 Faulting application start time: 0x01d2eb7c3b3fc2ba Faulting application path: C:\Program Files (x86)\Razer\RzWizard\RzWizard.exe Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll Report Id: 6a232090-0617-4448-8ebf-8dde12a8c2da Faulting package full name: Faulting package-relative application ID: Error: (06/22/2017 01:23:17 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: RzWizard.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.Xml.XmlException at System.Xml.XmlTextReaderImpl.Throw(System.Exception) at System.Xml.XmlTextReaderImpl.Throw(System.String, System.String[]) at System.Xml.XmlTextReaderImpl.ParseText(Int32 ByRef, Int32 ByRef, Int32 ByRef) at System.Xml.XmlTextReaderImpl.ParseText() at System.Xml.XmlTextReaderImpl.ParseElementContent() at System.Xml.XmlTextReaderImpl.Read() at System.Xml.XmlTextReader.Read() at System.Configuration.XmlUtil.StrictReadToNextElement(System.Configuration.ExceptionAction) at System.Configuration.BaseConfigurationRecord.ScanSectionsRecursive(System.Configuration.XmlUtil, System.String, Boolean, System.String, System.Configuration.OverrideModeSetting, Boolean) at System.Configuration.BaseConfigurationRecord.ScanSectionsRecursive(System.Configuration.XmlUtil, System.String, Boolean, System.String, System.Configuration.OverrideModeSetting, Boolean) at System.Configuration.BaseConfigurationRecord.ScanSections(System.Configuration.XmlUtil) at System.Configuration.BaseConfigurationRecord.InitConfigFromFile() Exception Info: System.Configuration.ConfigurationErrorsException at System.Configuration.ConfigurationSchemaErrors.ThrowIfErrors(Boolean) at System.Configuration.BaseConfigurationRecord.ThrowIfParseErrors(System.Configuration.ConfigurationSchemaErrors) at System.Configuration.BaseConfigurationRecord.ThrowIfInitErrors() at System.Configuration.ClientConfigurationSystem.OnConfigRemoved(System.Object, System.Configuration.Internal.InternalConfigEventArgs) Exception Info: System.Configuration.ConfigurationErrorsException at System.Configuration.ClientConfigurationSystem.OnConfigRemoved(System.Object, System.Configuration.Internal.InternalConfigEventArgs) at System.Configuration.Internal.InternalConfigRoot.OnConfigRemoved(System.Configuration.Internal.InternalConfigEventArgs) at System.Configuration.Internal.InternalConfigRoot.RemoveConfigImpl(System.String, System.Configuration.BaseConfigurationRecord) at System.Configuration.BaseConfigurationRecord.GetSectionRecursive(System.String, Boolean, Boolean, Boolean, Boolean, System.Object ByRef, System.Object ByRef) at System.Configuration.BaseConfigurationRecord.GetSection(System.String) at System.Configuration.ClientConfigurationSystem.System.Configuration.Internal.IInternalConfigSystem.GetSection(System.String) at System.Configuration.ConfigurationManager.GetSection(System.String) at System.Configuration.ClientSettingsStore.ReadSettings(System.String, Boolean) at System.Configuration.LocalFileSettingsProvider.GetPropertyValues(System.Configuration.SettingsContext, System.Configuration.SettingsPropertyCollection) at System.Configuration.SettingsBase.GetPropertiesFromProvider(System.Configuration.SettingsProvider) at System.Configuration.SettingsBase.GetPropertyValueByName(System.String) at System.Configuration.SettingsBase.get_Item(System.String) at System.Configuration.ApplicationSettingsBase.GetPropertyValue(System.String) at System.Configuration.ApplicationSettingsBase.get_Item(System.String) at Razer.UpdateNInstallManagerUI.Properties.Settings.get_PopupWay() at Razer.UpdateNInstallManagerUI.MiniInstallerUI.MiniInstallerUI_Controller() at Razer.UpdateNInstallManagerUI.MiniInstallerUI..ctor(Boolean) at Razer.MiniInstaller.MiniInstallerVIewModel..ctor() at Razer.MiniInstaller.App.OnStartup(System.Windows.StartupEventArgs) at System.Windows.Application.<.ctor>b__1_0(System.Object) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate) at System.Windows.Threading.DispatcherOperation.InvokeImpl() at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) at MS.Internal.CulturePreservingExecutionContext.Run(MS.Internal.CulturePreservingExecutionContext, System.Threading.ContextCallback, System.Object) at System.Windows.Threading.DispatcherOperation.Invoke() at System.Windows.Threading.Dispatcher.ProcessQueue() at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate) at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32) at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr) at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef) at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame) at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame) at System.Windows.Application.RunDispatcher(System.Object) at System.Windows.Application.RunInternal(System.Windows.Window) at System.Windows.Application.Run(System.Windows.Window) at Razer.MiniInstaller.App.Main() Error: (06/22/2017 01:11:22 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: RzWizard.exe, version: 1.0.6.1000, time stamp: 0x56f20403 Faulting module name: KERNELBASE.dll, version: 10.0.14393.1358, time stamp: 0x59327ae2 Exception code: 0xe0434352 Fault offset: 0x000da9f2 Faulting process id: 0x1ab4 Faulting application start time: 0x01d2eb7a90ea8580 Faulting application path: C:\Program Files (x86)\Razer\RzWizard\RzWizard.exe Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll Report Id: 1a79a8a0-dd11-42ef-b749-99f94205ee0d Faulting package full name: Faulting package-relative application ID: Error: (06/22/2017 01:11:22 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: RzWizard.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.Xml.XmlException at System.Xml.XmlTextReaderImpl.Throw(System.Exception) at System.Xml.XmlTextReaderImpl.Throw(System.String, System.String[]) at System.Xml.XmlTextReaderImpl.ParseText(Int32 ByRef, Int32 ByRef, Int32 ByRef) at System.Xml.XmlTextReaderImpl.ParseText() at System.Xml.XmlTextReaderImpl.ParseElementContent() at System.Xml.XmlTextReaderImpl.Read() at System.Xml.XmlTextReader.Read() at System.Configuration.XmlUtil.StrictReadToNextElement(System.Configuration.ExceptionAction) at System.Configuration.BaseConfigurationRecord.ScanSectionsRecursive(System.Configuration.XmlUtil, System.String, Boolean, System.String, System.Configuration.OverrideModeSetting, Boolean) at System.Configuration.BaseConfigurationRecord.ScanSectionsRecursive(System.Configuration.XmlUtil, System.String, Boolean, System.String, System.Configuration.OverrideModeSetting, Boolean) at System.Configuration.BaseConfigurationRecord.ScanSections(System.Configuration.XmlUtil) at System.Configuration.BaseConfigurationRecord.InitConfigFromFile() Exception Info: System.Configuration.ConfigurationErrorsException at System.Configuration.ConfigurationSchemaErrors.ThrowIfErrors(Boolean) at System.Configuration.BaseConfigurationRecord.ThrowIfParseErrors(System.Configuration.ConfigurationSchemaErrors) at System.Configuration.BaseConfigurationRecord.ThrowIfInitErrors() at System.Configuration.ClientConfigurationSystem.OnConfigRemoved(System.Object, System.Configuration.Internal.InternalConfigEventArgs) Exception Info: System.Configuration.ConfigurationErrorsException at System.Configuration.ClientConfigurationSystem.OnConfigRemoved(System.Object, System.Configuration.Internal.InternalConfigEventArgs) at System.Configuration.Internal.InternalConfigRoot.OnConfigRemoved(System.Configuration.Internal.InternalConfigEventArgs) at System.Configuration.Internal.InternalConfigRoot.RemoveConfigImpl(System.String, System.Configuration.BaseConfigurationRecord) at System.Configuration.BaseConfigurationRecord.GetSectionRecursive(System.String, Boolean, Boolean, Boolean, Boolean, System.Object ByRef, System.Object ByRef) at System.Configuration.BaseConfigurationRecord.GetSection(System.String) at System.Configuration.ClientConfigurationSystem.System.Configuration.Internal.IInternalConfigSystem.GetSection(System.String) at System.Configuration.ConfigurationManager.GetSection(System.String) at System.Configuration.ClientSettingsStore.ReadSettings(System.String, Boolean) at System.Configuration.LocalFileSettingsProvider.GetPropertyValues(System.Configuration.SettingsContext, System.Configuration.SettingsPropertyCollection) at System.Configuration.SettingsBase.GetPropertiesFromProvider(System.Configuration.SettingsProvider) at System.Configuration.SettingsBase.GetPropertyValueByName(System.String) at System.Configuration.SettingsBase.get_Item(System.String) at System.Configuration.ApplicationSettingsBase.GetPropertyValue(System.String) at System.Configuration.ApplicationSettingsBase.get_Item(System.String) at Razer.UpdateNInstallManagerUI.Properties.Settings.get_PopupWay() at Razer.UpdateNInstallManagerUI.MiniInstallerUI.MiniInstallerUI_Controller() at Razer.UpdateNInstallManagerUI.MiniInstallerUI..ctor(Boolean) at Razer.MiniInstaller.MiniInstallerVIewModel..ctor() at Razer.MiniInstaller.App.OnStartup(System.Windows.StartupEventArgs) at System.Windows.Application.<.ctor>b__1_0(System.Object) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate) at System.Windows.Threading.DispatcherOperation.InvokeImpl() at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) at MS.Internal.CulturePreservingExecutionContext.Run(MS.Internal.CulturePreservingExecutionContext, System.Threading.ContextCallback, System.Object) at System.Windows.Threading.DispatcherOperation.Invoke() at System.Windows.Threading.Dispatcher.ProcessQueue() at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate) at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32) at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr) at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef) at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame) at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame) at System.Windows.Application.RunDispatcher(System.Object) at System.Windows.Application.RunInternal(System.Windows.Window) at System.Windows.Application.Run(System.Windows.Window) at Razer.MiniInstaller.App.Main() Error: (06/22/2017 01:00:16 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: RzWizard.exe, version: 1.0.6.1000, time stamp: 0x56f20403 Faulting module name: KERNELBASE.dll, version: 10.0.14393.1358, time stamp: 0x59327ae2 Exception code: 0xe0434352 Fault offset: 0x000da9f2 Faulting process id: 0x1b98 Faulting application start time: 0x01d2eb7904573b6e Faulting application path: C:\Program Files (x86)\Razer\RzWizard\RzWizard.exe Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll Report Id: a7c7474b-07c0-4aae-8f74-32b92e679609 Faulting package full name: Faulting package-relative application ID: Error: (06/22/2017 01:00:16 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: RzWizard.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.Xml.XmlException at System.Xml.XmlTextReaderImpl.Throw(System.Exception) at System.Xml.XmlTextReaderImpl.Throw(System.String, System.String[]) at System.Xml.XmlTextReaderImpl.ParseText(Int32 ByRef, Int32 ByRef, Int32 ByRef) at System.Xml.XmlTextReaderImpl.ParseText() at System.Xml.XmlTextReaderImpl.ParseElementContent() at System.Xml.XmlTextReaderImpl.Read() at System.Xml.XmlTextReader.Read() at System.Configuration.XmlUtil.StrictReadToNextElement(System.Configuration.ExceptionAction) at System.Configuration.BaseConfigurationRecord.ScanSectionsRecursive(System.Configuration.XmlUtil, System.String, Boolean, System.String, System.Configuration.OverrideModeSetting, Boolean) at System.Configuration.BaseConfigurationRecord.ScanSectionsRecursive(System.Configuration.XmlUtil, System.String, Boolean, System.String, System.Configuration.OverrideModeSetting, Boolean) at System.Configuration.BaseConfigurationRecord.ScanSections(System.Configuration.XmlUtil) at System.Configuration.BaseConfigurationRecord.InitConfigFromFile() Exception Info: System.Configuration.ConfigurationErrorsException at System.Configuration.ConfigurationSchemaErrors.ThrowIfErrors(Boolean) at System.Configuration.BaseConfigurationRecord.ThrowIfParseErrors(System.Configuration.ConfigurationSchemaErrors) at System.Configuration.BaseConfigurationRecord.ThrowIfInitErrors() at System.Configuration.ClientConfigurationSystem.OnConfigRemoved(System.Object, System.Configuration.Internal.InternalConfigEventArgs) Exception Info: System.Configuration.ConfigurationErrorsException at System.Configuration.ClientConfigurationSystem.OnConfigRemoved(System.Object, System.Configuration.Internal.InternalConfigEventArgs) at System.Configuration.Internal.InternalConfigRoot.OnConfigRemoved(System.Configuration.Internal.InternalConfigEventArgs) at System.Configuration.Internal.InternalConfigRoot.RemoveConfigImpl(System.String, System.Configuration.BaseConfigurationRecord) at System.Configuration.BaseConfigurationRecord.GetSectionRecursive(System.String, Boolean, Boolean, Boolean, Boolean, System.Object ByRef, System.Object ByRef) at System.Configuration.BaseConfigurationRecord.GetSection(System.String) at System.Configuration.ClientConfigurationSystem.System.Configuration.Internal.IInternalConfigSystem.GetSection(System.String) at System.Configuration.ConfigurationManager.GetSection(System.String) at System.Configuration.ClientSettingsStore.ReadSettings(System.String, Boolean) at System.Configuration.LocalFileSettingsProvider.GetPropertyValues(System.Configuration.SettingsContext, System.Configuration.SettingsPropertyCollection) at System.Configuration.SettingsBase.GetPropertiesFromProvider(System.Configuration.SettingsProvider) at System.Configuration.SettingsBase.GetPropertyValueByName(System.String) at System.Configuration.SettingsBase.get_Item(System.String) at System.Configuration.ApplicationSettingsBase.GetPropertyValue(System.String) at System.Configuration.ApplicationSettingsBase.get_Item(System.String) at Razer.UpdateNInstallManagerUI.Properties.Settings.get_PopupWay() at Razer.UpdateNInstallManagerUI.MiniInstallerUI.MiniInstallerUI_Controller() at Razer.UpdateNInstallManagerUI.MiniInstallerUI..ctor(Boolean) at Razer.MiniInstaller.MiniInstallerVIewModel..ctor() at Razer.MiniInstaller.App.OnStartup(System.Windows.StartupEventArgs) at System.Windows.Application.<.ctor>b__1_0(System.Object) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate) at System.Windows.Threading.DispatcherOperation.InvokeImpl() at System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) at MS.Internal.CulturePreservingExecutionContext.Run(MS.Internal.CulturePreservingExecutionContext, System.Threading.ContextCallback, System.Object) at System.Windows.Threading.DispatcherOperation.Invoke() at System.Windows.Threading.Dispatcher.ProcessQueue() at System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) at MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef) at MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate) at System.Windows.Threading.Dispatcher.LegacyInvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32) at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr) at MS.Win32.UnsafeNativeMethods.DispatchMessage(System.Windows.Interop.MSG ByRef) at System.Windows.Threading.Dispatcher.PushFrameImpl(System.Windows.Threading.DispatcherFrame) at System.Windows.Threading.Dispatcher.PushFrame(System.Windows.Threading.DispatcherFrame) at System.Windows.Application.RunDispatcher(System.Object) at System.Windows.Application.RunInternal(System.Windows.Window) at System.Windows.Application.Run(System.Windows.Window) at Razer.MiniInstaller.App.Main() Error: (06/22/2017 12:01:42 PM) (Source: Windows Search Service) (EventID: 3079) (User: ) Description: Notifications for the volume C:\ are not active. Context: Windows Application Details: Insufficient system resources exist to complete the requested service. (HRESULT : 0x800705aa) (0x800705aa) System errors: ============= Error: (06/22/2017 01:46:58 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Connected Devices Platform Service service terminated with the following error: Unspecified error Error: (06/22/2017 01:45:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (06/22/2017 01:44:30 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-LRA92O6) Description: The server Windows.Networking.BackgroundTransfer.Internal.NetworkChangeTask.ClassId.1 did not register with DCOM within the required timeout. Error: (06/22/2017 01:44:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (06/22/2017 01:43:27 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Connected Devices Platform Service service terminated with the following error: Unspecified error Error: (06/22/2017 01:41:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (06/22/2017 01:40:53 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (06/22/2017 01:40:37 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running. Error: (06/22/2017 01:40:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service. Error: (06/22/2017 01:40:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. CodeIntegrity: =================================== Date: 2017-04-23 08:25:34.840 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume5\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-04-23 08:25:29.580 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume5\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-04-23 08:25:28.808 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume5\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-04-23 08:25:28.730 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume5\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-04-23 08:25:27.606 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume5\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-04-23 08:25:27.465 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume5\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-04-23 08:25:25.196 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume5\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-04-23 08:25:25.176 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume5\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-04-23 08:25:25.015 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume5\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-04-23 08:25:22.241 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume5\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: AMD FX(tm)-8350 Eight-Core Processor Percentage of memory in use: 11% Total physical RAM: 16347.12 MB Available physical RAM: 14422 MB Total Virtual: 65499.12 MB Available Virtual: 63563.77 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:223.02 GB) (Free:119.49 GB) NTFS Drive d: (MULTIBOOT) (Fixed) (Total:931.51 GB) (Free:881.88 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: ED1A4EBA) Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 223.6 GB) (Disk ID: ED1A4EA3) Partition: GPT. ==================== End of Addition.txt ============================
  15. My desktop seems dirty

    Ok here you go thanks Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-06-2017 01 Ran by bobby (administrator) on BOBBY-HP (22-06-2017 11:45:59) Running from C:\Users\bobby\Desktop Loaded Profiles: bobby & SQLTELEMETRY & MSSQLSERVER & DefaultAppPool (Available Profiles: bobby & SQLTELEMETRY & MSSQLSERVER & DefaultAppPool) Platform: Windows 10 Home Version 1607 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe (Microsoft Corporation) C:\Windows\System32\mqsvc.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Visicom Media Inc.) C:\ProgramData\ManyCam\Service\ManyCamService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL13.MSSQLSERVER\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL13.MSSQLSERVER\MSSQL\Binn\sqlceip.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe (AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avBugReport.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [59112 2016-04-28] (Hewlett-Packard ) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2771576 2015-12-22] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard) HKLM-x32\...\Run: [ContentTransferWMDetector.exe] => C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe [497000 2009-07-30] (Sony Corporation) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-02-17] (AVAST Software) HKLM-x32\...\Run: [DXM6Patch_981116] => C:\WINDOWS\p_981116.exe [497376 1998-11-30] (Microsoft Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation) HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <====== ATTENTION HKU\S-1-5-21-956974598-3299727750-65723944-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd) HKU\S-1-5-21-956974598-3299727750-65723944-1001\...\RunOnce: [Uninstall 17.3.6799.0327\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\bobby\AppData\Local\Microsoft\OneDrive\17.3.6799.0327\amd64" HKU\S-1-5-21-956974598-3299727750-65723944-1001\...\RunOnce: [Uninstall 17.3.6799.0327] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\bobby\AppData\Local\Microsoft\OneDrive\17.3.6799.0327" HKU\S-1-5-21-956974598-3299727750-65723944-1001\...\MountPoints2: {74f05d1d-e975-11e6-8ecd-806e6f6e6963} - "F:\setup.exe" HKU\S-1-5-21-956974598-3299727750-65723944-1001\...\MountPoints2: {c8f67b2c-8946-11e5-8d70-74de2b79f7ca} - "M:\autorun.exe" HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-02-17] (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{05dce99d-5de2-457e-9257-ffd89dfad120}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{d4744bad-c95a-4395-9a1f-188c56ca43bb}: [NameServer] 192.168.1.1 Tcpip\..\Interfaces\{d4744bad-c95a-4395-9a1f-188c56ca43bb}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{fa7ee94f-816c-48a9-9952-376bd455a4f9}: [NameServer] 77.234.40.79 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK/1 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1 HKU\S-1-5-21-956974598-3299727750-65723944-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com HKU\S-1-5-21-956974598-3299727750-65723944-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1 SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-42902075&q={searchTerms} SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-42902075&q={searchTerms} SearchScopes: HKLM -> {122FCF2F-C8E0-448E-A9A9-F9CC258C9F41} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms} SearchScopes: HKLM -> {fcd9f10e-0daa-405f-bca0-0dd3f37c59d9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms} SearchScopes: HKU\S-1-5-21-956974598-3299727750-65723944-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-42902075&q={searchTerms} SearchScopes: HKU\S-1-5-21-956974598-3299727750-65723944-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-42902075&q={searchTerms} SearchScopes: HKU\S-1-5-21-956974598-3299727750-65723944-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKU\S-1-5-21-956974598-3299727750-65723944-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKU\S-1-5-21-956974598-3299727750-65723944-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=hxxp://www.ebay.com/sch/i.html?_nkw={searchTerms} SearchScopes: HKU\S-1-5-21-956974598-3299727750-65723944-1001 -> {fcd9f10e-0daa-405f-bca0-0dd3f37c59d9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-06-20] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-06-20] (Oracle Corporation) FireFox: ======== FF ProfilePath: C:\Users\bobby\AppData\Roaming\Mozilla\Firefox\Profiles\08dspyy4.default-1458994176074 [2017-06-22] FF Extension: (Alexa Traffic Rank) - C:\Users\bobby\AppData\Roaming\Mozilla\Firefox\Profiles\08dspyy4.default-1458994176074\Extensions\alx-ffdeveloper@amazon.com.xpi [2017-06-17] FF Extension: (SEO Status PageRank/Alexa Toolbar) - C:\Users\bobby\AppData\Roaming\Mozilla\Firefox\Profiles\08dspyy4.default-1458994176074\Extensions\seostatus@rubyweb.xpi [2017-02-09] FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48 FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF48 [2017-02-17] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48 FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF48 [2017-02-17] FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48 FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48 FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-06-16] () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-16] () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-04-06] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-04-06] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-04-06] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2017-04-06] (Foxit Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-06-20] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-06-20] (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll [2010-04-01] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-04-07] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.5.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-04-07] (VideoLAN) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2010-12-07] () Chrome: ======= CHR Profile: C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default [2017-06-20] CHR Extension: (Google Slides) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-31] CHR Extension: (Google Docs) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-15] CHR Extension: (Google Drive) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-15] CHR Extension: (YouTube) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-15] CHR Extension: (Avast SafePrice) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2017-02-15] CHR Extension: (Google Sheets) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-31] CHR Extension: (Google Docs Offline) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-15] CHR Extension: (Avast Online Security) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-02-15] CHR Extension: (Chrome Web Store Payments) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-31] CHR Extension: (Gmail) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-15] CHR Extension: (Chrome Media Router) - C:\Users\bobby\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-31] CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-02-15] (SUPERAntiSpyware.com) R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7142136 2017-02-17] (AVAST Software s.r.o.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-02-17] (AVAST Software) S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd) R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659592 2017-04-13] (Foxit Software Inc.) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156216 2015-12-22] (NVIDIA Corporation) R2 ManyCam Service; C:\ProgramData\ManyCam\Service\ManyCamService.exe [544984 2016-03-31] (Visicom Media Inc.) S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes) R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL13.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [392896 2016-10-29] (Microsoft Corporation) R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-12-22] (NVIDIA Corporation) R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [8185464 2015-12-22] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [6477432 2015-12-22] (NVIDIA Corporation) S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [32384 2016-10-03] (The OpenVPN Project) S3 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL13.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [565952 2016-10-29] (Microsoft Corporation) R2 SQLTELEMETRY; C:\Program Files\Microsoft SQL Server\MSSQL13.MSSQLSERVER\MSSQL\Binn\sqlceip.exe [249032 2016-10-29] (Microsoft Corporation) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6940944 2016-02-16] (TeamViewer GmbH) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-27] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-27] (Microsoft Corporation) S4 AMD_RAIDXpert; "C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe" -s [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [31992 2017-02-02] (Advanced Micro Devices, Inc.) R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [309784 2017-02-17] (AVAST Software s.r.o.) R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [189768 2017-02-17] (AVAST Software s.r.o.) R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334600 2017-02-17] (AVAST Software s.r.o.) R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [48528 2017-02-17] (AVAST Software s.r.o.) S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-02-17] (AVAST Software) R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [32088 2017-02-17] (AVAST Software) R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [126088 2017-02-17] (AVAST Software) R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [100640 2017-02-17] (AVAST Software) R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [74680 2017-02-17] (AVAST Software) R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [991496 2017-02-17] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [547904 2017-02-17] (AVAST Software) R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [162528 2017-02-17] (AVAST Software) S3 aswTap; C:\WINDOWS\System32\drivers\aswTap.sys [44640 2017-01-31] (The OpenVPN Project) R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [337080 2017-02-17] (AVAST Software) S3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2017-02-02] (Advanced Micro Devices) [File not signed] R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2015-11-13] (Disc Soft Ltd) R3 ManyCam; C:\WINDOWS\system32\DRIVERS\mcvidrv.sys [58792 2017-03-05] (Visicom Media Inc.) S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251832 2017-06-20] (Malwarebytes) R3 mcaudrv_simple; C:\WINDOWS\system32\drivers\mcaudrv_x64.sys [35960 2014-12-28] (Visicom Media Inc.) S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispiwu.inf_amd64_b67dc924fff8de6d\nvlddmkm.sys [14199224 2017-01-04] (NVIDIA Corporation) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-12-22] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50472 2015-12-22] (NVIDIA Corporation) S4 RsFx0410; C:\WINDOWS\System32\DRIVERS\RsFx0410.sys [261840 2016-10-20] (Microsoft Corporation) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek ) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R3 STHDA; C:\WINDOWS\system32\DRIVERS\stwrt64.sys [570392 2016-04-28] (Tempo Semiconductor Inc.) R3 tilfilter; C:\WINDOWS\System32\drivers\TIxHCIlfilter.sys [34424 2016-08-20] (Texas Instruments, Inc.) R3 tiufilter; C:\WINDOWS\System32\drivers\TIxHCIufilter.sys [39032 2016-08-20] (Texas Instruments, Inc.) S1 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [130120 2017-01-16] (Oracle Corporation) R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [202880 2017-01-16] (Oracle Corporation) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-06-22 11:45 - 2017-06-22 11:45 - 00000000 ____D C:\Users\bobby\Desktop\FRST-OlderVersion 2017-06-21 11:02 - 2017-06-21 11:02 - 00001345 _____ C:\Users\bobby\Desktop\AdwCleaner[C2].txt 2017-06-21 10:47 - 2017-06-21 10:47 - 00251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\324B556E.sys 2017-06-21 10:44 - 2017-06-21 10:44 - 00007300 _____ C:\Users\bobby\Desktop\RKLog.txt 2017-06-21 08:42 - 2017-06-21 08:42 - 00000901 _____ C:\Users\Public\Desktop\RogueKiller.lnk 2017-06-21 08:42 - 2017-06-21 08:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller 2017-06-21 08:42 - 2017-06-21 08:42 - 00000000 ____D C:\Program Files\RogueKiller 2017-06-21 08:41 - 2017-06-21 09:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-06-21 08:41 - 2017-06-21 08:41 - 35438416 _____ (Adlice Software ) C:\Users\bobby\Downloads\RogueKiller_setup_ref3.exe 2017-06-20 10:17 - 2017-06-20 10:18 - 00055170 _____ C:\Users\bobby\Desktop\Addition.txt 2017-06-20 10:16 - 2017-06-22 11:46 - 00023286 _____ C:\Users\bobby\Desktop\FRST.txt 2017-06-20 10:15 - 2017-06-22 11:45 - 00000000 ____D C:\FRST 2017-06-20 10:15 - 2017-06-20 10:15 - 00002306 _____ C:\Users\bobby\Desktop\mbam.txt 2017-06-20 10:12 - 2017-06-22 11:45 - 02439680 _____ (Farbar) C:\Users\bobby\Desktop\FRST64.exe 2017-06-20 00:58 - 2017-06-20 00:58 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2017-06-20 00:58 - 2017-06-20 00:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2017-06-20 00:57 - 2017-06-20 00:57 - 00000000 ____D C:\Program Files (x86)\Java 2017-06-20 00:56 - 2017-06-20 00:56 - 00738368 _____ (Oracle Corporation) C:\Users\bobby\Downloads\JavaSetup8u131.exe 2017-06-17 12:27 - 2017-06-17 12:27 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\w95inf32.dll 2017-06-17 12:27 - 2017-06-17 12:27 - 00002272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\w95inf16.dll 2017-06-17 12:27 - 2017-06-17 12:27 - 00001112 _____ C:\Users\Public\Desktop\Windows Media Player.lnk 2017-06-17 12:27 - 1998-09-02 04:28 - 01088272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\danim.dll 2017-06-17 12:27 - 1998-09-02 04:28 - 00155408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LMRT.dll 2017-06-17 12:27 - 1998-09-02 04:28 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unam4ie.exe 2017-06-17 12:27 - 1998-09-02 04:28 - 00038160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LMRTREND.dll 2017-06-17 12:27 - 1998-09-02 04:02 - 00194320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qcut.dll 2017-06-17 12:27 - 1998-08-27 00:51 - 00182032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft3.dll 2017-06-17 12:27 - 1998-08-20 07:02 - 00140800 _____ (The Duck Corporation) C:\WINDOWS\SysWOW64\tm20dec.ax 2017-06-17 12:27 - 1998-08-20 06:38 - 00217984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\strmdll.dll 2017-06-17 12:27 - 1998-08-17 05:21 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mciqtz.drv 2017-06-17 12:27 - 1998-08-17 05:21 - 00010240 _____ C:\WINDOWS\SysWOW64\vidx16.dll 2017-06-17 12:27 - 1998-08-17 05:21 - 00005672 _____ C:\WINDOWS\SysWOW64\quartz.vxd 2017-06-17 12:26 - 2017-06-17 12:26 - 00000268 _____ C:\WINDOWS\_delis32.ini 2017-06-17 12:26 - 1998-10-29 16:45 - 00306688 _____ (InstallShield Software Corporation) C:\WINDOWS\IsUninst.exe 2017-06-17 12:25 - 2017-06-17 12:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech QuickCam 2017-06-17 12:25 - 2017-06-17 12:25 - 00000000 ____D C:\Program Files (x86)\Windows Media Components 2017-06-17 12:25 - 2017-06-17 12:25 - 00000000 ____D C:\Program Files (x86)\Logitech 2017-06-16 23:58 - 2017-06-16 23:58 - 00000000 ____D C:\Users\bobby\AppData\Local\Visicom Media 2017-06-16 23:57 - 2017-06-16 23:57 - 00001058 _____ C:\Users\Public\Desktop\ManyCam.lnk 2017-06-16 23:57 - 2017-06-16 23:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManyCam 2017-06-16 23:56 - 2017-06-16 23:56 - 85611784 _____ (Visicom Media Inc.) C:\Users\bobby\Downloads\ManyCamSetup_v5.7.2.2.exe 2017-06-16 23:55 - 2017-06-21 11:12 - 00000555 _____ C:\Users\bobby\Desktop\JRT.txt 2017-06-16 23:30 - 2017-06-16 23:30 - 04110280 _____ C:\Users\bobby\Desktop\adwcleaner_6.047.exe 2017-06-16 23:29 - 2017-06-21 10:47 - 00000000 ____D C:\AdwCleaner 2017-06-15 21:23 - 2017-06-15 21:23 - 00000000 ___SD C:\WINDOWS\UpdateAssistantV2 2017-06-15 17:38 - 2017-06-15 17:38 - 00000000 ____D C:\Users\bobby\AppData\Local\UNP 2017-06-14 19:36 - 2017-06-14 19:37 - 00000000 ____D C:\Program Files\UNP 2017-06-14 19:36 - 2017-06-14 19:36 - 00000000 ____D C:\WINDOWS\system32\UNP 2017-06-14 19:33 - 2017-06-03 06:50 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll 2017-06-14 19:33 - 2017-06-03 06:16 - 00279904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys 2017-06-14 19:33 - 2017-06-03 06:11 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2017-06-14 19:33 - 2017-06-03 06:09 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2017-06-14 19:33 - 2017-06-03 06:08 - 07783256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2017-06-14 19:33 - 2017-06-03 06:06 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll 2017-06-14 19:33 - 2017-06-03 06:01 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll 2017-06-14 19:33 - 2017-06-03 05:59 - 01181024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys 2017-06-14 19:33 - 2017-06-03 05:59 - 00118112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys 2017-06-14 19:33 - 2017-06-03 05:58 - 00340832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll 2017-06-14 19:33 - 2017-06-03 05:55 - 00780640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe 2017-06-14 19:33 - 2017-06-03 05:54 - 00187232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys 2017-06-14 19:33 - 2017-06-03 05:53 - 00404824 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll 2017-06-14 19:33 - 2017-06-03 05:52 - 01021784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll 2017-06-14 19:33 - 2017-06-03 05:52 - 00607072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll 2017-06-14 19:33 - 2017-06-03 05:52 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll 2017-06-14 19:33 - 2017-06-03 05:51 - 02187104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2017-06-14 19:33 - 2017-06-03 05:51 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2017-06-14 19:33 - 2017-06-03 05:50 - 00857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe 2017-06-14 19:33 - 2017-06-03 05:50 - 00381792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS 2017-06-14 19:33 - 2017-06-03 05:49 - 20967840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2017-06-14 19:33 - 2017-06-03 05:48 - 01112416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll 2017-06-14 19:33 - 2017-06-03 05:48 - 00857952 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll 2017-06-14 19:33 - 2017-06-03 05:48 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll 2017-06-14 19:33 - 2017-06-03 05:45 - 22220864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2017-06-14 19:33 - 2017-06-03 05:44 - 01412640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll 2017-06-14 19:33 - 2017-06-03 05:44 - 00545944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe 2017-06-14 19:33 - 2017-06-03 05:39 - 05686272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2017-06-14 19:33 - 2017-06-03 05:39 - 02532192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2017-06-14 19:33 - 2017-06-03 05:33 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll 2017-06-14 19:33 - 2017-06-03 05:32 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll 2017-06-14 19:33 - 2017-06-03 05:31 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll 2017-06-14 19:33 - 2017-06-03 05:31 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll 2017-06-14 19:33 - 2017-06-03 05:28 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll 2017-06-14 19:33 - 2017-06-03 05:28 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edputil.dll 2017-06-14 19:33 - 2017-06-03 05:26 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll 2017-06-14 19:33 - 2017-06-03 05:26 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBrokerUI.dll 2017-06-14 19:33 - 2017-06-03 05:23 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll 2017-06-14 19:33 - 2017-06-03 05:22 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll 2017-06-14 19:33 - 2017-06-03 05:22 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcorehc.dll 2017-06-14 19:33 - 2017-06-03 05:22 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tcpipcfg.dll 2017-06-14 19:33 - 2017-06-03 05:20 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2017-06-14 19:33 - 2017-06-03 05:19 - 01164288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe 2017-06-14 19:33 - 2017-06-03 05:18 - 22569984 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2017-06-14 19:33 - 2017-06-03 05:16 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll 2017-06-14 19:33 - 2017-06-03 05:16 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll 2017-06-14 19:33 - 2017-06-03 05:15 - 19414016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2017-06-14 19:33 - 2017-06-03 05:15 - 18364928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2017-06-14 19:33 - 2017-06-03 05:15 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll 2017-06-14 19:33 - 2017-06-03 05:15 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll 2017-06-14 19:33 - 2017-06-03 05:15 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys 2017-06-14 19:33 - 2017-06-03 05:14 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2017-06-14 19:33 - 2017-06-03 05:14 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll 2017-06-14 19:33 - 2017-06-03 05:14 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe 2017-06-14 19:33 - 2017-06-03 05:12 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdProxy.dll 2017-06-14 19:33 - 2017-06-03 05:11 - 00353792 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll 2017-06-14 19:33 - 2017-06-03 05:10 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll 2017-06-14 19:33 - 2017-06-03 05:09 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcorehc.dll 2017-06-14 19:33 - 2017-06-03 05:09 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll 2017-06-14 19:33 - 2017-06-03 05:08 - 12187648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2017-06-14 19:33 - 2017-06-03 05:08 - 02643968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll 2017-06-14 19:33 - 2017-06-03 05:08 - 01221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll 2017-06-14 19:33 - 2017-06-03 05:08 - 00691200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll 2017-06-14 19:33 - 2017-06-03 05:07 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2017-06-14 19:33 - 2017-06-03 05:07 - 00456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll 2017-06-14 19:33 - 2017-06-03 05:06 - 03664384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2017-06-14 19:33 - 2017-06-03 05:05 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll 2017-06-14 19:33 - 2017-06-03 05:05 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hnetcfg.dll 2017-06-14 19:33 - 2017-06-03 05:04 - 06042624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2017-06-14 19:33 - 2017-06-03 05:04 - 02006528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll 2017-06-14 19:33 - 2017-06-03 05:04 - 00773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe 2017-06-14 19:33 - 2017-06-03 05:03 - 01988096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll 2017-06-14 19:33 - 2017-06-03 05:03 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2017-06-14 19:33 - 2017-06-03 05:02 - 02997760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2017-06-14 19:33 - 2017-06-03 05:01 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll 2017-06-14 19:33 - 2017-06-03 05:00 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2017-06-14 19:33 - 2017-06-03 04:56 - 13091840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2017-06-14 19:33 - 2017-06-03 04:54 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll 2017-06-14 19:33 - 2017-06-03 04:53 - 08125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2017-06-14 19:33 - 2017-06-03 04:52 - 03403264 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll 2017-06-14 19:33 - 2017-06-03 04:52 - 00975872 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe 2017-06-14 19:33 - 2017-06-03 04:51 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll 2017-06-14 19:33 - 2017-06-03 04:50 - 04744704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2017-06-14 19:33 - 2017-06-03 04:50 - 02538496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll 2017-06-14 19:33 - 2017-06-03 04:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll 2017-06-14 19:33 - 2017-06-03 04:49 - 02475520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll 2017-06-14 19:33 - 2017-06-03 04:49 - 01845248 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll 2017-06-14 19:33 - 2017-06-03 04:49 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2017-06-14 19:33 - 2017-06-03 04:49 - 00903680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe 2017-06-14 19:33 - 2017-06-03 04:49 - 00351744 _____ (Microsoft Corporation) C:\WINDOWS\system32\hnetcfg.dll 2017-06-14 19:33 - 2017-06-03 04:48 - 01131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll 2017-06-14 19:33 - 2017-06-03 04:48 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll 2017-06-14 19:33 - 2017-06-03 04:48 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2017-06-14 19:33 - 2017-06-03 04:46 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll 2017-06-14 19:33 - 2017-06-03 04:40 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll 2017-06-14 19:33 - 2017-05-25 01:56 - 00038752 _____ (Microsoft Corporation) C:\WINDOWS\system32\OOBEUpdater.exe 2017-06-14 19:33 - 2017-03-04 02:22 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll 2017-06-14 19:33 - 2017-03-04 02:19 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll 2017-06-14 19:33 - 2017-03-04 02:16 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll 2017-06-14 19:33 - 2017-03-04 02:16 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll 2017-06-14 19:33 - 2016-09-07 00:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll 2017-06-14 19:32 - 2017-06-03 06:50 - 00192856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll 2017-06-14 19:32 - 2017-06-03 06:14 - 01564512 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2017-06-14 19:32 - 2017-06-03 06:14 - 01214816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2017-06-14 19:32 - 2017-06-03 06:14 - 00629088 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2017-06-14 19:32 - 2017-06-03 06:14 - 00544096 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2017-06-14 19:32 - 2017-06-03 06:14 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll 2017-06-14 19:32 - 2017-06-03 06:14 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll 2017-06-14 19:32 - 2017-06-03 06:14 - 00334176 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2017-06-14 19:32 - 2017-06-03 06:14 - 00233824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2017-06-14 19:32 - 2017-06-03 06:14 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2017-06-14 19:32 - 2017-06-03 06:14 - 00136024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll 2017-06-14 19:32 - 2017-06-03 06:14 - 00096608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2017-06-14 19:32 - 2017-06-03 06:14 - 00034648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe 2017-06-14 19:32 - 2017-06-03 06:11 - 00128864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys 2017-06-14 19:32 - 2017-06-03 05:59 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll 2017-06-14 19:32 - 2017-06-03 05:49 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2017-06-14 19:32 - 2017-06-03 05:49 - 00509280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys 2017-06-14 19:32 - 2017-06-03 05:48 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2017-06-14 19:32 - 2017-06-03 05:48 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2017-06-14 19:32 - 2017-06-03 05:44 - 01600624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2017-06-14 19:32 - 2017-06-03 05:40 - 01566552 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll 2017-06-14 19:32 - 2017-06-03 05:40 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2017-06-14 19:32 - 2017-06-03 05:39 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe 2017-06-14 19:32 - 2017-06-03 05:22 - 07217152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2017-06-14 19:32 - 2017-06-03 05:16 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll 2017-06-14 19:32 - 2017-06-03 05:14 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2017-06-14 19:32 - 2017-06-03 05:10 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll 2017-06-14 19:32 - 2017-06-03 05:10 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBrokerUI.dll 2017-06-14 19:32 - 2017-06-03 05:09 - 00489472 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll 2017-06-14 19:32 - 2017-06-03 05:08 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll 2017-06-14 19:32 - 2017-06-03 05:08 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll 2017-06-14 19:32 - 2017-06-03 05:07 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\HNetCfgClient.dll 2017-06-14 19:32 - 2017-06-03 05:06 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll 2017-06-14 19:32 - 2017-06-03 04:58 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll 2017-06-14 19:32 - 2017-06-03 04:52 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll 2017-06-14 19:32 - 2017-06-03 04:52 - 00886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll 2017-06-14 19:32 - 2017-06-03 04:51 - 01418240 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe 2017-06-14 19:32 - 2017-06-03 04:49 - 03615744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2017-06-14 19:32 - 2017-06-03 04:49 - 02318848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2017-06-14 19:32 - 2017-06-03 04:48 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2017-06-14 19:32 - 2017-06-03 02:08 - 00080078 _____ C:\WINDOWS\system32\normidna.nls 2017-06-10 06:26 - 2017-06-10 06:26 - 00061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys 2017-05-28 16:23 - 2017-05-28 16:23 - 00001422 _____ C:\Users\Public\Desktop\Foxit Reader.lnk 2017-05-28 16:23 - 2017-05-28 16:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader 2017-05-28 16:23 - 2017-05-28 16:23 - 00000000 ____D C:\Program Files (x86)\Foxit Software 2017-05-28 09:36 - 2017-05-28 09:36 - 00000000 ____D C:\Users\bobby\AppData\Local\Disc_Soft_Ltd ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-06-22 11:42 - 2017-01-31 17:17 - 00003276 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2 2017-06-22 11:42 - 2016-07-16 07:47 - 00000000 ___HD C:\Program Files\WindowsApps 2017-06-22 11:42 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\AppReadiness 2017-06-22 11:42 - 2015-11-08 07:12 - 00002401 _____ C:\Users\bobby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2017-06-22 11:42 - 2015-11-08 07:12 - 00000000 ___RD C:\Users\bobby\OneDrive 2017-06-22 11:40 - 2016-09-23 15:18 - 00000000 ____D C:\Users\bobby\AppData\LocalLow\Mozilla 2017-06-21 14:52 - 2016-10-03 13:35 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2017-06-21 10:55 - 2016-10-03 13:40 - 01000324 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-06-21 10:53 - 2017-02-01 17:30 - 00000000 ____D C:\Users\bobby\AppData\Local\CrashDumps 2017-06-21 10:49 - 2017-02-02 16:56 - 00000000 ____D C:\ProgramData\NVIDIA 2017-06-21 10:49 - 2016-10-03 14:00 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-06-21 10:49 - 2015-11-08 06:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-06-21 10:48 - 2016-07-16 02:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI 2017-06-21 08:44 - 2017-01-31 22:14 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys 2017-06-20 09:49 - 2017-02-01 22:07 - 00251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2017-06-20 09:36 - 2017-02-02 22:05 - 00000000 ____D C:\Program Files (x86)\Entropia Universe 2017-06-20 00:58 - 2016-07-24 19:11 - 00000000 ____D C:\ProgramData\Oracle 2017-06-18 14:49 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\rescache 2017-06-18 12:35 - 2016-05-08 08:29 - 00001058 _____ C:\Users\bobby\Desktop\Uthgard Launcher.lnk 2017-06-17 13:14 - 2016-10-03 17:32 - 00000000 ___DC C:\WINDOWS\Panther 2017-06-17 13:11 - 2017-03-18 23:20 - 00000000 ___HD C:\$WINDOWS.~BT 2017-06-17 12:48 - 2016-07-16 07:45 - 00000000 ____D C:\WINDOWS\INF 2017-06-17 12:27 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\Help 2017-06-17 12:27 - 2009-07-13 22:34 - 00000417 _____ C:\WINDOWS\win.ini 2017-06-16 23:59 - 2017-02-05 15:42 - 00000000 ____D C:\Users\bobby\AppData\Local\ManyCam 2017-06-16 23:59 - 2017-02-05 15:39 - 00000000 ____D C:\Users\bobby\AppData\Roaming\ManyCam 2017-06-16 23:57 - 2017-02-05 15:39 - 00000000 ____D C:\ProgramData\ManyCam 2017-06-16 23:57 - 2017-02-05 15:39 - 00000000 ____D C:\Program Files (x86)\ManyCam 2017-06-16 23:55 - 2017-02-05 15:46 - 00001477 _____ C:\Users\bobby\Desktop\ManyCam.exe - Shortcut.lnk 2017-06-16 23:41 - 2017-01-31 20:13 - 00000000 ____D C:\Program Files\SUPERAntiSpyware 2017-06-16 20:12 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed 2017-06-16 20:12 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\Macromed 2017-06-16 05:31 - 2015-09-10 01:42 - 00000000 __RHD C:\Users\Public\AccountPictures 2017-06-16 05:28 - 2016-10-03 13:35 - 00218128 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2017-06-15 21:23 - 2016-07-16 07:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2017-06-15 21:23 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\appraiser 2017-06-15 21:23 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\ShellExperiences 2017-06-15 21:07 - 2016-07-16 07:36 - 00000000 ____D C:\WINDOWS\CbsTemp 2017-06-13 18:15 - 2015-11-09 08:23 - 00000000 ____D C:\WINDOWS\system32\MRT 2017-06-13 18:11 - 2015-11-09 08:23 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2017-06-10 03:23 - 2017-03-15 17:11 - 00000000 ___RD C:\Program Files (x86)\Skype 2017-06-10 03:23 - 2012-02-14 21:44 - 00000000 ____D C:\ProgramData\Skype 2017-06-03 14:45 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\NDF 2017-06-03 14:40 - 2015-11-08 05:34 - 00000342 _____ C:\WINDOWS\Tasks\HPCeeScheduleForBOBBY-HP$.job 2017-06-03 14:39 - 2017-02-03 13:38 - 00000000 ____D C:\Users\SQLTELEMETRY 2017-06-03 14:39 - 2017-02-03 13:37 - 00000000 ____D C:\Users\MSSQLSERVER 2017-06-03 02:36 - 2016-07-16 07:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2017-06-03 02:36 - 2016-07-16 07:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2017-06-01 20:07 - 2016-10-03 13:42 - 00000000 ____D C:\Users\bobby 2017-06-01 19:48 - 2017-01-31 19:48 - 00004008 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1485906531 2017-06-01 19:48 - 2017-01-31 19:48 - 00001090 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk 2017-06-01 19:34 - 2016-10-03 14:00 - 00003264 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForBOBBY-HP$ 2017-05-28 16:24 - 2017-02-03 12:12 - 00001137 _____ C:\Users\Public\Desktop\VLC media player.lnk 2017-05-28 16:23 - 2017-02-03 12:45 - 00000000 ____D C:\ProgramData\Foxit Software 2017-05-28 13:57 - 2017-02-01 22:07 - 00077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys 2017-05-28 09:36 - 2015-11-13 07:15 - 00000000 ____D C:\Users\bobby\AppData\Roaming\DAEMON Tools Lite ==================== Files in the root of some directories ======= 2017-04-09 07:45 - 2017-04-09 16:04 - 0000469 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc Some files in TEMP: ==================== 2017-02-02 13:54 - 2017-02-02 14:18 - 1177480 _____ () C:\Users\bobby\AppData\Local\Temp\AMDCleanupUtility.exe 2017-02-03 23:36 - 2007-12-14 09:23 - 0640248 _____ (Electronic Arts Inc.) C:\Users\bobby\AppData\Local\Temp\AutoRun.exe 2017-02-03 23:36 - 2007-12-14 09:23 - 0591096 _____ (Electronic Arts Inc.) C:\Users\bobby\AppData\Local\Temp\AutoRunGUI.dll 2017-02-02 13:54 - 2017-02-02 14:18 - 0250248 _____ () C:\Users\bobby\AppData\Local\Temp\Cleanup.dll 2017-02-02 13:54 - 2017-02-02 14:18 - 0065536 _____ (Windows (R) Server 2003 DDK provider) C:\Users\bobby\AppData\Local\Temp\ddu.exe 2017-02-03 11:47 - 2016-11-11 06:13 - 1886344 _____ (Microsoft Corporation) C:\Users\bobby\AppData\Local\Temp\dllnt_dump.dll 2017-02-03 23:36 - 2007-12-14 09:23 - 0881912 _____ (Electronic Arts Inc.) C:\Users\bobby\AppData\Local\Temp\EAInstall.dll 2017-05-28 16:22 - 2016-12-22 19:03 - 3698888 _____ (Foxit Corporation) C:\Users\bobby\AppData\Local\Temp\FoxitUpdater.exe 2017-05-13 16:21 - 2017-05-13 16:21 - 0739904 _____ (Oracle Corporation) C:\Users\bobby\AppData\Local\Temp\jre-8u131-windows-au.exe 2017-02-02 13:54 - 2017-02-02 14:18 - 0516096 _____ (Microsoft Corporation) C:\Users\bobby\AppData\Local\Temp\msvcm80.dll 2017-02-02 13:54 - 2017-02-02 14:18 - 1061376 _____ (Microsoft Corporation) C:\Users\bobby\AppData\Local\Temp\msvcp80.dll 2017-02-02 13:54 - 2017-02-02 14:18 - 0796672 _____ (Microsoft Corporation) C:\Users\bobby\AppData\Local\Temp\msvcr80.dll 2017-02-02 13:40 - 2017-02-02 13:40 - 90992232 _____ () C:\Users\bobby\AppData\Local\Temp\playstv_patch.exe 2017-02-03 12:00 - 2017-02-03 12:00 - 44809728 _____ (Logitech, Inc.) C:\Users\bobby\AppData\Local\Temp\qc_a402013b_7656_4f6f_b57f_5a8ef69f5fc4_32.exe 2017-02-02 13:39 - 2017-02-02 13:39 - 59432328 _____ () C:\Users\bobby\AppData\Local\Temp\raptrpatch.exe 2017-02-02 13:39 - 2017-02-02 13:39 - 0221632 _____ () C:\Users\bobby\AppData\Local\Temp\raptr_stub.exe 2017-03-15 17:11 - 2017-03-15 17:11 - 14456872 _____ (Microsoft Corporation) C:\Users\bobby\AppData\Local\Temp\vc_redist.x86.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-06-16 14:40 ==================== End of FRST.txt ============================ -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-06-2017 01 Ran by bobby (22-06-2017 11:47:14) Running from C:\Users\bobby\Desktop Windows 10 Home Version 1607 (X64) (2016-10-03 18:08:37) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-956974598-3299727750-65723944-500 - Administrator - Disabled) bobby (S-1-5-21-956974598-3299727750-65723944-1001 - Administrator - Enabled) => C:\Users\bobby DefaultAccount (S-1-5-21-956974598-3299727750-65723944-503 - Limited - Disabled) Guest (S-1-5-21-956974598-3299727750-65723944-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-956974598-3299727750-65723944-1002 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 25.0.0.134 - Adobe Systems Incorporated) Adobe Flash Player 11 ActiveX (x64) (HKLM\...\{421976B6-DEC6-4CA5-941F-F0663B3A2B74}) (Version: 11.1.102.55 - Adobe Systems Incorporated) Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated) Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.1.2286 - AVAST Software) Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden Betternet for Windows (HKLM-x32\...\{2E77104D-96E1-4A9C-86F2-C7CF4C703740}) (Version: 3.7.4.0 - Betternet Technologies Inc.) Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden Blio (HKLM-x32\...\{741006D1-7B2B-4E33-B2B0-831F282EEF64}) (Version: 2.2.8188 - K-NFB Reading Technology, Inc.) Bluetooth by hp (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.8200 - Broadcom Corporation) Browser for SQL Server 2016 (HKLM-x32\...\{5B860485-0F07-41DC-BA8C-3A839A141FBA}) (Version: 13.1.4001.0 - Microsoft Corporation) Bubble Wrap (HKLM-x32\...\{5BFFDDEB-AFD7-499F-BB13-7A6EAD927CDA}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd) Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Content Transfer (HKLM-x32\...\{CFADE4AF-C0CF-4A04-A776-741318F1658F}) (Version: 1.2.0.07300 - Sony Corporation) Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd) DAoC Portal (HKLM-x32\...\{EC9359B3-2548-4DB1-B322-6D71A17501F9}) (Version: 2.8.2 - Dawn of Light) Dark Age of Camelot (HKLM-x32\...\Dark Age of Camelot) (Version: - Electronic Arts) DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden Entropia Universe (HKLM-x32\...\Entropia Universe) (Version: 15.11.3.140709 - MindArk PE AB) Facebook (HKLM-x32\...\{8AE50893-3A87-4439-9A57-942ED43F7189}) (Version: 1.1.0004 - Hewlett-Packard) Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version: - FileHippo.com) Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.3.0.14878 - Foxit Software Inc.) GameRanger (HKU\S-1-5-21-956974598-3299727750-65723944-1001\...\GameRanger) (Version: - GameRanger Technologies) Genesis version Genesis Launcher 1.011 (HKLM-x32\...\{975e7799-c584-47f0-9c12-c1551f3e95f2}_is1) (Version: Genesis Launcher 1.011 - Pawel D. alias Laplume for Genesis.) Genesis version Patch (HKLM-x32\...\{9db86e9a-0b05-4202-a76c-5a795f698408}_is1) (Version: Patch - Pawel D. alias Laplume for Genesis.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.) Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google) Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden H&R Block Deluxe + Efile + State 2015 (HKLM-x32\...\{E7BFC29A-9459-4534-9E35-BF1D66A18BAA}) (Version: 15.05.8101 - HRB Technology, LLC.) H&R Block Michigan 2015 (HKLM-x32\...\{C34A4378-B23F-4155-AC8B-95E40F7370FC}) (Version: 1.15.4001 - HRB Technology, LLC.) Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden HP Application Assistant (HKLM\...\{B34A07DD-C6F7-414A-AE63-01019482EAF0}) (Version: 1.0.393.3870 - Hewlett-Packard) HP Calendar (HKLM-x32\...\{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}) (Version: 5.1.4245.23508 - Hewlett-Packard) HP Clock (HKLM-x32\...\{0EEC4E49-D4C2-4E23-87F2-B5641F1A09E4}) (Version: 5.1.4244.16367 - Hewlett-Packard) HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent) HP LinkUp (HKLM-x32\...\{7E750542-55BC-4300-8B7B-AC2A762FB435}) (Version: 2.01.029 - Hewlett-Packard) HP Magic Canvas Tutorials (HKLM-x32\...\{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1) (Version: 5.0.0.3 - Hewlett-Packard) HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.1.21091.0 - Hewlett-Packard Company) HP Notes (HKLM-x32\...\{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}) (Version: 5.1.4274.30382 - Hewlett-Packard) HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard) HP RSS (HKLM-x32\...\{452479C5-0118-48E9-AA69-0A7339F95FC8}) (Version: 5.1.4289.23799 - Hewlett-Packard) HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15130.3904 - Hewlett-Packard Company) HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.15145.3905 - Hewlett-Packard Company) HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard) HP TouchSmart RecipeBox (HKLM-x32\...\{20714B53-FC73-4F9C-9687-49EB237D6FD7}) (Version: 3.0.3830.27730 - Hewlett-Packard) HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard) HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.12.1.0 - Hewlett-Packard) HP Weather (HKLM-x32\...\{776CC95E-8160-401B-AC79-164822AA8306}) (Version: 5.1.4245.22595 - Hewlett-Packard) ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.5.0 - LIGHTNING UK!) Installer (x32 Version: 1.0.0 - Sierra Entertainment, Inc.) Hidden Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation) Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4507 - CyberLink Corp.) LabelPrint (x32 Version: 2.5.4507 - CyberLink Corp.) Hidden Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden Logitech QuickCam (HKLM-x32\...\{77E70C3C-DBB9-4C47-8663-1E1F81FEC623}) (Version: 6.01.0000 - Logitech, Inc.) Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes) ManyCam 5.7.2 (HKLM-x32\...\ManyCam) (Version: 5.7.2 - Visicom Media Inc.) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Metric Converter (HKLM-x32\...\{D0661463-50F7-4A1E-83CB-37CC590589AE}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd) Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation) Microsoft ODBC Driver 13 for SQL Server (HKLM\...\{825D262D-B676-4EAE-9BB6-F7AAD4707919}) (Version: 13.1.4001.0 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-956974598-3299727750-65723944-1001\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation) Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50401.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{6292D514-17A4-403F-98F9-E150F10C043D}) (Version: 10.3.5500.0 - Microsoft Corporation) Microsoft SQL Server 2012 Native Client (HKLM\...\{1385D3DB-8E80-427B-91D2-B7535862B8E4}) (Version: 11.3.6518.0 - Microsoft Corporation) Microsoft SQL Server 2016 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2016) (Version: - Microsoft Corporation) Microsoft SQL Server 2016 Setup (English) (HKLM\...\{0AE831BC-F2A8-4DE2-8FBF-68B220611A7F}) (Version: 13.1.4001.0 - Microsoft Corporation) Microsoft SQL Server 2016 T-SQL Language Service (HKLM\...\{FE3BF1DD-677E-4793-9770-C07AECC88882}) (Version: 13.0.14500.10 - Microsoft Corporation) Microsoft SQL Server 2016 T-SQL ScriptDom (HKLM\...\{C78CC1C8-D0DF-4F47-BA93-F3AE6E80E047}) (Version: 13.1.4001.0 - Microsoft Corporation) Microsoft SQL Server Data-Tier Application Framework (x86) (HKLM-x32\...\{5084D16B-E1D2-4F25-8B86-A03B4F9E1A72}) (Version: 13.0.3225.4 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft VSS Writer for SQL Server 2016 (HKLM\...\{3E013EB4-FF9E-4CCA-BAB6-318932614FAE}) (Version: 13.1.4001.0 - Microsoft Corporation) Mozilla Firefox 54.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0 (x86 en-US)) (Version: 54.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.0.6368 - Mozilla) NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation) NVIDIA 3D Vision Driver 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.53 - NVIDIA Corporation) NVIDIA GeForce Experience 2.8.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.8.1.21 - NVIDIA Corporation) NVIDIA Graphics Driver 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.53 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation) NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation) NWZ-S540 WALKMAN Guide (HKLM-x32\...\{55B1E4FA-F2E0-45DF-9B36-0B30A7949984}) (Version: 2.0.00.07010 - Sony Corporation) opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden OpenVPN 2.3.12-I602 (HKLM-x32\...\OpenVPN) (Version: 2.3.12-I602 - ) Oracle VM VirtualBox 5.0.32 (HKLM\...\{CBCF23C1-F5F7-44D9-A4C4-2BC02879C239}) (Version: 5.0.32 - Oracle Corporation) Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation) Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5706 - CyberLink Corp.) Power2Go (x32 Version: 6.1.5706 - CyberLink Corp.) Hidden PressReader (HKLM-x32\...\{912CED74-88D3-4C5B-ACB0-132318649765}) (Version: 5.11.0721.0 - NewspaperDirect Inc.) RAIDXpert (HKLM-x32\...\InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}) (Version: 3.3.1540.9 - AMD) RAIDXpert (x32 Version: 3.3.1540.9 - AMD) Hidden Recovery Manager (x32 Version: 5.5.0.4424 - CyberLink Corp.) Hidden Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard) RogueKiller version 12.11.3.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.3.0 - Adlice Software) RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden S.W.A.T. 4 (HKLM-x32\...\S.W.A.T. 4_is1) (Version: - ) SafeZone Stable 3.55.2393.607 (x32 Version: 3.55.2393.607 - Avast Software) Hidden Service Pack 1 for SQL Server 2016 (KB3182545) (64-bit) (HKLM\...\KB3182545) (Version: 13.1.4001.0 - Microsoft Corporation) SHIELD Streaming (Version: 4.1.0250 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 2.8.1.21 - NVIDIA Corporation) Hidden Skype™ 7.37 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.37.103 - Skype Technologies S.A.) Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited) Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform) SQL Server 2016 Batch Parser (Version: 13.0.1601.5 - Microsoft Corporation) Hidden SQL Server 2016 Common Files (Version: 13.1.4001.0 - Microsoft Corporation) Hidden SQL Server 2016 Connection Info (Version: 13.0.14500.10 - Microsoft Corporation) Hidden SQL Server 2016 Database Engine Services (Version: 13.1.4001.0 - Microsoft Corporation) Hidden SQL Server 2016 Database Engine Shared (Version: 13.1.4001.0 - Microsoft Corporation) Hidden SQL Server 2016 DMF (Version: 13.0.1601.5 - Microsoft Corporation) Hidden SQL Server 2016 Shared Management Objects (Version: 13.0.14500.10 - Microsoft Corporation) Hidden SQL Server 2016 Shared Management Objects Extensions (Version: 13.0.1601.5 - Microsoft Corporation) Hidden SQL Server 2016 SQL Diagnostics (Version: 13.0.1601.5 - Microsoft Corporation) Hidden SQL Server 2016 XEvent (Version: 13.0.1601.5 - Microsoft Corporation) Hidden Sql Server Customer Experience Improvement Program (Version: 13.1.4001.0 - Microsoft Corporation) Hidden SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1232 - SUPERAntiSpyware.com) SWAT 4 - The Stetchkov Syndicate (HKLM-x32\...\InstallShield_{97E12F84-C033-4DA2-97D2-F540C3E292EA}) (Version: 1.0.0 - Sierra Entertainment, Inc.) TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - ) TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.55321 - TeamViewer) The Sims™ Castaway Stories (HKLM-x32\...\{64EEA791-0271-4B53-00AC-2BF05F5FBEF6}) (Version: - Electronic Arts) The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden TurboTax 2016 (HKLM-x32\...\TurboTax 2016) (Version: 2016.0 - Intuit, Inc) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden Uthgard Launcher (HKU\S-1-5-21-956974598-3299727750-65723944-1001\...\Uthgard Launcher) (Version: 1.00.00.00 - Uthgard) Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.5.1 - VideoLAN) Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.) WildTangent Games App (HP Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH) Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {042937CB-5476-4C2A-8480-C5E036578E2B} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe Task: {0BAF62F2-FAFB-44BA-AA01-A02D7FF12BA3} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe Task: {1E68D6FB-C3B1-4CCF-AB98-7ED668B58DCD} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-14] (AVAST Software) Task: {21DD452C-AA84-43A2-B01B-4CBD8A78C444} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK Task: {274BB102-8D04-46E5-A79E-D14860A74EE9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-31] (Google Inc.) Task: {2BD23AC5-1AE4-4DDA-9587-C081BC86A246} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe Task: {2FF42FA2-4EE4-4AF8-AD5A-C65B330C09E6} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-06-16] (Adobe Systems Incorporated) Task: {35A742C1-2971-4943-A2E3-29AD462FFAAC} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {36C0939E-1A7E-40C5-B4F3-E1154E139970} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe Task: {38703468-C162-4F57-B44C-44E58A48E390} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-31] (Google Inc.) Task: {3ACF76E4-F5DF-431C-BEA2-BE70CF85AE6D} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {448270B0-5154-498D-B24D-AE71E7DB5927} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {49F3F14B-37B0-4FF8-8D79-A67723C5CB0E} - System32\Tasks\{072CA81D-69BB-49C4-914E-7EAC144C21C4} => pcalua.exe -a "C:\Program Files\McAfee Security Scan\uninstall.exe" Task: {4EF9C94A-BEB8-4886-8EFB-6F8DC72DE967} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe Task: {5345AC3C-FFF9-4831-B7E8-442B88B745F6} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe Task: {53ABC437-1B0B-41C8-BFA8-0949927B2CAE} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {55FDF64B-3C5A-49F4-9EC4-597B575CA285} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe Task: {60C6872D-D8C5-4B88-8980-45D08F81447E} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe Task: {66373DB8-4A8D-49A8-88A9-7AC45A9257AE} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe Task: {76028AB5-AC97-4F06-8327-7D5A47A19935} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {8019363D-BCAD-4773-B90D-F17D42075CBA} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {86B76D85-EC61-412A-8F5E-20B20B23A6CF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe Task: {8D77A25D-FD6A-481A-B0D6-9678902CB9A5} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe Task: {97D57FBC-B035-440C-88E7-9E676CD64057} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {9EE88514-786B-4C6B-B761-AD00A3815399} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe Task: {ABE81196-0AAC-419A-993A-CA0F9FA7E738} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {B00420E6-58FD-4BA4-89B8-24504B76CB13} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe Task: {B0783751-AFAE-4BFF-B02A-3C74BBADC98E} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe Task: {B8154F59-58F9-4937-80E6-BFB813638286} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe Task: {BB891099-3F04-45DA-8DFA-066AB33B0F7D} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe Task: {BBEC600D-225B-4BB6-ABF1-9BEC62ADE6DC} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe Task: {BEEFBCAC-0FD0-484D-841E-6BCD50C20927} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe Task: {C0F395F2-9715-4314-A840-2E6C417F6A32} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe Task: {C6429797-F491-4F5C-BD36-6AC08CF60D18} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {D6DA3362-2103-438C-95A8-10187738F89C} - System32\Tasks\HPCeeScheduleForBOBBY-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard) Task: {E85C1459-0DFC-43B3-B9AA-7D96334816D2} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-02-17] (AVAST Software) Task: {EE44F1BC-3A65-4249-BBAC-F4DEB17CDF61} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {F1C48DE7-F19E-4B8E-A3CB-B14D14262253} - System32\Tasks\SafeZone scheduled Autoupdate 1485906531 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-05-17] (Avast Software) Task: {F2511BEE-366D-49C8-BB06-D1D74AAAE162} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe Task: {FA82EDE2-406E-403A-8015-31BAD5CE2FD0} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\HPCeeScheduleForBOBBY-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2017-02-02 16:57 - 2015-12-22 01:35 - 00217720 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll 2016-07-16 07:42 - 2016-07-16 07:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2017-06-14 19:33 - 2017-06-03 06:01 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2017-02-02 16:56 - 2016-12-29 08:44 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2016-10-03 17:27 - 2016-10-03 17:27 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2017-03-14 17:38 - 2017-03-04 02:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2017-03-14 17:38 - 2017-03-04 02:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2017-03-14 17:38 - 2017-03-04 02:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-03-14 17:38 - 2017-03-04 02:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2017-06-14 19:33 - 2017-06-03 04:47 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2017-06-14 19:33 - 2017-06-03 04:47 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2017-06-14 19:33 - 2017-06-03 04:51 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2017-06-21 08:43 - 2017-06-21 08:43 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2017-06-21 08:43 - 2017-06-21 08:43 - 00203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2017-06-21 08:43 - 2017-06-21 08:43 - 43454464 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkyWrap.dll 2017-06-21 08:43 - 2017-06-21 08:43 - 02437120 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\skypert.dll 2017-02-17 18:26 - 2017-02-17 18:26 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2017-01-31 19:42 - 2017-01-31 19:42 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2017-02-17 18:25 - 2017-02-17 18:25 - 00289328 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-956974598-3299727750-65723944-1001\...\localhost -> localhost ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2016-10-13 16:05 - 00000828 _____ C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-956974598-3299727750-65723944-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img2.jpg HKU\S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg HKU\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\Services: AMD External Events Utility => 2 MSCONFIG\Services: AMD FUEL Service => 2 MSCONFIG\Services: AMD_RAIDXpert => 2 MSCONFIG\Services: DSAO => 2 MSCONFIG\Services: hpqwmiex => 3 MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2 MSCONFIG\Services: MBAMScheduler => 2 MSCONFIG\Services: pdfcDispatcher => 2 MSCONFIG\Services: STacSV => 2 MSCONFIG\Services: TrueKey => 2 MSCONFIG\Services: TrueKeyScheduler => 2 MSCONFIG\Services: TrueKeyServiceHelper => 3 HKLM\...\StartupApproved\Run: => "BeatsOSDApp" HKLM\...\StartupApproved\Run: => "hpsysdrv" HKLM\...\StartupApproved\Run: => "SysTrayApp" HKLM\...\StartupApproved\Run: => "Logitech Download Assistant" HKLM\...\StartupApproved\Run: => "NvBackend" HKLM\...\StartupApproved\Run: => "ShadowPlay" HKLM\...\StartupApproved\Run32: => "HP Software Update" HKLM\...\StartupApproved\Run32: => "PDF Complete" HKLM\...\StartupApproved\Run32: => "ContentTransferWMDetector.exe" HKU\S-1-5-21-956974598-3299727750-65723944-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{9FD064D4-CD89-43C1-BB0D-ABE2CD1A1EF4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{B01E3941-B0C6-4E38-B978-0444CAA744EB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{1AB7D572-B31F-475A-812B-39796CA9F452}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{D96512AA-7D2C-410B-B970-26158E38E61D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{A677BDEB-F455-486B-BA8C-627177E3E33D}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe FirewallRules: [{51FBFFCF-7C67-4D7E-B72C-AD27D73475B2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{C24D602C-0599-47A0-8BA0-4DEE2521526E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{DFBF3220-475B-4E1F-BB00-6839C9D1B65D}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe FirewallRules: [{08DB7BC7-5519-4E0C-AFB2-E0B81CB4EFA8}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{8198B192-730D-42CE-BDDB-754C06A3C136}] => (Allow) LPort=1900 FirewallRules: [{80771F50-EFFA-429F-BA99-EE0E719DB6EF}] => (Allow) LPort=2869 FirewallRules: [{8BDA70CE-E4B6-491B-AE18-B5647C851DDF}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{029D6B59-D202-4414-8D18-01BFB345837E}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe FirewallRules: [{8E5436B7-277B-4E33-89F1-16FB14C5A901}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP LinkUp\HP LinkUp Viewer.exe FirewallRules: [{C6AB79E4-5276-49D1-8C20-923AAC1823D9}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe FirewallRules: [{9CFF2F32-298B-468C-8B67-3B58F8940774}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\Remote Graphics Receiver\rgreceiver.exe FirewallRules: [{9D578EE5-CC31-4245-8660-F4A3895C93C6}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{411D98B1-C768-46C9-B667-55C09F037FB7}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\RoxioNow\IndivDRM.exe FirewallRules: [{AB50CFA6-A8CF-4783-8D5A-E89A57DF1FDC}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\RoxioNow\IndivDRM.exe FirewallRules: [{7EFCD63C-7B57-4E7D-827D-61F6C5BDF257}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\RoxioNow\RNow.exe FirewallRules: [{12CE08CE-7F59-4486-B373-1E5917BF1CDC}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\RoxioNow\RNow.exe FirewallRules: [{2C2D57AB-8E2B-413C-80B9-BFA7C8A8FBD2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{DB280241-0DA7-4BF6-A43D-C6C5B528AB04}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{C40F4C27-CC23-471D-A836-FE7A9CD4A0A3}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe FirewallRules: [{747D3214-651C-4E6E-839A-8207710EB214}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe FirewallRules: [{A8D7C622-7081-4A66-82D8-1620D9758FE3}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe FirewallRules: [{449A3BC2-078F-413C-AFEC-B0E1ED0C410F}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe FirewallRules: [{51BE8574-BDDE-4515-890D-8EC1E831712F}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe FirewallRules: [{06D3E54B-8C30-4AD1-80AF-C21E5C6D9D23}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe FirewallRules: [{693D689B-D2B4-45FD-B539-5E13BE404D98}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{58D279BE-8A58-419B-8E20-D9DBBA3E8F8A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{C0412577-DFF0-4680-A78D-0673F22BD05F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{22CB2765-54F0-4425-82D6-355208184B3A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{A3888181-8561-4689-BE8E-63D41A614177}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{9CF1C4BD-3934-41BB-ADA4-4E2164382A3C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{97D80B29-1CCF-436C-A6E6-A015D7128161}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [TCP Query User{96AC7080-9702-4AFA-BB8D-F64DFCA0CA94}C:\program files (x86)\entropia universe\bin64\entropia.exe] => (Allow) C:\program files (x86)\entropia universe\bin64\entropia.exe FirewallRules: [UDP Query User{A5778937-40E8-46AA-833D-85EC9C95586C}C:\program files (x86)\entropia universe\bin64\entropia.exe] => (Allow) C:\program files (x86)\entropia universe\bin64\entropia.exe FirewallRules: [{98DE6C3B-7CE2-47FF-865F-E92B97EB3115}] => (Allow) C:\Program Files (x86)\S.W.A.T. 4\ContentExpansion\System\Swat4X.exe FirewallRules: [{3175E95E-28A0-4E56-804D-3F16E69DBAC2}] => (Allow) C:\Program Files (x86)\S.W.A.T. 4\ContentExpansion\System\Swat4X.exe FirewallRules: [{3BD1BF3E-E9FC-40F7-8563-83F9C36448D8}] => (Allow) C:\Program Files (x86)\S.W.A.T. 4\ContentExpansion\System\Swat4XDedicatedServer.exe FirewallRules: [{983BCF95-2B8A-40D7-BB8E-8E6632915118}] => (Allow) C:\Program Files (x86)\S.W.A.T. 4\ContentExpansion\System\Swat4XDedicatedServer.exe FirewallRules: [TCP Query User{6EF362E6-501C-47FA-8A1C-448375E55E54}C:\users\bobby\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\bobby\appdata\roaming\gameranger\gameranger\gameranger.exe FirewallRules: [UDP Query User{FF82E483-BC75-467C-8178-414E8422E5FC}C:\users\bobby\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\bobby\appdata\roaming\gameranger\gameranger\gameranger.exe FirewallRules: [{2EF48A92-E90D-456A-82B3-C2F99ED1403E}] => (Block) C:\users\bobby\appdata\roaming\gameranger\gameranger\gameranger.exe FirewallRules: [{FF5B8F20-F492-4B60-8CA5-48A75A209E2F}] => (Block) C:\users\bobby\appdata\roaming\gameranger\gameranger\gameranger.exe FirewallRules: [{3F8CA827-67EA-449B-A8AE-8DADD4D0F32C}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.590\SZBrowser.exe FirewallRules: [{8F340C34-E80D-4D2B-87B6-9A2EA0546716}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe FirewallRules: [{65C34BA9-4171-443E-9747-57D47EC56374}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe FirewallRules: [{D2E78776-AC19-46EB-B489-1D328D13C9AD}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe FirewallRules: [{2F03FDEC-F8A6-4CC4-B3A8-EABCABFE5DEC}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe FirewallRules: [{9947EE9C-4450-4EBD-95E4-4379B2EBF7AA}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe FirewallRules: [{BFD8D4DA-F872-49B8-896B-64CDAE95190A}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe FirewallRules: [{D68CDCCA-A4E0-40A5-8786-6010AD58B95A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{372D3CDC-8258-45DC-A944-D438F095184E}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.607\SZBrowser.exe FirewallRules: [TCP Query User{8F09F198-01AD-41F5-82C3-B9E6DF4FC58D}C:\program files (x86)\entropia universe\bin64\entropia.exe] => (Allow) C:\program files (x86)\entropia universe\bin64\entropia.exe FirewallRules: [UDP Query User{DD2C35B2-E7EA-4AF7-9DD0-9AE0E3735D4D}C:\program files (x86)\entropia universe\bin64\entropia.exe] => (Allow) C:\program files (x86)\entropia universe\bin64\entropia.exe ==================== Restore Points ========================= 29-05-2017 19:12:31 Scheduled Checkpoint 09-06-2017 15:46:12 Windows Update 13-06-2017 18:10:07 Windows Update 16-06-2017 23:50:00 JRT Pre-Junkware Removal 21-06-2017 11:07:53 JRT Pre-Junkware Removal ==================== Faulty Device Manager Devices ============= Name: avast! SecureLine TAP Adapter v3 Description: avast! SecureLine TAP Adapter v3 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: TAP-Windows Provider V9 Service: aswTap Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: VirtualBox Host-Only Ethernet Adapter Description: VirtualBox Host-Only Ethernet Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Oracle Corporation Service: VBoxNetAdp Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: TAP-Windows Adapter V9 Description: TAP-Windows Adapter V9 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: TAP-Windows Provider V9 Service: tap0901 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: The Broadcom 802.11 Network Adapter provides wireless local area networking. Description: Broadcom WLAN Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Broadcom Service: BCM43XX Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Bluetooth PAN HelpText Description: Bluetooth Device (Personal Area Network) Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: BthPan Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (06/22/2017 11:45:54 AM) (Source: ESENT) (EventID: 542) (User: ) Description: taskhostw (3616) WebCacheLocal: Database C:\Users\bobby\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat: Page 33 (0x21) (objid 9) has a logical corruption of type 'LinesOutOfOrder'. Error: (06/22/2017 11:41:26 AM) (Source: ESENT) (EventID: 542) (User: ) Description: taskhostw (3616) WebCacheLocal: Database C:\Users\bobby\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat: Page 33 (0x21) (objid 9) has a logical corruption of type 'LinesOutOfOrder'. Error: (06/22/2017 11:41:15 AM) (Source: ESENT) (EventID: 542) (User: ) Description: taskhostw (3616) WebCacheLocal: Database C:\Users\bobby\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat: Page 33 (0x21) (objid 9) has a logical corruption of type 'LinesOutOfOrder'. Error: (06/22/2017 11:40:44 AM) (Source: ESENT) (EventID: 542) (User: ) Description: taskhostw (3616) WebCacheLocal: Database C:\Users\bobby\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat: Page 33 (0x21) (objid 9) has a logical corruption of type 'LinesOutOfOrder'. Error: (06/22/2017 11:40:08 AM) (Source: ESENT) (EventID: 542) (User: ) Description: taskhostw (3616) WebCacheLocal: Database C:\Users\bobby\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat: Page 33 (0x21) (objid 9) has a logical corruption of type 'LinesOutOfOrder'. Error: (06/21/2017 03:21:13 PM) (Source: ESENT) (EventID: 542) (User: ) Description: taskhostw (5244) WebCacheLocal: Database C:\Users\bobby\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat: Page 33 (0x21) (objid 9) has a logical corruption of type 'LinesOutOfOrder'. Error: (06/21/2017 02:32:20 PM) (Source: ESENT) (EventID: 542) (User: ) Description: taskhostw (5244) WebCacheLocal: Database C:\Users\bobby\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat: Page 33 (0x21) (objid 9) has a logical corruption of type 'LinesOutOfOrder'. Error: (06/21/2017 02:32:05 PM) (Source: ESENT) (EventID: 542) (User: ) Description: taskhostw (5244) WebCacheLocal: Database C:\Users\bobby\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat: Page 33 (0x21) (objid 9) has a logical corruption of type 'LinesOutOfOrder'. Error: (06/21/2017 02:09:04 PM) (Source: ESENT) (EventID: 542) (User: ) Description: taskhostw (5244) WebCacheLocal: Database C:\Users\bobby\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat: Page 33 (0x21) (objid 9) has a logical corruption of type 'LinesOutOfOrder'. Error: (06/21/2017 02:02:59 PM) (Source: ESENT) (EventID: 542) (User: ) Description: taskhostw (5244) WebCacheLocal: Database C:\Users\bobby\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat: Page 33 (0x21) (objid 9) has a logical corruption of type 'LinesOutOfOrder'. System errors: ============= Error: (06/22/2017 11:37:53 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (06/22/2017 11:37:53 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (06/22/2017 11:37:53 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (06/21/2017 12:49:59 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: ) Description: The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system. Error: (06/21/2017 10:50:24 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (06/21/2017 10:50:17 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (06/21/2017 10:50:17 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (06/21/2017 10:49:55 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the HPClientSvc service to connect. Error: (06/21/2017 10:49:26 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Error: (06/21/2017 10:47:43 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Malwarebytes Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. CodeIntegrity: =================================== Date: 2017-01-31 18:14:45.613 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-01-31 18:14:35.200 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-01-31 17:45:31.749 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-01-31 17:45:30.340 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-01-31 17:45:30.052 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-01-31 17:44:17.423 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-01-31 17:11:22.054 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-01-31 17:11:20.463 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-01-31 17:11:20.137 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-01-31 17:10:04.427 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: AMD FX(tm)-6100 Six-Core Processor Percentage of memory in use: 21% Total physical RAM: 10014.89 MB Available physical RAM: 7903.96 MB Total Virtual: 10654.89 MB Available Virtual: 8087.58 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:1845.22 GB) (Free:1734.03 GB) NTFS ==>[system with boot components (obtained from drive)] Drive d: (HP_RECOVERY) (Fixed) (Total:16.88 GB) (Free:2.1 GB) NTFS ==>[system with boot components (obtained from drive)] Drive e: () (Fixed) (Total:139.73 GB) (Free:56.79 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1862.6 GB) (Disk ID: B1A1F069) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=1845.2 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=450 MB) - (Type=27) Partition 4: (Not Active) - (Size=16.9 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 139.7 GB) (Disk ID: B649B649) Partition 1: (Active) - (Size=139.7 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================