Inactive Malware?

1

1wraith1

Posts: 21   +0
Hello and many thanks for the help!!!

Here are the logs:
FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-10-2017 01
Ran by strem (administrator) on PSYGEIO (19-10-2017 16:21:08)
Running from C:\Users\strem\Downloads
Loaded Profiles: strem & postgres (Available Profiles: defaultuser0 & strem & postgres & valia)
Platform: Windows 10 Pro Version 1703 15063.674 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> Secure System
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Paragon Software\HFS+ for Windows\apmwinsrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Windows\System32\vmms.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.5\bin\pg_ctl.exe
(Microsoft Corporation) C:\Windows\System32\vmcompute.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.5\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.5\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.5\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.5\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.5\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.5\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.5\bin\postgres.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
() C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Paragon Software) C:\Program Files (x86)\Paragon Software\HFS+ for Windows\Paragon HFS for Windows.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
() C:\Program Files\WindowsApps\2414FC7A.Viber_6.6.21745.0_x86__p61zvh252yqyr\Native.Host.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
() C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Samsung Electronics Co. Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [GoPro Tray App] => C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe [866224 2017-03-16] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-07-14] (Apple Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1870928 2017-04-05] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2407008 2017-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3481912 2017-10-03] (Dropbox, Inc.)
HKU\S-1-5-21-1219069295-641389954-239467378-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [886352 2017-04-05] (Adobe Systems Incorporated)
HKU\S-1-5-21-1219069295-641389954-239467378-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421736 2017-03-28] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-1219069295-641389954-239467378-1002\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517120 2017-03-18] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIHRE.EXE [283232 2017-03-28] (SEIKO EPSON CORPORATION)
Startup: C:\Users\valia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-05-16]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{61871759-9021-4245-a883-5deffea8c608}: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{e3b3ac4f-d583-40d0-a1af-f4912ddbeee9}: [DhcpNameServer] 192.168.1.1 0.0.0.0

Internet Explorer:
==================
HKU\S-1-5-21-1219069295-641389954-239467378-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SK2M&ocid=SK2MDHP&osmkt=en-ww
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-02-17] (Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-02-17] (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-09-28] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-02-17] (Adobe Systems Incorporated)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2017-09-28] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-02-17] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-02-17] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-02-17] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1219069295-641389954-239467378-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-02-17] (Adobe Systems Incorporated)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-28] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-09-28] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-09-28] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-09-28] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-09-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-09-28] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: eshzmddc.default
FF ProfilePath: C:\Users\strem\AppData\Roaming\Mozilla\Firefox\Profiles\eshzmddc.default [2017-10-19]
FF Homepage: Mozilla\Firefox\Profiles\eshzmddc.default -> hxxps://www.google.gr/?gfe_rd=cr&ei=2lE7Voj_F6yz8wfZ47OYDw&gws_rd=ssl
FF Session Restore: Mozilla\Firefox\Profiles\eshzmddc.default -> is enabled.
FF Extension: (Greek Spelling dictionary) - C:\Users\strem\AppData\Roaming\Mozilla\Firefox\Profiles\eshzmddc.default\Extensions\el-GR@dictionaries.addons.mozilla.org [2017-05-06] [not signed]
FF Extension: (LanguageTool - Grammar and Style Checker) - C:\Users\strem\AppData\Roaming\Mozilla\Firefox\Profiles\eshzmddc.default\Extensions\languagetool-webextension@languagetool.org.xpi [2017-10-12]
FF Extension: (Print Edit WE) - C:\Users\strem\AppData\Roaming\Mozilla\Firefox\Profiles\eshzmddc.default\Extensions\printedit-we@DW-dev.xpi [2017-10-12]
FF Extension: (Print Edit) - C:\Users\strem\AppData\Roaming\Mozilla\Firefox\Profiles\eshzmddc.default\Extensions\printedit@DW-dev.xpi [2017-08-27]
FF Extension: (Test Pilot) - C:\Users\strem\AppData\Roaming\Mozilla\Firefox\Profiles\eshzmddc.default\Extensions\testpilot@labs.mozilla.com.xpi [2017-03-24]
FF Extension: (Adblock Plus) - C:\Users\strem\AppData\Roaming\Mozilla\Firefox\Profiles\eshzmddc.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-08]
FF Extension: (DownThemAll!) - C:\Users\strem\AppData\Roaming\Mozilla\Firefox\Profiles\eshzmddc.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2017-03-24]
FF ProfilePath: C:\Users\strem\AppData\Roaming\Mozilla\Firefox\Profiles\e0b933l0.dev-edition-default [2017-10-12]
FF Session Restore: Mozilla\Firefox\Profiles\e0b933l0.dev-edition-default -> is enabled.
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2017-04-19]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-09-28] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-09-20] (Adobe Systems)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-09-28] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-05-01] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-05-01] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-09-20] (Adobe Systems)
StartMenuInternet: Firefox-CA9422711AE1A81C - C:\Program Files\Firefox Developer Edition\firefox.exe
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2017-07-05]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

Opera:
=======
StartMenuInternet: (HKLM) Operabeta - C:\Program Files\Opera beta\Launcher.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [817760 2017-09-20] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
R2 apmwinsrv; C:\Program Files (x86)\Paragon Software\HFS+ for Windows\apmwinsrv.exe [1879696 2017-08-22] ()
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7761584 2017-10-04] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-10-15] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-10-15] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51016 2017-10-03] (Dropbox, Inc.)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2625368 2017-08-06] (ESET)
S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1099280 2017-03-28] (Garmin Ltd. or its subsidiaries)
R2 GoProDeviceDetectionService; C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe [37808 2017-03-16] ()
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-01] (NVIDIA Corporation)
R2 postgresql-x64-9.5; C:\Program Files\PostgreSQL\9.5\bin\pg_ctl.exe [94208 2016-08-09] (PostgreSQL Global Development Group) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-19] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-08-29] (TeamViewer GmbH)
R3 vmcompute; C:\WINDOWS\system32\vmcompute.exe [2231296 2017-05-20] (Microsoft Corporation)
R2 vmms; C:\WINDOWS\system32\vmms.exe [14415360 2017-07-28] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AFXfilt; C:\WINDOWS\system32\drivers\AFXfilt.sys [33792 2017-02-13] (Creative Technology Ltd.)
R0 apmwin; C:\WINDOWS\System32\DRIVERS\apmwin.sys [48088 2017-08-22] (Paragon Software Group)
S2 csvol; C:\WINDOWS\system32\DRIVERS\csvol.sys [46552 2017-08-22] (Paragon Software Group)
S3 cthdb; C:\WINDOWS\system32\DRIVERS\cthdb.sys [33792 2017-02-13] (Creative Technology Ltd)
R3 CtxHdb; C:\WINDOWS\system32\DRIVERS\Ctxhdb.sys [48400 2017-06-22] (Creative Technology Ltd)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [132824 2017-08-06] (ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [107344 2017-04-25] (ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [14880 2017-04-25] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [178056 2017-04-25] (ESET)
R2 ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [50752 2017-04-25] (ESET)
R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [78192 2017-04-25] (ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [101648 2017-04-25] (ESET)
R0 gpt_loader; C:\WINDOWS\System32\DRIVERS\gpt_loader.sys [79832 2017-08-22] ()
S3 Hfsplus; C:\WINDOWS\System32\DRIVERS\hfsplus.sys [218072 2017-08-22] (Paragon Software Group)
R3 HfsplusRec; C:\WINDOWS\System32\DRIVERS\hfsplusrec.sys [35288 2017-08-22] (Paragon Software Group)
R3 hvsocketcontrol; C:\WINDOWS\system32\drivers\hvsocketcontrol.sys [22016 2017-05-23] (Microsoft Corporation)
R3 LifeCamTrueColor; C:\WINDOWS\system32\DRIVERS\LifeCamTrueColor.sys [37928 2016-07-27] (Microsoft Corporation)
S3 lunparser; C:\WINDOWS\System32\drivers\lunparser.sys [23552 2017-05-23] (Microsoft Corporation)
R0 mounthlp; C:\WINDOWS\System32\DRIVERS\mounthlp.sys [64472 2017-08-22] (Paragon Software Group)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_f9309145156afb40\nvlddmkm.sys [14456912 2017-05-19] (NVIDIA Corporation)
S3 passthruparser; C:\WINDOWS\System32\drivers\passthruparser.sys [25088 2017-05-23] (Microsoft Corporation)
S3 pcip; C:\WINDOWS\System32\drivers\pcip.sys [47616 2017-05-23] (Microsoft Corporation)
S3 pvhdparser; C:\WINDOWS\System32\drivers\pvhdparser.sys [51712 2017-05-23] (Microsoft Corporation)
S3 ramparser; C:\WINDOWS\System32\drivers\ramparser.sys [31232 2017-05-23] (Microsoft Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek )
S3 RtlWlanu; C:\WINDOWS\System32\drivers\rtwlanu.sys [5707264 2017-03-18] (Realtek Semiconductor Corporation )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 Synth3dVsp; C:\WINDOWS\System32\drivers\synth3dvsp.sys [104448 2017-05-23] (Microsoft Corporation)
S3 vhdparser; C:\WINDOWS\System32\drivers\vhdparser.sys [31232 2017-05-23] (Microsoft Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-19 16:21 - 2017-10-19 16:21 - 000021847 _____ C:\Users\strem\Downloads\FRST.txt
2017-10-19 16:20 - 2017-10-19 16:21 - 000000000 ____D C:\FRST
2017-10-19 16:20 - 2017-10-19 16:20 - 000000000 ____D C:\Users\strem\Downloads\FRST-OlderVersion
2017-10-19 16:19 - 2017-10-19 16:20 - 002402816 _____ (Farbar) C:\Users\strem\Downloads\FRST64.exe
2017-10-19 16:16 - 2017-10-19 16:19 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC
2017-10-15 18:27 - 2017-10-15 18:27 - 000001299 _____ C:\Users\valia\Desktop\Dropbox.lnk
2017-10-15 18:25 - 2017-10-15 18:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-10-15 18:24 - 2017-10-15 18:24 - 000000000 ____D C:\Users\strem\AppData\Roaming\Dropbox
2017-10-15 18:23 - 2017-10-17 02:02 - 000000922 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2017-10-15 18:23 - 2017-10-17 02:02 - 000000918 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2017-10-15 18:23 - 2017-10-15 19:07 - 000000000 ____D C:\Users\strem\AppData\Local\Dropbox
2017-10-15 18:23 - 2017-10-15 18:27 - 000000000 ____D C:\Users\valia\AppData\Local\Dropbox
2017-10-15 18:23 - 2017-10-15 18:25 - 000000000 ____D C:\Program Files (x86)\Dropbox
2017-10-15 18:23 - 2017-10-15 18:23 - 000690080 _____ (Dropbox, Inc.) C:\Users\valia\Downloads\DropboxInstaller.exe
2017-10-15 18:23 - 2017-10-15 18:23 - 000003982 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2017-10-15 18:23 - 2017-10-15 18:23 - 000003750 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2017-10-15 18:23 - 2017-10-15 18:23 - 000000000 ____D C:\ProgramData\Dropbox
2017-10-15 18:01 - 2017-10-15 18:02 - 000639612 _____ C:\WINDOWS\Minidump\101517-7468-01.dmp
2017-10-13 22:22 - 2017-10-13 22:22 - 000495884 _____ C:\WINDOWS\Minidump\101317-8187-01.dmp
2017-10-13 11:21 - 2017-10-13 11:21 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2017-10-12 11:37 - 2017-09-30 08:51 - 001458320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-10-12 11:37 - 2017-09-30 08:50 - 001346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-10-12 11:37 - 2017-09-30 08:50 - 001068208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-10-12 11:37 - 2017-09-30 08:49 - 001004136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-10-12 11:37 - 2017-09-30 08:47 - 001194792 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2017-10-12 11:37 - 2017-09-30 08:42 - 001506712 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-10-12 11:37 - 2017-09-30 08:42 - 000820120 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-10-12 11:37 - 2017-09-30 08:41 - 005304496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2017-10-12 11:37 - 2017-09-30 08:41 - 000651672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-10-12 11:37 - 2017-09-30 08:41 - 000259400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-10-12 11:37 - 2017-09-30 08:41 - 000228248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-10-12 11:37 - 2017-09-30 08:40 - 000558912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-10-12 11:37 - 2017-09-30 08:40 - 000408984 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-10-12 11:37 - 2017-09-30 08:40 - 000336320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-10-12 11:37 - 2017-09-30 08:40 - 000072944 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2017-10-12 11:37 - 2017-09-30 08:39 - 021351760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-10-12 11:37 - 2017-09-30 08:39 - 000203672 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-10-12 11:37 - 2017-09-30 08:38 - 007910072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-10-12 11:37 - 2017-09-30 08:36 - 002672024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-10-12 11:37 - 2017-09-30 05:29 - 001408536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-10-12 11:37 - 2017-09-30 05:29 - 000804784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-10-12 11:37 - 2017-09-30 05:26 - 001333136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-10-12 11:37 - 2017-09-30 05:26 - 001292872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-10-12 11:37 - 2017-09-30 05:10 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-10-12 11:37 - 2017-09-30 05:10 - 001150776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-10-12 11:37 - 2017-09-30 05:10 - 000606072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-10-12 11:37 - 2017-09-30 05:10 - 000508344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2017-10-12 11:37 - 2017-09-30 05:10 - 000480920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2017-10-12 11:37 - 2017-09-30 05:09 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-10-12 11:37 - 2017-09-30 05:09 - 000787712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2017-10-12 11:37 - 2017-09-30 05:06 - 004471368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-10-12 11:37 - 2017-09-30 05:05 - 005827744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-10-12 11:37 - 2017-09-30 05:05 - 002603744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll
2017-10-12 11:37 - 2017-09-30 05:05 - 001266544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-10-12 11:37 - 2017-09-30 05:05 - 000750488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-10-12 11:37 - 2017-09-30 05:05 - 000559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-10-12 11:37 - 2017-09-30 05:04 - 004215184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2017-10-12 11:37 - 2017-09-30 05:04 - 000612120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-10-12 11:37 - 2017-09-30 05:04 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-10-12 11:37 - 2017-09-30 05:04 - 000438096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-10-12 11:37 - 2017-09-30 05:04 - 000347544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-10-12 11:37 - 2017-09-30 05:04 - 000182680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-10-12 11:37 - 2017-09-30 05:03 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-10-12 11:37 - 2017-09-30 05:03 - 006768288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-10-12 11:37 - 2017-09-30 05:03 - 001439032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2017-10-12 11:37 - 2017-09-30 05:02 - 001624096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.AppAgent.dll
2017-10-12 11:37 - 2017-09-30 05:02 - 001517464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-10-12 11:37 - 2017-09-30 05:02 - 000175512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-10-12 11:37 - 2017-09-30 05:01 - 000124544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2017-10-12 11:37 - 2017-09-29 10:45 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-10-12 11:37 - 2017-09-29 10:44 - 000133120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2017-10-12 11:37 - 2017-09-29 10:43 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-10-12 11:37 - 2017-09-29 10:43 - 000142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2017-10-12 11:37 - 2017-09-29 10:43 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2017-10-12 11:37 - 2017-09-29 10:42 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mgmtapi.dll
2017-10-12 11:37 - 2017-09-29 10:41 - 013844992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-10-12 11:37 - 2017-09-29 10:41 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BitLockerCsp.dll
2017-10-12 11:37 - 2017-09-29 10:40 - 006728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-10-12 11:37 - 2017-09-29 10:40 - 000371200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-10-12 11:37 - 2017-09-29 10:40 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-10-12 11:37 - 2017-09-29 10:39 - 020511232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-10-12 11:37 - 2017-09-29 10:39 - 011888640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-10-12 11:37 - 2017-09-29 10:39 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-10-12 11:37 - 2017-09-29 10:38 - 005721600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-10-12 11:37 - 2017-09-29 10:38 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-10-12 11:37 - 2017-09-29 10:38 - 001135616 ____R (The ICU Project) C:\WINDOWS\SysWOW64\icuuc.dll
2017-10-12 11:37 - 2017-09-29 10:38 - 000498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Uev.Office2013CustomActions.dll
2017-10-12 11:37 - 2017-09-29 10:38 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-10-12 11:37 - 2017-09-29 10:38 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
2017-10-12 11:37 - 2017-09-29 10:38 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2017-10-12 11:37 - 2017-09-29 10:38 - 000308224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-10-12 11:37 - 2017-09-29 10:38 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-10-12 11:37 - 2017-09-29 10:37 - 000306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.dll
2017-10-12 11:37 - 2017-09-29 10:37 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-10-12 11:37 - 2017-09-29 10:36 - 019337216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-10-12 11:37 - 2017-09-29 10:36 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-10-12 11:37 - 2017-09-29 10:35 - 003654656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-10-12 11:37 - 2017-09-29 10:34 - 006255616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-10-12 11:37 - 2017-09-29 10:34 - 003669504 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-10-12 11:37 - 2017-09-29 10:34 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-10-12 11:37 - 2017-09-29 10:34 - 000798720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-10-12 11:37 - 2017-09-29 10:34 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-10-12 11:37 - 2017-09-29 10:34 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2017-10-12 11:37 - 2017-09-29 10:33 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-10-12 11:37 - 2017-09-29 10:33 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-10-12 11:37 - 2017-09-29 10:33 - 001506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-10-12 11:37 - 2017-09-29 10:33 - 000658944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-10-12 11:37 - 2017-09-29 10:32 - 002782720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-10-12 11:37 - 2017-09-29 10:32 - 002340864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-10-12 11:37 - 2017-09-29 10:32 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-10-12 11:37 - 2017-09-29 10:32 - 001244160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Phone.dll
2017-10-12 11:37 - 2017-09-29 10:32 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2017-10-12 11:37 - 2017-09-29 10:32 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-10-12 11:37 - 2017-09-29 10:32 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2017-10-12 11:37 - 2017-09-29 10:32 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-10-12 11:37 - 2017-09-29 10:32 - 000023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mgmtapi.dll
2017-10-12 11:37 - 2017-09-29 10:31 - 003107328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2017-10-12 11:37 - 2017-09-29 10:31 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-10-12 11:37 - 2017-09-29 10:31 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-10-12 11:37 - 2017-09-29 10:31 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-10-12 11:37 - 2017-09-29 10:31 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-10-12 11:37 - 2017-09-29 10:30 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-10-12 11:37 - 2017-09-29 10:30 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-10-12 11:37 - 2017-09-29 10:30 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-10-12 11:37 - 2017-09-29 10:29 - 001460736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2017-10-12 11:37 - 2017-09-29 10:29 - 001318912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2017-10-12 11:37 - 2017-09-29 10:29 - 000724992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-10-12 11:37 - 2017-09-29 10:29 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2017-10-12 11:37 - 2017-09-29 10:29 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-10-12 11:37 - 2017-09-29 10:29 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2017-10-12 11:37 - 2017-09-29 10:28 - 000681472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2017-10-12 11:37 - 2017-09-29 10:28 - 000556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-10-12 11:37 - 2017-09-29 10:28 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-10-12 11:37 - 2017-09-29 10:28 - 000473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2017-10-12 11:37 - 2017-09-29 10:28 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-10-12 11:37 - 2017-09-29 10:28 - 000297984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2017-10-12 11:37 - 2017-09-29 10:28 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-10-12 11:37 - 2017-09-29 10:28 - 000104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe
2017-10-12 11:37 - 2017-09-29 10:28 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cipher.exe
2017-10-12 11:37 - 2017-09-29 10:27 - 000565760 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2017-10-12 11:37 - 2017-09-29 10:27 - 000538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2017-10-12 11:37 - 2017-09-29 10:27 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-10-12 11:37 - 2017-09-29 10:27 - 000409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-10-12 11:37 - 2017-09-29 10:27 - 000350720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll
2017-10-12 11:37 - 2017-09-29 10:26 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-10-12 11:37 - 2017-09-29 10:26 - 000356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2017-10-12 11:37 - 2017-09-29 10:26 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-10-12 11:37 - 2017-09-29 10:25 - 008199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-10-12 11:37 - 2017-09-29 10:25 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-10-12 11:37 - 2017-09-29 10:25 - 002760704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-10-12 11:37 - 2017-09-29 10:24 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-10-12 11:37 - 2017-09-29 10:24 - 002503680 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-10-12 11:37 - 2017-09-29 10:24 - 001628672 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
 
Continued:

2017-10-12 11:37 - 2017-09-29 10:24 - 000684032 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-10-12 11:37 - 2017-09-29 10:23 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-10-12 11:37 - 2017-09-29 10:23 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-10-12 11:37 - 2017-09-29 10:23 - 002730496 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-10-12 11:37 - 2017-09-29 10:23 - 002446336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-10-12 11:37 - 2017-09-29 10:23 - 002055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-10-12 11:37 - 2017-09-29 10:23 - 001398784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-10-12 11:37 - 2017-09-29 10:23 - 001052672 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-10-12 11:37 - 2017-09-29 10:23 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-10-12 11:37 - 2017-09-29 10:23 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-10-12 11:37 - 2017-09-29 10:23 - 000841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-10-12 11:37 - 2017-09-29 10:23 - 000756224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-10-12 11:37 - 2017-09-29 10:23 - 000647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-10-12 11:37 - 2017-09-29 10:23 - 000512000 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2017-10-12 11:37 - 2017-09-29 10:22 - 001438208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll
2017-10-12 11:37 - 2017-09-29 10:22 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-10-12 11:37 - 2017-09-29 10:21 - 003304448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2017-10-12 11:37 - 2017-09-29 10:21 - 000722944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-10-12 11:37 - 2017-09-29 10:21 - 000414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-10-12 11:37 - 2017-09-29 10:21 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\system32\regsvc.dll
2017-10-12 11:37 - 2017-09-29 10:21 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TabSvc.dll
2017-10-12 11:37 - 2017-09-29 10:20 - 001811456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2017-10-12 11:37 - 2017-09-29 10:20 - 000804864 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2017-10-12 11:37 - 2017-09-29 10:20 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2017-10-12 11:37 - 2017-09-29 10:20 - 000286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-10-12 11:37 - 2017-09-29 10:20 - 000194560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll
2017-10-12 11:37 - 2017-09-29 10:19 - 002088448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2017-10-12 11:37 - 2017-09-29 10:19 - 000325120 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2017-10-12 11:37 - 2017-09-29 10:19 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2017-10-12 11:37 - 2017-09-29 10:19 - 000208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2017-10-12 11:37 - 2017-09-29 10:18 - 002438656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-10-12 11:37 - 2017-09-29 10:18 - 001527296 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-10-12 11:37 - 2017-09-29 10:18 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdechangepin.exe
2017-10-12 11:37 - 2017-09-29 10:18 - 000215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\manage-bde.exe
2017-10-12 11:37 - 2017-09-29 10:18 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2017-10-12 11:37 - 2017-09-29 10:18 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
2017-10-12 11:37 - 2017-09-29 08:40 - 000804312 _____ C:\WINDOWS\SysWOW64\locale.nls
2017-10-12 11:37 - 2017-09-29 08:40 - 000804312 _____ C:\WINDOWS\system32\locale.nls
2017-10-12 11:37 - 2017-09-20 18:08 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-10-12 11:37 - 2017-09-20 18:08 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-10-12 11:37 - 2017-09-20 18:08 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-10-12 11:37 - 2017-09-19 02:11 - 001018272 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2017-10-12 11:37 - 2017-09-19 01:20 - 000049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tetheringclient.dll
2017-10-12 11:37 - 2017-09-19 01:15 - 000648704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2017-10-12 11:36 - 2017-09-30 08:52 - 001595152 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-10-12 11:36 - 2017-09-30 08:51 - 001147288 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-10-12 11:36 - 2017-09-30 08:51 - 000661224 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-10-12 11:36 - 2017-09-30 08:50 - 001024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-10-12 11:36 - 2017-09-30 08:49 - 000777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-10-12 11:36 - 2017-09-30 08:49 - 000135576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-10-12 11:36 - 2017-09-30 08:48 - 008319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-10-12 11:36 - 2017-09-30 08:48 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-10-12 11:36 - 2017-09-30 08:48 - 002327448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-10-12 11:36 - 2017-09-30 08:48 - 000644696 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2017-10-12 11:36 - 2017-09-30 08:47 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-10-12 11:36 - 2017-09-30 08:45 - 000511896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2017-10-12 11:36 - 2017-09-30 08:44 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-10-12 11:36 - 2017-09-30 08:44 - 000181912 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2017-10-12 11:36 - 2017-09-30 08:43 - 007318888 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-10-12 11:36 - 2017-09-30 08:43 - 002442136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-10-12 11:36 - 2017-09-30 08:42 - 004848952 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-10-12 11:36 - 2017-09-30 08:41 - 005477600 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-10-12 11:36 - 2017-09-30 08:41 - 002086808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-10-12 11:36 - 2017-09-30 08:41 - 000961944 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-10-12 11:36 - 2017-09-30 08:41 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-10-12 11:36 - 2017-09-30 08:41 - 000257432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-10-12 11:36 - 2017-09-30 08:40 - 000849816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-10-12 11:36 - 2017-09-30 08:40 - 000724704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-10-12 11:36 - 2017-09-30 08:40 - 000701336 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-10-12 11:36 - 2017-09-30 08:40 - 000642680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-10-12 11:36 - 2017-09-30 08:40 - 000184728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2017-10-12 11:36 - 2017-09-30 08:40 - 000173976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2017-10-12 11:36 - 2017-09-30 08:39 - 001694104 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-10-12 11:36 - 2017-09-30 08:38 - 002239136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2017-10-12 11:36 - 2017-09-30 08:38 - 001854872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-10-12 11:36 - 2017-09-30 08:37 - 002377112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.AppAgent.dll
2017-10-12 11:36 - 2017-09-30 08:37 - 002229144 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-10-12 11:36 - 2017-09-30 08:37 - 001464728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-10-12 11:36 - 2017-09-30 08:36 - 000855960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-10-12 11:36 - 2017-09-30 08:36 - 000675224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-10-12 11:36 - 2017-09-30 08:36 - 000057976 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2017-10-12 11:36 - 2017-09-29 10:46 - 023678976 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-10-12 11:36 - 2017-09-29 10:34 - 017370624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-10-12 11:36 - 2017-09-29 10:33 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2017-10-12 11:36 - 2017-09-29 10:32 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-10-12 11:36 - 2017-09-29 10:32 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-10-12 11:36 - 2017-09-29 10:32 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2017-10-12 11:36 - 2017-09-29 10:31 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\efssvc.dll
2017-10-12 11:36 - 2017-09-29 10:30 - 023686144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-10-12 11:36 - 2017-09-29 10:30 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-10-12 11:36 - 2017-09-29 10:30 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerCsp.dll
2017-10-12 11:36 - 2017-09-29 10:29 - 008333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-10-12 11:36 - 2017-09-29 10:29 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2017-10-12 11:36 - 2017-09-29 10:29 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2017-10-12 11:36 - 2017-09-29 10:29 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-10-12 11:36 - 2017-09-29 10:29 - 000304640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2017-10-12 11:36 - 2017-09-29 10:29 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ServiceWorkerHost.exe
2017-10-12 11:36 - 2017-09-29 10:28 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-10-12 11:36 - 2017-09-29 10:28 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-10-12 11:36 - 2017-09-29 10:27 - 012803072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-10-12 11:36 - 2017-09-29 10:27 - 001321984 ____R (The ICU Project) C:\WINDOWS\system32\icuuc.dll
2017-10-12 11:36 - 2017-09-29 10:27 - 000616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowManagement.dll
2017-10-12 11:36 - 2017-09-29 10:27 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-10-12 11:36 - 2017-09-29 10:26 - 002809344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-10-12 11:36 - 2017-09-29 10:26 - 001468928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-10-12 11:36 - 2017-09-29 10:26 - 001269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-10-12 11:36 - 2017-09-29 10:26 - 001197568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.CommonBridge.dll
2017-10-12 11:36 - 2017-09-29 10:26 - 001141760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplySettingsTemplateCatalog.exe
2017-10-12 11:36 - 2017-09-29 10:26 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-10-12 11:36 - 2017-09-29 10:25 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-10-12 11:36 - 2017-09-29 10:24 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-10-12 11:36 - 2017-09-29 10:24 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-10-12 11:36 - 2017-09-29 10:24 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-10-12 11:36 - 2017-09-29 10:24 - 001201664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AgentService.exe
2017-10-12 11:36 - 2017-09-29 10:23 - 003140096 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-10-12 11:36 - 2017-09-29 10:23 - 002195968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.ModernAppAgent.dll
2017-10-12 11:36 - 2017-09-29 10:23 - 001887744 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-10-12 11:36 - 2017-09-29 10:23 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-10-12 11:36 - 2017-09-29 10:23 - 001460224 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-10-12 11:36 - 2017-09-29 10:22 - 002829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-10-12 11:36 - 2017-09-29 10:22 - 001802240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-10-12 11:36 - 2017-09-29 10:21 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2017-10-12 11:36 - 2017-09-29 10:21 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2017-10-12 11:36 - 2017-09-29 10:21 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2017-10-12 11:36 - 2017-09-29 10:20 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsiexe.dll
2017-10-12 11:36 - 2017-09-29 10:18 - 000893440 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2017-10-12 11:36 - 2017-09-29 10:18 - 000603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2017-10-12 11:36 - 2017-09-29 10:18 - 000347648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2017-10-12 11:36 - 2017-09-29 10:18 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\cipher.exe
2017-10-12 11:36 - 2017-09-19 02:20 - 001065104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-10-12 11:36 - 2017-09-19 02:20 - 000900376 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-10-12 11:36 - 2017-09-19 02:18 - 000965024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-10-12 11:36 - 2017-09-19 02:17 - 001395664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-10-12 11:36 - 2017-09-19 02:17 - 001186464 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-10-12 11:36 - 2017-09-19 02:17 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-10-12 11:36 - 2017-09-19 02:09 - 000554400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-10-12 11:36 - 2017-09-19 01:26 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2017-10-12 11:36 - 2017-09-19 01:25 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\eShims.dll
2017-10-12 11:36 - 2017-09-19 01:23 - 000210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2017-10-12 11:36 - 2017-09-19 01:20 - 000831488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2017-10-12 01:17 - 2017-10-12 01:18 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-10-04 23:08 - 2017-10-04 23:09 - 000000000 ____D C:\Users\strem\Desktop\tmp
2017-10-03 13:21 - 2017-10-03 13:21 - 000051016 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-10-03 13:21 - 2017-10-03 13:21 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-10-03 13:21 - 2017-10-03 13:21 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-10-03 13:21 - 2017-10-03 13:21 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-10-02 01:05 - 2017-10-02 01:05 - 000647436 _____ C:\WINDOWS\Minidump\100217-7468-01.dmp
2017-09-28 17:35 - 2017-09-28 17:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XAMPP
2017-09-28 17:33 - 2017-09-29 21:07 - 000000000 ____D C:\xampp
2017-09-28 17:15 - 2017-09-28 17:15 - 000000000 ____D C:\Users\strem\AppData\Local\Tempzxpsign5e454af76b203259
2017-09-28 17:14 - 2017-09-28 17:14 - 000000000 ____D C:\Users\strem\AppData\Local\Tempzxpsignf78ebbc746f5ee57
2017-09-28 17:11 - 2017-09-28 17:11 - 000000000 ____D C:\Users\strem\AppData\Local\Tempzxpsignf92c839a4946bb9a
2017-09-28 17:11 - 2017-09-28 17:11 - 000000000 ____D C:\Users\strem\AppData\Local\Tempzxpsignaa67c873bdf965f2
2017-09-28 17:11 - 2017-09-28 17:11 - 000000000 ____D C:\Users\strem\AppData\Local\Tempzxpsign068de34ab21b4fb9
2017-09-28 17:10 - 2017-09-28 17:13 - 128392376 _____ (Bitnami) C:\Users\strem\Downloads\xampp-win32-7.0.23-0-VC14-installer.exe
2017-09-27 19:34 - 2017-09-27 19:34 - 000000000 ____D C:\Users\strem\AppData\Local\Tempzxpsign2e18c158959dfd82
2017-09-27 19:33 - 2017-09-27 19:33 - 000000000 ____D C:\Users\strem\AppData\Local\Tempzxpsignc237f69fcff05081
2017-09-27 19:31 - 2017-09-27 19:31 - 000000000 ____D C:\Users\strem\AppData\Local\Tempzxpsign4bfb2dd185364983
2017-09-27 19:30 - 2017-09-27 19:30 - 000000000 ____D C:\Users\strem\AppData\Local\Tempzxpsignb1eec84af7048616
2017-09-27 19:29 - 2017-09-27 19:29 - 000000000 ____D C:\Users\strem\AppData\Local\Tempzxpsign4afc1dec62dc61c7
2017-09-27 19:28 - 2017-09-27 19:28 - 000000000 ____D C:\Users\strem\AppData\Local\Tempzxpsigne7d30985fc5b26dd
2017-09-27 19:28 - 2017-09-27 19:28 - 000000000 ____D C:\Users\strem\AppData\Local\Tempzxpsignac2a603e8f660f1e
2017-09-27 17:37 - 2017-09-27 17:37 - 000558364 _____ C:\WINDOWS\Minidump\092717-8234-01.dmp
2017-09-26 19:18 - 2017-09-26 19:18 - 044051768 _____ (Bitnami) C:\Users\strem\Downloads\bitnami-magento-2.1.9-0-module-windows-installer.exe
2017-09-26 19:13 - 2017-09-26 19:15 - 128537072 _____ (Bitnami) C:\Users\strem\Downloads\xampp-win32-7.1.9-0-VC14-installer.exe
2017-09-26 18:15 - 2017-09-26 18:15 - 000001298 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2017-09-26 18:15 - 2017-09-26 18:15 - 000001286 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2017-09-22 13:03 - 2017-09-22 13:03 - 000395978 _____ C:\Users\strem\Desktop\brochurePdf_159 8.pdf
2017-09-19 01:17 - 2017-09-19 01:19 - 000010616 _____ C:\Users\strem\Desktop\car.xlsx

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-10-19 16:20 - 2017-03-19 00:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-10-19 16:20 - 2017-03-19 00:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-10-19 16:19 - 2017-04-02 22:51 - 000000000 ____D C:\Users\strem\AppData\Local\Adobe
2017-10-19 16:17 - 2017-03-24 19:16 - 000000000 ____D C:\Users\strem\AppData\LocalLow\Mozilla
2017-10-19 00:26 - 2017-04-11 03:10 - 000000000 ____D C:\ProgramData\NVIDIA
2017-10-19 00:26 - 2017-04-11 03:09 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-10-18 18:01 - 2017-03-18 23:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-10-18 17:58 - 2017-06-21 01:24 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-10-18 17:58 - 2017-03-24 19:15 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-10-18 17:58 - 2017-03-24 19:15 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-10-17 02:26 - 2017-04-11 03:10 - 000000000 ____D C:\Users\strem
2017-10-17 02:09 - 2017-04-11 03:21 - 001569910 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-10-17 02:02 - 2017-04-11 20:48 - 000000000 ____D C:\WINDOWS\Minidump
2017-10-17 02:02 - 2017-04-11 03:15 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-10-17 02:02 - 2017-03-27 22:56 - 845264922 _____ C:\WINDOWS\MEMORY.DMP
2017-10-15 22:22 - 2017-05-16 23:36 - 000000000 ___RD C:\Users\valia\OneDrive
2017-10-15 22:22 - 2017-05-16 23:35 - 000000000 ____D C:\Users\valia
2017-10-15 22:14 - 2017-05-16 23:35 - 000000000 ____D C:\Users\valia\AppData\LocalLow\Mozilla
2017-10-15 21:51 - 2017-05-16 23:35 - 000000000 ____D C:\Users\valia\AppData\Local\Packages
2017-10-15 18:20 - 2017-05-16 23:35 - 000000000 ____D C:\Users\valia\AppData\Roaming\Mozilla
2017-10-15 18:10 - 2017-05-16 23:37 - 000000000 ____D C:\Users\valia\AppData\Local\Comms
2017-10-15 18:09 - 2016-11-20 21:54 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-10-15 18:02 - 2017-04-26 02:22 - 000000000 ____D C:\Users\postgres
2017-10-14 17:44 - 2017-03-24 20:10 - 000000000 ____D C:\Program Files\Microsoft Office
2017-10-14 17:43 - 2017-03-24 19:16 - 000000000 ____D C:\Users\strem\AppData\Roaming\Mozilla
2017-10-14 17:40 - 2017-03-18 14:40 - 001572864 _____ C:\WINDOWS\system32\config\BBI
2017-10-13 22:20 - 2017-04-21 00:48 - 000000000 ____D C:\Program Files\Opera beta
2017-10-13 22:07 - 2017-04-21 00:48 - 000003952 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1492724880
2017-10-13 22:07 - 2017-04-21 00:48 - 000001117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera beta.lnk
2017-10-13 11:21 - 2017-03-19 00:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-10-13 11:21 - 2017-03-19 00:03 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-10-13 11:16 - 2017-03-24 18:56 - 000000000 ____D C:\Users\strem\AppData\Local\Packages
2017-10-13 11:16 - 2017-03-19 00:01 - 000000000 ____D C:\WINDOWS\INF
2017-10-13 11:15 - 2017-03-24 18:56 - 000000000 ____D C:\Users\strem\AppData\Local\PackageStaging
2017-10-13 03:21 - 2017-03-19 00:06 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-10-13 03:21 - 2017-03-19 00:06 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-10-12 12:04 - 2017-03-19 00:03 - 000000000 ____D C:\WINDOWS\rescache
2017-10-12 11:52 - 2017-04-11 03:09 - 004958104 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-10-12 11:52 - 2017-03-28 18:50 - 000000000 ____D C:\Program Files\Firefox Developer Edition
2017-10-12 11:52 - 2017-03-19 00:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-10-12 11:52 - 2017-03-19 00:03 - 000000000 ____D C:\WINDOWS\Provisioning
2017-10-12 11:52 - 2017-03-19 00:03 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2017-10-12 11:51 - 2017-03-19 00:03 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2017-10-12 11:51 - 2017-03-19 00:03 - 000207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2017-10-12 01:20 - 2017-03-24 19:23 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-10-12 01:17 - 2017-03-24 19:23 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-10-12 00:33 - 2017-03-28 18:50 - 000001075 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Developer Edition.lnk
2017-10-06 13:39 - 2017-05-16 23:35 - 000000000 ____D C:\Users\valia\AppData\Roaming\Adobe
2017-09-29 20:26 - 2017-04-03 00:18 - 000000000 ___RD C:\Users\strem\Creative Cloud Files
2017-09-27 00:50 - 2017-05-04 00:33 - 000000000 ____D C:\Users\strem\AppData\Local\CrashDumps
2017-09-26 18:15 - 2017-04-02 22:48 - 000000000 ____D C:\Program Files (x86)\Adobe
2017-09-23 01:04 - 2017-03-27 20:29 - 000000000 ____D C:\Users\strem\AppData\Roaming\vlc

Some files in TEMP:
====================
2017-03-24 19:07 - 2017-03-17 01:56 - 000867968 _____ (NVIDIA Corporation) C:\Users\strem\AppData\Local\Temp\nvSCPAPI64.dll
2017-04-11 21:39 - 2017-03-17 01:56 - 000352704 _____ (NVIDIA Corporation) C:\Users\strem\AppData\Local\Temp\nvStInst.exe
2017-04-11 21:01 - 2017-05-29 23:03 - 058128344 _____ (Skype Technologies S.A.) C:\Users\strem\AppData\Local\Temp\SkypeSetup.exe
2017-05-24 19:09 - 2017-05-24 19:09 - 030950664 _____ () C:\Users\strem\AppData\Local\Temp\vlc-2.2.6-win32.exe
2017-08-22 15:37 - 2017-08-22 15:37 - 000177664 _____ (Microsoft Corporation) C:\Users\strem\AppData\Local\Temp\wevtutil.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-10-17 17:08

==================== End of FRST.txt ============================
 
Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-10-2017 01
Ran by strem (19-10-2017 16:21:49)
Running from C:\Users\strem\Downloads
Windows 10 Pro Version 1703 15063.674 (X64) (2017-04-11 00:21:24)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1219069295-641389954-239467378-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1219069295-641389954-239467378-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-1219069295-641389954-239467378-1000 - Limited - Disabled) => C:\Users\defaultuser0
efist (S-1-5-21-1219069295-641389954-239467378-1003 - Limited - Disabled)
Guest (S-1-5-21-1219069295-641389954-239467378-501 - Limited - Disabled)
postgres (S-1-5-21-1219069295-641389954-239467378-1002 - Limited - Enabled) => C:\Users\postgres
strem (S-1-5-21-1219069295-641389954-239467378-1001 - Administrator - Enabled) => C:\Users\strem
valia (S-1-5-21-1219069295-641389954-239467378-1004 - Limited - Enabled) => C:\Users\valia

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Smart Security (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Smart Security (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.3.0.256 - Adobe Systems Incorporated)
Adobe Dreamweaver CC 2017 (HKLM-x32\...\DRWV_17_0_0) (Version: 17.0.0 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2017 (HKLM-x32\...\AME_11_0_2) (Version: 11.0.2 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_0) (Version: 18.0.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2017 (HKLM-x32\...\PPRO_11_0_2) (Version: 11.0.2 - Adobe Systems Incorporated)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 382.05 - NVIDIA Corporation) Hidden
ANT Drivers Installer x64 (HKLM\...\{7664AF65-7B0D-4171-9F0F-50455278B428}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Bitnami Joomla! Module (HKLM-x32\...\Bitnami Joomla! Module 3.6.5-1) (Version: 3.6.5-1 - Bitnami)
Bitnami Magento Module (HKLM-x32\...\Bitnami Magento Module 2.1.9-0) (Version: 2.1.9-0 - Bitnami)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 36.4.22 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.65.1 - Dropbox, Inc.) Hidden
Elevated Installer (HKLM-x32\...\{1052502B-4C91-43F9-B160-AE39ED57C9F0}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
EPSON BX305 Plus Series Printer Uninstall (HKLM\...\EPSON BX305 Plus Series) (Version: - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
ESET Smart Security (HKLM\...\{A8DEFAC8-2DD9-4BD8-902B-F026199F9916}) (Version: 10.1.210.0 - ESET, spol. s r.o.)
Firefox Developer Edition 57.0 (x64 en-US) (HKLM\...\Firefox Developer Edition 57.0 (x64 en-US)) (Version: 57.0 - Mozilla)
Garmin Express (HKLM-x32\...\{BCC7CA85-E57F-452D-BB44-15A1CE018BD0}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{bd8bd200-9a60-4969-b267-6b565f36e3da}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express Tray (HKLM-x32\...\{DA9C865D-6762-4931-8588-0B13B7A0796B}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Google Earth Pro (HKLM-x32\...\{DE706580-82C7-4B1A-ABA4-EA48AC15B045}) (Version: 7.1.8.3036 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
GoPro Studio (HKLM-x32\...\{BE06FF1A-83A0-42F2-913E-6E405393145C}) (Version: 5.12.5383 - GoPro, Inc.) Hidden
iTunes (HKLM\...\{02F95875-9527-49CC-B32F-970ADAEBD1EF}) (Version: 12.6.2.20 - Apple Inc.)
Microsoft Office 365 - el-gr (HKLM\...\O365HomePremRetail - el-gr) (Version: 16.0.8431.2107 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.8431.2107 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1219069295-641389954-239467378-1001\...\OneDriveSetup.exe) (Version: 17.3.6998.0830 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 57.0 (x64 en-US) (HKLM\...\Mozilla Firefox 57.0 (x64 en-US)) (Version: 57.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0 - Mozilla)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 382.05 - NVIDIA Corporation)
NVIDIA Graphics Driver 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.05 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.26 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.8431.2107 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.8431.2107 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0408-1000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Opera beta 49.0.2725.18 (HKLM-x32\...\Opera 49.0.2725.18) (Version: 49.0.2725.18 - Opera Software)
Paragon HFS+ for Windows (HKLM-x32\...\{429D6E81-8E1E-42E6-8AB9-025DD9157F9B}) (Version: 11.3.138 - Paragon Software GmbH)
PostgreSQL 9.5 (HKLM\...\PostgreSQL 9.5) (Version: 9.5 - PostgreSQL Global Development Group)
Quik (HKLM\...\{DF7EE9CB-0369-44F3-9B91-BF05A2D4891D}) (Version: 0.1.5383 - GoPro, Inc.) Hidden
Quik (HKLM-x32\...\{b15a4fb5-7637-45ca-b230-33d94af786a7}) (Version: 2.3.0.5383 - GoPro, Inc.)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 5.0.0.790 - Samsung Electronics)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.83369 - TeamViewer)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.0a - Ghisler Software GmbH)
VFW_Codec32 (HKLM-x32\...\{ECDB3455-70F4-4EE6-B89E-3B4C5E9FF592}) (Version: 0.1.160.0 - GoPro, Inc.) Hidden
VFW_Codec64 (HKLM\...\{AE4073DE-7596-4E3B-9DE3-18BE2C3EFAA6}) (Version: 0.1.160.0 - GoPro, Inc.) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
XAMPP (HKLM-x32\...\xampp) (Version: 7.0.23-0 - Bitnami)
Υποστήριξη εφαρμογών Apple (32 bit) (HKLM-x32\...\{D2FE6376-E549-4F63-A2C5-CA24DA035DE4}) (Version: 5.6 - Apple Inc.)
Υποστήριξη εφαρμογών Apple (64 bit) (HKLM\...\{BB109E24-EE90-485B-A28B-ADDEFB40540B}) (Version: 5.6 - Apple Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1219069295-641389954-239467378-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-9A28A9F05D82}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-1219069295-641389954-239467378-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-08-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-08-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-08-14] ()
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-08-14] ()
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ContextMenuHandlers1: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Smart Security\shellExt.dll [2017-08-06] (ESET)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers2: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Smart Security\shellExt.dll [2017-08-06] (ESET)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-10-03] (Dropbox, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-05-01] (NVIDIA Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-08-14] ()
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
ContextMenuHandlers6: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Smart Security\shellExt.dll [2017-08-06] (ESET)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {003CF0C4-A7B3-4BA7-AAE2-0FB6DCB724E7} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-10-15] (Dropbox, Inc.)
Task: {0422D6D3-820A-429A-8F48-5724531B7D89} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-10-04] (Microsoft Corporation)
Task: {100F7567-417F-42D7-BB11-04714004694C} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-10-15] (Dropbox, Inc.)
Task: {180725F1-7DDC-43A9-BCA1-10CE0E57893B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {25F8615D-FEFD-4C65-A5B8-DD6EC136E54D} - System32\Tasks\HFS+ Updater => C:\Program Files (x86)\Paragon Software\HFS+ for Windows\Updater.exe [2017-08-22] (Paragon Software Group)
Task: {2D91DC08-DB18-44E6-B515-B3587A025EA1} - System32\Tasks\{0FE11335-D6EC-4ED5-81E3-51958FF01D8F} => "c:\program files\mozilla firefox\firefox.exe" hxxps://ui.skype.com/ui/0/7.35.0.101/en/go/help.faq.installer?LastError=1603
Task: {3C903E2A-246A-451A-A90B-640A2D1002A8} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-28] ()
Task: {486957B3-E546-4E49-8DC2-50AD7DF9B445} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [2016-11-24] (Samsung Electronics Co. Ltd.)
Task: {4EE3C691-6EF3-4026-A303-5475701DE229} - System32\Tasks\HFS+ Activator => C:\Program Files (x86)\Paragon Software\HFS+ for Windows\Paragon HFS for Windows.exe [2017-08-22] (Paragon Software)
Task: {7AC364A2-D563-41B6-86B8-4D0D17C8318D} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-03-28] ()
Task: {7BD01EB8-1406-4506-B456-5746E9D4335F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {B22AB53C-C87F-43BA-8C2F-1D2D81CFFBAA} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-09-28] ()
Task: {B86BEF7E-BED0-4658-88CA-CCCE00546EAC} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-10-13] (Microsoft Corporation)
Task: {C5FBC3A9-F71C-4DD0-9B5D-A927296254DE} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-10-04] (Microsoft Corporation)
Task: {DDC58E9F-D263-4D18-BC6A-622B2DD4FDA9} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-stremmenos@gmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {EE19C897-EFAA-43F5-B828-BC9F49C338C5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-29] (Google Inc.)
Task: {EF220E9D-8636-4031-A8D2-4F93D724C2F1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-29] (Google Inc.)
Task: {FD332848-598D-4135-B8FA-E089F4E1973F} - System32\Tasks\Opera scheduled Autoupdate 1492724880 => C:\Program Files\Opera beta\launcher.exe [2017-10-12] (Opera Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
 
Continued:

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Developer Edition.lnk -> C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Public\Desktop\Firefox Developer Edition.lnk -> C:\Program Files\Firefox Developer Edition\firefox.exe (Mozilla Corporation)

==================== Loaded Modules (Whitelisted) ==============

2017-08-21 22:19 - 2017-08-29 08:30 - 000020208 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\TeamViewer_PrintProcessor.dll
2017-08-22 16:18 - 2017-08-22 16:18 - 001879696 _____ () C:\Program Files (x86)\Paragon Software\HFS+ for Windows\apmwinsrv.exe
2017-03-16 16:08 - 2017-03-16 16:08 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-07-13 20:50 - 2017-07-13 20:50 - 001354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-04-26 02:21 - 2016-08-09 08:13 - 000183296 _____ () C:\Program Files\PostgreSQL\9.5\bin\LIBPQ.dll
2017-04-26 02:21 - 2016-07-27 11:08 - 002264576 _____ () C:\Program Files\PostgreSQL\9.5\bin\libxml2.dll
2017-03-16 17:15 - 2017-03-16 17:15 - 000037808 _____ () C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe
2017-03-18 23:58 - 2017-03-18 23:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 23:59 - 2017-03-19 05:30 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-10-13 11:15 - 2017-10-13 11:15 - 000037888 _____ () C:\Program Files\WindowsApps\2414FC7A.Viber_6.6.21745.0_x86__p61zvh252yqyr\Native.Host.exe
2017-03-16 17:15 - 2017-03-16 17:15 - 000866224 _____ () C:\Program Files\GoPro\GoPro Desktop App\GoProDesktopSystemTray.exe
2017-07-14 10:27 - 2017-07-14 10:27 - 000092472 _____ () C:\Program Files\iTunes\zlib1.dll
2017-07-14 10:26 - 2017-07-14 10:26 - 001354040 _____ () C:\Program Files\iTunes\libxml2.dll
2017-08-14 03:48 - 2017-08-14 03:48 - 000491600 _____ () C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll
2017-08-14 03:48 - 2017-08-14 03:48 - 034865232 _____ () C:\Program Files (x86)\Adobe\Adobe Sync\Coresync\Coresync.exe
2017-10-13 11:15 - 2017-10-13 11:15 - 046234112 _____ () C:\Program Files\WindowsApps\2414FC7A.Viber_6.6.21745.0_x86__p61zvh252yqyr\Viber.Universal.dll
2017-10-13 11:15 - 2017-10-13 11:15 - 006893056 _____ () C:\Program Files\WindowsApps\2414FC7A.Viber_6.6.21745.0_x86__p61zvh252yqyr\PhoneControllerRT.dll
2017-10-13 11:15 - 2017-10-13 11:15 - 000074752 _____ () C:\Program Files\WindowsApps\2414FC7A.Viber_6.6.21745.0_x86__p61zvh252yqyr\Native.Utils.dll
2017-10-13 11:15 - 2017-10-13 11:15 - 000732160 _____ () C:\Program Files\WindowsApps\2414FC7A.Viber_6.6.21745.0_x86__p61zvh252yqyr\Native.SQLite.dll
2017-02-27 09:55 - 2017-02-27 09:55 - 040524400 _____ () C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\libcef.dll
2017-09-20 02:42 - 2017-09-20 02:42 - 067115616 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2017-10-15 18:25 - 2017-10-03 13:21 - 000771904 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-10-15 18:25 - 2017-10-03 13:21 - 001804608 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2017-10-15 18:25 - 2017-10-03 13:21 - 000100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-10-15 18:25 - 2017-10-03 13:21 - 000018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-10-15 18:25 - 2017-10-03 13:22 - 000020800 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-10-15 18:25 - 2017-10-03 13:21 - 000035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-10-15 18:25 - 2017-10-03 13:21 - 000694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-10-15 18:25 - 2017-10-03 13:22 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-10-15 18:25 - 2017-10-03 13:21 - 000130512 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-10-15 18:25 - 2017-10-03 13:22 - 001856848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-10-15 18:25 - 2017-10-03 13:22 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-10-15 18:25 - 2017-10-03 13:21 - 000145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-10-15 18:25 - 2017-10-03 13:21 - 000116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-10-15 18:25 - 2017-10-03 13:21 - 000105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-10-15 18:25 - 2017-10-03 13:22 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-10-15 18:25 - 2017-10-03 13:22 - 000062784 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-10-15 18:25 - 2017-10-03 13:21 - 000024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-10-15 18:25 - 2017-10-03 13:22 - 000040248 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-10-15 18:25 - 2017-10-03 13:21 - 000020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-10-15 18:25 - 2017-10-03 13:21 - 000124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-10-15 18:25 - 2017-10-03 13:21 - 000116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-10-15 18:25 - 2017-10-03 13:21 - 000392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-10-15 18:25 - 2017-10-03 13:22 - 000392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-10-15 18:25 - 2017-10-03 13:22 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-10-15 18:25 - 2017-10-03 13:21 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-10-15 18:25 - 2017-10-03 13:21 - 000175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-10-15 18:25 - 2017-10-03 13:21 - 000030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-10-15 18:25 - 2017-10-03 13:21 - 000043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-10-15 18:25 - 2017-10-03 13:21 - 000026056 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.pyd
2017-10-15 18:25 - 2017-10-03 13:21 - 000048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-10-15 18:25 - 2017-10-03 13:21 - 000057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-10-15 18:25 - 2017-10-03 13:22 - 000021824 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-10-15 18:25 - 2017-10-03 13:22 - 000023368 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.pyd
2017-10-15 18:25 - 2017-10-03 13:22 - 000022856 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.pyd
2017-10-15 18:25 - 2017-10-03 13:22 - 000066392 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2017-10-15 18:25 - 2017-10-03 13:22 - 001796920 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-10-15 18:25 - 2017-10-03 13:21 - 000084424 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-10-15 18:25 - 2017-10-03 13:22 - 001956152 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-10-15 18:25 - 2017-10-03 13:22 - 003859264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-10-15 18:25 - 2017-10-03 13:22 - 000154440 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-10-15 18:25 - 2017-10-03 13:22 - 000521024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-10-15 18:25 - 2017-10-03 13:22 - 000045888 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.pyd
2017-10-15 18:25 - 2017-10-03 13:22 - 000042304 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-10-15 18:25 - 2017-10-03 13:22 - 000131384 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-10-15 18:25 - 2017-10-03 13:22 - 000218944 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-10-15 18:25 - 2017-10-03 13:22 - 000204096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-10-15 18:25 - 2017-10-03 13:22 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-10-15 18:25 - 2017-10-03 13:21 - 000060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-10-15 18:25 - 2017-10-03 13:22 - 000054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-10-15 18:25 - 2017-10-03 13:21 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-10-15 18:25 - 2017-10-03 13:22 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-10-15 18:25 - 2017-10-03 13:22 - 000069968 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2017-10-15 18:25 - 2017-10-03 13:21 - 000028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-10-15 18:25 - 2017-10-03 13:22 - 000022360 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-10-15 18:25 - 2017-10-03 13:22 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-10-15 18:25 - 2017-10-03 13:22 - 000022360 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-10-15 18:25 - 2017-10-03 13:22 - 000027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-10-15 18:25 - 2017-10-03 13:21 - 000349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-10-15 18:25 - 2017-10-03 13:22 - 000101184 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2017-10-15 18:25 - 2017-10-03 13:22 - 000023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-10-15 18:25 - 2017-10-03 13:22 - 000025424 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-10-15 18:25 - 2017-10-03 13:21 - 000036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-10-15 18:25 - 2017-10-03 13:22 - 000032600 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2017-10-15 18:25 - 2017-10-03 13:21 - 000293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2017-10-15 18:25 - 2017-10-03 13:22 - 000181056 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-10-15 18:25 - 2017-10-03 13:22 - 000030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-10-15 18:25 - 2017-10-03 13:22 - 000024368 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
2017-10-15 18:25 - 2017-10-03 13:22 - 001638200 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-10-15 18:25 - 2017-10-03 13:22 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-09-06 18:11 - 2017-09-06 18:11 - 000118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2017-09-06 18:11 - 2017-09-06 18:11 - 000214528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2017-09-06 18:11 - 2017-09-06 18:11 - 000117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2017-09-06 18:11 - 2017-09-06 18:11 - 000125952 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2017-09-20 03:04 - 2017-09-20 03:04 - 000099424 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2017-09-06 18:11 - 2017-09-06 18:11 - 000086528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 14:47 - 2016-07-16 14:45 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1219069295-641389954-239467378-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\strem\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img13.jpg
HKU\S-1-5-21-1219069295-641389954-239467378-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{2BAB4F21-4987-4927-BAA8-D8506DB639A7}] => (Allow) C:\Program Files\Firefox Developer Edition\firefox.exe
FirewallRules: [{D20FE2F0-18A3-4F93-9FE9-73F378D085CF}] => (Allow) C:\Program Files\Firefox Developer Edition\firefox.exe
FirewallRules: [{B8DFBD17-3F2A-4FBF-AD1C-E93167BDA966}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{C207A8AD-56ED-4492-A1B1-E8E0F596D561}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{776C5400-FCDA-413D-97FB-6A728FCCDB48}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe
FirewallRules: [{726EEDED-DAF6-46F4-B325-C465C799092D}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\bmdpaneld.exe
FirewallRules: [{9ECA9647-4264-4E3B-A35E-7A7D28EA2798}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\JLCooperPanelDaemon.exe
FirewallRules: [{154DCB54-6902-435D-ADEF-E0E440EB1D14}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\EuphonixPanelDaemon.exe
FirewallRules: [{A8CA0A33-4AE0-475C-B1ED-6A0EDF3E3D73}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\TangentPanelDaemon.exe
FirewallRules: [{D5B1D494-8B34-4A93-8894-7DC6783A3DA5}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe
FirewallRules: [{5BE06BB2-61E7-47FD-9AE8-D8673B0DA41F}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DPDecoder.exe
FirewallRules: [{B05F032A-A284-4675-AE8B-87E0EC0FD16D}] => (Allow) C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\QtDecoder\QTDecoder.exe
FirewallRules: [{5D56FC6E-AAD5-4AAB-A193-657259740FE7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{83DE4E16-F92D-40D4-879D-329B5398D28A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0943690E-D8F3-4545-9F8A-BD61B4B687EC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D1A889AA-E800-49DC-86D6-E41AB6FECD96}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [VIRT-MIGL-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe
FirewallRules: [VIRT-REMOTEDESKTOP-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe
FirewallRules: [{A02F40D6-D391-43DC-AF23-14BA92C77D91}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoPro Quik.exe
FirewallRules: [{2B9841D2-3B2B-48AA-A30F-3421C816430B}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProMsgBus.exe
FirewallRules: [{C5463DE5-0A88-4A79-91AA-C6F906228396}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProIDService.exe
FirewallRules: [{4C6498B3-184F-452B-A9CA-B2AEEAA15D07}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProLauncher.exe
FirewallRules: [{549F7B57-BCE8-4433-8372-29D29CA2DAF1}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{E5448E06-CF51-4A9D-97B6-20105FA098F7}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{F955FCF4-0FAB-42E9-9C56-E73E4EEE03F2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{31C3E833-67C0-431E-9ABD-7E4AACA784A4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{8E0301E1-69D0-4EFF-9D1D-B3A2F91D4B24}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{ADEC8F0F-02A4-4DD4-9FBD-A27C1031808C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{76F44DFE-2539-45E6-BC26-7E961160A89D}] => (Allow) C:\Program Files\Opera beta\49.0.2725.12\opera.exe
FirewallRules: [{6179C104-E5AA-4F7D-9891-AB7A1F3FB0BD}] => (Allow) C:\Program Files\Opera beta\49.0.2725.18\opera.exe
FirewallRules: [{95173183-2EDE-4FF3-82FD-BEFFF48AA713}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Restore Points =========================

04-10-2017 20:30:39 Scheduled Checkpoint
12-10-2017 01:17:35 Windows Update
18-10-2017 18:01:34 Windows Update

==================== Faulty Device Manager Devices =============

Name: Realtek RTL8188EU Wireless LAN 802.11n USB 2.0 Network Adapter
Description: Realtek RTL8188EU Wireless LAN 802.11n USB 2.0 Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek Semiconductor Corp.
Service: RtlWlanu
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/19/2017 04:19:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: esu.exe, version: 1.0.0.0, time stamp: 0x58dac8d5
Faulting module name: KERNELBASE.dll, version: 10.0.15063.674, time stamp: 0x6d16dd24
Exception code: 0xe0434352
Fault offset: 0x000eb872
Faulting process id: 0x3774
Faulting application start time: 0x01d348dce6864218
Faulting application path: C:\Program Files (x86)\Garmin\Express SelfUpdater\esu.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: ba71b8ed-ed92-4625-9f7f-f59633f3afd9
Faulting package full name:
Faulting package-relative application ID:

Error: (10/19/2017 04:19:33 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: esu.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
at Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61.MoveNext()
at System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[[Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61, ExpressSelfUpdater, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]](<UpdateDatacenterOverridesAsync>d__61 ByRef)
at Garmin.Omt.Service.Shared.Overrides.UpdateDatacenterOverridesAsync(Boolean)
at Garmin.Omt.Service.Shared.Overrides..cctor()

Exception Info: System.TypeInitializationException
at Garmin.Omt.Service.Shared.Overrides.get_OmtBaseUrl()
at Garmin.Omt.Express.SelfUpdater.Program.RealMain()
at Garmin.Omt.Express.SelfUpdater.Program.Main(System.String[])

Error: (10/19/2017 04:16:58 PM) (Source: ESENT) (EventID: 104) (User: )
Description: qmgr.dll (9484) QmgrDatabaseInstance: The database engine stopped the instance (0) with error (-1090).



Internal Timing Sequence:
[1] 0.000005 +J(0)
[2] 0.000020 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)
[3] 0.000786 +J(CM:0, PgRf:4, Rd:0/0, Dy:0/0, Lg:0/0) +M(C:0K, Fs:5, WS:20K # 0K, PF:0K # 0K, P:0K)
[4] 0.000005 +J(0)
[5] 0.0 +J(0)
[6] 0.000108 +J(0) +M(C:0K, Fs:2, WS:-96K # 0K, PF:-104K # 0K, P:-104K)
[7] -
[8] 0.000010 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)
[9] 0.002636 +J(0) +M(C:0K, Fs:3, WS:-32K # 0K, PF:-36K # 0K, P:-36K)
[10] -
[11] 0.000008 +J(0) +M(C:0K, Fs:1, WS:4K # 0K, PF:0K # 0K, P:0K)
[12] -
[13] 0.000037 +J(0) +M(C:0K, Fs:0, WS:-4K # 0K, PF:-4K # 0K, P:-4K)
[14] 0.000705 +J(0)
[15] 0.000017 +J(0) +M(C:0K, Fs:0, WS:-12K # 0K, PF:-32K # 0K, P:-32K)
[16] 0.000002 +J(0).

Error: (10/19/2017 04:16:58 PM) (Source: ESENT) (EventID: 471) (User: )
Description: qmgr.dll (9484) QmgrDatabaseInstance: Unable to rollback operation #-65 on database C:\ProgramData\Microsoft\Network\Downloader\qmgr.db. Error: -510. All future database updates will be rejected.

Error: (10/19/2017 04:16:58 PM) (Source: ESENT) (EventID: 492) (User: )
Description: qmgr.dll (9484) QmgrDatabaseInstance: The logfile sequence in "C:\ProgramData\Microsoft\Network\Downloader\" has been halted due to a fatal error. No further updates are possible for the databases that use this logfile sequence. Please correct the problem and restart or restore from backup.

Error: (10/19/2017 04:16:58 PM) (Source: ESENT) (EventID: 413) (User: )
Description: qmgr.dll (9484) QmgrDatabaseInstance: Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

Error: (10/19/2017 04:16:58 PM) (Source: ESENT) (EventID: 488) (User: )
Description: qmgr.dll (9484) QmgrDatabaseInstance: An attempt to create the file "C:\ProgramData\Microsoft\Network\Downloader\edbtmp.log" failed with system error 80 (0x00000050): "The file exists. ". The create file operation will fail with error -1814 (0xfffff8ea).

Error: (10/18/2017 06:00:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: esu.exe, version: 1.0.0.0, time stamp: 0x58dac8d5
Faulting module name: KERNELBASE.dll, version: 10.0.15063.674, time stamp: 0x6d16dd24
Exception code: 0xe0434352
Fault offset: 0x000eb872
Faulting process id: 0x27cc
Faulting application start time: 0x01d34821dc48676d
Faulting application path: C:\Program Files (x86)\Garmin\Express SelfUpdater\esu.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 8cc57a98-0138-46f9-af80-e3a39778f507
Faulting package full name:
Faulting package-relative application ID:

Error: (10/18/2017 06:00:40 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: esu.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
at Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61.MoveNext()
at System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[[Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61, ExpressSelfUpdater, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]](<UpdateDatacenterOverridesAsync>d__61 ByRef)
at Garmin.Omt.Service.Shared.Overrides.UpdateDatacenterOverridesAsync(Boolean)
at Garmin.Omt.Service.Shared.Overrides..cctor()

Exception Info: System.TypeInitializationException
at Garmin.Omt.Service.Shared.Overrides.get_OmtBaseUrl()
at Garmin.Omt.Express.SelfUpdater.Program.RealMain()
at Garmin.Omt.Express.SelfUpdater.Program.Main(System.String[])

Error: (10/17/2017 02:11:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: esu.exe, version: 1.0.0.0, time stamp: 0x58dac8d5
Faulting module name: KERNELBASE.dll, version: 10.0.15063.674, time stamp: 0x6d16dd24
Exception code: 0xe0434352
Fault offset: 0x000eb872
Faulting process id: 0x25c4
Faulting application start time: 0x01d346d4203a7540
Faulting application path: C:\Program Files (x86)\Garmin\Express SelfUpdater\esu.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 0002cff4-16b2-4a3b-bcd3-d82885394eeb
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (10/19/2017 04:16:41 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/19/2017 04:16:41 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/19/2017 04:16:41 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/19/2017 04:16:41 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/18/2017 05:57:47 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/18/2017 05:57:47 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/18/2017 05:57:47 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/18/2017 05:57:47 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/17/2017 08:07:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/17/2017 08:07:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================
Date: 2017-10-19 16:21:48.445
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-10-19 16:21:48.444
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-10-19 16:21:43.719
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-10-19 16:21:43.718
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-10-19 16:21:43.595
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-10-19 16:21:43.594
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-10-19 16:21:43.491
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-10-19 16:21:43.489
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-10-19 16:20:14.414
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-10-19 16:20:14.413
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5 CPU 760 @ 2.80GHz
Percentage of memory in use: 48%
Total physical RAM: 8183.48 MB
Available physical RAM: 4220.83 MB
Total Virtual: 9463.48 MB
Available Virtual: 4775.43 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:209.11 GB) (Free:136.5 GB) NTFS
Drive d: (Behemoth) (Fixed) (Total:200 GB) (Free:37.78 GB) NTFS
Drive e: (Backup) (Fixed) (Total:731.51 GB) (Free:141.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 07D005F4)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=209.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=23.3 GB) - (Type=05)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: DF551353)
Partition 1: (Not Active) - (Size=200 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=731.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 
The message with the second part of the FRST.txt needs approval from the moderation.
Should I resend it?
 
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===============================

I got both logs.
You're not saying what the issues are.
 
Apologies...

Extremely frequent BSOD's with different codes, very slow network/internet connection (although all the other devices on local network work properly and connection stats seem normal), occasional slowdowns.
 
redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
redtarget.gif
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
redtarget.gif
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.


redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
RogueKiller report:

RogueKiller V12.11.20.0 (x64) [Oct 16 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.15063) 64 bits version
Started in : Normal mode
User : strem [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 10/21/2017 16:55:31 (Duration : 00:27:13)
Switches : -refid

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 4 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][]) -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{61871759-9021-4245-a883-5deffea8c608} | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][]) -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{e3b3ac4f-d583-40d0-a1af-f4912ddbeee9} | DhcpNameServer : 192.168.1.1 0.0.0.0 ([-][]) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {B05F032A-A284-4675-AE8B-87E0EC0FD16D} : v2.27|Action=Allow|Active=TRUE|Dir=In|Profile=Private|App=C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\QtDecoder\QTDecoder.exe|Name=DaVinciResolveQtdecoder| [x] -> Not selected

¤¤¤ Tasks : 1 ¤¤¤
[Hj.Shortcut] \{0FE11335-D6EC-4ED5-81E3-51958FF01D8F} -- "c:\program files\mozilla firefox\firefox.exe" (https://ui.skype.com/ui/0/7.35.0.101/en/go/help.faq.installer?LastError=1603) -> Deleted

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Samsung SSD 840 EVO 250GB +++++
--- User ---
[MBR] 440723e2898745f317e00e11060650fc
[BSP] 664f51e8af2cf3bdb00b3bf9c1361926 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 500 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1026048 | Size: 214125 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] EXTEN (0x5) [VISIBLE] Offset (sectors): 439556094 | Size: 23848 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: WDC WD10EADS-00L5B1 +++++
--- User ---
[MBR] b0516e32530923dfc0483cc590383b5d
[BSP] 7fc552217ab0624fb44880fcb47721bd : Linux|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 204800 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 419432448 | Size: 749066 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive5: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )
 
Malwarebytes report:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 10/21/17
Scan Time: 9:36 PM
Log File: b3587384-b68e-11e7-a942-1c6f65467a76.json
Administrator: Yes

-Software Information-
Version: 3.2.2.2029
Components Version: 1.0.212
Update Package Version: 1.0.3063
License: Trial

-System Information-
OS: Windows 10 (Build 15063.674)
CPU: x64
File System: NTFS
User: PSYGEIO\strem

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 487755
Threats Detected: 1
Threats Quarantined: 1
Time Elapsed: 3 min, 0 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
RiskWare.Tool.HCK, C:\USERS\STREM\DESKTOP\CRACK.RAR, Quarantined, [2127], [69152],1.0.3063

Physical Sector: 0
(No malicious items detected)


(end)
 
Adwcleaner report:

# AdwCleaner 7.0.3.1 - Logfile created on Sat Oct 21 18:47:22 2017
# Updated on 2017/29/09 by Malwarebytes
# Database: 10-17-2017.1
# Running on Windows 10 Pro (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************



########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########
 
JRT report:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Pro x64
Ran by strem (Administrator) on ‘˜™ 21/10/2017 at 21:55:30,01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0


Deleted the following from C:\Users\strem\AppData\Roaming\Mozilla\Firefox\Profiles\eshzmddc.default\prefs.js
user_pref(browser.onboarding.tour.onboarding-tour-singlesearch.completed, true);
user_pref(browser.urlbar.suggest.searches, false);



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ‘˜™ 21/10/2017 at 21:56:44,30
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
I don't see much there. Not a malware.
I see plenty of these networking errors:
"The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID"
I suggest new topic in Windows forum.
Good luck :)
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
802
uber_beetle
uber_beetle
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni

Latest posts

Back