Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.10.2018
Ran by Brent (administrator) on I (21-10-2018 03:30:59)
Running from C:\Users\Brent\Downloads
Loaded Profiles: Brent (Available Profiles: Brent)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\WINDOWS\System32\atiesrxx.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(eVenture Limited) C:\Program Files (x86)\hide.me VPN\hidemesvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(AMD) C:\WINDOWS\System32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(SEIKO EPSON CORPORATION) C:\WINDOWS\System32\spool\drivers\x64\3\E_YATIIUE.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\System32\mspaint.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Skyward Software) C:\Users\Brent\Downloads\IP Traffic Monitor\TraffMon.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\HitmanPro.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Skyward Software) C:\Users\Brent\Downloads\IP Traffic Monitor\TraffMon.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3030256 2013-05-16] (Synaptics Incorporated)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
HKLM-x32\...\Run: [IseUI] => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133728 2017-09-12] (Wondershare)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-4216165844-3389008296-2946304690-1002\...\Run: [Microsoft-Security] => C:\Users\Brent\Desktop\PS3 BO1 TooL by ModzKo\PS3 BO1 TooL by ModzKo\PS3 BlackOps 1 by MoDz Ko.exe
HKU\S-1-5-21-4216165844-3389008296-2946304690-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50622080 2016-01-19] (Skype Technologies S.A.)
HKU\S-1-5-21-4216165844-3389008296-2946304690-1002\...\Run: [BlueStacksFriends] => C:\Users\Brent\AppData\Local\Programs\BlueStacksFriends\BlueStacksFriends.exe --hidden
HKU\S-1-5-21-4216165844-3389008296-2946304690-1002\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIIUE.EXE [283232 2012-09-27] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-4216165844-3389008296-2946304690-1002\...\Run: [BDE X Man] => C:\Program Files (x86)\Coipos Software\BDE Seven\BDE7Tool.exe [796672 2010-09-03] (Coipos Software)
HKU\S-1-5-21-4216165844-3389008296-2946304690-1002\...\Policies\Explorer: [NoSecurityTab] 1
HKU\S-1-5-21-4216165844-3389008296-2946304690-1002\...\MountPoints2: {3ef70555-5aa2-11e8-bea7-2c59e5a15780} - "F:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-21-4216165844-3389008296-2946304690-1002\...\MountPoints2: {3ef7059b-5aa2-11e8-bea7-2c59e5a15780} - "F:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-21-4216165844-3389008296-2946304690-1002\...\MountPoints2: {c2092e38-57c2-11e6-be8c-2c59e5a15780} - "G:\VZW_Software_upgrade_assistant.exe"
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: [S-1-5-21-4216165844-3389008296-2946304690-1002] => 124.195.19.18:808
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{10C67E87-8D9F-46D9-BC5C-7CCDEFD21D87}: [DhcpNameServer] 74.120.223.161 74.120.223.163
Tcpip\..\Interfaces\{8EC65707-ECA2-4AE4-9E51-FAA4AB179921}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F828DBBD-8FC7-4710-A82D-C2883B4D1D9A}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-21-4216165844-3389008296-2946304690-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://
www.duckduckgo.com/
HKU\S-1-5-21-4216165844-3389008296-2946304690-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKU\S-1-5-21-4216165844-3389008296-2946304690-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://
www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL =
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKU\.DEFAULT -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
SearchScopes: HKU\S-1-5-21-4216165844-3389008296-2946304690-1002 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-4216165844-3389008296-2946304690-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\IPS\IPSBHO.DLL => No File
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw.dll [2012-04-26] (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-11] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.)
Chrome:
=======
CHR HomePage: Default -> hxxps://
www.google.com/
CHR StartupUrls: Default -> "hxxps://
www.google.com/"
CHR NewTab: Default -> Not-active:"chrome-extension://hihmfplpcpfngfbboggcloogcnigfamh/newtab.html"
CHR Profile: C:\Users\Brent\AppData\Local\Google\Chrome\User Data\Default [2018-10-21]
CHR Extension: (Slides) - C:\Users\Brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-10]
CHR Extension: (Docs) - C:\Users\Brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-09]
CHR Extension: (Google Drive) - C:\Users\Brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-10-16]
CHR Extension: (DuckDuckGo) - C:\Users\Brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2018-10-20]
CHR Extension: (YouTube) - C:\Users\Brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-10]
CHR Extension: (WebRTC Leak Shield) - C:\Users\Brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\bppamachkoflopbagkdoflbgfjflfnfl [2018-09-25]
CHR Extension: (Adblock Plus) - C:\Users\Brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-09-12]
CHR Extension: (Google Search) - C:\Users\Brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-08]
CHR Extension: (KProxy Extension) - C:\Users\Brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdocgbfmddcfnlnpmnghmjicjognhonm [2017-11-09]
CHR Extension: (SearchLock New Tab) - C:\Users\Brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\hihmfplpcpfngfbboggcloogcnigfamh [2016-12-27]
CHR Extension: (Color Change for Google™) - C:\Users\Brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\hngnmbchfbnklgpmahdjjkfpklacgmcc [2018-04-23]
CHR Extension: (Skype) - C:\Users\Brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-09]
CHR Extension: (KProxy Background App) - C:\Users\Brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\maicibfoihmlppibfkljeljefamfndbp [2016-03-20]
CHR Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\Brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2018-09-12]
CHR Extension: (Ears: Bass Boost, EQ Any Audio!) - C:\Users\Brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfdfiepdkbnoanddpianalelglmfooik [2018-07-14]
CHR Extension: (Auto Refresh Blocker) - C:\Users\Brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmhmgghfmjjoejobimppckbalonobkck [2017-06-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-23]
CHR Extension: (SetupVPN - Lifetime Free VPN) - C:\Users\Brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\oofgbpoabipfcfjapgnbbjjaenockbdp [2018-10-12]
CHR Extension: (No Name) - C:\Users\Brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\pachckjkecffpdphbpmfolblodfkgbhl [2018-10-21]
CHR Extension: (Gmail) - C:\Users\Brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-02]
CHR Extension: (Chrome Media Router) - C:\Users\Brent\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-24]
CHR HKLM\...\Chrome\Extension: [hkhkiakolggnnicallabhkobalpeplpi] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [hkhkiakolggnnicallabhkobalpeplpi] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 hmevpnsvc; C:\Program Files (x86)\hide.me VPN\hidemesvc.exe [138912 2017-12-16] (eVenture Limited)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-02] (DEVGURU Co., LTD.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-08-17] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-08-17] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 DroidCam; C:\WINDOWS\system32\DRIVERS\droidcam.sys [33592 2015-05-24] (Dev47Apps)
R3 DroidCamVideo; C:\WINDOWS\system32\DRIVERS\droidcamvideo.sys [230712 2015-05-24] (Windows (R) Win 7 DDK provider)
R3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [55232 2018-10-20] ()
S3 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [266896 2012-06-13] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
R3 voxaldriver; C:\WINDOWS\system32\DRIVERS\voxaldriverx64.sys [52976 2017-12-15] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44560 2015-08-17] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [270168 2015-08-17] (Microsoft Corporation)
R2 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [114520 2015-08-17] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [20288 2012-08-03] (Hewlett-Packard Development Company, L.P.)
S3 BstkDrv; \??\C:\Program Files (x86)\BlueStacks\BstkDrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-10-21 03:30 - 2018-10-21 03:32 - 000018836 _____ C:\Users\Brent\Downloads\FRST.txt
2018-10-21 03:30 - 2018-10-21 03:30 - 000000000 ____D C:\Users\Brent\Downloads\FRST-OlderVersion
2018-10-21 03:29 - 2018-10-21 03:30 - 002414592 _____ (Farbar) C:\Users\Brent\Downloads\FRST64.exe
2018-10-20 23:43 - 2018-10-20 23:43 - 000000000 ____D C:\Users\Brent\AppData\Local\{AE4AB2C8-5C0F-4329-9605-1B42DCF80332}
2018-10-20 11:43 - 2018-10-20 11:43 - 000000000 ____D C:\Users\Brent\AppData\Local\{392B2526-0EB8-4618-8DDC-BA030D979E5C}
2018-10-20 08:30 - 2018-10-20 08:30 - 000055232 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2018-10-20 07:02 - 2018-10-21 00:09 - 000000000 ____D C:\Users\Brent\Downloads\IP Traffic Monitor
2018-10-19 23:42 - 2018-10-19 23:42 - 000000000 ____D C:\Users\Brent\AppData\Local\{878F2967-AEE0-4074-AEC7-D03BC5383A8F}
2018-10-19 09:37 - 2018-10-21 03:30 - 000000000 ____D C:\FRST
2018-10-19 03:32 - 2018-10-19 03:32 - 000001256 _____ C:\Users\Public\Desktop\NCH Suite.lnk
2018-10-19 03:32 - 2018-10-19 03:32 - 000001142 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Debut Video Capture Software.lnk
2018-10-19 03:32 - 2018-10-19 03:32 - 000001130 _____ C:\Users\Public\Desktop\Debut Video Capture Software.lnk
2018-10-19 03:11 - 2018-10-19 03:12 - 000000000 ____D C:\Users\Brent\AppData\Local\{E7CE6FC4-C62C-4935-A942-4194BDD6DD1C}
2018-10-19 01:17 - 2018-10-19 01:34 - 000000000 ____D C:\Users\Brent\Desktop\deciphaaa
2018-10-18 00:26 - 2018-10-18 00:26 - 000000000 ____D C:\Users\Brent\AppData\Local\{DF352403-B76E-46B8-89B5-76DF7ECB25F5}
2018-10-15 18:41 - 2018-10-15 18:41 - 000000000 ____D C:\Users\Brent\AppData\Local\{62D3AA23-0F4A-4C68-BFCF-EC1311ED8A9E}
2018-10-15 18:13 - 2018-10-15 18:13 - 000000000 _____ C:\Users\Brent\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-10-12 08:54 - 2018-10-12 08:54 - 000000000 ____D C:\Users\Brent\AppData\Local\{6FAA5972-5398-4F23-806F-19C5E05559D9}
2018-10-10 16:16 - 2018-10-10 16:17 - 000262144 _____ C:\Users\Brent\Documents\TurbStang-Tune2222.bin
2018-10-10 15:47 - 2018-10-16 06:46 - 000262144 _____ C:\Users\Brent\Documents\TurbStang-Tune.bin
2018-10-10 15:37 - 2018-10-10 15:37 - 000006382 _____ C:\WINDOWS\system32\PerfStringBackup.TMP
2018-10-09 18:46 - 2018-10-09 18:46 - 000315735 _____ C:\Users\Brent\Documents\TuningNotes & terms.pdf
2018-10-09 10:05 - 2018-10-09 10:05 - 000000000 ____D C:\Users\Brent\AppData\Local\{D9622D64-63D5-4605-B164-6572459FD164}
2018-10-09 10:03 - 2018-10-09 10:51 - 000000000 ____D C:\Users\Brent\Desktop\EXH flameTHROW
2018-10-09 03:39 - 2018-10-09 03:39 - 000000990 _____ C:\WINDOWS\CE130.INI
2018-10-09 03:24 - 2018-10-09 03:24 - 000000000 ____D C:\Program Files (x86)\Borland Engine tuning
2018-10-09 03:24 - 1998-10-10 05:01 - 000211936 _____ C:\WINDOWS\SysWOW64\DBCLIENT.DLL
2018-10-09 03:24 - 1998-10-10 05:01 - 000183808 _____ C:\WINDOWS\SysWOW64\BDEADMIN.CPL
2018-10-09 03:17 - 2018-10-10 16:07 - 000013030 _____ C:\Users\Public\PDOXUSRS.NET
2018-10-09 03:16 - 2018-10-09 03:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BDE eXpress Windows 7
2018-10-09 03:16 - 2018-10-09 03:16 - 000000000 ____D C:\Program Files (x86)\Coipos Software
2018-10-09 03:16 - 2010-09-03 17:20 - 000796672 _____ (Coipos Software) C:\WINDOWS\BDE7Tool.exe
2018-10-09 03:16 - 2007-03-12 14:52 - 000000248 _____ C:\WINDOWS\SysWOW64\vs32971.vxd
2018-10-09 03:11 - 2000-08-10 23:06 - 000007883 _____ C:\WINDOWS\Eng_UK.gpl
2018-10-08 12:31 - 2018-10-08 12:31 - 000000000 ____D C:\Users\Brent\AppData\Local\{F9BCB8F7-85F8-46F0-B7C2-EE857EF5E9F4}
2018-10-08 07:38 - 2018-10-08 07:38 - 000000000 ____D C:\Users\Brent\AppData\Local\{0D9A1668-DA80-4381-8B2C-3B1E47962625}
2018-10-08 07:19 - 2018-10-08 07:19 - 000000000 ____D C:\Users\Brent\AppData\Local\{E86668EF-2A31-447E-93CF-73F830BA97AA}
2018-10-08 05:33 - 2018-10-08 05:33 - 000000000 ____D C:\Users\Brent\AppData\Local\{DF6EE1F9-287C-4FF7-A88E-BB90FCCEF53D}
2018-10-08 03:31 - 2018-10-08 03:31 - 000000000 ____D C:\Users\Brent\AppData\Local\{226219E4-6B7F-489D-A2B3-9D35F4818463}
2018-10-08 02:30 - 2018-10-08 02:30 - 000000000 ____D C:\Users\Brent\AppData\Local\{EBA3B4E4-D128-430F-8487-04DCDA843684}
2018-10-08 02:13 - 2018-10-08 02:13 - 000000000 ____D C:\Users\Brent\AppData\Local\{CEB8D840-E49D-4DDA-BF4E-FF1711840EE5}
2018-10-08 02:12 - 2018-10-08 02:12 - 000000000 ____D C:\Users\Brent\AppData\Local\{F876872A-2152-4F8D-BDB2-D0C1148B5B36}
2018-10-08 01:59 - 2018-10-08 01:59 - 000000000 ____D C:\Users\Brent\AppData\Local\{12CDC6B7-B04F-480D-ACFA-7D608B31992B}
2018-10-08 00:59 - 2018-10-08 00:59 - 000000000 ____D C:\Users\Brent\AppData\Local\{29999F41-F181-4CC2-86D2-B9118BDD325E}
2018-10-07 09:46 - 2018-10-07 09:46 - 000000000 ____D C:\Users\Brent\AppData\Local\{22EF02AC-229F-448F-A090-2F7F38B0AA92}
2018-10-06 19:20 - 2018-10-06 19:21 - 002207699 _____ C:\Users\Brent\Desktop\DeereKartTO.wmv
2018-10-06 19:18 - 2018-10-06 19:18 - 000000000 ____D C:\Users\Brent\AppData\Local\{0462CCC1-EC6B-44EB-AF7B-FF41A1429A5B}
2018-10-06 04:36 - 2018-10-06 04:36 - 000000000 ____D C:\Users\Brent\AppData\Local\{7A6B0174-19ED-4D21-ACCB-0D5511FBFE63}
2018-10-04 22:54 - 2018-10-04 22:54 - 000000000 ____D C:\Users\Brent\AppData\Local\{8B6DA3EB-073D-4BBD-A08B-F56B8E565C41}
2018-10-04 22:22 - 2018-10-09 02:50 - 000000000 ____D C:\Users\Brent\Desktop\blahintro,outro
2018-10-04 04:17 - 2018-10-04 04:17 - 000000000 ____D C:\Users\Brent\AppData\Local\{19F52AEF-E8CB-44DA-8326-3B1262A0C331}
2018-10-03 11:50 - 2018-10-03 11:50 - 000000000 ____D C:\Users\Brent\AppData\Local\{A07ECC38-A21E-4E89-8D86-BF1A0E033396}
2018-10-02 23:49 - 2018-10-02 23:50 - 000000000 ____D C:\Users\Brent\AppData\Local\{ED56BC82-B2CF-4506-9BAF-F452A08C178A}
2018-10-01 16:08 - 2018-10-01 16:08 - 000000000 ____D C:\Users\Brent\AppData\Local\{8CE83E99-950C-4A05-A07B-7A2A1D771527}
2018-09-30 21:44 - 2018-09-30 21:44 - 000000000 ____D C:\Users\Brent\AppData\Local\{F0A2BA30-036F-46C6-8DA2-5BE0FBA197D0}
2018-09-30 02:13 - 2018-09-30 02:13 - 000000000 ____D C:\Users\Brent\AppData\Local\{651B2B1F-2952-4A49-8CB7-477C88204333}
2018-09-30 01:29 - 2018-10-04 22:55 - 000000000 ____D C:\Users\Brent\Desktop\Light-Upgrade
2018-09-30 00:52 - 2018-09-30 01:15 - 000000000 ____D C:\Users\Brent\Desktop\DIYGK
2018-09-28 23:28 - 2018-09-28 23:29 - 011161965 _____ C:\Users\Brent\Desktop\BlueFLMZ.wmv
2018-09-28 22:58 - 2018-10-19 03:26 - 000000000 ____D C:\Users\Brent\Desktop\DEEREkart#2
2018-09-28 21:45 - 2018-09-28 21:45 - 000000000 ____D C:\Users\Brent\AppData\Local\{9F2359C6-BF5C-4986-AEAF-4A63E9BD6B9A}
2018-09-25 18:02 - 2018-09-26 18:14 - 000000000 ____D C:\Users\Brent\AppData\Local\{DD3CE688-8675-4AE0-A165-137867414288}
2018-09-25 14:10 - 2018-09-25 13:57 - 283390939 ____N C:\Users\Brent\Documents\20180925_135153.mp4
2018-09-25 06:01 - 2018-09-25 06:01 - 000000000 ____D C:\Users\Brent\AppData\Local\{CC51D977-B13D-46CB-8CAE-1658C794C51A}
2018-09-23 16:14 - 2018-09-28 23:49 - 000000000 ____D C:\Users\Brent\Desktop\Green-Flame
2018-09-23 16:04 - 2018-09-23 16:04 - 000000000 ____D C:\Users\Brent\AppData\Local\{1B054192-FC02-4968-93DB-0720DA8A696E}
2018-09-23 15:58 - 2018-10-07 06:41 - 000000000 ____D C:\Users\Brent\Desktop\InterCooler
2018-09-23 15:57 - 2018-10-16 03:53 - 000000000 ____D C:\Users\Brent\Desktop\Exhaust
2018-09-22 11:40 - 2018-10-18 00:32 - 000003150 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForBrent
2018-09-22 11:40 - 2018-10-18 00:32 - 000000336 _____ C:\WINDOWS\Tasks\HPCeeScheduleForBrent.job
2018-09-22 02:15 - 2018-09-22 02:15 - 000000000 ____D C:\Users\Brent\AppData\Local\{8EEC123D-F3F0-42DD-AAEB-B44A6DBED699}
2018-09-22 01:43 - 2018-09-21 01:44 - 053166074 _____ C:\Users\Brent\Desktop\turbFLAME.mp4
2018-09-21 07:06 - 2018-09-21 07:07 - 000000000 ____D C:\Users\Brent\Downloads\ccaq
2018-09-21 03:46 - 2018-09-21 03:46 - 000000000 ____D C:\Users\Brent\AppData\Local\{BF561AB2-30ED-4315-B738-A92CCD009190}
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-10-21 01:31 - 2013-08-22 10:36 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-10-21 00:22 - 2013-08-22 10:36 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2018-10-21 00:15 - 2015-08-02 11:41 - 000003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4216165844-3389008296-2946304690-1002
2018-10-21 00:10 - 2016-01-01 07:17 - 013971968 ___SH C:\Users\Brent\Desktop\Thumbs.db
2018-10-20 06:48 - 2015-08-18 00:34 - 006317568 ___SH C:\Users\Brent\Downloads\Thumbs.db
2018-10-20 04:37 - 2018-01-19 19:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MoTeC
2018-10-19 10:28 - 2017-09-24 02:06 - 000000000 ____D C:\Users\Brent\AppData\Local\Bluestacks
2018-10-19 03:35 - 2017-06-01 19:44 - 000000000 ____D C:\WINDOWS\System32\Tasks\NCH Software
2018-10-19 03:32 - 2017-12-15 22:23 - 000000000 ____D C:\ProgramData\NCH Software
2018-10-19 03:32 - 2017-12-15 22:23 - 000000000 ____D C:\Program Files (x86)\NCH Software
2018-10-19 03:32 - 2017-06-01 19:43 - 000000000 ____D C:\Users\Brent\AppData\Roaming\NCH Software
2018-10-19 00:48 - 2017-12-10 05:36 - 000000000 ___RD C:\Users\Brent\Desktop\xxTUNINGxx
2018-10-18 00:30 - 2018-01-27 19:35 - 000000000 ____D C:\Users\Brent\Desktop\MOWER-2018
2018-10-12 08:43 - 2016-06-30 21:49 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-10-10 16:23 - 2015-08-02 14:19 - 000000000 ____D C:\Users\Brent\AppData\Local\CrashDumps
2018-10-10 15:37 - 2013-08-22 08:36 - 000000000 ____D C:\WINDOWS\Inf
2018-10-10 13:11 - 2017-12-10 05:34 - 000000000 ____D C:\Users\Brent\Documents\TunerPro Files
2018-10-09 05:27 - 2017-09-22 07:38 - 000004324 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2018-10-09 05:27 - 2017-08-22 07:05 - 000004460 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-10-09 05:27 - 2013-08-22 10:36 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-10-09 05:27 - 2013-08-22 10:36 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-10-09 03:45 - 2017-12-09 19:30 - 000000000 ____D C:\Users\Brent\AppData\LocalLow\Adobe
2018-10-08 12:18 - 2015-12-27 02:29 - 000000000 ____D C:\Users\Brent\AppData\Local\ElevatedDiagnostics
2018-10-08 06:36 - 2016-07-09 20:16 - 000000000 ____D C:\Users\Brent\AppData\Roaming\Audacity
2018-10-08 06:35 - 2018-03-03 18:12 - 000000000 ____D C:\Users\Brent\Desktop\DRIFT-song
2018-10-08 06:35 - 2018-02-19 00:44 - 000000000 ___RD C:\Users\Brent\Desktop\BackGround Music
2018-10-08 06:33 - 2015-08-20 19:16 - 000000000 ____D C:\Users\Brent\Desktop\MP3s
2018-10-07 09:49 - 2013-08-22 09:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-10-07 09:48 - 2013-08-22 08:25 - 000262144 ___SH C:\WINDOWS\system32\config\BBI
2018-10-07 09:47 - 2015-08-17 02:10 - 000000000 ____D C:\Users\Brent
2018-10-06 07:40 - 2016-10-25 00:17 - 000108544 ___SH C:\Users\Brent\Documents\Thumbs.db
2018-10-06 07:30 - 2015-08-04 20:51 - 000000000 ____D C:\Users\Brent\Documents\Youcam
2018-10-05 00:33 - 2018-07-09 18:51 - 000000000 ____D C:\Users\Brent\Documents\Wondershare Filmora
2018-10-02 23:56 - 2018-07-12 05:52 - 000000000 ____D C:\Users\Brent\Desktop\Mustang Pics
2018-09-30 01:16 - 2017-12-19 05:16 - 000000000 ____D C:\Users\Brent\Desktop\Music Clips
2018-09-25 07:37 - 2018-09-15 23:14 - 000000512 _____ C:\Users\Brent\Desktop\Parts List.txt
2018-09-24 05:51 - 2018-01-31 23:53 - 000001681 _____ C:\Users\Brent\Desktop\resume-Automotive.txt
2018-09-23 04:20 - 2013-08-22 09:44 - 000363320 _____ C:\WINDOWS\system32\FNTCACHE.DAT
==================== Files in the root of some directories =======
2015-10-14 18:50 - 2015-10-14 18:50 - 000000131 _____ () C:\Users\Brent\tsMS.reg
2017-06-01 19:44 - 2017-06-01 20:16 - 000000905 _____ () C:\Users\Brent\AppData\Roaming\trace_FilterInstaller.1.txt
2017-06-01 19:44 - 2017-06-01 19:44 - 000001167 _____ () C:\Users\Brent\AppData\Roaming\trace_FilterInstaller.2.txt
2017-06-01 19:44 - 2017-12-15 22:23 - 000001167 _____ () C:\Users\Brent\AppData\Roaming\trace_FilterInstaller.txt
2017-06-01 19:44 - 2017-12-15 22:23 - 000000000 _____ () C:\Users\Brent\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2015-08-02 15:18 - 2015-08-07 12:18 - 000000097 _____ () C:\Users\Brent\AppData\Roaming\WB.CFG
2018-10-15 18:13 - 2018-10-15 18:13 - 000000000 _____ () C:\Users\Brent\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-12-31 19:33 - 2018-05-07 01:25 - 000000409 _____ () C:\Users\Brent\AppData\Local\kdeglobals
2017-12-31 19:26 - 2018-05-07 01:27 - 000004103 _____ () C:\Users\Brent\AppData\Local\kdenliverc
2015-11-17 19:04 - 2015-11-17 19:04 - 000007607 _____ () C:\Users\Brent\AppData\Local\Resmon.ResmonCfg
2017-12-31 19:26 - 2017-12-31 19:26 - 000000533 _____ () C:\Users\Brent\AppData\Local\user-places.xbel
2017-12-31 19:26 - 2017-12-31 19:26 - 000000000 _____ () C:\Users\Brent\AppData\Local\user-places.xbel.tbcache
Some files in TEMP:
====================
2018-01-08 22:26 - 2018-05-16 09:44 - 000824864 _____ (BlueStack Systems, Inc.) C:\Users\Brent\AppData\Local\Temp\BlueStacksClientUninstaller.exe
2017-09-24 07:16 - 2017-09-24 07:16 - 033689344 _____ (BlueStack Systems, Inc.) C:\Users\Brent\AppData\Local\Temp\BlueStacksFriends-Setup-11.0.2.exe
2015-10-22 08:04 - 2015-10-22 08:04 - 000467456 _____ (Realtek Semiconductor Corp.) C:\Users\Brent\AppData\Local\Temp\COMAP.EXE
2018-01-11 17:06 - 2013-07-29 14:40 - 000086392 _____ () C:\Users\Brent\AppData\Local\Temp\dp-chooser.exe
2018-01-11 17:06 - 2013-07-29 14:41 - 000676288 _____ (Microsoft Corporation) C:\Users\Brent\AppData\Local\Temp\dpinst-amd64.exe
2018-01-11 17:06 - 2013-07-29 14:41 - 000550848 _____ (Microsoft Corporation) C:\Users\Brent\AppData\Local\Temp\dpinst-x86.exe
2009-07-13 14:12 - 2009-07-13 14:12 - 001047632 _____ (Microsoft Corporation) C:\Users\Brent\AppData\Local\Temp\DPInstx64.exe
2009-07-13 13:47 - 2009-07-13 13:47 - 000922176 _____ (Microsoft Corporation) C:\Users\Brent\AppData\Local\Temp\DPInstx86.exe
2010-10-08 03:07 - 2010-10-08 03:07 - 000075672 _____ () C:\Users\Brent\AppData\Local\Temp\DPInst_Monx64.exe
2010-10-08 03:07 - 2010-10-08 03:07 - 000075160 _____ () C:\Users\Brent\AppData\Local\Temp\DPInst_Monx86.exe
2018-04-29 04:50 - 2018-04-29 04:50 - 000353280 _____ (KSDev) C:\Users\Brent\AppData\Local\Temp\dskinengine.dll
2017-12-12 13:24 - 2017-12-12 13:24 - 000219496 _____ (FTDI Ltd.) C:\Users\Brent\AppData\Local\Temp\ftd2xx3644316505497067891.dll
2018-01-08 22:26 - 2018-05-16 09:43 - 000421368 _____ (CodeTitans) C:\Users\Brent\AppData\Local\Temp\JSON.dll
2010-10-08 03:06 - 2010-10-08 03:06 - 000075152 _____ () C:\Users\Brent\AppData\Local\Temp\OS_Detect.exe
2017-03-27 22:13 - 2017-03-27 22:13 - 005867648 _____ (eVenture Limited ) C:\Users\Brent\AppData\Local\Temp\tmpDD13.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed