Solved Windows has encountered a critical problem and will restart automatically in one minute...

ABL89 · Jun 21, 2017

I've received the following message twice. Once yesterday and now again today:

"Windows has encountered a critical problem and will restart automatically in one minute. Please save your work now."

OS: Windows 7

If somebody can help me, I'd appreciate that.

Broni · Jun 21, 2017

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=========================================

Are you able to use your computer or it keeps turning itself off?

ABL89 · Jun 22, 2017

Thank you. The forced restarts aren't too frequent yet. I've had it twice and it was about a day apart. I almost want to say that it happened around the same time of day but I'm not 100% sure of that. I can still use my computer at the moment.

ABL89 · Jun 22, 2017

I had a look at the event viewer logs and I found that with both crashes/restarts this was the general information given:

"A critical system process, C:\Windows\system32\lsass.exe, failed with status code 255. The machine must now be restarted."

Broni · Jun 22, 2017

If so...

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

ABL89 · Jun 23, 2017

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-06-2017 01
Ran by Dwayne (administrator) on GRAPHICS_PC (24-06-2017 00:57:42)
Running from C:\Users\Dwayne\Desktop
Loaded Profiles: Dwayne (Available Profiles: Dwayne)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
() C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe
() C:\Program Files (x86)\Gigabyte\OCBtn\GUP7Serv.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Razer Inc) C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(GIGA-BYTE TECHNOLOGY CO., LTD.) C:\Program Files (x86)\Gigabyte\SIV\thermald.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-28] (Nico Mak Computing)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14021336 2015-06-18] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-05-09] (AVAST Software)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-06-27] (Intel Corporation)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-10-01] (Raptr, Inc)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2017-04-13] (Razer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM-x32\...\RunOnce: [SIV] => C:\Program Files (x86)\Gigabyte\SIV\RunOnceTc.exe [16192 2014-04-25] (GIGA-BYTE TECHNOLOGY CO., LTD.)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-09] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-09] (AVAST Software)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => -> No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.2
Tcpip\..\Interfaces\{9BED6570-F66E-4EDA-A1AC-AF89C2BB5632}: [DhcpNameServer] 10.0.0.2

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1901267739-2306482670-2628607035-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.za/
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-01-01] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-04-23] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-01-01] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-23] (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Dwayne\AppData\Roaming\Mozilla\Firefox\Profiles\5geyetf6.default-1454257769290 [2017-06-24]
FF Homepage: Mozilla\Firefox\Profiles\5geyetf6.default-1454257769290 -> hxxps://www.google.co.za/
FF Extension: (Avast Online Security) - C:\Users\Dwayne\AppData\Roaming\Mozilla\Firefox\Profiles\5geyetf6.default-1454257769290\Extensions\wrc@avast.com.xpi [2017-05-31]
FF Extension: (Video DownloadHelper) - C:\Users\Dwayne\AppData\Roaming\Mozilla\Firefox\Profiles\5geyetf6.default-1454257769290\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-05-09]
FF Extension: (Adblock Plus) - C:\Users\Dwayne\AppData\Roaming\Mozilla\Firefox\Profiles\5geyetf6.default-1454257769290\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-08]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-06-21] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-21] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2017-04-06] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2017-04-06] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2017-04-06] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2017-04-06] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7346208 2017-05-09] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-05-09] (AVAST Software)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2014-09-19] (Macrovision Europe Ltd.) [File not signed]
R2 FoxitReaderService; C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe [1659592 2017-04-13] (Foxit Software Inc.)
R2 gadjservice; C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe [16896 2015-04-14] () [File not signed]
R2 GUP7Serv; C:\Program Files (x86)\GIGABYTE\OCBtn\GUP7Serv.exe [18240 2014-05-21] ()
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [324424 2014-08-14] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2013-09-13] (arvato digital services llc)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-25] ()
R2 RzSurroundVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe [4261344 2016-11-04] (Razer Inc)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [121280 2009-11-11] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [121280 2009-11-11] (SlySoft, Inc.)
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [311808 2017-05-09] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [190256 2017-05-09] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334576 2017-05-09] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [49016 2017-05-09] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [128648 2017-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-05-09] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1007160 2017-05-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [569192 2017-05-09] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [158880 2017-05-13] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [339696 2017-05-09] (AVAST Software)
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-09-20] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77376 2017-05-25] ()
S3 etocdrv; C:\Windows\etocdrv.sys [15584 2013-10-30] (Giga-Byte Technology CO., LTD.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-04-11] (Intel Corporation)
S3 jakstaVA; C:\Windows\System32\DRIVERS\jaksta_va.sys [103816 2014-12-09] (e2eSoft)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [188312 2017-06-21] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [113592 2017-06-23] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [44960 2017-06-23] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [252832 2017-06-23] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [84256 2017-06-24] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R1 ndisrd; C:\Windows\System32\DRIVERS\ndisrd.sys [33496 2014-03-27] (Realtek)
S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam620.sys [58512 2012-07-03] (Realtek Corporation)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [44144 2016-09-17] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [130880 2015-12-15] (Razer, Inc.)
R3 RZSURROUNDVADService; C:\Windows\System32\drivers\RzSurroundVAD.sys [49176 2016-10-16] (Windows (R) Win 7 DDK provider)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-06-09] ()
S3 cpuz137; \??\C:\Windows\TEMP\cpuz137\cpuz137_x64.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
S3 ManyCam; system32\DRIVERS\mcvidrv_x64.sys [X]
S3 mcaudrv_simple; system32\drivers\mcaudrv_x64.sys [X]
S3 NTIOLib_1_0_4; \??\C:\Program Files (x86)\MSI\Live Update\NTIOLib_X64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ABL89 · Jun 23, 2017

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2073-12-03 10:13 - 2014-09-17 23:28 - 00000000 ____D C:\Windows\Panther
2073-12-03 01:08 - 2014-01-01 00:12 - 00000000 __RHD C:\MSOCache
2073-12-03 01:01 - 2017-06-15 09:33 - 00000000 __SHD C:\Config.Msi
2073-12-03 01:01 - 2014-09-19 18:12 - 00000000 ____D C:\ProgramData\Adobe
2073-12-03 00:58 - 2073-12-03 00:58 - 00000000 ____D C:\5ed878faeca74ae6af7708f79d0b85
2073-12-03 00:57 - 2073-12-03 00:57 - 00018264 _____ C:\Windows\system32\results.xml
2073-12-03 00:53 - 2073-12-03 00:53 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_iusb3hcs_01009.Wdf
2073-12-03 00:52 - 2073-12-03 00:52 - 00000000 ____D C:\Windows\system32\EventProviders
2073-12-03 00:51 - 2016-04-16 08:31 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2073-12-03 00:50 - 2014-03-18 04:44 - 00906968 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2073-12-03 00:50 - 2014-03-18 04:44 - 00107552 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2073-12-03 00:50 - 2014-03-18 04:44 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2073-12-03 00:49 - 2016-08-24 13:24 - 00000000 ___HD C:\Program Files (x86)\Temp
2073-12-03 00:49 - 2015-10-22 15:07 - 00000000 ____D C:\Program Files (x86)\Realtek
2073-12-03 00:48 - 2073-12-03 00:51 - 00000000 ____D C:\ProgramData\Intel
2073-12-03 00:48 - 2014-09-17 20:35 - 00000000 ____D C:\Program Files\Intel
2073-12-03 00:48 - 2014-08-14 00:24 - 00670720 _____ (Intel Corporation) C:\Windows\system32\igfxDH.dll
2073-12-03 00:48 - 2014-08-14 00:24 - 00372736 _____ (Intel Corporation) C:\Windows\system32\igfxOSP.dll
2073-12-03 00:48 - 2014-08-14 00:24 - 00324424 _____ (Intel Corporation) C:\Windows\system32\igfxCUIService.exe
2073-12-03 00:48 - 2014-08-14 00:24 - 00301896 _____ (Intel Corporation) C:\Windows\system32\igfxEM.exe
2073-12-03 00:48 - 2014-08-14 00:24 - 00271872 _____ (Intel Corporation) C:\Windows\system32\igfxDI.dll
2073-12-03 00:48 - 2014-08-14 00:24 - 00250368 _____ (Intel Corporation) C:\Windows\system32\igfxLHM.dll
2073-12-03 00:48 - 2014-08-14 00:24 - 00222720 _____ (Intel Corporation) C:\Windows\system32\igfxDTCM.dll
2073-12-03 00:48 - 2014-03-31 07:28 - 00182784 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v3540.dll
2073-12-03 00:48 - 2014-03-31 07:23 - 00000895 _____ C:\Windows\system32\Gfxv2_0.exe.config
2073-12-03 00:48 - 2014-03-31 07:23 - 00000895 _____ C:\Windows\system32\DPTopologyAppv2_0.exe.config
2073-12-03 00:48 - 2014-03-31 07:23 - 00000895 _____ C:\Windows\system32\CustomModeAppv2_0.exe.config
2073-12-03 00:48 - 2014-03-31 07:23 - 00000889 _____ C:\Windows\system32\Gfxv4_0.exe.config
2073-12-03 00:48 - 2014-03-31 07:23 - 00000889 _____ C:\Windows\system32\DPTopologyApp.exe.config
2073-12-03 00:48 - 2014-03-31 07:23 - 00000889 _____ C:\Windows\system32\CustomModeApp.exe.config
2073-12-03 00:48 - 2014-03-28 13:06 - 02813952 _____ C:\Windows\system32\iglhxa64.cpa
2073-12-03 00:48 - 2014-03-28 13:06 - 00094208 _____ C:\Windows\system32\IccLibDll_x64.dll
2073-12-03 00:48 - 2014-03-28 13:06 - 00044025 _____ C:\Windows\system32\iglhxo64.vp
2073-12-03 00:48 - 2014-03-28 13:06 - 00043816 _____ C:\Windows\system32\iglhxc64_dev.vp
2073-12-03 00:48 - 2014-03-28 13:06 - 00043494 _____ C:\Windows\system32\iglhxc64.vp
2073-12-03 00:48 - 2014-03-28 13:06 - 00043298 _____ C:\Windows\system32\iglhxg64_dev.vp
2073-12-03 00:48 - 2014-03-28 13:06 - 00043256 _____ C:\Windows\system32\iglhxg64.vp
2073-12-03 00:48 - 2014-03-28 13:06 - 00042079 _____ C:\Windows\system32\iglhxo64_dev.vp
2073-12-03 00:48 - 2013-09-16 12:17 - 00016344 _____ (Intel Corporation) C:\Windows\system32\Drivers\IntelMEFWVer.dll
2073-12-03 00:47 - 2073-12-03 00:47 - 00000000 ____H C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Coinstaller_Critical.Wdf
2073-12-03 00:47 - 2073-12-03 00:47 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2073-12-03 00:47 - 2014-03-31 07:28 - 00450520 _____ (Intel(R) Corporation) C:\Windows\system32\Drivers\IntcDAud.sys
2073-12-03 00:47 - 2013-09-16 12:17 - 01795952 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll
2073-12-03 00:47 - 2013-09-16 12:17 - 00099288 _____ (Intel Corporation) C:\Windows\system32\Drivers\TeeDriverx64.sys
2073-12-03 00:47 - 2012-07-26 06:55 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2073-12-03 00:47 - 2012-07-26 04:36 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2073-12-03 00:47 - 2012-06-02 16:35 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2073-12-03 00:46 - 2017-01-05 23:32 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2073-12-03 00:46 - 2014-09-17 23:47 - 00000000 ____D C:\Program Files (x86)\Intel
2073-12-03 00:46 - 2014-09-17 22:26 - 00000000 ____D C:\Intel
2073-12-03 00:46 - 2013-08-21 15:16 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll
2073-12-03 00:44 - 2073-12-03 00:44 - 00000000 ____D C:\ProgramData\NortonInstaller
2073-12-03 00:44 - 2017-05-09 21:22 - 00769808 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2073-12-03 00:44 - 2014-09-03 01:25 - 00000000 ____D C:\ProgramData\Norton
2073-12-03 00:43 - 2014-09-17 19:43 - 00000000 ____D C:\Program Files (x86)\Microsoft.NET
2073-12-03 00:42 - 2014-09-17 23:15 - 00000000 ____D C:\Program Files\Google
2073-12-03 00:42 - 2014-09-17 23:13 - 00000000 ____D C:\ProgramData\Google
2073-12-03 00:41 - 2017-06-15 09:33 - 00000000 __SHD C:\Windows\Installer
2073-12-03 00:41 - 2017-04-29 09:56 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2073-12-03 00:41 - 2017-04-29 09:56 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2073-12-03 00:41 - 2017-03-23 22:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2073-12-03 00:41 - 2014-12-05 23:57 - 00000000 ____D C:\Program Files (x86)\Google
2073-12-03 00:41 - 2014-09-17 19:54 - 00000010 _____ C:\Windows\GSetup.ini
2073-12-03 00:36 - 2073-12-03 00:36 - 00000000 __SHD C:\Recovery
2073-12-03 00:35 - 2016-06-02 07:50 - 00000000 ____D C:\Windows\SoftwareDistributionOLD
2073-12-03 00:16 - 2073-12-03 00:16 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2073-12-03 00:16 - 2073-12-03 00:16 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2073-12-03 00:13 - 2017-06-23 21:06 - 2066399232 ___SH C:\hiberfil.sys
2073-12-03 00:13 - 2017-06-23 21:06 - 00000000 ___SH C:\pagefile.sys
2073-12-03 00:13 - 2017-06-22 18:06 - 00000000 __SHD C:\System Volume Information
2073-12-03 00:13 - 2017-06-22 00:09 - 00000000 ____D C:\Windows\Prefetch
2017-06-24 00:57 - 2017-06-24 00:57 - 00018452 _____ C:\Users\Dwayne\Desktop\FRST.txt
2017-06-24 00:56 - 2017-06-24 00:57 - 02439680 _____ (Farbar) C:\Users\Dwayne\Desktop\FRST64.exe
2017-06-22 19:45 - 2017-06-22 19:46 - 00001504 _____ C:\Users\Dwayne\Desktop\Mozilla Firefox.lnk
2017-06-21 23:51 - 2017-06-24 00:57 - 00000000 ____D C:\FRST
2017-06-21 22:50 - 2017-06-24 00:18 - 00084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-06-21 22:50 - 2017-06-23 21:07 - 00113592 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-06-21 22:50 - 2017-06-23 21:07 - 00044960 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-06-21 22:50 - 2017-06-21 22:56 - 00188312 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-06-21 22:50 - 2017-06-21 22:50 - 00001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-06-21 22:50 - 2017-06-21 22:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-06-21 22:50 - 2017-06-21 22:50 - 00000000 ____D C:\Program Files\Malwarebytes
2017-06-21 22:50 - 2017-05-25 11:58 - 00077376 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-06-21 22:48 - 2017-06-21 22:49 - 00215414 _____ C:\TDSSKiller.3.1.0.12_21.06.2017_22.48.18_log.txt
2017-06-21 22:47 - 2017-06-21 22:47 - 00215562 _____ C:\TDSSKiller.3.1.0.12_21.06.2017_22.47.10_log.txt
2017-06-21 13:44 - 2017-06-21 13:44 - 00004623 _____ C:\Users\Dwayne\AppData\Local\recently-used.xbel
2017-06-20 20:33 - 2017-06-21 13:44 - 00000000 ____D C:\Users\Dwayne\AppData\Local\gtk-2.0
2017-06-20 20:33 - 2017-06-20 20:33 - 00000000 ____D C:\Users\Dwayne\.thumbnails
2017-06-20 20:27 - 2017-06-21 13:47 - 00000000 ____D C:\Users\Dwayne\.gimp-2.8
2017-06-20 20:27 - 2017-06-20 20:27 - 00000000 ____D C:\Users\Dwayne\AppData\Local\gegl-0.2
2017-06-17 21:00 - 2017-06-18 21:08 - 00000000 ____D C:\Users\Dwayne\AppData\Roaming\timodd
2017-06-15 09:35 - 2017-06-15 09:35 - 00000000 ____D C:\ProgramData\RzSurroundVAD_1.1.62.0
2017-06-15 09:35 - 2016-09-17 02:12 - 00044144 _____ (Razer, Inc.) C:\Windows\system32\Drivers\rzpmgrk.sys
2017-06-14 10:06 - 2017-06-02 10:28 - 02317824 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-06-14 10:06 - 2017-06-02 10:28 - 02222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-06-14 10:06 - 2017-06-02 10:28 - 00778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-06-14 10:06 - 2017-06-02 10:28 - 00491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-06-14 10:06 - 2017-06-02 10:28 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-06-14 10:06 - 2017-06-02 10:28 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-06-14 10:06 - 2017-06-02 10:28 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-06-14 10:06 - 2017-06-02 10:28 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-06-14 10:06 - 2017-06-02 10:28 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-06-14 10:06 - 2017-06-02 10:11 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-06-14 10:06 - 2017-06-02 10:11 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-06-14 10:06 - 2017-06-02 10:10 - 00733696 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-06-14 10:06 - 2017-06-02 10:10 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-06-14 10:06 - 2017-06-02 10:09 - 01549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-06-14 10:06 - 2017-06-02 10:09 - 01400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-06-14 10:06 - 2017-06-02 10:09 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-06-14 10:06 - 2017-06-02 10:09 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-06-14 10:06 - 2017-06-02 10:09 - 00197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-06-14 10:06 - 2017-06-02 10:09 - 00104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-06-14 10:06 - 2017-06-02 10:09 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-06-14 10:06 - 2017-06-02 10:09 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-06-14 10:06 - 2017-06-02 09:58 - 00427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-06-14 10:06 - 2017-06-02 09:58 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-06-14 10:06 - 2017-06-02 09:57 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-06-14 10:06 - 2017-06-02 09:57 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-06-14 10:06 - 2017-05-21 06:28 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-06-14 10:06 - 2017-05-21 06:28 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-06-14 10:06 - 2017-05-21 06:24 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-06-14 10:06 - 2017-05-21 06:24 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-06-14 10:06 - 2017-05-21 06:24 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-06-14 10:06 - 2017-05-21 06:24 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-06-14 10:06 - 2017-05-21 06:24 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-06-14 10:06 - 2017-05-21 06:24 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-06-14 10:06 - 2017-05-21 06:24 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-06-14 10:06 - 2017-05-21 06:24 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-06-14 10:06 - 2017-05-21 06:24 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-06-14 10:06 - 2017-05-21 06:24 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-06-14 10:06 - 2017-05-21 06:24 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-06-14 10:06 - 2017-05-21 06:24 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-06-14 10:06 - 2017-05-21 06:24 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-06-14 10:06 - 2017-05-21 06:24 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-06-14 10:06 - 2017-05-21 06:24 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-06-14 10:06 - 2017-05-21 06:24 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-06-14 10:06 - 2017-05-21 06:06 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-06-14 10:06 - 2017-05-21 06:06 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-06-14 10:06 - 2017-05-21 06:06 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-06-14 10:06 - 2017-05-21 06:06 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-06-14 10:06 - 2017-05-21 06:06 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-06-14 10:06 - 2017-05-21 06:06 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-06-14 10:06 - 2017-05-21 06:06 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-06-14 10:06 - 2017-05-21 06:06 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-06-14 10:06 - 2017-05-21 06:06 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-06-14 10:06 - 2017-05-21 06:06 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-06-14 10:06 - 2017-05-21 06:06 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-06-14 10:06 - 2017-05-21 06:06 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-06-14 10:06 - 2017-05-21 06:06 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-06-14 10:06 - 2017-05-21 05:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-06-14 10:06 - 2017-05-21 05:48 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-06-14 10:06 - 2017-05-21 05:48 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-06-14 10:06 - 2017-05-21 05:48 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-06-14 10:06 - 2017-05-21 05:47 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-06-14 10:06 - 2017-05-21 05:46 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-06-14 10:06 - 2017-05-21 05:42 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-06-14 10:06 - 2017-05-16 20:19 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-06-14 10:06 - 2017-05-16 19:35 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-06-14 10:06 - 2017-05-14 22:46 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-06-14 10:06 - 2017-05-14 22:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-06-14 10:06 - 2017-05-14 22:27 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-06-14 10:06 - 2017-05-14 22:27 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-06-14 10:06 - 2017-05-14 22:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-06-14 10:06 - 2017-05-14 22:26 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-06-14 10:06 - 2017-05-14 22:24 - 02899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-06-14 10:06 - 2017-05-14 22:19 - 25738752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-06-14 10:06 - 2017-05-14 22:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-06-14 10:06 - 2017-05-14 22:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-06-14 10:06 - 2017-05-14 22:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-06-14 10:06 - 2017-05-14 22:10 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-06-14 10:06 - 2017-05-14 22:10 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-06-14 10:06 - 2017-05-14 22:10 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-06-14 10:06 - 2017-05-14 22:10 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-06-14 10:06 - 2017-05-14 22:01 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-06-14 10:06 - 2017-05-14 21:57 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-06-14 10:06 - 2017-05-14 21:55 - 05975040 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-06-14 10:06 - 2017-05-14 21:48 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-06-14 10:06 - 2017-05-14 21:47 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-06-14 10:06 - 2017-05-14 21:46 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-06-14 10:06 - 2017-05-14 21:42 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-06-14 10:06 - 2017-05-14 21:41 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-06-14 10:06 - 2017-05-14 21:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-06-14 10:06 - 2017-05-14 21:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-06-14 10:06 - 2017-05-14 21:36 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-06-14 10:06 - 2017-05-14 21:23 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-06-14 10:06 - 2017-05-14 21:23 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-06-14 10:06 - 2017-05-14 21:22 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-06-14 10:06 - 2017-05-14 21:22 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-06-14 10:06 - 2017-05-14 21:22 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-06-14 10:06 - 2017-05-14 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-06-14 10:06 - 2017-05-14 21:20 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-06-14 10:06 - 2017-05-14 21:19 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-06-14 10:06 - 2017-05-14 21:18 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-06-14 10:06 - 2017-05-14 21:17 - 02132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-06-14 10:06 - 2017-05-14 21:16 - 02290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-06-14 10:06 - 2017-05-14 21:15 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-06-14 10:06 - 2017-05-14 21:14 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-06-14 10:06 - 2017-05-14 21:12 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-06-14 10:06 - 2017-05-14 21:11 - 20274688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-06-14 10:06 - 2017-05-14 21:11 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-06-14 10:06 - 2017-05-14 21:10 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-06-14 10:06 - 2017-05-14 21:10 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-06-14 10:06 - 2017-05-14 21:02 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-06-14 10:06 - 2017-05-14 20:57 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-06-14 10:06 - 2017-05-14 20:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-06-14 10:06 - 2017-05-14 20:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-06-14 10:06 - 2017-05-14 20:54 - 15252992 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-06-14 10:06 - 2017-05-14 20:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-06-14 10:06 - 2017-05-14 20:52 - 03240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-06-14 10:06 - 2017-05-14 20:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-06-14 10:06 - 2017-05-14 20:50 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-06-14 10:06 - 2017-05-14 20:49 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-06-14 10:06 - 2017-05-14 20:44 - 04549120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-06-14 10:06 - 2017-05-14 20:42 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-06-14 10:06 - 2017-05-14 20:40 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-06-14 10:06 - 2017-05-14 20:39 - 02057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-06-14 10:06 - 2017-05-14 20:38 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-06-14 10:06 - 2017-05-14 20:37 - 01544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-06-14 10:06 - 2017-05-14 20:30 - 13664768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-06-14 10:06 - 2017-05-14 20:27 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-06-14 10:06 - 2017-05-14 20:15 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-06-14 10:06 - 2017-05-14 20:11 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-06-14 10:06 - 2017-05-14 20:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-06-14 10:06 - 2017-05-12 20:27 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-06-14 10:06 - 2017-05-12 20:26 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-06-14 10:06 - 2017-05-12 20:26 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-06-14 10:06 - 2017-05-12 20:26 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-06-14 10:06 - 2017-05-12 20:24 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:07 - 04001000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-06-14 10:06 - 2017-05-12 20:07 - 03945704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-06-14 10:06 - 2017-05-12 20:07 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-06-14 10:06 - 2017-05-12 20:04 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-06-14 10:06 - 2017-05-12 20:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-06-14 10:06 - 2017-05-12 20:03 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-06-14 10:06 - 2017-05-12 20:03 - 00629760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-06-14 10:06 - 2017-05-12 20:03 - 00313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-06-14 10:06 - 2017-05-12 20:03 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-06-14 10:06 - 2017-05-12 20:03 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2017-06-14 10:06 - 2017-05-12 20:03 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-06-14 10:06 - 2017-05-12 20:03 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-06-14 10:06 - 2017-05-12 20:03 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2017-06-14 10:06 - 2017-05-12 20:03 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2017-06-14 10:06 - 2017-05-12 20:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-06-14 10:06 - 2017-05-12 20:03 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-06-14 10:06 - 2017-05-12 20:03 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 19:55 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-06-14 10:06 - 2017-05-12 19:54 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-06-14 10:06 - 2017-05-12 19:54 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-06-14 10:06 - 2017-05-12 19:52 - 03222528 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-06-14 10:06 - 2017-05-12 19:51 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-06-14 10:06 - 2017-05-12 19:50 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-06-14 10:06 - 2017-05-12 19:46 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-06-14 10:06 - 2017-05-12 19:43 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-06-14 10:06 - 2017-05-12 19:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-06-14 10:06 - 2017-05-12 19:41 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-06-14 10:06 - 2017-05-12 19:41 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-06-14 10:06 - 2017-05-12 19:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-06-14 10:06 - 2017-05-12 19:40 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 19:40 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 19:40 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 19:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 18:25 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-06-14 10:06 - 2017-05-12 17:58 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-06-14 10:06 - 2017-05-12 17:58 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-06-14 10:06 - 2017-05-10 17:33 - 00091368 _____ (Microsoft Corporation) C:\Windows\system32\MigAutoPlay.exe
2017-06-14 10:06 - 2017-05-10 17:29 - 14183936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-06-14 10:06 - 2017-05-10 17:29 - 03165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-06-14 10:06 - 2017-05-10 17:29 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-06-14 10:06 - 2017-05-10 17:29 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-06-14 10:06 - 2017-05-10 17:29 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-06-14 10:06 - 2017-05-10 17:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2017-06-14 10:06 - 2017-05-10 17:16 - 00091368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MigAutoPlay.exe
2017-06-14 10:06 - 2017-05-10 17:14 - 02651136 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-06-14 10:06 - 2017-05-10 17:13 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-06-14 10:06 - 2017-05-10 17:13 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-06-14 10:06 - 2017-05-10 17:13 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-06-14 10:06 - 2017-05-10 17:13 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-06-14 10:06 - 2017-05-10 17:13 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-06-14 10:06 - 2017-05-10 17:13 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2017-06-14 10:06 - 2017-05-10 17:12 - 12880896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-06-14 10:06 - 2017-05-10 17:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-06-14 10:06 - 2017-05-10 17:12 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-06-14 10:06 - 2017-05-10 17:00 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-06-14 10:06 - 2017-05-10 17:00 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-06-14 10:06 - 2017-05-10 17:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-06-14 10:06 - 2017-05-10 17:00 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2017-06-14 10:06 - 2017-05-10 16:52 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-06-14 10:06 - 2017-05-09 17:30 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-06-14 10:06 - 2017-05-09 17:29 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2017-06-14 10:06 - 2017-05-09 17:15 - 00071680 _____ C:\Windows\system32\PrintBrmUi.exe
2017-06-14 10:06 - 2017-05-09 17:11 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2017-06-14 10:06 - 2017-05-07 17:33 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2017-06-14 10:06 - 2017-05-07 17:29 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2017-06-14 10:06 - 2017-04-28 00:50 - 03550208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2017-06-14 10:06 - 2017-04-12 15:05 - 04296704 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2017-06-14 10:06 - 2017-03-30 17:03 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\rundll32.exe
2017-06-14 10:06 - 2017-03-30 16:58 - 00045056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
2017-06-14 10:05 - 2017-05-21 06:24 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-06-14 10:05 - 2017-05-21 06:24 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-06-14 10:05 - 2017-05-21 06:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-06-14 10:05 - 2017-05-21 06:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-06-14 10:05 - 2017-05-21 06:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-06-14 10:05 - 2017-05-21 06:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-06-14 10:05 - 2017-05-14 22:46 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-06-09 13:22 - 2017-06-09 13:22 - 00000144 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat

ABL89 · Jun 23, 2017

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2073-12-03 10:12 - 2009-07-14 07:38 - 00025600 ___SH C:\Windows\system32\config\BCD-Template.LOG
2073-12-03 10:12 - 2009-07-14 07:32 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2073-12-03 00:49 - 2009-07-14 06:54 - 00000404 ___SH C:\Users\Public\Desktop\desktop.ini
2073-12-03 00:43 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\restore
2073-12-03 00:16 - 2009-07-14 07:01 - 00040833 _____ C:\Windows\SysWOW64\license.rtf
2073-12-03 00:16 - 2009-07-14 07:01 - 00040833 _____ C:\Windows\system32\license.rtf
2073-12-03 00:16 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\sysprep
2073-12-03 00:13 - 2009-07-14 09:12 - 00000000 ____D C:\Windows\CSC
2017-06-24 00:57 - 2016-11-17 15:47 - 00000000 ____D C:\Users\Dwayne\AppData\LocalLow\Mozilla
2017-06-24 00:57 - 2015-04-04 14:46 - 00000000 _____ C:\Windows\system32\RzSurroundVADAudioDeviceManager_log.txt
2017-06-23 23:06 - 2014-09-19 17:59 - 00000000 ___RD C:\Users\Dwayne\Desktop\Screen Captures
2017-06-23 21:15 - 2009-07-14 06:45 - 00029088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-06-23 21:15 - 2009-07-14 06:45 - 00029088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-06-23 21:08 - 2014-09-17 21:46 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2017-06-23 21:08 - 2014-09-17 19:39 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\etdrv.sys
2017-06-23 21:07 - 2016-01-31 18:13 - 00252832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-06-23 21:07 - 2014-09-17 19:56 - 00000290 _____ C:\Windows\Tasks\RtlLanOptimizerVistaStart.job
2017-06-23 21:06 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-23 14:04 - 2015-06-09 12:30 - 00000000 ____D C:\Users\Dwayne\AppData\Roaming\vlc
2017-06-23 01:28 - 2017-04-27 03:16 - 00000000 ____D C:\AdwCleaner
2017-06-22 21:36 - 2016-06-23 20:11 - 00000000 ____D C:\Users\Dwayne\AppData\Roaming\foobar2000
2017-06-22 21:20 - 2014-09-19 19:22 - 00000000 ____D C:\Users\Dwayne\Documents\Torrents
2017-06-22 21:11 - 2015-11-15 00:55 - 00000000 ____D C:\Users\Dwayne\AppData\Roaming\Audacity
2017-06-22 20:44 - 2017-03-15 08:48 - 00000000 ___RD C:\Users\Dwayne\Desktop\Atomic Blonde
2017-06-22 20:26 - 2015-08-08 10:39 - 00000000 ___RD C:\Users\Dwayne\Desktop\Wallpapers
2017-06-22 19:49 - 2014-09-19 15:59 - 00000000 ___RD C:\Users\Dwayne\Desktop\Software
2017-06-22 19:44 - 2014-09-19 16:59 - 00000000 ___RD C:\Users\Dwayne\Desktop\Games
2017-06-22 17:45 - 2014-09-19 17:00 - 00000000 ___RD C:\Users\Dwayne\Desktop\My Portfolio
2017-06-22 17:03 - 2015-08-08 11:20 - 00000000 ____D C:\Users\Dwayne\Icons
2017-06-22 16:00 - 2014-09-19 17:58 - 00000000 ___RD C:\Users\Dwayne\Desktop\To Sort
2017-06-22 00:40 - 2016-11-30 10:12 - 00000000 ____D C:\EEK
2017-06-21 23:51 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2017-06-21 23:33 - 2009-07-14 07:13 - 00785942 _____ C:\Windows\system32\PerfStringBackup.INI
2017-06-21 22:52 - 2014-09-19 19:18 - 00000000 ____D C:\Users\Dwayne\AppData\Roaming\uTorrent
2017-06-21 22:50 - 2014-09-19 16:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-06-21 17:49 - 2014-09-27 10:45 - 00000000 ___RD C:\Users\Dwayne\Desktop\TV Series
2017-06-21 16:37 - 2014-09-17 22:33 - 00000000 ____D C:\Users\Dwayne\AppData\Local\Adobe
2017-06-21 16:31 - 2016-07-17 19:35 - 00803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-06-21 16:31 - 2016-07-17 19:35 - 00144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-06-21 16:31 - 2014-09-17 22:35 - 00000000 ____D C:\Windows\system32\Macromed
2017-06-21 16:30 - 2014-09-17 22:35 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-06-20 23:32 - 2015-06-09 12:29 - 00000871 _____ C:\Users\Public\Desktop\VLC Media Player.lnk
2017-06-20 20:33 - 2014-09-17 22:10 - 00000000 ____D C:\Users\Dwayne
2017-06-19 09:25 - 2014-10-23 21:40 - 00000000 ____D C:\Users\Dwayne\dwhelper
2017-06-18 21:19 - 2017-05-15 12:48 - 00000000 ____D C:\Users\Dwayne\Documents\Torrents Completed
2017-06-18 15:41 - 2014-09-19 19:16 - 00000000 ____D C:\Program Files\PeerBlock
2017-06-17 21:00 - 2016-12-09 21:06 - 00000000 ____D C:\Users\Dwayne\AppData\Roaming\SmartSteamEmu
2017-06-15 09:34 - 2015-04-04 14:46 - 00000000 _____ C:\Windows\SysWOW64\RzSurroundVADAudioDeviceManager_log.txt
2017-06-14 20:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2017-06-14 19:21 - 2009-07-14 06:45 - 03146624 _____ C:\Windows\system32\FNTCACHE.DAT
2017-06-14 19:18 - 2016-11-17 09:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-06-14 19:18 - 2014-09-19 16:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-06-14 19:18 - 2014-09-17 22:20 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-06-14 19:18 - 2014-09-17 22:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-06-14 19:16 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2017-06-14 19:16 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\migwiz
2017-06-14 19:07 - 2014-09-17 22:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-06-14 19:06 - 2014-09-17 20:38 - 00000000 ____D C:\Windows\system32\MRT
2017-06-14 19:02 - 2014-09-17 20:38 - 133627792 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-06-10 15:02 - 2016-08-21 06:08 - 00000000 _____ C:\Windows\SysWOW64\last.dump
2017-06-10 03:13 - 2014-09-19 22:39 - 00000000 ____D C:\Users\Dwayne\AppData\Local\CrashDumps
2017-06-09 13:11 - 2016-05-18 22:09 - 00000840 _____ C:\Users\Public\Desktop\Speccy.lnk
2017-06-09 13:11 - 2014-11-21 06:11 - 00001966 _____ C:\Users\Public\Desktop\Avast.lnk
2017-06-09 13:11 - 2014-09-19 19:29 - 00000866 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-06-09 13:01 - 2016-11-05 12:49 - 11584088 _____ (SurfRight B.V.) C:\Users\Dwayne\Desktop\HitmanPro.exe
2017-06-09 12:34 - 2014-09-19 21:42 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-06-05 22:54 - 2014-09-18 07:25 - 00000000 ____D C:\Users\Dwayne\AppData\Local\ElevatedDiagnostics
2017-06-05 14:59 - 2014-09-17 22:14 - 00302464 _____ C:\Users\Dwayne\AppData\Local\GDIPFONTCACHEV1.DAT
2017-06-04 23:36 - 2014-09-19 18:51 - 00000000 ____D C:\Users\Dwayne\AppData\Roaming\Skype
2017-06-04 22:46 - 2016-01-23 15:24 - 00000000 ____D C:\Users\Dwayne\AppData\Roaming\HandBrake
2017-06-04 22:16 - 2014-11-26 13:36 - 00000000 ____D C:\Users\Dwayne\AppData\Roaming\dvdcss
2017-06-04 22:15 - 2015-04-11 13:22 - 00000000 ____D C:\ProgramData\DVD Shrink
2017-05-27 15:52 - 2014-09-19 17:58 - 00000000 ___RD C:\Users\Dwayne\Desktop\Photos

==================== Files in the root of some directories =======

2015-04-11 14:40 - 2016-06-09 22:41 - 0000594 _____ () C:\Users\Dwayne\AppData\Roaming\AutoGK.ini
2017-01-13 00:09 - 2017-01-13 00:09 - 0000023 _____ () C:\Users\Dwayne\AppData\Roaming\splitterdirectorys.txt
2016-02-17 07:38 - 2016-02-17 07:38 - 0003584 _____ () C:\Users\Dwayne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-06-21 13:44 - 2017-06-21 13:44 - 0004623 _____ () C:\Users\Dwayne\AppData\Local\recently-used.xbel
2016-01-17 21:01 - 2016-01-17 21:01 - 0007605 _____ () C:\Users\Dwayne\AppData\Local\Resmon.ResmonCfg
2014-09-19 18:40 - 2014-09-19 18:40 - 0000008 __RSH () C:\ProgramData\28677E92A4.sys
2014-09-19 18:40 - 2016-08-01 12:09 - 0002516 ___SH () C:\ProgramData\KGyGaAvL.sys

Files to move or delete:
====================
C:\Users\Dwayne\NetworkRegKeyBackup.reg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-06-13 16:10

==================== End of FRST.txt ============================

ABL89 · Jun 23, 2017

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-06-2017 01
Ran by Dwayne (24-06-2017 00:57:58)
Running from C:\Users\Dwayne\Desktop
Windows 7 Professional Service Pack 1 (X64) (2014-09-17 20:14:04)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1901267739-2306482670-2628607035-500 - Administrator - Disabled)
Dwayne (S-1-5-21-1901267739-2306482670-2628607035-1001 - Administrator - Enabled) => C:\Users\Dwayne
Guest (S-1-5-21-1901267739-2306482670-2628607035-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1901267739-2306482670-2628607035-1010 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1901267739-2306482670-2628607035-1001\...\uTorrent) (Version: 3.5.0.43804 - BitTorrent Inc.)
3DMark (HKLM-x32\...\{4198fd8f-98bd-4240-9b3a-ab2643e532f6}) (Version: 1.3.708.0 - Futuremark)
3DMark (Version: 1.3.708.0 - Futuremark) Hidden
4K Video Downloader 4.1 (HKLM-x32\...\4K Video Downloader_is1) (Version: 4.1.2.2075 - Open Media LLC)
7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (HKLM-x32\...\Adobe_2ac78060bc5856b0c1cf873bb919b58) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.3 64-bit (HKLM\...\{2DD71ACB-552D-402C-9529-7906ACB95C30}) (Version: 5.3.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
AnyDVD (HKLM-x32\...\AnyDVD) (Version: - SlySoft)
APP Center (HKLM-x32\...\InstallShield_{F3D47276-0E35-42CF-A677-B45118470E21}) (Version: 1.15.0417 - Gigabyte)
APP Center (x32 Version: 1.15.0417 - Gigabyte) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.4.2294 - AVAST Software)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - )
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bulk Rename Utility 2.7.1.3 (HKLM\...\Bulk Rename Utility_is1) (Version: - TGRMN Software)
Call of Duty(R) - World at War(TM) 1.1 Patch (x32 Version: - ) Hidden
Call of Duty(R) - World at War(TM) 1.2 Patch (x32 Version: - ) Hidden
Call of Duty(R) - World at War(TM) 1.3 Patch (x32 Version: - ) Hidden
Call of Duty(R) - World at War(TM) 1.4 Patch (x32 Version: - ) Hidden
Call of Duty(R) - World at War(TM) 1.5 Patch (x32 Version: - ) Hidden
Call of Duty(R) - World at War(TM) 1.6 Patch (x32 Version: - ) Hidden
Call of Duty(R) - World at War(TM) 1.7 Patch (x32 Version: - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch (x32 Version: - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch (x32 Version: - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch (x32 Version: - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch (x32 Version: - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version: - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version: - ) Hidden
Catalyst Control Center Next Localization BR (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.29 - Piriform)
CGS17_Setup_x64 (Version: 17.0 - Corel Corporation) Hidden
Color Efex Pro 3.0 Complete (HKLM-x32\...\Color Efex Pro 3.0 Complete) (Version: 3.0 - Nik Software, Inc.)
Corel Graphics - Windows Shell Extension (HKLM\...\_{4AB916EE-ABA8-4079-9889-745798B6D809}) (Version: 17.0.0.491 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 17.0.491 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit (Version: 17.0.491 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Capture (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Common (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Connect (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Custom Data (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Draw (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - EN (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Filters (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - FontNav (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM Content (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM T (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - PHOTO-PAINT (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Photozoom Plugin (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Redist (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Setup Files (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VBA (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VideoBrowser (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Writing Tools (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 (64-Bit) (HKLM\...\_{5CB73140-806C-42C6-A05A-1AFD0E92DEB5}) (Version: 17.0.0.491 - Corel Corporation)
CPUID HWMonitor 1.28 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
CrystalDiskInfo 6.7.0 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.7.0 - Crystal Dew World)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
EasyTune (HKLM-x32\...\InstallShield_{7F635314-EE21-4E4B-A68D-69AE70BA0E9B}) (Version: 1.00.0002 - GIGABYTE)
EasyTune (x32 Version: 1.00.0002 - GIGABYTE) Hidden
Fast Boot (HKLM-x32\...\InstallShield_{FA8FB4F2-F524-48E1-A06C-45602FBF26CD}) (Version: 1.00.0000 - GIGABYTE)
Fast Boot (x32 Version: 1.00.0000 - GIGABYTE) Hidden
FlacSquisher 1.3.7 (HKLM-x32\...\FlacSquisher) (Version: 1.3.7 - FlacSquisher)
foobar2000 v1.3.10 (HKLM-x32\...\foobar2000) (Version: 1.3.10 - Peter Pawlowski)
FormatFactory 3.8.0.0 (HKLM-x32\...\FormatFactory) (Version: 3.8.0.0 - Free Time)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.3.0.14878 - Foxit Software Inc.)
Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
GSmartControl (HKLM-x32\...\GSmartControl) (Version: 0.8.7 - Alexander Shaduri)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
Icecream PDF Split and Merge version 2.16 (HKLM-x32\...\{95DC4DB4-99FB-4FB2-ADBD-97F194EDEB4D}_is1) (Version: 2.16 - Icecream Apps)
Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel(R) Chipset Device Software (x32 Version: 10.0.20 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3907 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.34 - Intel Corporation)
IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.42 - Irfan Skiljan)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
LanOptimizer (HKLM-x32\...\{B416A23D-C2BD-4956-8BAE-5C3BAFF1AC1E}) (Version: 1.00.0000 - Realtek)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MKVToolNix 7.3.0 (64bit) (HKLM-x32\...\MKVToolNix) (Version: 7.3.0 - Moritz Bunkus)
Mozilla Firefox 54.0 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 54.0 (x86 en-GB)) (Version: 54.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.0.6368 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NVIDIA PhysX v8.10.29 (HKLM-x32\...\{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}) (Version: 8.10.29 - NVIDIA Corporation)
OC Button (HKLM-x32\...\InstallShield_{E27E691E-6D86-4BC3-A5AC-E14CFD43CFAD}) (Version: 1.00.0000 - GIGABYTE)
OC Button (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2) (Version: - )
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
Raptr (HKLM-x32\...\Raptr) (Version: - )
Razer Surround (HKLM-x32\...\Razer Surround) (Version: 1.05.26 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.17.413 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.82.317.2014 - Realtek)
Realtek Ethernet Diagnostic Utility (HKLM-x32\...\{DADC7AB0-E554-4705-9F6A-83EA82ED708E}) (Version: 2.0.2.7 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.)
RogueKiller version 12.7.5.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.7.5.0 - Adlice Software)
SafeZone Stable 1.48.2066.101 (x32 Version: 1.48.2066.101 - Avast Software) Hidden
SeaTools for Windows 1.4.0.2 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.2 - Seagate Technology)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SIV (HKLM-x32\...\InstallShield_{AAA057C3-10DC-4EB9-A3D6-8208C1BB7411}) (Version: 1.00.0000 - GIGABYTE)
SIV (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Skype™ 7.36 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.36.101 - Skype Technologies S.A.)
SlimDX Runtime .NET 2.0 (January 2012) (HKLM-x32\...\{014A2868-BE56-4888-A16C-693989B8F153}) (Version: 2.0.13.43 - SlimDX Group)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
System Requirements Lab (HKLM-x32\...\{F89CDED6-B1F1-489F-BA44-698BF6A737C2}) (Version: 6.1.6.0 - Husdawg, LLC)
TagScanner 6.0.14 (HKLM-x32\...\TagScanner_is1) (Version: - Sergey Serkov)
The Sims 3 Complete Collection version 1.67.2 (HKLM-x32\...\The Sims 3 Complete Collection_is1) (Version: 1.67.2 - Mr DJ)
UltraISO Premium V9.61 (HKLM-x32\...\UltraISO_is1) (Version: - )
Vegas Pro 13.0 (64-bit) (HKLM\...\{1EEE0BEE-0BC8-11E5-A19E-F04DA23A5C58}) (Version: 13.0.453 - Sony)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
VobSub v2.23 (Remove Only) (HKLM-x32\...\VobSub) (Version: - )
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0-2) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.26.0 (Version: 1.0.26.0 - LunarG, Inc.) Hidden
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
XviD MPEG4 Video Codec (remove only) (HKLM-x32\...\XviD MPEG4 Video Codec) (Version: - )
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1901267739-2306482670-2628607035-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {012540A1-0314-4D80-AC5F-4D406688E0B6} - System32\Tasks\Trojan Killer => C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe
Task: {0D408828-6A22-44A5-B279-04776678D285} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {186C61BF-FC6A-49DE-AC85-53DACA7B2481} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {2D3D3389-6675-432C-9CCF-DCC5304C1B26} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {7005A292-E600-420B-9DB2-6219F6346BAE} - System32\Tasks\RtlLanOptimizerVistaStart => C:\Program Files (x86)\Realtek\LanOptimizer\LanOptimizer.exe [2014-04-08] (Realtek Semiconductor)
Task: {973B4E51-7C65-4AA5-9113-011B46059997} - System32\Tasks\{9837E340-EA0E-48CF-8CF6-AA8CA55DCBEE} => pcalua.exe -a "C:\Users\Dwayne\Desktop\Games\World of Goo\World of Goo.exe" -d "C:\Users\Dwayne\Desktop\Games\World of Goo"
Task: {BC541BC1-60FA-44B7-BF87-330A4D11D1FE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-04-11] (Piriform Ltd)
Task: {C3326CB3-A22A-4FE3-AC64-F471080C23DE} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-05-09] (AVAST Software)
Task: {C624E208-7B61-4D03-9474-4F129AEED187} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {CF467402-D184-4748-9651-7FE7C3A4A378} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {D0A8841D-D89A-486C-8804-0658038D3B04} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {D0DBEC76-C9AE-4ACB-A092-16ED12CCB17D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {D2DA5054-ABA1-44A3-85DA-7F3968AEECFF} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-14] (AVAST Software)
Task: {E2B1CA81-BD0F-4CE3-AE05-F27D9AE6C699} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2016-12-23] (Advanced Micro Devices, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\RtlLanOptimizerVistaStart.job => C:\Program Files (x86)\Realtek\LanOptimizer\LanOptimizer.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-04-14 15:27 - 2015-04-14 15:27 - 00016896 _____ () C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe
2014-05-21 17:45 - 2014-05-21 17:45 - 00018240 _____ () C:\Program Files (x86)\GIGABYTE\OCBtn\GUP7Serv.exe
2016-09-25 00:20 - 2016-09-25 00:21 - 00189264 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2017-06-21 22:50 - 2017-05-25 14:11 - 02270664 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-05-09 19:49 - 2017-05-09 19:49 - 00162024 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
2017-05-09 19:49 - 2017-05-09 19:49 - 00825960 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
2017-05-09 19:49 - 2017-05-09 19:49 - 00275776 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-09-13 01:51 - 2016-09-13 01:51 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-09-13 01:51 - 2016-09-13 01:51 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-13 01:51 - 2016-09-13 01:51 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2016-09-13 01:51 - 2016-09-13 01:51 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-09-13 01:50 - 2016-09-13 01:50 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-09-13 01:50 - 2016-09-13 01:50 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-09-13 01:51 - 2016-09-13 01:51 - 00191488 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2017-05-09 19:49 - 2017-05-09 19:49 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-05-09 19:49 - 2017-05-09 19:49 - 00176992 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-05-09 19:49 - 2017-05-09 19:49 - 00223224 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-06-23 18:15 - 2017-06-23 18:15 - 05678592 _____ () C:\Program Files\AVAST Software\Avast\defs\17062302\algo.dll
2017-05-09 19:49 - 2017-05-09 19:49 - 00684656 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-06-23 21:09 - 2017-06-23 21:09 - 05780320 _____ () C:\Program Files\AVAST Software\Avast\defs\17062304\algo.dll
2017-05-09 19:50 - 2017-05-09 19:50 - 00997896 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-05-09 19:50 - 2017-05-09 19:50 - 67717632 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-05-09 19:49 - 2017-05-09 19:49 - 00291824 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2014-06-17 20:24 - 2014-06-17 20:24 - 00311296 _____ () C:\Program Files (x86)\Gigabyte\SIV\MFCCPU.dll
2012-11-28 22:03 - 2012-11-28 22:03 - 00102400 _____ () C:\Program Files (x86)\Gigabyte\SIV\ycc.dll
2017-01-16 13:40 - 2017-01-16 13:40 - 00143824 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2073-12-03 00:47 - 2013-09-16 12:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

ABL89 · Jun 23, 2017

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1901267739-2306482670-2628607035-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Dwayne\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{A93D54BB-ADD6-4302-825C-BF749EFB03A6}] => (Block) %ProgramFiles%\Adobe\Adobe Photoshop Lightroom 5.3\lightroom.exe
FirewallRules: [{8269A5EC-3E7A-42EF-9D7F-E6608400F706}] => (Block) %ProgramFiles%\Adobe\Adobe Photoshop Lightroom 5.3\lightroom.exe
FirewallRules: [{1E790989-B376-4012-A649-5DE2AF4974CD}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{111A0E77-4174-41D1-B398-786DE4DABC33}] => (Allow) C:\Users\Dwayne\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5AEB847A-4D37-4DB9-A6CF-734099A8507F}] => (Allow) C:\Users\Dwayne\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{415711E7-9D1B-42D8-BBCC-985629CBE425}] => (Allow) C:\ProgramData\EmailNotifier\EmailNotifier.exe
FirewallRules: [{28C269A7-8B45-4F4C-8EED-6F70639AC6AF}] => (Allow) C:\ProgramData\EmailNotifier\EmailNotifier.exe
FirewallRules: [{37A8EE81-2A27-4194-ADF3-CAECA869C2FD}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{D0DDF818-8A92-4977-B1A1-A9546932511B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{B897ADF6-B598-4122-9F4A-E5F9766AFB2C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{3C197840-D1C6-41B0-801B-416644DAEEEF}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{E24A2E8E-D3E6-44F6-9D45-1D09A62B13E0}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{EBC50C73-6AA2-4031-AC3D-F397576DBA81}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
FirewallRules: [{8CF14378-37BF-4C40-9D38-DF3586C6CE72}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
FirewallRules: [{AD4031D2-B741-4D9A-B040-28D84BFCA578}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{D56B77C2-37F8-4CAB-9697-F9B7107EECAA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{798726FF-18B4-434C-A687-9BBA2CE782AF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{C0BAFC1B-E3A9-4959-BC83-2451587097D8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{A80CE272-F4E8-46E8-AEDF-78D4F12737C1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{94B33EF9-F24A-4891-BF44-FBDF21D9797E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{11F9C10B-BE7E-440A-871C-0C98578F3359}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{9D39BDC7-5F7A-4042-9852-9E8F1C5DA061}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{F4BDF236-984F-405B-9E05-DF61A090FFC7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{9B50F8D8-10F5-4C5A-9371-C1C7D9CB1811}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{5044FC10-56BB-4B8C-9394-217E0530794B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1A5B16F9-604E-4C4A-BC0C-672889173EF7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8B2CDA71-B218-400A-8588-239B7AE7E28F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{760F3A16-0FBE-465D-A3C9-00AA7DF31D23}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{FA445A0F-17E1-4C88-A18D-C1EAE5988C58}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{EAFC4F16-8C4C-493D-B11F-91DE3A09F16E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{294CDEE3-B5C5-44BD-9B8A-85D071D44F0C}C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{409B7441-1090-4E99-8142-CA848F212ECD}C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe
FirewallRules: [{DD74587E-8545-4F08-9712-09091487885C}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{9E013160-7BA7-4BAA-A5F2-E17C5784A1DE}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{822C371E-2113-43B8-B8F9-41EAB14179E7}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{EBEC6306-1186-4F37-8D84-F4DC51ADDA76}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{8C3DEC25-6525-42EC-8085-F3E103114B09}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{00AEDE38-E35C-438A-B7E3-F5550545BC55}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [TCP Query User{DAE2758E-26DB-41DE-BA28-97C857DFD4B4}C:\program files (x86)\heroes of the storm\versions\base38793\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base38793\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{29675219-359E-4553-9DC2-59B6462AD351}C:\program files (x86)\heroes of the storm\versions\base38793\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base38793\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{455CCE25-FA81-49F7-A722-7DE82E5F1BD9}C:\program files (x86)\heroes of the storm\versions\base39271\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base39271\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{A78C9816-4982-40D9-8CB2-1B4586B80B09}C:\program files (x86)\heroes of the storm\versions\base39271\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base39271\heroesofthestorm_x64.exe
FirewallRules: [{6CDBB02B-666F-4609-BA3F-A7519091786A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{91A969BE-8275-41A4-8F49-DB9B648B819B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{058570A8-661C-4612-BD3F-551E66CBCA35}C:\program files (x86)\freetime\formatfactory\formatfactory.exe] => (Block) C:\program files (x86)\freetime\formatfactory\formatfactory.exe
FirewallRules: [UDP Query User{0D4C21D6-D117-4AC0-A369-D3711383CBF4}C:\program files (x86)\freetime\formatfactory\formatfactory.exe] => (Block) C:\program files (x86)\freetime\formatfactory\formatfactory.exe
FirewallRules: [{84A803FE-9C4B-4610-8981-FF011915C2A8}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{CC171711-D859-4A88-8DAD-E3ECAB6AF783}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{F24AEBF4-D561-4501-9CB0-1AB4B73503C3}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{60F0C249-1092-4E53-B989-CB40D52DF3AA}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{FB3F3808-3974-48D8-8218-2F7EA6A2B107}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{D4D5BB22-C6B0-4773-A2F6-41E99712672D}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{B0F550C8-7EC1-4C4D-B7E3-BCE347FCE5FE}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{544CDB70-D64B-4862-865F-F8C59D9282F0}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{3884AD75-ACF7-44AE-AAC6-317A0E49ABF8}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{93BA78F4-7DC7-4511-9125-D8608EE15D6D}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{D9CA6682-3DA8-4074-9771-92902017C486}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{452F5FD8-5C94-4C00-B479-E93A2063C919}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{E64352D1-CADB-4108-91F6-FE7F10B3E43D}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{6B6DF90F-BE75-499C-AD92-C0862615F15E}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{CCEA7161-6776-42FE-B354-D4C25E0AD27E}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{953F1057-F974-4CC7-B575-D13665D3FE36}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{61429573-D45E-4D02-A13F-91CC4859AB9C}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{CD464FBE-F357-4E64-A82A-C5F4EE28D953}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{BBC83082-9783-4E2C-9E70-D27E6BCF870C}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{23C66819-2F8F-4EE3-B72E-2A121A1BC1A0}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{0EC48BB8-CECF-455F-B038-64A7B3EA21D4}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{6C61B7C7-FDBF-4532-BAF6-53B2E61BB52C}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{4066A2D2-5ABD-4F00-9ED0-E0F1B1783274}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{7A176BF1-2339-4526-893C-4F242D63BC9A}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{11C57C8A-41AE-4823-A8D5-BEFAB9957897}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{31EAF541-BA41-43A9-9A7E-81DB30EF7BC3}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [TCP Query User{030B527C-1D8F-476E-ABDD-A6CA8BA7AE1D}C:\users\dwayne\appdata\roaming\utorrent\updates\3.4.7_42330.exe] => (Allow) C:\users\dwayne\appdata\roaming\utorrent\updates\3.4.7_42330.exe
FirewallRules: [UDP Query User{9D98A521-E177-482D-AE02-F124128EA9F3}C:\users\dwayne\appdata\roaming\utorrent\updates\3.4.7_42330.exe] => (Allow) C:\users\dwayne\appdata\roaming\utorrent\updates\3.4.7_42330.exe
FirewallRules: [{B8B3EFA4-1738-4D69-A141-25416F8F9C7E}] => (Allow) C:\Program Files (x86)\Stellaris\stellaris.exe
FirewallRules: [{BA5DBD3A-FC05-4F68-BA73-6C307600FB63}] => (Allow) C:\Program Files (x86)\Stellaris\stellaris.exe
FirewallRules: [{64AB3760-3367-4912-B008-2405830E999A}] => (Block) %ProgramFiles% (x86)\TagScanner\Tagscan.exe
FirewallRules: [{4444D86B-7C21-40FE-ACBA-FD0A8747DFAD}] => (Block) %ProgramFiles% (x86)\TagScanner\Tagscan.exe
FirewallRules: [{F34AEEF7-54FE-47C6-9A17-934035CD861B}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelDrw.exe
FirewallRules: [{F3B53573-C433-4042-8AA3-AC7155598052}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelPP.exe
FirewallRules: [{C55FA70A-FB5E-4EA0-9F73-514CB6562E23}] => (Block) %ProgramFiles%\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelDRW.exe
FirewallRules: [{1BCD620A-5DDF-4E02-89F7-83F6745C9EC9}] => (Block) %ProgramFiles%\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelPP.exe
FirewallRules: [{17D0307C-B13A-44F3-BFEF-2025275C520F}] => (Allow) C:\Users\Dwayne\AppData\Local\Temp\EPSON L355 Series_Export\Network\EpsonNetSetup\Data\ENEasyApp.exe
FirewallRules: [{81CBF21D-A3AC-466A-B749-E212F538A8C2}] => (Allow) C:\Users\Dwayne\AppData\Local\Temp\EPSON L355 Series_Export\Network\EpsonNetSetup\Data\ENEasyApp.exe
FirewallRules: [{5F42BB47-A4C8-43A2-8E50-46C96DC246B0}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe
FirewallRules: [{5BD831BC-3E9F-404F-9AD3-F67C6D5DD552}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\bmdpaneld.exe
FirewallRules: [{ED21FA07-C0D4-47DD-93F7-D9565544DF1D}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\JLCooperPanelDaemon.exe
FirewallRules: [{18B25A5C-1B15-4F43-BA4D-C625D659A695}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\EuphonixPanelDaemon.exe
FirewallRules: [{ABA78EA3-6BCC-40CD-A604-1E8C8463E745}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\TangentPanelDaemon.exe
FirewallRules: [{0EEB2C95-DF22-491C-B2C1-A87170ADD457}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe
FirewallRules: [{21D7A3ED-E84C-4A78-BEE8-7CB566B6B0BB}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DPDecoder.exe
FirewallRules: [{564C37A0-53C1-4D61-B60B-C4B0BAAD6051}] => (Allow) C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\QtDecoder\QTDecoder.exe
FirewallRules: [{1ACB0FDA-CDED-4180-966C-1C7E240D96A0}] => (Block) %ProgramFiles%\Sony\Vegas Pro 13.0\vegas130.exe
FirewallRules: [{83E504DB-0E3F-4D7C-9830-8439B706ABE2}] => (Block) %ProgramFiles%\Sony\Vegas Pro 13.0\vegas130.exe
FirewallRules: [TCP Query User{7C28DA8E-8ED2-4E23-A599-E05A85B1B174}C:\program files (x86)\battle.net\battle.net.8394\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8394\battle.net.exe
FirewallRules: [UDP Query User{377D5039-2054-4EA8-9839-C7B6B3D630BA}C:\program files (x86)\battle.net\battle.net.8394\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8394\battle.net.exe
FirewallRules: [TCP Query User{10C751B8-D045-4711-A1D0-A5927796FEA6}C:\program files (x86)\heroes of the storm\versions\base50441\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base50441\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{056B31CE-0534-4311-91FB-27576AA5155C}C:\program files (x86)\heroes of the storm\versions\base50441\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base50441\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{BF78DB98-88E0-4C86-B82D-98464EBAE444}C:\program files (x86)\heroes of the storm\versions\base50950\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base50950\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{6E4A6A3D-579E-4171-B282-F60DD1791DAF}C:\program files (x86)\heroes of the storm\versions\base50950\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base50950\heroesofthestorm_x64.exe

==================== Restore Points =========================

29-05-2017 23:55:28 Removed Medieval CUE Splitter
06-06-2017 18:39:51 Scheduled Checkpoint
09-06-2017 13:09:28 Checkpoint by HitmanPro
14-06-2017 18:57:59 Windows Update
21-06-2017 19:00:48 Scheduled Checkpoint
22-06-2017 01:22:46 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (06/23/2017 04:43:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program CorelDRW.exe version 17.0.0.491 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: ac0

Start Time: 01d2ec1a34e2d4cc

Termination Time: 397

Application Path: C:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelDRW.exe

Report Id: 44cd22c3-5822-11e7-a120-74d435eda2c4

Error: (06/22/2017 08:31:07 PM) (Source: MouseKeyboardCenter) (EventID: 0) (User: )
Description: Unknown Node:#text -->

Error: (06/22/2017 07:58:39 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/22/2017 07:58:39 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/22/2017 07:58:39 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/22/2017 07:58:39 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)

Error: (06/22/2017 07:58:35 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/22/2017 07:58:35 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:
The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)

Error: (06/22/2017 07:58:35 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/22/2017 07:58:35 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

System errors:
=============
Error: (06/22/2017 07:58:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (06/22/2017 07:58:39 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (06/22/2017 02:06:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (06/22/2017 02:06:25 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Dwayne\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (06/22/2017 02:06:24 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (06/22/2017 02:06:24 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Dwayne\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (06/22/2017 02:06:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (06/22/2017 02:06:23 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Dwayne\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (06/22/2017 02:06:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
This driver has been blocked from loading

Error: (06/22/2017 02:06:23 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Dwayne\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 30%
Total physical RAM: 8088.9 MB
Available physical RAM: 5621.98 MB
Total Virtual: 16279.08 MB
Available Virtual: 13725.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:367.41 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 8C7E1912)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Broni · Jun 23, 2017

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all the running programs
Double click on downloaded setup.exe file to install the program.
Click on Start Scan button.
Click on another Start Scan button.
Wait until the Status box shows Scan Finished
Click on Delete.
Wait until the Status box shows Deleting Finished.
Click on Report and copy/paste the content of the Notepad into your next reply.
RKreport.txt could also be found on your desktop.
If more than one log is produced post all logs.

Please download Malwarebytes to your desktop.

Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
Then click Finish.
Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
Restart your computer when prompted to do so.
The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator
The tool will start to update the database if one is required.
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Logfile button.
A window will open which lists the logs of your scans.
Click on the Scan tab.
Double-click the most recent scan which will be at the top of the list....the log will appear.
Review the results...see note below
After reviewing the log, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

ABL89 · Jun 24, 2017

RogueKiller V12.11.3.0 (x64) [Jun 19 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode
User : Dwayne [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 06/24/2017 09:45:16 (Duration : 00:25:03)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 13 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\etocdrv (\??\C:\Windows\etocdrv.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GPUZ (\??\C:\Windows\TEMP\GPUZ.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\etocdrv (\??\C:\Windows\etocdrv.sys) -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\GPUZ (\??\C:\Windows\TEMP\GPUZ.sys) -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.2 ([X]) -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{9BED6570-F66E-4EDA-A1AC-AF89C2BB5632} | DhcpNameServer : 10.0.0.2 ([X]) -> Not selected
[Suspicious.Path|PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {415711E7-9D1B-42D8-BBCC-985629CBE425} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\ProgramData\EmailNotifier\EmailNotifier.exe|Name=Email Notifier| [x] -> Not selected
[Suspicious.Path|PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {28C269A7-8B45-4F4C-8EED-6F70639AC6AF} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\ProgramData\EmailNotifier\EmailNotifier.exe|Name=Email Notifier| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {17D0307C-B13A-44F3-BFEF-2025275C520F} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Users\Dwayne\AppData\Local\Temp\EPSON L355 Series_Export\Network\EpsonNetSetup\Data\ENEasyApp.exe|Name=EpsonNet Setup| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {81CBF21D-A3AC-466A-B749-E212F538A8C2} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Users\Dwayne\AppData\Local\Temp\EPSON L355 Series_Export\Network\EpsonNetSetup\Data\ENEasyApp.exe|Name=EpsonNet Setup| [x] -> Not selected
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {564C37A0-53C1-4D61-B60B-C4B0BAAD6051} : v2.10|Action=Allow|Active=TRUE|Dir=In|Profile=Private|App=C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\QtDecoder\QTDecoder.exe|Name=DaVinciResolveQtdecoder| [x] -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1901267739-2306482670-2628607035-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1901267739-2306482670-2628607035-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 11 ¤¤¤
[Tr.Gen0][File] C:\Users\Dwayne\AppData\Roaming\uTorrent\updates\3.4.6_42094\utorrentie.exe -> Deleted
[Tr.Gen0][File] C:\Users\Dwayne\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe -> Deleted
[Tr.Gen0][File] C:\Users\Dwayne\AppData\Roaming\uTorrent\updates\3.4.8_42449\utorrentie.exe -> Deleted
[Tr.Gen0][File] C:\Users\Dwayne\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe -> Deleted
[Tr.Gen0][File] C:\Users\Dwayne\AppData\Roaming\uTorrent\updates\3.4.9_42923\utorrentie.exe -> Deleted
[Tr.Gen0][File] C:\Users\Dwayne\AppData\Roaming\uTorrent\updates\3.4.9_42973\utorrentie.exe -> Deleted
[Tr.Gen0][File] C:\Users\Dwayne\AppData\Roaming\uTorrent\updates\3.4.9_43085\utorrentie.exe -> Deleted
[Tr.Gen0][File] C:\Users\Dwayne\AppData\Roaming\uTorrent\updates\3.4.9_43295\utorrentie.exe -> Deleted
[Tr.Gen0][File] C:\Users\Dwayne\AppData\Roaming\uTorrent\updates\3.4.9_43388\utorrentie.exe -> Deleted
[Tr.Gen0][File] C:\Users\Dwayne\AppData\Roaming\uTorrent\updates\3.5.0_43580\utorrentie.exe -> Deleted
[Tr.Gen0][File] C:\Users\Dwayne\AppData\Roaming\uTorrent\updates\3.5.0_43804\utorrentie.exe -> Deleted

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000035f]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST1000DM 003-1ER162 SCSI Disk Device +++++
--- User ---
[MBR] 11b84b527637c438c28445b05a483746
[BSP] 39bd87902daf761f64af3d5f1e043ad3 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 953767 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

ABL89 · Jun 24, 2017

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 6/24/17
Scan Time: 11:42 AM
Log File: mbam log.txt
Administrator: Yes

-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.141
Update Package Version: 1.0.2221
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Graphics_PC\Dwayne

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 371145
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 7 min, 38 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

(end)

ABL89 · Jun 24, 2017

# AdwCleaner v6.047 - Logfile created 24/06/2017 at 13:58:18
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-06-23.1 [Local]
# Operating System : Windows 7 Professional Service Pack 1 (X64)
# Username : Dwayne - GRAPHICS_PC
# Running from : C:\Users\Dwayne\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1971 Bytes] - [27/04/2017 12:56:47]
C:\AdwCleaner\AdwCleaner[C2].txt - [842 Bytes] - [24/06/2017 13:58:18]
C:\AdwCleaner\AdwCleaner[S0].txt - [1832 Bytes] - [27/04/2017 03:17:57]
C:\AdwCleaner\AdwCleaner[S10].txt - [1972 Bytes] - [01/05/2017 12:33:13]
C:\AdwCleaner\AdwCleaner[S11].txt - [2046 Bytes] - [01/05/2017 15:43:02]
C:\AdwCleaner\AdwCleaner[S12].txt - [2120 Bytes] - [06/05/2017 19:17:19]
C:\AdwCleaner\AdwCleaner[S13].txt - [2195 Bytes] - [10/05/2017 07:21:20]
C:\AdwCleaner\AdwCleaner[S14].txt - [2269 Bytes] - [16/05/2017 20:06:55]
C:\AdwCleaner\AdwCleaner[S15].txt - [2343 Bytes] - [19/05/2017 00:34:35]
C:\AdwCleaner\AdwCleaner[S16].txt - [2417 Bytes] - [22/05/2017 11:09:39]
C:\AdwCleaner\AdwCleaner[S17].txt - [2490 Bytes] - [22/05/2017 12:07:06]
C:\AdwCleaner\AdwCleaner[S18].txt - [2565 Bytes] - [25/05/2017 00:13:49]
C:\AdwCleaner\AdwCleaner[S19].txt - [2638 Bytes] - [25/05/2017 19:44:58]
C:\AdwCleaner\AdwCleaner[S1].txt - [1912 Bytes] - [27/04/2017 12:55:14]
C:\AdwCleaner\AdwCleaner[S20].txt - [2713 Bytes] - [27/05/2017 11:29:16]
C:\AdwCleaner\AdwCleaner[S21].txt - [2787 Bytes] - [02/06/2017 18:24:30]
C:\AdwCleaner\AdwCleaner[S22].txt - [2860 Bytes] - [09/06/2017 11:52:54]
C:\AdwCleaner\AdwCleaner[S23].txt - [2934 Bytes] - [17/06/2017 11:59:08]
C:\AdwCleaner\AdwCleaner[S24].txt - [3008 Bytes] - [17/06/2017 12:19:36]
C:\AdwCleaner\AdwCleaner[S25].txt - [3082 Bytes] - [17/06/2017 18:52:04]
C:\AdwCleaner\AdwCleaner[S26].txt - [3156 Bytes] - [17/06/2017 23:57:35]
C:\AdwCleaner\AdwCleaner[S27].txt - [3231 Bytes] - [21/06/2017 01:49:53]
C:\AdwCleaner\AdwCleaner[S28].txt - [3305 Bytes] - [21/06/2017 22:53:50]
C:\AdwCleaner\AdwCleaner[S29].txt - [3378 Bytes] - [22/06/2017 11:38:32]
C:\AdwCleaner\AdwCleaner[S2].txt - [1984 Bytes] - [27/04/2017 12:56:17]
C:\AdwCleaner\AdwCleaner[S30].txt - [3447 Bytes] - [23/06/2017 01:28:14]
C:\AdwCleaner\AdwCleaner[S31].txt - [3521 Bytes] - [24/06/2017 13:47:30]
C:\AdwCleaner\AdwCleaner[S32].txt - [3594 Bytes] - [24/06/2017 13:56:50]
C:\AdwCleaner\AdwCleaner[S3].txt - [1459 Bytes] - [27/04/2017 13:03:44]
C:\AdwCleaner\AdwCleaner[S4].txt - [1532 Bytes] - [27/04/2017 22:51:35]
C:\AdwCleaner\AdwCleaner[S5].txt - [1605 Bytes] - [28/04/2017 02:50:15]
C:\AdwCleaner\AdwCleaner[S6].txt - [1678 Bytes] - [28/04/2017 03:36:28]
C:\AdwCleaner\AdwCleaner[S7].txt - [1752 Bytes] - [01/05/2017 06:03:10]
C:\AdwCleaner\AdwCleaner[S8].txt - [1824 Bytes] - [01/05/2017 07:56:54]
C:\AdwCleaner\AdwCleaner[S9].txt - [1897 Bytes] - [01/05/2017 08:39:45]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [3346 Bytes] ##########

ABL89 · Jun 24, 2017

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 7 Professional x64
Ran by Dwayne (Administrator) on 2017/06/24 at 14:06:52.55
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 8

Successfully deleted: C:\Users\Dwayne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1862QE9C (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Dwayne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M2GWS1F9 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Dwayne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UBXW0GFP (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Dwayne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UDVDQNOQ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1862QE9C (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M2GWS1F9 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UBXW0GFP (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UDVDQNOQ (Temporary Internet Files Folder)

Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2017/06/24 at 14:08:37.18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Broni · Jun 24, 2017

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.
Close any open browsers.
Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
If the connection is not there use restore point you created prior to running Combofix.
Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

Double-click on the Rkill desktop icon to run the tool.
If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

ABL89 · Jun 24, 2017

ComboFix 17-05-24.14 - Dwayne 2017/06/24 19:28:53.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.27.1033.18.8089.6064 [GMT 2:00]
Running from: c:\users\Dwayne\Desktop\ComboFix.exe
AV: Avast Antivirus *Disabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes *Disabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
SP: Avast Antivirus *Disabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
SP: Malwarebytes *Disabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\28677E92A4.sys
c:\users\Dwayne\AppData\Roaming\Origin
c:\users\Dwayne\AppData\Roaming\Origin\Cloud Saves\blacklist
c:\users\Dwayne\AppData\Roaming\Origin\local.xml
c:\windows\msdownld.tmp
c:\windows\SysWow64\DEBUG.log
c:\windows\SysWow64\SET1C51.tmp
c:\windows\SysWow64\SET363C.tmp
c:\windows\SysWow64\SET42F4.tmp
c:\windows\SysWow64\SET4344.tmp
c:\windows\SysWow64\SET6638.tmp
c:\windows\SysWow64\SET6743.tmp
c:\windows\SysWow64\SET7A47.tmp
c:\windows\SysWow64\SET8616.tmp
c:\windows\SysWow64\SETBB3.tmp
c:\windows\SysWow64\SETBEF2.tmp
c:\windows\SysWow64\SETBF90.tmp
c:\windows\SysWow64\SETC360.tmp
c:\windows\SysWow64\SETC60.tmp
c:\windows\SysWow64\SETCFF5.tmp
c:\windows\SysWow64\SETDF79.tmp
c:\windows\SysWow64\SETDF8B.tmp
.
.
((((((((((((((((((((((((( Files Created from 2017-05-24 to 2017-06-24 )))))))))))))))))))))))))))))))
.
.
2073-12-03 08:13 . 2014-09-17 21:28 -------- d-----w- c:\windows\Panther
2073-12-02 23:08 . 2013-12-31 22:12 -------- d-----r- C:\MSOCache
2073-12-02 22:58 . 2073-12-02 22:58 -------- d-----w- C:\5ed878faeca74ae6af7708f79d0b85
2073-12-02 22:52 . 2073-12-02 22:52 -------- d-----w- c:\windows\system32\EventProviders
2073-12-02 22:50 . 2014-03-18 02:44 906968 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2073-12-02 22:50 . 2014-03-18 02:44 73800 ----a-w- c:\windows\system32\RtNicProp64.dll
2073-12-02 22:50 . 2014-03-18 02:44 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2073-12-02 22:49 . 2015-10-22 13:07 -------- d-----w- c:\program files (x86)\Realtek
2073-12-02 22:49 . 2016-08-24 11:24 -------- d--h--w- c:\program files (x86)\Temp
2073-12-02 22:49 . 2014-11-07 05:56 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
2073-12-02 22:47 . 2014-03-31 05:28 450520 ----a-w- c:\windows\system32\drivers\IntcDAud.sys
2073-12-02 22:47 . 2073-12-02 22:47 -------- d-----w- c:\program files (x86)\Common Files\postureAgent
2073-12-02 22:47 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2073-12-02 22:47 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2073-12-02 22:47 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2073-12-02 22:47 . 2013-09-16 10:17 99288 ----a-w- c:\windows\system32\drivers\TeeDriverx64.sys
2073-12-02 22:47 . 2013-09-16 10:17 1795952 ----a-w- c:\windows\system32\WdfCoInstaller01011.dll
2073-12-02 22:46 . 2017-01-05 21:32 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
2073-12-02 22:46 . 2014-09-17 21:47 -------- d-----w- c:\program files (x86)\Intel
2073-12-02 22:46 . 2013-08-21 13:16 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
2073-12-02 22:46 . 2014-09-17 20:26 -------- d-----w- C:\Intel
2073-12-02 22:44 . 2014-09-02 23:25 -------- d-----w- c:\programdata\Norton
2073-12-02 22:43 . 2014-09-17 17:43 -------- d-----w- c:\program files (x86)\Microsoft.NET
2073-12-02 22:42 . 2014-09-17 21:15 -------- d-----w- c:\program files\Google
2073-12-02 22:41 . 2017-06-15 07:33 -------- d-sh--w- c:\windows\Installer
2073-12-02 22:41 . 2014-12-05 21:57 -------- d-----w- c:\program files (x86)\Google
2073-12-02 22:36 . 2073-12-02 22:36 -------- d-----w- C:\Recovery
2073-12-02 22:35 . 2016-06-02 05:50 -------- d-----w- c:\windows\SoftwareDistributionOLD
2017-06-24 17:36 . 2017-06-24 17:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-06-24 07:37 . 2017-06-24 07:37 -------- d-----w- c:\program files\RogueKiller
2017-06-24 07:35 . 2017-06-24 07:35 -------- d-----w- c:\programdata\SWCUTemp
2017-06-21 21:51 . 2017-06-23 22:58 -------- d-----w- C:\FRST
2017-06-21 20:50 . 2017-06-24 13:03 188312 ----a-w- c:\windows\system32\drivers\MBAMChameleon.sys
2017-06-21 20:50 . 2017-06-24 17:16 113592 ----a-w- c:\windows\system32\drivers\farflt.sys
2017-06-21 20:50 . 2017-06-24 17:16 84256 ----a-w- c:\windows\system32\drivers\mwac.sys
2017-06-21 20:50 . 2017-06-24 17:16 44960 ----a-w- c:\windows\system32\drivers\mbam.sys
2017-06-21 20:50 . 2017-05-25 09:58 77376 ----a-w- c:\windows\system32\drivers\mbae64.sys
2017-06-21 20:50 . 2017-06-21 20:50 -------- d-----w- c:\program files\Malwarebytes
2017-06-20 18:33 . 2017-06-21 11:44 -------- d-----w- c:\users\Dwayne\AppData\Local\gtk-2.0
2017-06-20 18:33 . 2017-06-20 18:33 -------- d-----w- c:\users\Dwayne\.thumbnails
2017-06-20 18:27 . 2017-06-21 11:47 -------- d-----w- c:\users\Dwayne\.gimp-2.8
2017-06-20 18:27 . 2017-06-20 18:27 -------- d-----w- c:\users\Dwayne\AppData\Local\gegl-0.2
2017-06-17 19:00 . 2017-06-18 19:08 -------- d-----w- c:\users\Dwayne\AppData\Roaming\timodd
2017-06-15 07:35 . 2017-06-15 07:35 -------- d-----w- c:\programdata\RzSurroundVAD_1.1.62.0
2017-06-15 07:35 . 2016-09-17 00:12 44144 ----a-w- c:\windows\system32\drivers\rzpmgrk.sys
2017-06-14 11:40 . 2017-06-14 11:40 54728 ----a-w- c:\program files (x86)\Mozilla Firefox\pingsender.exe
2017-06-14 08:05 . 2017-05-21 04:24 60416 ----a-w- c:\windows\system32\msobjs.dll
2017-06-14 08:05 . 2017-05-21 04:24 146432 ----a-w- c:\windows\system32\msaudite.dll
2017-06-14 08:05 . 2017-05-21 04:24 690688 ----a-w- c:\windows\system32\adtschema.dll
2017-06-14 08:05 . 2017-05-21 04:06 60416 ----a-w- c:\windows\SysWow64\msobjs.dll
2017-06-14 08:05 . 2017-05-21 04:06 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
2017-06-14 08:05 . 2017-05-21 04:06 690688 ----a-w- c:\windows\SysWow64\adtschema.dll
2017-06-14 08:05 . 2017-05-14 20:46 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2017-06-09 11:22 . 2017-06-09 11:22 144 ----a-w- c:\windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-06-05 13:59 . 2017-06-05 13:59 18412800 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-06-24 17:17 . 2014-09-17 19:46 25640 ----a-w- c:\windows\gdrv.sys
2017-06-24 17:17 . 2014-09-17 17:39 25640 ----a-w- c:\windows\etdrv.sys
2017-06-24 17:16 . 2016-01-31 16:13 252832 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-06-24 13:04 . 2014-09-19 19:42 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2017-06-21 14:31 . 2016-07-17 17:35 803328 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2017-06-21 14:31 . 2016-07-17 17:35 144896 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2017-06-14 17:02 . 2014-09-17 18:38 133627792 -c--a-w- c:\windows\system32\MRT.exe
2017-05-13 05:19 . 2017-02-01 17:55 158880 ----a-w- c:\windows\system32\drivers\aswstm.sys
2017-05-12 18:03 . 2017-06-14 08:06 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2017-05-09 17:50 . 2017-02-01 17:55 339696 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2017-05-09 17:50 . 2017-05-09 17:50 400456 ----a-w- c:\windows\system32\aswBoot.exe
2017-05-09 17:50 . 2017-02-01 17:55 75704 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2017-05-09 17:50 . 2017-02-01 17:55 569192 ----a-w- c:\windows\system32\drivers\aswSP.sys
2017-05-09 17:50 . 2017-02-01 17:55 38296 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2017-05-09 17:50 . 2017-02-01 17:55 128648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2017-05-09 17:50 . 2017-02-01 17:55 101152 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2017-05-09 17:49 . 2017-02-01 17:55 1007160 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2017-05-09 17:49 . 2013-12-31 22:04 49016 ----a-w- c:\windows\system32\drivers\aswbuniva.sys
2017-05-09 17:49 . 2013-12-31 22:04 334576 ----a-w- c:\windows\system32\drivers\aswbloga.sys
2017-05-09 17:49 . 2013-12-31 22:04 190256 ----a-w- c:\windows\system32\drivers\aswbidsha.sys
2017-05-09 17:49 . 2013-12-31 22:04 311808 ----a-w- c:\windows\system32\drivers\aswbidsdrivera.sys
2017-04-23 18:43 . 2016-01-31 16:27 97856 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2017-04-21 15:34 . 2017-05-09 18:30 1133568 ----a-w- c:\windows\system32\cdosys.dll
2017-04-21 15:15 . 2017-05-09 18:30 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2017-04-17 15:37 . 2017-05-09 18:30 512000 ----a-w- c:\windows\system32\rpcss.dll
2017-04-17 15:37 . 2017-05-09 18:30 2065408 ----a-w- c:\windows\system32\ole32.dll
2017-04-17 15:37 . 2017-05-09 18:30 876544 ----a-w- c:\windows\system32\oleaut32.dll
2017-04-17 15:37 . 2017-05-09 18:30 26112 ----a-w- c:\windows\system32\oleres.dll
2017-04-17 15:37 . 2017-05-09 18:30 8704 ----a-w- c:\windows\system32\comcat.dll
2017-04-17 15:12 . 2017-05-09 18:30 581632 ----a-w- c:\windows\SysWow64\oleaut32.dll
2017-04-17 15:12 . 2017-05-09 18:30 1417728 ----a-w- c:\windows\SysWow64\ole32.dll
2017-04-17 15:12 . 2017-05-09 18:30 26112 ----a-w- c:\windows\SysWow64\oleres.dll
2017-04-17 14:54 . 2017-05-09 18:30 7168 ----a-w- c:\windows\SysWow64\comcat.dll
2017-04-12 15:32 . 2017-05-09 18:30 229376 ----a-w- c:\windows\system32\wintrust.dll
2017-04-12 15:32 . 2017-05-09 18:30 1483776 ----a-w- c:\windows\system32\crypt32.dll
2017-04-12 15:32 . 2017-05-09 18:30 190976 ----a-w- c:\windows\system32\cryptsvc.dll
2017-04-12 15:32 . 2017-05-09 18:30 141824 ----a-w- c:\windows\system32\cryptnet.dll
2017-04-12 15:26 . 2017-05-09 18:30 179200 ----a-w- c:\windows\SysWow64\wintrust.dll
2017-04-12 15:25 . 2017-05-09 18:30 1176064 ----a-w- c:\windows\SysWow64\crypt32.dll
2017-04-12 15:25 . 2017-05-09 18:30 145920 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2017-04-12 15:25 . 2017-05-09 18:30 106496 ----a-w- c:\windows\SysWow64\cryptnet.dll
2017-04-07 15:34 . 2017-05-09 18:30 986856 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2017-04-07 15:34 . 2017-05-09 18:30 265448 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2017-04-07 15:30 . 2017-05-09 18:30 144384 ----a-w- c:\windows\system32\cdd.dll
2017-04-07 06:37 . 2017-04-07 06:37 15816 ----a-w- c:\windows\SysWow64\RzStats.IPC.dll
2017-04-05 14:55 . 2017-05-09 18:30 460800 ----a-w- c:\windows\system32\drivers\srv.sys
2017-04-05 14:55 . 2017-05-09 18:30 405504 ----a-w- c:\windows\system32\drivers\srv2.sys
2017-04-05 14:55 . 2017-05-09 18:30 168960 ----a-w- c:\windows\system32\drivers\srvnet.sys
2017-04-04 15:34 . 2017-05-09 18:30 1895656 ----a-w- c:\windows\system32\drivers\tcpip.sys
2017-04-04 15:34 . 2017-05-09 18:30 377576 ----a-w- c:\windows\system32\drivers\netio.sys
2017-04-04 15:34 . 2017-05-09 18:30 287976 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2017-04-04 14:53 . 2017-05-09 18:30 496128 ----a-w- c:\windows\system32\drivers\afd.sys
2017-04-01 19:48 . 2016-08-16 13:27 65536 ----a-w- c:\windows\system32\spu_storage.bin
2017-03-26 18:33 . 2017-03-26 18:33 28344 ----a-w- c:\windows\SysWow64\aspnet_counters.dll
2017-03-26 18:33 . 2017-03-26 18:33 19104 ----a-w- c:\windows\SysWow64\msvcr110_clr0400.dll
2017-03-26 18:33 . 2017-03-26 18:33 19104 ----a-w- c:\windows\SysWow64\msvcr100_clr0400.dll
2017-03-26 18:33 . 2017-03-26 18:33 19104 ----a-w- c:\windows\SysWow64\msvcp110_clr0400.dll
2017-03-26 18:29 . 2017-03-26 18:29 30400 ----a-w- c:\windows\system32\aspnet_counters.dll
2017-03-26 18:29 . 2017-03-26 18:29 19112 ----a-w- c:\windows\system32\msvcr110_clr0400.dll
2017-03-26 18:29 . 2017-03-26 18:29 19112 ----a-w- c:\windows\system32\msvcr100_clr0400.dll
2017-03-26 18:29 . 2017-03-26 18:29 19112 ----a-w- c:\windows\system32\msvcp110_clr0400.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2014-06-27 292848]
"Raptr"="c:\program files (x86)\Raptr\raptrstub.exe" [2015-10-01 56080]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2017-04-13 596640]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2017-03-15 587288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"SIV"="c:\program files (x86)\Gigabyte\SIV\RunOnceTc.exe" [2014-04-25 16192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 aswbIDSAgent;aswbIDSAgent;c:\program files\AVAST Software\Avast\x64\aswidsagenta.exe;c:\program files\AVAST Software\Avast\x64\aswidsagenta.exe [x]
R3 aswHwid;aswHwid;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys;c:\windows\SYSNATIVE\DRIVERS\BazisVirtualCDBus.sys [x]
R3 cpuz137;cpuz137;c:\windows\TEMP\cpuz137\cpuz137_x64.sys;c:\windows\TEMP\cpuz137\cpuz137_x64.sys [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlitescsibus.sys [x]
R3 etocdrv;etocdrv;c:\windows\etocdrv.sys;c:\windows\etocdrv.sys [x]
R3 GPUZ;GPUZ;c:\windows\TEMP\GPUZ.sys;c:\windows\TEMP\GPUZ.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 jakstaVA;Digital Video Recorder;c:\windows\system32\DRIVERS\jaksta_va.sys;c:\windows\SYSNATIVE\DRIVERS\jaksta_va.sys [x]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv_x64.sys;c:\windows\SYSNATIVE\DRIVERS\mcvidrv_x64.sys [x]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv_x64.sys;c:\windows\SYSNATIVE\drivers\mcaudrv_x64.sys [x]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update\NTIOLib_X64.sys;c:\program files (x86)\MSI\Live Update\NTIOLib_X64.sys [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.20);c:\windows\system32\DRIVERS\RtTeam620.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam620.sys [x]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan620.sys;c:\windows\SYSNATIVE\DRIVERS\RtVlan620.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswbidsh;aswbidsh;c:\windows\\SystemRoot\system32\drivers\aswbidsha.sys;c:\windows\\SystemRoot\system32\drivers\aswbidsha.sys [x]
S0 aswblog;aswblog;c:\windows\\SystemRoot\system32\drivers\aswbloga.sys;c:\windows\\SystemRoot\system32\drivers\aswbloga.sys [x]
S0 aswbuniv;aswbuniv;c:\windows\\SystemRoot\system32\drivers\aswbuniva.sys;c:\windows\\SystemRoot\system32\drivers\aswbuniva.sys [x]
S0 aswRvrt;aswRvrt;c:\windows\\SystemRoot\system32\drivers\aswRvrt.sys;c:\windows\\SystemRoot\system32\drivers\aswRvrt.sys [x]
S0 aswVmm;aswVmm;c:\windows\\SystemRoot\system32\drivers\aswVmm.sys;c:\windows\\SystemRoot\system32\drivers\aswVmm.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 aswbidsdriver;aswbidsdriver;c:\windows\system32\drivers\aswbidsdrivera.sys;c:\windows\SYSNATIVE\drivers\aswbidsdrivera.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 ndisrd;WinpkFilter LightWeight Filter;c:\windows\system32\DRIVERS\ndisrd.sys;c:\windows\SYSNATIVE\DRIVERS\ndisrd.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 FoxitReaderService;Foxit Reader Service;c:\program files (x86)\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe;c:\program files (x86)\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe [x]
S2 gadjservice;GIGABYTE Adjust;c:\program files (x86)\Gigabyte\AppCenter\AdjustService.exe;c:\program files (x86)\Gigabyte\AppCenter\AdjustService.exe [x]
S2 GUP7Serv;UP7 Click OC service;c:\program files (x86)\GIGABYTE\OCBtn\GUP7Serv.exe;c:\program files (x86)\GIGABYTE\OCBtn\GUP7Serv.exe [x]
S2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;c:\windows\system32\igfxCUIService.exe;c:\windows\SYSNATIVE\igfxCUIService.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 PSI_SVC_2_x64;Corel License Validation Service V2 x64, Powered by arvato;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe [x]
S2 Razer Game Scanner Service;Razer Game Scanner;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [x]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys;c:\windows\SYSNATIVE\DRIVERS\RtNdPt60.sys [x]
S2 rzpmgrk;rzpmgrk;c:\windows\system32\drivers\rzpmgrk.sys;c:\windows\SYSNATIVE\drivers\rzpmgrk.sys [x]
S2 rzpnk;rzpnk;c:\windows\system32\drivers\rzpnk.sys;c:\windows\SYSNATIVE\drivers\rzpnk.sys [x]
S2 RzSurroundVADStreamingService;RzSurroundVADStreamingService;c:\programdata\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe;c:\programdata\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe [x]
S3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RZSURROUNDVADService;Razer Surround Audio Service;c:\windows\system32\drivers\RzSurroundVAD.sys;c:\windows\SYSNATIVE\drivers\RzSurroundVAD.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - ESProtectionDriver
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
Contents of the 'Scheduled Tasks' folder
.
2017-06-24 c:\windows\Tasks\RtlLanOptimizerVistaStart.job
- c:\program files (x86)\Realtek\LanOptimizer\LanOptimizer.exe [2014-09-17 02:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveBlacklisted]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2017-03-21 06:15 775064 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSynced]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2017-03-21 06:15 775064 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ GoogleDriveSyncing]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2017-03-21 06:15 775064 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2017-05-09 17:50 1505952 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2017-05-09 17:50 1505952 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FAHConsole"="c:\program files\File Association Helper\FAHConsole.exe" [2014-01-28 729272]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2015-06-18 14021336]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvLaunch.exe" [2017-05-09 213824]
"Malwarebytes TrayApp"="c:\program files\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe" [2017-05-09 3146704]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.co.za/
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 10.0.0.2
FF - ProfilePath - c:\users\Dwayne\AppData\Roaming\Mozilla\Firefox\Profiles\5geyetf6.default-1454257769290\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.co.za/
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} - (no file)
AddRemove-SafeZone 1.48.2066.101 - c:\program files\AVAST Software\SZBrowser\Launcher.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1901267739-2306482670-2628607035-1001\Software\4kdownload.com\4K Video Downloader\FileWatcher\Ó3*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1901267739-2306482670-2628607035-1001\Software\4kdownload.com\4K Video Downloader\FileWatcher\ýÿI*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2017-06-24 19:39:11
ComboFix-quarantined-files.txt 2017-06-24 17:39
.
Pre-Run: 403 416 453 120 bytes free
Post-Run: 402 755 559 424 bytes free
.
- - End Of File - - 2FD37C923321CCA07E6A2DA1C8D6E8D6
A36C5E4F47E84449FF07ED3517B43A31

Broni · Jun 24, 2017

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

Double click to run it.
Make sure you checkmark Addition.txt box.
Press Scan button.
Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

ABL89 · Jun 24, 2017

When I launched the program I still had from the first step it said "Failed to update (3)". I'll just redownload it and run the scans again.

ABL89 · Jun 24, 2017

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-06-2017 01
Ran by Dwayne (administrator) on GRAPHICS_PC (24-06-2017 20:08:43)
Running from C:\Users\Dwayne\Desktop
Loaded Profiles: Dwayne (Available Profiles: Dwayne)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
() C:\Program Files (x86)\Gigabyte\OCBtn\GUP7Serv.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Razer Inc) C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(GIGA-BYTE TECHNOLOGY CO., LTD.) C:\Program Files (x86)\Gigabyte\SIV\thermald.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-28] (Nico Mak Computing)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14021336 2015-06-18] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-05-09] (AVAST Software)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-06-27] (Intel Corporation)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-10-01] (Raptr, Inc)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2017-04-13] (Razer Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM-x32\...\RunOnce: [SIV] => C:\Program Files (x86)\Gigabyte\SIV\RunOnceTc.exe [16192 2014-04-25] (GIGA-BYTE TECHNOLOGY CO., LTD.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <======= ATTENTION
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-09] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-09] (AVAST Software)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => -> No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.2
Tcpip\..\Interfaces\{9BED6570-F66E-4EDA-A1AC-AF89C2BB5632}: [DhcpNameServer] 10.0.0.2

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1901267739-2306482670-2628607035-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1901267739-2306482670-2628607035-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.za/
HKU\S-1-5-21-1901267739-2306482670-2628607035-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-01-01] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-04-23] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-01-01] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-23] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Dwayne\AppData\Roaming\Mozilla\Firefox\Profiles\5geyetf6.default-1454257769290 [2017-06-24]
FF Homepage: Mozilla\Firefox\Profiles\5geyetf6.default-1454257769290 -> hxxps://www.google.co.za/
FF Extension: (Avast Online Security) - C:\Users\Dwayne\AppData\Roaming\Mozilla\Firefox\Profiles\5geyetf6.default-1454257769290\Extensions\wrc@avast.com.xpi [2017-05-31]
FF Extension: (Video DownloadHelper) - C:\Users\Dwayne\AppData\Roaming\Mozilla\Firefox\Profiles\5geyetf6.default-1454257769290\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-05-09]
FF Extension: (Adblock Plus) - C:\Users\Dwayne\AppData\Roaming\Mozilla\Firefox\Profiles\5geyetf6.default-1454257769290\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-08]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-06-21] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-21] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2017-04-06] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2017-04-06] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2017-04-06] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2017-04-06] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-23] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7346208 2017-05-09] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-05-09] (AVAST Software)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2014-09-19] (Macrovision Europe Ltd.) [File not signed]
R2 FoxitReaderService; C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe [1659592 2017-04-13] (Foxit Software Inc.)
S2 gadjservice; C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe [16896 2015-04-14] () [File not signed]
R2 GUP7Serv; C:\Program Files (x86)\GIGABYTE\OCBtn\GUP7Serv.exe [18240 2014-05-21] ()
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [324424 2014-08-14] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2013-09-13] (arvato digital services llc)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-25] ()
R2 RzSurroundVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe [4261344 2016-11-04] (Razer Inc)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [121280 2009-11-11] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [121280 2009-11-11] (SlySoft, Inc.)
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [311808 2017-05-09] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [190256 2017-05-09] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334576 2017-05-09] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [49016 2017-05-09] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [128648 2017-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-05-09] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1007160 2017-05-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [569192 2017-05-09] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [158880 2017-05-13] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [339696 2017-05-09] (AVAST Software)
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-09-20] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77376 2017-05-25] ()
S3 etocdrv; C:\Windows\etocdrv.sys [15584 2013-10-30] (Giga-Byte Technology CO., LTD.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2014-04-11] (Intel Corporation)
S3 jakstaVA; C:\Windows\System32\DRIVERS\jaksta_va.sys [103816 2014-12-09] (e2eSoft)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [188312 2017-06-24] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [113592 2017-06-24] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [44960 2017-06-24] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [252832 2017-06-24] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [84256 2017-06-24] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R1 ndisrd; C:\Windows\System32\DRIVERS\ndisrd.sys [33496 2014-03-27] (Realtek)
S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam620.sys [58512 2012-07-03] (Realtek Corporation)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [44144 2016-09-17] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [130880 2015-12-15] (Razer, Inc.)
R3 RZSURROUNDVADService; C:\Windows\System32\drivers\RzSurroundVAD.sys [49176 2016-10-16] (Windows (R) Win 7 DDK provider)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-06-24] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz137; \??\C:\Windows\TEMP\cpuz137\cpuz137_x64.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]
S3 ManyCam; system32\DRIVERS\mcvidrv_x64.sys [X]
S3 mcaudrv_simple; system32\drivers\mcaudrv_x64.sys [X]
S3 NTIOLib_1_0_4; \??\C:\Program Files (x86)\MSI\Live Update\NTIOLib_X64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ABL89 · Jun 24, 2017

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2073-12-03 10:13 - 2014-09-17 23:28 - 00000000 ____D C:\Windows\Panther
2073-12-03 01:08 - 2014-01-01 00:12 - 00000000 ___RD C:\MSOCache
2073-12-03 01:01 - 2017-06-15 09:33 - 00000000 ____D C:\Config.Msi
2073-12-03 01:01 - 2014-09-19 18:12 - 00000000 ____D C:\ProgramData\Adobe
2073-12-03 00:58 - 2073-12-03 00:58 - 00000000 ____D C:\5ed878faeca74ae6af7708f79d0b85
2073-12-03 00:57 - 2073-12-03 00:57 - 00018264 _____ C:\Windows\system32\results.xml
2073-12-03 00:53 - 2073-12-03 00:53 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_iusb3hcs_01009.Wdf
2073-12-03 00:52 - 2073-12-03 00:52 - 00000000 ____D C:\Windows\system32\EventProviders
2073-12-03 00:51 - 2016-04-16 08:31 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2073-12-03 00:50 - 2014-03-18 04:44 - 00906968 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2073-12-03 00:50 - 2014-03-18 04:44 - 00107552 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2073-12-03 00:50 - 2014-03-18 04:44 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2073-12-03 00:49 - 2016-08-24 13:24 - 00000000 ___HD C:\Program Files (x86)\Temp
2073-12-03 00:49 - 2015-10-22 15:07 - 00000000 ____D C:\Program Files (x86)\Realtek
2073-12-03 00:48 - 2073-12-03 00:51 - 00000000 ____D C:\ProgramData\Intel
2073-12-03 00:48 - 2014-09-17 20:35 - 00000000 ____D C:\Program Files\Intel
2073-12-03 00:48 - 2014-08-14 00:24 - 00670720 _____ (Intel Corporation) C:\Windows\system32\igfxDH.dll
2073-12-03 00:48 - 2014-08-14 00:24 - 00372736 _____ (Intel Corporation) C:\Windows\system32\igfxOSP.dll
2073-12-03 00:48 - 2014-08-14 00:24 - 00324424 _____ (Intel Corporation) C:\Windows\system32\igfxCUIService.exe
2073-12-03 00:48 - 2014-08-14 00:24 - 00301896 _____ (Intel Corporation) C:\Windows\system32\igfxEM.exe
2073-12-03 00:48 - 2014-08-14 00:24 - 00271872 _____ (Intel Corporation) C:\Windows\system32\igfxDI.dll
2073-12-03 00:48 - 2014-08-14 00:24 - 00250368 _____ (Intel Corporation) C:\Windows\system32\igfxLHM.dll
2073-12-03 00:48 - 2014-08-14 00:24 - 00222720 _____ (Intel Corporation) C:\Windows\system32\igfxDTCM.dll
2073-12-03 00:48 - 2014-03-31 07:28 - 00182784 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v3540.dll
2073-12-03 00:48 - 2014-03-31 07:23 - 00000895 _____ C:\Windows\system32\Gfxv2_0.exe.config
2073-12-03 00:48 - 2014-03-31 07:23 - 00000895 _____ C:\Windows\system32\DPTopologyAppv2_0.exe.config
2073-12-03 00:48 - 2014-03-31 07:23 - 00000895 _____ C:\Windows\system32\CustomModeAppv2_0.exe.config
2073-12-03 00:48 - 2014-03-31 07:23 - 00000889 _____ C:\Windows\system32\Gfxv4_0.exe.config
2073-12-03 00:48 - 2014-03-31 07:23 - 00000889 _____ C:\Windows\system32\DPTopologyApp.exe.config
2073-12-03 00:48 - 2014-03-31 07:23 - 00000889 _____ C:\Windows\system32\CustomModeApp.exe.config
2073-12-03 00:48 - 2014-03-28 13:06 - 02813952 _____ C:\Windows\system32\iglhxa64.cpa
2073-12-03 00:48 - 2014-03-28 13:06 - 00094208 _____ C:\Windows\system32\IccLibDll_x64.dll
2073-12-03 00:48 - 2014-03-28 13:06 - 00044025 _____ C:\Windows\system32\iglhxo64.vp
2073-12-03 00:48 - 2014-03-28 13:06 - 00043816 _____ C:\Windows\system32\iglhxc64_dev.vp
2073-12-03 00:48 - 2014-03-28 13:06 - 00043494 _____ C:\Windows\system32\iglhxc64.vp
2073-12-03 00:48 - 2014-03-28 13:06 - 00043298 _____ C:\Windows\system32\iglhxg64_dev.vp
2073-12-03 00:48 - 2014-03-28 13:06 - 00043256 _____ C:\Windows\system32\iglhxg64.vp
2073-12-03 00:48 - 2014-03-28 13:06 - 00042079 _____ C:\Windows\system32\iglhxo64_dev.vp
2073-12-03 00:48 - 2013-09-16 12:17 - 00016344 _____ (Intel Corporation) C:\Windows\system32\Drivers\IntelMEFWVer.dll
2073-12-03 00:47 - 2073-12-03 00:47 - 00000000 ____H C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Coinstaller_Critical.Wdf
2073-12-03 00:47 - 2073-12-03 00:47 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2073-12-03 00:47 - 2014-03-31 07:28 - 00450520 _____ (Intel(R) Corporation) C:\Windows\system32\Drivers\IntcDAud.sys
2073-12-03 00:47 - 2013-09-16 12:17 - 01795952 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll
2073-12-03 00:47 - 2013-09-16 12:17 - 00099288 _____ (Intel Corporation) C:\Windows\system32\Drivers\TeeDriverx64.sys
2073-12-03 00:47 - 2012-07-26 06:55 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2073-12-03 00:47 - 2012-07-26 04:36 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2073-12-03 00:47 - 2012-06-02 16:35 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2073-12-03 00:46 - 2017-01-05 23:32 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2073-12-03 00:46 - 2014-09-17 23:47 - 00000000 ____D C:\Program Files (x86)\Intel
2073-12-03 00:46 - 2014-09-17 22:26 - 00000000 ____D C:\Intel
2073-12-03 00:46 - 2013-08-21 15:16 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll
2073-12-03 00:44 - 2073-12-03 00:44 - 00000000 ____D C:\ProgramData\NortonInstaller
2073-12-03 00:44 - 2017-05-09 21:22 - 00769808 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2073-12-03 00:44 - 2014-09-03 01:25 - 00000000 ____D C:\ProgramData\Norton
2073-12-03 00:43 - 2014-09-17 19:43 - 00000000 ____D C:\Program Files (x86)\Microsoft.NET
2073-12-03 00:42 - 2014-09-17 23:15 - 00000000 ____D C:\Program Files\Google
2073-12-03 00:42 - 2014-09-17 23:13 - 00000000 ____D C:\ProgramData\Google
2073-12-03 00:41 - 2017-06-15 09:33 - 00000000 __SHD C:\Windows\Installer
2073-12-03 00:41 - 2017-04-29 09:56 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2073-12-03 00:41 - 2017-04-29 09:56 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2073-12-03 00:41 - 2017-03-23 22:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2073-12-03 00:41 - 2014-12-05 23:57 - 00000000 ____D C:\Program Files (x86)\Google
2073-12-03 00:41 - 2014-09-17 19:54 - 00000010 _____ C:\Windows\GSetup.ini
2073-12-03 00:36 - 2073-12-03 00:36 - 00000000 ____D C:\Recovery
2073-12-03 00:35 - 2016-06-02 07:50 - 00000000 ____D C:\Windows\SoftwareDistributionOLD
2073-12-03 00:16 - 2073-12-03 00:16 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2073-12-03 00:16 - 2073-12-03 00:16 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2073-12-03 00:13 - 2017-06-24 20:00 - 2066399232 ___SH C:\hiberfil.sys
2073-12-03 00:13 - 2017-06-24 20:00 - 00000000 ___SH C:\pagefile.sys
2073-12-03 00:13 - 2017-06-24 14:07 - 00000000 __SHD C:\System Volume Information
2073-12-03 00:13 - 2017-06-22 00:09 - 00000000 ____D C:\Windows\Prefetch
2017-06-24 20:08 - 2017-06-24 20:10 - 00018811 _____ C:\Users\Dwayne\Desktop\FRST.txt
2017-06-24 20:07 - 2017-06-24 20:07 - 02440704 _____ (Farbar) C:\Users\Dwayne\Desktop\FRST64.exe
2017-06-24 19:42 - 2017-06-24 19:42 - 00027099 _____ C:\Users\Dwayne\Desktop\combofixlog.txt
2017-06-24 19:39 - 2017-06-24 19:39 - 00027099 _____ C:\ComboFix.txt
2017-06-24 19:27 - 2017-06-24 19:39 - 00000000 ____D C:\Qoobox
2017-06-24 19:27 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2017-06-24 19:27 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2017-06-24 19:27 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2017-06-24 19:27 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2017-06-24 19:27 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2017-06-24 19:27 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2017-06-24 19:27 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2017-06-24 19:27 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2017-06-24 19:26 - 2017-06-24 19:38 - 00000000 ____D C:\Windows\erdnt
2017-06-24 19:23 - 2017-06-24 19:24 - 05659194 ____R (Swearware) C:\Users\Dwayne\Desktop\ComboFix.exe
2017-06-24 14:08 - 2017-06-24 14:08 - 00001871 _____ C:\Users\Dwayne\Desktop\JRT.txt
2017-06-24 14:04 - 2017-06-24 14:04 - 00003425 _____ C:\Users\Dwayne\Desktop\AdwCleaner[C2].txt
2017-06-24 11:51 - 2017-06-24 11:51 - 00001212 _____ C:\Users\Dwayne\Desktop\mbam log.txt
2017-06-24 11:34 - 2017-06-24 11:34 - 00010776 _____ C:\Users\Dwayne\Desktop\RKreport.txt
2017-06-24 09:37 - 2017-06-24 09:37 - 00000858 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-06-24 09:37 - 2017-06-24 09:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-06-24 09:37 - 2017-06-24 09:37 - 00000000 ____D C:\Program Files\RogueKiller
2017-06-22 19:45 - 2017-06-22 19:46 - 00001504 _____ C:\Users\Dwayne\Desktop\Mozilla Firefox.lnk
2017-06-21 23:51 - 2017-06-24 20:08 - 00000000 ____D C:\FRST
2017-06-21 22:50 - 2017-06-24 20:02 - 00188312 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-06-21 22:50 - 2017-06-24 20:02 - 00113592 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-06-21 22:50 - 2017-06-24 20:02 - 00084256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-06-21 22:50 - 2017-06-24 20:02 - 00044960 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-06-21 22:50 - 2017-06-21 22:50 - 00001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-06-21 22:50 - 2017-06-21 22:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-06-21 22:50 - 2017-06-21 22:50 - 00000000 ____D C:\Program Files\Malwarebytes
2017-06-21 22:50 - 2017-05-25 11:58 - 00077376 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-06-21 22:48 - 2017-06-21 22:49 - 00215414 _____ C:\TDSSKiller.3.1.0.12_21.06.2017_22.48.18_log.txt
2017-06-21 22:47 - 2017-06-21 22:47 - 00215562 _____ C:\TDSSKiller.3.1.0.12_21.06.2017_22.47.10_log.txt
2017-06-21 13:44 - 2017-06-21 13:44 - 00004623 _____ C:\Users\Dwayne\AppData\Local\recently-used.xbel
2017-06-20 20:33 - 2017-06-21 13:44 - 00000000 ____D C:\Users\Dwayne\AppData\Local\gtk-2.0
2017-06-20 20:33 - 2017-06-20 20:33 - 00000000 ____D C:\Users\Dwayne\.thumbnails
2017-06-20 20:27 - 2017-06-21 13:47 - 00000000 ____D C:\Users\Dwayne\.gimp-2.8
2017-06-20 20:27 - 2017-06-20 20:27 - 00000000 ____D C:\Users\Dwayne\AppData\Local\gegl-0.2
2017-06-17 21:00 - 2017-06-18 21:08 - 00000000 ____D C:\Users\Dwayne\AppData\Roaming\timodd
2017-06-15 09:35 - 2017-06-15 09:35 - 00000000 ____D C:\ProgramData\RzSurroundVAD_1.1.62.0
2017-06-15 09:35 - 2016-09-17 02:12 - 00044144 _____ (Razer, Inc.) C:\Windows\system32\Drivers\rzpmgrk.sys
2017-06-14 10:06 - 2017-06-02 10:28 - 02317824 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2017-06-14 10:06 - 2017-06-02 10:28 - 02222080 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2017-06-14 10:06 - 2017-06-02 10:28 - 00778240 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2017-06-14 10:06 - 2017-06-02 10:28 - 00491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2017-06-14 10:06 - 2017-06-02 10:28 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2017-06-14 10:06 - 2017-06-02 10:28 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\mssitlb.dll
2017-06-14 10:06 - 2017-06-02 10:28 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2017-06-14 10:06 - 2017-06-02 10:28 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2017-06-14 10:06 - 2017-06-02 10:28 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2017-06-14 10:06 - 2017-06-02 10:11 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2017-06-14 10:06 - 2017-06-02 10:11 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2017-06-14 10:06 - 2017-06-02 10:10 - 00733696 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-06-14 10:06 - 2017-06-02 10:10 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2017-06-14 10:06 - 2017-06-02 10:09 - 01549824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2017-06-14 10:06 - 2017-06-02 10:09 - 01400320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2017-06-14 10:06 - 2017-06-02 10:09 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2017-06-14 10:06 - 2017-06-02 10:09 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2017-06-14 10:06 - 2017-06-02 10:09 - 00197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2017-06-14 10:06 - 2017-06-02 10:09 - 00104448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssitlb.dll
2017-06-14 10:06 - 2017-06-02 10:09 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2017-06-14 10:06 - 2017-06-02 10:09 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2017-06-14 10:06 - 2017-06-02 09:58 - 00427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2017-06-14 10:06 - 2017-06-02 09:58 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2017-06-14 10:06 - 2017-06-02 09:57 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2017-06-14 10:06 - 2017-06-02 09:57 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2017-06-14 10:06 - 2017-05-21 06:28 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-06-14 10:06 - 2017-05-21 06:28 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-06-14 10:06 - 2017-05-21 06:24 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-06-14 10:06 - 2017-05-21 06:24 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-06-14 10:06 - 2017-05-21 06:24 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-06-14 10:06 - 2017-05-21 06:24 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-06-14 10:06 - 2017-05-21 06:24 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-06-14 10:06 - 2017-05-21 06:24 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-06-14 10:06 - 2017-05-21 06:24 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-06-14 10:06 - 2017-05-21 06:24 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-06-14 10:06 - 2017-05-21 06:24 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-06-14 10:06 - 2017-05-21 06:24 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-06-14 10:06 - 2017-05-21 06:24 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-06-14 10:06 - 2017-05-21 06:24 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-06-14 10:06 - 2017-05-21 06:24 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-06-14 10:06 - 2017-05-21 06:24 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-06-14 10:06 - 2017-05-21 06:24 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-06-14 10:06 - 2017-05-21 06:24 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-06-14 10:06 - 2017-05-21 06:06 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-06-14 10:06 - 2017-05-21 06:06 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-06-14 10:06 - 2017-05-21 06:06 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-06-14 10:06 - 2017-05-21 06:06 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-06-14 10:06 - 2017-05-21 06:06 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-06-14 10:06 - 2017-05-21 06:06 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-06-14 10:06 - 2017-05-21 06:06 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-06-14 10:06 - 2017-05-21 06:06 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-06-14 10:06 - 2017-05-21 06:06 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-06-14 10:06 - 2017-05-21 06:06 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-06-14 10:06 - 2017-05-21 06:06 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-06-14 10:06 - 2017-05-21 06:06 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-06-14 10:06 - 2017-05-21 06:06 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-06-14 10:06 - 2017-05-21 05:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-06-14 10:06 - 2017-05-21 05:48 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-06-14 10:06 - 2017-05-21 05:48 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-06-14 10:06 - 2017-05-21 05:48 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-06-14 10:06 - 2017-05-21 05:47 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-06-14 10:06 - 2017-05-21 05:46 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-06-14 10:06 - 2017-05-21 05:42 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-06-14 10:06 - 2017-05-16 20:19 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-06-14 10:06 - 2017-05-16 19:35 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-06-14 10:06 - 2017-05-14 22:46 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-06-14 10:06 - 2017-05-14 22:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-06-14 10:06 - 2017-05-14 22:27 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-06-14 10:06 - 2017-05-14 22:27 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-06-14 10:06 - 2017-05-14 22:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-06-14 10:06 - 2017-05-14 22:26 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-06-14 10:06 - 2017-05-14 22:24 - 02899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-06-14 10:06 - 2017-05-14 22:19 - 25738752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-06-14 10:06 - 2017-05-14 22:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-06-14 10:06 - 2017-05-14 22:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-06-14 10:06 - 2017-05-14 22:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-06-14 10:06 - 2017-05-14 22:10 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-06-14 10:06 - 2017-05-14 22:10 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-06-14 10:06 - 2017-05-14 22:10 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-06-14 10:06 - 2017-05-14 22:10 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-06-14 10:06 - 2017-05-14 22:01 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-06-14 10:06 - 2017-05-14 21:57 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-06-14 10:06 - 2017-05-14 21:55 - 05975040 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-06-14 10:06 - 2017-05-14 21:48 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-06-14 10:06 - 2017-05-14 21:47 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-06-14 10:06 - 2017-05-14 21:46 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-06-14 10:06 - 2017-05-14 21:42 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-06-14 10:06 - 2017-05-14 21:41 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-06-14 10:06 - 2017-05-14 21:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-06-14 10:06 - 2017-05-14 21:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-06-14 10:06 - 2017-05-14 21:36 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-06-14 10:06 - 2017-05-14 21:23 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-06-14 10:06 - 2017-05-14 21:23 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-06-14 10:06 - 2017-05-14 21:22 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-06-14 10:06 - 2017-05-14 21:22 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-06-14 10:06 - 2017-05-14 21:22 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-06-14 10:06 - 2017-05-14 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-06-14 10:06 - 2017-05-14 21:20 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-06-14 10:06 - 2017-05-14 21:19 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-06-14 10:06 - 2017-05-14 21:18 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-06-14 10:06 - 2017-05-14 21:17 - 02132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-06-14 10:06 - 2017-05-14 21:16 - 02290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-06-14 10:06 - 2017-05-14 21:15 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-06-14 10:06 - 2017-05-14 21:14 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-06-14 10:06 - 2017-05-14 21:12 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-06-14 10:06 - 2017-05-14 21:11 - 20274688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-06-14 10:06 - 2017-05-14 21:11 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-06-14 10:06 - 2017-05-14 21:10 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-06-14 10:06 - 2017-05-14 21:10 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-06-14 10:06 - 2017-05-14 21:02 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-06-14 10:06 - 2017-05-14 20:57 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-06-14 10:06 - 2017-05-14 20:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-06-14 10:06 - 2017-05-14 20:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-06-14 10:06 - 2017-05-14 20:54 - 15252992 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-06-14 10:06 - 2017-05-14 20:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-06-14 10:06 - 2017-05-14 20:52 - 03240960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-06-14 10:06 - 2017-05-14 20:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-06-14 10:06 - 2017-05-14 20:50 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-06-14 10:06 - 2017-05-14 20:49 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-06-14 10:06 - 2017-05-14 20:44 - 04549120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-06-14 10:06 - 2017-05-14 20:42 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-06-14 10:06 - 2017-05-14 20:40 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-06-14 10:06 - 2017-05-14 20:39 - 02057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-06-14 10:06 - 2017-05-14 20:38 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-06-14 10:06 - 2017-05-14 20:37 - 01544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-06-14 10:06 - 2017-05-14 20:30 - 13664768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-06-14 10:06 - 2017-05-14 20:27 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-06-14 10:06 - 2017-05-14 20:15 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-06-14 10:06 - 2017-05-14 20:11 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-06-14 10:06 - 2017-05-14 20:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-06-14 10:06 - 2017-05-12 20:27 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-06-14 10:06 - 2017-05-12 20:26 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-06-14 10:06 - 2017-05-12 20:26 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-06-14 10:06 - 2017-05-12 20:26 - 00382696 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-06-14 10:06 - 2017-05-12 20:24 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:22 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:07 - 04001000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-06-14 10:06 - 2017-05-12 20:07 - 03945704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-06-14 10:06 - 2017-05-12 20:07 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-06-14 10:06 - 2017-05-12 20:04 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-06-14 10:06 - 2017-05-12 20:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-06-14 10:06 - 2017-05-12 20:03 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-06-14 10:06 - 2017-05-12 20:03 - 00629760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-06-14 10:06 - 2017-05-12 20:03 - 00313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-06-14 10:06 - 2017-05-12 20:03 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-06-14 10:06 - 2017-05-12 20:03 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2017-06-14 10:06 - 2017-05-12 20:03 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-06-14 10:06 - 2017-05-12 20:03 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-06-14 10:06 - 2017-05-12 20:03 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2017-06-14 10:06 - 2017-05-12 20:03 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2017-06-14 10:06 - 2017-05-12 20:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-06-14 10:06 - 2017-05-12 20:03 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-06-14 10:06 - 2017-05-12 20:03 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 20:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 19:55 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-06-14 10:06 - 2017-05-12 19:54 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-06-14 10:06 - 2017-05-12 19:54 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-06-14 10:06 - 2017-05-12 19:52 - 03222528 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-06-14 10:06 - 2017-05-12 19:51 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-06-14 10:06 - 2017-05-12 19:50 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-06-14 10:06 - 2017-05-12 19:46 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-06-14 10:06 - 2017-05-12 19:43 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-06-14 10:06 - 2017-05-12 19:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-06-14 10:06 - 2017-05-12 19:41 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-06-14 10:06 - 2017-05-12 19:41 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-06-14 10:06 - 2017-05-12 19:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-06-14 10:06 - 2017-05-12 19:40 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 19:40 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 19:40 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 19:40 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-06-14 10:06 - 2017-05-12 18:25 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-06-14 10:06 - 2017-05-12 17:58 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-06-14 10:06 - 2017-05-12 17:58 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-06-14 10:06 - 2017-05-10 17:33 - 00091368 _____ (Microsoft Corporation) C:\Windows\system32\MigAutoPlay.exe
2017-06-14 10:06 - 2017-05-10 17:29 - 14183936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-06-14 10:06 - 2017-05-10 17:29 - 03165184 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-06-14 10:06 - 2017-05-10 17:29 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-06-14 10:06 - 2017-05-10 17:29 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-06-14 10:06 - 2017-05-10 17:29 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-06-14 10:06 - 2017-05-10 17:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2017-06-14 10:06 - 2017-05-10 17:16 - 00091368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MigAutoPlay.exe
2017-06-14 10:06 - 2017-05-10 17:14 - 02651136 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-06-14 10:06 - 2017-05-10 17:13 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-06-14 10:06 - 2017-05-10 17:13 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-06-14 10:06 - 2017-05-10 17:13 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-06-14 10:06 - 2017-05-10 17:13 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-06-14 10:06 - 2017-05-10 17:13 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-06-14 10:06 - 2017-05-10 17:13 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2017-06-14 10:06 - 2017-05-10 17:12 - 12880896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-06-14 10:06 - 2017-05-10 17:12 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-06-14 10:06 - 2017-05-10 17:12 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-06-14 10:06 - 2017-05-10 17:00 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-06-14 10:06 - 2017-05-10 17:00 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-06-14 10:06 - 2017-05-10 17:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-06-14 10:06 - 2017-05-10 17:00 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2017-06-14 10:06 - 2017-05-10 16:52 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-06-14 10:06 - 2017-05-09 17:30 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-06-14 10:06 - 2017-05-09 17:29 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2017-06-14 10:06 - 2017-05-09 17:15 - 00071680 _____ C:\Windows\system32\PrintBrmUi.exe
2017-06-14 10:06 - 2017-05-09 17:11 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2017-06-14 10:06 - 2017-05-07 17:33 - 00094440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2017-06-14 10:06 - 2017-05-07 17:29 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2017-06-14 10:06 - 2017-04-28 00:50 - 03550208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2017-06-14 10:06 - 2017-04-12 15:05 - 04296704 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2017-06-14 10:06 - 2017-03-30 17:03 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\rundll32.exe
2017-06-14 10:06 - 2017-03-30 16:58 - 00045056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
2017-06-14 10:05 - 2017-05-21 06:24 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-06-14 10:05 - 2017-05-21 06:24 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-06-14 10:05 - 2017-05-21 06:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-06-14 10:05 - 2017-05-21 06:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-06-14 10:05 - 2017-05-21 06:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-06-14 10:05 - 2017-05-21 06:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-06-14 10:05 - 2017-05-14 22:46 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-06-09 13:22 - 2017-06-09 13:22 - 00000144 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat

ABL89 · Jun 24, 2017

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2073-12-03 10:12 - 2009-07-14 07:38 - 00025600 ___SH C:\Windows\system32\config\BCD-Template.LOG
2073-12-03 10:12 - 2009-07-14 07:32 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2073-12-03 00:49 - 2009-07-14 06:54 - 00000404 ___SH C:\Users\Public\Desktop\desktop.ini
2073-12-03 00:43 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\restore
2073-12-03 00:16 - 2009-07-14 07:01 - 00040833 _____ C:\Windows\SysWOW64\license.rtf
2073-12-03 00:16 - 2009-07-14 07:01 - 00040833 _____ C:\Windows\system32\license.rtf
2073-12-03 00:16 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\sysprep
2073-12-03 00:13 - 2009-07-14 09:12 - 00000000 ____D C:\Windows\CSC
2017-06-24 20:09 - 2015-04-04 14:46 - 00000000 _____ C:\Windows\system32\RzSurroundVADAudioDeviceManager_log.txt
2017-06-24 20:08 - 2016-11-17 15:47 - 00000000 ____D C:\Users\Dwayne\AppData\LocalLow\Mozilla
2017-06-24 20:03 - 2014-09-17 21:46 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2017-06-24 20:02 - 2016-01-31 18:13 - 00252832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-06-24 20:02 - 2014-09-17 19:39 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\etdrv.sys
2017-06-24 20:01 - 2014-09-17 19:56 - 00000290 _____ C:\Windows\Tasks\RtlLanOptimizerVistaStart.job
2017-06-24 20:01 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-24 19:36 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2017-06-24 19:33 - 2016-07-30 00:50 - 00000000 ____D C:\ProgramData\Temp
2017-06-24 19:24 - 2009-07-14 06:45 - 00029088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-06-24 19:24 - 2009-07-14 06:45 - 00029088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-06-24 15:04 - 2014-09-19 21:42 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-06-24 14:58 - 2014-09-19 19:16 - 00000000 ____D C:\Program Files\PeerBlock
2017-06-24 14:55 - 2014-09-19 19:18 - 00000000 ____D C:\Users\Dwayne\AppData\Roaming\uTorrent
2017-06-24 14:33 - 2014-09-19 19:22 - 00000000 ____D C:\Users\Dwayne\Documents\Torrents
2017-06-24 13:58 - 2017-04-27 03:16 - 00000000 ____D C:\AdwCleaner
2017-06-24 13:44 - 2014-09-18 07:27 - 00000000 ____D C:\Windows\Minidump
2017-06-24 13:21 - 2014-09-19 17:58 - 00000000 ___RD C:\Users\Dwayne\Desktop\To Sort
2017-06-24 09:34 - 2017-03-15 08:48 - 00000000 ___RD C:\Users\Dwayne\Desktop\Atomic Blonde
2017-06-23 23:06 - 2014-09-19 17:59 - 00000000 ___RD C:\Users\Dwayne\Desktop\Screen Captures
2017-06-23 14:04 - 2015-06-09 12:30 - 00000000 ____D C:\Users\Dwayne\AppData\Roaming\vlc
2017-06-22 21:36 - 2016-06-23 20:11 - 00000000 ____D C:\Users\Dwayne\AppData\Roaming\foobar2000
2017-06-22 21:11 - 2015-11-15 00:55 - 00000000 ____D C:\Users\Dwayne\AppData\Roaming\Audacity
2017-06-22 20:26 - 2015-08-08 10:39 - 00000000 ___RD C:\Users\Dwayne\Desktop\Wallpapers
2017-06-22 19:49 - 2014-09-19 15:59 - 00000000 ___RD C:\Users\Dwayne\Desktop\Software
2017-06-22 19:44 - 2014-09-19 16:59 - 00000000 ___RD C:\Users\Dwayne\Desktop\Games
2017-06-22 17:45 - 2014-09-19 17:00 - 00000000 ___RD C:\Users\Dwayne\Desktop\My Portfolio
2017-06-22 17:03 - 2015-08-08 11:20 - 00000000 ____D C:\Users\Dwayne\Icons
2017-06-22 00:40 - 2016-11-30 10:12 - 00000000 ____D C:\EEK
2017-06-21 23:51 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2017-06-21 23:33 - 2009-07-14 07:13 - 00785942 _____ C:\Windows\system32\PerfStringBackup.INI
2017-06-21 22:50 - 2014-09-19 16:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-06-21 17:49 - 2014-09-27 10:45 - 00000000 ___RD C:\Users\Dwayne\Desktop\TV Series
2017-06-21 16:37 - 2014-09-17 22:33 - 00000000 ____D C:\Users\Dwayne\AppData\Local\Adobe
2017-06-21 16:31 - 2016-07-17 19:35 - 00803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-06-21 16:31 - 2016-07-17 19:35 - 00144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-06-21 16:31 - 2014-09-17 22:35 - 00000000 ____D C:\Windows\system32\Macromed
2017-06-21 16:30 - 2014-09-17 22:35 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-06-20 23:32 - 2015-06-09 12:29 - 00000871 _____ C:\Users\Public\Desktop\VLC Media Player.lnk
2017-06-20 20:33 - 2014-09-17 22:10 - 00000000 ____D C:\Users\Dwayne
2017-06-19 09:25 - 2014-10-23 21:40 - 00000000 ____D C:\Users\Dwayne\dwhelper
2017-06-18 21:19 - 2017-05-15 12:48 - 00000000 ____D C:\Users\Dwayne\Documents\Torrents Completed
2017-06-17 21:00 - 2016-12-09 21:06 - 00000000 ____D C:\Users\Dwayne\AppData\Roaming\SmartSteamEmu
2017-06-15 09:34 - 2015-04-04 14:46 - 00000000 _____ C:\Windows\SysWOW64\RzSurroundVADAudioDeviceManager_log.txt
2017-06-14 20:50 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2017-06-14 19:21 - 2009-07-14 06:45 - 03146624 _____ C:\Windows\system32\FNTCACHE.DAT
2017-06-14 19:18 - 2016-11-17 09:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-06-14 19:18 - 2014-09-19 16:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-06-14 19:18 - 2014-09-17 22:20 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-06-14 19:18 - 2014-09-17 22:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-06-14 19:16 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2017-06-14 19:16 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\migwiz
2017-06-14 19:07 - 2014-09-17 22:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-06-14 19:06 - 2014-09-17 20:38 - 00000000 ____D C:\Windows\system32\MRT
2017-06-14 19:02 - 2014-09-17 20:38 - 133627792 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-06-10 15:02 - 2016-08-21 06:08 - 00000000 _____ C:\Windows\SysWOW64\last.dump
2017-06-10 03:13 - 2014-09-19 22:39 - 00000000 ____D C:\Users\Dwayne\AppData\Local\CrashDumps
2017-06-09 13:11 - 2016-05-18 22:09 - 00000840 _____ C:\Users\Public\Desktop\Speccy.lnk
2017-06-09 13:11 - 2014-11-21 06:11 - 00001966 _____ C:\Users\Public\Desktop\Avast.lnk
2017-06-09 13:11 - 2014-09-19 19:29 - 00000866 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-06-09 13:01 - 2016-11-05 12:49 - 11584088 _____ (SurfRight B.V.) C:\Users\Dwayne\Desktop\HitmanPro.exe
2017-06-05 22:54 - 2014-09-18 07:25 - 00000000 ____D C:\Users\Dwayne\AppData\Local\ElevatedDiagnostics
2017-06-05 14:59 - 2014-09-17 22:14 - 00302464 _____ C:\Users\Dwayne\AppData\Local\GDIPFONTCACHEV1.DAT
2017-06-04 23:36 - 2014-09-19 18:51 - 00000000 ____D C:\Users\Dwayne\AppData\Roaming\Skype
2017-06-04 22:46 - 2016-01-23 15:24 - 00000000 ____D C:\Users\Dwayne\AppData\Roaming\HandBrake
2017-06-04 22:16 - 2014-11-26 13:36 - 00000000 ____D C:\Users\Dwayne\AppData\Roaming\dvdcss
2017-06-04 22:15 - 2015-04-11 13:22 - 00000000 ____D C:\ProgramData\DVD Shrink
2017-05-27 15:52 - 2014-09-19 17:58 - 00000000 ___RD C:\Users\Dwayne\Desktop\Photos

==================== Files in the root of some directories =======

2015-04-11 14:40 - 2016-06-09 22:41 - 0000594 _____ () C:\Users\Dwayne\AppData\Roaming\AutoGK.ini
2017-01-13 00:09 - 2017-01-13 00:09 - 0000023 _____ () C:\Users\Dwayne\AppData\Roaming\splitterdirectorys.txt
2016-02-17 07:38 - 2016-02-17 07:38 - 0003584 _____ () C:\Users\Dwayne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-06-21 13:44 - 2017-06-21 13:44 - 0004623 _____ () C:\Users\Dwayne\AppData\Local\recently-used.xbel
2016-01-17 21:01 - 2016-01-17 21:01 - 0007605 _____ () C:\Users\Dwayne\AppData\Local\Resmon.ResmonCfg
2014-09-19 18:40 - 2016-08-01 12:09 - 0002516 ___SH () C:\ProgramData\KGyGaAvL.sys

Files to move or delete:
====================
C:\Users\Dwayne\NetworkRegKeyBackup.reg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-06-13 16:10

==================== End of FRST.txt ============================

ABL89 · Jun 24, 2017

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-06-2017 01
Ran by Dwayne (24-06-2017 20:10:42)
Running from C:\Users\Dwayne\Desktop
Windows 7 Professional Service Pack 1 (X64) (2014-09-17 20:14:04)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1901267739-2306482670-2628607035-500 - Administrator - Disabled)
Dwayne (S-1-5-21-1901267739-2306482670-2628607035-1001 - Administrator - Enabled) => C:\Users\Dwayne
Guest (S-1-5-21-1901267739-2306482670-2628607035-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1901267739-2306482670-2628607035-1010 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1901267739-2306482670-2628607035-1001\...\uTorrent) (Version: 3.5.0.43804 - BitTorrent Inc.)
3DMark (HKLM-x32\...\{4198fd8f-98bd-4240-9b3a-ab2643e532f6}) (Version: 1.3.708.0 - Futuremark)
3DMark (Version: 1.3.708.0 - Futuremark) Hidden
4K Video Downloader 4.1 (HKLM-x32\...\4K Video Downloader_is1) (Version: 4.1.2.2075 - Open Media LLC)
7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (HKLM-x32\...\Adobe_2ac78060bc5856b0c1cf873bb919b58) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.3 64-bit (HKLM\...\{2DD71ACB-552D-402C-9529-7906ACB95C30}) (Version: 5.3.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
AnyDVD (HKLM-x32\...\AnyDVD) (Version: - SlySoft)
APP Center (HKLM-x32\...\InstallShield_{F3D47276-0E35-42CF-A677-B45118470E21}) (Version: 1.15.0417 - Gigabyte)
APP Center (x32 Version: 1.15.0417 - Gigabyte) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.4.2294 - AVAST Software)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - )
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bulk Rename Utility 2.7.1.3 (HKLM\...\Bulk Rename Utility_is1) (Version: - TGRMN Software)
Call of Duty(R) - World at War(TM) 1.1 Patch (x32 Version: - ) Hidden
Call of Duty(R) - World at War(TM) 1.2 Patch (x32 Version: - ) Hidden
Call of Duty(R) - World at War(TM) 1.3 Patch (x32 Version: - ) Hidden
Call of Duty(R) - World at War(TM) 1.4 Patch (x32 Version: - ) Hidden
Call of Duty(R) - World at War(TM) 1.5 Patch (x32 Version: - ) Hidden
Call of Duty(R) - World at War(TM) 1.6 Patch (x32 Version: - ) Hidden
Call of Duty(R) - World at War(TM) 1.7 Patch (x32 Version: - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch (x32 Version: - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch (x32 Version: - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch (x32 Version: - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch (x32 Version: - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version: - ) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version: - ) Hidden
Catalyst Control Center Next Localization BR (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.1223.1240.22785 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.29 - Piriform)
CGS17_Setup_x64 (Version: 17.0 - Corel Corporation) Hidden
Color Efex Pro 3.0 Complete (HKLM-x32\...\Color Efex Pro 3.0 Complete) (Version: 3.0 - Nik Software, Inc.)
Corel Graphics - Windows Shell Extension (HKLM\...\_{4AB916EE-ABA8-4079-9889-745798B6D809}) (Version: 17.0.0.491 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 17.0.491 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit (Version: 17.0.491 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Capture (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Common (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Connect (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Custom Data (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Draw (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - EN (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Filters (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - FontNav (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM Content (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM T (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - PHOTO-PAINT (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Photozoom Plugin (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Redist (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Setup Files (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VBA (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - VideoBrowser (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Writing Tools (x64) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 (64-Bit) (HKLM\...\_{5CB73140-806C-42C6-A05A-1AFD0E92DEB5}) (Version: 17.0.0.491 - Corel Corporation)
CPUID HWMonitor 1.28 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
CrystalDiskInfo 6.7.0 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.7.0 - Crystal Dew World)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
EasyTune (HKLM-x32\...\InstallShield_{7F635314-EE21-4E4B-A68D-69AE70BA0E9B}) (Version: 1.00.0002 - GIGABYTE)
EasyTune (x32 Version: 1.00.0002 - GIGABYTE) Hidden
Fast Boot (HKLM-x32\...\InstallShield_{FA8FB4F2-F524-48E1-A06C-45602FBF26CD}) (Version: 1.00.0000 - GIGABYTE)
Fast Boot (x32 Version: 1.00.0000 - GIGABYTE) Hidden
FlacSquisher 1.3.7 (HKLM-x32\...\FlacSquisher) (Version: 1.3.7 - FlacSquisher)
foobar2000 v1.3.10 (HKLM-x32\...\foobar2000) (Version: 1.3.10 - Peter Pawlowski)
FormatFactory 3.8.0.0 (HKLM-x32\...\FormatFactory) (Version: 3.8.0.0 - Free Time)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.3.0.14878 - Foxit Software Inc.)
Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
GSmartControl (HKLM-x32\...\GSmartControl) (Version: 0.8.7 - Alexander Shaduri)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
Icecream PDF Split and Merge version 2.16 (HKLM-x32\...\{95DC4DB4-99FB-4FB2-ADBD-97F194EDEB4D}_is1) (Version: 2.16 - Icecream Apps)
Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel(R) Chipset Device Software (x32 Version: 10.0.20 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3907 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.0.34 - Intel Corporation)
IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.42 - Irfan Skiljan)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
LanOptimizer (HKLM-x32\...\{B416A23D-C2BD-4956-8BAE-5C3BAFF1AC1E}) (Version: 1.00.0000 - Realtek)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2012 (HKLM-x32\...\{89ca2a32-2b52-4595-8dfd-6fe4757958d0}) (Version: 11.0.51108 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MKVToolNix 7.3.0 (64bit) (HKLM-x32\...\MKVToolNix) (Version: 7.3.0 - Moritz Bunkus)
Mozilla Firefox 54.0 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 54.0 (x86 en-GB)) (Version: 54.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.0.6368 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NVIDIA PhysX v8.10.29 (HKLM-x32\...\{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}) (Version: 8.10.29 - NVIDIA Corporation)
OC Button (HKLM-x32\...\InstallShield_{E27E691E-6D86-4BC3-A5AC-E14CFD43CFAD}) (Version: 1.00.0000 - GIGABYTE)
OC Button (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB (Version: 11.0.51108 - Microsoft Corporation) Hidden
Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2) (Version: - )
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
Raptr (HKLM-x32\...\Raptr) (Version: - )
Razer Surround (HKLM-x32\...\Razer Surround) (Version: 1.05.26 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.17.413 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.82.317.2014 - Realtek)
Realtek Ethernet Diagnostic Utility (HKLM-x32\...\{DADC7AB0-E554-4705-9F6A-83EA82ED708E}) (Version: 2.0.2.7 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7541 - Realtek Semiconductor Corp.)
RogueKiller version 12.11.3.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.3.0 - Adlice Software)
SafeZone Stable 1.48.2066.101 (x32 Version: 1.48.2066.101 - Avast Software) Hidden
SeaTools for Windows 1.4.0.2 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.2 - Seagate Technology)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SIV (HKLM-x32\...\InstallShield_{AAA057C3-10DC-4EB9-A3D6-8208C1BB7411}) (Version: 1.00.0000 - GIGABYTE)
SIV (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Skype™ 7.36 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.36.101 - Skype Technologies S.A.)
SlimDX Runtime .NET 2.0 (January 2012) (HKLM-x32\...\{014A2868-BE56-4888-A16C-693989B8F153}) (Version: 2.0.13.43 - SlimDX Group)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
System Requirements Lab (HKLM-x32\...\{F89CDED6-B1F1-489F-BA44-698BF6A737C2}) (Version: 6.1.6.0 - Husdawg, LLC)
TagScanner 6.0.14 (HKLM-x32\...\TagScanner_is1) (Version: - Sergey Serkov)
The Sims 3 Complete Collection version 1.67.2 (HKLM-x32\...\The Sims 3 Complete Collection_is1) (Version: 1.67.2 - Mr DJ)
UltraISO Premium V9.61 (HKLM-x32\...\UltraISO_is1) (Version: - )
Vegas Pro 13.0 (64-bit) (HKLM\...\{1EEE0BEE-0BC8-11E5-A19E-F04DA23A5C58}) (Version: 13.0.453 - Sony)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.6 - VideoLAN)
VobSub v2.23 (Remove Only) (HKLM-x32\...\VobSub) (Version: - )
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0-2) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.26.0 (Version: 1.0.26.0 - LunarG, Inc.) Hidden
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
XviD MPEG4 Video Codec (remove only) (HKLM-x32\...\XviD MPEG4 Video Codec) (Version: - )
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS (Version: 11.0.51108 - Microsoft Corporation) Hidden
Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS (x32 Version: 11.0.51108 - Microsoft Corporation) Hidden

ABL89 · Jun 24, 2017

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1901267739-2306482670-2628607035-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {012540A1-0314-4D80-AC5F-4D406688E0B6} - System32\Tasks\Trojan Killer => C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe
Task: {0D408828-6A22-44A5-B279-04776678D285} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {186C61BF-FC6A-49DE-AC85-53DACA7B2481} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {2D3D3389-6675-432C-9CCF-DCC5304C1B26} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {7005A292-E600-420B-9DB2-6219F6346BAE} - System32\Tasks\RtlLanOptimizerVistaStart => C:\Program Files (x86)\Realtek\LanOptimizer\LanOptimizer.exe [2014-04-08] (Realtek Semiconductor)
Task: {973B4E51-7C65-4AA5-9113-011B46059997} - System32\Tasks\{9837E340-EA0E-48CF-8CF6-AA8CA55DCBEE} => pcalua.exe -a "C:\Users\Dwayne\Desktop\Games\World of Goo\World of Goo.exe" -d "C:\Users\Dwayne\Desktop\Games\World of Goo"
Task: {BC541BC1-60FA-44B7-BF87-330A4D11D1FE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-04-11] (Piriform Ltd)
Task: {C3326CB3-A22A-4FE3-AC64-F471080C23DE} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-05-09] (AVAST Software)
Task: {C624E208-7B61-4D03-9474-4F129AEED187} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {CF467402-D184-4748-9651-7FE7C3A4A378} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {D0A8841D-D89A-486C-8804-0658038D3B04} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {D0DBEC76-C9AE-4ACB-A092-16ED12CCB17D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {D2DA5054-ABA1-44A3-85DA-7F3968AEECFF} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-14] (AVAST Software)
Task: {E2B1CA81-BD0F-4CE3-AE05-F27D9AE6C699} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2016-12-23] (Advanced Micro Devices, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\RtlLanOptimizerVistaStart.job => C:\Program Files (x86)\Realtek\LanOptimizer\LanOptimizer.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-09-13 01:51 - 2016-09-13 01:51 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-09-13 01:51 - 2016-09-13 01:51 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-13 01:51 - 2016-09-13 01:51 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2016-09-13 01:51 - 2016-09-13 01:51 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-09-13 01:50 - 2016-09-13 01:50 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-09-13 01:50 - 2016-09-13 01:50 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-09-13 01:51 - 2016-09-13 01:51 - 00191488 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2014-05-21 17:45 - 2014-05-21 17:45 - 00018240 _____ () C:\Program Files (x86)\GIGABYTE\OCBtn\GUP7Serv.exe
2016-09-25 00:20 - 2016-09-25 00:21 - 00189264 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2017-06-21 22:50 - 2017-05-25 14:11 - 02270664 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-05-09 19:49 - 2017-05-09 19:49 - 00162024 _____ () c:\Program Files\AVAST Software\Avast\x64\vaarclient.dll
2017-05-09 19:49 - 2017-05-09 19:49 - 00825960 _____ () C:\Program Files\AVAST Software\Avast\x64\ffl2.dll
2017-05-09 19:49 - 2017-05-09 19:49 - 00275776 _____ () c:\Program Files\AVAST Software\Avast\x64\StreamBack.dll
2017-05-09 19:49 - 2017-05-09 19:49 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-05-09 19:49 - 2017-05-09 19:49 - 00176992 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-05-09 19:49 - 2017-05-09 19:49 - 00223224 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-06-24 18:06 - 2017-06-24 18:06 - 05780320 _____ () C:\Program Files\AVAST Software\Avast\defs\17062402\algo.dll
2017-05-09 19:49 - 2017-05-09 19:49 - 00684656 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-05-09 19:50 - 2017-05-09 19:50 - 00997896 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-05-09 19:50 - 2017-05-09 19:50 - 67717632 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-05-09 19:49 - 2017-05-09 19:49 - 00291824 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2014-06-17 20:24 - 2014-06-17 20:24 - 00311296 _____ () C:\Program Files (x86)\Gigabyte\SIV\MFCCPU.dll
2012-11-28 22:03 - 2012-11-28 22:03 - 00102400 _____ () C:\Program Files (x86)\Gigabyte\SIV\ycc.dll
2017-01-16 13:40 - 2017-01-16 13:40 - 00143824 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2073-12-03 00:47 - 2013-09-16 12:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2017-06-24 19:36 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1901267739-2306482670-2628607035-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Dwayne\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{A93D54BB-ADD6-4302-825C-BF749EFB03A6}] => (Block) %ProgramFiles%\Adobe\Adobe Photoshop Lightroom 5.3\lightroom.exe
FirewallRules: [{8269A5EC-3E7A-42EF-9D7F-E6608400F706}] => (Block) %ProgramFiles%\Adobe\Adobe Photoshop Lightroom 5.3\lightroom.exe
FirewallRules: [{1E790989-B376-4012-A649-5DE2AF4974CD}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{111A0E77-4174-41D1-B398-786DE4DABC33}] => (Allow) C:\Users\Dwayne\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5AEB847A-4D37-4DB9-A6CF-734099A8507F}] => (Allow) C:\Users\Dwayne\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{415711E7-9D1B-42D8-BBCC-985629CBE425}] => (Allow) C:\ProgramData\EmailNotifier\EmailNotifier.exe
FirewallRules: [{28C269A7-8B45-4F4C-8EED-6F70639AC6AF}] => (Allow) C:\ProgramData\EmailNotifier\EmailNotifier.exe
FirewallRules: [{37A8EE81-2A27-4194-ADF3-CAECA869C2FD}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{D0DDF818-8A92-4977-B1A1-A9546932511B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{B897ADF6-B598-4122-9F4A-E5F9766AFB2C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{3C197840-D1C6-41B0-801B-416644DAEEEF}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{E24A2E8E-D3E6-44F6-9D45-1D09A62B13E0}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{EBC50C73-6AA2-4031-AC3D-F397576DBA81}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
FirewallRules: [{8CF14378-37BF-4C40-9D38-DF3586C6CE72}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
FirewallRules: [{AD4031D2-B741-4D9A-B040-28D84BFCA578}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{D56B77C2-37F8-4CAB-9697-F9B7107EECAA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{798726FF-18B4-434C-A687-9BBA2CE782AF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{C0BAFC1B-E3A9-4959-BC83-2451587097D8}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3669\Agent.exe
FirewallRules: [{A80CE272-F4E8-46E8-AEDF-78D4F12737C1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{94B33EF9-F24A-4891-BF44-FBDF21D9797E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3688\Agent.exe
FirewallRules: [{11F9C10B-BE7E-440A-871C-0C98578F3359}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{9D39BDC7-5F7A-4042-9852-9E8F1C5DA061}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3689\Agent.exe
FirewallRules: [{F4BDF236-984F-405B-9E05-DF61A090FFC7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{9B50F8D8-10F5-4C5A-9371-C1C7D9CB1811}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3715\Agent.exe
FirewallRules: [{5044FC10-56BB-4B8C-9394-217E0530794B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1A5B16F9-604E-4C4A-BC0C-672889173EF7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8B2CDA71-B218-400A-8588-239B7AE7E28F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{760F3A16-0FBE-465D-A3C9-00AA7DF31D23}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{FA445A0F-17E1-4C88-A18D-C1EAE5988C58}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{EAFC4F16-8C4C-493D-B11F-91DE3A09F16E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{294CDEE3-B5C5-44BD-9B8A-85D071D44F0C}C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{409B7441-1090-4E99-8142-CA848F212ECD}C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base36144\heroesofthestorm_x64.exe
FirewallRules: [{DD74587E-8545-4F08-9712-09091487885C}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{9E013160-7BA7-4BAA-A5F2-E17C5784A1DE}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{822C371E-2113-43B8-B8F9-41EAB14179E7}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{EBEC6306-1186-4F37-8D84-F4DC51ADDA76}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{8C3DEC25-6525-42EC-8085-F3E103114B09}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{00AEDE38-E35C-438A-B7E3-F5550545BC55}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [TCP Query User{DAE2758E-26DB-41DE-BA28-97C857DFD4B4}C:\program files (x86)\heroes of the storm\versions\base38793\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base38793\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{29675219-359E-4553-9DC2-59B6462AD351}C:\program files (x86)\heroes of the storm\versions\base38793\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base38793\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{455CCE25-FA81-49F7-A722-7DE82E5F1BD9}C:\program files (x86)\heroes of the storm\versions\base39271\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base39271\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{A78C9816-4982-40D9-8CB2-1B4586B80B09}C:\program files (x86)\heroes of the storm\versions\base39271\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base39271\heroesofthestorm_x64.exe
FirewallRules: [{6CDBB02B-666F-4609-BA3F-A7519091786A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{91A969BE-8275-41A4-8F49-DB9B648B819B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{058570A8-661C-4612-BD3F-551E66CBCA35}C:\program files (x86)\freetime\formatfactory\formatfactory.exe] => (Block) C:\program files (x86)\freetime\formatfactory\formatfactory.exe
FirewallRules: [UDP Query User{0D4C21D6-D117-4AC0-A369-D3711383CBF4}C:\program files (x86)\freetime\formatfactory\formatfactory.exe] => (Block) C:\program files (x86)\freetime\formatfactory\formatfactory.exe
FirewallRules: [{84A803FE-9C4B-4610-8981-FF011915C2A8}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{CC171711-D859-4A88-8DAD-E3ECAB6AF783}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{F24AEBF4-D561-4501-9CB0-1AB4B73503C3}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{60F0C249-1092-4E53-B989-CB40D52DF3AA}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{FB3F3808-3974-48D8-8218-2F7EA6A2B107}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{D4D5BB22-C6B0-4773-A2F6-41E99712672D}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{B0F550C8-7EC1-4C4D-B7E3-BCE347FCE5FE}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{544CDB70-D64B-4862-865F-F8C59D9282F0}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{3884AD75-ACF7-44AE-AAC6-317A0E49ABF8}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{93BA78F4-7DC7-4511-9125-D8608EE15D6D}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{D9CA6682-3DA8-4074-9771-92902017C486}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{452F5FD8-5C94-4C00-B479-E93A2063C919}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{E64352D1-CADB-4108-91F6-FE7F10B3E43D}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{6B6DF90F-BE75-499C-AD92-C0862615F15E}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{CCEA7161-6776-42FE-B354-D4C25E0AD27E}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{953F1057-F974-4CC7-B575-D13665D3FE36}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{61429573-D45E-4D02-A13F-91CC4859AB9C}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{CD464FBE-F357-4E64-A82A-C5F4EE28D953}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{BBC83082-9783-4E2C-9E70-D27E6BCF870C}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{23C66819-2F8F-4EE3-B72E-2A121A1BC1A0}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{0EC48BB8-CECF-455F-B038-64A7B3EA21D4}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{6C61B7C7-FDBF-4532-BAF6-53B2E61BB52C}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{4066A2D2-5ABD-4F00-9ED0-E0F1B1783274}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{7A176BF1-2339-4526-893C-4F242D63BC9A}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{11C57C8A-41AE-4823-A8D5-BEFAB9957897}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{31EAF541-BA41-43A9-9A7E-81DB30EF7BC3}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [TCP Query User{030B527C-1D8F-476E-ABDD-A6CA8BA7AE1D}C:\users\dwayne\appdata\roaming\utorrent\updates\3.4.7_42330.exe] => (Allow) C:\users\dwayne\appdata\roaming\utorrent\updates\3.4.7_42330.exe
FirewallRules: [UDP Query User{9D98A521-E177-482D-AE02-F124128EA9F3}C:\users\dwayne\appdata\roaming\utorrent\updates\3.4.7_42330.exe] => (Allow) C:\users\dwayne\appdata\roaming\utorrent\updates\3.4.7_42330.exe
FirewallRules: [{B8B3EFA4-1738-4D69-A141-25416F8F9C7E}] => (Allow) C:\Program Files (x86)\Stellaris\stellaris.exe
FirewallRules: [{BA5DBD3A-FC05-4F68-BA73-6C307600FB63}] => (Allow) C:\Program Files (x86)\Stellaris\stellaris.exe
FirewallRules: [{64AB3760-3367-4912-B008-2405830E999A}] => (Block) %ProgramFiles% (x86)\TagScanner\Tagscan.exe
FirewallRules: [{4444D86B-7C21-40FE-ACBA-FD0A8747DFAD}] => (Block) %ProgramFiles% (x86)\TagScanner\Tagscan.exe
FirewallRules: [{F34AEEF7-54FE-47C6-9A17-934035CD861B}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelDrw.exe
FirewallRules: [{F3B53573-C433-4042-8AA3-AC7155598052}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelPP.exe
FirewallRules: [{C55FA70A-FB5E-4EA0-9F73-514CB6562E23}] => (Block) %ProgramFiles%\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelDRW.exe
FirewallRules: [{1BCD620A-5DDF-4E02-89F7-83F6745C9EC9}] => (Block) %ProgramFiles%\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelPP.exe
FirewallRules: [{17D0307C-B13A-44F3-BFEF-2025275C520F}] => (Allow) C:\Users\Dwayne\AppData\Local\Temp\EPSON L355 Series_Export\Network\EpsonNetSetup\Data\ENEasyApp.exe
FirewallRules: [{81CBF21D-A3AC-466A-B749-E212F538A8C2}] => (Allow) C:\Users\Dwayne\AppData\Local\Temp\EPSON L355 Series_Export\Network\EpsonNetSetup\Data\ENEasyApp.exe
FirewallRules: [{5F42BB47-A4C8-43A2-8E50-46C96DC246B0}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe
FirewallRules: [{5BD831BC-3E9F-404F-9AD3-F67C6D5DD552}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\bmdpaneld.exe
FirewallRules: [{ED21FA07-C0D4-47DD-93F7-D9565544DF1D}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\JLCooperPanelDaemon.exe
FirewallRules: [{18B25A5C-1B15-4F43-BA4D-C625D659A695}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\EuphonixPanelDaemon.exe
FirewallRules: [{ABA78EA3-6BCC-40CD-A604-1E8C8463E745}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\TangentPanelDaemon.exe
FirewallRules: [{0EEB2C95-DF22-491C-B2C1-A87170ADD457}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe
FirewallRules: [{21D7A3ED-E84C-4A78-BEE8-7CB566B6B0BB}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DPDecoder.exe
FirewallRules: [{564C37A0-53C1-4D61-B60B-C4B0BAAD6051}] => (Allow) C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\QtDecoder\QTDecoder.exe
FirewallRules: [{1ACB0FDA-CDED-4180-966C-1C7E240D96A0}] => (Block) %ProgramFiles%\Sony\Vegas Pro 13.0\vegas130.exe
FirewallRules: [{83E504DB-0E3F-4D7C-9830-8439B706ABE2}] => (Block) %ProgramFiles%\Sony\Vegas Pro 13.0\vegas130.exe
FirewallRules: [TCP Query User{7C28DA8E-8ED2-4E23-A599-E05A85B1B174}C:\program files (x86)\battle.net\battle.net.8394\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8394\battle.net.exe
FirewallRules: [UDP Query User{377D5039-2054-4EA8-9839-C7B6B3D630BA}C:\program files (x86)\battle.net\battle.net.8394\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.8394\battle.net.exe
FirewallRules: [TCP Query User{10C751B8-D045-4711-A1D0-A5927796FEA6}C:\program files (x86)\heroes of the storm\versions\base50441\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base50441\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{056B31CE-0534-4311-91FB-27576AA5155C}C:\program files (x86)\heroes of the storm\versions\base50441\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base50441\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{BF78DB98-88E0-4C86-B82D-98464EBAE444}C:\program files (x86)\heroes of the storm\versions\base50950\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base50950\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{6E4A6A3D-579E-4171-B282-F60DD1791DAF}C:\program files (x86)\heroes of the storm\versions\base50950\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base50950\heroesofthestorm_x64.exe

ABL89 · Jun 24, 2017

==================== Restore Points =========================

06-06-2017 18:39:51 Scheduled Checkpoint
09-06-2017 13:09:28 Checkpoint by HitmanPro
14-06-2017 18:57:59 Windows Update
21-06-2017 19:00:48 Scheduled Checkpoint
22-06-2017 01:22:46 JRT Pre-Junkware Removal
24-06-2017 14:07:01 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (06/24/2017 09:29:37 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/24/2017 09:29:37 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/24/2017 09:29:37 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/24/2017 09:29:37 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)

Error: (06/24/2017 09:29:36 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/24/2017 09:29:36 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:
The content index database is corrupt. (HRESULT : 0xc0041800) (0xc0041800)

Error: (06/24/2017 09:29:36 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/24/2017 09:29:36 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (06/24/2017 09:29:36 AM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: The Windows Search Service cannot open the Jet property store.

Details:
0x%08x (0xc0041800 - The content index database is corrupt. (HRESULT : 0xc0041800))

Error: (06/24/2017 09:29:35 AM) (Source: ESENT) (EventID: 455) (User: )
Description: Windows (2772) Windows: Error -1811 occurred while opening logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00B1E.log.

System errors:
=============
Error: (06/24/2017 08:01:55 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the GIGABYTE Adjust service to connect.

Error: (06/24/2017 07:36:56 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (06/24/2017 07:36:20 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (06/24/2017 07:33:20 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (06/24/2017 07:17:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (06/24/2017 07:17:27 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.

Error: (06/24/2017 06:12:35 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (06/24/2017 06:10:06 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Search service hung on starting.

Error: (06/24/2017 03:03:26 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (06/24/2017 03:03:26 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
The dependency service or group failed to start.

CodeIntegrity:
===================================
Date: 2017-06-24 19:36:20.252
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-06-24 19:36:20.153
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 32%
Total physical RAM: 8088.9 MB
Available physical RAM: 5476 MB
Total Virtual: 16279.08 MB
Available Virtual: 13457.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:374.97 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 8C7E1912)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Solved Windows has encountered a critical problem and will restart automatically in one minute...

Posts: 26 +0

Posts: 56,041 +516

Posts: 26 +0

Posts: 26 +0

Posts: 56,041 +516

Posts: 26 +0

Posts: 26 +0

Posts: 26 +0

Posts: 26 +0

Posts: 26 +0

Posts: 56,041 +516

Posts: 26 +0

Posts: 26 +0

Posts: 26 +0

Posts: 26 +0

Posts: 56,041 +516

Posts: 26 +0

Posts: 56,041 +516

Posts: 26 +0

Posts: 26 +0

Posts: 26 +0

Posts: 26 +0

Posts: 26 +0

Posts: 26 +0

Posts: 26 +0

Similar threads