Solved Computer infected, do I upgrade OS or clean Malware first?

Shinritox · Jul 27, 2017

Hey Mr Broni, I've read your post back in late 2014 about scvhost exe blocked.205515
Yes I skimmed all the logs but read every single instruction you've sent/replies from both sides...

So my question is, I'm facing the same problem, but since my Window is on 8, I've been planning to upgrade it to windows 10 for a while now (heard it makes it faster/somethings run smoother) and I'm also too lazy to clean my computer so a clean install/upgrade sounds pretty sweet to me...

so here is my situation

I've caught plenty of virus/malware/trojan (Frethog, Yontoo and others dangerous ones) before but removed using Malwarebyte, Emsisoft Anti-Malware, Hitman Pro etc...

I recently traded my Microsoft Essential Defender for an active BitDefender

and it has been blocking some program/apps, and files

which lead me to believe there are traces of malware left in my system that hasnt been cleaned out yet... because I havent downloaded anything recently....

I'm also tempted to download sophos antivirus to make a bootable usb which used to scan for virus before anything boot up and spyhunter for extra malware removal power.....

However that can wait because I just want to fresh/new system to reinstall everything on....

Do you want me to send you any logs or is it just easier to completely reset my computer and upgrade it to windows 10 haha because the instructions for full clean seems more work/takes more time...

Unless you suggest my machine is beyond saving even from a fresh wipe and upgrade

ps: I also own a 1 TB portable hard drive which I back up my stuff on.... I only use it to connect to this machine but if this machine got infected bunch of times, the chance of my backup hard drive probably got infected too. What do you suggest I should do??

Thank you

I will include a word document with screenshot of what my BitDefender has picked up/blocked (Also I've noticed high disk usage by scvhost exe from time to time.....probably not a good sign....)

Here is the recent full scan log of my pc using BitDefender

<?xml version="1.0" encoding="utf-8"?>
<?xml-stylesheet type="text/xsl" href="C:\Program Files\Bitdefender\Bitdefender Security\ondemand.xsl"?>
<ScanSession creator="Bitdefender Total Security" name="Full Scan" installPath="C:\Program Files\Bitdefender\Bitdefender Security\" creationDate="Sunday, 23 July 2017 11:56:18 AM" originalPath="C:\Users\LocalAdmin.R9KZHA4\AppData\Roaming\Bitdefender\Desktop\Profiles\Logs\46f20000-d48e-4491-6fde-59cfc082d094\1500748387_1_02.xml" >
<ScanSettings
statisticsRefreshInterval="1000"
scanSpeed="1.000000"
lowPriority="0"
enableExclusions="1"
enableTaskExclusions="0"
scanAdware="1"
scanSpyware="1"
scanApplications="1"
scanDialers="1"
scanKeyloggers="1"
scanFiles="1"
scanAllFiles="1"
scanProgramsOnly="0"
useCustomPrograms="0"
customPrograms=""
scanUserDefined="0"
scanPacked="1"
scanArchives="1"
useSmartScan="1"
scanEmails="0"
scanRootkits="0"
scanAllRootkits="0"
scanBoot="1"
scanMemory="1"
scanRegistry="1"
quickScan="0"
quickScanMemory="0"
quickScanAutoruns="0"
quickScanPlugins="0"
scanCookies="1"
shutdownAfter="0"
passwordPrompt="0"
onlyAllowedActions="1"
deepArchiveScan="1"
maxArchiveLevel="15"
maxArchiveSize="10485760"
infectedAction1="1"
infectedAction2="1"
suspectAction1="1"
suspectAction2="1"
rootkitAction="3"
userDefinedExtensions=""
scanPua="-1"
computeSha256Hash="0"
disableIndexer="0"
paranoidAction="1"
>

<Paranoid>
</Paranoid>

<ScanPaths>
<path>C:\</path>
<path>D:\</path>
</ScanPaths>

<ExcludedPaths>
</ExcludedPaths>

<ExcludedExtensions>
</ExcludedExtensions>

</ScanSettings>

<EngineSummary
totalSignatures="9610716"
/>

<ScanSummary
scannedArchives="602"
scannedPacked="1491"
startTime="1500748387"
duration="25908297"
>

<TypeSummary type="1"
scanned="29"
infected="0"
suspicious="0"
disinfected="0"
deleted="0"
moved="0"
moved_reboot="0"
delete_reboot="0"
renamed="0"
hidden="0"
/>

<TypeSummary type="4"
scanned="22"
infected="0"
suspicious="0"
disinfected="0"
deleted="0"
moved="0"
moved_reboot="0"
delete_reboot="0"
renamed="0"
hidden="0"
/>

<TypeSummary type="0"
scanned="2555460"
infected="1"
suspicious="0"
disinfected="0"
deleted="1"
moved="0"
moved_reboot="0"
delete_reboot="0"
renamed="0"
hidden="0"
/>

<TypeSummary type="5"
scanned="0"
infected="0"
suspicious="0"
disinfected="0"
deleted="0"
moved="0"
moved_reboot="0"
delete_reboot="0"
renamed="0"
hidden="0"
/>

<TypeSummary type="2"
scanned="6189"
infected="0"
suspicious="0"
disinfected="0"
deleted="0"
moved="0"
moved_reboot="0"
delete_reboot="0"
renamed="0"
hidden="0"
/>

<TypeSummary type="3"
scanned="6173"
infected="0"
suspicious="0"
disinfected="0"
deleted="0"
moved="0"
moved_reboot="0"
delete_reboot="0"
renamed="0"
hidden="0"
/>

<TypeSummary type="6"
scanned="1823"
infected="0"
suspicious="0"
disinfected="0"
deleted="0"
moved="0"
moved_reboot="0"
delete_reboot="0"
renamed="0"
hidden="0"
/>

</ScanSummary>

<ScanDetails>
<UnresolvedDetails>
</UnresolvedDetails>

<ResolvedDetails>
<Item type="0" objectType="0" path="C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Servbb06b980#\cda879b973b0ff96b40f82c72b3bf104\System.ServiceModel.DomainServices.Server.resources.ni.dll" threatType="0" threatName="Trojan.Generic.20721782" action="3" allActions="1 3" initialStatus="3" finalStatus="5" quarId="" failReason="0" itemHash="" chainHash="no_hash" family="" rtvrType=""></Item>
</ResolvedDetails>

<IgnoredDetails>
</IgnoredDetails>

<QuickScanDetails>
</QuickScanDetails>
<NotScannedDetails
skipped="73818"
ioerrors="0"
archiveBombs="0"
passwordProtected="0"
>

</NotScannedDetails>
</ScanDetails>

</ScanSession>

Broni · Jul 28, 2017

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

Shinritox · Jul 30, 2017

Ok, here is the log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-07-2017

Ran by LocalAdmin (administrator) on R9KZHA4 (30-07-2017 22:39:57)

Running from C:\Users\LocalAdmin.R9KZHA4\Downloads

Loaded Profiles: LocalAdmin (Available Profiles: LocalAdmin & Administrator)

Platform: Windows 8 Enterprise (X64) Language: English (United States)

Internet Explorer Version 10 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\vsserv.exe

(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe

(Lenovo.) C:\Windows\System32\LPlatSvc.exe

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe

(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

(Lenovo.) C:\Windows\System32\LPlatSvc.exe

(Lenovo.) C:\Windows\System32\LPlatSvc.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe

(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe

(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Users\LocalAdmin.R9KZHA4\AppData\Local\SoftEther VPN Client\vpnclient_x64.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe

(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization\Client\AppVClient.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tposd.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe

(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization\Client\AppVStreamingUX.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(uWebb Software) D:\Stuff\Stuff\RealTemp_370\RealTemp.exe

(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\extapsup.exe

(Lenovo.) C:\Windows\System32\TpShocks.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Microsoft Corporation) C:\Windows\System32\StikyNot.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe

(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(Microsoft Corporation) C:\Windows\CCM\CcmExec.exe

(Bitdefender) C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe

(Microsoft Corporation) C:\Windows\CCM\SCNotification.exe

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\seccenter.exe

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdwtxag.exe

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Device Management\dmiface.exe

() C:\Program Files (x86)\Lenovo\System Update\SUService.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Hammer & Chisel, Inc.) C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Discord\app-0.0.297\Discord.exe

(Hammer & Chisel, Inc.) C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Discord\app-0.0.297\Discord.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()

HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)

HKLM\...\Run: [LenovoOptMouseUpdate] => C:\Program Files\Lenovo\HOTKEY\extapsup.exe [250976 2012-08-31] (Lenovo Group Limited)

HKLM\...\Run: [TpShocks] => C:\WINDOWS\system32\TpShocks.exe [382248 2013-02-12] (Lenovo.)

HKLM\...\Run: [SoftEther VPN Client UI Helper] => C:\Users\LocalAdmin.R9KZHA4\AppData\Local\SoftEther VPN Client\vpnclient_x64.exe [4352568 2014-08-26] (SoftEther VPN Project at University of Tsukuba, Japan.)

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-15] (Logitech Inc.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)

HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe [322312 2017-06-27] (Bitdefender)

HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112408 2012-04-17] (Intel Corporation)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)

HKLM-x32\...\Run: [EsBOCOMUserTool] => C:\Program Files (x86)\BOCOM\USBkey 2G\USBkey 2G-WDC-OKey\bocom2g_wdc_mon.exe [436576 2016-07-18] ()

Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-19\...\Run: [PPS Accelerator] => D:\PPS.tv\PPStream\PPSKernel.exe

HKU\S-1-5-20\...\Run: [PPS Accelerator] => D:\PPS.tv\PPStream\PPSKernel.exe

HKU\S-1-5-21-1305087049-1155765426-3812204079-1008\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1058360 2017-07-26] ()

HKU\S-1-5-21-1305087049-1155765426-3812204079-1008\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9818328 2017-06-30] (Piriform Ltd)

HKU\S-1-5-21-1305087049-1155765426-3812204079-1008\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3062560 2017-07-18] (Valve Corporation)

HKU\S-1-5-21-1305087049-1155765426-3812204079-1008\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [405504 2012-07-26] (Microsoft Corporation)

HKU\S-1-5-21-1305087049-1155765426-3812204079-1008\...\Run: [GoogleChromeAutoLaunch_05BC0D9B4EDE854F63BA4586B0896E42] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1197912 2017-06-23] (Google Inc.)

HKU\S-1-5-18\...\Run: [AdobeBridge] => [X]

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk [2014-08-26]

ShortcutTarget: SoftEther VPN Client Manager Startup.lnk -> C:\Users\LocalAdmin.R9KZHA4\AppData\Local\SoftEther VPN Client\vpncmgr_x64.exe (SoftEther VPN Project at University of Tsukuba, Japan.)

Startup: C:\Users\LocalAdmin.R9KZHA4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-03-14]

ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)

Startup: C:\Users\LocalAdmin.R9KZHA4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-03-14]

ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)

Startup: C:\Users\ZHA0003.STHELENA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-11-06]

ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)

Startup: C:\Users\ZHA0003.STHELENA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SkyDrive Pro.lnk [2014-01-31]

ShortcutTarget: SkyDrive Pro.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVE.EXE (Microsoft Corporation)

GroupPolicy: Restriction <==== ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{819A0CA4-7F3E-4585-965D-23FBF31126E2}: [DhcpNameServer] 192.168.8.1

Tcpip\..\Interfaces\{9E9EECF4-F521-4B5A-A65D-1D7E336D18E2}: [DhcpNameServer] 172.20.10.1

Tcpip\..\Interfaces\{EA7490DC-4EA0-42D1-9C4B-9CC00E01988B}: [DhcpNameServer] 192.168.8.1

Internet Explorer:

==================

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKU\S-1-5-21-1305087049-1155765426-3812204079-1008\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

SearchScopes: HKLM -> DefaultScope https://google.com.au URL =

SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-1305087049-1155765426-3812204079-1008 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-1305087049-1155765426-3812204079-1008 -> {2BAB5131-8B83-25EC-225F-35591E27570B} URL = hxxp://www.bing.com/search?FORM=U220DF&PC=U220&q={searchTerms}&src=IE-SearchBox

BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2017-06-27] (Bitdefender)

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-22] (Microsoft Corporation)

BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2017-06-27] (Bitdefender)

BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-25] (Oracle Corporation)

BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-23] (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-25] (Oracle Corporation)

BHO-x32: No Name -> {FB4F6285-4C32-49F2-950F-A5998F9CEC6C} -> No File

Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2017-06-27] (Bitdefender)

Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2017-06-27] (Bitdefender)

Toolbar: HKU\.DEFAULT -> No Name - {5347542D-5636-006A-76A7-7A786E7484D7} - No File

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-04-05] (Skype Technologies)

FireFox:

========

FF ProfilePath: C:\Users\LocalAdmin.R9KZHA4\AppData\Roaming\Mozilla\Firefox\Profiles\dux96u9g.default [2017-07-30]

FF Homepage: Mozilla\Firefox\Profiles\dux96u9g.default -> hxxps://www.google.com.au/

about

references

FF Extension: (Video DownloadHelper) - C:\Users\LocalAdmin.R9KZHA4\AppData\Roaming\Mozilla\Firefox\Profiles\dux96u9g.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-02-09]

FF Extension: (No Name) - C:\Users\LocalAdmin.R9KZHA4\AppData\Roaming\Mozilla\Firefox\Profiles\dux96u9g.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [not found]

FF HKLM\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff

FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff [2017-07-10]

FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext

FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext [2017-07-10] [not signed]

FF HKLM-x32\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff

FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_137.dll [2017-07-12] ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)

FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)

FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-01-23] (Adobe Systems)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-12] ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()

FF Plugin-x32: @baidu.com/npxbdsetup -> C:\WINDOWS\Downloaded Program Files\14217906\npxbdsetup.dll [No File]

FF Plugin-x32: @infosec.com.cn/npinfosec_infosec_netsign -> C:\Program Files (x86)\Infosec NetSign Plugins\npInfosecNetSign.dll [2014-02-19] ( )

FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-25] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-10] (Microsoft Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-05-02] (Pando Networks)

FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll [2013-05-05] (Tencent)

FF Plugin-x32: @qq.com/TXSSO -> C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.38\Bin\npSSOAxCtrlForPTLogin.dll [2011-12-22] ()

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)

FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)

FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)

FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-01-23] (Adobe Systems)

FF Plugin HKU\S-1-5-21-1305087049-1155765426-3812204079-1008: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\LocalAdmin.R9KZHA4\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-12-02] (Unity Technologies ApS)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-02-10] (Microsoft Corporation)

FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\npInfosecNetSign.js [2013-05-17]

Chrome:

=======

CHR DefaultProfile: Default

CHR Profile: C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\Default [2017-07-30]

CHR Extension: (No Name) - C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-07-30]

CHR Extension: (No Name) - C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-07-30]

CHR Extension: (No Name) - C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-07-30]

CHR Extension: (No Name) - C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-30]

CHR Extension: (Adblock Plus) - C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-07-30]

CHR Extension: (uBlock Origin) - C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-07-30]

CHR Extension: (Sword Art Online 09 - 1366x768) - C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\Default\Extensions\clildiljdjhiolnjmibacgkngbhmepck [2017-07-30]

CHR Extension: (No Name) - C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-07-30]

CHR Extension: (Bitdefender Wallet) - C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\Default\Extensions\gannpgaobkkhmpomoijebaigcapoeebl [2017-07-30]

CHR Extension: (No Name) - C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-07-30]

CHR Extension: (Arabic) - C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-07-30]

CHR Extension: (No Name) - C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj [2017-07-30]

CHR Extension: (Command & Conquer Tiberium Alliances) - C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgaeopgjojikeoiidmfaejkifhgjoooe [2017-07-30]

CHR Extension: (ChemReference: Periodic Table) - C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjpnebljmdbglkmlnijcaplhfhkhdnib [2017-07-30]

CHR Extension: (Chrome Web Store Payments) - C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-07-30]

CHR Extension: (No Name) - C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-07-30]

CHR Extension: (Chrome Media Router) - C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-30]

CHR Profile: C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\System Profile [2017-07-30]

CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [8845224 2017-06-29] (Emsisoft Ltd)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)

R2 AppVClient; C:\Program Files\Microsoft Application Virtualization\Client\AppVClient.exe [685208 2013-03-29] (Microsoft Corporation)

R2 bdredline; C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe [2127552 2017-06-29] (Bitdefender)

R2 CcmExec; C:\WINDOWS\CCM\CcmExec.exe [1785528 2016-06-20] (Microsoft Corporation)

S4 CmRcService; C:\WINDOWS\CCM\RemCtrl\CmRcService.exe [698552 2016-06-20] (Microsoft Corporation)

R2 DevMgmtService; C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe [103072 2017-06-27] (Bitdefender)

S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-19] (Microsoft Corporation) [File not signed]

R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22744 2014-10-15] (Microsoft Corporation)

S3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50352 2016-05-31] (Microsoft Corporation)

R2 LPlatSvc; C:\WINDOWS\system32\LPlatSvc.exe [710144 2016-09-06] (Lenovo.)

S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50352 2016-05-31] (Microsoft Corporation)

S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)

R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2014-12-04] ()

R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2012-07-31] (Hewlett-Packard) [File not signed]

S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [3916368 2016-01-10] (INCA Internet Co., Ltd.)

S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2119688 2017-01-07] (Electronic Arts)

S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2180624 2017-01-07] (Electronic Arts)

S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1450824 2017-07-26] (Overwolf LTD)

R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2012-07-31] (Hewlett-Packard) [File not signed]

R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1269824 2017-06-21] (Bitdefender)

R2 SEVPNCLIENT; C:\Users\LocalAdmin.R9KZHA4\AppData\Local\SoftEther VPN Client\vpnclient_x64.exe [4352568 2014-08-26] (SoftEther VPN Project at University of Tsukuba, Japan.)

S3 smstsmgr; C:\WINDOWS\CCM\TSManager.exe [324792 2016-06-20] (Microsoft Corporation)

S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)

R3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [23416 2017-06-09] ()

S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]

R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe [218416 2017-06-27] (Bitdefender)

S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)

R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender Security\vsserv.exe [1421608 2017-06-30] (Bitdefender)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)

R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3820960 2014-12-04] (Intel® Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 atc; C:\WINDOWS\System32\DRIVERS\atc.sys [950160 2017-06-07] (BitDefender S.R.L. Bucharest, ROMANIA)

R0 avc3; C:\WINDOWS\System32\DRIVERS\avc3.sys [1612648 2017-04-19] (BitDefender)

S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [23672 2016-03-14] (Bitdefender)

R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [133088 2017-06-06] (BitDefender LLC)

R0 bdprivmon; C:\WINDOWS\System32\DRIVERS\bdprivmon.sys [47856 2017-05-11] (© Bitdefender SRL)

R1 BDVEDISK; C:\WINDOWS\system32\DRIVERS\bdvedisk.sys [87912 2015-12-04] (BitDefender)

R1 bocomsafetyctrl; C:\WINDOWS\system32\Drivers\bocomsafetyctrlx64.sys [36584 2015-10-08] (Bocom)

R1 epp; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [124552 2016-11-23] (Emsisoft Ltd)

S3 EvolveVirtualAdapter; C:\WINDOWS\system32\DRIVERS\evolve.sys [21656 2013-05-26] (Echobit, LLC)

R0 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [187688 2017-05-11] (BitDefender LLC)

S3 Hamachi; C:\WINDOWS\system32\DRIVERS\Hamdrv.sys [44296 2015-01-20] (LogMeIn Inc.)

R1 HBtnKey; C:\WINDOWS\system32\DRIVERS\wstbtndb.sys [17064 2010-06-28] (Lenovo)

S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [54736 2017-02-21] ()

S0 IFCoEMP; C:\WINDOWS\System32\drivers\ifM60x64.sys [388368 2011-11-30] (Intel(R) Corporation)

S0 IFCoEVB; C:\WINDOWS\System32\drivers\ifP60X64.sys [78096 2011-11-30] (Intel(R) Corporation)

R0 Ignis; C:\WINDOWS\system32\DRIVERS\ignis.sys [346704 2017-06-08] (Bitdefender)

S3 IntcDAud; C:\WINDOWS\system32\DRIVERS\IntcDAud.sys [342528 2012-06-19] (Intel(R) Corporation) [File not signed]

R3 Neo_VPN; C:\WINDOWS\system32\DRIVERS\Neo_VPN.sys [28768 2014-08-22] (SoftEther Project at University of Tsukuba, Japan.)

S3 Netaapl; C:\WINDOWS\system32\DRIVERS\netaapl64.sys [23040 2013-07-25] (Apple Inc.) [File not signed]

R3 NETwNe64; C:\WINDOWS\system32\DRIVERS\NETwew00.sys [3351520 2014-07-02] (Intel Corporation)

S3 nmwcdnsux64; C:\WINDOWS\system32\drivers\nmwcdnsux64.sys [171008 2011-08-17] (Nokia) [File not signed]

S3 prepdrvr; C:\WINDOWS\system32\DRIVERS\prepdrv.sys [26984 2012-11-21] (Microsoft Corporation)

S3 risdxc; C:\WINDOWS\System32\drivers\risdxc64.sys [105472 2012-07-04] (REDC) [File not signed]

R3 SensorsSimulatorDriver; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)

R0 SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [21360 2016-03-22] (IObit)

R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-10-17] (Synaptics Incorporated)

S3 taphss6; C:\WINDOWS\system32\DRIVERS\taphss6.sys [42184 2013-01-20] (Anchorfree Inc.)

R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [439576 2017-04-11] (BitDefender S.R.L.)

S3 USBTINSP; C:\WINDOWS\System32\drivers\tinspusb.sys [142848 2014-06-02] (Texas Instruments) [File not signed]

S3 vpnva; C:\WINDOWS\system32\DRIVERS\vpnva64-6.sys [52592 2016-08-12] (Cisco Systems, Inc.)

S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [35232 2013-01-29] (Microsoft Corporation)

S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [230904 2013-01-29] (Microsoft Corporation)

R3 WinRing0_1_2_0; D:\Stuff\Stuff\RealTemp_370\WinRing0x64.sys [14544 2016-11-02] (OpenLibSys.org)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-30 22:39 - 2017-07-30 22:43 - 00030269 _____ C:\Users\LocalAdmin.R9KZHA4\Downloads\FRST.txt

2017-07-30 22:36 - 2017-07-30 22:39 - 00000000 ____D C:\FRST

2017-07-30 22:36 - 2017-07-30 22:36 - 02381312 _____ (Farbar) C:\Users\LocalAdmin.R9KZHA4\Downloads\FRST64.exe

2017-07-30 22:25 - 2017-07-30 22:25 - 01778176 _____ (Farbar) C:\Users\LocalAdmin.R9KZHA4\Downloads\FRST.exe

2017-07-28 19:24 - 2017-07-28 19:26 - 00000000 ____D C:\Users\LocalAdmin.R9KZHA4\Desktop\LoL Logs

2017-07-28 13:29 - 2017-07-28 13:29 - 00129957 _____ C:\Users\LocalAdmin.R9KZHA4\Desktop\Screenshots.zip

2017-07-27 16:24 - 2017-07-27 16:24 - 00000000 ____D C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Tvsukernel

2017-07-27 16:18 - 2017-07-27 16:26 - 00031152 _____ C:\WINDOWS\system32\Drivers\pmxdrv.sys

2017-07-26 18:54 - 2017-07-26 18:54 - 00001805 _____ C:\Users\LocalAdmin.R9KZHA4\Desktop\Mesg to Broni.txt

2017-07-26 18:44 - 2017-07-26 18:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Lenovo

2017-07-26 18:44 - 2017-06-09 16:09 - 00002092 _____ C:\Users\LocalAdmin.R9KZHA4\AppData\Roaming\Microsoft\Windows\Start Menu\System Update Search.lnk

2017-07-26 18:44 - 2017-06-09 16:09 - 00002092 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\System Update Search.lnk

2017-07-26 18:44 - 2017-06-09 16:09 - 00002092 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\System Update Search.lnk

2017-07-26 18:42 - 2017-07-26 18:42 - 00000000 ____D C:\WINDOWS\net35

2017-07-26 17:53 - 2017-07-26 17:53 - 00001048 _____ C:\Users\LocalAdmin.R9KZHA4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\cmd.lnk

2017-07-26 16:40 - 2017-07-26 16:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 12.0

2017-07-26 11:06 - 2017-07-26 11:06 - 05154856 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2017-07-26 11:02 - 2016-01-06 06:16 - 00826328 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2017-07-26 11:02 - 2016-01-06 06:16 - 00176088 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2017-07-26 10:50 - 2017-07-26 10:50 - 00000000 ___SD C:\WINDOWS\system32\CompatTel

2017-07-26 10:50 - 2017-07-26 10:50 - 00000000 ____D C:\WINDOWS\system32\appraiser

2017-07-25 21:58 - 2014-10-09 14:00 - 01519104 _____ (Microsoft Corporation) C:\WINDOWS\system32\vssapi.dll

2017-07-25 21:58 - 2014-10-09 14:00 - 01484288 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe

2017-07-25 21:58 - 2014-10-09 14:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\vsstrace.dll

2017-07-25 21:58 - 2014-10-09 13:59 - 01195520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vssapi.dll

2017-07-25 21:58 - 2014-10-09 13:59 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vsstrace.dll

2017-07-25 21:20 - 2017-07-25 21:35 - 00000000 ____D C:\WINDOWS\system32\MRT

2017-07-25 20:26 - 2014-07-16 08:51 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys

2017-07-25 17:14 - 2014-04-17 04:20 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll

2017-07-25 17:14 - 2014-04-17 04:20 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll

2017-07-23 21:52 - 2015-08-05 23:52 - 01287680 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll

2017-07-23 20:35 - 2015-03-27 18:07 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptcatsvc.dll

2017-07-23 20:35 - 2014-09-13 16:24 - 02233152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys

2017-07-23 20:35 - 2014-09-03 12:48 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll

2017-07-23 20:35 - 2014-09-03 12:22 - 00188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll

2017-07-23 20:35 - 2014-08-29 14:17 - 02043392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll

2017-07-23 20:35 - 2014-08-29 14:17 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmWmiPl.dll

Shinritox · Jul 30, 2017

Hmm I can't submit the next part for some reason, no matter how little I cut down the text......
Your content can not be submitted. This is likely because your content is spam-like or contains inappropriate elements. Please change your content or try again later. If you still have problems, please contact an administrator.

Broni · Jul 30, 2017

Attach both logs.

Shinritox · Aug 1, 2017

Here is the attachment of both files

Broni · Aug 1, 2017

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-07-2017
Ran by LocalAdmin (administrator) on R9KZHA4 (30-07-2017 22:39:57)
Running from C:\Users\LocalAdmin.R9KZHA4\Downloads
Loaded Profiles: LocalAdmin (Available Profiles: LocalAdmin & Administrator)
Platform: Windows 8 Enterprise (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\vsserv.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Lenovo.) C:\Windows\System32\LPlatSvc.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Lenovo.) C:\Windows\System32\LPlatSvc.exe
(Lenovo.) C:\Windows\System32\LPlatSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Users\LocalAdmin.R9KZHA4\AppData\Local\SoftEther VPN Client\vpnclient_x64.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization\Client\AppVClient.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tposd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization\Client\AppVStreamingUX.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(uWebb Software) D:\Stuff\Stuff\RealTemp_370\RealTemp.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\extapsup.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\CCM\CcmExec.exe
(Bitdefender) C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe
(Microsoft Corporation) C:\Windows\CCM\SCNotification.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\seccenter.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdwtxag.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Device Management\dmiface.exe
() C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hammer & Chisel, Inc.) C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Discord\app-0.0.297\Discord.exe
(Hammer & Chisel, Inc.) C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Discord\app-0.0.297\Discord.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [LenovoOptMouseUpdate] => C:\Program Files\Lenovo\HOTKEY\extapsup.exe [250976 2012-08-31] (Lenovo Group Limited)
HKLM\...\Run: [TpShocks] => C:\WINDOWS\system32\TpShocks.exe [382248 2013-02-12] (Lenovo.)
HKLM\...\Run: [SoftEther VPN Client UI Helper] => C:\Users\LocalAdmin.R9KZHA4\AppData\Local\SoftEther VPN Client\vpnclient_x64.exe [4352568 2014-08-26] (SoftEther VPN Project at University of Tsukuba, Japan.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-15] (Logitech Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe [322312 2017-06-27] (Bitdefender)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112408 2012-04-17] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM-x32\...\Run: [EsBOCOMUserTool] => C:\Program Files (x86)\BOCOM\USBkey 2G\USBkey 2G-WDC-OKey\bocom2g_wdc_mon.exe [436576 2016-07-18] ()
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\Run: [PPS Accelerator] => D:\PPS.tv\PPStream\PPSKernel.exe
HKU\S-1-5-20\...\Run: [PPS Accelerator] => D:\PPS.tv\PPStream\PPSKernel.exe
HKU\S-1-5-21-1305087049-1155765426-3812204079-1008\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1058360 2017-07-26] ()
HKU\S-1-5-21-1305087049-1155765426-3812204079-1008\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9818328 2017-06-30] (Piriform Ltd)
HKU\S-1-5-21-1305087049-1155765426-3812204079-1008\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3062560 2017-07-18] (Valve Corporation)
HKU\S-1-5-21-1305087049-1155765426-3812204079-1008\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [405504 2012-07-26] (Microsoft Corporation)
HKU\S-1-5-21-1305087049-1155765426-3812204079-1008\...\Run: [GoogleChromeAutoLaunch_05BC0D9B4EDE854F63BA4586B0896E42] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1197912 2017-06-23] (Google Inc.)
HKU\S-1-5-18\...\Run: [AdobeBridge] => [X]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk [2014-08-26]
ShortcutTarget: SoftEther VPN Client Manager Startup.lnk -> C:\Users\LocalAdmin.R9KZHA4\AppData\Local\SoftEther VPN Client\vpncmgr_x64.exe (SoftEther VPN Project at University of Tsukuba, Japan.)
Startup: C:\Users\LocalAdmin.R9KZHA4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-03-14]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\LocalAdmin.R9KZHA4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-03-14]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\ZHA0003.STHELENA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-11-06]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\ZHA0003.STHELENA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SkyDrive Pro.lnk [2014-01-31]
ShortcutTarget: SkyDrive Pro.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVE.EXE (Microsoft Corporation)
GroupPolicy: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{819A0CA4-7F3E-4585-965D-23FBF31126E2}: [DhcpNameServer] 192.168.8.1
Tcpip\..\Interfaces\{9E9EECF4-F521-4B5A-A65D-1D7E336D18E2}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{EA7490DC-4EA0-42D1-9C4B-9CC00E01988B}: [DhcpNameServer] 192.168.8.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1305087049-1155765426-3812204079-1008\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope https://google.com.au URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1305087049-1155765426-3812204079-1008 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1305087049-1155765426-3812204079-1008 -> {2BAB5131-8B83-25EC-225F-35591E27570B} URL = hxxp://www.bing.com/search?FORM=U220DF&PC=U220&q={searchTerms}&src=IE-SearchBox
BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2017-06-27] (Bitdefender)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2017-06-27] (Bitdefender)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-25] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-25] (Oracle Corporation)
BHO-x32: No Name -> {FB4F6285-4C32-49F2-950F-A5998F9CEC6C} -> No File
Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2017-06-27] (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2017-06-27] (Bitdefender)
Toolbar: HKU\.DEFAULT -> No Name - {5347542D-5636-006A-76A7-7A786E7484D7} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-04-05] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\LocalAdmin.R9KZHA4\AppData\Roaming\Mozilla\Firefox\Profiles\dux96u9g.default [2017-07-30]
FF Homepage: Mozilla\Firefox\Profiles\dux96u9g.default -> hxxps://www.google.com.au/
about

references
FF Extension: (Video DownloadHelper) - C:\Users\LocalAdmin.R9KZHA4\AppData\Roaming\Mozilla\Firefox\Profiles\dux96u9g.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-02-09]
FF Extension: (No Name) - C:\Users\LocalAdmin.R9KZHA4\AppData\Roaming\Mozilla\Firefox\Profiles\dux96u9g.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [not found]
FF HKLM\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff
FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff [2017-07-10]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext [2017-07-10] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_137.dll [2017-07-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-01-23] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-12] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @baidu.com/npxbdsetup -> C:\WINDOWS\Downloaded Program Files\14217906\npxbdsetup.dll [No File]
FF Plugin-x32: @infosec.com.cn/npinfosec_infosec_netsign -> C:\Program Files (x86)\Infosec NetSign Plugins\npInfosecNetSign.dll [2014-02-19] ( )
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-10] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-05-02] (Pando Networks)
FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll [2013-05-05] (Tencent)
FF Plugin-x32: @qq.com/TXSSO -> C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.38\Bin\npSSOAxCtrlForPTLogin.dll [2011-12-22] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-01-23] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1305087049-1155765426-3812204079-1008: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\LocalAdmin.R9KZHA4\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-12-02] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-02-10] (Microsoft Corporation)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\npInfosecNetSign.js [2013-05-17]

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\Default [2017-07-30]
CHR Extension: (No Name) - C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-07-30]
CHR Extension: (No Name) - C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-07-30]
CHR Extension: (No Name) - C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-07-30]
CHR Extension: (No Name) - C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-30]
CHR Extension: (Adblock Plus) - C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-07-30]
CHR Extension: (uBlock Origin) - C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-07-30]
CHR Extension: (Sword Art Online 09 - 1366x768) - C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\Default\Extensions\clildiljdjhiolnjmibacgkngbhmepck [2017-07-30]
CHR Extension: (No Name) - C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-07-30]
CHR Extension: (Bitdefender Wallet) - C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\Default\Extensions\gannpgaobkkhmpomoijebaigcapoeebl [2017-07-30]
CHR Extension: (No Name) - C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-07-30]
CHR Extension: (Arabic) - C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-07-30]
CHR Extension: (No Name) - C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj [2017-07-30]
CHR Extension: (Command & Conquer Tiberium Alliances) - C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgaeopgjojikeoiidmfaejkifhgjoooe [2017-07-30]
CHR Extension: (ChemReference: Periodic Table) - C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjpnebljmdbglkmlnijcaplhfhkhdnib [2017-07-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-07-30]
CHR Extension: (No Name) - C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-07-30]
CHR Extension: (Chrome Media Router) - C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-30]
CHR Profile: C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\System Profile [2017-07-30]
CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [8845224 2017-06-29] (Emsisoft Ltd)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 AppVClient; C:\Program Files\Microsoft Application Virtualization\Client\AppVClient.exe [685208 2013-03-29] (Microsoft Corporation)
R2 bdredline; C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe [2127552 2017-06-29] (Bitdefender)
R2 CcmExec; C:\WINDOWS\CCM\CcmExec.exe [1785528 2016-06-20] (Microsoft Corporation)
S4 CmRcService; C:\WINDOWS\CCM\RemCtrl\CmRcService.exe [698552 2016-06-20] (Microsoft Corporation)
R2 DevMgmtService; C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe [103072 2017-06-27] (Bitdefender)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-19] (Microsoft Corporation) [File not signed]
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22744 2014-10-15] (Microsoft Corporation)
S3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50352 2016-05-31] (Microsoft Corporation)
R2 LPlatSvc; C:\WINDOWS\system32\LPlatSvc.exe [710144 2016-09-06] (Lenovo.)
S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50352 2016-05-31] (Microsoft Corporation)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2014-12-04] ()
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2012-07-31] (Hewlett-Packard) [File not signed]
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [3916368 2016-01-10] (INCA Internet Co., Ltd.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2119688 2017-01-07] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2180624 2017-01-07] (Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1450824 2017-07-26] (Overwolf LTD)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2012-07-31] (Hewlett-Packard) [File not signed]
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1269824 2017-06-21] (Bitdefender)
R2 SEVPNCLIENT; C:\Users\LocalAdmin.R9KZHA4\AppData\Local\SoftEther VPN Client\vpnclient_x64.exe [4352568 2014-08-26] (SoftEther VPN Project at University of Tsukuba, Japan.)
S3 smstsmgr; C:\WINDOWS\CCM\TSManager.exe [324792 2016-06-20] (Microsoft Corporation)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
R3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [23416 2017-06-09] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe [218416 2017-06-27] (Bitdefender)
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender Security\vsserv.exe [1421608 2017-06-30] (Bitdefender)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-29] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3820960 2014-12-04] (Intel® Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 atc; C:\WINDOWS\System32\DRIVERS\atc.sys [950160 2017-06-07] (BitDefender S.R.L. Bucharest, ROMANIA)
R0 avc3; C:\WINDOWS\System32\DRIVERS\avc3.sys [1612648 2017-04-19] (BitDefender)
S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [23672 2016-03-14] (Bitdefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [133088 2017-06-06] (BitDefender LLC)
R0 bdprivmon; C:\WINDOWS\System32\DRIVERS\bdprivmon.sys [47856 2017-05-11] (© Bitdefender SRL)
R1 BDVEDISK; C:\WINDOWS\system32\DRIVERS\bdvedisk.sys [87912 2015-12-04] (BitDefender)
R1 bocomsafetyctrl; C:\WINDOWS\system32\Drivers\bocomsafetyctrlx64.sys [36584 2015-10-08] (Bocom)
R1 epp; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [124552 2016-11-23] (Emsisoft Ltd)
S3 EvolveVirtualAdapter; C:\WINDOWS\system32\DRIVERS\evolve.sys [21656 2013-05-26] (Echobit, LLC)
R0 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [187688 2017-05-11] (BitDefender LLC)
S3 Hamachi; C:\WINDOWS\system32\DRIVERS\Hamdrv.sys [44296 2015-01-20] (LogMeIn Inc.)
R1 HBtnKey; C:\WINDOWS\system32\DRIVERS\wstbtndb.sys [17064 2010-06-28] (Lenovo)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [54736 2017-02-21] ()
S0 IFCoEMP; C:\WINDOWS\System32\drivers\ifM60x64.sys [388368 2011-11-30] (Intel(R) Corporation)
S0 IFCoEVB; C:\WINDOWS\System32\drivers\ifP60X64.sys [78096 2011-11-30] (Intel(R) Corporation)
R0 Ignis; C:\WINDOWS\system32\DRIVERS\ignis.sys [346704 2017-06-08] (Bitdefender)
S3 IntcDAud; C:\WINDOWS\system32\DRIVERS\IntcDAud.sys [342528 2012-06-19] (Intel(R) Corporation) [File not signed]
R3 Neo_VPN; C:\WINDOWS\system32\DRIVERS\Neo_VPN.sys [28768 2014-08-22] (SoftEther Project at University of Tsukuba, Japan.)
S3 Netaapl; C:\WINDOWS\system32\DRIVERS\netaapl64.sys [23040 2013-07-25] (Apple Inc.) [File not signed]
R3 NETwNe64; C:\WINDOWS\system32\DRIVERS\NETwew00.sys [3351520 2014-07-02] (Intel Corporation)
S3 nmwcdnsux64; C:\WINDOWS\system32\drivers\nmwcdnsux64.sys [171008 2011-08-17] (Nokia) [File not signed]
S3 prepdrvr; C:\WINDOWS\system32\DRIVERS\prepdrv.sys [26984 2012-11-21] (Microsoft Corporation)
S3 risdxc; C:\WINDOWS\System32\drivers\risdxc64.sys [105472 2012-07-04] (REDC) [File not signed]
R3 SensorsSimulatorDriver; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
R0 SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [21360 2016-03-22] (IObit)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-10-17] (Synaptics Incorporated)
S3 taphss6; C:\WINDOWS\system32\DRIVERS\taphss6.sys [42184 2013-01-20] (Anchorfree Inc.)
R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [439576 2017-04-11] (BitDefender S.R.L.)
S3 USBTINSP; C:\WINDOWS\System32\drivers\tinspusb.sys [142848 2014-06-02] (Texas Instruments) [File not signed]
S3 vpnva; C:\WINDOWS\system32\DRIVERS\vpnva64-6.sys [52592 2016-08-12] (Cisco Systems, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [35232 2013-01-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [230904 2013-01-29] (Microsoft Corporation)
R3 WinRing0_1_2_0; D:\Stuff\Stuff\RealTemp_370\WinRing0x64.sys [14544 2016-11-02] (OpenLibSys.org)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-30 22:39 - 2017-07-30 22:43 - 00030269 _____ C:\Users\LocalAdmin.R9KZHA4\Downloads\FRST.txt
2017-07-30 22:36 - 2017-07-30 22:39 - 00000000 ____D C:\FRST
2017-07-30 22:36 - 2017-07-30 22:36 - 02381312 _____ (Farbar) C:\Users\LocalAdmin.R9KZHA4\Downloads\FRST64.exe
2017-07-30 22:25 - 2017-07-30 22:25 - 01778176 _____ (Farbar) C:\Users\LocalAdmin.R9KZHA4\Downloads\FRST.exe
2017-07-28 19:24 - 2017-07-28 19:26 - 00000000 ____D C:\Users\LocalAdmin.R9KZHA4\Desktop\LoL Logs
2017-07-28 13:29 - 2017-07-28 13:29 - 00129957 _____ C:\Users\LocalAdmin.R9KZHA4\Desktop\Screenshots.zip
2017-07-27 16:24 - 2017-07-27 16:24 - 00000000 ____D C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Tvsukernel
2017-07-27 16:18 - 2017-07-27 16:26 - 00031152 _____ C:\WINDOWS\system32\Drivers\pmxdrv.sys
2017-07-26 18:54 - 2017-07-26 18:54 - 00001805 _____ C:\Users\LocalAdmin.R9KZHA4\Desktop\Mesg to Broni.txt
2017-07-26 18:44 - 2017-07-26 18:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Lenovo
2017-07-26 18:44 - 2017-06-09 16:09 - 00002092 _____ C:\Users\LocalAdmin.R9KZHA4\AppData\Roaming\Microsoft\Windows\Start Menu\System Update Search.lnk
2017-07-26 18:44 - 2017-06-09 16:09 - 00002092 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\System Update Search.lnk
2017-07-26 18:44 - 2017-06-09 16:09 - 00002092 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\System Update Search.lnk
2017-07-26 18:42 - 2017-07-26 18:42 - 00000000 ____D C:\WINDOWS\net35
2017-07-26 17:53 - 2017-07-26 17:53 - 00001048 _____ C:\Users\LocalAdmin.R9KZHA4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\cmd.lnk
2017-07-26 16:40 - 2017-07-26 16:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 12.0
2017-07-26 11:06 - 2017-07-26 11:06 - 05154856 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-07-26 11:02 - 2016-01-06 06:16 - 00826328 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-07-26 11:02 - 2016-01-06 06:16 - 00176088 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-07-26 10:50 - 2017-07-26 10:50 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2017-07-26 10:50 - 2017-07-26 10:50 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-07-25 21:58 - 2014-10-09 14:00 - 01519104 _____ (Microsoft Corporation) C:\WINDOWS\system32\vssapi.dll
2017-07-25 21:58 - 2014-10-09 14:00 - 01484288 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2017-07-25 21:58 - 2014-10-09 14:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\vsstrace.dll
2017-07-25 21:58 - 2014-10-09 13:59 - 01195520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vssapi.dll
2017-07-25 21:58 - 2014-10-09 13:59 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vsstrace.dll
2017-07-25 21:20 - 2017-07-25 21:35 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-07-25 20:26 - 2014-07-16 08:51 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2017-07-25 17:14 - 2014-04-17 04:20 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2017-07-25 17:14 - 2014-04-17 04:20 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2017-07-23 21:52 - 2015-08-05 23:52 - 01287680 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2017-07-23 20:35 - 2015-03-27 18:07 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptcatsvc.dll
2017-07-23 20:35 - 2014-09-13 16:24 - 02233152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-07-23 20:35 - 2014-09-03 12:48 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2017-07-23 20:35 - 2014-09-03 12:22 - 00188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll
2017-07-23 20:35 - 2014-08-29 14:17 - 02043392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2017-07-23 20:35 - 2014-08-29 14:17 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmWmiPl.dll
2017-07-23 20:35 - 2014-08-29 14:04 - 02837504 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2017-07-23 20:35 - 2014-08-29 14:04 - 00309248 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll
2017-07-23 20:35 - 2014-08-28 16:04 - 00499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSCOMEX.dll
2017-07-23 20:35 - 2014-08-28 16:04 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSAPI.dll
2017-07-23 20:35 - 2014-08-28 15:59 - 00616448 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSAPI.dll
2017-07-23 20:35 - 2014-08-28 15:59 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSCOMEX.dll
2017-07-23 20:35 - 2014-08-28 15:59 - 00432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSTIFF.dll
2017-07-23 20:35 - 2014-08-28 15:59 - 00254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXST30.dll
2017-07-23 20:35 - 2014-07-24 23:12 - 00328512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2017-07-23 20:35 - 2013-09-14 08:36 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-07-23 20:35 - 2013-09-14 08:36 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ubpm.dll
2017-07-23 20:35 - 2013-09-14 08:36 - 00126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2017-07-23 20:35 - 2013-09-14 08:36 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-07-23 20:35 - 2013-09-14 08:36 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2017-07-23 20:35 - 2013-09-14 08:34 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2017-07-23 20:35 - 2013-09-14 08:33 - 00773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-07-23 20:35 - 2013-09-14 08:33 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2017-07-23 20:35 - 2013-09-14 08:33 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2017-07-23 20:35 - 2013-09-14 08:33 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-07-23 20:35 - 2013-08-30 15:43 - 00061784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crashdmp.sys
2017-07-23 20:35 - 2013-08-30 15:20 - 01173504 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2017-07-23 20:35 - 2013-08-30 09:48 - 00914432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2017-07-23 20:35 - 2013-08-21 16:39 - 00465240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-07-23 20:35 - 2013-08-10 16:30 - 00151896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2017-07-23 20:35 - 2013-07-25 09:10 - 10799104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-07-23 20:35 - 2013-07-25 09:07 - 13661696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-07-23 20:35 - 2013-07-12 11:38 - 00599040 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2017-07-23 20:35 - 2013-07-12 11:30 - 00485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2017-07-23 20:31 - 2015-08-05 00:42 - 08858112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-07-23 20:31 - 2015-08-05 00:42 - 02038784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2017-07-23 20:31 - 2015-08-05 00:42 - 01229824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-07-23 20:31 - 2015-08-05 00:42 - 00356352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2017-07-23 20:31 - 2015-08-05 00:42 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncInfo.dll
2017-07-23 20:31 - 2015-08-04 23:54 - 10116608 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-07-23 20:31 - 2015-08-04 23:54 - 01399808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-07-23 20:31 - 2015-08-04 23:53 - 02307584 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2017-07-23 20:31 - 2015-08-04 23:53 - 00449024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2017-07-23 20:31 - 2015-08-04 23:53 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncInfo.dll
2017-07-23 20:30 - 2015-01-29 18:05 - 01627648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-07-23 20:30 - 2015-01-29 16:19 - 01339392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-07-23 20:28 - 2013-07-02 08:14 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbprint.sys
2017-07-23 20:28 - 2013-06-22 15:45 - 00785624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Wdf01000.sys
2017-07-23 20:28 - 2013-06-22 15:45 - 00054488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdfLdr.sys
2017-07-23 20:27 - 2014-10-09 13:59 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-07-23 20:27 - 2014-10-09 13:58 - 00458240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2017-07-23 20:27 - 2014-09-22 15:38 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-07-23 20:27 - 2014-09-22 13:56 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-07-23 20:27 - 2014-09-18 08:57 - 01346560 _____ (Microsoft Corporation) C:\WINDOWS\system32\srmclient.dll
2017-07-23 20:27 - 2013-07-06 08:02 - 00121984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBAUDIO.sys
2017-07-23 20:27 - 2013-07-06 08:02 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbcir.sys
2017-07-23 20:27 - 2013-07-06 08:01 - 00210560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbvideo.sys
2017-07-23 20:26 - 2014-10-09 13:59 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2017-07-23 20:26 - 2014-09-18 09:24 - 00987136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srmclient.dll
2017-07-23 20:26 - 2014-09-18 09:24 - 00487936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srmscan.dll
2017-07-23 20:26 - 2014-09-18 09:24 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srm.dll
2017-07-23 20:26 - 2014-09-18 09:24 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adrclient.dll
2017-07-23 20:26 - 2014-09-18 08:57 - 00652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\srmscan.dll
2017-07-23 20:26 - 2014-09-18 08:57 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\srm.dll
2017-07-23 20:26 - 2014-09-18 08:57 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\system32\adrclient.dll
2017-07-23 20:19 - 2013-07-09 18:04 - 00120144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys
2017-07-23 20:19 - 2013-07-09 08:46 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2017-07-23 20:19 - 2013-07-09 08:46 - 00370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wwanadvui.dll
2017-07-23 20:19 - 2013-07-03 10:23 - 00778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-07-23 20:19 - 2013-07-03 10:23 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2017-07-23 20:19 - 2013-07-03 10:22 - 02839552 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-07-23 20:19 - 2013-07-03 10:22 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2017-07-23 20:19 - 2013-07-03 10:11 - 00551424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-07-23 20:19 - 2013-07-03 10:11 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll

Broni · Aug 1, 2017

2017-07-23 20:19 - 2013-07-03 10:10 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-07-23 20:19 - 2013-06-29 16:15 - 00195416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-07-23 20:19 - 2013-06-29 16:15 - 00125784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-07-23 20:19 - 2013-06-29 11:12 - 01022464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-07-23 20:19 - 2013-06-26 12:59 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\HdAudio.sys
2017-07-23 20:19 - 2013-06-25 08:54 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-07-23 20:19 - 2013-06-25 08:54 - 00263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-07-23 20:19 - 2013-06-25 08:54 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2017-07-23 20:19 - 2013-06-19 15:36 - 00183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmmbase.dll
2017-07-23 20:19 - 2013-06-19 15:36 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmm.dll
2017-07-23 20:19 - 2013-06-19 08:38 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmmbase.dll
2017-07-23 20:19 - 2013-06-19 08:38 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmm.dll
2017-07-23 20:19 - 2013-06-12 09:26 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-07-23 20:19 - 2013-06-06 18:03 - 00119040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2017-07-23 20:18 - 2013-07-09 13:57 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationApi.dll
2017-07-23 20:18 - 2013-07-09 08:46 - 00543744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2017-07-23 20:18 - 2013-07-09 08:45 - 00312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationApi.dll
2017-07-23 20:18 - 2013-07-01 08:30 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\openfiles.exe
2017-07-23 20:18 - 2013-07-01 08:29 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\openfiles.exe
2017-07-23 20:18 - 2013-06-26 13:01 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2017-07-23 20:18 - 2013-06-12 09:43 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-07-23 20:16 - 2015-02-24 17:58 - 00861696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2017-07-23 20:11 - 2013-05-04 17:58 - 00120736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2017-07-23 20:11 - 2013-05-04 17:34 - 00284416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2017-07-23 20:11 - 2013-05-04 16:59 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Magnify.exe
2017-07-23 20:11 - 2013-05-04 16:58 - 00470528 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2017-07-23 20:11 - 2013-05-04 16:58 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2017-07-23 20:11 - 2013-05-04 16:58 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2017-07-23 20:11 - 2013-05-04 16:58 - 00151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofm.dll
2017-07-23 20:11 - 2013-05-04 16:58 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2017-07-23 20:11 - 2013-05-04 16:57 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-07-23 20:11 - 2013-05-04 16:57 - 00820736 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpprefcl.dll
2017-07-23 20:11 - 2013-05-04 16:57 - 00708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2017-07-23 20:11 - 2013-05-04 16:57 - 00560640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-07-23 20:11 - 2013-05-04 16:57 - 00501760 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2017-07-23 20:11 - 2013-05-04 16:57 - 00389120 _____ (Microsoft Corporation) C:\WINDOWS\system32\BCP47Langs.dll
2017-07-23 20:11 - 2013-05-04 16:56 - 00419840 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2017-07-23 20:11 - 2013-05-04 14:57 - 00303616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2017-07-23 20:11 - 2013-05-04 14:57 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netplwiz.dll
2017-07-23 20:11 - 2013-05-04 14:51 - 00014848 _____ (Microsoft) C:\WINDOWS\system32\rars.rs
2017-07-23 20:11 - 2013-05-04 14:10 - 00014848 _____ (Microsoft) C:\WINDOWS\SysWOW64\rars.rs
2017-07-23 20:10 - 2013-05-04 16:57 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-07-23 20:10 - 2013-05-04 16:57 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\biwinrt.dll
2017-07-23 20:10 - 2013-05-04 16:57 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\muifontsetup.dll
2017-07-23 20:10 - 2013-05-04 14:58 - 00758784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Magnify.exe
2017-07-23 20:10 - 2013-05-04 14:57 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netprofm.dll
2017-07-23 20:10 - 2013-05-04 14:57 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\npmproxy.dll
2017-07-23 20:10 - 2013-05-04 14:57 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\muifontsetup.dll
2017-07-23 20:10 - 2013-05-04 14:56 - 00582144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpprefcl.dll
2017-07-23 20:10 - 2013-05-04 14:56 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2017-07-23 20:10 - 2013-05-04 14:56 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-07-23 20:10 - 2013-05-04 14:56 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BCP47Langs.dll
2017-07-23 20:10 - 2013-05-04 14:56 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\biwinrt.dll
2017-07-23 20:10 - 2013-05-04 14:55 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2017-07-23 20:07 - 2013-05-15 12:25 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-07-23 20:07 - 2013-05-15 12:25 - 00542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2017-07-23 20:07 - 2013-05-15 12:24 - 00793088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-07-23 20:07 - 2013-05-15 12:24 - 00482816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2017-07-23 20:06 - 2015-07-14 07:23 - 01744384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2017-07-23 20:06 - 2015-07-14 07:23 - 01422336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2017-07-23 20:06 - 2015-07-14 07:05 - 02340864 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2017-07-23 20:06 - 2015-07-14 07:05 - 01850880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-07-23 20:06 - 2014-12-08 16:48 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2017-07-23 20:06 - 2014-12-08 15:04 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2017-07-23 20:06 - 2014-12-06 17:52 - 00384000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2017-07-23 20:06 - 2014-12-06 17:52 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2017-07-23 20:06 - 2014-12-06 17:52 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2017-07-23 20:06 - 2014-12-06 16:09 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2017-07-23 20:06 - 2014-07-07 15:53 - 01125376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2017-07-23 20:06 - 2014-07-07 15:52 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-07-23 20:06 - 2014-07-07 15:52 - 00724992 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2017-07-23 20:06 - 2014-07-07 15:52 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsta.dll
2017-07-23 20:06 - 2014-07-07 15:51 - 05982208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-07-23 20:06 - 2014-07-07 14:01 - 01049600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2017-07-23 20:06 - 2014-07-07 14:01 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winsta.dll
2017-07-23 20:06 - 2014-07-07 14:00 - 05095424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-07-23 20:06 - 2014-07-07 13:59 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aaclient.dll
2017-07-23 20:06 - 2014-05-03 13:34 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-07-23 20:06 - 2013-04-24 09:13 - 01013248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-07-23 20:06 - 2013-04-24 09:12 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptnet.dll
2017-07-23 20:06 - 2013-04-24 08:56 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-07-23 20:06 - 2013-04-24 08:55 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptnet.dll
2017-07-23 20:05 - 2015-10-11 16:45 - 01160192 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2017-07-23 20:05 - 2015-10-11 16:45 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2017-07-23 20:05 - 2015-03-04 17:29 - 00361280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-07-23 20:05 - 2015-03-04 16:39 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2017-07-23 20:05 - 2015-03-04 14:52 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2017-07-23 20:05 - 2014-12-18 18:51 - 00096576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2017-07-23 20:05 - 2014-12-18 16:52 - 00889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2017-07-23 20:05 - 2014-12-18 16:20 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2017-07-23 20:05 - 2014-05-02 08:37 - 01023488 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-07-23 20:05 - 2014-04-30 08:32 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
2017-07-23 20:05 - 2014-04-30 08:32 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe
2017-07-23 20:05 - 2014-04-24 09:51 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2017-07-23 20:05 - 2014-04-24 09:51 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2017-07-23 20:05 - 2014-04-24 09:38 - 00693760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2017-07-23 20:05 - 2014-04-24 09:38 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2017-07-23 20:05 - 2014-01-31 10:48 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-07-23 20:05 - 2013-08-16 15:21 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-07-23 20:05 - 2013-07-01 11:42 - 00623448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2017-07-23 20:05 - 2013-07-01 11:42 - 00498008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2017-07-23 20:05 - 2013-07-01 11:42 - 00079192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2017-07-23 20:05 - 2013-07-01 11:42 - 00021848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2017-07-23 20:05 - 2013-06-29 13:07 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2017-07-23 20:05 - 2013-06-29 13:06 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2017-07-23 20:05 - 2013-06-11 05:15 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2017-07-23 20:05 - 2013-06-11 05:10 - 00245248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2017-07-23 20:04 - 2015-09-29 13:33 - 06971224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-07-23 20:04 - 2015-09-23 03:53 - 01405408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-07-23 20:04 - 2015-09-23 03:53 - 01273184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-07-23 20:04 - 2013-05-25 08:09 - 01217352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-07-23 20:04 - 2013-05-25 08:09 - 01093904 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-07-23 19:56 - 2014-12-06 17:53 - 00458240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-07-23 19:56 - 2014-12-06 17:53 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2017-07-23 19:56 - 2014-12-06 17:51 - 00370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-07-23 19:56 - 2014-12-06 16:10 - 00355840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-07-23 19:56 - 2014-12-06 16:10 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2017-07-23 19:56 - 2014-12-06 16:09 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-07-23 19:56 - 2013-07-09 16:18 - 00439488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-07-23 19:56 - 2013-07-09 14:25 - 00385768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-07-23 19:54 - 2015-02-26 14:35 - 04063232 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-07-23 19:54 - 2013-10-31 15:56 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-07-23 19:54 - 2013-10-31 15:56 - 00758784 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2017-07-23 19:54 - 2013-10-31 14:01 - 00550400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2017-07-23 19:54 - 2013-10-31 13:42 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys
2017-07-23 19:54 - 2013-10-14 06:49 - 00100696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\disk.sys
2017-07-23 19:54 - 2013-08-27 15:21 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2017-07-23 19:54 - 2013-08-27 15:19 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2017-07-23 19:54 - 2013-08-27 08:29 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2017-07-23 19:54 - 2013-08-27 08:28 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
2017-07-23 19:52 - 2014-03-11 10:38 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-07-23 19:50 - 2014-03-11 10:41 - 00559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\objsel.dll
2017-07-23 19:50 - 2014-03-11 10:38 - 00684032 _____ (Microsoft Corporation) C:\WINDOWS\system32\objsel.dll
2017-07-23 19:50 - 2014-03-11 10:38 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2017-07-23 19:50 - 2014-03-10 13:05 - 00668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-07-23 19:49 - 2014-03-11 10:41 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dimsroam.dll
2017-07-23 19:49 - 2014-03-11 10:38 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dimsroam.dll
2017-07-23 19:44 - 2013-07-02 11:41 - 00337752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-07-23 19:44 - 2013-07-02 11:41 - 00213336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UCX01000.SYS
2017-07-23 19:35 - 2015-10-28 00:46 - 00668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-07-23 19:35 - 2015-10-28 00:46 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2017-07-23 19:35 - 2015-10-28 00:29 - 00171864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2017-07-23 19:35 - 2015-10-27 23:55 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2017-07-23 19:35 - 2015-10-27 23:54 - 00830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-07-23 19:35 - 2015-10-27 23:54 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
2017-07-23 19:35 - 2015-10-27 23:54 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2017-07-23 19:35 - 2015-10-02 09:55 - 01043968 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2017-07-23 19:35 - 2015-10-02 09:55 - 00588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2017-07-23 19:35 - 2015-09-29 12:02 - 00961536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2017-07-23 19:35 - 2015-09-29 12:02 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2017-07-23 19:35 - 2015-09-23 23:10 - 00570256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-07-23 19:35 - 2015-09-23 23:10 - 00377552 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2017-07-23 19:35 - 2015-09-23 23:10 - 00332576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-07-23 19:34 - 2015-10-28 00:46 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll
2017-07-23 19:34 - 2015-10-28 00:46 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2017-07-23 19:33 - 2015-09-12 23:09 - 00414559 _____ C:\WINDOWS\system32\ApnDatabase.xml
2017-07-23 19:29 - 2015-12-05 02:29 - 01636784 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2017-07-23 19:29 - 2015-12-05 02:12 - 00793312 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2017-07-23 19:29 - 2015-12-05 02:12 - 00522752 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2017-07-23 19:29 - 2015-12-05 02:12 - 00446872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-07-23 19:29 - 2015-12-05 02:12 - 00253624 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2017-07-23 19:29 - 2015-12-05 00:55 - 00612528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2017-07-23 19:29 - 2015-12-05 00:55 - 00463880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2017-07-23 19:29 - 2015-12-05 00:55 - 00324456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-07-23 19:29 - 2015-12-05 00:52 - 02842112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2017-07-23 19:29 - 2015-12-05 00:52 - 02615808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVENCOD.DLL
2017-07-23 19:29 - 2015-12-05 00:52 - 01770496 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2017-07-23 19:29 - 2015-12-05 00:52 - 01376256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2017-07-23 19:29 - 2015-12-05 00:52 - 01350656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOE.DLL
2017-07-23 19:29 - 2015-12-05 00:52 - 01150464 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-07-23 19:29 - 2015-12-05 00:52 - 01100800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2017-07-23 19:29 - 2015-12-05 00:52 - 01073664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
2017-07-23 19:29 - 2015-12-05 00:52 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVXENCD.DLL
2017-07-23 19:29 - 2015-12-05 00:52 - 00577536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSDECD.DLL
2017-07-23 19:29 - 2015-12-05 00:52 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSENCD.DLL
2017-07-23 19:29 - 2015-12-05 00:51 - 02893824 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-07-23 19:29 - 2015-12-05 00:51 - 01593344 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-07-23 19:29 - 2015-12-05 00:51 - 01527808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-07-23 19:29 - 2015-12-05 00:51 - 01208832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL
2017-07-23 19:29 - 2015-12-05 00:51 - 01174016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-07-23 19:29 - 2015-12-05 00:51 - 01138688 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
2017-07-23 19:29 - 2015-12-05 00:51 - 00783872 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-07-23 19:29 - 2015-12-05 00:51 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2017-07-23 19:29 - 2015-12-05 00:51 - 00677888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-07-23 19:29 - 2015-12-05 00:51 - 00666112 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP4SDECD.DLL
2017-07-23 19:29 - 2015-12-05 00:51 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2017-07-23 19:29 - 2015-12-05 00:51 - 00476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFWMAAEC.DLL
2017-07-23 19:29 - 2015-12-05 00:51 - 00406016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-07-23 19:29 - 2015-12-05 00:51 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-07-23 19:29 - 2015-12-05 00:51 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2017-07-23 19:29 - 2015-12-05 00:51 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\VIDRESZR.DLL
2017-07-23 19:29 - 2015-12-05 00:51 - 00245248 _____ (Microsoft Corporation) C:\WINDOWS\system32\qasf.dll
2017-07-23 19:29 - 2015-12-05 00:51 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2017-07-23 19:29 - 2015-12-05 00:51 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPG4DECD.DLL
2017-07-23 19:29 - 2015-12-05 00:51 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP43DECD.DLL
2017-07-23 19:29 - 2015-12-05 00:51 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\RESAMPLEDMO.DLL
2017-07-23 19:29 - 2015-12-05 00:51 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-07-23 19:29 - 2015-12-05 00:51 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\COLORCNV.DLL
2017-07-23 19:29 - 2015-12-05 00:51 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-07-23 19:29 - 2015-12-05 00:51 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
2017-07-23 19:29 - 2015-12-05 00:51 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\devenum.dll
2017-07-23 19:29 - 2015-12-05 00:51 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfvdsp.dll
2017-07-23 19:29 - 2015-12-05 00:46 - 02620928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2017-07-23 19:29 - 2015-12-05 00:46 - 02312704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVENCOD.DLL
2017-07-23 19:29 - 2015-12-05 00:46 - 01468928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2017-07-23 19:29 - 2015-12-05 00:46 - 01374208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-07-23 19:29 - 2015-12-05 00:46 - 00904192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2017-07-23 19:29 - 2015-12-05 00:46 - 00893952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-07-23 19:29 - 2015-12-05 00:46 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOE.DLL
2017-07-23 19:29 - 2015-12-05 00:46 - 00722944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVXENCD.DLL
2017-07-23 19:29 - 2015-12-05 00:46 - 00677888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
2017-07-23 19:29 - 2015-12-05 00:46 - 00487936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSDECD.DLL
2017-07-23 19:29 - 2015-12-05 00:46 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2017-07-23 19:29 - 2015-12-05 00:46 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSENCD.DLL
2017-07-23 19:29 - 2015-12-05 00:46 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-07-23 19:29 - 2015-12-05 00:46 - 00208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RESAMPLEDMO.DLL
2017-07-23 19:29 - 2015-12-05 00:46 - 00189440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qasf.dll
2017-07-23 19:29 - 2015-12-05 00:46 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VIDRESZR.DLL
2017-07-23 19:29 - 2015-12-05 00:45 - 02400256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2017-07-23 19:29 - 2015-12-05 00:45 - 01453568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-07-23 19:29 - 2015-12-05 00:45 - 00946688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
2017-07-23 19:29 - 2015-12-05 00:45 - 00929792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-07-23 19:29 - 2015-12-05 00:45 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
2017-07-23 19:29 - 2015-12-05 00:45 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFWMAAEC.DLL
2017-07-23 19:29 - 2015-12-05 00:45 - 00571392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2017-07-23 19:29 - 2015-12-05 00:45 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-07-23 19:29 - 2015-12-05 00:45 - 00546304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2017-07-23 19:29 - 2015-12-05 00:45 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP4SDECD.DLL
2017-07-23 19:29 - 2015-12-05 00:45 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-07-23 19:29 - 2015-12-05 00:45 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MPG4DECD.DLL
2017-07-23 19:29 - 2015-12-05 00:45 - 00251392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP43DECD.DLL
2017-07-23 19:29 - 2015-12-05 00:45 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2017-07-23 19:29 - 2015-12-05 00:45 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\COLORCNV.DLL
2017-07-23 19:29 - 2015-12-05 00:45 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
2017-07-23 19:29 - 2015-12-05 00:45 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2017-07-23 19:29 - 2015-12-05 00:45 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devenum.dll
2017-07-23 19:29 - 2015-12-05 00:45 - 00054272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfvdsp.dll
2017-07-23 19:29 - 2015-12-04 05:57 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\drmk.sys
2017-07-23 19:29 - 2014-12-06 17:51 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2017-07-23 19:29 - 2013-09-28 13:35 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2017-07-23 19:18 - 2013-07-13 16:18 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2017-07-23 19:18 - 2013-07-13 16:16 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptsvc.dll
2017-07-23 19:18 - 2013-07-13 16:15 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2017-07-23 19:18 - 2013-07-13 16:15 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2017-07-23 19:18 - 2013-07-13 14:24 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2017-07-23 19:18 - 2013-07-13 14:23 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2017-07-23 19:18 - 2013-07-13 14:23 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2017-07-23 19:16 - 2015-11-05 19:55 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys

Broni · Aug 1, 2017

2017-07-23 19:16 - 2013-10-10 19:32 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscript.exe
2017-07-23 19:16 - 2013-10-10 19:30 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrobj.dll
2017-07-23 19:16 - 2013-10-10 19:30 - 00156160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
2017-07-23 19:16 - 2013-10-10 19:24 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2017-07-23 19:16 - 2013-10-10 19:23 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscript.exe
2017-07-23 19:16 - 2013-10-10 19:22 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrobj.dll
2017-07-23 19:16 - 2013-10-10 19:22 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2017-07-23 19:15 - 2013-12-05 09:43 - 00583680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdrm.dll
2017-07-23 19:15 - 2013-12-05 09:37 - 00451072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdrm.dll
2017-07-23 18:57 - 2015-10-13 23:16 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2017-07-23 18:57 - 2015-10-13 23:16 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-07-23 18:57 - 2014-01-13 09:30 - 02238976 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2017-07-23 18:57 - 2014-01-13 09:30 - 02032640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-07-23 18:57 - 2013-11-20 10:15 - 03842560 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-07-23 18:57 - 2013-11-20 09:57 - 03288576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-07-23 18:56 - 2015-03-12 15:31 - 02048000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2017-07-23 18:56 - 2015-03-12 15:31 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WPDShServiceObj.dll
2017-07-23 18:56 - 2015-03-12 13:52 - 01933312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2017-07-23 18:55 - 2013-08-23 17:22 - 02062848 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2017-07-23 18:55 - 2013-08-23 11:44 - 01711616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2017-07-23 18:51 - 2013-03-22 13:49 - 02382336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2017-07-23 18:51 - 2013-03-22 08:47 - 02851840 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2017-07-23 18:48 - 2015-07-16 02:09 - 00095064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2017-07-23 18:48 - 2015-07-16 02:06 - 01824296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-07-23 18:48 - 2015-07-15 23:49 - 01410000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-07-23 18:48 - 2015-07-15 23:29 - 01333248 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2017-07-23 18:48 - 2015-06-27 23:55 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-07-23 18:48 - 2015-06-27 23:46 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-07-23 18:48 - 2015-06-26 04:29 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-07-23 18:48 - 2015-06-26 04:27 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-07-23 18:48 - 2015-05-02 16:28 - 00100184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-07-23 18:48 - 2015-01-15 21:43 - 01282560 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-07-23 18:48 - 2015-01-15 19:38 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2017-07-23 18:48 - 2015-01-15 19:09 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2017-07-23 18:48 - 2014-03-11 10:39 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2017-07-23 18:48 - 2014-03-11 10:38 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2017-07-23 18:48 - 2014-03-11 10:38 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2017-07-23 18:48 - 2014-03-10 11:27 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2017-07-23 18:43 - 2016-06-26 04:28 - 00050368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-07-23 18:43 - 2016-06-26 01:55 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-07-23 18:43 - 2016-06-26 01:55 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-07-23 18:43 - 2016-06-26 01:55 - 00544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-07-23 18:43 - 2016-06-26 01:55 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-07-23 18:43 - 2016-06-26 01:55 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\centel.dll
2017-07-23 18:43 - 2016-06-26 01:55 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-07-23 18:43 - 2016-06-26 01:55 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-07-23 18:43 - 2016-06-17 23:09 - 01208320 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-07-23 18:43 - 2016-06-04 19:42 - 00405504 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2017-07-23 18:41 - 2013-04-09 15:33 - 00489576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-07-23 18:41 - 2013-04-09 15:20 - 00306952 _____ (Microsoft Corporation) C:\WINDOWS\system32\kd_02_10ec.dll
2017-07-23 18:41 - 2013-04-09 15:14 - 01455880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-07-23 18:41 - 2013-04-09 14:52 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-07-23 18:41 - 2013-04-09 14:52 - 00804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-07-23 18:41 - 2013-04-09 14:52 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2017-07-23 18:41 - 2013-04-09 14:51 - 14267904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-07-23 18:41 - 2013-04-09 14:51 - 03552768 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-07-23 18:41 - 2013-04-09 14:51 - 00595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2017-07-23 18:41 - 2013-04-09 14:51 - 00523264 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2017-07-23 18:41 - 2013-04-09 14:51 - 00456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-07-23 18:41 - 2013-04-09 14:51 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\system32\conhost.exe
2017-07-23 18:41 - 2013-04-09 14:50 - 02107904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-07-23 18:41 - 2013-04-09 14:50 - 00435200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2017-07-23 18:41 - 2013-04-09 14:49 - 01444864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2017-07-23 18:41 - 2013-04-09 14:49 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2017-07-23 18:41 - 2013-04-09 12:32 - 00805376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys
2017-07-23 18:41 - 2013-04-09 09:37 - 00426024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-07-23 18:41 - 2013-04-09 07:52 - 11878912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2017-07-23 18:41 - 2013-04-09 07:52 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-07-23 18:41 - 2013-04-09 07:52 - 00302592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-07-23 18:41 - 2013-04-09 07:51 - 02767360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-07-23 18:41 - 2013-04-09 07:51 - 01593344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-07-23 18:41 - 2013-04-09 07:51 - 01113600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2017-07-23 18:41 - 2013-04-09 07:51 - 00403968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2017-07-23 18:41 - 2013-03-16 08:05 - 00298456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2017-07-23 18:41 - 2013-03-16 08:05 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2017-07-23 18:40 - 2013-04-09 15:20 - 00086280 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2017-07-23 18:40 - 2013-04-09 15:18 - 00077960 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdvm.dll
2017-07-23 18:40 - 2013-04-09 14:52 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2017-07-23 18:40 - 2013-04-09 14:51 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2017-07-23 18:40 - 2013-04-09 14:50 - 00745984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2017-07-23 18:40 - 2013-04-09 14:50 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\GenuineCenter.dll
2017-07-23 18:40 - 2013-04-09 14:50 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-07-23 18:40 - 2013-04-09 14:50 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2017-07-23 18:40 - 2013-04-09 14:50 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\msshooks.dll
2017-07-23 18:40 - 2013-04-09 14:49 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-07-23 18:40 - 2013-04-09 14:49 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2017-07-23 18:40 - 2013-04-09 14:49 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhengine.dll
2017-07-23 18:40 - 2013-04-09 14:49 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
2017-07-23 18:40 - 2013-04-09 14:49 - 00196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmvdsitf.dll
2017-07-23 18:40 - 2013-04-09 14:49 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\fmifs.dll
2017-07-23 18:40 - 2013-04-09 12:34 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2017-07-23 18:40 - 2013-04-09 12:33 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2017-07-23 18:40 - 2013-04-09 12:31 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2017-07-23 18:40 - 2013-04-09 09:44 - 00123880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2017-07-23 18:40 - 2013-04-09 07:52 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2017-07-23 18:40 - 2013-04-09 07:52 - 00171008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFilterHost.exe
2017-07-23 18:40 - 2013-04-09 07:51 - 00659456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2017-07-23 18:40 - 2013-04-09 07:51 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2017-07-23 18:40 - 2013-04-09 07:51 - 00361984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-07-23 18:40 - 2013-04-09 07:51 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2017-07-23 18:40 - 2013-04-09 07:51 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssphtb.dll
2017-07-23 18:40 - 2013-04-09 07:51 - 00155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmvdsitf.dll
2017-07-23 18:40 - 2013-04-09 07:51 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fmifs.dll
2017-07-23 18:40 - 2013-04-09 07:51 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssprxy.dll
2017-07-23 18:40 - 2013-04-09 07:51 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msshooks.dll
2017-07-23 18:40 - 2013-04-05 09:30 - 00503080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-07-23 18:40 - 2012-12-13 14:00 - 00002048 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-07-23 18:40 - 2012-12-13 13:59 - 00002048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-07-23 18:39 - 2013-08-02 16:28 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2017-07-23 18:39 - 2013-08-02 15:08 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2017-07-23 18:39 - 2013-07-25 09:10 - 00158208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mbsmsapi.dll
2017-07-23 18:39 - 2013-07-25 09:06 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mbsmsapi.dll
2017-07-23 18:39 - 2013-07-13 16:15 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\appmgr.dll
2017-07-23 18:39 - 2013-07-13 14:23 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appmgr.dll
2017-07-23 18:39 - 2013-04-10 09:17 - 01125888 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-07-23 18:39 - 2013-04-10 08:29 - 00893952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-07-23 18:38 - 2015-01-07 17:34 - 00116032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mup.sys
2017-07-23 18:38 - 2015-01-07 16:40 - 01246720 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2017-07-23 18:38 - 2015-01-07 16:40 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2017-07-23 18:38 - 2015-01-07 14:58 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpapi.dll
2017-07-23 18:38 - 2015-01-07 14:27 - 00425472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2017-07-23 18:38 - 2015-01-07 14:27 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2017-07-23 18:38 - 2015-01-07 14:25 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2017-07-23 18:38 - 2013-08-03 16:40 - 01374208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdc.dll
2017-07-23 18:38 - 2013-08-03 16:40 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wvc.dll
2017-07-23 18:38 - 2013-08-03 16:40 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmon.ocx
2017-07-23 18:38 - 2013-08-03 15:14 - 00399360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sysmon.ocx
2017-07-23 18:38 - 2013-08-03 15:13 - 01245696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdc.dll
2017-07-23 18:38 - 2013-08-03 15:13 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wvc.dll
2017-07-23 18:36 - 2014-08-30 15:47 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2017-07-23 18:36 - 2014-08-30 14:04 - 02416128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2017-07-23 18:36 - 2014-07-24 23:50 - 00447296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-07-23 18:36 - 2014-07-17 09:28 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sscore.dll
2017-07-23 18:36 - 2014-07-17 08:59 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2017-07-23 18:36 - 2014-07-17 08:59 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscore.dll
2017-07-23 18:36 - 2014-07-12 16:45 - 01549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2017-07-23 18:36 - 2014-07-12 14:36 - 00674304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-07-23 18:36 - 2014-07-12 14:34 - 00250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2017-07-23 18:36 - 2014-06-28 16:57 - 01341952 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-07-23 18:36 - 2014-06-28 12:23 - 01126400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-07-23 18:36 - 2014-06-13 09:34 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2017-07-23 18:36 - 2014-06-13 09:29 - 02146304 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2017-07-23 18:36 - 2014-06-06 03:56 - 00112984 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2017-07-23 18:36 - 2014-06-06 03:29 - 00393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2017-07-23 18:36 - 2014-06-05 23:11 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
2017-07-23 18:36 - 2013-03-06 16:29 - 00070144 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2017-07-23 18:35 - 2015-08-02 00:50 - 17562112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-07-23 18:35 - 2015-08-01 23:56 - 19778048 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-07-23 18:35 - 2015-01-24 16:43 - 00420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2017-07-23 18:35 - 2015-01-24 15:00 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2017-07-23 18:34 - 2015-07-10 07:47 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2017-07-23 18:34 - 2015-07-10 07:47 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2017-07-23 18:34 - 2015-07-10 06:18 - 00233984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2017-07-23 18:34 - 2013-04-03 09:37 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptdlg.dll
2017-07-23 18:34 - 2013-04-03 09:12 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptdlg.dll
2017-07-23 18:30 - 2014-10-23 22:47 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2017-07-23 18:30 - 2014-10-23 21:04 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
2017-07-23 18:29 - 2014-11-08 21:22 - 00238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2017-07-23 18:29 - 2014-11-08 16:57 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2017-07-23 18:25 - 2015-04-25 13:41 - 00541696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2017-07-23 18:25 - 2015-04-25 09:13 - 00652288 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2017-07-23 18:25 - 2014-12-19 16:48 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2017-07-23 18:24 - 2015-09-12 23:29 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-07-23 18:24 - 2015-09-12 23:29 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\tssdisai.dll
2017-07-23 18:24 - 2015-09-12 23:29 - 00135680 _____ (Microsoft Corporation) C:\WINDOWS\system32\appserverai.dll
2017-07-23 18:24 - 2015-09-12 23:29 - 00126976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDWebAI.dll
2017-07-23 18:24 - 2015-09-12 23:29 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmHostAI.dll
2017-07-23 18:20 - 2014-10-11 15:41 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2017-07-23 18:20 - 2014-10-11 15:05 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2017-07-23 18:20 - 2014-05-30 09:02 - 00439808 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2017-07-23 18:20 - 2014-04-12 19:10 - 00578048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-07-23 18:20 - 2014-04-12 19:09 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdigest.dll
2017-07-23 18:20 - 2014-04-12 19:09 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2017-07-23 18:20 - 2014-04-12 19:07 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2017-07-23 18:20 - 2014-04-12 17:23 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdigest.dll
2017-07-23 18:20 - 2014-04-12 17:23 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2017-07-23 18:20 - 2014-04-12 17:22 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2017-07-23 18:20 - 2014-04-12 16:58 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\workerdd.dll
2017-07-23 18:15 - 2014-06-03 08:33 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkEd.dll
2017-07-23 18:15 - 2014-03-01 19:47 - 01258496 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2017-07-23 18:15 - 2014-03-01 19:47 - 01120768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpedit.dll
2017-07-23 18:15 - 2014-03-01 18:07 - 01075200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpedit.dll
2017-07-23 18:15 - 2014-03-01 16:59 - 00974848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2017-07-23 18:15 - 2014-02-15 14:15 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys
2017-07-23 18:15 - 2013-11-26 09:17 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2017-07-23 18:15 - 2013-06-29 13:08 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2017-07-23 18:15 - 2013-05-04 14:48 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys
2017-07-23 18:13 - 2015-12-04 10:55 - 00595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2017-07-23 18:13 - 2015-12-04 07:47 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2017-07-23 18:13 - 2015-04-06 15:36 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2017-07-23 18:13 - 2015-04-06 14:08 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2017-07-23 18:10 - 2014-10-30 17:20 - 01890816 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2017-07-23 18:10 - 2014-10-30 15:22 - 01569792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2017-07-23 18:10 - 2013-11-01 15:38 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msieftp.dll
2017-07-23 18:10 - 2013-11-01 13:49 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msieftp.dll
2017-07-23 12:07 - 2014-05-15 11:02 - 00059424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2017-07-23 12:07 - 2014-05-15 08:43 - 03286528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-07-23 12:07 - 2014-05-15 08:43 - 01623040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2017-07-23 12:07 - 2014-05-15 08:43 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2017-07-23 12:07 - 2014-05-15 08:42 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-07-23 12:06 - 2013-08-16 15:21 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-07-23 12:06 - 2013-08-16 15:21 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2017-07-23 12:06 - 2013-08-16 08:43 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2017-07-23 04:27 - 2017-07-23 04:27 - 00000000 ____D C:\Users\LocalAdmin.R9KZHA4\AppData\Temp
2017-07-23 03:45 - 2017-07-23 03:45 - 00000222 _____ C:\Users\LocalAdmin.R9KZHA4\Desktop\Golf With Your Friends.url
2017-07-23 03:43 - 2017-07-23 03:43 - 00000222 _____ C:\Users\LocalAdmin.R9KZHA4\Desktop\Terraria.url
2017-07-18 19:40 - 2017-07-18 19:40 - 00295584 _____ C:\WINDOWS\Minidump\071817-51843-01.dmp
2017-07-18 19:39 - 2017-07-18 19:39 - 622751903 _____ C:\WINDOWS\MEMORY.DMP
2017-07-17 19:18 - 2017-07-17 19:18 - 00001376 _____ C:\Users\LocalAdmin.R9KZHA4\Desktop\Steam.lnk
2017-07-14 01:37 - 2017-07-14 01:37 - 00000219 _____ C:\Users\LocalAdmin.R9KZHA4\Desktop\Counter-Strike Global Offensive.url
2017-07-14 01:29 - 2017-07-14 01:29 - 00000220 _____ C:\Users\LocalAdmin.R9KZHA4\Desktop\Killing Floor.url
2017-07-14 01:25 - 2017-07-14 01:25 - 00000222 _____ C:\Users\LocalAdmin.R9KZHA4\Desktop\Path of Exile.url
2017-07-14 00:36 - 2017-07-28 23:20 - 00000000 ____D C:\Program Files (x86)\Steam
2017-07-14 00:36 - 2017-07-14 00:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2017-07-14 00:34 - 2017-07-28 17:51 - 00414088 _____ C:\WINDOWS\ntbtlog.txt
2017-07-13 23:58 - 2017-07-13 23:58 - 00003864 _____ C:\Users\LocalAdmin.R9KZHA4\Documents\cc_20170713_214716 ccleaner backup1.reg
2017-07-13 21:47 - 2017-07-13 21:48 - 00131468 _____ C:\Users\LocalAdmin.R9KZHA4\Documents\cc_20170713_214716 ccleaner backup.reg
2017-07-13 19:31 - 2017-07-13 19:33 - 00000997 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-07-13 19:31 - 2017-07-13 19:31 - 00002798 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-07-13 19:31 - 2017-07-13 19:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-07-13 19:30 - 2017-07-13 19:31 - 00000000 ____D C:\Program Files\CCleaner
2017-07-13 19:27 - 2017-07-13 19:28 - 09747512 _____ (Piriform Ltd) C:\Users\LocalAdmin.R9KZHA4\Downloads\ccsetup532.exe
2017-07-13 17:55 - 2017-07-13 17:55 - 01446792 _____ C:\Users\LocalAdmin.R9KZHA4\Downloads\SteamSetup.exe
2017-07-13 17:22 - 2017-07-29 01:39 - 00014003 _____ C:\bdlog.txt
2017-07-13 13:49 - 2017-07-13 13:49 - 00000385 _____ C:\WINDOWS\system32\user_gensett.xml
2017-07-12 19:35 - 2017-07-12 19:35 - 00057154 _____ C:\ProgramData\dm.1499852042.bdinstall.bin
2017-07-12 19:34 - 2017-07-12 19:34 - 00000000 ____D C:\ProgramData\Bitdefender Device Management
2017-07-12 19:33 - 2017-07-12 19:33 - 00000000 ____D C:\ProgramData\Atc
2017-07-12 19:32 - 2017-07-12 19:32 - 00480136 _____ C:\ProgramData\cl.1499849406.bdinstall.bin
2017-07-12 19:32 - 2017-07-12 19:32 - 00074895 _____ C:\ProgramData\cl.kit.1499849373.bdinstall.bin
2017-07-12 19:30 - 2017-07-12 19:30 - 00002280 _____ C:\Users\Public\Desktop\Bitdefender.lnk
2017-07-12 19:30 - 2017-07-12 19:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender Security
2017-07-12 19:30 - 2017-07-12 19:30 - 00000000 ____D C:\ProgramData\BDLogging
2017-07-12 19:29 - 2017-06-08 05:19 - 00346704 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\ignis.sys
2017-07-12 19:29 - 2017-06-07 05:04 - 00950160 _____ (BitDefender S.R.L. Bucharest, ROMANIA) C:\WINDOWS\system32\Drivers\atc.sys
2017-07-12 19:29 - 2017-05-11 05:16 - 00047856 _____ (© Bitdefender SRL) C:\WINDOWS\system32\Drivers\bdprivmon.sys
2017-07-12 19:29 - 2017-04-19 07:19 - 01612648 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avc3.sys
2017-07-12 19:29 - 2016-03-14 22:04 - 00023672 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bdelam.sys
2017-07-12 19:29 - 2015-12-04 19:27 - 00087912 _____ (BitDefender) C:\WINDOWS\system32\Drivers\bdvedisk.sys
2017-07-12 19:29 - 2007-04-11 11:11 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\capicom.dll
2017-07-12 19:28 - 2017-07-12 19:35 - 00000000 ____D C:\Users\LocalAdmin.R9KZHA4\AppData\Roaming\Bitdefender
2017-07-12 19:26 - 2017-07-12 19:33 - 00000000 ____D C:\ProgramData\Bitdefender
2017-07-12 19:26 - 2017-07-12 19:26 - 00000000 ____D C:\Users\LocalAdmin.R9KZHA4\AppData\Roaming\QuickScan
2017-07-12 19:26 - 2017-05-11 05:37 - 00187688 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\gzflt.sys
2017-07-12 19:25 - 2017-07-12 19:34 - 00000000 ____D C:\Program Files\Bitdefender
2017-07-12 19:25 - 2017-04-11 04:19 - 00439576 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\Drivers\trufos.sys
2017-07-12 18:49 - 2017-07-12 19:26 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2017-07-12 18:38 - 2017-07-30 20:29 - 00003648 _____ C:\WINDOWS\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2017-07-12 18:36 - 2017-07-12 18:36 - 00051124 _____ C:\ProgramData\agent.1499848547.bdinstall.bin
2017-07-12 18:35 - 2017-07-30 22:28 - 00000000 ____D C:\Program Files\Bitdefender Agent
2017-07-12 18:35 - 2017-07-12 18:36 - 00000000 ____D C:\ProgramData\Bitdefender Agent
2017-07-12 18:33 - 2017-07-12 18:34 - 09932864 _____ C:\Users\LocalAdmin.R9KZHA4\Downloads\bitdefender_windows_1ed1ad20-79e2-436d-836c-8f55a6bd73d7.exe
2017-07-07 20:54 - 2017-07-07 20:54 - 00000000 ____D C:\Users\LocalAdmin.R9KZHA4\Documents\Pic

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-30 22:16 - 2013-05-01 17:07 - 00000000 ____D C:\Users\LocalAdmin.R9KZHA4\AppData\Roaming\Skype
2017-07-30 22:00 - 2017-02-21 18:46 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2017-07-30 21:28 - 2012-07-26 15:26 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2017-07-30 21:14 - 2012-07-26 17:28 - 00762136 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-07-30 21:14 - 2012-07-26 15:37 - 00000000 ____D C:\WINDOWS\Inf
2017-07-30 20:36 - 2013-03-18 16:06 - 00000639 _____ C:\WINDOWS\SMSCFG.INI
2017-07-30 20:28 - 2014-08-22 21:04 - 00000000 ____D C:\Users\LocalAdmin.R9KZHA4\AppData\Local\SoftEther VPN Client
2017-07-30 20:26 - 2012-07-26 17:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-07-28 15:21 - 2017-01-15 15:20 - 00000000 ____D C:\Program Files (x86)\Overwolf
2017-07-27 23:44 - 2016-11-10 20:59 - 00000000 ____D C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Battle.net
2017-07-27 23:37 - 2016-11-10 20:42 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-07-27 23:27 - 2017-01-15 15:07 - 00000000 ____D C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Overwolf
2017-07-27 16:19 - 2012-07-26 18:12 - 00000000 ____D C:\WINDOWS\AppCompat
2017-07-27 16:14 - 2014-12-13 12:04 - 00000000 ____D C:\ProgramData\Lenovo
2017-07-26 18:44 - 2016-09-01 11:50 - 00000000 ____D C:\WINDOWS\System32\Tasks\TVT
2017-07-26 18:42 - 2013-04-30 19:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2017-07-26 18:42 - 2013-04-30 19:26 - 00000000 ____D C:\Program Files (x86)\Lenovo
2017-07-26 18:36 - 2012-07-26 18:12 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-07-26 16:49 - 2013-03-18 19:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-07-26 16:49 - 2013-03-18 19:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-07-26 16:44 - 2013-03-18 19:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-07-26 16:40 - 2013-03-18 18:11 - 00000000 ____D C:\ProgramData\Package Cache
2017-07-26 16:39 - 2012-07-26 17:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-07-26 11:03 - 2012-07-26 15:37 - 00000000 ____D C:\WINDOWS\servicing
2017-07-26 10:53 - 2012-07-26 18:12 - 00000000 ___RD C:\WINDOWS\ToastData
2017-07-26 10:52 - 2012-07-26 18:12 - 00000000 ____D C:\WINDOWS\WinStore
2017-07-26 10:52 - 2012-07-26 18:12 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-07-26 10:52 - 2012-07-26 15:38 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-07-26 10:51 - 2012-07-26 18:12 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-07-26 10:51 - 2012-07-26 18:12 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-07-26 10:51 - 2012-07-26 15:38 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-07-26 10:51 - 2012-07-26 15:38 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-07-26 10:47 - 2012-07-26 17:53 - 00000000 ____D C:\Program Files\Windows Journal
2017-07-25 22:02 - 2013-03-18 18:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Application Virtualization Client
2017-07-25 21:19 - 2013-03-18 19:11 - 135225752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-07-25 21:03 - 2012-07-26 15:26 - 00000167 _____ C:\WINDOWS\win.ini
2017-07-25 20:50 - 2013-03-18 16:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-07-25 17:21 - 2013-03-18 19:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-07-25 02:03 - 2012-07-26 15:26 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2017-07-24 13:59 - 2016-07-01 19:09 - 00000000 ____D C:\Users\LocalAdmin.R9KZHA4\AppData\Roaming\discord
2017-07-23 12:30 - 2016-04-03 15:10 - 00000000 ____D C:\WINDOWS\rescache
2017-07-22 22:58 - 2016-11-11 09:10 - 00000000 ____D C:\Users\LocalAdmin.R9KZHA4\AppData\Roaming\vlc
2017-07-22 18:45 - 2013-03-18 16:06 - 00000000 ____D C:\WINDOWS\ccmsetup
2017-07-18 19:45 - 2012-07-26 18:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2017-07-18 19:40 - 2014-02-12 13:25 - 00000000 ____D C:\WINDOWS\Minidump
2017-07-15 18:37 - 2012-07-26 18:12 - 00000000 ___RD C:\WINDOWS\Offline Web Pages
2017-07-15 18:33 - 2012-07-26 18:12 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2017-07-14 18:39 - 2017-01-15 15:27 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2017-07-13 19:33 - 2017-04-20 16:55 - 00002042 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-07-13 19:33 - 2017-04-20 16:52 - 00001071 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2017-07-13 19:33 - 2017-01-27 15:04 - 00001080 _____ C:\Users\LocalAdmin.R9KZHA4\Desktop\Logitech Gaming Software 8.57.lnk
2017-07-13 18:01 - 2013-04-30 19:26 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-07-13 17:39 - 2014-12-11 19:42 - 00000000 ____D C:\Program Files (x86)\IObit
2017-07-13 17:20 - 2013-05-31 14:40 - 00000000 ____D C:\Users\LocalAdmin.R9KZHA4\AppData\Local\ElevatedDiagnostics
2017-07-13 14:27 - 2017-04-20 16:56 - 00251840 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-07-12 19:25 - 2013-04-30 20:22 - 00001945 _____ C:\WINDOWS\epplauncher.mif
2017-07-12 13:22 - 2017-05-08 21:40 - 00004324 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-07-12 13:22 - 2017-04-03 14:27 - 00004482 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-07-12 13:22 - 2012-07-26 18:12 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-07-12 13:21 - 2012-07-26 18:12 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-07-10 14:20 - 2012-07-26 18:12 - 00000000 ____D C:\WINDOWS\ELAMBKUP
2017-07-08 16:15 - 2017-02-24 15:05 - 00000000 ____D C:\ProgramData\ProductData
2017-07-07 02:30 - 2012-07-26 18:12 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-05 16:27 - 2013-05-05 12:07 - 00000000 ____D C:\Users\LocalAdmin.R9KZHA4\Documents\My Games
2017-07-03 00:10 - 2016-11-11 22:54 - 00001315 _____ C:\Users\LocalAdmin.R9KZHA4\Desktop\nativelog.txt
2017-07-03 00:04 - 2015-12-28 21:15 - 00000000 ____D C:\Users\LocalAdmin.R9KZHA4\AppData\Roaming\.minecraft

==================== Files in the root of some directories =======

2013-07-22 19:19 - 2014-07-08 12:08 - 0000915 _____ () C:\Users\LocalAdmin.R9KZHA4\AppData\Roaming\coreavc.ini
2014-05-20 21:20 - 2014-05-20 21:20 - 0000000 _____ () C:\Users\LocalAdmin.R9KZHA4\AppData\Roaming\Microsoft\102.tmp
2013-09-21 23:30 - 2013-09-21 23:30 - 0000000 _____ () C:\Users\LocalAdmin.R9KZHA4\AppData\Roaming\Microsoft\E8D7.tmp
2013-07-21 12:04 - 2013-07-21 12:25 - 0010752 _____ () C:\Users\LocalAdmin.R9KZHA4\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-03-22 23:01 - 2017-05-09 09:53 - 0000600 _____ () C:\Users\LocalAdmin.R9KZHA4\AppData\Local\PUTTY.RND
2016-07-18 18:39 - 2016-07-18 18:39 - 5117952 _____ () C:\Users\LocalAdmin.R9KZHA4\AppData\Local\ResPacketT.dll
2015-01-15 21:11 - 2015-01-15 21:11 - 0000000 _____ () C:\Users\LocalAdmin.R9KZHA4\AppData\Local\{EAC3C051-5B65-4BB6-8603-125156EC2D87}
2017-07-12 18:36 - 2017-07-12 18:36 - 0051124 _____ () C:\ProgramData\agent.1499848547.bdinstall.bin
2017-07-12 19:32 - 2017-07-12 19:32 - 0480136 _____ () C:\ProgramData\cl.1499849406.bdinstall.bin
2017-07-12 19:32 - 2017-07-12 19:32 - 0074895 _____ () C:\ProgramData\cl.kit.1499849373.bdinstall.bin
2017-07-12 19:35 - 2017-07-12 19:35 - 0057154 _____ () C:\ProgramData\dm.1499852042.bdinstall.bin
2016-11-11 09:01 - 2016-11-11 09:01 - 0000016 _____ () C:\ProgramData\mntemp

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-07-20 18:47

==================== End of FRST.txt ============================

Broni · Aug 1, 2017

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-07-2017
Ran by LocalAdmin (30-07-2017 22:45:09)
Running from C:\Users\LocalAdmin.R9KZHA4\Downloads
Windows 8 Enterprise (X64) (2013-04-30 09:20:49)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1305087049-1155765426-3812204079-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-1305087049-1155765426-3812204079-501 - Limited - Disabled)
LocalAdmin (S-1-5-21-1305087049-1155765426-3812204079-1008 - Administrator - Enabled) => C:\Users\LocalAdmin.R9KZHA4

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Antispyware (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {078AF241-05A3-0EFF-40E0-3E0D69EA140A}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (HKLM\...\{3138F992-045B-4F55-825C-53B231E647CA}) (Version: 13.2.1 - Hewlett-Packard) Hidden
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Flash Player 26 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application Insights Tools for Visual Studio 2013 (HKLM-x32\...\{05F508E8-2DC6-4B12-B6A9-51000536216A}) (Version: 2.4 - Microsoft Corporation) Hidden
ASIO4ALL (HKLM\...\{B5ADD9A7-8B19-463A-BDDF-337E7C8AE874}) (Version: 1.00 - ASIO4ALL)
AutoHotkey 1.1.21.02 (HKLM\...\AutoHotkey) (Version: 1.1.21.02 - Lexikos)
AzureTools.Notifications (HKLM-x32\...\{3FBFCF2C-392A-4632-9442-14C305B44D5E}) (Version: 2.1.10731.1602 - Microsoft Corporation) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Behaviors SDK (Windows Phone) for Visual Studio 2013 (HKLM-x32\...\{594DB57D-58D1-4AA3-AE6C-BF99484F52F8}) (Version: 12.0.50716.0 - Microsoft Corporation) Hidden
Behaviors SDK (Windows) for Visual Studio 2013 (HKLM-x32\...\{28C7344F-E894-4CF5-8D05-EDC7ED71796C}) (Version: 12.0.50429.0 - Microsoft Corporation) Hidden
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 21.0.25.59 - Bitdefender)
Bitdefender Device Management (HKLM\...\Bitdefender Device Management) (Version: 22.0.8.114 - Bitdefender)
Bitdefender Total Security (HKLM\...\Bitdefender) (Version: 22.0.8.114 - Bitdefender)
Blend for Visual Studio 2013 (HKLM-x32\...\{EBC890A6-DE7C-44B4-AA03-119B6190D3E1}) (Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 ENU resources (HKLM-x32\...\{9ED1634C-4E71-4992-A1BA-7C4BE6EE39E1}) (Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (HKLM-x32\...\{37E53780-3944-4A6A-842F-727128E8616E}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (HKLM-x32\...\{0C03A66F-1FF0-45F9-8D67-0D806EBFFBA1}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
BOCOM Internet Banking Wizard (HKLM\...\{555E6E90-B41D-4D76-AD8C-8B93B00A879D}) (Version: 2.2.1.1 - Bank of Communications)
BOCOM USBKey 2G (WDC) (HKLM-x32\...\{B9FE89EB-1DA9-41da-AE35-4DD1892A4F16}) (Version: 2.0.0.3 - Bank of Communications)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build Tools - amd64 (HKLM\...\{CC1F74DF-058F-406C-BC7D-F14D6E5F7CBD}) (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools - x86 (HKLM-x32\...\{B255880F-8C5E-4FAF-8F9C-7DBA635B2615}) (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (HKLM\...\{E43BBAEB-4914-44C6-88C0-E7A1DBD20A91}) (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (HKLM-x32\...\{D37FDF2F-8766-4BDF-A0E3-A60BDBB630ED}) (Version: 12.0.31101 - Microsoft Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.32 - Piriform)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.3.02039 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\{C4118EEB-7ABD-4E9B-9EB0-D18E7DA898A4}) (Version: 4.3.02039 - Cisco Systems, Inc.) Hidden
Community Clips from Microsoft Office Labs (HKLM-x32\...\{87F54A80-158E-436C-9B09-FFFD27F81BD4}) (Version: 1.0.0 - Microsoft)
Conexant 20672 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.43.0 - Conexant)
Configuration Manager Client (HKLM\...\{3604F63C-04E2-4F0C-8092-FEC078D08ACB}) (Version: 5.00.8412.1000 - Microsoft Corporation) Hidden
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve)
CS6 Master Collection x64 (HKLM\...\{38D48535-863D-47F7-BCD3-4E15520B1142}) (Version: 1.2.0000 - Adobe Systems Incorporated) Hidden
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
CutePDF Writer (HKLM\...\{0BE0F9DB-4A6C-4102-AECC-B6CCA0408A62}) (Version: 3.0 - CutePDF)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Discord (HKU\S-1-5-21-1305087049-1155765426-3812204079-1008\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Dotfuscator and Analytics Community Edition (HKLM-x32\...\{2386192E-D6DB-4AD2-9564-65586A0AE53E}) (Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 2017.1 - Emsisoft Ltd.)
Entity Framework 6.1.1 Tools for Visual Studio 2013 (HKLM-x32\...\{85253F13-EE42-4850-A3A5-79B90E92D7AC}) (Version: 12.0.30610.0 - Microsoft Corporation)
Folder Size 3.4.0.0 (HKLM-x32\...\{2DFA85ED-588F-4CE3-A175-29E52C3804A8}_is1) (Version: 3.4.0.0 - MindGems, Inc.)
Golf With Your Friends (HKLM\...\Steam App 431240) (Version: - Blacklight Interactive®)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.)
Hearthstone Deck Tracker (HKU\S-1-5-21-1305087049-1155765426-3812204079-1008\...\HearthstoneDeckTracker) (Version: 1.1.6 - HearthSim)
Hextech Repair Tool (HKLM-x32\...\{7F9A97E6-E666-11E5-B582-B88687E82322}) (Version: 1.0.16 - Riot Games, Inc.)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.15.281 - SurfRight B.V.)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version: - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version: - )
Infosec NetSign Plugins (HKLM-x32\...\infosec_netsign) (Version: - )
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.50.1172 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3062 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{a9888f41-68ae-43df-bd7d-d93405a44106}) (Version: 17.13.11 - Intel Corporation)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.670 - Oracle)
Killing Floor (HKLM\...\Steam App 1250) (Version: - Tripwire Interactive)
Kit SDK de vérification de Visual Studio 2012 - fra (HKLM-x32\...\{8A3862F9-F587-3DFA-AAFC-C1F0E116F05C}) (Version: 12.0.30501 - Microsoft Corporation) Hidden
LanSchool Student (HKLM-x32\...\{111D988D-FCA1-4BD4-802E-D3EB12500A20}) (Version: 7.8.2.1 - LanSchool Technologies LLC) Hidden
LanSchool Student (HKLM-x32\...\{2D969FA5-44C9-425C-8D74-93DAD88F6C6F}) (Version: 7.7.3.34 - LanSchool Technologies LLC) Hidden
LanSchool Student (HKLM-x32\...\{B8BDBBA1-2CA0-4551-B2B7-A8DB6105E49E}) (Version: 8.0.0.15 - LanSchool Technologies LLC) Hidden
LanSchool Student (HKLM-x32\...\{BBBA087E-6216-496D-97D0-A224B854541F}) (Version: 7.8.1.100 - LanSchool Technologies LLC) Hidden
LanSchool Student (HKLM-x32\...\{BF07F612-D59E-4EB4-99CD-C4FFB6D979C3}) (Version: 7.7.4.17 - LanSchool Technologies LLC) Hidden
LanSchool Student (HKLM-x32\...\{EE539AED-5222-4D44-949F-FA1813910F4C}) (Version: 7.8.0.59 - LanSchool Technologies LLC) Hidden
LanSchool Student (HKLM-x32\...\{F522A5CA-2939-4E8C-AC53-60AF419FC782}) (Version: 7.7.2.17 - LanSchool Technologies LLC) Hidden
LanSchool Student (HKLM-x32\...\Student) (Version: 8.0.0.15 - Stoneware)
League of Legends (HKLM-x32\...\{216B0AF1-3137-4E03-9C02-F5132550A268}) (Version: 3.0.1 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
Learning Tools for OneNote x86 (HKLM-x32\...\{7B64D9BF-272F-4D75-986D-82EC9CEE2582}) (Version: 0.2.0.0 - Microsoft Corporation)
LEGO MINDSTORMS NXT Driver for x64 (HKLM\...\{54B94792-8FD4-460E-998E-3F8A8598AC02}) (Version: 1.16.769 - LEGO)
Lenovo Patch Utility (HKLM-x32\...\{AD32F5E9-6BDD-480A-8B7B-95571D04691C}) (Version: 1.3.1.1 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{ABE4638D-D208-4061-9F26-E3E11E3A1E0C}) (Version: 1.3.1.1 - Lenovo Group Limited)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.12.16 - Lenovo) Hidden
Lenovo System Update (HKLM-x32\...\TVSU_is1) (Version: 5.07.0059 - Lenovo)
LocalESPC (HKLM-x32\...\{62910715-63E3-0AB0-0B29-99140DE1C15E}) (Version: 8.59.29989 - Microsoft Corporation) Hidden
LocalESPC Dev12 (HKLM-x32\...\{492498A3-F88C-FE2F-755C-9B1B91724CA5}) (Version: 8.100.25984 - Microsoft Corporation) Hidden
LocalESPCui for en-us Dev12 (HKLM-x32\...\{B1C38F27-D377-8C98-D98D-29B67C0B978D}) (Version: 8.100.25984 - Microsoft) Hidden
Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
MediaHuman YouTube Downloader version 3.9.8.3 (HKLM-x32\...\MediaHuman YouTube Downloader_is1) (Version: 3.9.8.3 - )
Memory Profiler (HKLM-x32\...\{54F76D6C-0EC3-43D9-8BCC-73E31AB0BF06}) (Version: 12.0.31101 - Microsoft Corporation) Hidden
Memory Profiler (HKLM-x32\...\{A88AEB8B-A6C5-41BC-8F71-F704DD1E0D00}) (Version: 12.0.31101 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft Application Virtualization (App-V) Client 5.0 (HKLM-x32\...\{e29aab84-bbc1-42ba-a342-2ce63e63b1bb}) (Version: 5.0.285.0 - Microsoft Corporation)
Microsoft Application Virtualization (App-V) Client 5.0 Service Pack 1 x64 (HKLM\...\{FD8A2518-A9D7-449E-ADA0-33F2F7FA83AA}) (Version: 5.0.1104.0 - Microsoft Corporation)
Microsoft Application Virtualization Client en-US Language Pack x64 (HKLM\...\{DB175F28-FD1E-4C26-A073-8264FC77103F}) (Version: 5.0.1104.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office 屏幕提示语言 2013 - 简体中文 (HKLM-x32\...\{90150000-00BD-0804-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office 校对工具 2013 - 简体中文 (HKLM-x32\...\{90150000-001F-0804-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{4E968D9C-21A7-4915-B698-F7AEB913541D}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.41012.0) (HKLM-x32\...\{AC8E0CF4-42A1-4151-B684-97CF6FD726CF}) (Version: 12.0.41012.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{8C06D6DB-A391-4686-B050-99CC522A7843}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{4AEB505C-95E1-4964-9B64-8D27F3186D30}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Visio Professional 2013 (HKLM-x32\...\Office15.VISPRO) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual Basic 2010 Express - ENU (HKLM-x32\...\Microsoft Visual Basic 2010 Express - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C# 2010 Express - ENU (HKLM-x32\...\Microsoft Visual C# 2010 Express - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710F4C1C-CC18-4C49-8CBF-51240C89A1A2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071C9B48-7C32-4621-A0AC-3F809523288F}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 (HKLM\...\{94D70749-4281-39AC-AD90-B56A0E0A402E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Community 2013 with Update 4 (HKLM-x32\...\{96a8b90c-0a91-4e76-ab34-730c23923d11}) (Version: 12.0.31101 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{69A998C5-00A9-42CA-AB4E-C31CFFCD9251}) (Version: 3.1237.1763 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft XNA Game Studio 4.0 (HKLM-x32\...\XNA Game Studio 4.0) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft XNA Game Studio Platform Tools (HKLM-x32\...\{0666E46E-A860-4353-BE6D-13AA72FABB57}) (Version: 1.3.0.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Movie Maker (HKLM-x32\...\{5BABDA39-61CF-41EE-992D-4054B6649A9B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Mumble 1.2.9 (HKLM-x32\...\{49FF1E6E-E0F9-4CB3-8B3C-D4E8E1D32C1F}) (Version: 1.2.9 - Thorvald Natvig)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version: - NCSOFT)
NVIDIA PhysX (HKLM-x32\...\{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}) (Version: 9.09.1112 - NVIDIA Corporation)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.67.10 - )
Origin (HKLM-x32\...\Origin) (Version: 9.11.2.10120 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.105.329.0 - Overwolf Ltd.)
PaperCut MF Client (HKLM-x32\...\{5A63F6A1-9045-11E2-A47C-0024E808B313}) (Version: 13.1.0 - PaperCut Software International Pty Ltd)
Path of Exile (HKLM\...\Steam App 238960) (Version: - Grinding Gear Games)
PowreShellIntegration.Notifications (HKLM-x32\...\{ED8DFB38-C87B-42B3-A33E-B20DF935C055}) (Version: 2.5.21003.1603 - Microsoft Corporation) Hidden
PreEmptive Analytics Visual Studio Components (HKLM-x32\...\{943F3FB1-3F9C-4FB7-A4E2-6D53617068C3}) (Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
PuTTY release 0.68 (HKLM-x32\...\{55717628-7AE6-4BCF-A046-FA2768945E76}) (Version: 0.68.0.0 - Simon Tatham)
Python Tools Redirection Template (HKLM-x32\...\{2881CFB4-71F9-40C7-8228-6395117C0EDA}) (Version: 1.3 - Microsoft Corporation) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.36.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.36.0 - Renesas Electronics Corporation)
RICOH_Media_Driver_v2.22.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.22.18.01 - RICOH)
SDK de comprobación de Visual Studio 2012 - esn (HKLM-x32\...\{90EF884E-5253-324C-9C11-63C9DA16BF0C}) (Version: 12.0.30501 - Microsoft Corporation) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0051-0000-0000-0000000FF1CE}_Office15.VISPRO_{8D2E04ED-3350-4ECE-9D6E-3BC9A9A93A47}) (Version: - Microsoft)
Service Pack 1 for SQL Server 2008 (KB968369) (64-bit) (HKLM\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation)
Skype™ 7.36 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.36.101 - Skype Technologies S.A.)
Smart Defrag 5 (HKLM-x32\...\Smart Defrag_is1) (Version: 5.5.0 - IObit)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 2.21.3182.1 - Hi-Rez Studios)
SoftEther VPN Client (HKLM\...\softether_sevpnclient) (Version: 4.10.9473 - SoftEther VPN Project)
SoftEther VPN Client Manager (HKLM\...\softether_sevpncmgr) (Version: 4.17.9562 - SoftEther VPN Project)
Sql Server Customer Experience Improvement Program (HKLM\...\{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}) (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Team Explorer for Microsoft Visual Studio 2013 (HKLM-x32\...\{C9E7751E-88ED-36CF-B610-71A1D262E906}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Tencent QQ (HKLM-x32\...\{3CA54984-A14B-42FE-9FF1-7EA90151D725}) (Version: 1.75.2871.0 - Tencent Technology (Shenzhen) Company Limited)
Terraria (HKLM\...\Steam App 105600) (Version: - Re-Logic)
ThinkPad Tablet Button Driver (HKLM-x32\...\{26903C89-780A-463E-8CBD-E47A73927254}) (Version: 1.06 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.2 - )
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.77.0.11 - Lenovo)
TI-Nspire™ CAS Student Software (HKLM-x32\...\{F03A8756-7FCB-4DCD-9AC1-12C63A6075F1}) (Version: 3.9.0.463 - Texas Instruments Inc.)
TypeScript Power Tool (HKLM-x32\...\{6098D454-CB7B-44C2-8615-D869FD9655C7}) (Version: 1.0.5.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2013 (HKLM-x32\...\{0E4A9B1A-12D2-4827-BE61-44DBD72797FB}) (Version: 1.0.5.0 - Microsoft Corporation) Hidden
Unity Web Player (HKU\S-1-5-21-1305087049-1155765426-3812204079-1008\...\UnityWebPlayer) (Version: 5.3.0f3 - Unity Technologies ApS)
Update for Japanese Microsoft IME Standard Dictionary (HKLM-x32\...\{E75B82FD-B6FD-4653-8685-F3A97BDFEA6E}) (Version: 15.0.2013 - Microsoft Corporation)
Update for Japanese Microsoft IME Standard Extended Dictionary (HKLM-x32\...\{01E87699-A49D-413A-B75B-7C434FEF979C}) (Version: 15.0.2013 - Microsoft Corporation)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
Visual Studio 2013 Update 4 (KB2829760) (HKLM-x32\...\{53d408db-eb91-43fb-9d8f-167681c19763}) (Version: 12.0.31101 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VS Update core components (HKLM-x32\...\{9F7DE660-6BFE-3BA2-A93D-4F13BD13E10B}) (Version: 12.0.31101 - Microsoft Corporation) Hidden
WCF Data Services 5.6.0 Runtime (HKLM-x32\...\{46910786-E4AC-41E4-A4A0-C086EA85242D}) (Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 (HKLM-x32\...\{BF3E2194-F89B-44FB-A801-464BF787599F}) (Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (12/06/2010 4.0.0000.00000) (HKLM\...\30B2813B1F17EF6D99360A190E7F0D3BA2F0DC3C) (Version: 12/06/2010 4.0.0000.00000 - Google, Inc.)
Windows Firewall Configuration Provider (HKLM\...\{109A5A16-E09E-4B82-A784-D1780F1190D6}) (Version: 1.2.3412.0 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - )
YTD Video Downloader 4.8 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.8 - GreenTree Applications SRL) <==== ATTENTION
Пакет Visual Studio 2012 Verification SDK - rus (HKLM-x32\...\{977CABC5-7B4B-3AE4-8E1B-56C673C1D638}) (Version: 12.0.30501 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => -> No File
ContextMenuHandlers1: [BDFVCtxMenuExt] -> {9E96C1F5-0EFA-4348-9460-15D6802C70AA} => C:\Program Files\Bitdefender\Bitdefender Security\bdfvsctx.dll [2017-06-27] (Bitdefender)
ContextMenuHandlers1: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2016-03-25] (IObit)
ContextMenuHandlers2: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => -> No File
ContextMenuHandlers2-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2contmenu.dll [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers2-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers3-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2contmenu.dll [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers3-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers3-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-01-20] (Malwarebytes)
ContextMenuHandlers4: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => -> No File
ContextMenuHandlers4: [BDFVCtxMenuExt] -> {9E96C1F5-0EFA-4348-9460-15D6802C70AA} => C:\Program Files\Bitdefender\Bitdefender Security\bdfvsctx.dll [2017-06-27] (Bitdefender)
ContextMenuHandlers5: [BDFVCtxMenuExt] -> {9E96C1F5-0EFA-4348-9460-15D6802C70AA} => C:\Program Files\Bitdefender\Bitdefender Security\bdfvsctx.dll [2017-06-27] (Bitdefender)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2013-03-08] (Intel Corporation)
ContextMenuHandlers6: [BDFVCtxMenuExt] -> {9E96C1F5-0EFA-4348-9460-15D6802C70AA} => C:\Program Files\Bitdefender\Bitdefender Security\bdfvsctx.dll [2017-06-27] (Bitdefender)
ContextMenuHandlers6-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2contmenu.dll [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers6-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers6-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-01-20] (Malwarebytes)
ContextMenuHandlers6-x32: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2016-03-25] (IObit)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {070345BD-D4D8-4BD8-993A-B4EF736522EF} - System32\Tasks\PPSProtect => D:\PPS.tv\PPStream\PPSProtect.exe
Task: {07FAA084-52EE-42D7-A010-AF2F85F97BB4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {0C621E75-D799-41C0-BDF9-58B4DEAC5B3C} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_137_pepper.exe [2017-07-12] (Adobe Systems Incorporated)
Task: {1194A89D-4F8A-41D1-9B57-3EABC01D7EB8} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {12C48BA5-BCDB-4B47-A315-D782496A9A89} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {15E520DA-A86A-470B-986D-3BA3468C9E8D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {18DB9D05-D04A-440B-95EF-433F225DFC2E} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2017-06-09] ()
Task: {2670088A-F938-473A-A64E-B497B28AEED1} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [2017-02-17] (IObit)
Task: {2FEA075A-30D3-40D3-8BC6-A9AB4ABD3977} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA}
Task: {4B571E91-5E7D-4D17-BE09-968936B547E2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {54AEB48C-9034-4BE8-9822-00EA6CE29C3E} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {58300691-0EBF-4474-A0A0-9C9344E0A2A1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-06-30] (Piriform Ltd)
Task: {5C295BCE-DA3E-4EC8-B8CE-E76921484421} - System32\Tasks\AuditConsoleUsers => powershell -executionpolicy unrestricted -file "\\dc3\netLOGON\LoggedInUsers.ps1"
Task: {5DB66385-3B2A-46AC-A810-7E203EEF96EF} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Health Evaluation => C:\WINDOWS\CCM\ccmeval.exe [2016-06-20] (Microsoft Corporation)
Task: {618940C0-D9AD-4311-8DA4-8766871F9F3C} - System32\Tasks\{5405A18A-8194-4FF5-989A-D49ACC6D7E3D} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxps://ui.skype.com/ui/0/7.30.80.105/en/abandoninstall?page=tsProgressBar
Task: {7891D5E3-31CB-4944-8B4E-F953717817DC} - System32\Tasks\{C42FB421-672A-42AF-B8FF-2A21788C1F94} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxps://ui.skype.com/ui/0/7.30.80.105/en/abandoninstall?page=tsProgressBar
Task: {874EB768-CB86-4854-AC4E-3BEEF2696A09} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {9897AAF5-B79C-4186-8C9D-27BFC77725C7} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-12] (Adobe Systems Incorporated)
Task: {A3F76E6C-1A39-4D9D-9B7A-7186B4F536A6} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {AB6EFF4B-D70A-427A-A578-BA8FE455B8FE} - System32\Tasks\{FEDC1B20-9D63-4A8A-9E44-E7E6D5D412F0} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Origin Games\Battlefield 3\pbsvc.exe" -c -u
Task: {AEA42174-447E-4521-8910-16AC4F62197B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {B36CE4C9-249F-4995-B68B-A66A57B5623E} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Maintenance
Task: {BB9A93B0-AEE5-4776-8790-9BAC68A18754} - \ASC10_SkipUac_LocalAdmin -> No File <==== ATTENTION
Task: {BEA4FFEE-7275-4C70-9B0B-1CAD556744EF} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {C340E31A-E588-41FC-B44C-8569D3D383D5} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2017-06-21] (Bitdefender)
Task: {C7A98B6C-F1ED-460C-ADA1-E198F15E3BE8} - System32\Tasks\{8B09EFDC-D40C-4800-B7CD-6405CEF50C31} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxps://ui.skype.com/ui/0/7.30.80.105/en/abandoninstall?page=tsProgressBar
Task: {C7DFDE2D-8CDB-4B14-A5A7-96CE61AECDCA} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2017-07-26] (Overwolf LTD)
Task: {CC531BF3-FEA5-4C54-8839-A5BCE5692187} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Idle Detection
Task: {D7376E63-C306-48D0-83E8-E933CB73700C} - System32\Tasks\MobProtect => D:\PPS.tv\PPStream\PPSProtect.exe
Task: {DB95D790-D4DD-4A3A-9FD4-044A4452C57D} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {E194ED8D-2D81-42A2-A356-44628CD9A2FD} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {ED88B253-E4BE-4769-9756-CF1E5E67F215} - System32\Tasks\{4B37588E-CB25-44AF-A6B4-D5329618004D} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxps://ui.skype.com/ui/0/7.30.80.105/en/abandoninstall?page=tsProgressBar
Task: {F357F6A0-57A2-4284-83B5-F692BF27CD32} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2017-06-09] ()
Task: {FB53D741-0731-421C-9AE5-81331D6AF18F} - System32\Tasks\SmartDefrag_AutoAnalyze => C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe [2016-06-06] (IObit)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\MobProtect.job => D:\PPS.tv\PPStream\PPSProtect.exe
Task: C:\WINDOWS\Tasks\PPSProtect.job => D:\PPS.tv\PPStream\PPSProtect.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_ahfgeienlihckogmohjhadlkjgocpleb\Web Store.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=ahfgeienlihckogmohjhadlkjgocpleb

==================== Loaded Modules (Whitelisted) ==============

2017-07-12 19:29 - 2013-09-03 14:29 - 00111832 _____ () C:\Program Files\Bitdefender\Bitdefender Security\bdmetrics.dll
2017-07-12 19:29 - 2017-02-07 12:34 - 01008448 _____ () C:\Program Files\Bitdefender\Bitdefender Security\otengines_001_001\ashttpbr.mdl
2017-07-12 19:29 - 2017-02-07 12:34 - 00541952 _____ () C:\Program Files\Bitdefender\Bitdefender Security\otengines_001_001\ashttpdsp.mdl
2017-07-12 19:29 - 2017-02-07 12:34 - 03243920 _____ () C:\Program Files\Bitdefender\Bitdefender Security\otengines_001_001\ashttpph.mdl
2017-07-12 19:29 - 2017-02-07 12:34 - 01544568 _____ () C:\Program Files\Bitdefender\Bitdefender Security\otengines_001_001\ashttprbl.mdl
2012-10-04 18:49 - 2012-10-04 18:49 - 00087152 _____ () C:\WINDOWS\System32\cpwmon64.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-01-22 04:07 - 2014-01-22 04:07 - 08878248 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2017-07-26 18:43 - 2017-06-09 16:11 - 00023416 _____ () C:\Program Files (x86)\Lenovo\System Update\SUService.exe
2017-06-27 15:11 - 2017-06-23 13:21 - 03807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libglesv2.dll
2017-06-27 15:11 - 2017-06-23 13:21 - 00100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libegl.dll
2016-08-12 12:20 - 2016-08-12 12:20 - 00073728 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2017-01-12 13:39 - 2017-01-04 13:28 - 01958912 _____ () C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Discord\app-0.0.297\ffmpeg.dll
2017-01-12 13:40 - 2017-01-12 13:40 - 01082880 _____ () \\?\C:\Users\LocalAdmin.R9KZHA4\AppData\Roaming\discord\0.0.297\modules\discord_voice\discord_voice.node
2017-01-12 13:40 - 2017-01-12 13:40 - 03750400 _____ () \\?\C:\Users\LocalAdmin.R9KZHA4\AppData\Roaming\discord\0.0.297\modules\discord_voice\libdiscord.dll
2017-01-12 13:40 - 2017-01-12 13:40 - 00914432 _____ () \\?\C:\Users\LocalAdmin.R9KZHA4\AppData\Roaming\discord\0.0.297\modules\discord_utils\discord_utils.node
2017-01-12 13:40 - 2017-01-12 13:40 - 01127424 _____ () \\?\C:\Users\LocalAdmin.R9KZHA4\AppData\Roaming\discord\0.0.297\modules\discord_toaster\discord_toaster.node
2017-07-30 22:27 - 2017-07-30 22:27 - 00148992 _____ () \\?\C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Temp\B1E5.tmp.node
2017-01-12 13:40 - 2017-04-27 18:38 - 02658296 _____ () \\?\C:\Users\LocalAdmin.R9KZHA4\AppData\Roaming\discord\0.0.297\modules\discord_rpc\discord_rpc.node

Broni · Aug 1, 2017

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:373E1720 [134]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1305087049-1155765426-3812204079-1008\...\aeriagames.com -> hxxps://aeriagames.com
IE trusted site: HKU\S-1-5-21-1305087049-1155765426-3812204079-1008\...\aeriagames.com -> hxxp://aeriagames.com
IE trusted site: HKU\S-1-5-21-1305087049-1155765426-3812204079-1008\...\bankcomm.com -> hxxps://*.bankcomm.com
IE trusted site: HKU\S-1-5-21-1305087049-1155765426-3812204079-1008\...\bankcomm.com -> hxxp://*.bankcomm.com
IE trusted site: HKU\S-1-5-21-1305087049-1155765426-3812204079-1008\...\com.cn -> hxxps://*.95559.com.cn
IE trusted site: HKU\S-1-5-21-1305087049-1155765426-3812204079-1008\...\com.cn -> hxxp://*.95559.com.cn

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 15:26 - 2017-07-30 22:26 - 00000002 _____ C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1305087049-1155765426-3812204079-1008\Control Panel\Desktop\\Wallpaper -> C:\Users\LocalAdmin.R9KZHA4\Pictures\Anime!\Back Grounds\18927_guilty_crown.jpg
DNS Servers: 192.168.8.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "SoftEther VPN Client Manager Startup.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "ForteConfig"
HKLM\...\StartupApproved\Run: => "SoftEther VPN Client UI Helper"
HKLM\...\StartupApproved\Run: => "Launch LCore"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "ApnUpdater"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Teacher"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "ApnTBMon"
HKLM\...\StartupApproved\Run32: => "bdbtray"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "BaofengPlatform"
HKLM\...\StartupApproved\Run32: => "BFVServer"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "Aeria Ignite"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKLM\...\StartupApproved\Run32: => "Malwarebytes Anti-Malware"
HKLM\...\StartupApproved\Run32: => "EsBOCOMUserTool"
HKU\S-1-5-21-1305087049-1155765426-3812204079-1008\...\StartupApproved\StartupFolder: => "PPS.lnk"
HKU\S-1-5-21-1305087049-1155765426-3812204079-1008\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-1305087049-1155765426-3812204079-1008\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_05BC0D9B4EDE854F63BA4586B0896E42"
HKU\S-1-5-21-1305087049-1155765426-3812204079-1008\...\StartupApproved\Run: => "Overwolf"
HKU\S-1-5-21-1305087049-1155765426-3812204079-1008\...\StartupApproved\Run: => "PPS Accelerator"
HKU\S-1-5-21-1305087049-1155765426-3812204079-1008\...\StartupApproved\Run: => "BaofengPlatform"
HKU\S-1-5-21-1305087049-1155765426-3812204079-1008\...\StartupApproved\Run: => "CBoxService"
HKU\S-1-5-21-1305087049-1155765426-3812204079-1008\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1305087049-1155765426-3812204079-1008\...\StartupApproved\Run: => "Advanced SystemCare 10"
HKU\S-1-5-21-1305087049-1155765426-3812204079-1008\...\StartupApproved\Run: => "CCleaner Monitoring"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F4CBD339-A360-49D4-9500-2CA31F400AE2}] => (Allow) C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\XnaTrans\v3.0\XnaTransX.exe
FirewallRules: [{AC070C92-009B-4AB2-B766-2556BEEBE7F2}] => (Allow) C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Bin\XnaLiveProxy.exe
FirewallRules: [{CD3E4C76-6D6A-4CA6-95E6-64CD9CC9AE1A}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{BDDF1E49-77F8-470E-8842-EA3ACE4ACCB9}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{7156FCD1-381E-4E3E-87B4-97E7FAF0297E}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{5B7BAF54-8DF6-474F-A9B7-1E9D7C7EA32B}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{473D75C7-5DAA-40D8-A050-112C38B48929}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe
FirewallRules: [{CBB5DCCE-65E5-421B-ACA6-8E0BF72540C4}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe
FirewallRules: [{1D807B22-B36C-49CA-9B4A-EF04E6923529}] => (Allow) LPort=7935
FirewallRules: [{593315AB-2256-4BAA-AC56-2F6CF6AA15E8}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{11D9F631-2C3E-4F2D-B598-55315882764E}] => (Allow) LPort=2869
FirewallRules: [{81E7D71D-FD13-4926-AE8C-846E6A35EBC9}] => (Allow) LPort=1900
FirewallRules: [{69B4544D-8191-4054-8777-6AF469F28FAB}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{61DB09F5-D984-4E56-82CA-ADFC3A655001}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{1074BDF4-4C97-4528-AD57-D1E16442B3C0}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{772DE9FA-1524-4691-B058-7796C303D349}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{3DC6E362-73A8-4624-BDC0-88F037E3CA1C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{276AB48E-427E-4906-B3AC-5FBCD517BB38}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{6C88B57B-8856-4F3B-A2EA-00F4933BA2A3}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{E3287BFD-0E21-4107-A4A4-40E85DE75D60}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{BC43CDEB-A529-4A7B-8C61-F333989647CF}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{F25FC8AA-C481-4925-A5E9-E9BBEA342E48}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{30DB857C-2F61-4FD4-9797-D233FBED97EA}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{D3E1727B-5973-4424-B22E-48E522E3416C}] => (Allow) LPort=58786
FirewallRules: [{41AE2670-E60D-473F-BC6C-A7E6386BF578}] => (Allow) LPort=58786
FirewallRules: [{0E63D806-5AC4-4248-A547-A82D8196E9CE}] => (Allow) LPort=58786
FirewallRules: [{934509F0-92B7-4696-A610-6ADAC7E31FFB}] => (Allow) LPort=58786
FirewallRules: [{D1996224-C6AA-4DE8-AF7B-16920F06E1CB}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [TCP Query User{D1BC77FD-76B2-4A8B-A16D-0CD6A31A8BA1}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{8C1E65A3-BB51-4E41-BA7A-0029DB1A97C7}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{4BA31CAB-0E4A-4AA3-BCAB-B1A03B01A6FE}] => (Allow) C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe
FirewallRules: [{2D8B32E0-D165-42FD-8BE5-B272EAB958CC}] => (Allow) C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe
FirewallRules: [{72410A48-EB45-4889-85D2-C38AFE474F6E}] => (Allow) C:\Program Files (x86)\Tencent\QQIntl\Bin\auclt.exe
FirewallRules: [{3F5D842B-FF15-4A38-8585-EDEE1EE89EB5}] => (Allow) C:\Program Files (x86)\Tencent\QQIntl\Bin\auclt.exe
FirewallRules: [{3A1B50D0-2559-4878-84F9-F0E5D389E314}] => (Allow) C:\Program Files (x86)\Tencent\QQIntl\Bin\txupd.exe
FirewallRules: [{64455630-09F3-48A2-B0D1-5E661ACFBEFF}] => (Allow) C:\Program Files (x86)\Tencent\QQIntl\Bin\txupd.exe
FirewallRules: [TCP Query User{54D1944F-758F-45A3-8300-3E1730B4F9B8}C:\program files (x86)\tencent\qqintl\bin\qq.exe] => (Block) C:\program files (x86)\tencent\qqintl\bin\qq.exe
FirewallRules: [UDP Query User{B95968B6-2764-4917-B42C-F0526A4FC2C6}C:\program files (x86)\tencent\qqintl\bin\qq.exe] => (Block) C:\program files (x86)\tencent\qqintl\bin\qq.exe
FirewallRules: [{B47EF81A-0BA5-48D3-BBF2-9AAD3D2E1E4A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4BF71186-30A2-4B6B-A791-9A9D9888C74B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F4E3F878-B0B1-4CA0-8A09-F43909C31300}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A1701046-33D9-4B0E-BAD6-8663CA9F79E6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{CE6D494E-35F6-4207-8A79-6CD35BC64969}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{49DC76E7-856B-4927-A07F-4637318B259D}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{58C01629-CC3B-4AD7-93B6-FE8364721BE2}] => (Allow) C:\ProgramData\Baidu\BaiduPlayer2\bdupdate2.6.2.40.exe
FirewallRules: [{556F88F9-BBE7-43C6-94B2-D79ED4376A60}] => (Allow) C:\ProgramData\Baidu\BaiduPlayer2\bdupdate2.6.2.67.exe
FirewallRules: [TCP Query User{3F2CB2FF-78BB-4890-BF6A-AE6D1108870F}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{B9BDC877-A63B-4FF2-A06A-9A54F4AED884}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{105FC89E-BB78-432A-A434-37DCAD8A402C}] => (Allow) C:\Users\LocalAdmin.R9KZHA4\AppData\Local\SoftEther VPN Client\vpncmgr.exe
FirewallRules: [{25E6A1D2-B621-4AC4-8195-BDE9BE0184A0}] => (Allow) C:\Users\LocalAdmin.R9KZHA4\AppData\Local\SoftEther VPN Client\vpnclient_x64.exe
FirewallRules: [{6A1F4744-20B4-49C1-A1B9-751807E4569E}] => (Allow) C:\Users\LocalAdmin.R9KZHA4\AppData\Local\SoftEther VPN Client\vpncmd.exe
FirewallRules: [{4BEFEB60-89E7-44C1-B4D7-3772FF978E21}] => (Allow) C:\Users\LocalAdmin.R9KZHA4\AppData\Local\SoftEther VPN Client\vpncmgr_x64.exe
FirewallRules: [{D2815717-6B6A-43DE-88D2-5D78987F8D83}] => (Allow) C:\Users\LocalAdmin.R9KZHA4\AppData\Local\SoftEther VPN Client\vpnclient.exe
FirewallRules: [{53B2877B-3B72-40F4-821E-110EF647190B}] => (Allow) C:\Users\LocalAdmin.R9KZHA4\AppData\Local\SoftEther VPN Client\vpncmd_x64.exe
FirewallRules: [{9AA718A3-8B9B-4F37-996B-C6A39348CCDE}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{1640074A-CCCC-4AB8-8B7C-BAE31386D034}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{F87868BC-395F-490C-98E9-8A9885976B9E}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{1BB62630-8006-4181-8BA4-F39F40813C70}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{B78F6F67-8593-455A-9F73-0BA78B0AA8FE}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{A5674832-A464-47F8-8C09-B35D3CF05E6A}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [TCP Query User{1B5A0DBF-A51F-4D56-BEC3-72A53ABA88BB}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{EF78985C-D77B-4BC9-A6D9-632A3E5A61C9}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{FF9D90AA-A74A-491F-A67C-824D98B63B63}C:\program files (x86)\ti education\ti-nspire cas student software\ti-nspire cas student software.exe] => (Allow) C:\program files (x86)\ti education\ti-nspire cas student software\ti-nspire cas student software.exe
FirewallRules: [UDP Query User{3C2FBBEA-7B6F-4FEE-BE65-C95D3E22A7C4}C:\program files (x86)\ti education\ti-nspire cas student software\ti-nspire cas student software.exe] => (Allow) C:\program files (x86)\ti education\ti-nspire cas student software\ti-nspire cas student software.exe
FirewallRules: [TCP Query User{BE6A47BB-AD1D-460E-8044-38D4DD43ED53}C:\program files (x86)\ti education\ti-nspire cas student software\jre\bin\java.exe] => (Allow) C:\program files (x86)\ti education\ti-nspire cas student software\jre\bin\java.exe
FirewallRules: [UDP Query User{08C1B9EE-F6AC-41AE-8010-174466D824DE}C:\program files (x86)\ti education\ti-nspire cas student software\jre\bin\java.exe] => (Allow) C:\program files (x86)\ti education\ti-nspire cas student software\jre\bin\java.exe
FirewallRules: [TCP Query User{81C50F22-97F5-4595-84FF-EDF8D61C2215}C:\program files (x86)\ti education\ti-nspire cas student software\ti-nspire cas student software.exe] => (Block) C:\program files (x86)\ti education\ti-nspire cas student software\ti-nspire cas student software.exe
FirewallRules: [UDP Query User{780EAB7B-31A4-4A61-ABAD-8CB1D3240F4C}C:\program files (x86)\ti education\ti-nspire cas student software\ti-nspire cas student software.exe] => (Block) C:\program files (x86)\ti education\ti-nspire cas student software\ti-nspire cas student software.exe
FirewallRules: [TCP Query User{FACFDD65-2A61-49A1-9908-AE2BB9D33D6E}C:\program files (x86)\ti education\ti-nspire cas student software\jre\bin\java.exe] => (Block) C:\program files (x86)\ti education\ti-nspire cas student software\jre\bin\java.exe
FirewallRules: [UDP Query User{A9493E91-6769-41CA-93AA-3709969F8C81}C:\program files (x86)\ti education\ti-nspire cas student software\jre\bin\java.exe] => (Block) C:\program files (x86)\ti education\ti-nspire cas student software\jre\bin\java.exe
FirewallRules: [{DAA9881B-5A88-4501-852D-234CDD6E1984}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{FDFAE15A-F667-47ED-B482-926B9A48DCCA}] => (Allow) C:\Program Files\SoftEther VPN Client Manager\vpncmgr_x64.exe
FirewallRules: [{711A7D01-8CE5-4C5C-BA31-1C02AEBCBD92}] => (Allow) C:\Program Files\SoftEther VPN Client Manager\vpncmd_x64.exe
FirewallRules: [TCP Query User{47A00787-9717-4E25-A925-43511D999506}C:\program files (x86)\ti education\ti-nspire cas student software\ti-nspire cas student software.exe] => (Block) C:\program files (x86)\ti education\ti-nspire cas student software\ti-nspire cas student software.exe
FirewallRules: [UDP Query User{F0ED6561-429C-42A0-8865-CC281D122EB0}C:\program files (x86)\ti education\ti-nspire cas student software\ti-nspire cas student software.exe] => (Block) C:\program files (x86)\ti education\ti-nspire cas student software\ti-nspire cas student software.exe
FirewallRules: [TCP Query User{CE4CE86F-3149-4D99-989B-AB77C37E412C}C:\program files (x86)\ti education\ti-nspire cas student software\jre\bin\java.exe] => (Block) C:\program files (x86)\ti education\ti-nspire cas student software\jre\bin\java.exe
FirewallRules: [UDP Query User{AD89D4E3-E265-4498-A285-3BD32C8DCD81}C:\program files (x86)\ti education\ti-nspire cas student software\jre\bin\java.exe] => (Block) C:\program files (x86)\ti education\ti-nspire cas student software\jre\bin\java.exe
FirewallRules: [{AD04A13F-FB75-4D39-A5CE-660CA3225688}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7AADFF67-0D20-4C9F-AF3B-0CD99143D3A1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6828B242-E484-4A80-9955-BAB6B322DD8D}] => (Allow) C:\WINDOWS\CCM\RemCtrl\CmRcService.exe
FirewallRules: [{9BB2FF85-9509-4BBB-AFDC-C743CD1222EC}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{68C35754-D7EA-4D6E-AA17-E64E516D8AB4}] => (Allow) C:\WINDOWS\CCM\RemCtrl\CmRcService.exe
FirewallRules: [TCP Query User{968D5BF1-D244-4F9C-94A3-7DDE0E597A9F}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{E1BAA4C1-F895-44FD-A345-0DD58C34A744}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{AA9BCCB0-892B-4698-9CEF-50FDB6933CA2}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{CC4ABB3A-1A4B-4869-BB77-082791104DB6}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{E819CF3D-8BAF-4837-A80D-A3DE0D78C3BE}] => (Allow) C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
FirewallRules: [{7A3E31EE-7FB2-4071-A3F5-5E22C7E2A265}] => (Allow) C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
FirewallRules: [{FA50F2E5-9479-46CA-ACE3-A3B913DAC6C9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{F8B67689-2B26-4BFD-8781-DE48D4926BD6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{CC90C435-6BC2-4BB4-99F8-66CF1B5D9D8F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F7330749-9775-4687-9ACC-3F9C652AF8C2}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{B5580A97-C894-46CF-826B-0C95989D64E3}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{5C5D0BE2-D354-4F0D-8FC4-583BB5F34190}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{5063AF2C-8557-417E-A226-3471F938399B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{BB8BBBF1-11F1-4730-B3C8-5BA74BF29AD4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KillingFloor\System\KillingFloor.exe
FirewallRules: [{4A9F650E-791A-47BB-B27F-7621362E5B78}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KillingFloor\System\KillingFloor.exe
FirewallRules: [{891985EA-2A3D-4782-86FB-FBB1AB8C28B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{8E4EE7F4-4B00-4280-9D19-21231281C4E5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{30CCB695-014A-4700-8C15-E3D3B7DDCF28}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{9FFA4CE9-D4A7-4886-A19F-59623F3136D1}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{BC2C852B-E8C5-4F5E-B701-0B293AB54CA0}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{81109275-F6CB-4E6A-A3BB-3E3D09B7E576}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{64B7E74D-D655-47FB-9D9F-05B3CDC1CD16}] => (Allow) C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
FirewallRules: [{369A7922-429F-4964-BFB0-15AAFF0D4392}] => (Allow) C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe

==================== Restore Points =========================

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (07/30/2017 08:52:52 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007251E
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=458e1bec-837a-45f6-b9d5-925ed5d299de;NotificationInterval=1440;Trigger=NetworkQuarantineRetry

Error: (07/30/2017 08:52:10 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007251E
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=458e1bec-837a-45f6-b9d5-925ed5d299de;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (07/30/2017 08:35:48 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "SQLAgent$SQLEXPRESS" in DLL "perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (07/30/2017 08:35:47 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "MSSQL$SQLEXPRESS" in DLL "perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (07/30/2017 08:35:44 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "aspnet_state" in DLL "C:\WINDOWS\System32\aspnet_counters.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (07/30/2017 08:35:44 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "ASP.NET_4.0.30319" in DLL "C:\WINDOWS\System32\aspnet_counters.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (07/30/2017 08:35:44 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "ASP.NET" in DLL "C:\WINDOWS\System32\aspnet_counters.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (07/30/2017 08:35:43 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service ".NETFramework" in DLL "C:\WINDOWS\system32\mscoree.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (07/30/2017 08:30:34 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007267C
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=458e1bec-837a-45f6-b9d5-925ed5d299de;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (07/30/2017 08:27:06 PM) (Source: MSSQL$SQLEXPRESS) (EventID: 8317) (User: )
Description: Cannot query value 'First Counter' associated with registry key 'HKLM\SYSTEM\CurrentControlSet\Services\MSSQL$SQLEXPRESS\Performance'. SQL Server performance counters are disabled.

System errors:
=============
Error: (07/30/2017 10:20:07 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (07/30/2017 08:46:54 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (07/30/2017 08:32:24 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain STHELENA due to the following:
There are currently no logon servers available to service the logon request.

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.

ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (07/30/2017 08:30:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Bitdefender RedLine Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (07/30/2017 08:27:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (07/30/2017 08:27:35 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.

Error: (07/30/2017 08:27:05 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1130) (User: NT AUTHORITY)
Description: 0 failed.
GPO Name : Computer (VCAA On-Demand Testing)
GPO File System Path : \\sthelena.vic.edu.au\SysVol\sthelena.vic.edu.au\Policies\{7A247186-A607-464A-9CAF-A32F2562323A}\Machine
Script Name: Ondemand Install.bat

Error: (07/30/2017 08:27:01 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: NT AUTHORITY)
Description: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

Error: (07/30/2017 08:25:32 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:56:28 PM on ‎30/‎07/‎2017 was unexpected.

Error: (07/30/2017 08:16:08 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

CodeIntegrity:
===================================
Date: 2017-07-30 20:57:45.916
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-07-30 20:39:19.155
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-07-30 20:31:18.621
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-07-30 20:28:50.144
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-07-30 20:28:19.878
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-07-30 20:24:45.438
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\Drivers\risdxc64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-07-30 20:06:18.487
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-07-30 19:59:33.708
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-07-30 19:55:43.313
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\Drivers\risdxc64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-07-29 00:15:13.937
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz
Percentage of memory in use: 89%
Total physical RAM: 3979.23 MB
Available physical RAM: 410.22 MB
Total Virtual: 8075.23 MB
Available Virtual: 1863.74 MB

==================== Drives ================================

Drive c: (OSDisk) (Fixed) (Total:273.67 GB) (Free:71.96 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Stuff) (Fixed) (Total:24.41 GB) (Free:18.31 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 2D4B5698)
Partition 1: (Active) - (Size=273.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=24.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Broni · Aug 1, 2017

Uninstall following unwanted program: YTD Video Downloader.

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all the running programs
Double click on downloaded setup.exe file to install the program.
Click on Start Scan button.
Click on another Start Scan button.
Wait until the Status box shows Scan Finished
Click on Remove Selected.
Wait until the Status box shows Deleting Finished.
Click on Report and copy/paste the content of the Notepad into your next reply.
RKreport.txt could also be found on your desktop.
If more than one log is produced post all logs.

Please download Malwarebytes to your desktop.

Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
Then click Finish.
Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
Restart your computer when prompted to do so.
The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator
The tool will start to update the database if one is required.
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Logfile button.
A window will open which lists the logs of your scans.
Click on the Scan tab.
Double-click the most recent scan which will be at the top of the list....the log will appear.
Review the results...see note below
After reviewing the log, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Broni · Aug 7, 2017

Reopened.

Shinritox · Aug 9, 2017

Weird, my Rogue Killer log disappeared... anyways, here is the rest of them

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 8/6/17
Scan Time: 8:42 AM
Logfile: Malwarebytes scan.txt
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.75
Update Package Version: 1.0.2519
License: Free

-System Information-
OS: Windows 8
CPU: x64
File System: NTFS
User: R9KZHA4\LocalAdmin

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 556743
Time Elapsed: 39 min, 13 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

(end)

Shinritox · Aug 9, 2017

Can't post AdwCleaner[S0].txt, requires admin permission etc, so I just attached it (That should be everything beside Rogue Killer, I can show you a screenshot of the the history on RogueKiller but the log seems to have deleted themselves? Weird...)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 8 Enterprise x64
Ran by LocalAdmin (Administrator) on Tue 08/08/2017 at 0:59:17.11
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 20

Successfully deleted: C:\ProgramData\mntemp (File)
Successfully deleted: C:\ProgramData\productdata (Folder)
Successfully deleted: C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gkojfkhlekighikafcpjkiklfbnlmeio (Folder)
Successfully deleted: C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gkojfkhlekighikafcpjkiklfbnlmeio_0.localstorage (File)
Successfully deleted: C:\Users\LocalAdmin.R9KZHA4\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\ytd video downloader.lnk (Shortcut)
Successfully deleted: C:\Users\LocalAdmin.R9KZHA4\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\hdvc3@hdvidcodec.com.xpi (File)
Successfully deleted: C:\Users\LocalAdmin.R9KZHA4\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\user.js (File)
Successfully deleted: C:\Users\LocalAdmin.R9KZHA4\AppData\Roaming\productdata (Folder)
Successfully deleted: C:\Users\LocalAdmin.R9KZHA4\AppData\Roaming\tencent (Folder)
Successfully deleted: C:\Users\LocalAdmin.R9KZHA4\Desktop\ytd video downloader.lnk (Shortcut)
Successfully deleted: C:\Program Files (x86)\Common Files\tencent (Folder)
Successfully deleted: C:\ProgramData\caontaiunnuuetoossave (Folder)
Successfully deleted: C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G50FP8LH (Temporary Internet Files Folder)
Successfully deleted: C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HGJ863IB (Temporary Internet Files Folder)
Successfully deleted: C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IJMKKBB1 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ISTXC1BO (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G50FP8LH (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HGJ863IB (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IJMKKBB1 (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ISTXC1BO (Temporary Internet Files Folder)

Registry: 4

Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_05BC0D9B4EDE854F63BA4586B0896E42 (Registry Value)
Successfully deleted: HKLM\Software\MozillaPlugins\@baidu.com/npxbdsetup (Registry Key)
Successfully deleted: HKLM\Software\MozillaPlugins\@qq.com/npqscall (Registry Key)
Successfully deleted: HKLM\Software\MozillaPlugins\@qq.com/txsso (Registry Key)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 08/08/2017 at 1:15:30.64
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Broni · Aug 9, 2017

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.
Close any open browsers.
Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
If the connection is not there use restore point you created prior to running Combofix.
Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

Double-click on the Rkill desktop icon to run the tool.
If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

Shinritox · Aug 14, 2017

Wait, so do I need to completely disable Bitdefender before running combofix? Okay...

Broni · Aug 14, 2017

Shinritox · Aug 19, 2017

ComboFix 17-08-04.01 - LocalAdmin 20/08/2017 0:03.1.4 - x64
Microsoft Windows 8 Enterprise 6.2.9200.0.1252.61.1033.18.3979.1988 [GMT 10:00]
Running from: c:\users\LocalAdmin.R9KZHA4\Downloads\ComboFix.exe
AV: Bitdefender Antivirus *Disabled/Updated* {3FB17364-4FCC-0FA7-6BBF-973897395371}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall *Enabled* {078AF241-05A3-0EFF-40E0-3E0D69EA140A}
SP: Bitdefender Antispyware *Disabled/Updated* {84D09280-69F6-0029-510F-AC4AECBE19CC}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Microsoft
c:\windows\msdownld.tmp
.
.
((((((((((((((((((((((((( Files Created from 2017-07-19 to 2017-08-19 )))))))))))))))))))))))))))))))
.
.
2017-08-19 14:33 . 2017-08-19 14:33 -------- d-----w- c:\users\ZHA0003.STHELENA\AppData\Local\temp
2017-08-19 14:33 . 2017-08-19 14:33 -------- d-----w- c:\users\LocalAdmin.R9KZHA4\AppData\Local\temp
2017-08-18 09:36 . 2017-08-18 11:03 -------- d-----w- c:\programdata\ProductData
2017-08-18 06:32 . 2017-08-18 06:32 -------- d-----w- c:\users\LocalAdmin.R9KZHA4\AppData\Local\CrashDumps
2017-08-17 15:32 . 2014-01-31 00:48 485888 ----a-w- c:\windows\SysWow64\WSDApi.dll
2017-08-17 15:32 . 2014-01-31 00:06 599040 ----a-w- c:\windows\system32\WSDApi.dll
2017-08-17 15:31 . 2014-02-01 06:55 41984 ----a-w- c:\windows\system32\fveskybackup.dll
2017-08-17 15:30 . 2014-02-03 23:56 332632 ----a-w- c:\windows\system32\drivers\storport.sys
2017-08-17 15:30 . 2014-02-03 23:56 278872 ----a-w- c:\windows\system32\drivers\msiscsi.sys
2017-08-17 15:30 . 2014-01-27 03:39 1939288 ----a-w- c:\windows\system32\drivers\ntfs.sys
2017-08-17 15:30 . 2014-01-02 23:32 523264 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2017-08-17 15:30 . 2014-01-02 23:35 365568 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2017-08-17 05:00 . 2014-06-17 23:27 1440256 ----a-w- c:\windows\SysWow64\osk.exe
2017-08-17 05:00 . 2014-06-11 14:47 1616896 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tabskb.dll
2017-08-17 05:00 . 2014-06-17 23:24 1557504 ----a-w- c:\windows\system32\osk.exe
2017-08-07 13:37 . 2017-08-07 13:44 -------- d-----w- C:\AdwCleaner
2017-08-06 16:42 . 2017-08-06 16:42 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2017-08-06 16:42 . 2017-08-07 05:23 -------- d-----w- c:\programdata\RogueKiller
2017-08-06 16:40 . 2017-08-06 16:41 -------- d-----w- c:\program files\RogueKiller
2017-07-30 12:36 . 2017-07-30 12:47 -------- d-----w- C:\FRST
2017-07-27 06:24 . 2017-07-27 06:24 -------- d-----w- c:\users\LocalAdmin.R9KZHA4\AppData\Local\Tvsukernel
2017-07-27 06:18 . 2017-08-17 05:28 31152 ----a-w- c:\windows\system32\drivers\pmxdrv.sys
2017-07-26 08:42 . 2017-07-26 08:42 -------- d-----w- c:\windows\net35
2017-07-26 06:40 . 2017-07-26 06:40 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 12.0
2017-07-26 01:02 . 2016-01-05 20:16 826328 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2017-07-26 01:02 . 2016-01-05 20:16 176088 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2017-07-26 00:50 . 2017-07-26 00:50 -------- d-----w- c:\windows\Migration
2017-07-26 00:50 . 2017-07-26 00:50 -------- d-s---w- c:\windows\system32\CompatTel
2017-07-26 00:50 . 2017-07-26 00:50 -------- d-----w- c:\windows\system32\appraiser
2017-07-25 11:58 . 2014-10-09 04:00 69632 ----a-w- c:\windows\system32\vsstrace.dll
2017-07-25 11:58 . 2014-10-09 03:59 52224 ----a-w- c:\windows\SysWow64\vsstrace.dll
2017-07-25 11:58 . 2014-10-09 04:00 1484288 ----a-w- c:\windows\system32\VSSVC.exe
2017-07-25 11:58 . 2014-10-09 04:00 1519104 ----a-w- c:\windows\system32\vssapi.dll
2017-07-25 11:58 . 2014-10-09 03:59 1195520 ----a-w- c:\windows\SysWow64\vssapi.dll
2017-07-25 11:20 . 2017-08-17 09:07 -------- d-----w- c:\windows\system32\MRT
2017-07-25 10:26 . 2014-07-15 22:51 71168 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
2017-07-25 07:14 . 2014-04-16 18:20 29888 ----a-w- c:\windows\system32\aspnet_counters.dll
2017-07-25 07:14 . 2014-04-16 18:20 28352 ----a-w- c:\windows\SysWow64\aspnet_counters.dll
2017-07-23 12:21 . 2015-07-01 13:00 227328 ----a-w- c:\windows\system32\WebClnt.dll
2017-07-23 12:21 . 2015-07-01 12:58 104448 ----a-w- c:\windows\system32\davclnt.dll
2017-07-23 12:21 . 2015-07-01 11:42 198656 ----a-w- c:\windows\SysWow64\WebClnt.dll
2017-07-23 12:21 . 2015-07-01 11:41 86016 ----a-w- c:\windows\SysWow64\davclnt.dll
2017-07-23 12:18 . 2014-11-05 06:39 1024512 ----a-w- c:\windows\system32\localspl.dll
2017-07-23 12:18 . 2014-11-05 06:40 733184 ----a-w- c:\windows\system32\win32spl.dll
2017-07-23 12:18 . 2014-10-29 14:21 499008 ----a-w- c:\windows\system32\drivers\vhdmp.sys
2017-07-23 12:18 . 2014-08-28 06:01 17920 ----a-w- c:\windows\system32\wuaext.dll
2017-07-23 12:16 . 2015-06-27 13:46 1314816 ----a-w- c:\windows\system32\rpcrt4.dll
2017-07-23 12:16 . 2015-06-27 13:23 694784 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2017-07-23 12:13 . 2015-03-04 06:39 632832 ----a-w- c:\windows\system32\apphelp.dll
2017-07-23 12:13 . 2015-03-04 04:52 676864 ----a-w- c:\windows\SysWow64\apphelp.dll
2017-07-23 12:13 . 2015-03-04 06:39 204288 ----a-w- c:\windows\system32\aelupsvc.dll
2017-07-23 12:13 . 2015-03-04 06:41 25088 ----a-w- c:\windows\system32\sdbinst.exe
2017-07-23 12:13 . 2015-03-04 04:53 21504 ----a-w- c:\windows\SysWow64\sdbinst.exe
2017-07-23 12:13 . 2014-09-26 03:01 28616704 ----a-w- c:\program files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2017-07-23 12:13 . 2014-09-26 02:33 27853824 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2017-07-23 12:13 . 2015-08-01 16:21 73352 ----a-w- c:\windows\system32\appidapi.dll
2017-07-23 12:13 . 2015-08-01 15:22 63992 ----a-w- c:\windows\SysWow64\appidapi.dll
2017-07-23 12:13 . 2015-08-01 13:56 139776 ----a-w- c:\windows\system32\appidpolicyconverter.exe
2017-07-23 12:13 . 2015-08-01 13:56 39424 ----a-w- c:\windows\system32\appidsvc.dll
2017-07-23 12:13 . 2015-08-01 13:56 18432 ----a-w- c:\windows\system32\appidcertstorecheck.exe
2017-07-23 12:12 . 2014-09-03 02:21 585728 ----a-w- c:\windows\system32\rastls.dll
2017-07-23 12:12 . 2014-09-03 02:48 510464 ----a-w- c:\windows\SysWow64\rastls.dll
2017-07-23 12:09 . 2015-07-09 21:46 5982208 ----a-w- c:\windows\system32\mstscax.dll
2017-07-23 12:09 . 2015-07-09 21:44 322560 ----a-w- c:\windows\system32\aaclient.dll
2017-07-23 12:09 . 2015-07-09 20:17 5095424 ----a-w- c:\windows\SysWow64\mstscax.dll
2017-07-23 12:09 . 2015-07-09 20:16 269824 ----a-w- c:\windows\SysWow64\aaclient.dll
2017-07-23 12:09 . 2015-07-13 21:05 48128 ----a-w- c:\windows\system32\csrsrv.dll
2017-07-23 12:09 . 2015-07-13 21:05 54272 ----a-w- c:\windows\system32\basesrv.dll
2017-07-23 12:06 . 2015-09-02 13:49 2341376 ----a-w- c:\windows\system32\msxml6.dll
2017-07-23 12:06 . 2015-09-02 13:49 1850880 ----a-w- c:\windows\system32\msxml3.dll
2017-07-23 12:06 . 2015-09-02 13:38 1744384 ----a-w- c:\windows\SysWow64\msxml6.dll
2017-07-23 12:06 . 2015-09-02 13:38 1422336 ----a-w- c:\windows\SysWow64\msxml3.dll
2017-07-23 12:05 . 2014-12-11 06:51 62976 ----a-w- c:\windows\system32\TSWbPrxy.exe
2017-07-23 11:52 . 2015-08-05 13:52 1287680 ----a-w- c:\windows\system32\schedsvc.dll
2017-07-23 10:31 . 2015-08-04 13:54 10116608 ----a-w- c:\windows\system32\twinui.dll
2017-07-23 10:31 . 2015-08-04 14:42 8858112 ----a-w- c:\windows\SysWow64\twinui.dll
2017-07-23 10:31 . 2015-08-04 14:42 2038784 ----a-w- c:\windows\SysWow64\authui.dll
2017-07-23 10:31 . 2015-08-04 13:54 1399808 ----a-w- c:\windows\system32\Windows.UI.Immersive.dll
2017-07-23 10:31 . 2015-08-04 13:53 2307584 ----a-w- c:\windows\system32\authui.dll
2017-07-23 10:31 . 2015-08-04 14:42 1229824 ----a-w- c:\windows\SysWow64\Windows.UI.Immersive.dll
2017-07-23 10:31 . 2015-08-04 13:53 449024 ----a-w- c:\windows\system32\SettingSync.dll
2017-07-23 10:31 . 2015-08-04 14:42 356352 ----a-w- c:\windows\SysWow64\SettingSync.dll
2017-07-23 10:31 . 2015-08-04 14:42 100864 ----a-w- c:\windows\SysWow64\SettingSyncInfo.dll
2017-07-23 10:31 . 2015-08-04 13:53 128512 ----a-w- c:\windows\system32\SettingSyncInfo.dll
2017-07-23 10:30 . 2015-01-29 08:05 1627648 ----a-w- c:\windows\system32\WindowsCodecs.dll
2017-07-23 10:30 . 2015-01-29 06:19 1339392 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2017-07-23 10:28 . 2013-06-22 05:45 785624 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2017-07-23 10:28 . 2013-06-22 05:45 54488 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2017-07-23 10:28 . 2013-07-01 22:14 25600 ----a-w- c:\windows\system32\drivers\usbprint.sys
2017-07-23 10:27 . 2013-07-05 22:02 99328 ----a-w- c:\windows\system32\drivers\usbcir.sys
2017-07-23 10:27 . 2013-07-05 22:02 121984 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2017-07-23 10:27 . 2013-07-05 22:01 210560 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2017-07-23 10:27 . 2014-10-09 03:59 623616 ----a-w- c:\windows\system32\dnsapi.dll
2017-07-23 10:27 . 2014-09-22 05:38 673792 ----a-w- c:\windows\system32\mfmpeg2srcsnk.dll
2017-07-23 10:27 . 2014-09-17 22:57 1346560 ----a-w- c:\windows\system32\srmclient.dll
2017-07-23 10:27 . 2014-09-22 03:56 513536 ----a-w- c:\windows\SysWow64\mfmpeg2srcsnk.dll
2017-07-23 10:26 . 2014-09-17 23:24 987136 ----a-w- c:\windows\SysWow64\srmclient.dll
2017-07-23 10:26 . 2014-09-17 22:57 652800 ----a-w- c:\windows\system32\srmscan.dll
2017-07-23 10:26 . 2014-10-09 03:59 212992 ----a-w- c:\windows\system32\dnsrslvr.dll
2017-07-23 10:26 . 2014-09-17 23:24 487936 ----a-w- c:\windows\SysWow64\srmscan.dll
2017-07-23 10:26 . 2014-09-17 23:24 104448 ----a-w- c:\windows\SysWow64\adrclient.dll
2017-07-23 10:26 . 2014-09-17 22:57 134144 ----a-w- c:\windows\system32\adrclient.dll
2017-07-23 10:26 . 2014-09-17 23:24 278528 ----a-w- c:\windows\SysWow64\srm.dll
2017-07-23 10:26 . 2014-09-17 22:57 279040 ----a-w- c:\windows\system32\srm.dll
2017-07-23 10:18 . 2013-07-08 22:46 543744 ----a-w- c:\windows\system32\wwanmm.dll
2017-07-23 10:18 . 2013-06-30 22:29 77312 ----a-w- c:\windows\system32\openfiles.exe
2017-07-23 10:18 . 2013-06-26 03:01 321536 ----a-w- c:\windows\system32\drivers\udfs.sys
2017-07-23 10:18 . 2013-07-09 03:57 245760 ----a-w- c:\windows\SysWow64\LocationApi.dll
2017-07-23 10:18 . 2013-07-08 22:45 312832 ----a-w- c:\windows\system32\LocationApi.dll
2017-07-23 10:18 . 2013-06-30 22:30 67072 ----a-w- c:\windows\SysWow64\openfiles.exe
2017-07-23 10:18 . 2013-06-11 23:43 154112 ----a-w- c:\windows\SysWow64\WinSCard.dll
2017-07-23 10:16 . 2015-02-24 07:58 861696 ----a-w- c:\windows\system32\drivers\http.sys
2017-07-23 10:10 . 2013-05-04 04:58 758784 ----a-w- c:\windows\SysWow64\Magnify.exe
2017-07-23 10:10 . 2013-05-04 04:56 449536 ----a-w- c:\windows\SysWow64\DevicePairing.dll
2017-07-23 10:10 . 2013-05-04 04:57 115712 ----a-w- c:\windows\SysWow64\netprofm.dll
2017-07-23 10:10 . 2013-05-04 06:57 122368 ----a-w- c:\windows\system32\biwinrt.dll
2017-07-23 10:10 . 2013-05-04 04:56 582144 ----a-w- c:\windows\SysWow64\gpprefcl.dll
2017-07-23 10:10 . 2013-05-04 04:56 92160 ----a-w- c:\windows\SysWow64\biwinrt.dll
2017-07-23 10:10 . 2013-05-04 06:57 179712 ----a-w- c:\windows\system32\bisrv.dll
2017-07-23 10:10 . 2013-05-04 04:55 389632 ----a-w- c:\windows\SysWow64\intl.cpl
2017-07-23 10:10 . 2013-05-04 04:56 411136 ----a-w- c:\windows\SysWow64\mfmp4srcsnk.dll
2017-07-23 10:10 . 2013-05-04 04:56 309760 ----a-w- c:\windows\SysWow64\BCP47Langs.dll
2017-07-23 10:10 . 2013-05-04 06:57 17408 ----a-w- c:\windows\system32\muifontsetup.dll
2017-07-23 10:10 . 2013-05-04 04:57 18432 ----a-w- c:\windows\SysWow64\npmproxy.dll
2017-07-23 10:10 . 2013-05-04 04:57 14336 ----a-w- c:\windows\SysWow64\muifontsetup.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-08-17 08:45 . 2013-03-18 09:11 140394280 -c--a-w- c:\windows\system32\MRT.exe
2017-08-06 16:36 . 2017-04-20 06:56 251840 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2017-07-12 09:35 . 2017-07-12 09:35 57154 ----a-w- c:\programdata\dm.1499852042.bdinstall.bin
2017-07-12 09:32 . 2017-07-12 09:32 74895 ----a-w- c:\programdata\cl.kit.1499849373.bdinstall.bin
2017-07-12 09:32 . 2017-07-12 09:32 480136 ----a-w- c:\programdata\cl.1499849406.bdinstall.bin
2017-07-12 08:36 . 2017-07-12 08:36 51124 ----a-w- c:\programdata\agent.1499848547.bdinstall.bin
2017-06-07 19:19 . 2017-07-12 09:29 346704 ----a-w- c:\windows\system32\drivers\ignis.sys
2017-06-06 19:04 . 2017-07-12 09:29 950160 ----a-w- c:\windows\system32\drivers\atc.sys
2017-05-30 20:45 . 2013-03-18 09:07 565416 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2017-02-22 22:29 1743664 ----a-w- c:\progra~2\MIF5BA~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2017-02-22 22:29 1743664 ----a-w- c:\progra~2\MIF5BA~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2017-02-22 22:29 1743664 ----a-w- c:\progra~2\MIF5BA~1\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Overwolf"="c:\program files (x86)\Overwolf\OverwolfLauncher.exe" [2017-08-02 1058360]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2017-06-30 9818328]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2017-07-18 3062560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2012-04-17 112408]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-03-20 60712]
"EsBOCOMUserTool"="c:\program files (x86)\BOCOM\USBkey 2G\USBkey 2G-WDC-OKey\bocom2g_wdc_mon.exe" [2016-07-18 436576]
.
c:\users\LocalAdmin.R9KZHA4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Send to OneNote.lnk - c:\program files (x86)\Microsoft Office\Office15\ONENOTEM.EXE /tsr [2017-6-13 194736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SoftEther VPN Client Manager Startup.lnk - c:\users\LocalAdmin.R9KZHA4\AppData\Local\SoftEther VPN Client\vpncmgr_x64.exe /startup [2014-8-26 4543544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1728701792-3873544109-2449630785-43599\Scripts\Logoff\0\0]
"Script"=LogoffHistory.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1728701792-3873544109-2449630785-43599\Scripts\Logon\0\0]
"Script"=timesync.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1728701792-3873544109-2449630785-43599\Scripts\Logon\1\0]
"Script"=Logon History.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1728701792-3873544109-2449630785-43665\Scripts\Logoff\0\0]
"Script"=LogoffHistory.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1728701792-3873544109-2449630785-43665\Scripts\Logon\0\0]
"Script"=Logon History.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1728701792-3873544109-2449630785-44254\Scripts\Logoff\0\0]
"Script"=LogoffHistory.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1728701792-3873544109-2449630785-44254\Scripts\Logon\0\0]
"Script"=timesync.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1728701792-3873544109-2449630785-44254\Scripts\Logon\1\0]
"Script"=System_Info_Generator local.bat
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
R0 bdelam;bdelam;c:\windows\system32\drivers\bdelam.sys;c:\windows\SYSNATIVE\drivers\bdelam.sys [x]
R2 Origin Web Helper Service;Origin Web Helper Service;c:\program files (x86)\Origin\OriginWebHelperService.exe;c:\program files (x86)\Origin\OriginWebHelperService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\System32\drivers\dc3d.sys;c:\windows\SYSNATIVE\drivers\dc3d.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 EvolveVirtualAdapter;Evolve Virtual Miniport Driver;c:\windows\system32\DRIVERS\evolve.sys;c:\windows\SYSNATIVE\DRIVERS\evolve.sys [x]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
R3 hxsyol;hxsyol;c:\aeriagames\AuraKingdom\avital\hxsy64.sys;c:\aeriagames\AuraKingdom\avital\hxsy64.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IFCoEMP;Intel(R) Ethernet Virtual Storage Miniport Driver for FCoE;c:\windows\System32\drivers\ifM60x64.sys;c:\windows\SYSNATIVE\drivers\ifM60x64.sys [x]
R3 IFCoEVB;Intel(R) Ethernet Virtual Bus Driver for FCoE;c:\windows\System32\drivers\ifP60X64.sys;c:\windows\SYSNATIVE\drivers\ifP60X64.sys [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
R3 lpasvc;Microsoft Policy Platform Local Authority;c:\program files\Microsoft Policy Platform\policyHost.exe;c:\program files\Microsoft Policy Platform\policyHost.exe [x]
R3 lppsvc;Microsoft Policy Platform Processor;c:\program files\Microsoft Policy Platform\policyHost.exe;c:\program files\Microsoft Policy Platform\policyHost.exe [x]
R3 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 netvsc;netvsc;c:\windows\System32\drivers\netvsc63.sys;c:\windows\SYSNATIVE\drivers\netvsc63.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 OverwolfUpdater;Overwolf Updater Windows SCM;c:\program files (x86)\Overwolf\OverwolfUpdater.exe;c:\program files (x86)\Overwolf\OverwolfUpdater.exe [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\System32\drivers\point64.sys;c:\windows\SYSNATIVE\drivers\point64.sys [x]
R3 risdxc;risdxc;c:\windows\System32\drivers\risdxc64.sys;c:\windows\SYSNATIVE\drivers\risdxc64.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe;c:\program files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\System32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 USBTINSP;TI-Nspire(TM) Handheld or TI Network Bridge Device Driver;c:\windows\System32\drivers\tinspusb.sys;c:\windows\SYSNATIVE\drivers\tinspusb.sys [x]
R3 VsEtwService120;Visual Studio ETW Event Collection Service;c:\program files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe;c:\program files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\System32\drivers\wdcsam64.sys;c:\windows\SYSNATIVE\drivers\wdcsam64.sys [x]
R4 CmRcService;Configuration Manager Remote Control;c:\windows\CCM\RemCtrl\CmRcService.exe;c:\windows\CCM\RemCtrl\CmRcService.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 atc;atc;c:\windows\system32\DRIVERS\atc.sys;c:\windows\SYSNATIVE\DRIVERS\atc.sys [x]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys;c:\windows\SYSNATIVE\DRIVERS\avc3.sys [x]
S0 bdprivmon;bdprivmon;c:\windows\system32\DRIVERS\bdprivmon.sys;c:\windows\SYSNATIVE\DRIVERS\bdprivmon.sys [x]
S0 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys;c:\windows\SYSNATIVE\DRIVERS\gzflt.sys [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 Ignis;Ignis Service;c:\windows\\SystemRoot\system32\DRIVERS\ignis.sys;c:\windows\\SystemRoot\system32\DRIVERS\ignis.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys;c:\windows\SYSNATIVE\DRIVERS\ApsHM64.sys [x]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [x]
S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys;c:\windows\SYSNATIVE\DRIVERS\bdvedisk.sys [x]
S1 bocomsafetyctrl;bocomsafetyctrl;c:\windows\system32\Drivers\bocomsafetyctrlx64.sys;c:\windows\SYSNATIVE\Drivers\bocomsafetyctrlx64.sys [x]
S1 epp;epp;c:\program files\EMSISOFT ANTI-MALWARE\epp.sys;c:\program files\EMSISOFT ANTI-MALWARE\epp.sys [x]
S2 a2AntiMalware;Emsisoft Protection Service;c:\program files\Emsisoft Anti-Malware\a2service.exe;c:\program files\Emsisoft Anti-Malware\a2service.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 AppVClient;Microsoft App-V Client;c:\program files\Microsoft Application Virtualization\Client\AppVClient.exe;c:\program files\Microsoft Application Virtualization\Client\AppVClient.exe [x]
S2 bdredline;Bitdefender RedLine Service;c:\program files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe;c:\program files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe [x]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]
S2 DevMgmtService;Bitdefender Device Management Service;c:\program files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe;c:\program files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe [x]
S2 IpOverUsbSvc;Windows Phone IP over USB Transport (IpOverUsbSvc);c:\program files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe;c:\program files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [x]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
S2 LPlatSvc;Lenovo Platform Service;c:\windows\system32\LPlatSvc.exe;c:\windows\SYSNATIVE\LPlatSvc.exe [x]
S2 ProductAgentService;Bitdefender Product Agent Service;c:\program files\Bitdefender Agent\ProductAgentService.exe;c:\program files\Bitdefender Agent\ProductAgentService.exe [x]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe;c:\windows\SYSNATIVE\SAsrv.exe [x]
S2 SEVPNCLIENT;SoftEther VPN Client;c:\users\LocalAdmin.R9KZHA4\AppData\Local\SoftEther VPN Client\vpnclient_x64.exe;c:\users\LocalAdmin.R9KZHA4\AppData\Local\SoftEther VPN Client\vpnclient_x64.exe [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender Security\updatesrv.exe;c:\program files\Bitdefender\Bitdefender Security\updatesrv.exe [x]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 AppvStrm;AppvStrm;c:\windows\system32\DRIVERS\appvStrm.sys;c:\windows\SYSNATIVE\DRIVERS\appvStrm.sys [x]
S3 AppvVemgr;AppvVemgr;c:\windows\system32\DRIVERS\AppvVemgr.sys;c:\windows\SYSNATIVE\DRIVERS\AppvVemgr.sys [x]
S3 AppvVfs;AppvVfs;c:\windows\system32\DRIVERS\AppvVfs.sys;c:\windows\SYSNATIVE\DRIVERS\AppvVfs.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 Neo_VPN;VPN Client Device Driver - VPN;c:\windows\system32\DRIVERS\Neo_VPN.sys;c:\windows\SYSNATIVE\DRIVERS\Neo_VPN.sys [x]
S3 NETwNe64;@oem129.inf,___ %NIC_Service_DispName_WIN8_64%;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;c:\windows\system32\DRIVERS\NETwew00.sys;c:\windows\SYSNATIVE\DRIVERS\NETwew00.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 WinRing0_1_2_0;WinRing0_1_2_0;d:\stuff\Stuff\RealTemp_370\WinRing0x64.sys;d:\stuff\Stuff\RealTemp_370\WinRing0x64.sys [x]
S3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\System32\drivers\WUDFRd.sys;c:\windows\SYSNATIVE\drivers\WUDFRd.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2017-02-22 22:34 2351920 ----a-w- c:\progra~1\MIF5BA~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2017-02-22 22:34 2351920 ----a-w- c:\progra~1\MIF5BA~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2017-02-22 22:34 2351920 ----a-w- c:\progra~1\MIF5BA~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-25 49056]
"SmartAudio"="c:\program files\CONEXANT\SAII\SACpl.exe" [2012-06-13 1647616]
"LenovoOptMouseUpdate"="c:\program files\Lenovo\HOTKEY\extapsup.exe" [2012-08-31 250976]
"TpShocks"="TpShocks.exe" [2013-02-12 382248]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-03-22 172016]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-03-22 399856]
"SoftEther VPN Client UI Helper"="c:\users\LocalAdmin.R9KZHA4\AppData\Local\SoftEther VPN Client\vpnclient_x64.exe" [2014-08-26 4352568]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2014-10-14 12697368]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-04-06 169768]
"Bdagent"="c:\program files\Bitdefender\Bitdefender Security\bdagent.exe" [2017-06-27 322312]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office15\ONBttnIE.dll/105
Trusted Zone: aeriagames.com
Trusted Zone: bankcomm.com\*
Trusted Zone: com.cn\*.95559
TCP: DhcpNameServer = 192.168.8.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\LocalAdmin.R9KZHA4\AppData\Roaming\Mozilla\Firefox\Profiles\dux96u9g.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com.au/|about

references
.
.
------- File Associations -------
.
inifile="%SystemRoot%\system32\NOTEPAD.EXE" %1
txtfile="%SystemRoot%\system32\NOTEPAD.EXE" %1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKU-Default-Run-AdobeBridge - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.DefaultCsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:b0,7e,5b,10,21,ac,ce,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Client\Packages\E47FFEF2-2E73-4D5F-AD58-6201064F4D7D\Versions\66B55E56-8C00-4961-9AD8-4580DE52C7E3\REGISTRY\MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@=hex(40001):56,4c,43,20,41,63,74,69,76,65,58,20,50,6c,75,67,69,6e,20,61,6e,64,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Client\Packages\E47FFEF2-2E73-4D5F-AD58-6201064F4D7D\Versions\66B55E56-8C00-4961-9AD8-4580DE52C7E3\REGISTRY\MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@=hex(40001):7b,00,45,00,32,00,33,00,46,00,45,00,39,00,43,00,36,00,2d,00,37,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Client\Packages\E47FFEF2-2E73-4D5F-AD58-6201064F4D7D\Versions\66B55E56-8C00-4961-9AD8-4580DE52C7E3\REGISTRY\MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@=hex(40001):56,4c,43,20,41,63,74,69,76,65,58,20,50,6c,75,67,69,6e,20,61,6e,64,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Client\Packages\E47FFEF2-2E73-4D5F-AD58-6201064F4D7D\Versions\66B55E56-8C00-4961-9AD8-4580DE52C7E3\REGISTRY\MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@=hex(40001):7b,00,39,00,42,00,45,00,33,00,31,00,38,00,32,00,32,00,2d,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Completion time: 2017-08-20 00:43:07
ComboFix-quarantined-files.txt 2017-08-19 14:43
.
Pre-Run: 59,958,001,664 bytes free
Post-Run: 59,812,265,984 bytes free
.
- - End Of File - - FBB4D5AED802EA01F929BE71FD59D694
A36C5E4F47E84449FF07ED3517B43A31

Broni · Aug 19, 2017

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

Double click to run it.
Make sure you checkmark Addition.txt box.
Press Scan button.
Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

Shinritox · Aug 24, 2017

Erm, after the scan. There were 2 note pads produced. However both note pads were empty.. So no logs where produced? Do I need to re download FRST/FRST64?

Shinritox · Aug 24, 2017

Jks it was protected by BitDefender under safefiles

Here is the log

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-07-2017
Ran by LocalAdmin (administrator) on R9KZHA4 (24-08-2017 19:40:55)
Running from C:\Users\LocalAdmin.R9KZHA4\Desktop
Loaded Profiles: LocalAdmin (Available Profiles: LocalAdmin & Administrator)
Platform: Windows 8 Enterprise (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\vsserv.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Lenovo.) C:\Windows\System32\LPlatSvc.exe
(Lenovo.) C:\Windows\System32\LPlatSvc.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Lenovo.) C:\Windows\System32\LPlatSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\extapsup.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Users\LocalAdmin.R9KZHA4\AppData\Local\SoftEther VPN Client\vpnclient_x64.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization\Client\AppVClient.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tposd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization\Client\AppVStreamingUX.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Bitdefender) C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe
(Microsoft Corporation) C:\Windows\CCM\CcmExec.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe
(uWebb Software) D:\Stuff\Stuff\RealTemp_370\RealTemp.exe
(Microsoft Corporation) C:\Windows\CCM\SCNotification.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\seccenter.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdwtxag.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Device Management\dmiface.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [LenovoOptMouseUpdate] => C:\Program Files\Lenovo\HOTKEY\extapsup.exe [250976 2012-08-31] (Lenovo Group Limited)
HKLM\...\Run: [TpShocks] => C:\WINDOWS\system32\TpShocks.exe [382248 2013-02-12] (Lenovo.)
HKLM\...\Run: [SoftEther VPN Client UI Helper] => C:\Users\LocalAdmin.R9KZHA4\AppData\Local\SoftEther VPN Client\vpnclient_x64.exe [4352568 2014-08-26] (SoftEther VPN Project at University of Tsukuba, Japan.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [12697368 2014-10-15] (Logitech Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe [322312 2017-06-27] (Bitdefender)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112408 2012-04-17] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
HKLM-x32\...\Run: [EsBOCOMUserTool] => C:\Program Files (x86)\BOCOM\USBkey 2G\USBkey 2G-WDC-OKey\bocom2g_wdc_mon.exe [436576 2016-07-18] ()
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1305087049-1155765426-3812204079-1008\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1058360 2017-08-02] ()
HKU\S-1-5-21-1305087049-1155765426-3812204079-1008\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9818328 2017-06-30] (Piriform Ltd)
HKU\S-1-5-21-1305087049-1155765426-3812204079-1008\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3062560 2017-07-18] (Valve Corporation)
HKU\S-1-5-21-1305087049-1155765426-3812204079-1008\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [405504 2012-07-26] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk [2014-08-26]
ShortcutTarget: SoftEther VPN Client Manager Startup.lnk -> C:\Users\LocalAdmin.R9KZHA4\AppData\Local\SoftEther VPN Client\vpncmgr_x64.exe (SoftEther VPN Project at University of Tsukuba, Japan.)
Startup: C:\Users\LocalAdmin.R9KZHA4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-03-14]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\LocalAdmin.R9KZHA4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-03-14]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\ZHA0003.STHELENA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-11-06]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\ZHA0003.STHELENA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SkyDrive Pro.lnk [2014-01-31]
ShortcutTarget: SkyDrive Pro.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVE.EXE (Microsoft Corporation)
GroupPolicy: Restriction <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.8.1
Tcpip\..\Interfaces\{819A0CA4-7F3E-4585-965D-23FBF31126E2}: [DhcpNameServer] 192.168.8.1
Tcpip\..\Interfaces\{9E9EECF4-F521-4B5A-A65D-1D7E336D18E2}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{EA7490DC-4EA0-42D1-9C4B-9CC00E01988B}: [DhcpNameServer] 192.168.8.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1305087049-1155765426-3812204079-1008\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1305087049-1155765426-3812204079-1008\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope https://google.com.au URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1305087049-1155765426-3812204079-1008 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1305087049-1155765426-3812204079-1008 -> {2BAB5131-8B83-25EC-225F-35591E27570B} URL = hxxp://www.bing.com/search?FORM=U220DF&PC=U220&q={searchTerms}&src=IE-SearchBox
BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2017-06-27] (Bitdefender)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2017-07-11] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2017-06-27] (Bitdefender)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2017-07-11] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-25] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-25] (Oracle Corporation)
BHO-x32: No Name -> {FB4F6285-4C32-49F2-950F-A5998F9CEC6C} -> No File
Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll [2017-06-27] (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll [2017-06-27] (Bitdefender)
Toolbar: HKU\.DEFAULT -> No Name - {5347542D-5636-006A-76A7-7A786E7484D7} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2017-04-05] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\LocalAdmin.R9KZHA4\AppData\Roaming\Mozilla\Firefox\Profiles\dux96u9g.default [2017-08-21]
FF Homepage: Mozilla\Firefox\Profiles\dux96u9g.default -> hxxps://www.google.com.au/
about

references
FF Extension: (Video DownloadHelper) - C:\Users\LocalAdmin.R9KZHA4\AppData\Roaming\Mozilla\Firefox\Profiles\dux96u9g.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-08-07]
FF HKLM\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff
FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff [2017-07-10]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext [2017-07-10] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [bdwtwe@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdwteff
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security\bdtbext
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-08-09] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-01-23] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-09] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @infosec.com.cn/npinfosec_infosec_netsign -> C:\Program Files (x86)\Infosec NetSign Plugins\npInfosecNetSign.dll [2014-02-19] ( )
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-05-16] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-05-02] (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-01-23] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1305087049-1155765426-3812204079-1008: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\LocalAdmin.R9KZHA4\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-12-02] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2017-05-16] (Microsoft Corporation)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\npInfosecNetSign.js [2013-05-17]

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\Default [2017-08-24]
CHR Extension: (No Name) - C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-07-30]
CHR Extension: (No Name) - C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-07-30]
CHR Extension: (No Name) - C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-07-30]
CHR Extension: (No Name) - C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-30]
CHR Extension: (Adblock Plus) - C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-07-30]
CHR Extension: (uBlock Origin) - C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-07-30]
CHR Extension: (Sword Art Online 09 - 1366x768) - C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\Default\Extensions\clildiljdjhiolnjmibacgkngbhmepck [2017-07-30]
CHR Extension: (No Name) - C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-07-30]
CHR Extension: (Bitdefender Wallet) - C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\Default\Extensions\gannpgaobkkhmpomoijebaigcapoeebl [2017-07-30]
CHR Extension: (No Name) - C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-07-30]
CHR Extension: (Arabic) - C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-08-04]
CHR Extension: (No Name) - C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj [2017-07-30]
CHR Extension: (Command & Conquer Tiberium Alliances) - C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgaeopgjojikeoiidmfaejkifhgjoooe [2017-07-30]
CHR Extension: (ChemReference: Periodic Table) - C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjpnebljmdbglkmlnijcaplhfhkhdnib [2017-07-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (No Name) - C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-07-30]
CHR Extension: (Chrome Media Router) - C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-09]
CHR Profile: C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\System Profile [2017-07-31]
CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [9039536 2017-07-31] (Emsisoft Ltd)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 AppVClient; C:\Program Files\Microsoft Application Virtualization\Client\AppVClient.exe [685208 2013-03-29] (Microsoft Corporation)
R2 bdredline; C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe [2127552 2017-06-29] (Bitdefender)
R2 CcmExec; C:\WINDOWS\CCM\CcmExec.exe [1785528 2016-06-20] (Microsoft Corporation)
S4 CmRcService; C:\WINDOWS\CCM\RemCtrl\CmRcService.exe [698552 2016-06-20] (Microsoft Corporation)
R2 DevMgmtService; C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe [103072 2017-06-27] (Bitdefender)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-19] (Microsoft Corporation) [File not signed]
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22744 2014-10-15] (Microsoft Corporation)
S3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50352 2016-05-31] (Microsoft Corporation)
R2 LPlatSvc; C:\WINDOWS\system32\LPlatSvc.exe [710144 2016-09-06] (Lenovo.)
S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50352 2016-05-31] (Microsoft Corporation)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2014-12-04] ()
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2012-07-31] (Hewlett-Packard) [File not signed]
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [3916368 2016-01-10] (INCA Internet Co., Ltd.)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2119688 2017-01-07] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2180624 2017-01-07] (Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [1450824 2017-08-02] (Overwolf LTD)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2012-07-31] (Hewlett-Packard) [File not signed]
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1269824 2017-06-21] (Bitdefender)
R2 SEVPNCLIENT; C:\Users\LocalAdmin.R9KZHA4\AppData\Local\SoftEther VPN Client\vpnclient_x64.exe [4352568 2014-08-26] (SoftEther VPN Project at University of Tsukuba, Japan.)
S3 smstsmgr; C:\WINDOWS\CCM\TSManager.exe [324792 2016-06-20] (Microsoft Corporation)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
R3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [23416 2017-06-09] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe [218416 2017-06-27] (Bitdefender)
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender Security\vsserv.exe [1421608 2017-06-30] (Bitdefender)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2015-07-07] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3820960 2014-12-04] (Intel® Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 atc; C:\WINDOWS\System32\DRIVERS\atc.sys [950160 2017-06-07] (BitDefender S.R.L. Bucharest, ROMANIA)
R0 avc3; C:\WINDOWS\System32\DRIVERS\avc3.sys [1612648 2017-04-19] (BitDefender)
S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [23672 2016-03-14] (Bitdefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [133088 2017-06-06] (BitDefender LLC)
R0 bdprivmon; C:\WINDOWS\System32\DRIVERS\bdprivmon.sys [47856 2017-05-11] (© Bitdefender SRL)
R1 BDVEDISK; C:\WINDOWS\system32\DRIVERS\bdvedisk.sys [87912 2015-12-04] (BitDefender)
R1 bocomsafetyctrl; C:\WINDOWS\system32\Drivers\bocomsafetyctrlx64.sys [36584 2015-10-08] (Bocom)
R1 epp; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [124552 2016-11-23] (Emsisoft Ltd)
S3 EvolveVirtualAdapter; C:\WINDOWS\system32\DRIVERS\evolve.sys [21656 2013-05-26] (Echobit, LLC)
R0 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [187688 2017-05-11] (BitDefender LLC)
S3 Hamachi; C:\WINDOWS\system32\DRIVERS\Hamdrv.sys [44296 2015-01-20] (LogMeIn Inc.)
R1 HBtnKey; C:\WINDOWS\system32\DRIVERS\wstbtndb.sys [17064 2010-06-28] (Lenovo)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [54736 2017-02-21] ()
S0 IFCoEMP; C:\WINDOWS\System32\drivers\ifM60x64.sys [388368 2011-11-30] (Intel(R) Corporation)
S0 IFCoEVB; C:\WINDOWS\System32\drivers\ifP60X64.sys [78096 2011-11-30] (Intel(R) Corporation)
R0 Ignis; C:\WINDOWS\system32\DRIVERS\ignis.sys [346704 2017-06-08] (Bitdefender)
S3 IntcDAud; C:\WINDOWS\system32\DRIVERS\IntcDAud.sys [342528 2012-06-19] (Intel(R) Corporation) [File not signed]
R3 Neo_VPN; C:\WINDOWS\system32\DRIVERS\Neo_VPN.sys [28768 2014-08-22] (SoftEther Project at University of Tsukuba, Japan.)
S3 Netaapl; C:\WINDOWS\system32\DRIVERS\netaapl64.sys [23040 2013-07-25] (Apple Inc.) [File not signed]
R3 NETwNe64; C:\WINDOWS\system32\DRIVERS\NETwew00.sys [3351520 2014-07-02] (Intel Corporation)
S3 nmwcdnsux64; C:\WINDOWS\system32\drivers\nmwcdnsux64.sys [171008 2011-08-17] (Nokia) [File not signed]
S3 prepdrvr; C:\WINDOWS\system32\DRIVERS\prepdrv.sys [26984 2012-11-21] (Microsoft Corporation)
S3 risdxc; C:\WINDOWS\System32\drivers\risdxc64.sys [105472 2012-07-04] (REDC) [File not signed]
R3 SensorsSimulatorDriver; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation)
R0 SmartDefragDriver; C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys [21360 2016-03-22] (IObit)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-10-17] (Synaptics Incorporated)
S3 taphss6; C:\WINDOWS\system32\DRIVERS\taphss6.sys [42184 2013-01-20] (Anchorfree Inc.)
U3 TrueSight; C:\Windows\System32\Drivers\TrueSight.sys [28272 2017-08-07] ()
R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [439576 2017-04-11] (BitDefender S.R.L.)
S3 USBTINSP; C:\WINDOWS\System32\drivers\tinspusb.sys [142848 2014-06-02] (Texas Instruments) [File not signed]
S3 vpnva; C:\WINDOWS\system32\DRIVERS\vpnva64-6.sys [52592 2016-08-12] (Cisco Systems, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [281944 2015-07-07] (Microsoft Corporation)
R3 WinRing0_1_2_0; D:\Stuff\Stuff\RealTemp_370\WinRing0x64.sys [14544 2016-11-02] (OpenLibSys.org)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-24 19:40 - 2017-08-24 19:41 - 00028914 _____ C:\Users\LocalAdmin.R9KZHA4\Desktop\FRST.txt
2017-08-24 18:39 - 2017-08-24 19:14 - 00000000 ____D C:\Users\LocalAdmin.R9KZHA4\Desktop\farbar recover 1
2017-08-20 00:58 - 2017-08-20 00:58 - 00035096 _____ C:\Users\LocalAdmin.R9KZHA4\Desktop\Combo fix log.txt
2017-08-20 00:43 - 2017-08-20 00:43 - 00035096 _____ C:\ComboFix.txt
2017-08-19 23:58 - 2011-06-26 16:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2017-08-19 23:58 - 2010-11-08 03:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2017-08-19 23:58 - 2009-04-20 14:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2017-08-19 23:58 - 2000-08-31 10:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2017-08-19 23:58 - 2000-08-31 10:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2017-08-19 23:58 - 2000-08-31 10:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2017-08-19 23:58 - 2000-08-31 10:00 - 00098816 _____ C:\WINDOWS\sed.exe
2017-08-19 23:58 - 2000-08-31 10:00 - 00080412 _____ C:\WINDOWS\grep.exe
2017-08-19 23:58 - 2000-08-31 10:00 - 00068096 _____ C:\WINDOWS\zip.exe
2017-08-19 23:45 - 2017-08-20 00:43 - 00000000 ____D C:\Qoobox
2017-08-19 23:42 - 2017-08-20 00:35 - 00000000 ____D C:\WINDOWS\erdnt
2017-08-19 23:35 - 2017-08-19 23:35 - 05659788 ____R (Swearware) C:\Users\LocalAdmin.R9KZHA4\Downloads\ComboFix.exe
2017-08-18 19:36 - 2017-08-18 21:03 - 00000000 ____D C:\ProgramData\ProductData
2017-08-18 16:32 - 2017-08-18 16:32 - 00000000 ____D C:\Users\LocalAdmin.R9KZHA4\AppData\Local\CrashDumps
2017-08-18 15:15 - 2017-08-18 15:15 - 05154856 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-08-18 01:32 - 2014-01-31 10:48 - 00485888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2017-08-18 01:32 - 2014-01-31 10:06 - 00599040 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2017-08-18 01:31 - 2014-02-01 16:55 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
2017-08-18 01:30 - 2014-02-04 09:56 - 00332632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-08-18 01:30 - 2014-02-04 09:56 - 00278872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-08-18 01:30 - 2014-01-27 13:39 - 01939288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-08-18 01:30 - 2014-01-03 09:35 - 00365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2017-08-18 01:30 - 2014-01-03 09:32 - 00523264 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2017-08-17 15:00 - 2014-06-18 09:27 - 01440256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2017-08-17 15:00 - 2014-06-18 09:24 - 01557504 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2017-08-11 21:57 - 2017-08-11 21:57 - 00001406 _____ C:\Users\LocalAdmin.R9KZHA4\Desktop\LoL Logs.zip
2017-08-09 19:54 - 2017-08-09 19:54 - 00000000 ____D C:\Users\LocalAdmin.R9KZHA4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2017-08-08 01:15 - 2017-08-08 01:15 - 00003634 _____ C:\Users\LocalAdmin.R9KZHA4\Desktop\JRT.txt
2017-08-08 00:24 - 2017-08-08 00:24 - 01790024 _____ (Malwarebytes) C:\Users\LocalAdmin.R9KZHA4\Downloads\JRT.exe
2017-08-07 23:37 - 2017-08-07 23:44 - 00000000 ____D C:\AdwCleaner
2017-08-07 23:35 - 2017-08-07 23:35 - 08185288 _____ (Malwarebytes) C:\Users\LocalAdmin.R9KZHA4\Downloads\AdwCleaner.exe
2017-08-07 12:43 - 2014-07-12 14:41 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRUM.DLL
2017-08-07 12:43 - 2014-07-12 14:41 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDYAK.DLL
2017-08-07 12:43 - 2014-07-12 14:41 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTAT.DLL
2017-08-07 12:43 - 2014-07-12 14:41 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU1.DLL
2017-08-07 12:43 - 2014-07-12 14:41 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU.DLL
2017-08-07 12:43 - 2014-07-12 14:41 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDBASH.DLL
2017-08-07 12:43 - 2014-07-12 14:16 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRUM.DLL
2017-08-07 12:43 - 2014-07-12 14:16 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDYAK.DLL
2017-08-07 12:43 - 2014-07-12 14:16 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDTAT.DLL
2017-08-07 12:43 - 2014-07-12 14:16 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRU1.DLL
2017-08-07 12:43 - 2014-07-12 14:16 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRU.DLL
2017-08-07 12:43 - 2014-07-12 14:15 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDBASH.DLL
2017-08-07 12:43 - 2014-07-12 10:02 - 00478352 _____ C:\WINDOWS\SysWOW64\locale.nls
2017-08-07 12:43 - 2014-07-12 10:00 - 00478352 _____ C:\WINDOWS\system32\locale.nls
2017-08-07 12:43 - 2014-07-09 08:33 - 00181248 _____ (Microsoft Corp.) C:\WINDOWS\system32\Defrag.exe
2017-08-07 12:43 - 2014-07-09 08:32 - 01539584 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2017-08-07 12:43 - 2014-07-09 08:32 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2017-08-07 12:43 - 2014-07-09 08:30 - 01220608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2017-08-07 12:43 - 2014-07-07 15:52 - 00263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-08-07 12:43 - 2014-07-07 15:52 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2017-08-07 12:43 - 2014-07-04 20:52 - 00328000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2017-08-07 12:43 - 2014-06-28 17:01 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2017-08-07 12:43 - 2014-06-28 16:56 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2017-08-07 12:43 - 2014-06-18 09:27 - 02032640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-08-07 12:43 - 2014-06-18 09:23 - 02238464 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2017-08-07 02:42 - 2017-08-07 15:23 - 00000000 ____D C:\ProgramData\RogueKiller
2017-08-07 02:42 - 2017-08-07 02:42 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-08-07 02:41 - 2017-08-24 19:37 - 00001033 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-08-07 02:41 - 2017-08-07 02:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-08-07 02:40 - 2017-08-07 02:41 - 00000000 ____D C:\Program Files\RogueKiller
2017-08-07 02:37 - 2017-08-07 02:37 - 00001095 _____ C:\Users\LocalAdmin.R9KZHA4\Desktop\Malwarebytes scan.txt
2017-08-07 02:34 - 2017-08-07 02:35 - 35667336 _____ (Adlice Software ) C:\Users\LocalAdmin.R9KZHA4\Downloads\RogueKiller_setup_ref3.exe
2017-08-07 02:20 - 2017-08-16 02:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-08-01 22:51 - 2017-08-01 22:51 - 00017193 _____ C:\Users\LocalAdmin.R9KZHA4\Downloads\7342fce4-d187-4dbc-bdff-6950bcf7fa58 (2).ics
2017-07-30 22:36 - 2017-08-24 19:40 - 00000000 ____D C:\FRST
2017-07-30 22:36 - 2017-07-30 22:36 - 02381312 _____ (Farbar) C:\Users\LocalAdmin.R9KZHA4\Desktop\FRST64.exe
2017-07-30 22:25 - 2017-07-30 22:25 - 01778176 _____ (Farbar) C:\Users\LocalAdmin.R9KZHA4\Downloads\FRST.exe
2017-07-28 13:29 - 2017-07-28 13:29 - 00129957 _____ C:\Users\LocalAdmin.R9KZHA4\Desktop\Screenshots.zip
2017-07-27 16:24 - 2017-07-27 16:24 - 00000000 ____D C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Tvsukernel
2017-07-27 16:18 - 2017-08-22 17:56 - 00031152 _____ C:\WINDOWS\system32\Drivers\pmxdrv.sys
2017-07-26 18:54 - 2017-07-26 18:54 - 00001805 _____ C:\Users\LocalAdmin.R9KZHA4\Desktop\Mesg to Broni.txt
2017-07-26 18:44 - 2017-07-26 18:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Lenovo
2017-07-26 18:44 - 2017-06-09 16:09 - 00002092 _____ C:\Users\LocalAdmin.R9KZHA4\AppData\Roaming\Microsoft\Windows\Start Menu\System Update Search.lnk
2017-07-26 18:44 - 2017-06-09 16:09 - 00002092 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\System Update Search.lnk
2017-07-26 18:44 - 2017-06-09 16:09 - 00002092 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\System Update Search.lnk
2017-07-26 18:42 - 2017-07-26 18:42 - 00000000 ____D C:\WINDOWS\net35
2017-07-26 17:53 - 2017-07-26 17:53 - 00001048 _____ C:\Users\LocalAdmin.R9KZHA4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\cmd.lnk
2017-07-26 16:40 - 2017-07-26 16:40 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 12.0
2017-07-26 11:02 - 2016-01-06 06:16 - 00826328 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-07-26 11:02 - 2016-01-06 06:16 - 00176088 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-07-26 10:50 - 2017-07-26 10:50 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2017-07-26 10:50 - 2017-07-26 10:50 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-07-25 21:58 - 2014-10-09 14:00 - 01519104 _____ (Microsoft Corporation) C:\WINDOWS\system32\vssapi.dll
2017-07-25 21:58 - 2014-10-09 14:00 - 01484288 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2017-07-25 21:58 - 2014-10-09 14:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\vsstrace.dll
2017-07-25 21:58 - 2014-10-09 13:59 - 01195520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vssapi.dll
2017-07-25 21:58 - 2014-10-09 13:59 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vsstrace.dll
2017-07-25 21:20 - 2017-08-17 19:07 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-07-25 20:26 - 2014-07-16 08:51 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2017-07-25 17:14 - 2014-04-17 04:20 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2017-07-25 17:14 - 2014-04-17 04:20 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-24 19:39 - 2016-11-11 22:54 - 00001315 _____ C:\Users\LocalAdmin.R9KZHA4\Desktop\nativelog.txt
2017-08-24 19:39 - 2012-07-26 15:26 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2017-08-24 19:36 - 2017-07-12 18:35 - 00000000 ____D C:\Program Files\Bitdefender Agent
2017-08-24 19:36 - 2015-12-28 21:15 - 00000000 ____D C:\Users\LocalAdmin.R9KZHA4\AppData\Roaming\.minecraft
2017-08-24 19:35 - 2013-11-17 18:40 - 00000000 ____D C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Windows Live
2017-08-24 19:08 - 2017-02-21 18:46 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2017-08-24 18:41 - 2012-07-26 17:28 - 00762136 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-08-24 18:41 - 2012-07-26 15:37 - 00000000 ____D C:\WINDOWS\Inf
2017-08-24 18:39 - 2013-03-18 16:06 - 00000639 _____ C:\WINDOWS\SMSCFG.INI
2017-08-24 18:38 - 2017-07-12 18:38 - 00003648 _____ C:\WINDOWS\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2017-08-24 18:37 - 2014-08-22 21:04 - 00000000 ____D C:\Users\LocalAdmin.R9KZHA4\AppData\Local\SoftEther VPN Client
2017-08-24 18:35 - 2012-07-26 17:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-08-24 01:43 - 2017-07-13 17:22 - 00034143 _____ C:\bdlog.txt
2017-08-23 21:25 - 2017-07-14 00:34 - 00832316 _____ C:\WINDOWS\ntbtlog.txt
2017-08-23 21:23 - 2012-07-26 15:26 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2017-08-23 15:18 - 2012-07-26 18:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2017-08-20 00:33 - 2012-07-26 15:26 - 00000215 _____ C:\WINDOWS\system.ini
2017-08-19 22:41 - 2014-08-08 08:54 - 00000000 ____D C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Packages
2017-08-19 22:12 - 2012-07-26 18:12 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-08-18 21:19 - 2012-07-26 17:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-08-18 19:48 - 2016-04-03 15:10 - 00000000 ____D C:\WINDOWS\rescache
2017-08-18 17:43 - 2013-05-31 14:40 - 00000000 ____D C:\Users\LocalAdmin.R9KZHA4\AppData\Local\ElevatedDiagnostics
2017-08-18 02:34 - 2012-07-26 18:12 - 00000000 ____D C:\Program Files\Windows Defender
2017-08-18 02:34 - 2012-07-26 15:38 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2017-08-18 02:33 - 2012-07-26 18:12 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-08-18 02:33 - 2012-07-26 18:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-08-18 02:32 - 2012-07-26 18:12 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2017-08-18 00:47 - 2013-04-30 19:30 - 00002982 _____ C:\WINDOWS\System32\Tasks\Synaptics TouchPad Enhancements
2017-08-17 23:40 - 2013-03-18 16:33 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-08-17 18:45 - 2013-03-18 19:11 - 140394280 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-08-17 18:36 - 2012-07-26 15:26 - 00000167 _____ C:\WINDOWS\win.ini
2017-08-17 16:22 - 2012-07-26 18:12 - 00000000 ___HD C:\Program Files\WindowsApps
2017-08-17 15:17 - 2013-05-01 16:28 - 00002201 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-13 15:15 - 2013-03-18 16:08 - 00000000 ____D C:\WINDOWS\CCM
2017-08-09 19:54 - 2016-07-01 19:09 - 00000000 ____D C:\Users\LocalAdmin.R9KZHA4\AppData\Roaming\discord
2017-08-09 19:54 - 2016-07-01 19:07 - 00000000 ____D C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Discord
2017-08-09 16:20 - 2017-05-08 21:40 - 00004324 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-08-09 16:20 - 2017-04-03 14:27 - 00004482 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-08-09 16:19 - 2012-07-26 18:12 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-08-09 16:19 - 2012-07-26 18:12 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-08-09 15:16 - 2015-12-06 17:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-08-07 22:06 - 2016-11-10 20:59 - 00000000 ____D C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Battle.net
2017-08-07 21:48 - 2017-01-15 15:20 - 00000000 ____D C:\Program Files (x86)\Overwolf
2017-08-07 21:48 - 2017-01-15 15:07 - 00000000 ____D C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Overwolf
2017-08-07 21:43 - 2016-11-10 20:42 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-08-07 02:36 - 2017-04-20 16:56 - 00251840 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-08-06 08:38 - 2017-07-14 00:36 - 00000000 ____D C:\Program Files (x86)\Steam
2017-08-03 02:21 - 2014-08-08 08:54 - 00000000 ____D C:\Users\LocalAdmin.R9KZHA4\AppData\Roaming\Adobe
2017-08-03 02:21 - 2014-08-08 08:54 - 00000000 ____D C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Adobe
2017-08-01 15:34 - 2013-05-01 17:07 - 00000000 ____D C:\Users\LocalAdmin.R9KZHA4\AppData\Roaming\Skype
2017-07-27 16:19 - 2012-07-26 18:12 - 00000000 ____D C:\WINDOWS\AppCompat
2017-07-27 16:14 - 2014-12-13 12:04 - 00000000 ____D C:\ProgramData\Lenovo
2017-07-26 18:44 - 2016-09-01 11:50 - 00000000 ____D C:\WINDOWS\System32\Tasks\TVT
2017-07-26 18:42 - 2013-04-30 19:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2017-07-26 18:42 - 2013-04-30 19:26 - 00000000 ____D C:\Program Files (x86)\Lenovo
2017-07-26 16:49 - 2013-03-18 19:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-07-26 16:49 - 2013-03-18 19:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-07-26 16:44 - 2013-03-18 19:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-07-26 16:40 - 2013-03-18 18:11 - 00000000 ____D C:\ProgramData\Package Cache
2017-07-26 11:03 - 2012-07-26 15:37 - 00000000 ____D C:\WINDOWS\servicing
2017-07-26 10:53 - 2012-07-26 18:12 - 00000000 ___RD C:\WINDOWS\ToastData
2017-07-26 10:52 - 2012-07-26 18:12 - 00000000 ____D C:\WINDOWS\WinStore
2017-07-26 10:52 - 2012-07-26 15:38 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-07-26 10:51 - 2012-07-26 18:12 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-07-26 10:51 - 2012-07-26 18:12 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-07-26 10:51 - 2012-07-26 15:38 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-07-26 10:51 - 2012-07-26 15:38 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-07-26 10:47 - 2012-07-26 17:53 - 00000000 ____D C:\Program Files\Windows Journal
2017-07-25 22:02 - 2013-03-18 18:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Application Virtualization Client

==================== Files in the root of some directories =======

2013-07-22 19:19 - 2014-07-08 12:08 - 0000915 _____ () C:\Users\LocalAdmin.R9KZHA4\AppData\Roaming\coreavc.ini
2014-05-20 21:20 - 2014-05-20 21:20 - 0000000 _____ () C:\Users\LocalAdmin.R9KZHA4\AppData\Roaming\Microsoft\102.tmp
2013-09-21 23:30 - 2013-09-21 23:30 - 0000000 _____ () C:\Users\LocalAdmin.R9KZHA4\AppData\Roaming\Microsoft\E8D7.tmp
2013-07-21 12:04 - 2013-07-21 12:25 - 0010752 _____ () C:\Users\LocalAdmin.R9KZHA4\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-03-22 23:01 - 2017-05-09 09:53 - 0000600 _____ () C:\Users\LocalAdmin.R9KZHA4\AppData\Local\PUTTY.RND
2016-07-18 18:39 - 2016-07-18 18:39 - 5117952 _____ () C:\Users\LocalAdmin.R9KZHA4\AppData\Local\ResPacketT.dll
2015-01-15 21:11 - 2015-01-15 21:11 - 0000000 _____ () C:\Users\LocalAdmin.R9KZHA4\AppData\Local\{EAC3C051-5B65-4BB6-8603-125156EC2D87}
2017-07-12 18:36 - 2017-07-12 18:36 - 0051124 _____ () C:\ProgramData\agent.1499848547.bdinstall.bin
2017-07-12 19:32 - 2017-07-12 19:32 - 0480136 _____ () C:\ProgramData\cl.1499849406.bdinstall.bin
2017-07-12 19:32 - 2017-07-12 19:32 - 0074895 _____ () C:\ProgramData\cl.kit.1499849373.bdinstall.bin
2017-07-12 19:35 - 2017-07-12 19:35 - 0057154 _____ () C:\ProgramData\dm.1499852042.bdinstall.bin

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-08-23 17:27

==================== End of FRST.txt ============================

Shinritox · Aug 24, 2017

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-07-2017
Ran by LocalAdmin (24-08-2017 19:45:07)
Running from C:\Users\LocalAdmin.R9KZHA4\Desktop
Windows 8 Enterprise (X64) (2013-04-30 09:20:49)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1305087049-1155765426-3812204079-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-1305087049-1155765426-3812204079-501 - Limited - Disabled)
LocalAdmin (S-1-5-21-1305087049-1155765426-3812204079-1008 - Administrator - Enabled) => C:\Users\LocalAdmin.R9KZHA4

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Antispyware (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {078AF241-05A3-0EFF-40E0-3E0D69EA140A}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (HKLM\...\{3138F992-045B-4F55-825C-53B231E647CA}) (Version: 13.2.1 - Hewlett-Packard) Hidden
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Adobe Flash Player 26 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application Insights Tools for Visual Studio 2013 (HKLM-x32\...\{05F508E8-2DC6-4B12-B6A9-51000536216A}) (Version: 2.4 - Microsoft Corporation) Hidden
ASIO4ALL (HKLM\...\{B5ADD9A7-8B19-463A-BDDF-337E7C8AE874}) (Version: 1.00 - ASIO4ALL)
AutoHotkey 1.1.21.02 (HKLM\...\AutoHotkey) (Version: 1.1.21.02 - Lexikos)
AzureTools.Notifications (HKLM-x32\...\{3FBFCF2C-392A-4632-9442-14C305B44D5E}) (Version: 2.1.10731.1602 - Microsoft Corporation) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Behaviors SDK (Windows Phone) for Visual Studio 2013 (HKLM-x32\...\{594DB57D-58D1-4AA3-AE6C-BF99484F52F8}) (Version: 12.0.50716.0 - Microsoft Corporation) Hidden
Behaviors SDK (Windows) for Visual Studio 2013 (HKLM-x32\...\{28C7344F-E894-4CF5-8D05-EDC7ED71796C}) (Version: 12.0.50429.0 - Microsoft Corporation) Hidden
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 21.0.25.59 - Bitdefender)
Bitdefender Device Management (HKLM\...\Bitdefender Device Management) (Version: 22.0.8.114 - Bitdefender)
Bitdefender Total Security (HKLM\...\Bitdefender) (Version: 22.0.8.114 - Bitdefender)
Blend for Visual Studio 2013 (HKLM-x32\...\{EBC890A6-DE7C-44B4-AA03-119B6190D3E1}) (Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 ENU resources (HKLM-x32\...\{9ED1634C-4E71-4992-A1BA-7C4BE6EE39E1}) (Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (HKLM-x32\...\{37E53780-3944-4A6A-842F-727128E8616E}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (HKLM-x32\...\{0C03A66F-1FF0-45F9-8D67-0D806EBFFBA1}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
BOCOM Internet Banking Wizard (HKLM\...\{555E6E90-B41D-4D76-AD8C-8B93B00A879D}) (Version: 2.2.1.1 - Bank of Communications)
BOCOM USBKey 2G (WDC) (HKLM-x32\...\{B9FE89EB-1DA9-41da-AE35-4DD1892A4F16}) (Version: 2.0.0.3 - Bank of Communications)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build Tools - amd64 (HKLM\...\{CC1F74DF-058F-406C-BC7D-F14D6E5F7CBD}) (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools - x86 (HKLM-x32\...\{B255880F-8C5E-4FAF-8F9C-7DBA635B2615}) (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (HKLM\...\{E43BBAEB-4914-44C6-88C0-E7A1DBD20A91}) (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (HKLM-x32\...\{D37FDF2F-8766-4BDF-A0E3-A60BDBB630ED}) (Version: 12.0.31101 - Microsoft Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.32 - Piriform)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.3.02039 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\{C4118EEB-7ABD-4E9B-9EB0-D18E7DA898A4}) (Version: 4.3.02039 - Cisco Systems, Inc.) Hidden
Community Clips from Microsoft Office Labs (HKLM-x32\...\{87F54A80-158E-436C-9B09-FFFD27F81BD4}) (Version: 1.0.0 - Microsoft)
Conexant 20672 SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.43.0 - Conexant)
Configuration Manager Client (HKLM\...\{3604F63C-04E2-4F0C-8092-FEC078D08ACB}) (Version: 5.00.8412.1000 - Microsoft Corporation) Hidden
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve)
CS6 Master Collection x64 (HKLM\...\{38D48535-863D-47F7-BCD3-4E15520B1142}) (Version: 1.2.0000 - Adobe Systems Incorporated) Hidden
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
CutePDF Writer (HKLM\...\{0BE0F9DB-4A6C-4102-AECC-B6CCA0408A62}) (Version: 3.0 - CutePDF)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Discord (HKU\S-1-5-21-1305087049-1155765426-3812204079-1008\...\Discord) (Version: 0.0.298 - Discord Inc.)
Dotfuscator and Analytics Community Edition (HKLM-x32\...\{2386192E-D6DB-4AD2-9564-65586A0AE53E}) (Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
Emsisoft Anti-Malware (HKLM\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 2017.1 - Emsisoft Ltd.)
Entity Framework 6.1.1 Tools for Visual Studio 2013 (HKLM-x32\...\{85253F13-EE42-4850-A3A5-79B90E92D7AC}) (Version: 12.0.30610.0 - Microsoft Corporation)
Folder Size 3.4.0.0 (HKLM-x32\...\{2DFA85ED-588F-4CE3-A175-29E52C3804A8}_is1) (Version: 3.4.0.0 - MindGems, Inc.)
Golf With Your Friends (HKLM\...\Steam App 431240) (Version: - Blacklight Interactive®)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.101 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.)
Hearthstone Deck Tracker (HKU\S-1-5-21-1305087049-1155765426-3812204079-1008\...\HearthstoneDeckTracker) (Version: 1.1.6 - HearthSim)
Hextech Repair Tool (HKLM-x32\...\{7F9A97E6-E666-11E5-B582-B88687E82322}) (Version: 1.0.16 - Riot Games, Inc.)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.15.281 - SurfRight B.V.)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version: - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version: - )
Infosec NetSign Plugins (HKLM-x32\...\infosec_netsign) (Version: - )
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.1.50.1172 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3062 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{a9888f41-68ae-43df-bd7d-d93405a44106}) (Version: 17.13.11 - Intel Corporation)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.670 - Oracle)
Killing Floor (HKLM\...\Steam App 1250) (Version: - Tripwire Interactive)
Kit SDK de vérification de Visual Studio 2012 - fra (HKLM-x32\...\{8A3862F9-F587-3DFA-AAFC-C1F0E116F05C}) (Version: 12.0.30501 - Microsoft Corporation) Hidden
LanSchool Student (HKLM-x32\...\{111D988D-FCA1-4BD4-802E-D3EB12500A20}) (Version: 7.8.2.1 - LanSchool Technologies LLC) Hidden
LanSchool Student (HKLM-x32\...\{2D969FA5-44C9-425C-8D74-93DAD88F6C6F}) (Version: 7.7.3.34 - LanSchool Technologies LLC) Hidden
LanSchool Student (HKLM-x32\...\{B8BDBBA1-2CA0-4551-B2B7-A8DB6105E49E}) (Version: 8.0.0.15 - LanSchool Technologies LLC) Hidden
LanSchool Student (HKLM-x32\...\{BBBA087E-6216-496D-97D0-A224B854541F}) (Version: 7.8.1.100 - LanSchool Technologies LLC) Hidden
LanSchool Student (HKLM-x32\...\{BF07F612-D59E-4EB4-99CD-C4FFB6D979C3}) (Version: 7.7.4.17 - LanSchool Technologies LLC) Hidden
LanSchool Student (HKLM-x32\...\{EE539AED-5222-4D44-949F-FA1813910F4C}) (Version: 7.8.0.59 - LanSchool Technologies LLC) Hidden
LanSchool Student (HKLM-x32\...\{F522A5CA-2939-4E8C-AC53-60AF419FC782}) (Version: 7.7.2.17 - LanSchool Technologies LLC) Hidden
LanSchool Student (HKLM-x32\...\Student) (Version: 8.0.0.15 - Stoneware)
League of Legends (HKLM-x32\...\{216B0AF1-3137-4E03-9C02-F5132550A268}) (Version: 3.0.1 - Riot Games) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
Learning Tools for OneNote x86 (HKLM-x32\...\{7B64D9BF-272F-4D75-986D-82EC9CEE2582}) (Version: 0.2.0.0 - Microsoft Corporation)
LEGO MINDSTORMS NXT Driver for x64 (HKLM\...\{54B94792-8FD4-460E-998E-3F8A8598AC02}) (Version: 1.16.769 - LEGO)
Lenovo Patch Utility (HKLM-x32\...\{AD32F5E9-6BDD-480A-8B7B-95571D04691C}) (Version: 1.3.1.1 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{ABE4638D-D208-4061-9F26-E3E11E3A1E0C}) (Version: 1.3.1.1 - Lenovo Group Limited)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.12.16 - Lenovo) Hidden
Lenovo System Update (HKLM-x32\...\TVSU_is1) (Version: 5.07.0059 - Lenovo)
LocalESPC (HKLM-x32\...\{62910715-63E3-0AB0-0B29-99140DE1C15E}) (Version: 8.59.29989 - Microsoft Corporation) Hidden
LocalESPC Dev12 (HKLM-x32\...\{492498A3-F88C-FE2F-755C-9B1B91724CA5}) (Version: 8.100.25984 - Microsoft Corporation) Hidden
LocalESPCui for en-us Dev12 (HKLM-x32\...\{B1C38F27-D377-8C98-D98D-29B67C0B978D}) (Version: 8.100.25984 - Microsoft) Hidden
Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
MediaHuman YouTube Downloader version 3.9.8.3 (HKLM-x32\...\MediaHuman YouTube Downloader_is1) (Version: 3.9.8.3 - )
Memory Profiler (HKLM-x32\...\{54F76D6C-0EC3-43D9-8BCC-73E31AB0BF06}) (Version: 12.0.31101 - Microsoft Corporation) Hidden
Memory Profiler (HKLM-x32\...\{A88AEB8B-A6C5-41BC-8F71-F704DD1E0D00}) (Version: 12.0.31101 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft Application Virtualization (App-V) Client 5.0 (HKLM-x32\...\{e29aab84-bbc1-42ba-a342-2ce63e63b1bb}) (Version: 5.0.285.0 - Microsoft Corporation)
Microsoft Application Virtualization (App-V) Client 5.0 Service Pack 1 x64 (HKLM\...\{FD8A2518-A9D7-449E-ADA0-33F2F7FA83AA}) (Version: 5.0.1104.0 - Microsoft Corporation)
Microsoft Application Virtualization Client en-US Language Pack x64 (HKLM\...\{DB175F28-FD1E-4C26-A073-8264FC77103F}) (Version: 5.0.1104.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office 屏幕提示语言 2013 - 简体中文 (HKLM-x32\...\{90150000-00BD-0804-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office 校对工具 2013 - 简体中文 (HKLM-x32\...\{90150000-001F-0804-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{4E968D9C-21A7-4915-B698-F7AEB913541D}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.41012.0) (HKLM-x32\...\{AC8E0CF4-42A1-4151-B684-97CF6FD726CF}) (Version: 12.0.41012.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{8C06D6DB-A391-4686-B050-99CC522A7843}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{4AEB505C-95E1-4964-9B64-8D27F3186D30}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Visio Professional 2013 (HKLM-x32\...\Office15.VISPRO) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual Basic 2010 Express - ENU (HKLM-x32\...\Microsoft Visual Basic 2010 Express - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C# 2010 Express - ENU (HKLM-x32\...\Microsoft Visual C# 2010 Express - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710F4C1C-CC18-4C49-8CBF-51240C89A1A2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071C9B48-7C32-4621-A0AC-3F809523288F}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 (HKLM\...\{94D70749-4281-39AC-AD90-B56A0E0A402E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Community 2013 with Update 4 (HKLM-x32\...\{96a8b90c-0a91-4e76-ab34-730c23923d11}) (Version: 12.0.31101 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{69A998C5-00A9-42CA-AB4E-C31CFFCD9251}) (Version: 3.1237.1763 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft XNA Game Studio 4.0 (HKLM-x32\...\XNA Game Studio 4.0) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft XNA Game Studio Platform Tools (HKLM-x32\...\{0666E46E-A860-4353-BE6D-13AA72FABB57}) (Version: 1.3.0.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Movie Maker (HKLM-x32\...\{5BABDA39-61CF-41EE-992D-4054B6649A9B}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{ED6C77F9-4D7E-447C-9EC0-9A212D075535}) (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 43.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Mumble 1.2.9 (HKLM-x32\...\{49FF1E6E-E0F9-4CB3-8B3C-D4E8E1D32C1F}) (Version: 1.2.9 - Thorvald Natvig)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version: - NCSOFT)
NVIDIA PhysX (HKLM-x32\...\{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}) (Version: 9.09.1112 - NVIDIA Corporation)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.67.10 - )
Origin (HKLM-x32\...\Origin) (Version: 9.11.2.10120 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.106.20.0 - Overwolf Ltd.)
PaperCut MF Client (HKLM-x32\...\{5A63F6A1-9045-11E2-A47C-0024E808B313}) (Version: 13.1.0 - PaperCut Software International Pty Ltd)
Path of Exile (HKLM\...\Steam App 238960) (Version: - Grinding Gear Games)
PowreShellIntegration.Notifications (HKLM-x32\...\{ED8DFB38-C87B-42B3-A33E-B20DF935C055}) (Version: 2.5.21003.1603 - Microsoft Corporation) Hidden
PreEmptive Analytics Visual Studio Components (HKLM-x32\...\{943F3FB1-3F9C-4FB7-A4E2-6D53617068C3}) (Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
PuTTY release 0.68 (HKLM-x32\...\{55717628-7AE6-4BCF-A046-FA2768945E76}) (Version: 0.68.0.0 - Simon Tatham)
Python Tools Redirection Template (HKLM-x32\...\{2881CFB4-71F9-40C7-8228-6395117C0EDA}) (Version: 1.3 - Microsoft Corporation) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.36.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.36.0 - Renesas Electronics Corporation)
RICOH_Media_Driver_v2.22.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.22.18.01 - RICOH)
RogueKiller version 12.11.9.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.9.0 - Adlice Software)
SDK de comprobación de Visual Studio 2012 - esn (HKLM-x32\...\{90EF884E-5253-324C-9C11-63C9DA16BF0C}) (Version: 12.0.30501 - Microsoft Corporation) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0051-0000-0000-0000000FF1CE}_Office15.VISPRO_{8D2E04ED-3350-4ECE-9D6E-3BC9A9A93A47}) (Version: - Microsoft)
Service Pack 1 for SQL Server 2008 (KB968369) (64-bit) (HKLM\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation)
Skype™ 7.36 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.36.101 - Skype Technologies S.A.)
Smart Defrag 5 (HKLM-x32\...\Smart Defrag_is1) (Version: 5.5.0 - IObit)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 2.21.3182.1 - Hi-Rez Studios)
SoftEther VPN Client (HKLM\...\softether_sevpnclient) (Version: 4.10.9473 - SoftEther VPN Project)
SoftEther VPN Client Manager (HKLM\...\softether_sevpncmgr) (Version: 4.17.9562 - SoftEther VPN Project)
Sql Server Customer Experience Improvement Program (HKLM\...\{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}) (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Team Explorer for Microsoft Visual Studio 2013 (HKLM-x32\...\{C9E7751E-88ED-36CF-B610-71A1D262E906}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Tencent QQ (HKLM-x32\...\{3CA54984-A14B-42FE-9FF1-7EA90151D725}) (Version: 1.75.2871.0 - Tencent Technology (Shenzhen) Company Limited)
Terraria (HKLM\...\Steam App 105600) (Version: - Re-Logic)
ThinkPad Tablet Button Driver (HKLM-x32\...\{26903C89-780A-463E-8CBD-E47A73927254}) (Version: 1.06 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.77.0.11 - Lenovo)
TI-Nspire™ CAS Student Software (HKLM-x32\...\{F03A8756-7FCB-4DCD-9AC1-12C63A6075F1}) (Version: 3.9.0.463 - Texas Instruments Inc.)
TypeScript Power Tool (HKLM-x32\...\{6098D454-CB7B-44C2-8615-D869FD9655C7}) (Version: 1.0.5.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2013 (HKLM-x32\...\{0E4A9B1A-12D2-4827-BE61-44DBD72797FB}) (Version: 1.0.5.0 - Microsoft Corporation) Hidden
Unity Web Player (HKU\S-1-5-21-1305087049-1155765426-3812204079-1008\...\UnityWebPlayer) (Version: 5.3.0f3 - Unity Technologies ApS)
Update for Japanese Microsoft IME Standard Dictionary (HKLM-x32\...\{E75B82FD-B6FD-4653-8685-F3A97BDFEA6E}) (Version: 15.0.2013 - Microsoft Corporation)
Update for Japanese Microsoft IME Standard Extended Dictionary (HKLM-x32\...\{01E87699-A49D-413A-B75B-7C434FEF979C}) (Version: 15.0.2013 - Microsoft Corporation)
Update for Skype for Business 2015 (KB4011046) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{4948A05E-E21F-4A6F-BF2A-7D106E339C9B}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4011046) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{4948A05E-E21F-4A6F-BF2A-7D106E339C9B}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4011046) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.VISPRO_{4948A05E-E21F-4A6F-BF2A-7D106E339C9B}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4011046) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{4948A05E-E21F-4A6F-BF2A-7D106E339C9B}) (Version: - Microsoft)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
Visual Studio 2013 Update 4 (KB2829760) (HKLM-x32\...\{53d408db-eb91-43fb-9d8f-167681c19763}) (Version: 12.0.31101 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VS Update core components (HKLM-x32\...\{9F7DE660-6BFE-3BA2-A93D-4F13BD13E10B}) (Version: 12.0.31101 - Microsoft Corporation) Hidden
WCF Data Services 5.6.0 Runtime (HKLM-x32\...\{46910786-E4AC-41E4-A4A0-C086EA85242D}) (Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 (HKLM-x32\...\{BF3E2194-F89B-44FB-A801-464BF787599F}) (Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (12/06/2010 4.0.0000.00000) (HKLM\...\30B2813B1F17EF6D99360A190E7F0D3BA2F0DC3C) (Version: 12/06/2010 4.0.0000.00000 - Google, Inc.)
Windows Firewall Configuration Provider (HKLM\...\{109A5A16-E09E-4B82-A784-D1780F1190D6}) (Version: 1.2.3412.0 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - )
Пакет Visual Studio 2012 Verification SDK - rus (HKLM-x32\...\{977CABC5-7B4B-3AE4-8E1B-56C673C1D638}) (Version: 12.0.30501 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => -> No File
ContextMenuHandlers1: [BDFVCtxMenuExt] -> {9E96C1F5-0EFA-4348-9460-15D6802C70AA} => C:\Program Files\Bitdefender\Bitdefender Security\bdfvsctx.dll [2017-06-27] (Bitdefender)
ContextMenuHandlers1: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2016-03-25] (IObit)
ContextMenuHandlers2: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => -> No File
ContextMenuHandlers2-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2contmenu.dll [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers2-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers3-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2contmenu.dll [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers3-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers3-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-01-20] (Malwarebytes)
ContextMenuHandlers4: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => -> No File
ContextMenuHandlers4: [BDFVCtxMenuExt] -> {9E96C1F5-0EFA-4348-9460-15D6802C70AA} => C:\Program Files\Bitdefender\Bitdefender Security\bdfvsctx.dll [2017-06-27] (Bitdefender)
ContextMenuHandlers5: [BDFVCtxMenuExt] -> {9E96C1F5-0EFA-4348-9460-15D6802C70AA} => C:\Program Files\Bitdefender\Bitdefender Security\bdfvsctx.dll [2017-06-27] (Bitdefender)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2013-03-08] (Intel Corporation)
ContextMenuHandlers6: [BDFVCtxMenuExt] -> {9E96C1F5-0EFA-4348-9460-15D6802C70AA} => C:\Program Files\Bitdefender\Bitdefender Security\bdfvsctx.dll [2017-06-27] (Bitdefender)
ContextMenuHandlers6-x32: [Emsisoft Shell Extension] -> {AB77609F-2178-4E6F-9C4B-44AC179D937A} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2contmenu.dll [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers6-x32: [Emsisoft Shell Extension x64] -> {E3F21FC7-6D65-48E7-B62B-E9ED8200C764} => C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\A2CONTMENU64.DLL [2015-10-21] (Emsisoft Ltd)
ContextMenuHandlers6-x32: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-01-20] (Malwarebytes)
ContextMenuHandlers6-x32: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\WINDOWS\System32\IObitSmartDefragExtension.dll [2016-03-25] (IObit)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {070345BD-D4D8-4BD8-993A-B4EF736522EF} - System32\Tasks\PPSProtect => D:\PPS.tv\PPStream\PPSProtect.exe
Task: {07FAA084-52EE-42D7-A010-AF2F85F97BB4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {0C621E75-D799-41C0-BDF9-58B4DEAC5B3C} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_151_pepper.exe [2017-08-09] (Adobe Systems Incorporated)
Task: {1194A89D-4F8A-41D1-9B57-3EABC01D7EB8} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {12C48BA5-BCDB-4B47-A315-D782496A9A89} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {15E520DA-A86A-470B-986D-3BA3468C9E8D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {18DB9D05-D04A-440B-95EF-433F225DFC2E} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2017-06-09] ()
Task: {2670088A-F938-473A-A64E-B497B28AEED1} - System32\Tasks\SmartDefrag_Update => C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe [2017-02-17] (IObit)
Task: {4B571E91-5E7D-4D17-BE09-968936B547E2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {54AEB48C-9034-4BE8-9822-00EA6CE29C3E} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {58300691-0EBF-4474-A0A0-9C9344E0A2A1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-06-30] (Piriform Ltd)
Task: {5C295BCE-DA3E-4EC8-B8CE-E76921484421} - System32\Tasks\AuditConsoleUsers => powershell -executionpolicy unrestricted -file "\\dc3\netLOGON\LoggedInUsers.ps1"
Task: {5DB66385-3B2A-46AC-A810-7E203EEF96EF} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Health Evaluation => C:\WINDOWS\CCM\ccmeval.exe [2016-06-20] (Microsoft Corporation)
Task: {5EF20575-EF71-4DFF-BAAF-F02C69E0842D} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {874EB768-CB86-4854-AC4E-3BEEF2696A09} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {9897AAF5-B79C-4186-8C9D-27BFC77725C7} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-08-09] (Adobe Systems Incorporated)
Task: {A3F76E6C-1A39-4D9D-9B7A-7186B4F536A6} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {AB6EFF4B-D70A-427A-A578-BA8FE455B8FE} - System32\Tasks\{FEDC1B20-9D63-4A8A-9E44-E7E6D5D412F0} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\Origin Games\Battlefield 3\pbsvc.exe" -c -u
Task: {AEA42174-447E-4521-8910-16AC4F62197B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {B36CE4C9-249F-4995-B68B-A66A57B5623E} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Maintenance
Task: {BB9A93B0-AEE5-4776-8790-9BAC68A18754} - \ASC10_SkipUac_LocalAdmin -> No File <==== ATTENTION
Task: {BD58BF89-5171-4F75-81A9-232AC1F6287C} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA}
Task: {C340E31A-E588-41FC-B44C-8569D3D383D5} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2017-06-21] (Bitdefender)
Task: {C7DFDE2D-8CDB-4B14-A5A7-96CE61AECDCA} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2017-08-02] (Overwolf LTD)
Task: {CC531BF3-FEA5-4C54-8839-A5BCE5692187} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Idle Detection
Task: {D7376E63-C306-48D0-83E8-E933CB73700C} - System32\Tasks\MobProtect => D:\PPS.tv\PPStream\PPSProtect.exe
Task: {DB95D790-D4DD-4A3A-9FD4-044A4452C57D} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {E194ED8D-2D81-42A2-A356-44628CD9A2FD} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {F357F6A0-57A2-4284-83B5-F692BF27CD32} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2017-06-09] ()
Task: {FB53D741-0731-421C-9AE5-81331D6AF18F} - System32\Tasks\SmartDefrag_AutoAnalyze => C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe [2016-06-06] (IObit)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\LocalAdmin.R9KZHA4\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_ahfgeienlihckogmohjhadlkjgocpleb\Web Store.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=ahfgeienlihckogmohjhadlkjgocpleb

==================== Loaded Modules (Whitelisted) ==============

2017-07-12 19:29 - 2013-09-03 14:29 - 00111832 _____ () C:\Program Files\Bitdefender\Bitdefender Security\bdmetrics.dll
2017-07-12 19:29 - 2017-02-07 12:34 - 01008448 _____ () C:\Program Files\Bitdefender\Bitdefender Security\otengines_001_001\ashttpbr.mdl
2017-07-12 19:29 - 2017-02-07 12:34 - 00541952 _____ () C:\Program Files\Bitdefender\Bitdefender Security\otengines_001_001\ashttpdsp.mdl
2017-07-12 19:29 - 2017-02-07 12:34 - 03243920 _____ () C:\Program Files\Bitdefender\Bitdefender Security\otengines_001_001\ashttpph.mdl
2017-07-12 19:29 - 2017-02-07 12:34 - 01544568 _____ () C:\Program Files\Bitdefender\Bitdefender Security\otengines_001_001\ashttprbl.mdl
2012-10-04 18:49 - 2012-10-04 18:49 - 00087152 _____ () C:\WINDOWS\System32\cpwmon64.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-02-23 08:29 - 2017-02-23 08:29 - 08909512 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2017-07-26 18:43 - 2017-06-09 16:11 - 00023416 _____ () C:\Program Files (x86)\Lenovo\System Update\SUService.exe
2017-08-17 15:17 - 2017-08-11 17:40 - 03824472 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.101\libglesv2.dll
2017-08-17 15:17 - 2017-08-11 17:40 - 00100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.101\libegl.dll
2016-08-12 12:20 - 2016-08-12 12:20 - 00073728 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:373E1720 [134]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1305087049-1155765426-3812204079-1008\...\aeriagames.com -> hxxps://aeriagames.com
IE trusted site: HKU\S-1-5-21-1305087049-1155765426-3812204079-1008\...\aeriagames.com -> hxxp://aeriagames.com
IE trusted site: HKU\S-1-5-21-1305087049-1155765426-3812204079-1008\...\bankcomm.com -> hxxps://*.bankcomm.com
IE trusted site: HKU\S-1-5-21-1305087049-1155765426-3812204079-1008\...\bankcomm.com -> hxxp://*.bankcomm.com
IE trusted site: HKU\S-1-5-21-1305087049-1155765426-3812204079-1008\...\com.cn -> hxxps://*.95559.com.cn
IE trusted site: HKU\S-1-5-21-1305087049-1155765426-3812204079-1008\...\com.cn -> hxxp://*.95559.com.cn

Shinritox · Aug 24, 2017

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 15:26 - 2017-08-24 19:35 - 00000002 _____ C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1305087049-1155765426-3812204079-1008\Control Panel\Desktop\\Wallpaper -> C:\Users\LocalAdmin.R9KZHA4\Pictures\Anime!\Back Grounds\18927_guilty_crown.jpg
DNS Servers: 192.168.8.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "SoftEther VPN Client Manager Startup.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "ForteConfig"
HKLM\...\StartupApproved\Run: => "SoftEther VPN Client UI Helper"
HKLM\...\StartupApproved\Run: => "Launch LCore"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "ApnUpdater"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Teacher"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "ApnTBMon"
HKLM\...\StartupApproved\Run32: => "bdbtray"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "BaofengPlatform"
HKLM\...\StartupApproved\Run32: => "BFVServer"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "Aeria Ignite"
HKLM\...\StartupApproved\Run32: => "Raptr"
HKLM\...\StartupApproved\Run32: => "Malwarebytes Anti-Malware"
HKLM\...\StartupApproved\Run32: => "EsBOCOMUserTool"
HKU\S-1-5-21-1305087049-1155765426-3812204079-1008\...\StartupApproved\StartupFolder: => "PPS.lnk"
HKU\S-1-5-21-1305087049-1155765426-3812204079-1008\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-1305087049-1155765426-3812204079-1008\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_05BC0D9B4EDE854F63BA4586B0896E42"
HKU\S-1-5-21-1305087049-1155765426-3812204079-1008\...\StartupApproved\Run: => "Overwolf"
HKU\S-1-5-21-1305087049-1155765426-3812204079-1008\...\StartupApproved\Run: => "PPS Accelerator"
HKU\S-1-5-21-1305087049-1155765426-3812204079-1008\...\StartupApproved\Run: => "BaofengPlatform"
HKU\S-1-5-21-1305087049-1155765426-3812204079-1008\...\StartupApproved\Run: => "CBoxService"
HKU\S-1-5-21-1305087049-1155765426-3812204079-1008\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1305087049-1155765426-3812204079-1008\...\StartupApproved\Run: => "Advanced SystemCare 10"
HKU\S-1-5-21-1305087049-1155765426-3812204079-1008\...\StartupApproved\Run: => "CCleaner Monitoring"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F4CBD339-A360-49D4-9500-2CA31F400AE2}] => (Allow) C:\Program Files (x86)\Common Files\Microsoft Shared\XNA\XnaTrans\v3.0\XnaTransX.exe
FirewallRules: [{AC070C92-009B-4AB2-B766-2556BEEBE7F2}] => (Allow) C:\Program Files (x86)\Microsoft XNA\XNA Game Studio\v4.0\Bin\XnaLiveProxy.exe
FirewallRules: [{CD3E4C76-6D6A-4CA6-95E6-64CD9CC9AE1A}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{BDDF1E49-77F8-470E-8842-EA3ACE4ACCB9}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{7156FCD1-381E-4E3E-87B4-97E7FAF0297E}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{5B7BAF54-8DF6-474F-A9B7-1E9D7C7EA32B}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{473D75C7-5DAA-40D8-A050-112C38B48929}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe
FirewallRules: [{CBB5DCCE-65E5-421B-ACA6-8E0BF72540C4}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.6\FlashBuilder.exe
FirewallRules: [{1D807B22-B36C-49CA-9B4A-EF04E6923529}] => (Allow) LPort=7935
FirewallRules: [{593315AB-2256-4BAA-AC56-2F6CF6AA15E8}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{11D9F631-2C3E-4F2D-B598-55315882764E}] => (Allow) LPort=2869
FirewallRules: [{81E7D71D-FD13-4926-AE8C-846E6A35EBC9}] => (Allow) LPort=1900
FirewallRules: [{69B4544D-8191-4054-8777-6AF469F28FAB}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{61DB09F5-D984-4E56-82CA-ADFC3A655001}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{1074BDF4-4C97-4528-AD57-D1E16442B3C0}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{772DE9FA-1524-4691-B058-7796C303D349}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{3DC6E362-73A8-4624-BDC0-88F037E3CA1C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{276AB48E-427E-4906-B3AC-5FBCD517BB38}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{6C88B57B-8856-4F3B-A2EA-00F4933BA2A3}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{E3287BFD-0E21-4107-A4A4-40E85DE75D60}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{BC43CDEB-A529-4A7B-8C61-F333989647CF}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{F25FC8AA-C481-4925-A5E9-E9BBEA342E48}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{30DB857C-2F61-4FD4-9797-D233FBED97EA}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [{D3E1727B-5973-4424-B22E-48E522E3416C}] => (Allow) LPort=58786
FirewallRules: [{41AE2670-E60D-473F-BC6C-A7E6386BF578}] => (Allow) LPort=58786
FirewallRules: [{0E63D806-5AC4-4248-A547-A82D8196E9CE}] => (Allow) LPort=58786
FirewallRules: [{934509F0-92B7-4696-A610-6ADAC7E31FFB}] => (Allow) LPort=58786
FirewallRules: [{D1996224-C6AA-4DE8-AF7B-16920F06E1CB}] => (Allow) C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
FirewallRules: [TCP Query User{D1BC77FD-76B2-4A8B-A16D-0CD6A31A8BA1}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{8C1E65A3-BB51-4E41-BA7A-0029DB1A97C7}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{4BA31CAB-0E4A-4AA3-BCAB-B1A03B01A6FE}] => (Allow) C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe
FirewallRules: [{2D8B32E0-D165-42FD-8BE5-B272EAB958CC}] => (Allow) C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe
FirewallRules: [{72410A48-EB45-4889-85D2-C38AFE474F6E}] => (Allow) C:\Program Files (x86)\Tencent\QQIntl\Bin\auclt.exe
FirewallRules: [{3F5D842B-FF15-4A38-8585-EDEE1EE89EB5}] => (Allow) C:\Program Files (x86)\Tencent\QQIntl\Bin\auclt.exe
FirewallRules: [{3A1B50D0-2559-4878-84F9-F0E5D389E314}] => (Allow) C:\Program Files (x86)\Tencent\QQIntl\Bin\txupd.exe
FirewallRules: [{64455630-09F3-48A2-B0D1-5E661ACFBEFF}] => (Allow) C:\Program Files (x86)\Tencent\QQIntl\Bin\txupd.exe
FirewallRules: [TCP Query User{54D1944F-758F-45A3-8300-3E1730B4F9B8}C:\program files (x86)\tencent\qqintl\bin\qq.exe] => (Block) C:\program files (x86)\tencent\qqintl\bin\qq.exe
FirewallRules: [UDP Query User{B95968B6-2764-4917-B42C-F0526A4FC2C6}C:\program files (x86)\tencent\qqintl\bin\qq.exe] => (Block) C:\program files (x86)\tencent\qqintl\bin\qq.exe
FirewallRules: [{B47EF81A-0BA5-48D3-BBF2-9AAD3D2E1E4A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4BF71186-30A2-4B6B-A791-9A9D9888C74B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F4E3F878-B0B1-4CA0-8A09-F43909C31300}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A1701046-33D9-4B0E-BAD6-8663CA9F79E6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{CE6D494E-35F6-4207-8A79-6CD35BC64969}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{49DC76E7-856B-4927-A07F-4637318B259D}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{58C01629-CC3B-4AD7-93B6-FE8364721BE2}] => (Allow) C:\ProgramData\Baidu\BaiduPlayer2\bdupdate2.6.2.40.exe
FirewallRules: [{556F88F9-BBE7-43C6-94B2-D79ED4376A60}] => (Allow) C:\ProgramData\Baidu\BaiduPlayer2\bdupdate2.6.2.67.exe
FirewallRules: [TCP Query User{3F2CB2FF-78BB-4890-BF6A-AE6D1108870F}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{B9BDC877-A63B-4FF2-A06A-9A54F4AED884}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [{105FC89E-BB78-432A-A434-37DCAD8A402C}] => (Allow) C:\Users\LocalAdmin.R9KZHA4\AppData\Local\SoftEther VPN Client\vpncmgr.exe
FirewallRules: [{25E6A1D2-B621-4AC4-8195-BDE9BE0184A0}] => (Allow) C:\Users\LocalAdmin.R9KZHA4\AppData\Local\SoftEther VPN Client\vpnclient_x64.exe
FirewallRules: [{6A1F4744-20B4-49C1-A1B9-751807E4569E}] => (Allow) C:\Users\LocalAdmin.R9KZHA4\AppData\Local\SoftEther VPN Client\vpncmd.exe
FirewallRules: [{4BEFEB60-89E7-44C1-B4D7-3772FF978E21}] => (Allow) C:\Users\LocalAdmin.R9KZHA4\AppData\Local\SoftEther VPN Client\vpncmgr_x64.exe
FirewallRules: [{D2815717-6B6A-43DE-88D2-5D78987F8D83}] => (Allow) C:\Users\LocalAdmin.R9KZHA4\AppData\Local\SoftEther VPN Client\vpnclient.exe
FirewallRules: [{53B2877B-3B72-40F4-821E-110EF647190B}] => (Allow) C:\Users\LocalAdmin.R9KZHA4\AppData\Local\SoftEther VPN Client\vpncmd_x64.exe
FirewallRules: [{9AA718A3-8B9B-4F37-996B-C6A39348CCDE}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{1640074A-CCCC-4AB8-8B7C-BAE31386D034}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{F87868BC-395F-490C-98E9-8A9885976B9E}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{1BB62630-8006-4181-8BA4-F39F40813C70}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{B78F6F67-8593-455A-9F73-0BA78B0AA8FE}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{A5674832-A464-47F8-8C09-B35D3CF05E6A}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [TCP Query User{1B5A0DBF-A51F-4D56-BEC3-72A53ABA88BB}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{EF78985C-D77B-4BC9-A6D9-632A3E5A61C9}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{FF9D90AA-A74A-491F-A67C-824D98B63B63}C:\program files (x86)\ti education\ti-nspire cas student software\ti-nspire cas student software.exe] => (Allow) C:\program files (x86)\ti education\ti-nspire cas student software\ti-nspire cas student software.exe
FirewallRules: [UDP Query User{3C2FBBEA-7B6F-4FEE-BE65-C95D3E22A7C4}C:\program files (x86)\ti education\ti-nspire cas student software\ti-nspire cas student software.exe] => (Allow) C:\program files (x86)\ti education\ti-nspire cas student software\ti-nspire cas student software.exe
FirewallRules: [TCP Query User{BE6A47BB-AD1D-460E-8044-38D4DD43ED53}C:\program files (x86)\ti education\ti-nspire cas student software\jre\bin\java.exe] => (Allow) C:\program files (x86)\ti education\ti-nspire cas student software\jre\bin\java.exe
FirewallRules: [UDP Query User{08C1B9EE-F6AC-41AE-8010-174466D824DE}C:\program files (x86)\ti education\ti-nspire cas student software\jre\bin\java.exe] => (Allow) C:\program files (x86)\ti education\ti-nspire cas student software\jre\bin\java.exe
FirewallRules: [TCP Query User{81C50F22-97F5-4595-84FF-EDF8D61C2215}C:\program files (x86)\ti education\ti-nspire cas student software\ti-nspire cas student software.exe] => (Block) C:\program files (x86)\ti education\ti-nspire cas student software\ti-nspire cas student software.exe
FirewallRules: [UDP Query User{780EAB7B-31A4-4A61-ABAD-8CB1D3240F4C}C:\program files (x86)\ti education\ti-nspire cas student software\ti-nspire cas student software.exe] => (Block) C:\program files (x86)\ti education\ti-nspire cas student software\ti-nspire cas student software.exe
FirewallRules: [TCP Query User{FACFDD65-2A61-49A1-9908-AE2BB9D33D6E}C:\program files (x86)\ti education\ti-nspire cas student software\jre\bin\java.exe] => (Block) C:\program files (x86)\ti education\ti-nspire cas student software\jre\bin\java.exe
FirewallRules: [UDP Query User{A9493E91-6769-41CA-93AA-3709969F8C81}C:\program files (x86)\ti education\ti-nspire cas student software\jre\bin\java.exe] => (Block) C:\program files (x86)\ti education\ti-nspire cas student software\jre\bin\java.exe
FirewallRules: [{DAA9881B-5A88-4501-852D-234CDD6E1984}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{FDFAE15A-F667-47ED-B482-926B9A48DCCA}] => (Allow) C:\Program Files\SoftEther VPN Client Manager\vpncmgr_x64.exe
FirewallRules: [{711A7D01-8CE5-4C5C-BA31-1C02AEBCBD92}] => (Allow) C:\Program Files\SoftEther VPN Client Manager\vpncmd_x64.exe
FirewallRules: [TCP Query User{47A00787-9717-4E25-A925-43511D999506}C:\program files (x86)\ti education\ti-nspire cas student software\ti-nspire cas student software.exe] => (Block) C:\program files (x86)\ti education\ti-nspire cas student software\ti-nspire cas student software.exe
FirewallRules: [UDP Query User{F0ED6561-429C-42A0-8865-CC281D122EB0}C:\program files (x86)\ti education\ti-nspire cas student software\ti-nspire cas student software.exe] => (Block) C:\program files (x86)\ti education\ti-nspire cas student software\ti-nspire cas student software.exe
FirewallRules: [TCP Query User{CE4CE86F-3149-4D99-989B-AB77C37E412C}C:\program files (x86)\ti education\ti-nspire cas student software\jre\bin\java.exe] => (Block) C:\program files (x86)\ti education\ti-nspire cas student software\jre\bin\java.exe
FirewallRules: [UDP Query User{AD89D4E3-E265-4498-A285-3BD32C8DCD81}C:\program files (x86)\ti education\ti-nspire cas student software\jre\bin\java.exe] => (Block) C:\program files (x86)\ti education\ti-nspire cas student software\jre\bin\java.exe
FirewallRules: [{AD04A13F-FB75-4D39-A5CE-660CA3225688}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7AADFF67-0D20-4C9F-AF3B-0CD99143D3A1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6828B242-E484-4A80-9955-BAB6B322DD8D}] => (Allow) C:\WINDOWS\CCM\RemCtrl\CmRcService.exe
FirewallRules: [{9BB2FF85-9509-4BBB-AFDC-C743CD1222EC}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{68C35754-D7EA-4D6E-AA17-E64E516D8AB4}] => (Allow) C:\WINDOWS\CCM\RemCtrl\CmRcService.exe
FirewallRules: [TCP Query User{968D5BF1-D244-4F9C-94A3-7DDE0E597A9F}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{E1BAA4C1-F895-44FD-A345-0DD58C34A744}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{AA9BCCB0-892B-4698-9CEF-50FDB6933CA2}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{CC4ABB3A-1A4B-4869-BB77-082791104DB6}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{E819CF3D-8BAF-4837-A80D-A3DE0D78C3BE}] => (Allow) C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
FirewallRules: [{7A3E31EE-7FB2-4071-A3F5-5E22C7E2A265}] => (Allow) C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
FirewallRules: [{F8B67689-2B26-4BFD-8781-DE48D4926BD6}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{CC90C435-6BC2-4BB4-99F8-66CF1B5D9D8F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F7330749-9775-4687-9ACC-3F9C652AF8C2}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{B5580A97-C894-46CF-826B-0C95989D64E3}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{5C5D0BE2-D354-4F0D-8FC4-583BB5F34190}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{5063AF2C-8557-417E-A226-3471F938399B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{BB8BBBF1-11F1-4730-B3C8-5BA74BF29AD4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KillingFloor\System\KillingFloor.exe
FirewallRules: [{4A9F650E-791A-47BB-B27F-7621362E5B78}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KillingFloor\System\KillingFloor.exe
FirewallRules: [{891985EA-2A3D-4782-86FB-FBB1AB8C28B2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{8E4EE7F4-4B00-4280-9D19-21231281C4E5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{30CCB695-014A-4700-8C15-E3D3B7DDCF28}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{9FFA4CE9-D4A7-4886-A19F-59623F3136D1}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{530BAA77-9935-4AD2-A8D4-E44F16AC3A40}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Golf With Your Friends\Golf With Your Friends.exe
FirewallRules: [{6B4E2A48-906C-4BBC-8F43-80525790D03E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Golf With Your Friends\Golf With Your Friends.exe
FirewallRules: [{96D81077-B51E-4124-838C-49A6B77D1912}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{BC8967CB-2E5B-4BB2-8FA2-1843B9357889}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{779EED39-1831-41C0-B4F7-F8C11DA2C16A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{14493805-417D-40C9-87B7-A197BBF80348}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BC2C852B-E8C5-4F5E-B701-0B293AB54CA0}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{81109275-F6CB-4E6A-A3BB-3E3D09B7E576}] => (Allow) C:\Riot Games\League of Legends\lol.launcher.exe
FirewallRules: [{64B7E74D-D655-47FB-9D9F-05B3CDC1CD16}] => (Allow) C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
FirewallRules: [{369A7922-429F-4964-BFB0-15AAFF0D4392}] => (Allow) C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
FirewallRules: [{BD10D4CC-502D-445A-AACC-74D6F449EC62}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

08-08-2017 00:59:19 JRT Pre-Junkware Removal
16-08-2017 01:14:20 Windows Update
19-08-2017 23:58:19 ComboFix created restore point

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (08/24/2017 07:48:40 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80070005).

Error: (08/24/2017 06:40:04 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007251E
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=458e1bec-837a-45f6-b9d5-925ed5d299de;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (08/24/2017 06:39:15 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "SQLAgent$SQLEXPRESS" in DLL "perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (08/24/2017 06:39:15 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "MSSQL$SQLEXPRESS" in DLL "perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (08/24/2017 06:39:14 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "aspnet_state" in DLL "C:\WINDOWS\System32\aspnet_counters.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (08/24/2017 06:39:14 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "ASP.NET_4.0.30319" in DLL "C:\WINDOWS\System32\aspnet_counters.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (08/24/2017 06:39:14 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "ASP.NET" in DLL "C:\WINDOWS\System32\aspnet_counters.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (08/24/2017 06:39:14 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service ".NETFramework" in DLL "C:\WINDOWS\system32\mscoree.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (08/24/2017 06:38:59 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007251E
Command-line arguments:
RuleId=502ff3ba-669a-4674-bbb1-601f34a3b968;Action=AutoActivateSilent;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=458e1bec-837a-45f6-b9d5-925ed5d299de;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (08/24/2017 06:35:52 PM) (Source: MSSQL$SQLEXPRESS) (EventID: 8317) (User: )
Description: Cannot query value 'First Counter' associated with registry key 'HKLM\SYSTEM\CurrentControlSet\Services\MSSQL$SQLEXPRESS\Performance'. SQL Server performance counters are disabled.

System errors:
=============
Error: (08/24/2017 06:37:51 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 70.

Error: (08/24/2017 06:36:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (08/24/2017 06:36:22 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.

Error: (08/24/2017 06:36:08 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain STHELENA due to the following:
There are currently no logon servers available to service the logon request.

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.

ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (08/24/2017 06:36:06 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (08/24/2017 01:43:54 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Emsisoft Protection Service service did not shut down properly after receiving a preshutdown control.

Error: (08/24/2017 01:43:21 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the VSSERV service.

Error: (08/24/2017 01:40:28 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Conexant Audio Message Service service terminated unexpectedly. It has done this 1 time(s).

Error: (08/23/2017 11:44:28 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (08/23/2017 09:46:31 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain STHELENA due to the following:
There are currently no logon servers available to service the logon request.

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.

ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

CodeIntegrity:
===================================
Date: 2017-08-24 19:46:27.917
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-08-24 19:45:38.013
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-08-24 19:40:13.103
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-08-24 19:37:43.177
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Program Files\Emsisoft Anti-Malware\a2hooks64.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

Date: 2017-08-24 19:37:43.017
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Program Files\Emsisoft Anti-Malware\a2hooks32.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

Date: 2017-08-24 19:33:39.734
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Program Files\Emsisoft Anti-Malware\a2hooks64.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

Date: 2017-08-24 19:33:36.660
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Program Files\Emsisoft Anti-Malware\a2hooks64.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

Date: 2017-08-24 19:33:36.660
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume1\Program Files\Emsisoft Anti-Malware\a2hooks64.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

Date: 2017-08-24 19:15:35.694
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

Date: 2017-08-24 19:13:53.395
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Emsisoft Anti-Malware\a2hooks64.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz
Percentage of memory in use: 66%
Total physical RAM: 3979.23 MB
Available physical RAM: 1340.29 MB
Total Virtual: 8587.23 MB
Available Virtual: 4806.45 MB

==================== Drives ================================

Drive c: (OSDisk) (Fixed) (Total:273.67 GB) (Free:53.67 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Stuff) (Fixed) (Total:24.41 GB) (Free:18.32 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 2D4B5698)
Partition 1: (Active) - (Size=273.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=24.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Broni · Aug 24, 2017

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Solved Computer infected, do I upgrade OS or clean Malware first?

Posts: 19 +0

Attachments

Posts: 56,041 +516

Posts: 19 +0

Posts: 19 +0

Posts: 56,041 +516

Posts: 19 +0

Attachments

Posts: 56,041 +516

Posts: 56,041 +516

Posts: 56,041 +516

Posts: 56,041 +516

Posts: 56,041 +516

Posts: 56,041 +516

Posts: 56,041 +516

Posts: 19 +0

Posts: 19 +0

Attachments

Posts: 56,041 +516

Posts: 19 +0

Posts: 56,041 +516

Posts: 19 +0

Posts: 56,041 +516

Posts: 19 +0

Posts: 19 +0

Posts: 19 +0

Posts: 19 +0

Posts: 56,041 +516

Attachments

Similar threads