Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-01-2017 Ran by axioo (administrator) on SUPERLITE01 (01-02-2017 12:48:52) Running from C:\Users\axioo\Desktop Loaded Profiles: axioo (Available Profiles: axioo) Platform: Microsoft Windows 10 Home Single Language Version 1511 (X86) Language: English (United Kingdom) Internet Explorer Version 11 (Default browser: Edge) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Windows\System32\IntelCpHeciSvc.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (SurfRight B.V.) D:\Program Files\HitmanPro\hmpsched.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (SurfRight B.V.) D:\Program Files\HitmanPro\HitmanPro.exe (Google Inc.) D:\Program Files\Google\Update\GoogleUpdate.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\Program Files\REALTEK\REALTEK Bluetooth\BTDevMgr.exe (Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe (Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe (Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe (Microsoft Corporation) D:\Program Files\Windows Defender\MsMpEng.exe (Zemana Ltd.) D:\Program Files\Zemana AntiMalware\ZAM.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe (Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe (Zemana Ltd.) D:\Program Files\Zemana AntiMalware\ZAM.exe (Microsoft Corporation) D:\Program Files\Windows Defender\NisSrv.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [103528 2015-07-30] (Intel Corporation) HKLM\...\Run: [ZAM] => D:\Program Files\Zemana AntiMalware\ZAM.exe [14188272 2017-01-23] (Zemana Ltd.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{902cb5f3-005d-4eec-a7b8-7173bc339658}: [DhcpNameServer] 192.168.42.129 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> D:\Program Files\Microsoft Office\Office15\OCHelper.dll [2013-06-13] (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - D:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation) StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe FireFox: ======== FF Plugin: @microsoft.com/Lync,version=15.0 -> D:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2013-06-13] (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> D:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> D:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2017-01-31] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> D:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2017-01-31] (Google Inc.) FF Plugin ProgramFiles/Appdata: D:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2013-06-13] (Microsoft Corporation) Chrome: ======= CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxps://duckduckgo.com/" CHR Profile: C:\Users\axioo\AppData\Local\Google\Chrome\User Data\Default [2017-02-01] CHR Extension: (Google Slides) - C:\Users\axioo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-31] CHR Extension: (Beatlab) - C:\Users\axioo\AppData\Local\Google\Chrome\User Data\Default\Extensions\alnfdikmbdfgkcbdodjcbmedanjinmkk [2017-01-31] CHR Extension: (Google Docs) - C:\Users\axioo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-31] CHR Extension: (Google Drive) - C:\Users\axioo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-31] CHR Extension: (DuckDuckGo Search) - C:\Users\axioo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkdgflcldnnnapblkhphbgpggdiikppg [2017-01-31] CHR Extension: (Audiotool) - C:\Users\axioo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkgoccjhfjgjedhkiefaclppgbmoobnk [2017-01-31] CHR Extension: (YouTube) - C:\Users\axioo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-31] CHR Extension: (Dragon Web Extension) - C:\Users\axioo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddaloccgjfibfpkalenodgehlhkgoahe [2017-01-31] CHR Extension: (Google Sheets) - C:\Users\axioo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-31] CHR Extension: (Google Docs Offline) - C:\Users\axioo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-31] CHR Extension: (AdBlock) - C:\Users\axioo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-01-31] CHR Extension: (Tab Cookies) - C:\Users\axioo\AppData\Local\Google\Chrome\User Data\Default\Extensions\iahecghojagkcoehfhfknajofkokndjm [2017-01-31] CHR Extension: (Flat - Music scores and guitar tabs editor) - C:\Users\axioo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgfkpiieempkmppimblkblmlcmbdkbcg [2017-01-31] CHR Extension: (Ghostery) - C:\Users\axioo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2017-01-31] CHR Extension: (Chrome Web Store Payments) - C:\Users\axioo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-31] CHR Extension: (Gmail) - C:\Users\axioo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-31] CHR Extension: (Chrome Media Router) - C:\Users\axioo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-31] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 BTDevManager; C:\Program Files\REALTEK\REALTEK Bluetooth\BTDevMgr.exe [147160 2015-07-16] () R3 cphs; C:\WINDOWS\system32\IntelCpHeciSvc.exe [290208 2015-07-30] (Intel Corporation) R2 DptfParticipantProcessorService; C:\WINDOWS\system32\DptfParticipantProcessorService.exe [108648 2015-07-30] (Intel Corporation) R2 DptfPolicyCriticalService; C:\WINDOWS\system32\DptfPolicyCriticalService.exe [105576 2015-07-30] (Intel Corporation) R2 DptfPolicyLpmService; C:\WINDOWS\system32\DptfPolicyLpmService.exe [115816 2015-07-30] (Intel Corporation) S2 gupdate; D:\Program Files\Google\Update\GoogleUpdate.exe [153752 2017-01-31] (Google Inc.) S3 gupdatem; D:\Program Files\Google\Update\GoogleUpdate.exe [153752 2017-01-31] (Google Inc.) R2 HitmanProScheduler; D:\Program Files\HitmanPro\hmpsched.exe [106280 2017-01-31] (SurfRight B.V.) R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [283552 2015-07-30] (Intel Corporation) R3 WdNisSvc; D:\Program Files\Windows Defender\NisSrv.exe [280376 2015-10-30] (Microsoft Corporation) R2 WinDefend; D:\Program Files\Windows Defender\MsMpEng.exe [23256 2015-10-30] (Microsoft Corporation) S3 WMPNetworkSvc; D:\Program Files\Windows Media Player\wmpnetwk.exe [1186816 2015-10-30] (Microsoft Corporation) R2 ZAMSvc; D:\Program Files\Zemana AntiMalware\ZAM.exe [14188272 2017-01-23] (Zemana Ltd.) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 ampa; C:\WINDOWS\system32\ampa.sys [17008 2015-11-10] () [File not signed] R3 BthMini; C:\WINDOWS\system32\DRIVERS\BTHMINI.sys [23040 2015-10-30] (Microsoft Corporation) R3 camera; C:\WINDOWS\system32\DRIVERS\iacamera32.sys [697360 2015-07-09] (Intel(R) Corporation) R3 DptfDevDBPT; C:\WINDOWS\system32\DRIVERS\DptfDevPower.sys [55816 2015-06-24] (Intel Corporation) R3 DptfDevDisplay; C:\WINDOWS\system32\DRIVERS\DptfDevDisplay.sys [59392 2015-06-24] (Intel Corporation) R3 DptfDevGen; C:\WINDOWS\system32\DRIVERS\DptfDevGen.sys [85000 2015-06-24] (Intel Corporation) R3 DptfDevProc; C:\WINDOWS\system32\DRIVERS\DptfDevProc.sys [203264 2015-06-24] (Intel Corporation) R3 DptfManager; C:\WINDOWS\system32\DRIVERS\DptfManager.sys [467968 2015-06-24] (Intel Corporation) R3 gc0310; C:\WINDOWS\System32\drivers\gc0310.sys [102440 2015-09-06] (Intel(R) Corporation) R3 GPIO; C:\WINDOWS\System32\drivers\iaiogpioe.sys [34176 2015-06-10] (Intel Corporation) R3 GpioVirtual; C:\WINDOWS\System32\drivers\iaiogpiovirtual.sys [27496 2015-06-10] (Intel Corporation) R3 iaioi2c; C:\WINDOWS\System32\drivers\iaioi2ce.sys [57360 2015-06-18] (Intel Corporation) R3 iaiouart; C:\WINDOWS\System32\drivers\iaiouart.sys [98560 2015-06-10] (Intel Corporation) S3 intaud_WaveExtensible; C:\WINDOWS\system32\drivers\intelaud.sys [44096 2015-06-27] (Intel Corporation) R3 IntelBatteryManagement; C:\WINDOWS\System32\drivers\IntelBatteryManagement.sys [47104 2015-07-01] () R3 IntelSST; C:\WINDOWS\system32\drivers\isstrtc.sys [277256 2015-06-13] (Intel(R) Corporation) R3 iwdbus; C:\WINDOWS\System32\drivers\iwdbus.sys [35904 2015-06-27] (Intel Corporation) R0 MBI; C:\WINDOWS\System32\drivers\MBI.sys [33792 2015-06-16] (Intel Corporation) R3 PMIC; C:\WINDOWS\System32\drivers\PMIC.sys [77424 2015-06-16] (Intel Corporation) R3 rtii2sac; C:\WINDOWS\system32\DRIVERS\rtii2sac.sys [208624 2015-06-12] (Realtek Semiconductor Corp.) R3 RtkUart; C:\WINDOWS\System32\drivers\RtkUart.sys [557312 2015-07-20] (Realtek Semiconductor Corporation) R3 RtlWlans; C:\WINDOWS\system32\DRIVERS\rtwlans.sys [3933400 2015-10-08] (Realtek Semiconductor Corporation ) R3 SileadTouch; C:\WINDOWS\System32\drivers\SileadTouch.sys [82944 2014-11-06] () U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2017-02-01] () R3 TXEI; C:\WINDOWS\System32\drivers\TXEI.sys [84520 2015-05-27] (Intel Corporation) R3 unicam; C:\WINDOWS\System32\drivers\ov2680.sys [91696 2015-10-20] (Intel(R) Corporation) S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [37400 2015-10-30] (Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [246104 2015-10-30] (Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [98648 2015-10-30] (Microsoft Corporation) R3 wmbclass; C:\WINDOWS\System32\drivers\wmbclass.sys [250368 2015-10-30] (Microsoft Corporation) R3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [163328 2015-10-30] (Microsoft Corporation) R1 ZAM; C:\WINDOWS\System32\drivers\zam32.sys [181496 2017-01-31] (Zemana Ltd.) R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard32.sys [181496 2017-01-31] (Zemana Ltd.) R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard32.sys [181496 2017-01-31] (Zemana Ltd.) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-02-01 12:50 - 2017-02-01 12:50 - 00030616 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys 2017-02-01 11:04 - 2017-02-01 12:43 - 00002709 _____ C:\Users\axioo\Desktop\Fixlog.txt 2017-02-01 10:56 - 2017-02-01 11:02 - 49045484 _____ C:\Users\axioo\Downloads\RogueKiller_12.9.6.0.softarchive.la.rar 2017-02-01 09:36 - 2015-10-30 12:47 - 00000219 _____ C:\WINDOWS\system.ini 2017-02-01 09:36 - 2015-10-30 12:47 - 00000092 _____ C:\WINDOWS\win.ini 2017-02-01 08:43 - 2017-02-01 10:47 - 00024688 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys 2017-02-01 08:40 - 2017-02-01 08:40 - 00000941 _____ C:\Users\Public\Desktop\RogueKiller.lnk 2017-02-01 08:40 - 2017-02-01 08:40 - 00000000 ____D D:\Program Files\RogueKiller 2017-02-01 08:40 - 2017-02-01 08:40 - 00000000 ____D C:\ProgramData\RogueKiller 2017-02-01 08:40 - 2017-02-01 08:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller 2017-02-01 08:31 - 2017-02-01 08:39 - 34821984 _____ (Adlice Software ) C:\Users\axioo\Downloads\setup (1).exe 2017-01-31 14:04 - 2017-02-01 11:21 - 00015545 _____ C:\Users\axioo\Desktop\Addition.txt 2017-01-31 14:03 - 2017-02-01 12:51 - 00012376 _____ C:\Users\axioo\Desktop\FRST.txt 2017-01-31 13:49 - 2017-02-01 12:48 - 00000000 ____D C:\FRST 2017-01-31 13:41 - 2017-01-31 13:49 - 01762816 _____ (Farbar) C:\Users\axioo\Desktop\FRST.exe 2017-01-31 13:41 - 2017-01-31 13:41 - 00388608 _____ (Trend Micro Inc.) C:\Users\axioo\Downloads\HiJackThis.exe 2017-01-31 11:59 - 2017-01-31 11:59 - 00001841 _____ C:\Users\Public\Desktop\HitmanPro.lnk 2017-01-31 11:59 - 2017-01-31 11:59 - 00000000 ____D D:\Program Files\HitmanPro 2017-01-31 11:59 - 2017-01-31 11:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2017-01-31 11:32 - 2017-01-31 12:11 - 00000000 ____D C:\ProgramData\HitmanPro 2017-01-31 11:29 - 2017-01-31 11:32 - 09096848 _____ (SurfRight B.V.) C:\Users\axioo\Downloads\HitmanPro.exe 2017-01-31 11:23 - 2017-01-31 11:24 - 04015056 _____ C:\Users\axioo\Downloads\adwcleaner_6.043.exe 2017-01-31 11:22 - 2017-01-31 11:37 - 00000000 ____D C:\AdwCleaner 2017-01-31 10:56 - 2017-02-01 12:50 - 00061151 _____ C:\WINDOWS\ZAM.krnl.trace 2017-01-31 10:56 - 2017-02-01 12:50 - 00011826 _____ C:\WINDOWS\ZAM_Guard.krnl.trace 2017-01-31 10:56 - 2017-01-31 10:56 - 00181496 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard32.sys 2017-01-31 10:56 - 2017-01-31 10:56 - 00181496 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam32.sys 2017-01-31 10:56 - 2017-01-31 10:56 - 00001830 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk 2017-01-31 10:56 - 2017-01-31 10:56 - 00000000 ____D D:\Program Files\Zemana AntiMalware 2017-01-31 10:56 - 2017-01-31 10:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware 2017-01-31 10:55 - 2017-01-31 10:55 - 00000000 ____D C:\Users\axioo\AppData\Local\Zemana 2017-01-31 10:53 - 2017-01-31 10:54 - 05510592 _____ ( ) C:\Users\axioo\Downloads\Zemana.AntiMalware.Setup.exe 2017-01-31 10:47 - 2017-01-31 10:48 - 00003388 _____ C:\Users\axioo\Desktop\Rkill.txt 2017-01-31 10:47 - 2017-01-31 10:47 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\axioo\Downloads\rkill.exe 2017-01-31 09:39 - 2017-01-31 10:01 - 00345690 _____ C:\WINDOWS\ntbtlog.txt 2017-01-31 09:34 - 2017-01-31 09:34 - 00000000 ____D C:\Users\axioo\AppData\Local\ElevatedDiagnostics 2017-01-31 09:23 - 2017-01-31 09:23 - 00018592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr100_clr0400.dll 2017-01-31 09:22 - 2017-01-31 09:22 - 00029376 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll 2017-01-31 09:12 - 2017-01-31 09:13 - 01429344 _____ (Microsoft Corporation) C:\Users\axioo\Downloads\NDP462-KB3151802-Web.exe 2017-01-31 08:42 - 2017-01-31 08:42 - 00002131 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-01-31 08:42 - 2017-01-31 08:42 - 00002131 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-01-31 08:38 - 2017-01-31 09:21 - 00000000 ____D C:\Users\axioo\AppData\Local\Google 2017-01-31 08:38 - 2017-01-31 08:40 - 00000000 ____D D:\Program Files\Google 2017-01-31 08:37 - 2017-01-31 08:37 - 01065376 _____ (Google Inc.) C:\Users\axioo\Downloads\ChromeSetup.exe 2017-01-31 08:28 - 2017-01-31 08:28 - 00000000 ____D D:\Program Files\Intel 2017-01-31 08:28 - 2017-01-31 08:28 - 00000000 ____D D:\Program Files\DIFX 2017-01-31 08:27 - 2017-01-31 08:27 - 00000000 ____D D:\Program Files\Windows Portable Devices 2017-01-31 08:27 - 2017-01-31 08:27 - 00000000 ____D D:\Program Files\Windows Photo Viewer 2017-01-31 08:27 - 2017-01-31 08:27 - 00000000 ____D D:\Program Files\Windows NT 2017-01-31 08:27 - 2017-01-31 08:27 - 00000000 ____D D:\Program Files\Windows Multimedia Platform 2017-01-31 08:27 - 2017-01-31 08:27 - 00000000 ____D D:\Program Files\Windows Journal 2017-01-31 08:27 - 2017-01-31 08:27 - 00000000 ____D D:\Program Files\Windows Defender 2017-01-31 08:27 - 2017-01-31 08:27 - 00000000 ____D D:\Program Files\REALTEK SD Wireless LAN Driver 2017-01-31 08:27 - 2017-01-31 08:27 - 00000000 ____D D:\Program Files\Bonjour 2017-01-31 08:26 - 2017-01-31 08:26 - 00000000 ____D D:\Program Files\REALTEK 2017-01-30 12:18 - 2017-01-31 12:14 - 00000000 ____D D:\Program Files\EqualizerAPO 2017-01-30 12:17 - 2017-01-30 12:17 - 06888519 _____ C:\Users\axioo\Downloads\EqualizerAPO32-1.1.2.exe 2017-01-30 10:49 - 2017-01-30 10:49 - 00000000 ____D C:\Users\axioo\AppData\LocalLow\Temp 2017-01-30 09:55 - 2017-01-30 09:55 - 00000801 _____ C:\Users\Public\Desktop\LifePreInt.lnk 2017-01-30 09:55 - 2017-01-30 09:55 - 00000801 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LifePreInt.lnk 2017-01-30 09:55 - 2017-01-30 09:55 - 00000000 ____D C:\Users\axioo\AppData\Roaming\com.adobe.example.LifePreInt.EE56868B10F1E873F72054D45113DA2EF16FE085.1 2017-01-30 09:53 - 2017-01-30 09:55 - 00000000 ____D D:\Program Files\LifePreInt 2017-01-30 09:42 - 2017-01-30 09:42 - 00000789 _____ C:\Users\Public\Desktop\LifeElem.lnk 2017-01-30 09:42 - 2017-01-30 09:42 - 00000789 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LifeElem.lnk 2017-01-30 09:42 - 2017-01-30 09:42 - 00000000 ____D C:\Users\axioo\AppData\Roaming\com.adobe.example.LifeElem.EE56868B10F1E873F72054D45113DA2EF16FE085.1 2017-01-30 09:40 - 2017-01-30 09:42 - 00000000 ____D D:\Program Files\LifeElem 2017-01-30 09:25 - 2017-01-30 09:25 - 00000000 ____D C:\ProgramData\Adobe 2017-01-30 09:24 - 2017-01-30 09:24 - 00000779 _____ C:\Users\Public\Desktop\LifeBeg.lnk 2017-01-30 09:24 - 2017-01-30 09:24 - 00000779 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LifeBeg.lnk 2017-01-30 09:24 - 2017-01-30 09:24 - 00000000 ____D C:\Users\axioo\AppData\Roaming\com.adobe.example.LifeBeg.EE56868B10F1E873F72054D45113DA2EF16FE085.1 2017-01-30 09:22 - 2017-01-30 09:24 - 00000000 ____D D:\Program Files\LifeBeg 2017-01-30 09:22 - 2017-01-30 09:22 - 00000000 ____D D:\Program Files\Adobe 2017-01-30 09:22 - 2017-01-30 09:22 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia 2017-01-30 09:22 - 2017-01-30 09:22 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia 2017-01-30 09:22 - 2017-01-30 09:22 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR 2017-01-30 09:04 - 2017-01-30 09:04 - 00000000 ____D C:\Users\axioo\AppData\Local\Adobe 2017-01-30 09:00 - 2017-01-30 09:00 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf 2017-01-30 00:19 - 2017-01-30 00:19 - 00000000 ____D C:\Users\axioo\Documents\Custom Office Templates 2017-01-30 00:15 - 2017-01-30 00:15 - 00000000 ____D C:\ProgramData\Microsoft Toolkit 2017-01-30 00:11 - 2017-01-30 00:11 - 00000000 ____D C:\Users\axioo\AppData\Roaming\WinRAR 2017-01-30 00:09 - 2017-01-30 00:13 - 00000000 ____D D:\Program Files\WinRAR 2017-01-30 00:09 - 2017-01-30 00:09 - 00000000 ____D C:\Users\axioo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2017-01-30 00:09 - 2017-01-30 00:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2017-01-30 00:01 - 2017-01-30 00:01 - 00000000 ____D D:\Program Files\Mozilla Firefox 2017-01-29 23:58 - 2017-01-29 23:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2017-01-29 23:57 - 2017-01-29 23:57 - 00000000 ____D C:\Program Files\Common Files\DESIGNER 2017-01-29 23:54 - 2017-01-29 23:56 - 00000000 ____D D:\Program Files\Microsoft SQL Server 2017-01-29 23:54 - 2017-01-29 23:54 - 00000000 ____D C:\WINDOWS\PCHEALTH 2017-01-29 23:53 - 2017-01-29 23:53 - 00000000 ____D D:\Program Files\AOMEI Partition Assistant Unlimited Edition 6.0 2017-01-29 23:51 - 2017-01-29 23:51 - 00000000 ___RD C:\Users\axioo\3D Objects 2017-01-29 23:49 - 2017-01-29 23:54 - 00000000 ____D D:\Program Files\Microsoft Office 2017-01-29 23:49 - 2017-01-29 23:49 - 00000000 ____D D:\Program Files\Microsoft Analysis Services 2017-01-29 23:41 - 2017-01-29 23:41 - 00000933 _____ C:\Users\axioo\Desktop\WinDirStat.lnk 2017-01-29 23:41 - 2017-01-29 23:41 - 00000000 ____D D:\Program Files\WinDirStat 2017-01-29 23:41 - 2017-01-29 23:41 - 00000000 ____D C:\Users\axioo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat 2017-01-29 23:22 - 2017-01-29 23:22 - 00000652 _____ C:\Users\axioo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EverQuest.lnk 2017-01-29 23:12 - 2017-01-29 23:12 - 00000000 ____D C:\Users\axioo\AppData\Roaming\Acronis 2017-01-29 23:12 - 2017-01-29 23:12 - 00000000 ____D C:\ProgramData\Apple 2017-01-29 22:59 - 2017-01-29 22:59 - 00000000 ____D C:\Users\Public\Daybreak Game Company 2017-01-29 22:55 - 2017-01-29 22:55 - 00000000 ____D C:\Users\axioo\AppData\Roaming\VOS 2017-01-29 21:24 - 2017-01-30 00:18 - 00000000 ____D C:\Users\axioo\AppData\Local\Microsoft Help 2017-01-27 11:20 - 2017-01-27 11:20 - 00000000 ____D C:\Users\axioo\AppData\Roaming\Macromedia 2017-01-27 11:17 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll 2017-01-27 11:17 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll 2017-01-27 11:17 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll 2017-01-27 11:17 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll 2017-01-27 11:17 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll 2017-01-27 11:17 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll 2017-01-27 11:17 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll 2017-01-27 11:17 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll 2017-01-27 11:17 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_30.dll 2017-01-27 00:27 - 2017-01-27 00:28 - 00000000 ____D C:\Users\axioo\AppData\LocalLow\Daybreak Game Company 2017-01-27 00:27 - 2017-01-27 00:27 - 00000000 ____D C:\Users\axioo\AppData\Local\SCE 2017-01-27 00:27 - 2017-01-27 00:27 - 00000000 ____D C:\Users\axioo\AppData\Local\Daybreak Game Company 2017-01-26 23:49 - 2017-01-26 23:49 - 00005671 _____ C:\WINDOWS\ddclog.txt 2017-01-26 23:47 - 2017-01-27 00:22 - 00000000 ____D C:\WINDOWS\amlog 2017-01-26 23:46 - 2017-01-27 00:22 - 00000462 _____ C:\WINDOWS\ampa.ini 2017-01-26 23:25 - 2017-01-27 00:18 - 00001024 ____H C:\AMTAG.BIN 2017-01-26 23:19 - 2017-01-26 23:20 - 00000000 ____D C:\Users\axioo\AppData\Local\MicrosoftEdge 2017-01-26 23:18 - 2017-01-26 23:18 - 00001330 _____ C:\Users\Public\Desktop\AOMEI Partition Assistant Unlimited Edition 6.0.lnk 2017-01-26 23:18 - 2017-01-26 23:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOMEI Partition Assistant Unlimited Edition 6.0 2017-01-26 23:18 - 2015-12-11 09:57 - 01664624 _____ C:\WINDOWS\ampa.exe 2017-01-26 23:18 - 2015-11-10 09:36 - 00017008 _____ C:\WINDOWS\system32\ampa.sys 2017-01-26 16:40 - 2017-01-26 16:42 - 00000000 ____D C:\Users\axioo\Desktop\AOMEI Partition Assistant v6.0 FINAL + Serials [TechTools.NET] 2017-01-19 01:15 - 2015-07-10 10:34 - 00001324 _____ C:\WINDOWS\system32\WinToAnd.lnk 2017-01-19 01:15 - 2014-12-26 16:42 - 00336224 _____ (TODO: ) C:\WINDOWS\system32\WinToAnd.exe 2017-01-18 11:48 - 2017-01-18 11:48 - 00000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat 2017-01-18 10:35 - 2017-01-18 10:35 - 00000000 ____D C:\Users\axioo\AppData\Local\NetworkTiles 2017-01-18 10:35 - 2017-01-18 10:35 - 00000000 ____D C:\Users\axioo\AppData\Local\Comms 2017-01-18 10:32 - 2017-01-18 10:32 - 00000000 ____D C:\Users\axioo\AppData\Roaming\Skype 2017-01-18 10:28 - 2017-01-27 00:25 - 00000000 ___RD C:\Users\axioo\OneDrive 2017-01-18 10:27 - 2017-01-18 10:27 - 00000000 ____D C:\Users\axioo\AppData\Local\ActiveSync 2017-01-18 10:26 - 2017-02-01 12:47 - 00000000 __SHD C:\Users\axioo\IntelGraphicsProfiles 2017-01-18 10:26 - 2017-01-31 13:42 - 00000000 ____D C:\Users\axioo\AppData\Local\VirtualStore 2017-01-18 10:26 - 2017-01-30 12:19 - 00000000 ____D C:\Users\axioo 2017-01-18 10:26 - 2017-01-30 09:24 - 00000000 ____D C:\Users\axioo\AppData\Roaming\Adobe 2017-01-18 10:26 - 2017-01-29 23:46 - 00000000 ____D C:\Users\axioo\AppData\Local\Packages 2017-01-18 10:26 - 2017-01-18 10:26 - 00000020 ___SH C:\Users\axioo\ntuser.ini 2017-01-18 10:26 - 2017-01-18 10:26 - 00000000 ____D C:\Users\axioo\AppData\Local\TileDataLayer 2017-01-18 10:26 - 2017-01-18 10:26 - 00000000 ____D C:\Users\axioo\AppData\Local\Publishers 2017-01-18 10:25 - 2017-01-18 10:25 - 00000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-02-01 12:47 - 2016-01-20 06:47 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-02-01 12:47 - 2015-10-30 12:13 - 00262144 ___SH C:\WINDOWS\system32\config\BBI 2017-02-01 11:11 - 2016-01-20 06:55 - 00835836 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-02-01 11:11 - 2015-10-30 12:47 - 00000000 ____D C:\WINDOWS\INF 2017-02-01 09:29 - 2015-10-30 12:48 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy 2017-02-01 08:02 - 2016-01-20 06:43 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2017-01-31 09:34 - 2015-10-30 12:48 - 00000000 ____D C:\WINDOWS\system32\NDF 2017-01-31 09:24 - 2015-10-30 12:39 - 00000000 ____D C:\WINDOWS\CbsTemp 2017-01-30 10:17 - 2015-10-30 12:48 - 00000000 ____D C:\WINDOWS\LiveKernelReports 2017-01-30 07:59 - 2016-01-20 06:43 - 00265544 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2017-01-29 23:57 - 2015-10-30 12:48 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2017-01-29 23:55 - 2015-10-30 12:48 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2017-01-29 23:50 - 2015-10-30 13:47 - 00000000 ____D C:\WINDOWS\ShellNew 2017-01-29 23:46 - 2015-10-30 12:48 - 00000000 ____D C:\WINDOWS\AppReadiness 2017-01-27 00:20 - 2016-01-20 06:43 - 00067584 ____S C:\WINDOWS\bootstat2.dat 2017-01-26 14:56 - 2015-10-30 12:48 - 00000000 ____D C:\WINDOWS\AppCompat 2017-01-26 12:46 - 2015-10-30 12:48 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase 2017-01-19 01:15 - 2015-10-30 12:48 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template 2017-01-19 01:15 - 2014-11-27 17:06 - 00000000 ____D C:\SMT 2017-01-19 01:15 - 2014-11-27 17:06 - 00000000 ____D C:\Customer 2017-01-18 10:26 - 2016-01-20 06:48 - 00000000 __RHD C:\Users\Public\AccountPictures 2017-01-18 10:25 - 2015-10-30 12:48 - 00000000 ____D C:\WINDOWS\rescache 2017-01-18 10:23 - 2016-01-20 14:42 - 00000000 ____D C:\WINDOWS\Panther 2017-01-18 10:23 - 2015-10-30 12:13 - 00000000 ____D C:\WINDOWS\system32\Sysprep 2017-01-18 10:17 - 2016-01-20 06:58 - 00000000 ____D C:\Program Files\Common Files\Intel Some files in TEMP: ==================== 2017-02-01 08:41 - 2016-01-26 10:47 - 1539744 _____ (Microsoft Corporation) C:\Users\axioo\AppData\Local\Temp\dllnt_dump.dll 2017-01-31 11:32 - 2017-02-01 12:51 - 0909312 _____ () C:\Users\axioo\AppData\Local\Temp\HitmanPro.exe 2017-01-30 12:38 - 2017-01-30 12:38 - 0921440 _____ (Microsoft Corporation) C:\Users\axioo\AppData\Local\Temp\PidGenX.dll 2017-01-31 07:45 - 2017-01-31 07:45 - 0609840 _____ (Flexera Software LLC ) C:\Users\axioo\AppData\Local\Temp\wVx4rt.exe 2016-08-24 15:34 - 2016-08-24 15:34 - 516440432 _____ () C:\Users\axioo\AppData\Local\Temp\_setup.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-01-20 06:43 ==================== End of FRST.txt ============================