Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-08-2017 Ran by Bosscoe (administrator) on BOSSCOE-PC (09-08-2017 10:42:35) Running from F:\Firefox Downloads\Firefox Downloads Loaded Profiles: Bosscoe (Available Profiles: Bosscoe & Administrator) Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe () C:\Windows\DAODx.exe (arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Akamai Technologies, Inc.) C:\Users\Bosscoe\AppData\Local\Akamai\netsession_win.exe (Clarus, Inc.) C:\Program Files (x86)\Clarus\Samsung Auto Backup\ISFGuage.exe (Clarus, Inc.) C:\Program Files (x86)\Clarus\Samsung Auto Backup\ISFRealTimeD.exe (Clarus, Inc.) C:\Program Files (x86)\Clarus\Samsung Auto Backup\ISFTimerD.exe (Akamai Technologies, Inc.) C:\Users\Bosscoe\AppData\Local\Akamai\netsession_win.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Piriform Ltd) C:\Program Files\Speccy\Speccy64.exe (Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation) HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2369536 2010-03-15] (VIA) HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation) HKU\S-1-5-21-1337583389-873375944-2258466276-1000\...\Run: [ctfmon.exe] => C:\WINDOWS\system32\ctfmon.exe [9728 2009-07-14] (Microsoft Corporation) HKU\S-1-5-21-1337583389-873375944-2258466276-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8641240 2016-02-13] (Piriform Ltd) HKU\S-1-5-21-1337583389-873375944-2258466276-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Bosscoe\AppData\Local\Akamai\netsession_win.exe [4490200 2017-01-03] (Akamai Technologies, Inc.) HKU\S-1-5-21-1337583389-873375944-2258466276-1000\...\Policies\Explorer: [HideSCAHealth] 1 HKU\S-1-5-21-1337583389-873375944-2258466276-1000\...\MountPoints2: E - E:\Setup.exe HKU\S-1-5-21-1337583389-873375944-2258466276-1000\...\MountPoints2: G - G:\Setup.exe HKU\S-1-5-21-1337583389-873375944-2258466276-1000\...\MountPoints2: {7723796b-f524-11e0-aa52-20cf30e261e8} - N:\Setup.exe HKU\S-1-5-21-1337583389-873375944-2258466276-1000\...\MountPoints2: {7b486a9d-b8fd-11e2-99c7-20cf30e261e8} - E:\setup.exe HKU\S-1-5-21-1337583389-873375944-2258466276-1000\...\MountPoints2: {870825a6-dcd9-11e4-b906-20cf30e261e8} - E:\Startme.exe HKU\S-1-5-21-1337583389-873375944-2258466276-1000\...\MountPoints2: {87f80a16-0df7-11e1-9476-20cf30e261e8} - G:\Setup.exe AppInit_DLLs: C:\Users\Bosscoe\AppData\Local\Linkey\IEEXTE~1\iedll64.dll => No File AppInit_DLLs-x32: C:\Users\Bosscoe\AppData\Local\Linkey\IEEXTE~1\iedll.dll => No File AppInit_DLLs-x32: bitguard\261694~1.246\{c16c1~1\bitguard.dll => No File Startup: C:\Users\Bosscoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Guage.lnk [2016-06-29] ShortcutTarget: Samsung Auto Backup Guage.lnk -> C:\Program Files (x86)\Clarus\Samsung Auto Backup\ISFGuage.exe (Clarus, Inc.) Startup: C:\Users\Bosscoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Real-Time Daemon.lnk [2016-06-29] ShortcutTarget: Samsung Auto Backup Real-Time Daemon.lnk -> C:\Program Files (x86)\Clarus\Samsung Auto Backup\ISFRealTimeD.exe (Clarus, Inc.) Startup: C:\Users\Bosscoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Auto Backup Scheduler.lnk [2016-06-29] ShortcutTarget: Samsung Auto Backup Scheduler.lnk -> C:\Program Files (x86)\Clarus\Samsung Auto Backup\ISFTimerD.exe (Clarus, Inc.) GroupPolicy: Restriction <==== ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{34f61d3e-7cc2-4773-873b-aefd03d115c8} <==== ATTENTION (Restriction - IP) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 10.0.0.138 Tcpip\..\Interfaces\{984FF24D-20C0-4F06-B76A-38C258B5BEB5}: [DhcpNameServer] 10.0.0.138 Internet Explorer: ================== SearchScopes: HKLM -> DefaultScope value is missing SearchScopes: HKLM-x32 -> DefaultScope value is missing SearchScopes: HKU\S-1-5-21-1337583389-873375944-2258466276-1000 -> DefaultScope {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = hxxps://www.google.com.au/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-1337583389-873375944-2258466276-1000 -> ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} SearchScopes: HKU\S-1-5-21-1337583389-873375944-2258466276-1000 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = hxxps://www.google.com.au/search?q={searchTerms} BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH) BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2012-08-21] (RealPlayer) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-21] (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2010-11-10] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-21] (Oracle Corporation) BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - No File Handler: WSIEChrome - {6D02ED5F-FD0D-4C4C - No File FireFox: ======== FF ProfilePath: C:\Users\Bosscoe\AppData\Roaming\Mozilla\Firefox\Profiles\ez7r6wgt.default-1488856787929 [2017-08-09] FF Extension: (AdBlocker Ultimate) - C:\Users\Bosscoe\AppData\Roaming\Mozilla\Firefox\Profiles\ez7r6wgt.default-1488856787929\Extensions\adblockultimate@adblockultimate.net.xpi [2017-05-29] FF Extension: (YouTube mp3) - C:\Users\Bosscoe\AppData\Roaming\Mozilla\Firefox\Profiles\ez7r6wgt.default-1488856787929\Extensions\info@youtube-mp3.org.xpi [2017-03-07] FF Extension: (Places Maintenance) - C:\Users\Bosscoe\AppData\Roaming\Mozilla\Firefox\Profiles\ez7r6wgt.default-1488856787929\Extensions\places-maintenance@bonardo.net.xpi [2017-06-03] FF Extension: (Video DownloadHelper) - C:\Users\Bosscoe\AppData\Roaming\Mozilla\Firefox\Profiles\ez7r6wgt.default-1488856787929\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-05-09] FF Extension: (Fasterfox) - C:\Users\Bosscoe\AppData\Roaming\Mozilla\Firefox\Profiles\ez7r6wgt.default-1488856787929\Extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi [2017-03-07] FF Extension: (Adblock Plus) - C:\Users\Bosscoe\AppData\Roaming\Mozilla\Firefox\Profiles\ez7r6wgt.default-1488856787929\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-06-08] FF Extension: (YouTube Flash Video Player) - C:\Users\Bosscoe\AppData\Roaming\Mozilla\Firefox\Profiles\ez7r6wgt.default-1488856787929\Extensions\{f3bd3dd2-2888-44c5-91a2-2caeb33fb898}.xpi [2017-06-21] FF Extension: (TLS 1.3 Compatibility Testing of Middleboxes) - C:\Users\Bosscoe\AppData\Roaming\Mozilla\Firefox\Profiles\ez7r6wgt.default-1488856787929\features\{695f32f9-9962-44ba-83fc-2fe6b4983610}\tls13-middlebox@mozilla.org.xpi [2017-07-23] FF Extension: (Click-to-Play staged rollout) - C:\Program Files (x86)\Mozilla Firefox\browser\features\clicktoplay-rollout@mozilla.org.xpi [2017-08-05] [not signed] FF Extension: (Follow-on Search Telemetry) - C:\Program Files (x86)\Mozilla Firefox\browser\features\followonsearch@mozilla.com.xpi [2017-08-05] [not signed] FF Extension: (Shield Recipe Client) - C:\Program Files (x86)\Mozilla Firefox\browser\features\shield-recipe-client@mozilla.org.xpi [2017-08-05] [not signed] FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF Extension: (RealPlayer Browser Record Plugin) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013-09-30] [not signed] FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll [No File] FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [No File] FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [No File] FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\Windows\system32\npDeployJava1.dll [2012-06-25] (Oracle Corporation) FF Plugin-x32: @esn/esnlaunch,version=2.1.7 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll [No File] FF Plugin-x32: @esn/npbattlelog,version=2.3.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll [No File] FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll [No File] FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [No File] FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-21] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-21] (Oracle Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-06-28] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-06-28] (NVIDIA Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File] FF Plugin-x32: @real.com/nppl3260;version=15.0.6.14 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2012-08-21] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll [2012-08-21] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-08-21] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-08-21] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=15.0.6.14 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2012-08-21] (RealPlayer) FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2017-04-05] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll [2012-08-21] (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2013-11-13] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2013-11-13] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2013-11-13] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2013-11-13] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2013-11-13] (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprjplug.dll [2012-08-21] (RealNetworks, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [2012-08-21] (RealPlayer) Chrome: ======= CHR HKU\S-1-5-21-1337583389-873375944-2258466276-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hegneaniplmfjcmohoclabblbahcbjoe] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [bkdegagmpemadclljncealhmmkojfoam] - C:\ProgramData\Wondershare\Player\Player@Wondershare.com.crx CHR HKLM-x32\...\Chrome\Extension: [hegneaniplmfjcmohoclabblbahcbjoe] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2011-07-20] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-11-05] (Advanced Micro Devices, Inc.) [File not signed] R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2625368 2017-06-13] (ESET) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] R2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2012-12-21] (Nalpeiron Ltd.) [File not signed] R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-06-21] (NVIDIA Corporation) S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-06-21] (NVIDIA Corporation) R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-06-28] (NVIDIA Corporation) R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [450168 2017-06-21] (NVIDIA Corporation) S4 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-06-21] () S4 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-02-20] () R2 PSI_SVC_2; C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (arvato digital services llc) R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2014-04-30] (arvato digital services llc) S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] S4 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [36504 2017-08-05] (VIA Technologies, Inc.) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 amdide64; C:\Windows\System32\DRIVERS\amdide64.sys [11944 2017-08-05] (Advanced Micro Devices Inc.) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [132824 2017-06-22] (ESET) R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [107344 2017-05-04] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [178056 2017-05-04] (ESET) R1 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [77224 2017-05-04] (ESET) S3 LGJoyXlCore; C:\Windows\System32\drivers\LGJoyXlCore.sys [67736 2017-04-06] (Logitech Inc.) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] () S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [23040 2013-08-06] (Apple Inc.) [File not signed] S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-06-21] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [48248 2017-06-21] (NVIDIA Corporation) R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [76840 2017-04-01] (NVIDIA Corporation) S3 SaiK0CCC; C:\Windows\System32\DRIVERS\SaiK0CCC.sys [171016 2010-04-29] (Saitek) S3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [22664 2010-04-24] (Saitek) S3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [49928 2010-04-24] (Saitek) S3 SaiU0CCC; C:\Windows\System32\DRIVERS\SaiU0CCC.sys [41096 2010-04-29] (Saitek) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-06-17] (Apple, Inc.) [File not signed] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-08-09 10:33 - 2017-08-09 10:33 - 000040944 _____ C:\Users\Bosscoe\Desktop\BOSSCOE-PC.txt 2017-08-09 09:35 - 2017-08-09 09:35 - 000011164 _____ C:\Users\Bosscoe\Desktop\BOSSCOE-PC.speccy 2017-08-09 03:03 - 2017-08-09 03:03 - 000003240 ____N C:\bootsqm.dat 2017-08-09 02:26 - 2017-08-09 02:26 - 000000000 ____D C:\Users\Bosscoe\AppData\Local\ElevatedDiagnostics 2017-08-09 02:11 - 2017-08-09 10:21 - 000214596 _____ C:\Windows\ntbtlog.txt 2017-08-08 11:31 - 2017-08-08 11:31 - 000000404 _____ C:\Windows\Tasks\RunAsStdUser Task.job 2017-08-08 11:28 - 2017-08-08 11:31 - 000000264 _____ C:\Windows\Tasks\Driver Booster SkipUAC (Bosscoe).job 2017-08-08 10:48 - 2017-08-08 10:48 - 000000000 ____D C:\Program Files (x86)\Realtek 2017-08-08 00:57 - 2017-08-08 00:57 - 000000000 ___DC C:\SWTOOLS 2017-08-07 21:34 - 2017-08-07 21:34 - 000000000 ____D C:\Users\Administrator\AppData\Local\ElevatedDiagnostics 2017-08-07 15:56 - 2017-08-07 15:56 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\Adobe 2017-08-07 15:56 - 2017-08-07 15:56 - 000000000 ____D C:\Users\Administrator\AppData\Local\CEF 2017-08-07 15:56 - 2017-08-07 15:56 - 000000000 ____D C:\Users\Administrator\AppData\Local\Adobe 2017-08-07 15:41 - 2017-08-07 15:42 - 000000000 ___DC C:\a24006d765b9ff9d0ba277 2017-08-07 14:41 - 2017-08-07 14:41 - 000000000 ____D C:\Users\Bosscoe\AppData\Roaming\onOne Software 2017-08-07 14:12 - 2017-08-07 23:12 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\Mozilla 2017-08-07 14:12 - 2017-08-07 14:16 - 000000000 ____D C:\Users\Administrator\AppData\Local\Mozilla 2017-08-07 14:12 - 2017-08-07 14:12 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Mozilla 2017-08-07 14:07 - 2017-08-07 14:08 - 000000000 ___DC C:\332a81b2397d755966377e88 2017-08-07 10:16 - 2017-08-07 10:16 - 000000000 ____D C:\Users\Bosscoe\AppData\Roaming\SUPERAntiSpyware.com 2017-08-06 10:56 - 2010-11-20 23:24 - 000443820 ____C C:\Windows\system32\advapi32.amx 2017-08-06 10:56 - 2010-11-20 23:24 - 000342524 ____C C:\Windows\system32\user32.amx 2017-08-06 10:56 - 2009-07-13 21:52 - 000339536 ____C (Adaptec, Inc.) C:\Windows\system32\adpahci.sys 2017-08-06 01:39 - 2017-08-09 10:42 - 000000000 ___DC C:\FRST 2017-08-06 00:50 - 2017-08-06 00:50 - 000000000 ____D C:\Program Files\AMD 2017-08-06 00:17 - 2017-08-06 00:25 - 000333174 _____ C:\Users\Bosscoe\sfcdetails.txt 2017-08-05 21:52 - 2017-08-05 21:52 - 000226696 _____ (Renesas Electronics Corporation) C:\Windows\system32\Drivers\nusb3xhc.sys 2017-08-05 21:52 - 2017-08-05 21:52 - 000081920 _____ (Renesas Electronics Corporation) C:\Windows\system32\nusb3co3.dll 2017-08-05 21:51 - 2017-08-05 21:51 - 000011944 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\Drivers\amdide64.sys 2017-08-05 21:48 - 2017-08-05 21:48 - 003309264 _____ (VIA Technologies, Inc.) C:\Windows\system32\VIAPropPageExt.dll 2017-08-05 21:48 - 2017-08-05 21:48 - 002027192 _____ (Creative Technology Ltd.) C:\Windows\system32\VMAPO264.DLL 2017-08-05 21:48 - 2017-08-05 21:48 - 002012496 _____ (VIA Technologies, Inc.) C:\Windows\system32\ViaMicArrayAPO.dll 2017-08-05 21:48 - 2017-08-05 21:48 - 001752904 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\VMAPO232.DLL 2017-08-05 21:48 - 2017-08-05 21:48 - 001194360 _____ (VIA Technologies, Inc.) C:\Windows\system32\VIASysFx.dll 2017-08-05 21:48 - 2017-08-05 21:48 - 001180496 _____ (VIA Technologies, Inc.) C:\Windows\system32\ViaKaraokeApo.dll 2017-08-05 21:48 - 2017-08-05 21:48 - 000896344 _____ (Creative Technology Ltd.) C:\Windows\system32\VMAPO64.DLL 2017-08-05 21:48 - 2017-08-05 21:48 - 000754760 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\VMAPO32.DLL 2017-08-05 21:48 - 2017-08-05 21:48 - 000700624 _____ (VIA Technologies, Inc.) C:\Windows\system32\Drivers\viahduaa.sys 2017-08-05 21:48 - 2017-08-05 21:48 - 000633904 _____ (Creative Technology Ltd.) C:\Windows\system32\VMTHX64.DLL 2017-08-05 21:48 - 2017-08-05 21:48 - 000568312 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\VMTHX32.DLL 2017-08-05 21:48 - 2017-08-05 21:48 - 000400504 _____ (Creative Technology Ltd.) C:\Windows\system32\VMWRP64.DLL 2017-08-05 21:48 - 2017-08-05 21:48 - 000132248 _____ (VIA Technologies,Inc.) C:\Windows\system32\ViaKaraokePropPageExt.dll 2017-08-05 21:48 - 2017-08-05 21:48 - 000104088 _____ (VIA Technologies,Inc.) C:\Windows\system32\ViaMicArrayPropPageExt.dll 2017-08-05 21:48 - 2017-08-05 21:48 - 000080400 _____ (Windows (R) Codename Longhorn DDK provider) C:\Windows\system32\VtSrdAPO.dll 2017-08-05 21:48 - 2017-08-05 21:48 - 000067280 _____ (Creative Technology Ltd.) C:\Windows\system32\VMPPLD64.DLL 2017-08-05 21:48 - 2017-08-05 21:48 - 000064152 _____ (TODO: ) C:\Windows\system32\PropPageExt.dll 2017-08-05 21:48 - 2017-08-05 21:48 - 000063144 _____ (Creative Technology Ltd.) C:\Windows\system32\VMPPCN64.DLL 2017-08-05 21:48 - 2017-08-05 21:48 - 000042192 _____ (Creative Technology Ltd.) C:\Windows\system32\Drivers\VMfilt64.sys 2017-08-05 21:48 - 2017-08-05 21:48 - 000036504 _____ (VIA Technologies, Inc.) C:\Windows\system32\ViakaraokeSrv.exe 2017-08-05 21:48 - 2017-08-05 21:48 - 000000000 ____D C:\Program Files\VIA 2017-08-05 21:43 - 2017-08-08 11:35 - 000000000 ____D C:\ProgramData\ProductData 2017-08-05 21:43 - 2017-08-05 21:44 - 000000000 ____D C:\Users\Bosscoe\AppData\LocalLow\IObit 2017-08-05 21:43 - 2017-08-05 21:43 - 000000000 ____D C:\Windows\IObit 2017-08-05 21:43 - 2017-08-05 21:43 - 000000000 ____D C:\ProgramData\IObit 2017-08-05 21:42 - 2017-08-05 21:42 - 000000000 ____D C:\Users\Bosscoe\AppData\Roaming\IObit 2017-08-05 19:39 - 2017-08-05 19:39 - 000000000 ___DC C:\2f9bcd65ecbfcb205fc6ddb90960d09d 2017-08-05 19:24 - 2017-08-05 19:24 - 000000000 ___DC C:\f425e64feb63f30ba90e2b0188 2017-08-04 09:27 - 2017-08-04 09:27 - 000007511 ____C C:\VEWapplication.txt 2017-08-04 02:39 - 2010-11-21 13:23 - 000038912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\CompositeBus.sys 2017-08-04 01:54 - 2017-08-04 01:54 - 000000000 ____D C:\Users\Bosscoe\AppData\LocalLow\uTorrent 2017-08-04 00:44 - 2017-08-04 00:44 - 000000000 ____D C:\Program Files (x86)\EaseUS 2017-08-04 00:22 - 2017-08-04 00:24 - 000012901 ____C C:\junk.txt 2017-08-03 21:58 - 2017-08-04 09:39 - 000007511 ____C C:\VEW.txt 2017-08-02 17:02 - 2017-08-07 13:08 - 000000000 ___DC C:\SFCFix 2017-08-02 16:49 - 2017-08-07 13:08 - 000000000 ____D C:\Users\Bosscoe\AppData\Local\niemiro 2017-08-02 16:02 - 2017-08-02 23:32 - 000000400 __RSH C:\ProgramData\ntuser.pol 2017-08-01 18:30 - 2017-08-01 19:21 - 000000000 ____D C:\Users\Bosscoe\AppData\Roaming\.minecraft 2017-07-31 12:00 - 2017-08-04 09:27 - 000000271 _____ C:\Users\Bosscoe\Desktop\to do list.txt 2017-07-29 00:42 - 2017-07-29 00:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET 2017-07-29 00:42 - 2017-07-29 00:42 - 000000000 ____D C:\ProgramData\ESET 2017-07-29 00:42 - 2017-07-29 00:42 - 000000000 ____D C:\Program Files\ESET 2017-07-27 01:25 - 2017-07-27 01:25 - 000000000 ____D C:\Users\Bosscoe\AppData\Local\MultiPlayerManager 2017-07-25 17:50 - 2017-07-25 17:50 - 000000045 _____ C:\Users\Bosscoe\nuuid.ini 2017-07-25 17:50 - 2017-07-25 17:50 - 000000041 _____ C:\Users\Bosscoe\inst.ini 2017-07-25 17:50 - 2017-07-25 17:50 - 000000000 ____D C:\Users\Bosscoe\Nox_share 2017-07-25 17:48 - 2017-08-01 21:32 - 000000000 ____D C:\Users\Bosscoe\vmlogs 2017-07-25 17:46 - 2017-08-02 11:15 - 000000000 ____D C:\Users\Bosscoe\AppData\Roaming\Microsoft\Windows\Start Menu\Nox 2017-07-25 17:45 - 2017-08-01 21:32 - 000000000 ____D C:\Users\Bosscoe\.BigNox 2017-07-25 17:44 - 2017-07-25 17:44 - 000000000 ____D C:\Users\Bosscoe\New folder 2017-07-25 17:43 - 2017-08-02 10:49 - 000000000 ____D C:\Users\Bosscoe\AppData\Local\Nox 2017-07-23 20:22 - 2017-07-23 20:25 - 000000000 ____D C:\Users\Bosscoe\AppData\Local\BlueStacksFriends 2017-07-23 20:22 - 2017-07-23 20:22 - 000000000 ____D C:\Users\Bosscoe\AppData\Roaming\BlueStacksFriends 2017-07-23 18:42 - 2017-07-23 20:26 - 000000000 ____D C:\Users\Bosscoe\AppData\Local\Bluestacks 2017-07-19 16:00 - 2017-07-19 17:01 - 000000000 ____D C:\ProgramData\SQL Anywhere 16 2017-07-19 15:56 - 2017-07-20 00:29 - 000000000 ____D C:\Users\Bosscoe\AppData\Local\Intuit 2017-07-19 15:56 - 2017-07-19 15:56 - 000000000 ____D C:\Users\Bosscoe\AppData\Roaming\SQL Anywhere 16 2017-07-19 15:42 - 2012-01-05 13:43 - 004218880 _____ (Amyuni Technologies hxxp://www.amyuni.com) C:\Windows\SysWOW64\cdintf400.dll 2017-07-19 15:38 - 2017-08-08 09:47 - 000000000 ____D C:\ProgramData\Intuit 2017-07-19 15:37 - 2017-08-08 09:48 - 000000094 _____ C:\Windows\QBChanUtil_Trigger.ini 2017-07-19 15:02 - 2017-07-19 15:02 - 000000000 ____D C:\Windows\Intuit 2017-07-11 19:57 - 2017-07-11 19:57 - 000000000 ____D C:\Users\Bosscoe\Documents\My Games 2017-07-11 16:51 - 2017-07-11 16:51 - 000000202 _____ C:\Users\Bosscoe\Desktop\Rocket League.url ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-08-09 10:37 - 2009-07-14 14:45 - 000033296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-08-09 10:37 - 2009-07-14 14:45 - 000033296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-08-09 10:34 - 2011-02-25 11:14 - 000000000 ____D C:\Users\Bosscoe\AppData\Roaming\vlc 2017-08-09 10:32 - 2015-03-06 14:10 - 000000000 ____D C:\ProgramData\NVIDIA 2017-08-09 10:28 - 2009-07-14 15:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-08-09 09:32 - 2014-03-02 16:59 - 001902592 ___SH C:\Users\Bosscoe\Desktop\Thumbs.db 2017-08-09 02:20 - 2009-07-14 13:20 - 000000000 ____D C:\Windows\inf 2017-08-09 02:04 - 2009-07-14 15:08 - 000032602 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2017-08-09 01:39 - 2012-12-07 01:37 - 000000000 ____D C:\ProgramData\TuneUp Software 2017-08-09 01:34 - 2016-11-17 23:47 - 000000000 ____D C:\Program Files\Common Files\Topaz Labs 2017-08-09 01:33 - 2016-11-17 23:47 - 000000000 ____D C:\Users\Bosscoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Topaz Labs 2017-08-09 01:18 - 2013-10-02 14:31 - 000000000 ____D C:\ProgramData\Package Cache 2017-08-09 01:17 - 2009-07-14 15:13 - 000803590 _____ C:\Windows\system32\PerfStringBackup.INI 2017-08-08 22:45 - 2016-12-12 21:46 - 000003144 _____ C:\Windows\System32\Tasks\CorelUpdateHelperTask 2017-08-08 13:34 - 2016-11-18 13:01 - 000000000 ____D C:\Users\Bosscoe\AppData\LocalLow\Mozilla 2017-08-08 11:31 - 2011-06-13 21:46 - 000000000 ____D C:\Windows\pss 2017-08-08 10:48 - 2011-02-20 13:35 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2017-08-08 10:20 - 2011-02-22 16:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vicon 2017-08-08 10:14 - 2012-03-19 12:38 - 000000000 ___RD C:\Users\Bosscoe\Desktop\DJ 2017-08-08 10:14 - 2011-02-20 13:49 - 000000000 ___RD C:\Users\Bosscoe\Desktop\Design Software 2017-08-08 09:55 - 2011-02-21 00:22 - 000448560 _____ C:\Users\Bosscoe\AppData\Local\GDIPFONTCACHEV1.DAT 2017-08-08 09:52 - 2009-07-14 14:45 - 005934512 _____ C:\Windows\system32\FNTCACHE.DAT 2017-08-08 09:47 - 2012-08-06 00:56 - 000000000 ____D C:\ProgramData\Nuance 2017-08-07 23:36 - 2011-11-05 00:31 - 000000000 ____D C:\Program Files\Speccy 2017-08-07 15:56 - 2015-04-14 16:38 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe 2017-08-07 14:36 - 2011-02-20 13:48 - 000000000 ___RD C:\Users\Bosscoe\Desktop\Desktop Programs 2017-08-07 14:32 - 2011-12-17 22:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony 2017-08-07 14:32 - 2011-02-20 14:15 - 000000000 ____D C:\ProgramData\Sony 2017-08-07 14:32 - 2011-02-20 14:15 - 000000000 ____D C:\Program Files (x86)\Sony 2017-08-07 14:25 - 2011-02-23 00:27 - 000000000 ____D C:\Program Files (x86)\K-Lite Codec Pack 2017-08-07 14:24 - 2011-10-26 00:02 - 000000000 ____D C:\Windows\system32\Macromed 2017-08-07 14:24 - 2011-02-20 13:56 - 000000000 ____D C:\Windows\SysWOW64\Macromed 2017-08-07 14:23 - 2011-02-20 14:53 - 000000000 ____D C:\Windows\SysWOW64\Adobe 2017-08-07 14:19 - 2015-03-05 15:47 - 000000000 ___DC C:\Temp 2017-08-06 22:02 - 2009-07-14 13:20 - 000000000 ____D C:\Windows\SysWOW64\manifeststore 2017-08-06 13:56 - 2015-04-14 16:36 - 000000000 ____D C:\Users\Administrator 2017-08-06 13:56 - 2009-07-14 13:20 - 000000000 ____D C:\Windows\registration 2017-08-06 11:26 - 2009-07-14 13:20 - 000000000 ____D C:\Windows\system32\manifeststore 2017-08-06 00:17 - 2011-02-20 13:25 - 000000000 ____D C:\Users\Bosscoe 2017-08-05 23:59 - 2011-11-28 14:34 - 000000000 ____D C:\Users\Bosscoe\AppData\Local\CrashDumps 2017-08-05 23:50 - 2011-02-20 13:49 - 000000000 ____D C:\ProgramData\Malwarebytes 2017-08-05 20:40 - 2017-03-26 00:08 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-08-05 20:06 - 2017-01-28 14:43 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-08-04 12:41 - 2013-12-25 19:22 - 000000000 _____ C:\Users\Bosscoe\AppData\Local\Resmon.ResmonCfg 2017-08-04 10:52 - 2016-12-20 18:58 - 000000000 ____D C:\Windows\SysWOW64\tmp 2017-08-04 10:51 - 2017-01-25 11:00 - 000000166 _____ C:\Windows\SysWOW64\osver.cmd 2017-08-04 10:51 - 2017-01-25 11:00 - 000000137 _____ C:\Windows\SysWOW64\osver.vbs 2017-08-04 10:51 - 2017-01-25 11:00 - 000000002 _____ C:\Windows\SysWOW64\64.dat 2017-08-02 15:51 - 2009-07-14 13:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy 2017-08-02 15:51 - 2009-07-14 13:20 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy 2017-08-01 21:32 - 2015-04-13 13:42 - 000000000 ____D C:\Users\Bosscoe\.android 2017-08-01 02:12 - 2017-01-25 11:09 - 000011952 _____ C:\Windows\SysWOW64\getwork.dat 2017-07-31 22:58 - 2012-04-14 04:09 - 000000132 _____ C:\Users\Bosscoe\AppData\Roaming\Adobe PNG Format CS6 Prefs 2017-07-25 01:12 - 2014-07-25 15:52 - 000000000 ____D C:\Users\Bosscoe\dwhelper 2017-07-21 22:02 - 2014-05-21 10:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAXON 2017-07-19 13:39 - 2017-05-22 09:56 - 000000000 ____D C:\ProgramData\HP 2017-07-19 13:31 - 2016-03-24 10:07 - 000000456 _____ C:\Windows\MYOBP.INI 2017-07-19 13:28 - 2016-03-24 10:07 - 000000053 _____ C:\Windows\MYOB.INI 2017-07-19 13:25 - 2016-03-24 10:05 - 000000663 _____ C:\Windows\openrda.ini 2017-07-19 13:19 - 2016-04-22 13:49 - 000000000 ____D C:\Users\Bosscoe\AppData\Local\Manager 2017-07-12 20:11 - 2015-06-01 01:33 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2017-07-12 04:06 - 2017-02-11 15:48 - 000004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2017-07-11 16:51 - 2011-02-22 13:45 - 000000000 ____D C:\Users\Bosscoe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam ==================== Files in the root of some directories ======= 2011-06-29 16:59 - 2011-06-29 16:59 - 000000132 _____ () C:\Users\Bosscoe\AppData\Roaming\Adobe GIF Format CS5 Prefs 2011-06-18 19:43 - 2015-07-31 11:30 - 000000132 _____ () C:\Users\Bosscoe\AppData\Roaming\Adobe IllExport Filter CS5 Prefs 2015-07-31 13:06 - 2017-05-29 12:15 - 000000132 _____ () C:\Users\Bosscoe\AppData\Roaming\Adobe IllExport Filter CS6 Prefs 2011-04-07 10:46 - 2015-07-27 12:28 - 000000132 _____ () C:\Users\Bosscoe\AppData\Roaming\Adobe PNG Format CS5 Prefs 2012-04-14 04:09 - 2017-07-31 22:58 - 000000132 _____ () C:\Users\Bosscoe\AppData\Roaming\Adobe PNG Format CS6 Prefs 2011-06-12 15:54 - 2011-06-12 15:54 - 000016384 _____ () C:\Users\Bosscoe\AppData\Roaming\BO Config Tool.exe 2011-06-12 15:54 - 2011-06-12 15:54 - 000058134 _____ () C:\Users\Bosscoe\AppData\Roaming\Bosscoe3SQLite3.dll 2005-07-03 04:51 - 2011-06-13 21:37 - 000875862 ____H () C:\Users\Bosscoe\AppData\Roaming\Bosscoelog.dat 2012-12-05 20:20 - 2012-12-05 20:37 - 000035630 _____ () C:\Users\Bosscoe\AppData\Roaming\net.telestream.wirecast.xml 2012-12-05 20:20 - 2012-12-05 20:20 - 000014120 _____ () C:\Users\Bosscoe\AppData\Roaming\net_telestream_wirecast_partner_AFL0681655000_brandingimage_destination.png 2012-12-05 20:20 - 2012-12-05 20:20 - 000005028 _____ () C:\Users\Bosscoe\AppData\Roaming\net_telestream_wirecast_partner_AFL0681655000_brandingimage_main.png 2012-12-05 20:20 - 2012-12-05 20:20 - 000014543 _____ () C:\Users\Bosscoe\AppData\Roaming\net_telestream_wirecast_partner_AFL9067099885_brandingimage_destination.png 2012-12-05 20:20 - 2012-12-05 20:20 - 000014186 _____ () C:\Users\Bosscoe\AppData\Roaming\net_telestream_wirecast_partner_AFL9067099885_brandingimage_main.png 2012-12-05 20:20 - 2012-12-05 20:20 - 000004755 _____ () C:\Users\Bosscoe\AppData\Roaming\net_telestream_wirecast_partner_NO_BAMBUSER_AFFILIATE_ID_brandingimage_destination.png 2012-12-05 20:20 - 2012-12-05 20:20 - 000003123 _____ () C:\Users\Bosscoe\AppData\Roaming\net_telestream_wirecast_partner_NO_DACAST_AFFILIATE_ID_brandingimage_destination.png 2012-12-05 20:20 - 2012-12-05 20:20 - 000004149 _____ () C:\Users\Bosscoe\AppData\Roaming\net_telestream_wirecast_partner_NO_HIGH_SCHOOL_CUBE_AFFIALITE_ID_brandingimage_destination.png 2012-12-05 20:20 - 2012-12-05 20:20 - 000001451 _____ () C:\Users\Bosscoe\AppData\Roaming\net_telestream_wirecast_partner_NO_SHOWCASTER_AFFILIATE_ID_brandingimage_destination.png 2012-12-05 20:20 - 2012-12-05 20:20 - 000007122 _____ () C:\Users\Bosscoe\AppData\Roaming\net_telestream_wirecast_partner_NO_STREAMING_MEDIA_HOSTING_AFFILIATE_ID_brandingimage_destination.png 2012-12-05 20:20 - 2012-12-05 20:20 - 000016966 _____ () C:\Users\Bosscoe\AppData\Roaming\net_telestream_wirecast_partner_NO_STRETCH_INTERNET_AFFIALITE_ID_brandingimage_destination.png 2011-03-01 02:12 - 2013-09-18 23:08 - 000001456 _____ () C:\Users\Bosscoe\AppData\Local\Adobe Save for Web 12.0 Prefs 2016-02-17 18:38 - 2017-03-06 13:26 - 000001456 _____ () C:\Users\Bosscoe\AppData\Local\Adobe Save for Web 13.0 Prefs 2011-03-18 16:06 - 2012-08-17 09:45 - 000084366 _____ () C:\Users\Bosscoe\AppData\Local\installer.log 2011-09-05 15:11 - 2011-09-05 15:11 - 000000000 _____ () C:\Users\Bosscoe\AppData\Local\lwui.exe 2011-09-05 15:11 - 2011-09-05 15:11 - 000000000 _____ () C:\Users\Bosscoe\AppData\Local\pvmk.exe 2016-12-02 09:33 - 2016-12-02 09:33 - 000000756 _____ () C:\Users\Bosscoe\AppData\Local\recently-used.xbel 2013-12-25 19:22 - 2017-08-04 12:41 - 000000000 _____ () C:\Users\Bosscoe\AppData\Local\Resmon.ResmonCfg 2011-09-05 15:11 - 2011-09-05 15:11 - 000000000 _____ () C:\Users\Bosscoe\AppData\Local\term.exe 2011-09-05 15:11 - 2011-09-05 15:11 - 000000000 _____ () C:\Users\Bosscoe\AppData\Local\tklr.exe 2011-09-05 15:11 - 2011-09-05 23:37 - 000010566 ___SH () C:\Users\Bosscoe\AppData\Local\u7r60td74665673edn0gf4gd1288yakn408f68d0743j3ev 2017-05-22 09:55 - 2017-05-22 09:55 - 000000057 _____ () C:\ProgramData\Ament.ini 2011-09-05 15:11 - 2011-09-05 15:11 - 000000000 _____ () C:\ProgramData\ftne.exe 2011-09-05 15:11 - 2011-09-05 15:11 - 000000000 _____ () C:\ProgramData\lllr.exe 2011-09-05 15:11 - 2011-09-05 15:11 - 000000000 _____ () C:\ProgramData\sitg.exe 2011-09-05 15:11 - 2011-09-05 23:37 - 000010566 ___SH () C:\ProgramData\u7r60td74665673edn0gf4gd1288yakn408f68d0743j3ev 2011-09-05 15:11 - 2011-09-05 15:11 - 000000000 _____ () C:\ProgramData\xtil.exe Files to move or delete: ==================== C:\ProgramData\ftne.exe C:\ProgramData\lllr.exe C:\ProgramData\sitg.exe C:\ProgramData\xtil.exe Some files in TEMP: ==================== 2017-08-09 10:31 - 2017-08-09 10:31 - 001987072 _____ (CPUID) C:\Users\Bosscoe\AppData\Local\Temp\speccycpuid.dll ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-08-08 10:40 ==================== End of FRST.txt ============================