Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer has been behaving strangely lately (Search/Indexer, User Fold

Started by menace97 , Nov 16 2016 05:56 AM
search index user folder

  • Please log in to reply

#1
menace97
Posted 16 November 2016 - 05:56 AM

menace97

    New Member

  • Member
  • Pip
  • 1 posts

First time poster here, I would very much appreciate any assistance.

 

I have been having a lot of trouble lately with my computer locking/freezing up from time to time, and for quite a while it seems that one of the major issues is the Search Indexer, which gets corrupted so often it is essentially constantly recreating the index. I do use the index for searching as I am a graphic designer with many files that I would like easy access to find at short notice. I see that many people turn off the indexing, but I don't really feel that is a good option for me.

 

One major thing I can think of that occurred a while ago, is my main user account for some reason got the user folders mixed up - for example, my name Den, is actually the user name, but also doubles as the Pictures folder, but when I go into the Pictures folder, the path does then say correctly "Den" but it is very strange, almost as if symbolic links or junctions are implemented. I didn't do this knowingly if so. I have moved most of the user folders to different locations as I have always wanted my data off of my main C drive which is an SSD.

 

Lastly I have had the odd problem occasionally installing software with JSON based apps and recently I subscribed to Adobe's Photographer's membership in which I pay to use Photoshop and Lightroom, and I haven't been able to even use either of these two applications unfortunately yet. So some strange things have been happening - so I thought before I do a clean install and start from scratch -sighs- I would love to see if there is something simple that you may be able to help me get through using my computer in it's current setup.

 

I have gone through the instructions for using FRST and I am curious/anxious to see if this fixes these issues.

 

So I will be copying and pasting as requested below (not attached as this is the preferred method I see)

 

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2016
Ran by Den (administrator) on DEN1 (16-11-2016 03:58:34)
Running from D:\Desktop
Loaded Profiles: Den (Available Profiles: Den & denni_000 & rphillips)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(UltimateOutsider) C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe
(Highresolution Enterprises) C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
(RaMMicHaeL) C:\Users\Den\AppData\Roaming\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe
(NTWind Software) C:\Program Files\WindowSpace\wspace64.exe
(NTWind Software) C:\Program Files\WindowSpace\wspace32.exe
(Flux Software LLC) C:\Users\Den\AppData\Local\FluxSoftware\Flux\flux.exe
(South Bay Software) C:\Program Files (x86)\AutoSizer\AutoSizer.exe
(hxxp://SteveMiller.net/PureText/) D:\Software\! Utilities @\Clipboard\PureText\puretext 4.0 64-bit\PureText.exe
() C:\Users\Den\AppData\Roaming\Textify\Textify.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\SnagPriv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
() C:\Program Files\ShellFolderFix\ShellFolderFixUI.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [GwxControlPanelMonitor] => C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe [4596296 2016-04-01] (UltimateOutsider)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [518424 2013-07-18] (Acronis)
HKLM\...\Run: [XMouseButtonControl] => C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe [1452056 2016-09-25] (Highresolution Enterprises)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2016-10-31] (Razer Inc.)
HKLM-x32\...\Run: [UpdReg] => C:\WINDOWS\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Sound Blaster Z-Series Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe [877056 2014-11-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1102192 2013-10-10] (Acronis International GmbH)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7805888 2014-08-19] (Acronis)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2650576 2016-11-15] (Malwarebytes Corporation)
HKU\S-1-5-21-4088299662-2556368419-2513438349-1005\...\Run: [7 Taskbar Tweaker] => C:\Users\Den\AppData\Roaming\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe [401920 2016-09-10] (RaMMicHaeL)
HKU\S-1-5-21-4088299662-2556368419-2513438349-1005\...\Run: [WindowSpace] => C:\Program Files\WindowSpace\wspace64.exe [349440 2015-08-25] (NTWind Software)
HKU\S-1-5-21-4088299662-2556368419-2513438349-1005\...\Run: [f.lux] => C:\Users\Den\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-4088299662-2556368419-2513438349-1005\...\Run: [A53195EBF4281FF5F4D7CB947584E865FECEB635._service_run] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [921192 2016-11-08] (Google Inc.)
HKU\S-1-5-21-4088299662-2556368419-2513438349-1005\...\Run: [AutoSizer] => C:\Program Files (x86)\AutoSizer\AutoSizer.exe [131072 2016-06-22] (South Bay Software)
HKU\S-1-5-21-4088299662-2556368419-2513438349-1005\...\Run: [PureText] => D:\Software\! Utilities @\Clipboard\PureText\puretext 4.0 64-bit\PureText.exe [84264 2015-11-08] (hxxp://SteveMiller.net/PureText/)
HKU\S-1-5-21-4088299662-2556368419-2513438349-1005\...\Run: [Textify] => C:\Users\Den\AppData\Roaming\Textify\Textify.exe [228352 2016-09-23] ()
HKU\S-1-5-21-4088299662-2556368419-2513438349-1005\...\Run: [Switcher] => C:\Program Files (x86)\Switcher\Switcher.exe [425984 2007-10-28] (Bao_Nguyen)
HKU\S-1-5-21-4088299662-2556368419-2513438349-1005\...\MountPoints2: {3ae92dc5-1e04-11e4-bf7f-c86000bd2703} - "K:\DTVP30_Launcher.exe" 
HKU\S-1-5-21-4088299662-2556368419-2513438349-1005\...\MountPoints2: {d9dd5e29-3aa5-11e3-8250-806e6f6e6963} - "J:\autorun.exe" 
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-10-12] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-10-12] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-10-12] (Google)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-10-01] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 10.lnk [2014-08-06]
ShortcutTarget: Snagit 10.lnk -> C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe (TechSmith Corporation)
Startup: C:\Users\Den\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2016-11-16]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Den\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShellFolderFix.lnk [2013-08-01]
ShortcutTarget: ShellFolderFix.lnk -> C:\Program Files\ShellFolderFix\ShellFolderFixUI.exe ()
GroupPolicy: Restriction <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 64.59.184.13 64.59.190.242
Tcpip\..\Interfaces\{2D465052-2557-45A3-968D-E08E97E4B2E2}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{34D952C5-045D-4CAF-971A-3B9BB6E0898A}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{34D952C5-045D-4CAF-971A-3B9BB6E0898A}: [DhcpNameServer] 64.59.184.13 64.59.190.242
 
Internet Explorer:
==================
HKU\S-1-5-21-4088299662-2556368419-2513438349-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE09&ocid=UE09DHP
HKU\S-1-5-21-4088299662-2556368419-2513438349-1005\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-ca/?pc=UE09&ocid=UE09DHP
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://qtinstall.apple.com/qtactivex/qtplugin.cab
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab
Handler: AutorunsDisabled - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: AutorunsDisabled - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-01] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "chrome://newtab/","hxxp://www.hearthhead.com/","hxxp://www.hearthpwn.com/"
CHR DefaultSearchURL: Default -> hxxps://encrypted.google.com/search?hl=en&q={searchTerms}
CHR DefaultSearchKeyword: Default -> g
CHR Profile: C:\Users\Den\AppData\Local\Google\Chrome\User Data\Default [2016-11-16]
CHR Extension: (Dewey Bookmarks) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Default\Extensions\aahpfefkmihhdabllidnlipghcjgpkdm [2016-11-15]
CHR Extension: (Google Slides) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-01]
CHR Extension: (Bookmark Favicon Changer) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Default\Extensions\acmfnomgphggonodopogfbmkneepfgnh [2016-05-29]
CHR Extension: (Xmarks Bookmark Sync) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2016-11-15]
CHR Extension: (reddit companion) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Default\Extensions\algjnflpgoopkdijmkalfcifomdhmcbe [2016-11-16]
CHR Extension: (Google Docs) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-29]
CHR Extension: (Google Drive) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-29]
CHR Extension: (Shortcuts for Google™) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Default\Extensions\baohinapilmkigilbbbcccncoljkdpnd [2016-11-16]
CHR Extension: (Adguard AdBlocker) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2016-09-29]
CHR Extension: (ColorZilla) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhlhnicpbhignbdhedgjhgdocnmhomnp [2016-09-16]
CHR Extension: (YouTube) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-29]
CHR Extension: (History 2) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Default\Extensions\cahejgbbfgmlmjgdjlibphdjeldhagkp [2016-11-01]
CHR Extension: (Find My Bookmarks) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Default\Extensions\cahmhjehomglimoklhidcfdlfmahlold [2016-05-29]
CHR Extension: (Share Extensions) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Default\Extensions\chdafcbnfkfenoeejpaeenpdamhmalhe [2016-08-19]
CHR Extension: (NoCountryRedirect (NCR)) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciboebddidackjicoeoiigdnbmchkdll [2016-06-22]
CHR Extension: (uBlock Origin) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-10-27]
CHR Extension: (Search by Image (by Google)) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2016-11-04]
CHR Extension: (Bookmark Sentry (scanner)) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkedglkmgegjehpknhbplkbfknlneomb [2016-10-22]
CHR Extension: (Session Buddy) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2016-11-15]
CHR Extension: (Google Calendar) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2016-05-29]
CHR Extension: (Google Sheets) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-09]
CHR Extension: (Bookmarks Button) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffieaadkkhencgelmgbbmkkipeocbcbg [2016-11-01]
CHR Extension: (Google Docs Offline) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-29]
CHR Extension: (Selection Search) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Default\Extensions\gipnlpdeieaidmmeaichnddnmjmcakoe [2016-06-17]
CHR Extension: (Fast Bookmark Scanner) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjcmklpilmpfhfjpebhnapnglcppdbic [2016-10-12]
CHR Extension: (Google Calendar (by Google)) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2016-08-26]
CHR Extension: (Download Plus) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Default\Extensions\gokgophibdidjjpildcdbfpmcahilaaf [2016-09-23]
CHR Extension: (Pinterest Save Button) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2016-11-01]
CHR Extension: (Settings) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgdddaddoobhekenhpjbmfdbfbgdikid [2016-11-01]
CHR Extension: (Tabs to the Front) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiembaoomcehoiehhdldabfgnmphappc [2016-05-29]
CHR Extension: (Pixlr Editor) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmaknaampgiegkcjlimdiidlhopknpk [2016-05-29]
CHR Extension: (Looper for YouTube) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Default\Extensions\iggpfpnahkgpnindfkdncknoldgnccdg [2016-07-15]
CHR Extension: (Extensions (new tab)) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Default\Extensions\iimnlpkklbehlibkphacaolndffafifk [2016-05-29]
CHR Extension: (WhatFont) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Default\Extensions\jabopobgcpjmedljpbcaablpmlmfcogm [2016-06-17]
CHR Extension: (Search the current site) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Default\Extensions\jliolpcnkmolaaecncdfeofombdekjcp [2016-10-19]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2016-10-14]
CHR Extension: (Noisli) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Default\Extensions\klejemegaoblahjdpcajmpcnjjmkmkkf [2016-09-27]
CHR Extension: (SimpleExtManager) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Default\Extensions\kniehgiejgnnpgojkdhhjbgbllnfkfdk [2016-09-13]
CHR Extension: (Color Sphere!) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Default\Extensions\knomilfbnhpkmibhmleppnkmcempglag [2016-05-29]
CHR Extension: (ChromeAbout) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Default\Extensions\lchdnjgmgkfapbhmmbnhhnnnpgceahcj [2016-11-01]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-05-29]
CHR Extension: (Google Maps) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2016-05-29]
CHR Extension: (Save to Google) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Default\Extensions\meoeeoaohbmgbocpdpnjklmfmjjagkkf [2016-07-22]
CHR Extension: (Humble New Tab Page) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfgdmpfihlmdekaclngibpjhdebndhdj [2016-06-01]
CHR Extension: (Google Drawings) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkaakpdehdafacodkgkpghoibnmamcme [2016-05-29]
CHR Extension: (Popup my Bookmarks) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Default\Extensions\mppflflkbbafeopeoeigkbbdjdbeifni [2016-05-29]
CHR Extension: (Google with Favicons) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Default\Extensions\nabghppbcmjjflfemokkgocleeclijph [2016-05-29]
CHR Extension: (Save to Pocket) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2016-11-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-29]
CHR Extension: (Hyperlink Text Selector) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojnfanikhkhoklphdcehbolcpeipbaec [2016-05-29]
CHR Extension: (Recent Bookmarks) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Default\Extensions\olndffocioplakeilhkgenfgdincjlpn [2016-05-29]
CHR Extension: (word highlight) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooabkmkhabkahcjbgpiajffckeibpdoa [2016-05-29]
CHR Extension: (Duplicate Tab Shortcut Key) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfippblampohahkkdoomekekmfbjkimg [2016-05-29]
CHR Extension: (History) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Default\Extensions\phaehjbfndonoealmdlbliedgiabmcdd [2016-11-01]
CHR Extension: (Gmail) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-29]
CHR Extension: (Chrome Media Router) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-25]
CHR Extension: (History Trends Unlimited) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnmchffiealhkdloeffcdnbgdnedheme [2016-11-01]
CHR Extension: (f*ck overlays) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppedokobpbdajgiejhnjfbdjlgobcpkp [2016-11-07]
CHR Profile: C:\Users\Den\AppData\Local\Google\Chrome\User Data\Guest Profile [2015-04-28]
CHR Profile: C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 1 [2016-11-16]
CHR Extension: (Google Docs) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-29]
CHR Extension: (Google Drive) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-29]
CHR Extension: (Adguard AdBlocker) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2016-09-27]
CHR Extension: (YouTube) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-29]
CHR Extension: (Solitaire) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpebaehgfgkcmmjjknibibbjacnplim [2016-09-23]
CHR Extension: (Find My Bookmarks) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cahmhjehomglimoklhidcfdlfmahlold [2016-05-29]
CHR Extension: (Share Extensions) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\chdafcbnfkfenoeejpaeenpdamhmalhe [2016-10-15]
CHR Extension: (NoCountryRedirect (NCR)) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ciboebddidackjicoeoiigdnbmchkdll [2016-07-17]
CHR Extension: (uBlock Origin) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-10-27]
CHR Extension: (Search by Image (by Google)) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2016-10-20]
CHR Extension: (Download Manager) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\daoidaoebhfcgccdpgjjcbdginkofmfe [2016-09-23]
CHR Extension: (Bookmark Sentry (scanner)) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dkedglkmgegjehpknhbplkbfknlneomb [2016-10-23]
CHR Extension: (Google Calendar) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2016-08-23]
CHR Extension: (Google Sheets) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-23]
CHR Extension: (Bookmarks Button) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ffieaadkkhencgelmgbbmkkipeocbcbg [2016-11-05]
CHR Extension: (Google Docs Offline) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-31]
CHR Extension: (Fast Bookmark Scanner) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gjcmklpilmpfhfjpebhnapnglcppdbic [2016-10-12]
CHR Extension: (Download Plus) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gokgophibdidjjpildcdbfpmcahilaaf [2016-09-23]
CHR Extension: (Settings) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hgdddaddoobhekenhpjbmfdbfbgdikid [2016-11-05]
CHR Extension: (Tabs to the Front) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hiembaoomcehoiehhdldabfgnmphappc [2016-05-29]
CHR Extension: (Looper for YouTube) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\iggpfpnahkgpnindfkdncknoldgnccdg [2016-07-17]
CHR Extension: (Extensions (new tab)) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\iimnlpkklbehlibkphacaolndffafifk [2016-05-29]
CHR Extension: (ChromeAbout) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lchdnjgmgkfapbhmmbnhhnnnpgceahcj [2016-11-05]
CHR Extension: (GosuGamers Chrome Extension) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lhpjniojlbdhldmiaefpmekpihnlgilj [2016-11-02]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-05-29]
CHR Extension: (Google Maps) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2016-08-23]
CHR Extension: (Humble New Tab Page) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mfgdmpfihlmdekaclngibpjhdebndhdj [2016-06-08]
CHR Extension: (Google Drawings) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mkaakpdehdafacodkgkpghoibnmamcme [2016-08-23]
CHR Extension: (Popup my Bookmarks) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mppflflkbbafeopeoeigkbbdjdbeifni [2016-05-29]
CHR Extension: (Google with Favicons) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nabghppbcmjjflfemokkgocleeclijph [2016-05-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-29]
CHR Extension: (Hyperlink Text Selector) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ojnfanikhkhoklphdcehbolcpeipbaec [2016-05-29]
CHR Extension: (Recent Bookmarks) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\olndffocioplakeilhkgenfgdincjlpn [2016-05-29]
CHR Extension: (Bookmark Manager Speed Dial 
 Papaly) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pdcohkhhjbifkmpakaiopnllnddofbbn [2016-11-09]
CHR Extension: (Duplicate Tab Shortcut Key) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pfippblampohahkkdoomekekmfbjkimg [2016-05-29]
CHR Extension: (History) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\phaehjbfndonoealmdlbliedgiabmcdd [2016-11-05]
CHR Extension: (Gmail) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-29]
CHR Extension: (Chrome Media Router) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-25]
CHR Profile: C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 2 [2016-11-16]
CHR Extension: (Google Docs) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-23]
CHR Extension: (Google Drive) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-29]
CHR Extension: (YouTube) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-29]
CHR Extension: (Find My Bookmarks) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cahmhjehomglimoklhidcfdlfmahlold [2016-05-29]
CHR Extension: (Share Extensions) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\chdafcbnfkfenoeejpaeenpdamhmalhe [2016-10-15]
CHR Extension: (OneTab) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2016-10-30]
CHR Extension: (NoCountryRedirect (NCR)) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ciboebddidackjicoeoiigdnbmchkdll [2016-08-17]
CHR Extension: (uBlock Origin) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-10-30]
CHR Extension: (Search by Image (by Google)) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2016-10-20]
CHR Extension: (Bookmark Sentry (scanner)) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\dkedglkmgegjehpknhbplkbfknlneomb [2016-10-24]
CHR Extension: (Google Calendar) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2016-08-23]
CHR Extension: (Save Image to Downloads) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\enjefpkmlibebgbbgidmhpmjhcdffhfm [2016-10-01]
CHR Extension: (Google Sheets) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-23]
CHR Extension: (Bookmarks Button) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ffieaadkkhencgelmgbbmkkipeocbcbg [2016-11-04]
CHR Extension: (Google Docs Offline) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-18]
CHR Extension: (Fast Bookmark Scanner) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gjcmklpilmpfhfjpebhnapnglcppdbic [2016-10-15]
CHR Extension: (Download Plus) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\gokgophibdidjjpildcdbfpmcahilaaf [2016-09-23]
CHR Extension: (Settings) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hgdddaddoobhekenhpjbmfdbfbgdikid [2016-11-04]
CHR Extension: (Tabs to the Front) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\hiembaoomcehoiehhdldabfgnmphappc [2016-05-29]
CHR Extension: (Looper for YouTube) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\iggpfpnahkgpnindfkdncknoldgnccdg [2016-08-17]
CHR Extension: (Extensions (new tab)) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\iimnlpkklbehlibkphacaolndffafifk [2016-05-29]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2016-10-15]
CHR Extension: (SimpleExtManager) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\kniehgiejgnnpgojkdhhjbgbllnfkfdk [2016-09-13]
CHR Extension: (ChromeAbout) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lchdnjgmgkfapbhmmbnhhnnnpgceahcj [2016-11-04]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-05-29]
CHR Extension: (Google Maps) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2016-08-23]
CHR Extension: (Humble New Tab Page) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mfgdmpfihlmdekaclngibpjhdebndhdj [2016-08-23]
CHR Extension: (Google Drawings) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mkaakpdehdafacodkgkpghoibnmamcme [2016-08-23]
CHR Extension: (Popup my Bookmarks) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\mppflflkbbafeopeoeigkbbdjdbeifni [2016-05-29]
CHR Extension: (Google with Favicons) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nabghppbcmjjflfemokkgocleeclijph [2016-05-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-29]
CHR Extension: (Hyperlink Text Selector) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ojnfanikhkhoklphdcehbolcpeipbaec [2016-08-23]
CHR Extension: (Duplicate Tab Shortcut Key) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pfippblampohahkkdoomekekmfbjkimg [2016-08-23]
CHR Extension: (History) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\phaehjbfndonoealmdlbliedgiabmcdd [2016-11-04]
CHR Extension: (Gmail) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-29]
CHR Extension: (Chrome Media Router) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-30]
CHR Profile: C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 3 [2016-11-15]
CHR Extension: (Google Docs) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-18]
CHR Extension: (Google Drive) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-18]
CHR Extension: (Adguard AdBlocker) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2016-10-15]
CHR Extension: (YouTube) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-18]
CHR Extension: (Share Extensions) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\chdafcbnfkfenoeejpaeenpdamhmalhe [2016-10-15]
CHR Extension: (NoCountryRedirect (NCR)) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ciboebddidackjicoeoiigdnbmchkdll [2016-08-23]
CHR Extension: (Binge!) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ckcalpgemnoejggbleepgmemacmgoofn [2016-08-18]
CHR Extension: (Search by Image (by Google)) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2016-10-20]
CHR Extension: (Bookmark Sentry (scanner)) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\dkedglkmgegjehpknhbplkbfknlneomb [2016-11-05]
CHR Extension: (Google Calendar) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2016-08-23]
CHR Extension: (Google Sheets) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-18]
CHR Extension: (Bookmarks Button) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ffieaadkkhencgelmgbbmkkipeocbcbg [2016-11-05]
CHR Extension: (Google Docs Offline) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-18]
CHR Extension: (Fast Bookmark Scanner) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gjcmklpilmpfhfjpebhnapnglcppdbic [2016-10-15]
CHR Extension: (Download Plus) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gokgophibdidjjpildcdbfpmcahilaaf [2016-09-23]
CHR Extension: (Settings) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\hgdddaddoobhekenhpjbmfdbfbgdikid [2016-11-05]
CHR Extension: (Tabs to the Front) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\hiembaoomcehoiehhdldabfgnmphappc [2016-08-23]
CHR Extension: (Looper for YouTube) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\iggpfpnahkgpnindfkdncknoldgnccdg [2016-08-23]
CHR Extension: (Extensions (new tab)) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\iimnlpkklbehlibkphacaolndffafifk [2016-08-23]
CHR Extension: (ChromeAbout) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\lchdnjgmgkfapbhmmbnhhnnnpgceahcj [2016-11-05]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-08-18]
CHR Extension: (Google Maps) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2016-08-23]
CHR Extension: (Humble New Tab Page) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\mfgdmpfihlmdekaclngibpjhdebndhdj [2016-08-23]
CHR Extension: (Google Drawings) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\mkaakpdehdafacodkgkpghoibnmamcme [2016-08-23]
CHR Extension: (Popup my Bookmarks) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\mppflflkbbafeopeoeigkbbdjdbeifni [2016-08-23]
CHR Extension: (Google with Favicons) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nabghppbcmjjflfemokkgocleeclijph [2016-08-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-18]
CHR Extension: (Hyperlink Text Selector) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ojnfanikhkhoklphdcehbolcpeipbaec [2016-08-23]
CHR Extension: (Duplicate Tab Shortcut Key) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pfippblampohahkkdoomekekmfbjkimg [2016-08-23]
CHR Extension: (History) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\phaehjbfndonoealmdlbliedgiabmcdd [2016-11-05]
CHR Extension: (Gmail) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-18]
CHR Extension: (Chrome Media Router) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-05]
CHR Profile: C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 4 [2016-11-15]
CHR Extension: (Google Docs) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-18]
CHR Extension: (Google Drive) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-18]
CHR Extension: (Adguard AdBlocker) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2016-10-15]
CHR Extension: (YouTube) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-18]
CHR Extension: (Share Extensions) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\chdafcbnfkfenoeejpaeenpdamhmalhe [2016-10-15]
CHR Extension: (NoCountryRedirect (NCR)) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ciboebddidackjicoeoiigdnbmchkdll [2016-08-23]
CHR Extension: (Search by Image (by Google)) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2016-10-20]
CHR Extension: (Bookmark Sentry (scanner)) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\dkedglkmgegjehpknhbplkbfknlneomb [2016-11-02]
CHR Extension: (Google Calendar) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2016-08-23]
CHR Extension: (Google Sheets) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-18]
CHR Extension: (Bookmarks Button) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ffieaadkkhencgelmgbbmkkipeocbcbg [2016-11-04]
CHR Extension: (Google Docs Offline) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-18]
CHR Extension: (Fast Bookmark Scanner) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\gjcmklpilmpfhfjpebhnapnglcppdbic [2016-10-15]
CHR Extension: (Download Plus) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\gokgophibdidjjpildcdbfpmcahilaaf [2016-09-23]
CHR Extension: (Settings) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\hgdddaddoobhekenhpjbmfdbfbgdikid [2016-11-04]
CHR Extension: (Tabs to the Front) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\hiembaoomcehoiehhdldabfgnmphappc [2016-08-23]
CHR Extension: (Looper for YouTube) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\iggpfpnahkgpnindfkdncknoldgnccdg [2016-08-23]
CHR Extension: (Extensions (new tab)) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\iimnlpkklbehlibkphacaolndffafifk [2016-08-23]
CHR Extension: (ChromeAbout) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\lchdnjgmgkfapbhmmbnhhnnnpgceahcj [2016-11-04]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-08-18]
CHR Extension: (Google Maps) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2016-08-23]
CHR Extension: (Humble New Tab Page) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\mfgdmpfihlmdekaclngibpjhdebndhdj [2016-08-23]
CHR Extension: (Google Drawings) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\mkaakpdehdafacodkgkpghoibnmamcme [2016-08-23]
CHR Extension: (Popup my Bookmarks) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\mppflflkbbafeopeoeigkbbdjdbeifni [2016-08-23]
CHR Extension: (Google with Favicons) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nabghppbcmjjflfemokkgocleeclijph [2016-08-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-18]
CHR Extension: (Hyperlink Text Selector) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\ojnfanikhkhoklphdcehbolcpeipbaec [2016-08-23]
CHR Extension: (Duplicate Tab Shortcut Key) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pfippblampohahkkdoomekekmfbjkimg [2016-08-23]
CHR Extension: (History) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\phaehjbfndonoealmdlbliedgiabmcdd [2016-11-04]
CHR Extension: (Gmail) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-18]
CHR Extension: (Chrome Media Router) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 4\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-02]
CHR Profile: C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 7 [2016-11-16]
CHR Extension: (Google Slides) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-27]
CHR Extension: (Google Docs) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-27]
CHR Extension: (Google Drive) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-27]
CHR Extension: (Adguard AdBlocker) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2016-09-27]
CHR Extension: (YouTube) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-27]
CHR Extension: (Share Extensions) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\chdafcbnfkfenoeejpaeenpdamhmalhe [2016-10-15]
CHR Extension: (NoCountryRedirect (NCR)) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\ciboebddidackjicoeoiigdnbmchkdll [2016-09-27]
CHR Extension: (uBlock Origin) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-11-01]
CHR Extension: (Search by Image (by Google)) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2016-10-20]
CHR Extension: (Bookmark Sentry (scanner)) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\dkedglkmgegjehpknhbplkbfknlneomb [2016-11-01]
CHR Extension: (Google Calendar) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2016-11-05]
CHR Extension: (Google Sheets) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-27]
CHR Extension: (Bookmarks Button) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\ffieaadkkhencgelmgbbmkkipeocbcbg [2016-11-05]
CHR Extension: (Google Docs Offline) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-29]
CHR Extension: (Fast Bookmark Scanner) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\gjcmklpilmpfhfjpebhnapnglcppdbic [2016-10-15]
CHR Extension: (Google Calendar (by Google)) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2016-11-05]
CHR Extension: (Download Plus) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\gokgophibdidjjpildcdbfpmcahilaaf [2016-09-27]
CHR Extension: (Settings) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\hgdddaddoobhekenhpjbmfdbfbgdikid [2016-11-05]
CHR Extension: (Tabs to the Front) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\hiembaoomcehoiehhdldabfgnmphappc [2016-09-27]
CHR Extension: (Looper for YouTube) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\iggpfpnahkgpnindfkdncknoldgnccdg [2016-09-27]
CHR Extension: (Extensions (new tab)) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\iimnlpkklbehlibkphacaolndffafifk [2016-09-27]
CHR Extension: (ChromeAbout) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\lchdnjgmgkfapbhmmbnhhnnnpgceahcj [2016-11-05]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-09-27]
CHR Extension: (Google Maps) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2016-11-05]
CHR Extension: (Humble New Tab Page) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\mfgdmpfihlmdekaclngibpjhdebndhdj [2016-10-15]
CHR Extension: (Popup my Bookmarks) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\mppflflkbbafeopeoeigkbbdjdbeifni [2016-09-27]
CHR Extension: (Google with Favicons) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\nabghppbcmjjflfemokkgocleeclijph [2016-09-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-27]
CHR Extension: (Hyperlink Text Selector) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\ojnfanikhkhoklphdcehbolcpeipbaec [2016-09-27]
CHR Extension: (Duplicate Tab Shortcut Key) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\pfippblampohahkkdoomekekmfbjkimg [2016-09-27]
CHR Extension: (History) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\phaehjbfndonoealmdlbliedgiabmcdd [2016-11-05]
CHR Extension: (Gmail) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-27]
CHR Extension: (Chrome Media Router) - C:\Users\Den\AppData\Local\Google\Chrome\User Data\Profile 7\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-01]
CHR Profile: C:\Users\Den\AppData\Local\Google\Chrome\User Data\System Profile [2016-11-16]
CHR HKU\S-1-5-21-4088299662-2556368419-2513438349-1005\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
S4 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
S4 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-05-01] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2012-10-08] (Creative Technology Ltd) [File not signed]
R2 CtHdaSvc; C:\WINDOWS\sysWow64\CtHdaSvc.exe [122888 2016-05-23] (Creative Technology Ltd)
S3 ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [155600 2016-11-15] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-10-25] (NVIDIA Corporation)
S3 PAExec; C:\WINDOWS\PAExec.exe [189112 2016-08-16] (Power Admin LLC)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [69744 2016-10-18] (Razer Inc.)
S4 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-24] ()
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3764472 2016-09-07] (Paramount Software UK Ltd)
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-02-20] (Razer, Inc.)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [254232 2016-08-23] (RaMMicHaeL)
S3 vmicvss; C:\WINDOWS\System32\ICSvc.dll [524800 2014-10-28] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 cthda; C:\WINDOWS\system32\drivers\cthda.sys [1074472 2016-05-23] (Creative Technology Ltd)
R3 cthdb; C:\WINDOWS\system32\DRIVERS\cthdb.sys [42792 2016-05-23] (Creative Technology Ltd)
S0 ebdrv; C:\WINDOWS\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [77408 2016-11-15] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-11-16] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 PSMounterEx; C:\Windows\system32\drivers\psmounterex.sys [168968 2015-10-12] (Windows ® Win 7 DDK provider)
R3 PSVolAcc; C:\Windows\System32\Drivers\PSVolAcc.sys [12760 2014-07-21] (Paramount Software UK Ltd)
S3 rzdaendpt; C:\WINDOWS\System32\drivers\rzdaendpt.sys [43720 2015-08-13] (Razer Inc)
R3 RzDxgk; C:\WINDOWS\system32\drivers\RzDxgk.sys [129472 2014-02-20] (Razer, Inc.)
R3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [51736 2016-06-22] (Razer Inc)
R0 RzFilter; C:\WINDOWS\System32\drivers\RzFilter.sys [74432 2014-02-20] (Razer, Inc.)
S3 rzmpos; C:\WINDOWS\System32\drivers\rzmpos.sys [34984 2013-11-14] (Razer Inc)
R2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [44144 2016-09-16] (Razer, Inc.)
R2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [137840 2016-09-07] (Razer, Inc.)
S3 rzvkeyboard; C:\WINDOWS\System32\drivers\rzvkeyboard.sys [44232 2015-08-13] (Razer Inc)
R0 tib; C:\WINDOWS\System32\DRIVERS\tib.sys [1120032 2016-06-05] (Acronis International GmbH)
S0 tib_mounter; C:\WINDOWS\System32\DRIVERS\tib_mounter.sys [198432 2016-06-05] (Acronis International GmbH)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-16 03:58 - 2016-11-16 03:58 - 00000000 ____D C:\FRST
2016-11-15 14:18 - 2016-11-15 14:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2016-11-15 12:18 - 2016-11-15 12:18 - 00353192 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-11-15 12:17 - 2016-11-05 13:46 - 00422744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2016-11-15 12:17 - 2016-10-12 14:49 - 00379224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-11-15 12:17 - 2016-10-12 14:11 - 00922968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2016-11-15 12:17 - 2016-10-11 09:45 - 00175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-11-15 12:17 - 2016-10-10 16:31 - 00990040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-11-15 12:17 - 2016-10-10 11:18 - 00069976 _____ (Microsoft Corporation) C:\WINDOWS\system32\apisetschema.dll
2016-11-15 12:17 - 2016-10-10 11:18 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cmimcext.sys
2016-11-15 12:17 - 2016-10-09 07:17 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionQueue.dll
2016-11-15 12:17 - 2016-10-09 07:08 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\shsetup.dll
2016-11-15 12:17 - 2016-10-09 07:08 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shsetup.dll
2016-11-15 12:17 - 2016-10-08 15:24 - 00658432 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-11-15 12:17 - 2016-10-08 14:31 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2016-11-15 12:17 - 2016-10-08 14:10 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-11-15 12:17 - 2016-10-05 07:01 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2016-11-15 12:17 - 2016-10-05 07:00 - 00868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2016-11-15 12:17 - 2016-10-05 07:00 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2016-11-15 12:17 - 2016-10-05 06:52 - 00513456 _____ C:\WINDOWS\SysWOW64\locale.nls
2016-11-15 12:17 - 2016-10-05 06:52 - 00513456 _____ C:\WINDOWS\system32\locale.nls
2016-11-15 12:17 - 2016-10-04 21:15 - 01969944 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-11-15 12:17 - 2016-10-04 21:15 - 01613528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-11-15 12:17 - 2016-10-04 21:15 - 00324896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2016-11-15 12:17 - 2016-10-04 21:15 - 00245320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2016-11-15 12:17 - 2016-09-27 13:16 - 00445873 _____ C:\WINDOWS\system32\ApnDatabase.xml
2016-11-15 12:17 - 2016-09-20 15:30 - 02462040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-11-14 21:25 - 2016-11-14 21:25 - 00000000 ____D C:\Users\Den\AppData\Roaming\NVIDIA
2016-11-10 23:48 - 2016-11-16 02:05 - 00000000 ____D C:\ProgramData\NVIDIA
2016-11-10 23:48 - 2016-11-10 23:48 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-11-10 23:48 - 2016-10-25 14:39 - 00215608 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2016-11-10 23:48 - 2016-10-25 14:39 - 00201664 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2016-11-10 23:48 - 2016-10-25 13:17 - 06386232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2016-11-10 23:48 - 2016-10-25 13:17 - 02475968 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2016-11-10 23:48 - 2016-10-25 13:17 - 01764408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2016-11-10 23:48 - 2016-10-25 13:17 - 00548408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2016-11-10 23:48 - 2016-10-25 13:17 - 00392128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2016-11-10 23:48 - 2016-10-25 13:17 - 00081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2016-11-10 23:48 - 2016-10-25 13:17 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2016-11-10 23:48 - 2016-10-23 23:31 - 07507695 _____ C:\WINDOWS\system32\nvcoproc.bin
2016-11-10 23:48 - 2016-09-09 11:25 - 00269600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2016-11-10 23:48 - 2016-09-09 11:25 - 00261920 _____ C:\WINDOWS\system32\vulkan-1.dll
2016-11-10 23:48 - 2016-09-09 11:25 - 00110880 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2016-11-10 23:48 - 2016-09-09 11:24 - 00125216 _____ C:\WINDOWS\system32\vulkaninfo.exe
2016-11-10 23:47 - 2016-11-10 23:48 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-11-10 23:47 - 2016-11-10 23:48 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-11-10 23:47 - 2016-11-10 23:47 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-11-10 23:47 - 2016-10-25 14:39 - 40123840 _____ C:\WINDOWS\system32\nvcompiler.dll
2016-11-10 23:47 - 2016-10-25 14:39 - 35224632 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2016-11-10 23:47 - 2016-10-25 14:39 - 34701760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2016-11-10 23:47 - 2016-10-25 14:39 - 28138552 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2016-11-10 23:47 - 2016-10-25 14:39 - 19925152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2016-11-10 23:47 - 2016-10-25 14:39 - 17429080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2016-11-10 23:47 - 2016-10-25 14:39 - 17348752 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2016-11-10 23:47 - 2016-10-25 14:39 - 14397272 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2016-11-10 23:47 - 2016-10-25 14:39 - 14033976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2016-11-10 23:47 - 2016-10-25 14:39 - 10912232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2016-11-10 23:47 - 2016-10-25 14:39 - 10773504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2016-11-10 23:47 - 2016-10-25 14:39 - 10324400 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2016-11-10 23:47 - 2016-10-25 14:39 - 09113296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2016-11-10 23:47 - 2016-10-25 14:39 - 08913512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2016-11-10 23:47 - 2016-10-25 14:39 - 08716056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2016-11-10 23:47 - 2016-10-25 14:39 - 03933968 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2016-11-10 23:47 - 2016-10-25 14:39 - 03628992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2016-11-10 23:47 - 2016-10-25 14:39 - 03473368 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2016-11-10 23:47 - 2016-10-25 14:39 - 03193912 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2016-11-10 23:47 - 2016-10-25 14:39 - 01953336 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437570.dll
2016-11-10 23:47 - 2016-10-25 14:39 - 01586744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437570.dll
2016-11-10 23:47 - 2016-10-25 14:39 - 01037248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2016-11-10 23:47 - 2016-10-25 14:39 - 00974272 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2016-11-10 23:47 - 2016-10-25 14:39 - 00945208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2016-11-10 23:47 - 2016-10-25 14:39 - 00897080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2016-11-10 23:47 - 2016-10-25 14:39 - 00894760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2016-11-10 23:47 - 2016-10-25 14:39 - 00683640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2016-11-10 23:47 - 2016-10-25 14:39 - 00572888 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2016-11-10 23:47 - 2016-10-25 14:39 - 00521096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2016-11-10 23:47 - 2016-10-25 14:39 - 00492744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2016-11-10 23:47 - 2016-10-25 14:39 - 00439864 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2016-11-10 23:47 - 2016-10-25 14:39 - 00436088 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2016-11-10 23:47 - 2016-10-25 14:39 - 00407064 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2016-11-10 23:47 - 2016-10-25 14:39 - 00388544 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2016-11-10 23:47 - 2016-10-25 14:39 - 00170688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2016-11-10 23:47 - 2016-10-25 14:39 - 00153368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2016-11-10 23:47 - 2016-10-25 14:39 - 00148200 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2016-11-10 23:47 - 2016-10-25 14:39 - 00131536 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2016-11-10 23:47 - 2016-10-25 14:39 - 00041344 _____ C:\WINDOWS\system32\nvinfo.pb
2016-11-10 23:47 - 2016-10-25 14:39 - 00000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2016-11-10 23:47 - 2016-10-25 14:39 - 00000669 _____ C:\WINDOWS\system32\nv-vk64.json
2016-11-10 07:52 - 2016-11-10 07:52 - 00000000 ____D C:\Users\Den\AppData\LocalLow\Unity
2016-11-10 07:51 - 2016-11-10 07:51 - 00000000 ____D C:\Users\Den\AppData\LocalLow\Dire Wolf Digital
2016-11-10 07:49 - 2016-11-10 07:51 - 00000000 ____D C:\TESL
2016-11-10 06:17 - 2016-11-15 09:08 - 00000000 ____D C:\Program Files (x86)\Bethesda.net Launcher
2016-11-10 06:17 - 2016-11-10 22:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks
2016-11-10 06:17 - 2016-11-10 06:18 - 00000000 ____D C:\Users\Den\AppData\Local\Bethesda.net Launcher
2016-11-08 15:52 - 2016-11-08 15:53 - 00000000 ____D C:\Users\rphillips\AppData\Local\CrashDumps
2016-11-08 15:51 - 2016-11-08 15:51 - 00000000 ____D C:\Users\rphillips\AppData\Roaming\Highresolution Enterprises
2016-11-08 14:09 - 2016-11-08 14:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Path Copy Copy
2016-11-08 14:09 - 2016-11-08 14:09 - 00000000 ____D C:\Program Files\Path Copy Copy
2016-11-08 13:26 - 2016-11-02 13:48 - 00372568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-11-08 13:26 - 2016-11-02 13:48 - 00315224 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-11-08 13:26 - 2016-11-02 07:03 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-11-08 13:26 - 2016-11-02 07:00 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-11-08 13:26 - 2016-10-27 11:53 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-11-08 13:26 - 2016-10-27 11:51 - 02896384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-11-08 13:26 - 2016-10-27 11:37 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-11-08 13:26 - 2016-10-27 11:28 - 25763328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-11-08 13:26 - 2016-10-27 11:19 - 06047744 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-11-08 13:26 - 2016-10-27 11:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-11-08 13:26 - 2016-10-27 11:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2016-11-08 13:26 - 2016-10-27 11:05 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-11-08 13:26 - 2016-10-27 10:57 - 01033216 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-11-08 13:26 - 2016-10-27 10:49 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2016-11-08 13:26 - 2016-10-27 10:47 - 00378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-11-08 13:26 - 2016-10-27 10:46 - 00806912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-11-08 13:26 - 2016-10-27 10:46 - 00725504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-11-08 13:26 - 2016-10-27 10:44 - 02131456 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-11-08 13:26 - 2016-10-27 10:17 - 15257088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-11-08 13:26 - 2016-10-27 10:16 - 02920448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-11-08 13:26 - 2016-10-27 10:03 - 01543680 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-11-08 13:26 - 2016-10-27 09:54 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-11-08 13:26 - 2016-10-27 08:05 - 20304896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-11-08 13:26 - 2016-10-25 07:11 - 04169216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-11-08 13:26 - 2016-10-22 10:35 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-11-08 13:26 - 2016-10-22 10:34 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2016-11-08 13:26 - 2016-10-22 10:27 - 02287616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-11-08 13:26 - 2016-10-22 10:21 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-11-08 13:26 - 2016-10-22 09:58 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2016-11-08 13:26 - 2016-10-22 09:57 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2016-11-08 13:26 - 2016-10-22 09:56 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-11-08 13:26 - 2016-10-22 09:51 - 00880640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-11-08 13:26 - 2016-10-22 09:46 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2016-11-08 13:26 - 2016-10-22 09:45 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-11-08 13:26 - 2016-10-22 09:45 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-11-08 13:26 - 2016-10-22 09:44 - 04608000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-11-08 13:26 - 2016-10-22 09:43 - 02055680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-11-08 13:26 - 2016-10-22 09:30 - 13654016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-11-08 13:26 - 2016-10-22 09:12 - 02444800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-11-08 13:26 - 2016-10-22 09:09 - 01312256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-11-08 13:26 - 2016-10-22 09:09 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-11-08 13:26 - 2016-10-13 12:06 - 01385280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-11-08 13:26 - 2016-10-13 12:06 - 01124376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-11-08 13:26 - 2016-10-12 01:01 - 00377176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-11-08 13:26 - 2016-10-11 13:21 - 00497448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-11-08 13:26 - 2016-10-11 13:21 - 00399776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-11-08 13:26 - 2016-10-11 11:34 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-11-08 13:26 - 2016-10-11 10:47 - 00263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\input.dll
2016-11-08 13:26 - 2016-10-11 09:55 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\input.dll
2016-11-08 13:26 - 2016-10-10 14:17 - 00444248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-11-08 13:26 - 2016-10-10 14:17 - 00333656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-11-08 13:26 - 2016-10-09 15:59 - 00551256 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2016-11-08 13:26 - 2016-10-08 16:12 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-11-08 13:26 - 2016-10-08 15:53 - 03754496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2016-11-08 13:26 - 2016-10-08 15:21 - 01445376 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-11-08 13:26 - 2016-10-08 15:18 - 00840704 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2016-11-08 13:26 - 2016-10-08 15:07 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAnimation.dll
2016-11-08 13:26 - 2016-10-08 15:02 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-11-08 13:26 - 2016-10-08 14:49 - 02410496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2016-11-08 13:26 - 2016-10-08 14:21 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAnimation.dll
2016-11-08 13:26 - 2016-10-07 18:34 - 01660040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-11-08 13:26 - 2016-10-07 18:34 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-11-08 13:26 - 2016-10-04 13:39 - 00101376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
2016-11-08 13:26 - 2016-10-04 13:23 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-11-08 13:26 - 2016-10-04 13:08 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-11-08 13:26 - 2016-10-04 13:08 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-11-07 04:03 - 2016-11-07 04:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintFolder Pro
2016-11-07 04:03 - 2016-11-07 04:03 - 00000000 ____D C:\Program Files (x86)\PrintFolder Pro
2016-11-06 18:46 - 2016-11-06 18:48 - 00000000 ____D C:\Users\Den\AppData\Roaming\MPC-BE
2016-11-06 18:46 - 2016-11-06 18:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-BE x64
2016-11-06 18:46 - 2016-11-06 18:46 - 00000000 ____D C:\Program Files\MPC-BE x64
2016-11-06 10:31 - 2016-11-06 10:31 - 00000000 ____D C:\Users\Den\AppData\Roaming\Highresolution Enterprises
2016-11-06 10:31 - 2016-11-06 10:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Highresolution Enterprises
2016-11-06 10:27 - 2016-11-06 10:27 - 00000000 ____D C:\Users\Den\AppData\Local\RzStats
2016-11-06 10:06 - 2016-11-06 10:31 - 00000000 ____D C:\Program Files\Highresolution Enterprises
2016-11-04 00:47 - 2016-11-04 00:47 - 00000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-11-02 18:21 - 2016-11-15 01:59 - 00000000 ____D C:\Users\Den\AppData\Roaming\Ditto
2016-11-02 18:21 - 2016-11-02 18:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ditto
2016-11-02 18:21 - 2016-11-02 18:21 - 00000000 ____D C:\Program Files\Ditto
2016-11-02 17:44 - 2016-11-02 17:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
2016-10-30 08:05 - 2016-10-30 08:05 - 00000000 ____D C:\Users\Den\AppData\Local\HearthSim
2016-10-29 14:01 - 2016-11-15 21:27 - 00000000 ____D C:\Users\Den\AppData\Local\CrashDumps
2016-10-29 14:01 - 2016-11-14 22:21 - 00000000 ____D C:\Users\Den\AppData\Roaming\HearthstoneDeckTracker
2016-10-29 14:01 - 2016-11-04 23:40 - 00000000 ____D C:\Users\Den\AppData\Local\SquirrelTemp
2016-10-29 14:01 - 2016-10-29 14:30 - 00000000 ____D C:\Users\Den\AppData\Local\HearthstoneDeckTracker
2016-10-29 14:01 - 2016-10-29 14:01 - 00000000 ____D C:\Users\Den\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HearthSim
2016-10-29 02:47 - 2016-10-29 02:47 - 00000000 ____D C:\Users\Den\AppData\Roaming\.mono
2016-10-29 02:47 - 2016-10-29 02:47 - 00000000 ____D C:\Users\Den\AppData\LocalLow\Blizzard Entertainment
2016-10-29 02:47 - 2016-10-29 02:47 - 00000000 ____D C:\Users\Den\AppData\Local\Blizzard
2016-10-29 02:36 - 2016-11-06 17:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2016-10-29 02:32 - 2016-11-08 15:00 - 00000000 ____D C:\Hearthstone
2016-10-29 02:02 - 2016-11-14 22:06 - 00000000 ____D C:\Users\Den\AppData\Local\Battle.net
2016-10-29 02:02 - 2016-11-06 17:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blizzard
2016-10-29 02:02 - 2016-10-29 02:02 - 00000000 ____D C:\Users\Den\AppData\Local\Blizzard Entertainment
2016-10-29 02:02 - 2016-10-29 02:02 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2016-10-29 02:01 - 2016-11-14 22:06 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-10-29 02:01 - 2016-10-29 02:02 - 00000000 ____D C:\Users\Den\AppData\Roaming\Battle.net
2016-10-29 02:01 - 2016-10-29 02:01 - 00000000 ____D C:\ProgramData\Battle.net
2016-10-29 01:20 - 2016-10-25 13:13 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2016-10-28 23:25 - 2016-10-28 23:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2016-10-28 15:49 - 2016-09-16 17:12 - 00044144 _____ (Razer, Inc.) C:\WINDOWS\system32\Drivers\rzpmgrk.sys
2016-10-25 16:08 - 2012-11-26 16:19 - 00005687 ____N C:\WINDOWS\SysWOW64\CTOPT352.cat
2016-10-25 16:08 - 2012-08-13 13:51 - 00167424 ____N (Creative Technology Ltd) C:\WINDOWS\SysWOW64\CTOPT352.dll
2016-10-25 16:08 - 2010-10-04 14:20 - 00079360 ____N (Creative Technology Ltd) C:\WINDOWS\SysWOW64\CTOPT399.dll
2016-10-25 16:08 - 2010-10-03 13:48 - 00005498 ____N C:\WINDOWS\SysWOW64\CTOPT399.cat
2016-10-25 16:08 - 2008-12-22 19:13 - 00061440 ____N (Creative Technology Ltd) C:\WINDOWS\SysWOW64\CTChkAud.dll
2016-10-25 16:08 - 2006-12-05 12:53 - 00042496 ____N (Creative Technology Ltd.) C:\WINDOWS\SysWOW64\AddCat.exe
2016-10-23 04:48 - 2016-10-23 04:48 - 00000000 ____D C:\Users\Den\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Textify
2016-10-19 01:35 - 2016-09-09 15:14 - 00275800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2016-10-19 01:35 - 2016-09-09 07:15 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2016-10-19 01:35 - 2016-09-09 07:09 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
2016-10-19 01:35 - 2016-09-09 07:04 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-10-19 01:35 - 2016-09-09 07:03 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsiwmi.dll
2016-10-19 01:35 - 2016-09-09 07:02 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iscsiwmi.dll
2016-10-19 01:35 - 2016-09-03 11:20 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsidsc.dll
2016-10-19 01:35 - 2016-09-03 11:06 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsiexe.dll
2016-10-19 01:35 - 2016-09-03 10:21 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iscsidsc.dll
2016-10-19 01:35 - 2016-09-03 10:18 - 00825856 _____ (Microsoft Corporation) C:\WINDOWS\system32\pmcsnap.dll
2016-10-19 01:35 - 2016-09-03 09:12 - 00512512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2016-10-19 01:35 - 2016-09-03 09:05 - 01094656 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2016-10-19 01:35 - 2016-09-03 08:58 - 00397824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2016-10-19 01:35 - 2016-09-02 07:05 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pdh.dll
2016-10-19 01:35 - 2016-09-02 07:05 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pdh.dll
2016-10-19 01:35 - 2016-09-01 07:33 - 00377856 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmrdvcore.dll
2016-10-19 01:35 - 2016-09-01 07:33 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SessEnv.dll
2016-10-19 01:35 - 2016-09-01 07:31 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SessEnv.dll
2016-10-19 01:35 - 2016-08-30 07:11 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2016-10-19 01:35 - 2016-08-29 19:45 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\xolehlp.dll
2016-10-19 01:35 - 2016-08-29 19:18 - 00871936 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcprx.dll
2016-10-19 01:35 - 2016-08-29 19:18 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xolehlp.dll
2016-10-19 01:35 - 2016-08-29 19:03 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcprx.dll
2016-10-19 01:35 - 2016-08-22 06:34 - 01628672 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-10-18 00:25 - 2016-10-18 00:25 - 00114288 _____ (Razer Inc.) C:\WINDOWS\system32\RzChromaSDK64.dll
2016-10-18 00:25 - 2016-10-18 00:25 - 00105072 _____ (Razer Inc.) C:\WINDOWS\SysWOW64\RzChromaSDK.dll
2016-10-18 00:25 - 2016-10-18 00:25 - 00048760 _____ (Razer Inc.) C:\WINDOWS\SysWOW64\RzAPIChromaSDK.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-11-16 03:42 - 2016-09-23 02:36 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4088299662-2556368419-2513438349-1005
2016-11-16 03:35 - 2016-02-12 02:45 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-11-16 03:08 - 2016-02-04 02:52 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-16 02:16 - 2014-09-14 09:30 - 00001912 __RSH C:\ProgramData\ntuser.pol
2016-11-16 02:11 - 2013-09-29 21:04 - 00800512 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-11-16 02:11 - 2013-08-22 06:36 - 00000000 ____D C:\WINDOWS\Inf
2016-11-16 02:05 - 2016-09-18 07:07 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-11-16 02:05 - 2016-02-04 02:52 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-16 02:05 - 2013-08-22 07:45 - 00000006 _____ C:\WINDOWS\Tasks\SA.DAT
2016-11-16 02:04 - 2016-10-01 18:44 - 00000000 ____D C:\AdwCleaner
2016-11-15 21:20 - 2016-09-20 01:38 - 00000000 ____D C:\Users\Den\AppData\Roaming\Notepad++
2016-11-15 14:18 - 2016-02-12 02:45 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2016-11-15 12:17 - 2013-08-22 06:36 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-11-15 12:17 - 2012-07-26 00:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-11-15 02:12 - 2013-10-21 16:11 - 00000000 ___RD C:\Users\Den
2016-11-15 02:08 - 2013-08-22 06:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-11-15 01:59 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-11-15 00:27 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\registration
2016-11-14 21:30 - 2016-06-29 12:13 - 00000000 ____D C:\Users\Den\AppData\Roaming\MusicBee
2016-11-13 22:32 - 2015-11-23 10:42 - 00000000 ____D C:\Users\Den\AppData\Roaming\tixati
2016-11-13 22:32 - 2015-11-23 10:42 - 00000000 ____D C:\Users\Den\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tixati
2016-11-13 22:32 - 2015-11-23 10:42 - 00000000 ____D C:\Program Files\tixati
2016-11-13 16:10 - 2014-05-15 08:36 - 00000000 ____D C:\Users\Den\AppData\Roaming\Onetastic
2016-11-13 15:56 - 2014-06-16 13:36 - 00000000 ____D C:\Users\Den\AppData\Local\Axialis
2016-11-10 23:48 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\Help
2016-11-10 23:23 - 2014-04-08 17:53 - 00000000 ____D C:\Program Files (x86)\Intel
2016-11-10 23:16 - 2014-07-19 15:35 - 00000000 __SHD C:\Users\Den\IntelGraphicsProfiles
2016-11-10 02:35 - 2015-11-28 14:33 - 00000000 ____D C:\Users\Den\AppData\Roaming\vlc
2016-11-08 15:57 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\rescache
2016-11-08 15:55 - 2016-09-25 03:07 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4088299662-2556368419-2513438349-1013
2016-11-08 13:28 - 2013-07-26 03:45 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-11-08 13:26 - 2013-07-26 03:32 - 141011376 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-11-08 04:05 - 2016-05-25 08:29 - 00004476 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-11-07 03:14 - 2015-05-14 23:14 - 00000000 ____D C:\Users\Den\AppData\Local\ACD Systems
2016-11-06 16:06 - 2014-05-15 08:36 - 00000682 _____ C:\Users\Den\AppData\Roaming\onecal.xml
2016-11-06 16:05 - 2015-07-05 11:29 - 00061956 _____ C:\Users\Den\AppData\Roaming\OneCal.emf
2016-11-05 20:08 - 2016-02-04 02:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-11-04 18:39 - 2016-10-11 12:52 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-11-04 00:31 - 2014-07-19 12:47 - 00000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2016-11-03 22:59 - 2013-11-20 01:24 - 00000000 ____D C:\Program Files\Speccy
2016-11-02 06:17 - 2015-04-08 22:37 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-11-02 06:17 - 2014-11-18 13:55 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2016-11-01 19:27 - 2013-07-29 22:08 - 00000000 ____D C:\Users\Den\AppData\Local\Google
2016-10-28 23:26 - 2014-11-23 02:00 - 00000000 ____D C:\Program Files\Recuva
2016-10-28 14:04 - 2013-08-22 08:38 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-10-28 14:04 - 2013-08-22 08:38 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-10-27 18:22 - 2013-07-26 03:32 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-10-26 03:30 - 2013-07-31 02:27 - 00007624 _____ C:\Users\Den\AppData\Local\resmon.resmoncfg
2016-10-25 16:08 - 2013-07-30 02:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
2016-10-25 16:07 - 2014-05-01 16:19 - 00000000 ____D C:\Users\Public\Creative
2016-10-25 16:07 - 2014-05-01 16:18 - 00000000 ____D C:\Program Files (x86)\Creative
2016-10-25 16:07 - 2013-07-30 02:20 - 00000078 ____R C:\WINDOWS\ctfile.rfc
2016-10-19 01:35 - 2013-08-22 08:36 - 00000000 ___RD C:\WINDOWS\ToastData
 
==================== Files in the root of some directories =======
 
2015-07-05 11:29 - 2016-11-06 16:05 - 0061956 _____ () C:\Users\Den\AppData\Roaming\OneCal.emf
2014-05-15 08:36 - 2016-11-06 16:06 - 0000682 _____ () C:\Users\Den\AppData\Roaming\onecal.xml
2015-03-17 03:15 - 2015-03-17 03:15 - 0000697 _____ () C:\Users\Den\AppData\Local\recently-used.xbel
2013-07-31 02:27 - 2016-10-26 03:30 - 0007624 _____ () C:\Users\Den\AppData\Local\resmon.resmoncfg
 
Some files in TEMP:
====================
C:\Users\Den\AppData\Local\Temp\libeay32.dll
C:\Users\Den\AppData\Local\Temp\msvcr120.dll
C:\Users\Den\AppData\Local\Temp\npp.7.1.Installer.exe
C:\Users\Den\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-11-15 03:41
 
==================== End of FRST.txt ============================
 
Addition.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-11-2016
Ran by Den (16-11-2016 03:58:51)
Running from D:\Desktop
Windows 8.1 Pro (Update) (X64) (2013-10-22 00:34:11)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4088299662-2556368419-2513438349-500 - Administrator - Disabled)
Den (S-1-5-21-4088299662-2556368419-2513438349-1005 - Administrator - Enabled) => C:\Users\Den
denni_000 (S-1-5-21-4088299662-2556368419-2513438349-1010 - Limited - Enabled) => C:\Users\denni_000
Guest (S-1-5-21-4088299662-2556368419-2513438349-501 - Limited - Disabled)
rphillips (S-1-5-21-4088299662-2556368419-2513438349-1013 - Administrator - Enabled) => C:\Users\rphillips
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7+ Taskbar Tweaker v5.2.1 (HKU\S-1-5-21-4088299662-2556368419-2513438349-1005\...\7 Taskbar Tweaker) (Version: 5.2.1 - RaMMicHaeL)
ACDSee Pro 9 (64-bit) (HKLM\...\{AAB2B2D2-1B27-4EEC-B033-6F9B6FFEEF4C}) (Version: 9.1.0.453 - ACD Systems International Inc.)
Acronis True Image 2014 (HKLM-x32\...\{8DD203F6-B966-4846-8C0C-520A555BE395}Visible) (Version: 17.0.6688 - Acronis)
Acronis True Image 2014 (x32 Version: 17.0.6688 - Acronis) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Advanced Renamer (HKLM-x32\...\Advanced Renamer_is1) (Version: 3.73 - Hulubulu Software)
AM-DeadLink 4.5 (HKLM-x32\...\aignesamdeadlink_is1) (Version: 4.5 - www.aignes.com)
Ansel (Version: 375.70 - NVIDIA Corporation) Hidden
Attribute Changer 8.50 (HKLM\...\{27263813-8BDE-4CD2-84D3-02536743428A}_is1) (Version: 8.50 - Romain Petges)
AutoHotkey 1.1.24.02 (HKLM\...\AutoHotkey) (Version: 1.1.24.02 - Lexikos)
AutoSizer (HKLM-x32\...\AutoSizer) (Version:  - )
Axialis IconWorkshop 6.91 (HKLM-x32\...\IconWorkshop ) (Version: 6.91 - Axialis Software)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bethesda.net Launcher (HKLM-x32\...\{3448917E-E4FE-4E30-9502-9FD52EABB6F5}_is1) (Version: 1.0 - Bethesda Softworks)
Beyond Compare 4.1.9 (HKLM\...\BeyondCompare4_is1) (Version: 4.1.9.21719 - Scooter Software)
Broken Shortcut Fixer (HKLM-x32\...\{F5EB26E8-0EF6-4AF0-9D43-D2B7E0D9D63C}) (Version: 1.2 - ConsumerSoft)
CCleaner (HKLM\...\CCleaner) (Version: 5.23 - Piriform)
Default Programs Editor (HKLM\...\Default Programs Editor) (Version: 2.7.2675.2253 - factormystic.net)
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
Ditto (HKLM\...\Ditto_is1) (Version:  - Scott Brogden)
Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.03 - Creative Technology Limited)
DTS Connect Pack (HKLM-x32\...\DTS Connect Pack) (Version: 1.00 - Creative Technology Limited)
Duplicate Cleaner Pro 4.0.1 (HKLM-x32\...\Duplicate Cleaner Pro) (Version: 4.0.1 - DigitalVolcano Software Ltd)
Extra Folder Icons Full (HKLM-x32\...\Extra Folder Icons Full_is1) (Version: 1.0 - ArcticLine Software)
f.lux (HKU\S-1-5-21-4088299662-2556368419-2513438349-1005\...\Flux) (Version:  - )
Fix Shortcuts 1.2 (HKLM\...\Fix Shortcuts_is1) (Version:  - Puran Software)
Folder Marker Pro (HKLM\...\Folder Marker Pro_is1) (Version: 4.2 - ArcticLine Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Drive (HKLM-x32\...\{3D7AB4D4-2E45-4986-BAC5-5B3CEED21FAA}) (Version: 1.32.3592.6117 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
GWX Control Panel (HKLM-x32\...\UltimateOutsider_GwxControlPanel) (Version:  - UltimateOutsider)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hearthstone Deck Tracker (HKU\S-1-5-21-4088299662-2556368419-2513438349-1005\...\HearthstoneDeckTracker) (Version: 1.1.1.1 - HearthSim)
HostsMan 4.6.103 (HKLM-x32\...\{1A3DD1A9-7B7B-4ECA-AD2F-98466F49F62C}_is1) (Version: 4.6.103.0 - abelhadigital.com)
Macrium Reflect Home Edition (HKLM\...\MacriumReflect) (Version: 6.1 - Paramount Software (UK) Ltd.)
Macrium Reflect Home Edition (Version: 6.1.1311 - Paramount Software (UK) Ltd.) Hidden
Malwarebytes Anti-Exploit version 1.9.1.1261 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.9.1.1261 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Sounds (HKLM-x32\...\{10CE1EA2-12E9-11D3-825E-00C04F6843FE}) (Version: 1.0.0.0 - Microsoft Corp)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mindjet MindManager 15 (HKLM-x32\...\{5391679C-62E7-4DEA-82FC-1F77AE6767E2}) (Version: 15.1.173 - Mindjet)
Mp3tag v2.77 (HKLM-x32\...\Mp3tag) (Version: v2.77 - Florian Heidenreich)
MPC-BE x64 1.5.0.2101 (HKLM\...\{FE09AF6D-78B2-4093-B012-FCDAF78693CE}_is1) (Version: 1.5.0.2101 - MPC-BE Team)
MusicBee 3.0 (HKLM-x32\...\MusicBee) (Version: 3.0 - Steven Mayall)
MusicBrainz Picard (HKLM-x32\...\MusicBrainz Picard) (Version: 1.3.2 - MusicBrainz)
nexusfont 2.6 (ver 2.6.2.1870) (HKLM-x32\...\{EFEDD205-43FE-4208-B682-0937E803E19E}_is1) (Version:  - xiles)
NirSoft ShellExView (HKLM-x32\...\NirSoft ShellExView) (Version:  - )
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.1 - Notepad++ Team)
NVIDIA Graphics Driver 375.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 375.70 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
PatchCleaner (HKLM-x32\...\{727DA176-50BB-452C-8DB5-96EE0A573ED4}) (Version: 1.4.20 - HomeDev)
Path Copy Copy 13.0.1 (HKLM\...\{3C01F274-867C-4D1D-BE8C-CB488C31B0C9}_is1) (Version:  - Charles Lechasseur)
PrintFolder Pro (HKLM-x32\...\PrintFolder Pro 3.3_is1) (Version:  - )
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 1.10.6 - Razer Inc.)
Razer Core (HKLM-x32\...\Razer Core) (Version: 1.0.1.61 - Razer Inc)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.15.1031 - Razer Inc.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
ShellFolderFix 1.1.4 (HKLM\...\{3DD823AB-145A-4522-B9F6-A9566121F837}_is1) (Version:  - )
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.104 - Skype Technologies S.A.)
Snagit 10.0.1 (HKLM-x32\...\{22FC7536-BE5C-4E88-8069-C24689D34EC5}) (Version: 10.0.1 - TechSmith Corporation)
Sound Blaster Z-Series (HKLM-x32\...\{4C6CD3EB-BC0F-4B59-B20C-26BD766166E1}) (Version: 1.01.08 - Creative Technology Limited)
Sound Blaster Z-Series Extras (HKLM-x32\...\{9D9DB4BA-E352-4AC8-AD2B-B10104F5AB80}) (Version: 1.0 - Creative Technology Limited)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
Switcher 2.0.0 (HKLM-x32\...\{F7DB6677-661D-4835-AAD8-1B7F4C98D7CE}) (Version: 2.0.0 - Bao Nguyen)
TagScanner 6.0.10 (HKLM-x32\...\TagScanner_is1) (Version:  - Sergey Serkov)
Textify v1.4.1 (HKU\S-1-5-21-4088299662-2556368419-2513438349-1005\...\Textify) (Version: 1.4.1 - RaMMicHaeL)
The Elder Scrolls Legends (HKLM-x32\...\The Elder Scrolls Legends) (Version:  - Bethesda Softworks)
Tixati (HKLM-x32\...\tixati) (Version:  - )
Unchecky v1.0.1 (HKLM-x32\...\Unchecky) (Version: 1.0.1 - RaMMicHaeL)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Winaero Tweaker (HKLM\...\Winaero Tweaker_is1) (Version: 0.6.0.6 - Winaero)
WinDirStat 1.1.2 (HKU\S-1-5-21-4088299662-2556368419-2513438349-1005\...\WinDirStat) (Version:  - )
WindowSpace (HKLM-x32\...\WindowSpace) (Version: 2.6.0 - NTWind Software)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
X-Mouse Button Control 2.14 (HKLM-x32\...\X-Mouse Button Control) (Version: 2.14 - Highresolution Enterprises)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-4088299662-2556368419-2513438349-1005_Classes\CLSID\{AB246BE9-1623-4A84-ABDA-CFF4D4A273CB}\InprocServer32 -> C:\WINDOWS\system32\kernel32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4088299662-2556368419-2513438349-1005_Classes\CLSID\{F09690BD-582D-4439-B6ED-5C2545D2F424}\InprocServer32 -> C:\WINDOWS\system32\kernel32.dll (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {135A7D9D-038C-44AF-A3BA-130585E9F67D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-11-08] (Microsoft Corporation)
Task: {1524C97B-3935-4A4E-8F16-DFA86512D31F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {17209D9C-188D-4B20-AC3E-FEAE90EC30BC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {5497A669-8E8B-4B1B-A705-5D1F3A908B9C} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {6798BF03-6A23-478D-9F2A-C6B7D66F42A3} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {6D340C67-EA63-4208-948E-60EC83A6D97F} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {7EA8920C-F89D-4E6B-97C1-89EB56DCB23B} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {81019438-0332-4809-B044-3CB0B1E36C1B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-09-28] (Piriform Ltd)
Task: {9B4E590D-F3DC-4EC3-801B-F33BF3732EE9} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {A097D37D-8551-4ADA-88A4-3D823A8DB595} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {A3D2949E-9B78-44E1-988E-C3FB7E7BEDB3} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {A7229510-360F-4C9C-916E-F000B0D48102} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {C3B8F1D4-E9E7-4EE5-B1E1-EC4CCF937FF5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {C568132B-E0B7-4425-9065-A794EA4C14B2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {C75051ED-E42F-4EFA-AC05-3AAB16828518} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {D9CD0F7E-E978-4766-86DA-192101B15EBE} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {DA0988F6-E468-4C43-A694-1E7390C73653} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {E34D51AC-B502-46AF-9CE2-B537FA9027D4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {EDCEDA30-C745-493A-9284-FB6122B2E798} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {EE527C45-FEC1-44D3-B9DA-72B3AB8E7471} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {F88EB313-D590-4C8E-B245-DFFEEA6FFA1D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Den\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_mkaakpdehdafacodkgkpghoibnmamcme\Google Drawings.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=mkaakpdehdafacodkgkpghoibnmamcme
ShortcutWithArgument: C:\Users\Den\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_aohghmighlieiainnegkcijnfilokake\Google Docs.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=aohghmighlieiainnegkcijnfilokake
ShortcutWithArgument: C:\Users\Den\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google\Google Drive\Google Drawings.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=mkaakpdehdafacodkgkpghoibnmamcme
ShortcutWithArgument: C:\Users\Den\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google\Google Chrome\Solitaire.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory="Profile 1" --app-id=blpebaehgfgkcmmjjknibibbjacnplim
ShortcutWithArgument: C:\Users\Den\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Solitaire.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory="Profile 1" --app-id=blpebaehgfgkcmmjjknibibbjacnplim
ShortcutWithArgument: C:\Users\Den\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Drawings.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=mkaakpdehdafacodkgkpghoibnmamcme
ShortcutWithArgument: C:\Users\Den\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\cdde1d4838e442f0\Sidewise Tree Style Tabs.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2" --app-id=biiammgklaefagjclmnlialkmaemifgo
ShortcutWithArgument: C:\Users\Den\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\225bb61db2f318c1\Dennis - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3"
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-11-10 23:48 - 2016-10-25 13:17 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-09-23 23:58 - 2016-09-23 23:58 - 00228352 _____ () C:\Users\Den\AppData\Roaming\Textify\Textify.exe
2013-08-01 03:28 - 2010-09-28 17:52 - 02625024 _____ () C:\Program Files\ShellFolderFix\ShellFolderFixUI.exe
2013-08-01 03:28 - 2010-09-28 17:52 - 00099840 _____ () C:\Program Files\ShellFolderFix\ShellFolderFix.dll
2013-10-01 09:26 - 2013-10-01 09:26 - 02810968 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll
2016-11-08 14:09 - 2016-10-12 20:02 - 01019392 _____ () C:\Program Files\Path Copy Copy\PCC64.dll
2016-06-22 14:48 - 2016-06-22 14:48 - 00086016 _____ () C:\Program Files (x86)\AutoSizer\AutoSizer.dll
2016-11-01 00:58 - 2016-11-01 00:58 - 00143824 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2013-10-01 10:00 - 2013-10-01 10:00 - 00022336 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers_proxy_stub.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:6DAA43DB [233]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PAexec => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PAexec => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 06:25 - 2016-11-16 02:05 - 00002085 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 acdid.acdsystems.com
0.0.0.0 keystone.mwbsys.com0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
 
There are 5 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4088299662-2556368419-2513438349-1005\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\Web\Wallpaper\Theme2\img10.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: AcrSch2Svc => 2
MSCONFIG\Services: afcdpsrv => 3
MSCONFIG\Services: syncagentsrv => 3
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "ACUW08EN"
HKLM\...\StartupApproved\Run: => "Acronis Scheduler2 Service"
HKLM\...\StartupApproved\Run32: => "TrueImageMonitor.exe"
HKLM\...\StartupApproved\Run32: => "UpdReg"
HKLM\...\StartupApproved\Run32: => "MMReminderService"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "AcronisTibMounterMonitor"
HKLM\...\StartupApproved\Run32: => "WinBooter"
HKU\S-1-5-21-4088299662-2556368419-2513438349-1005\...\StartupApproved\Run: => "swg"
HKU\S-1-5-21-4088299662-2556368419-2513438349-1005\...\StartupApproved\Run: => "A53195EBF4281FF5F4D7CB947584E865FECEB635._service_run"
HKU\S-1-5-21-4088299662-2556368419-2513438349-1005\...\StartupApproved\Run: => "Switcher"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [TCP Query User{D88253A6-E69E-4C61-BEFE-145B44FB6701}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{C70B4C13-36D7-46BB-8E73-1AC7A3353494}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{436F3ABA-59B3-42C9-BCD5-3391E2B5E5B2}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [UDP Query User{3B905AD4-74E8-478C-B374-68C8C7DF24DC}C:\program files\tixati\tixati.exe] => (Allow) C:\program files\tixati\tixati.exe
FirewallRules: [TCP Query User{6140048F-9E46-4B04-8E10-E9766600B6FF}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{C3B18C9B-B065-45E1-8952-58F83D89F894}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{CF3001EE-86D5-49C7-AAB5-96CE8416CF89}] => (Block) %ProgramFiles% (x86)\Duplicate Cleaner Pro\DuplicateCleaner.exe
FirewallRules: [TCP Query User{BCBB3E01-BECC-4880-A863-998341396E59}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
FirewallRules: [UDP Query User{F451F7E6-D8C7-4BE6-A88E-FE88D5FD5178}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
FirewallRules: [{90F01F7D-1727-472E-AAB6-19502595B3CC}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{03D718A5-EE1A-4D90-A6A6-D1B7A3B803F6}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{AF04BF36-D13F-4FBA-B572-F33B5F396DCD}] => (Block) %ProgramFiles% (x86)\Axialis\IconWorkshop\IconWorkshop.exe
FirewallRules: [TCP Query User{FFE302F7-22C5-4637-9B79-8581C736B98F}C:\hearthstone\hearthstone.exe] => (Allow) C:\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{CECB6DC6-481C-45BE-ACAE-309867939A27}C:\hearthstone\hearthstone.exe] => (Allow) C:\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{4EAAFA0F-D010-4A8E-9533-B5078A35B1B7}C:\program files\ditto\ditto.exe] => (Allow) C:\program files\ditto\ditto.exe
FirewallRules: [UDP Query User{F8A19DCA-A0BB-41ED-86F0-DFE30F3F1AB6}C:\program files\ditto\ditto.exe] => (Allow) C:\program files\ditto\ditto.exe
FirewallRules: [{FC886689-FFFE-4E79-91AF-42DA95AE8C24}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============
 
Name: Video Controller
Description: Video Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Acronis TIB Mounter
Description: Acronis TIB Mounter
Class Guid: {1860459d-4692-4825-b761-44a725991050}
Manufacturer: Acronis, Inc.
Service: tib_mounter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/16/2016 01:58:03 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.
 
Details:
The content index catalog is corrupt.   0xc0041801 (0xc0041801)
 
Error: (11/16/2016 01:58:03 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4810 - enduser\mssearch2\search\ytrip\tripoli\inverted\invertedindex.cpp (3682)}. The service will attempt to automatically correct this problem by rebuilding the index.
 
Details:
The content index catalog is corrupt.   0xc0041801 (0xc0041801)
 
Error: (11/15/2016 09:27:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 54.0.2840.99, time stamp: 0x58220960
Faulting module name: pepflashplayer.dll, version: 23.0.0.207, time stamp: 0x580ffc39
Exception code: 0xc0000409
Fault offset: 0x0085b8fe
Faulting process id: 0x1f78
Faulting application start time: 0x01d23fc19c03aa9d
Faulting application path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Faulting module path: C:\Users\Den\AppData\Local\Google\Chrome\User Data\PepperFlash\23.0.0.207\pepflashplayer.dll
Report Id: 072d4254-abb5-11e6-8395-c86000bd2703
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (11/15/2016 02:29:25 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (11/15/2016 02:24:34 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
 
System errors:
=============
Error: (11/16/2016 02:03:58 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
An instance of the service is already running.
 
Error: (11/16/2016 02:03:28 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (11/16/2016 02:03:28 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Office Software Protection Platform service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/16/2016 02:03:28 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Malwarebytes Anti-Exploit Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (11/16/2016 02:03:27 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Unchecky service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/16/2016 02:03:27 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Razer Overlay Subsystem Emergency Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/16/2016 02:03:27 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Macrium Reflect Image Mounting Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/16/2016 02:03:27 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Razer Chroma SDK Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/16/2016 02:03:27 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA Display Container LS service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
 
Error: (11/16/2016 02:03:27 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).
 
 
CodeIntegrity:
===================================
  Date: 2016-11-16 02:40:51.527
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-11-16 02:40:51.236
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-11-16 02:40:50.938
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-11-16 00:49:45.199
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-11-16 00:49:44.913
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-11-16 00:49:44.621
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-11-16 00:45:51.669
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-11-16 00:45:51.383
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-11-16 00:45:51.096
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-11-16 00:33:38.053
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3770K CPU @ 3.50GHz
Percentage of memory in use: 34%
Total physical RAM: 16256.52 MB
Available physical RAM: 10709.4 MB
Total Virtual: 17280.52 MB
Available Virtual: 12646.16 MB
 
==================== Drives ================================
 
Drive c: (System SSD) (Fixed) (Total:232.54 GB) (Free:194.71 GB) NTFS
Drive d: (Data) (Fixed) (Total:1863.01 GB) (Free:902 GB) NTFS
Drive u: (Misc) (Fixed) (Total:1863.01 GB) (Free:577.82 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: B258A1E5)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.5 GB) - (Type=07 NTFS)
Partition 00: (Not Active) - (Size=0) - (Type=00) ATTENTION ===> 0 byte partition bootkit.
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 68F6DE20)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 5618AB93)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
Thank you very much for any help to get my system running smoothly again, I can't tell if it is a malware/spyware issue, but I just know things have been not quite right with the computer operating over the last while.
 
Sincerely,
menace97

Edited by menace97, 19 November 2016 - 06:49 AM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP