Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Malware attacks Using Apple Bonjour !

Started by sub101uk , Jan 03 2017 03:12 AM

Please log in to reply

#1
sub101uk

Posted 03 January 2017 - 03:12 AM

Member

Member
39 posts

Just come across this site in the hope I can find some help to remove some Malware from my computer , O/S 7 Pro Service pack one . Location Thailand internet provider TOT 13 Gb , Router is a Forth . One thing I did notice about this router is its open access you dont need a password to gain access , Yes you can change the password to what ever you want but any body can gain access with the default password of TOT . Please Note you can only use a TOT router with TOT internet . I might also add that this lap top is only used for work and not for down loading music or videos so I have no idea how Apple Bonjour came to be installed .

The problems started about a month ago with my Blue Tooth Mouse started doing strange things and the screen kept on locking up and the only way to unfree the screen was Ctrl + Aft + Delete and go into Task Manager and click on End Task and the screen would unfree its self . At the time I was running Avast and would give it a full scan finding nothing . I deleted Avast and installed ESET Security and started to find many threats but the more threats I deleted the more unstable to computer got .

2 x Blue Tooth mouse would be uncontrollable my wireless mouse stopped working so the only way to use cursor was to use the touch pad .

When I went to do a cold boot the computer would only boot up in low Res 1024 x 768 if you re booted the computer 4 or 5 times it might boot up in 1920 x 1080 .

Both Firefox and Chrome browsers with the mouse would just do there own thing clicking on strange sites .

Every week I make a back of my data on a 2TB Seagate I checked that the other day only to find no back ups , You can see on the amount of data on the drive its there but if you run the Seagate Dashboard and click on restore there are no back ups

Its clear someone has access to my computer and we need to remove the way there getting in which I think is Bonjour , I ran my Registry cleaning tool " Max Registry Cleaner " and found Apple Bonjour but as soon as I deleted the invalid entries it returned again I did contact Max Reg and they did a 3 hour remote access to my computer and said like me were unable to remove threat . I have tried many other programs and very few can find the problem let alone delete it . I ran AdwCleaner and found C:ProgramData\SecTaskMan + C:\ProgramData Data\TaskMan which I deleted but my problem still remains . But its very clear to me unless I can remove Bonjour please have direct access to my computer , I have checked my IP and its changed every day I have even forced a IP change by unplugging the fibre from the router and restarting the router up .

When all my problems started I did what most people would do change out all drivers with new it was not until I removed the internet that the problems stopped . I might also add that what ever Mal ware is installed on my computer is very aggressive I tried to install Malwarebytes and after 6 attempts I got it installed only to find that most of the real time protection was turned off , The only way to get this program to run was offline but after it ran nothing was found so we need to close the access other wises the attacks will continue . If any one would like to see a copy of my log please let me know .Other wise I will get a replacement drive and do a total rebuild .

Many Thanks

Attached Thumbnails

Attached Files

hijackthis 03.01.2017.log 15.65KB 202 downloads

#2
RKinner

Posted 03 January 2017 - 06:48 AM

Malware Expert

Expert
24,625 posts

Please do not attach the logs unless they are too big to copy & paste. Multiple Replies are OK and are probably easier since there is less chance of losing a log. We don't use Hijackthis as it has not been updated in years.

Also do not use any registry cleaners until after we are done. (Don't really like the things anyway.)

Download : ADWCleaner to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.

Junkware-Removal-Tool

Please download Junkware Removal Tool to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site

Pause your anti-virus. Close all browsers.

Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

Get FRST from

http://www.bleepingc...very-scan-tool/

You need to download the appropriate tool for your PC. If you don't know if you have a 32 or 64 bit system get them both. Only one will work and that's the right one.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.

Check the Addition.txt box

Press Scan button.

It will produce a log called FRST.txt in the same directory the tool is run from.

Please copy and paste log back here.

It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

You appear to be missing some

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow

Copy the next two lines:


findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt

notepad \windows\logs\cbs\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.

Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)

1. Please download the Event Viewer Tool by Vino Rosso

http://images.malwar...om/vino/VEW.exe

and save it to your Desktop:

2. Right-click VEW.exe and Run AS Administrator

3. Under 'Select log to query', select:

* System

4. Under 'Select type to list', select:

* Error

* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'

Type 20 in the 1 to 20 box

Then click the Run button.

Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application. (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)

#3
sub101uk

Posted 03 January 2017 - 10:08 PM

Member

Topic Starter
Member
39 posts

Many Thanks for your reply I already have a copy of ADWCleaner on my desk Top , In the past its found " Task Man file " , " mystart.incredibar.com/mb118 and uk.ask.com " in the past I have deleted these files but they seem to return . If its to large I can send it in files .

Many Thanks for all your time and help .

# AdwCleaner v6.041 - Logfile created 04/01/2017 at 09:49:06
# Updated on 16/12/2016 by Malwarebytes
# Database : 2017-01-03.1 [Local]
# Operating System : Windows 7 Professional Service Pack 1 (X64)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Desktop\adwcleaner_6.041.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

[-] [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: mystart.incredibar.com/mb118
[-] [C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: uk.ask.com

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [2094 Bytes] - [21/12/2016 10:22:42]
C:\AdwCleaner\AdwCleaner[C2].txt - [1213 Bytes] - [21/12/2016 14:33:04]
C:\AdwCleaner\AdwCleaner[C3].txt - [1754 Bytes] - [28/12/2016 10:39:45]
C:\AdwCleaner\AdwCleaner[C4].txt - [1973 Bytes] - [28/12/2016 22:51:09]
C:\AdwCleaner\AdwCleaner[C5].txt - [2192 Bytes] - [31/12/2016 10:22:26]
C:\AdwCleaner\AdwCleaner[C6].txt - [2287 Bytes] - [01/01/2017 19:24:58]
C:\AdwCleaner\AdwCleaner[C7].txt - [2755 Bytes] - [03/01/2017 11:57:39]
C:\AdwCleaner\AdwCleaner[C8].txt - [3272 Bytes] - [03/01/2017 23:44:23]
C:\AdwCleaner\AdwCleaner[C9].txt - [1602 Bytes] - [04/01/2017 09:49:06]
C:\AdwCleaner\AdwCleaner[S0].txt - [2102 Bytes] - [21/12/2016 10:22:32]
C:\AdwCleaner\AdwCleaner[S10].txt - [2259 Bytes] - [31/12/2016 11:53:03]
C:\AdwCleaner\AdwCleaner[S11].txt - [2406 Bytes] - [01/01/2017 19:24:17]
C:\AdwCleaner\AdwCleaner[S12].txt - [2553 Bytes] - [03/01/2017 11:11:59]
C:\AdwCleaner\AdwCleaner[S13].txt - [2806 Bytes] - [03/01/2017 11:40:32]
C:\AdwCleaner\AdwCleaner[S14].txt - [2701 Bytes] - [03/01/2017 12:10:11]
C:\AdwCleaner\AdwCleaner[S15].txt - [2775 Bytes] - [03/01/2017 12:31:21]
C:\AdwCleaner\AdwCleaner[S16].txt - [2849 Bytes] - [03/01/2017 12:45:28]
C:\AdwCleaner\AdwCleaner[S17].txt - [2923 Bytes] - [03/01/2017 13:10:23]
C:\AdwCleaner\AdwCleaner[S18].txt - [2997 Bytes] - [03/01/2017 14:33:36]
C:\AdwCleaner\AdwCleaner[S19].txt - [3323 Bytes] - [03/01/2017 23:43:45]
C:\AdwCleaner\AdwCleaner[S1].txt - [1308 Bytes] - [21/12/2016 14:06:07]
C:\AdwCleaner\AdwCleaner[S20].txt - [3219 Bytes] - [04/01/2017 00:12:13]
C:\AdwCleaner\AdwCleaner[S21].txt - [3292 Bytes] - [04/01/2017 07:08:35]
C:\AdwCleaner\AdwCleaner[S22].txt - [3366 Bytes] - [04/01/2017 07:55:31]
C:\AdwCleaner\AdwCleaner[S23].txt - [3440 Bytes] - [04/01/2017 09:26:24]
C:\AdwCleaner\AdwCleaner[S24].txt - [3508 Bytes] - [04/01/2017 09:38:54]
C:\AdwCleaner\AdwCleaner[S25].txt - [3588 Bytes] - [04/01/2017 09:41:17]
C:\AdwCleaner\AdwCleaner[S26].txt - [3842 Bytes] - [04/01/2017 09:48:19]
C:\AdwCleaner\AdwCleaner[S2].txt - [1381 Bytes] - [21/12/2016 14:31:52]
C:\AdwCleaner\AdwCleaner[S3].txt - [1527 Bytes] - [22/12/2016 21:35:34]
C:\AdwCleaner\AdwCleaner[S4].txt - [1781 Bytes] - [24/12/2016 11:47:57]
C:\AdwCleaner\AdwCleaner[S5].txt - [1853 Bytes] - [28/12/2016 10:39:26]
C:\AdwCleaner\AdwCleaner[S6].txt - [1820 Bytes] - [28/12/2016 11:08:04]
C:\AdwCleaner\AdwCleaner[S7].txt - [2072 Bytes] - [28/12/2016 22:50:57]
C:\AdwCleaner\AdwCleaner[S8].txt - [2039 Bytes] - [30/12/2016 10:43:49]
C:\AdwCleaner\AdwCleaner[S9].txt - [2291 Bytes] - [31/12/2016 10:22:08]

########## EOF - C:\AdwCleaner\AdwCleaner[C9].txt - [3663 Bytes] ##########

Junkware-Removal-Tool

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes

Version: 8.1.0 (12.05.2016)

Operating System: Windows 7 Professional x64

Ran by Owner (Administrator) on 04/01/2017 at 10:15:19.85

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 0

Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 04/01/2017 at 10:17:01.81

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-01-2017

Ran by Owner (administrator) on OWNER-PC (04-01-2017 10:29:09)

Running from C:\Users\Owner\Desktop

Loaded Profiles: Owner (Available Profiles: Owner)

Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe

(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\FoxitConnectedPDFService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe

(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe

(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe

(Max Secure Software) C:\Program Files\Max Registry Cleaner\RCVistaService.exe

(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe

(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe

() C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\HP Webcam Software Suite\Magic-i Visual Effects 2\uCamMonitor.exe

(SparkLabs) C:\Program Files\WiTopia\WiTopiaService.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe

(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe

(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe

() C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv.exe

(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe

(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

() C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

() C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE

(Microsoft Corporation) C:\Windows\splwow64.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286192 2013-04-10] (Intel Corporation)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7611608 2014-06-03] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1387376 2014-05-13] (Realtek Semiconductor)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3011312 2013-04-08] (Synaptics Incorporated)

HKLM\...\Run: [] => [X]

HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [14056 2014-10-30] (Alienware)

HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp

HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [RCAutoLiveUpdate] => C:\Program Files\Max Registry Cleaner\MaxLURC.exe [1819176 2014-12-24] (Max Secure Software)

HKLM\...\Run: [Bluetooth Connection Assistant] => LBTWIZ.EXE -silent

HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [243216 2008-12-18] (Logitech, Inc.)

HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)

HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-24] (Intel Corporation)

HKLM-x32\...\Run: [AlienwareOn-ScreenDisplay] => C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe [4434224 2013-08-21] ()

HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-28] (ArcSoft Inc.)

Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)

HKU\S-1-5-21-3090456578-2289362299-1625809071-1000\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [127816 2016-04-05] (Seagate Technology LLC)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

Tcpip\..\Interfaces\{742E9E9D-C325-4860-8B9E-37AF8EE072A7}: [DhcpNameServer] 10.118.0.1

Tcpip\..\Interfaces\{A9883C7F-E971-4335-BC1A-A1D52F0A5D58}: [DhcpNameServer] 192.168.1.254

Internet Explorer:

==================

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =

HKU\S-1-5-21-3090456578-2289362299-1625809071-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.uk/

HKU\S-1-5-21-3090456578-2289362299-1625809071-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com

SearchScopes: HKU\S-1-5-21-3090456578-2289362299-1625809071-1000 -> {3F03010E-69A6-4E9E-9B2F-7E94FF5B51BE} URL = hxxps://th.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> No File

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-10-21] (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)

BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-09] (Microsoft Corporation)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-21] (Oracle Corporation)

FireFox:

========

FF ProfilePath: C:\Users\Owner\AppData\Roaming\TomTom\HOME\Profiles\bq1l63w1.default [2016-03-14]

FF Extension: (Map status indicator) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\[email protected] [2016-02-17] [not signed]

FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\6i4yverv.default-1469598597873 [2017-01-04]

FF NewTab: Mozilla\Firefox\Profiles\6i4yverv.default-1469598597873 -> about:newtab

FF DefaultSearchEngine: Mozilla\Firefox\Profiles\6i4yverv.default-1469598597873 -> Avast Search

FF DefaultSearchUrl: Mozilla\Firefox\Profiles\6i4yverv.default-1469598597873 -> hxxps://search.avast.com/AV772/search/web?q={searchTerms}

FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\6i4yverv.default-1469598597873 -> Avast Search

FF SelectedSearchEngine: Mozilla\Firefox\Profiles\6i4yverv.default-1469598597873 -> Avast Search

FF Homepage: Mozilla\Firefox\Profiles\6i4yverv.default-1469598597873 -> hxxps://www.google.co.uk/

FF Keyword.URL: Mozilla\Firefox\Profiles\6i4yverv.default-1469598597873 -> hxxps://search.avast.com/AV772/search/web?q={searchTerms}

FF Extension: (British English Dictionary (Marco Pinto)) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\6i4yverv.default-1469598597873\Extensions\[email protected] [2017-01-01]

FF Extension: (Skype) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-15] ()

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-15] ()

FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2016-05-18] (Foxit Corporation)

FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2016-05-18] (Foxit Corporation)

FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2016-05-18] (Foxit Corporation)

FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2016-05-18] (Foxit Corporation)

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-13] (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-13] (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-21] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-21] (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-09] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-09] (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-12] (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-12] (NVIDIA Corporation)

FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2014-11-28] ()

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)

FF Plugin-x32: Web Components -> C:\Program Files (x86)\Web Components\npWebVideoPlugin.dll [2016-02-01] ()

Chrome:

=======

CHR HomePage: Default -> hxxp://www.google.co.uk/

CHR StartupUrls: Default -> "hxxps://www.google.co.uk/"

CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default [2017-01-04]

CHR Extension: (Google Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-23]

CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-23]

CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-23]

CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-23]

CHR Extension: (Foxit PDF Creator) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cifnddnffldieaamihfkhkdgnbhfmaci [2016-12-23]

CHR Extension: (Google Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-12-23]

CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-23]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-23]

CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-23]

CHR Extension: (Chrome Media Router) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-23]

CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Profile 1 [2016-12-31]

CHR HKLM\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\\plugins\Creator\ChromeAddin\ChromeAddin.crx [2016-06-23]

CHR HKLM-x32\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\\plugins\Creator\ChromeAddin\ChromeAddin.crx [2016-06-23]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)

S3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [588024 2014-10-31] (BlackBerry Limited)

R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2770312 2016-12-27] (ESET)

S2 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-03-09] ()

R2 FoxitPhantomService; C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\FoxitConnectedPDFService.exe [1647808 2016-06-21] (Foxit Software Inc.)

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-10] (Intel Corporation)

R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [172784 2016-07-23] (Intel Corporation)

S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]

R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]

S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)

S3 ioloEnergyBooster; C:\Program Files\Alienware\Command Center\ioloEnergyBooster.exe [6145872 2012-11-01] (iolo technologies, LLC)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-13] (Intel Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-05-03] ()

R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-12-13] (NVIDIA Corporation)

S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2016-12-13] (NVIDIA Corporation)

R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1163712 2016-12-13] (NVIDIA Corporation)

S2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2016-12-13] (NVIDIA Corporation)

R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [341504 2013-06-08] (Qualcomm Atheros) [File not signed]

R2 RCVistaSvc; C:\Program Files\Max Registry Cleaner\RCVistaService.exe [2306088 2014-12-24] (Max Secure Software)

R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)

R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16216 2016-04-05] (Seagate Technology LLC)

R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [143656 2016-04-05] (Seagate Technology LLC)

R2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [118424 2016-03-09] ()

R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)

R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\HP Webcam Software Suite\Magic-i Visual Effects 2\uCamMonitor.exe [145984 2012-01-18] (ArcSoft, Inc.)

S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-03-09] ()

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

R2 WiTopiaService; C:\Program Files\WiTopia\WiTopiaService.exe [106696 2016-10-07] (SparkLabs)

R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-05-03] (Intel® Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2008-04-24] (ArcSoft, Inc.)

R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [67888 2013-02-13] (Qualcomm Atheros, Inc.)

S3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [141800 2015-10-13] (Motorola Solutions, Inc.)

R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1545704 2016-04-27] (Motorola Solutions, Inc.)

R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [262792 2016-12-27] (ESET)

R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [197248 2016-12-27] (ESET)

R2 ekbdflt; C:\Windows\System32\DRIVERS\ekbdflt.sys [153216 2016-12-27] (ESET)

R1 epfw; C:\Windows\System32\DRIVERS\epfw.sys [208520 2016-12-27] (ESET)

R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [61568 2016-12-27] (ESET)

R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [84616 2016-12-27] (ESET)

R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2016-12-14] ()

R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-04-10] (Intel Corporation)

R3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [355080 2016-07-31] (Intel Corporation)

R3 Ke2200; C:\Windows\System32\DRIVERS\e22w7x64.sys [154320 2013-03-20] (Qualcomm Atheros, Inc.)

R1 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176064 2017-01-03] (Malwarebytes)

R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [102856 2017-01-04] (Malwarebytes)

R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-01-04] (Malwarebytes)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [250816 2017-01-04] (Malwarebytes)

R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [81696 2017-01-04] (Malwarebytes)

R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3426576 2016-05-03] (Intel Corporation)

S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2016-12-13] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [46016 2016-12-13] (NVIDIA Corporation)

S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2014-05-06] (BlackBerry Limited)

R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)

R1 RsProxy; C:\Windows\system32\drivers\RsProxy.sys [15976 2015-03-19] ()

S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2016-03-09] ()

R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [32496 2013-04-08] (Synaptics Incorporated)

R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_Accel.sys [87776 2013-04-11] (STMicroelectronics)

S3 visctap0901; C:\Windows\System32\DRIVERS\visctap0901.sys [50416 2016-08-11] (The OpenVPN Project)

R3 XtuAcpiDriver; C:\Windows\System32\DRIVERS\XtuAcpiDriver.sys [54344 2016-11-22] (Intel Corporation)

U0 aswVmm; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-04 10:14 - 2017-01-04 10:17 - 00000554 _____ C:\Users\Owner\Desktop\JRT.txt

2017-01-04 10:11 - 2017-01-04 10:11 - 01663040 _____ (Malwarebytes) C:\Users\Owner\Desktop\JRT.exe

2017-01-04 10:09 - 2017-01-04 10:09 - 00000000 ____D C:\Users\Owner\Desktop\New folder

2017-01-04 09:35 - 2017-01-04 09:36 - 03977168 _____ C:\Users\Owner\Desktop\AdwCleaner.exe

2017-01-03 12:33 - 2017-01-03 12:33 - 00224968 _____ (ESET) C:\Users\Owner\Desktop\ESETPoweliksCleaner(1).exe

2017-01-03 12:32 - 2017-01-03 12:32 - 00224968 _____ (ESET) C:\Users\Owner\Downloads\ESETPoweliksCleaner.exe

2017-01-03 12:00 - 2017-01-04 10:29 - 00024096 _____ C:\Users\Owner\Desktop\FRST.txt

2017-01-03 12:00 - 2017-01-03 12:15 - 00040044 _____ C:\Users\Owner\Desktop\Addition.txt

2017-01-03 11:59 - 2017-01-04 10:29 - 00000000 ____D C:\FRST

2017-01-03 11:54 - 2017-01-03 11:54 - 02418176 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe

2017-01-03 11:31 - 2017-01-04 09:53 - 00102856 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys

2017-01-03 11:31 - 2017-01-04 09:52 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys

2017-01-03 11:31 - 2017-01-04 09:52 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys

2017-01-03 11:31 - 2017-01-03 11:31 - 00176064 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys

2017-01-03 11:26 - 2017-01-04 09:52 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2017-01-03 11:25 - 2017-01-03 11:25 - 00001828 _____ C:\Users\Public\Desktop\Malwarebytes.lnk

2017-01-03 11:25 - 2017-01-03 11:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes

2017-01-03 11:25 - 2017-01-03 11:25 - 00000000 ____D C:\Program Files\Malwarebytes

2017-01-03 11:25 - 2016-12-14 12:55 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys

2017-01-03 11:16 - 2017-01-03 11:17 - 54199488 _____ (Malwarebytes ) C:\Users\Owner\Desktop\mb3-setup-consumer-3.0.5.1299.exe

2017-01-02 15:36 - 2017-01-02 15:43 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2017-01-02 15:01 - 2017-01-02 15:01 - 00000000 ____D C:\NPE

2017-01-02 15:00 - 2016-12-31 10:39 - 00000118 _____ C:\Windows\ntbtlog.txt

2017-01-02 14:59 - 2017-01-02 15:12 - 00000000 ____D C:\Users\Owner\AppData\Local\NPE

2017-01-02 14:59 - 2017-01-02 14:59 - 00000000 ____D C:\ProgramData\Norton

2017-01-01 09:23 - 2017-01-01 09:23 - 00001152 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager.lnk

2017-01-01 09:23 - 2017-01-01 09:23 - 00001140 _____ C:\Users\Public\Desktop\Security Task Manager.lnk

2017-01-01 09:23 - 2017-01-01 09:23 - 00000000 ____D C:\Program Files (x86)\Security Task Manager

2017-01-01 09:22 - 2017-01-01 09:22 - 02840616 _____ C:\Users\Owner\Downloads\SecurityTaskManager_Setup.exe

2016-12-31 12:06 - 2017-01-04 09:49 - 03212857 ____H C:\Users\Owner\AppData\Local\IconCache.db

2016-12-31 11:21 - 2016-12-31 11:21 - 00003704 _____ C:\Windows\System32\Tasks\Owner

2016-12-31 10:48 - 2017-01-04 10:09 - 00355014 _____ C:\Windows\WindowsUpdate.log

2016-12-31 10:46 - 2016-12-31 10:46 - 00069456 _____ C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT

2016-12-31 10:40 - 2017-01-04 09:52 - 00001546 _____ C:\Windows\setupact.log

2016-12-31 10:40 - 2016-12-31 10:40 - 00000000 _____ C:\Windows\setuperr.log

2016-12-31 10:39 - 2017-01-03 23:45 - 00002650 _____ C:\Windows\PFRO.log

2016-12-31 10:39 - 2016-12-31 10:40 - 00317368 _____ C:\Windows\system32\FNTCACHE.DAT

2016-12-31 10:17 - 2016-12-31 10:17 - 00000000 ____D C:\Program Files (x86)\VulkanRT

2016-12-31 10:17 - 2016-12-12 01:23 - 00134712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe

2016-12-31 10:17 - 2016-09-10 01:25 - 00269600 _____ C:\Windows\SysWOW64\vulkan-1.dll

2016-12-31 10:17 - 2016-09-10 01:25 - 00261920 _____ C:\Windows\system32\vulkan-1.dll

2016-12-31 10:17 - 2016-09-10 01:25 - 00110880 _____ C:\Windows\SysWOW64\vulkaninfo.exe

2016-12-31 10:17 - 2016-09-10 01:24 - 00125216 _____ C:\Windows\system32\vulkaninfo.exe

2016-12-31 10:16 - 2016-12-12 09:37 - 00041334 _____ C:\Windows\system32\nvinfo.pb

2016-12-31 08:05 - 2016-12-31 08:05 - 00108702 _____ C:\Users\Owner\Desktop\Desk Top Icons.JPG

2016-12-30 23:15 - 2017-01-03 16:05 - 00000000 ____D C:\Users\Owner\Desktop\Max Registry Cleaner

2016-12-30 12:21 - 2016-12-30 12:21 - 00003120 _____ C:\Windows\System32\Tasks\{A2C39715-CC36-4DBA-B963-4961EFD84C41}

2016-12-30 09:41 - 2016-12-30 09:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech

2016-12-30 09:40 - 2016-12-30 09:41 - 00000000 ____D C:\Program Files\Common Files\Logishrd

2016-12-30 09:40 - 2016-12-30 09:40 - 00000000 ____D C:\Program Files\Logitech

2016-12-28 18:22 - 2016-12-28 18:22 - 00000000 ____D C:\Users\Owner\AppData\Roaming\ESET

2016-12-28 18:20 - 2017-01-04 10:18 - 00524288 ___SH C:\Windows\system32\config\components{2418c57f-ccef-11e6-ab8f-a0a8cde36c96}.TMContainer00000000000000000001.regtrans-ms

2016-12-28 18:20 - 2017-01-04 10:18 - 00065536 ___SH C:\Windows\system32\config\components{2418c57f-ccef-11e6-ab8f-a0a8cde36c96}.TM.blf

2016-12-28 18:20 - 2016-12-28 18:30 - 00524288 ___SH C:\Windows\system32\config\components{2418c57f-ccef-11e6-ab8f-a0a8cde36c96}.TMContainer00000000000000000002.regtrans-ms

2016-12-27 17:32 - 2016-12-27 17:32 - 00153216 _____ (ESET) C:\Windows\system32\Drivers\ekbdflt.sys

2016-12-27 17:29 - 2016-12-27 17:29 - 00000000 ____D C:\Users\Owner\AppData\Local\ESET

2016-12-27 17:28 - 2016-12-27 17:28 - 00001988 _____ C:\Users\Public\Desktop\ESET Banking & Payment protection.lnk

2016-12-27 17:28 - 2016-12-27 17:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET

2016-12-27 17:28 - 2016-12-27 17:28 - 00000000 ____D C:\ProgramData\ESET

2016-12-27 17:28 - 2016-12-27 17:28 - 00000000 ____D C:\Program Files\ESET

2016-12-27 16:57 - 2016-12-31 06:46 - 00000000 ____D C:\Program Files (x86)\TeamViewer

2016-12-27 16:57 - 2016-12-27 16:57 - 00001048 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk

2016-12-27 16:57 - 2016-12-27 16:57 - 00001036 _____ C:\Users\Public\Desktop\TeamViewer 12.lnk

2016-12-27 14:46 - 2016-12-27 14:46 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ICCWDT_01009.Wdf

2016-12-27 07:50 - 2016-12-31 11:20 - 00003492 _____ C:\Windows\System32\Tasks\Owner DBAgent 2 0

2016-12-26 13:31 - 2016-12-28 11:01 - 00001064 _____ C:\Users\Public\Desktop\Max Registry Cleaner.lnk

2016-12-26 13:31 - 2016-12-26 13:31 - 00000000 ____D C:\Windows\MaxSecureBackup

2016-12-26 13:31 - 2016-12-26 13:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Max Registry Cleaner

2016-12-24 16:42 - 2016-12-24 21:58 - 00003836 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2016-12-24 16:42 - 2016-12-24 21:58 - 00003832 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2016-12-24 16:42 - 2016-12-24 21:58 - 00003832 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2016-12-24 16:42 - 2016-12-24 21:58 - 00003824 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2016-12-24 16:42 - 2016-12-24 21:58 - 00003648 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2016-12-24 16:42 - 2016-12-24 21:58 - 00003588 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2016-12-24 16:42 - 2016-12-12 01:47 - 00001951 _____ C:\Windows\NvContainerRecovery.bat

2016-12-24 09:10 - 2016-12-24 09:11 - 00000000 ____D C:\Users\Owner\AppData\Local\AvastSupport

2016-12-24 06:18 - 2016-12-24 06:18 - 00000000 ____D C:\Users\Owner\AppData\Roaming\NVIDIA

2016-12-23 11:22 - 2017-01-03 16:10 - 00016024 _____ C:\Users\Owner\Desktop\hijackthis 03.01.2017.log

2016-12-23 11:16 - 2016-12-23 11:16 - 00388608 _____ (Trend Micro Inc.) C:\Users\Owner\Desktop\HijackThis.exe

2016-12-23 05:58 - 2016-12-23 05:58 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2016-12-23 05:58 - 2016-12-23 05:58 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2016-12-21 19:52 - 2016-12-21 23:32 - 00000000 ____D C:\Users\Owner\Desktop\forth Router

2016-12-21 13:57 - 2016-07-20 02:19 - 00715424 _____ (Sysinternals - www.sysinternals.com) C:\Users\Owner\Desktop\Autoruns.exe

2016-12-21 13:57 - 2006-06-26 04:05 - 00442368 _____ (Steven R. Gould) C:\Users\Owner\Desktop\Cleanup.exe

2016-12-21 13:45 - 2016-12-19 15:19 - 03977168 _____ C:\Users\Owner\Desktop\adwcleaner_6.041.exe

2016-12-21 10:35 - 2016-12-21 13:29 - 00000000 ___RD C:\Program Files (x86)\Skype

2016-12-21 10:35 - 2016-12-21 10:35 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk

2016-12-21 10:35 - 2016-12-21 10:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2016-12-21 10:18 - 2017-01-04 09:49 - 00000000 ____D C:\AdwCleaner

2016-12-21 09:53 - 2016-12-27 16:57 - 00000000 ____D C:\Users\Owner\AppData\Roaming\TeamViewer

2016-12-21 08:56 - 2016-12-28 11:57 - 00524288 ___SH C:\Windows\system32\config\components{3ff5b424-c720-11e6-b8cc-d823ae52fd8d}.TMContainer00000000000000000001.regtrans-ms

2016-12-21 08:56 - 2016-12-28 11:57 - 00065536 ___SH C:\Windows\system32\config\components{3ff5b424-c720-11e6-b8cc-d823ae52fd8d}.TM.blf

2016-12-21 08:56 - 2016-12-21 08:56 - 00524288 ___SH C:\Windows\system32\config\components{3ff5b424-c720-11e6-b8cc-d823ae52fd8d}.TMContainer00000000000000000002.regtrans-ms

2016-12-20 01:38 - 2017-01-04 09:52 - 4218486784 ___SH C:\pagefile.sys

2016-12-19 19:37 - 2016-12-19 19:37 - 00000000 ____D C:\Program Files (x86)\Windows Installer Clean Up

2016-12-19 19:36 - 2016-12-19 19:36 - 00003114 _____ C:\Windows\System32\Tasks\{62D5BDD0-602B-4C6C-AAB8-469CB87A0460}

2016-12-19 19:36 - 2016-12-19 19:36 - 00000000 ____D C:\Program Files (x86)\MSECACHE

2016-12-19 07:18 - 2016-12-12 09:37 - 40125496 _____ C:\Windows\system32\nvcompiler.dll

2016-12-19 07:18 - 2016-12-12 09:37 - 35222976 _____ C:\Windows\SysWOW64\nvcompiler.dll

2016-12-19 07:18 - 2016-12-12 09:37 - 34703416 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll

2016-12-19 07:18 - 2016-12-12 09:37 - 28138432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll

2016-12-19 07:18 - 2016-12-12 09:37 - 14073400 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys

2016-12-19 07:18 - 2016-12-12 09:37 - 10912744 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll

2016-12-19 07:18 - 2016-12-12 09:37 - 10795312 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll

2016-12-19 07:18 - 2016-12-12 09:37 - 10345696 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll

2016-12-19 07:18 - 2016-12-12 09:37 - 09151216 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll

2016-12-19 07:18 - 2016-12-12 09:37 - 08913328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll

2016-12-19 07:18 - 2016-12-12 09:37 - 08753832 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll

2016-12-19 07:18 - 2016-12-12 09:37 - 03640376 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll

2016-12-19 07:18 - 2016-12-12 09:37 - 03206080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll

2016-12-19 07:18 - 2016-12-12 09:37 - 01953336 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437633.dll

2016-12-19 07:18 - 2016-12-12 09:37 - 01586744 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437633.dll

2016-12-19 07:18 - 2016-12-12 09:37 - 01036224 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll

2016-12-19 07:18 - 2016-12-12 09:37 - 00975416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll

2016-12-19 07:18 - 2016-12-12 09:37 - 00944184 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll

2016-12-19 07:18 - 2016-12-12 09:37 - 00896056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll

2016-12-19 07:18 - 2016-12-12 09:37 - 00683640 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll

2016-12-19 07:18 - 2016-12-12 09:37 - 00572888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll

2016-12-19 07:18 - 2016-12-12 09:37 - 00521096 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll

2016-12-19 07:18 - 2016-12-12 09:37 - 00438208 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll

2016-12-19 07:18 - 2016-12-12 09:37 - 00435904 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll

2016-12-19 07:18 - 2016-12-12 09:37 - 00388544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll

2016-12-19 06:27 - 2016-12-24 21:58 - 00001417 _____ C:\Users\Public\Desktop\GeForce Experience.lnk

2016-12-19 06:27 - 2016-12-12 21:36 - 00001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat

2016-12-18 07:56 - 2016-12-18 09:01 - 00524288 ___SH C:\Users\Owner\ntuser.dat{1f2ac3cd-c4bc-11e6-bced-ab41cb59da8c}.TMContainer00000000000000000002.regtrans-ms

2016-12-18 07:56 - 2016-12-18 09:01 - 00524288 ___SH C:\Users\Owner\ntuser.dat{1f2ac3cd-c4bc-11e6-bced-ab41cb59da8c}.TMContainer00000000000000000001.regtrans-ms

2016-12-18 07:56 - 2016-12-18 09:01 - 00065536 ___SH C:\Users\Owner\ntuser.dat{1f2ac3cd-c4bc-11e6-bced-ab41cb59da8c}.TM.blf

2016-12-17 17:47 - 2017-01-04 09:52 - 00003320 _____ C:\ProgramData\NvTelemetryContainer.log

2016-12-17 17:47 - 2017-01-04 09:51 - 00003320 _____ C:\ProgramData\NvTelemetryContainer.log_backup1

2016-12-17 17:47 - 2016-12-17 17:47 - 00000000 ____D C:\Users\Owner\AppData\Local\Chromium

2016-12-17 17:46 - 2016-12-13 06:30 - 00156096 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll

2016-12-17 17:46 - 2016-12-13 06:30 - 00123840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll

2016-12-17 17:46 - 2016-12-13 06:30 - 00046016 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys

2016-12-15 07:04 - 2016-12-15 07:04 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_XtuAcpiDriver_01011.Wdf

2016-12-15 07:03 - 2016-11-22 01:16 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2016-12-15 07:03 - 2016-11-22 01:16 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2016-12-15 07:03 - 2016-11-22 01:12 - 01462272 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2016-12-15 07:03 - 2016-11-22 01:12 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2016-12-15 07:03 - 2016-11-22 01:12 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2016-12-15 07:03 - 2016-11-22 01:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2016-12-15 07:03 - 2016-11-22 01:12 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll

2016-12-15 07:03 - 2016-11-22 01:12 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2016-12-15 07:03 - 2016-11-22 01:12 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2016-12-15 07:03 - 2016-11-22 01:12 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2016-12-15 07:03 - 2016-11-22 01:12 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2016-12-15 07:03 - 2016-11-22 01:12 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll

2016-12-15 07:03 - 2016-11-22 01:12 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

2016-12-15 07:03 - 2016-11-22 01:12 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2016-12-15 07:03 - 2016-11-22 01:12 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll

2016-12-15 07:03 - 2016-11-22 01:12 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll

2016-12-15 07:03 - 2016-11-22 01:12 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2016-12-15 07:03 - 2016-11-22 01:12 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll

2016-12-15 07:03 - 2016-11-22 01:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll

2016-12-15 07:03 - 2016-11-22 01:12 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2016-12-15 07:03 - 2016-11-22 01:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2016-12-15 07:03 - 2016-11-22 01:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2016-12-15 07:03 - 2016-11-20 23:20 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2016-12-15 07:03 - 2016-11-20 23:20 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll

2016-12-15 07:03 - 2016-11-20 23:20 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2016-12-15 07:03 - 2016-11-20 23:20 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll

2016-12-15 07:03 - 2016-11-20 23:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2016-12-15 07:03 - 2016-11-20 23:19 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll

2016-12-15 07:03 - 2016-11-20 23:19 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2016-12-15 07:03 - 2016-11-20 23:19 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll

2016-12-15 07:03 - 2016-11-20 23:19 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll

2016-12-15 07:03 - 2016-11-20 23:19 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2016-12-15 07:03 - 2016-11-20 23:19 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2016-12-15 07:03 - 2016-11-20 23:19 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll

2016-12-15 07:03 - 2016-11-20 23:19 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll

2016-12-15 07:03 - 2016-11-20 23:19 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll

2016-12-15 07:03 - 2016-11-20 23:19 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll

2016-12-15 07:03 - 2016-11-20 23:19 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2016-12-15 07:03 - 2016-11-20 23:19 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2016-12-15 07:03 - 2016-11-20 23:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe

2016-12-15 07:03 - 2016-11-20 22:58 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys

2016-12-15 07:03 - 2016-11-20 22:57 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys

2016-12-15 07:03 - 2016-11-20 22:57 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys

2016-12-15 07:03 - 2016-11-20 22:57 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe

2016-12-15 07:03 - 2016-11-20 22:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2016-12-15 07:03 - 2016-11-20 22:52 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll

2016-12-15 07:03 - 2016-11-20 21:07 - 00467392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

2016-12-15 07:03 - 2016-11-17 23:41 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys

2016-12-15 07:03 - 2016-11-15 06:27 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2016-12-15 07:03 - 2016-11-15 05:39 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2016-12-15 07:03 - 2016-11-13 02:48 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2016-12-15 07:03 - 2016-11-13 02:48 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2016-12-15 07:03 - 2016-11-13 02:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2016-12-15 07:03 - 2016-11-13 02:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2016-12-15 07:03 - 2016-11-13 02:26 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2016-12-15 07:03 - 2016-11-13 02:25 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2016-12-15 07:03 - 2016-11-13 02:25 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2016-12-15 07:03 - 2016-11-13 02:21 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2016-12-15 07:03 - 2016-11-13 02:15 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2016-12-15 07:03 - 2016-11-13 02:14 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2016-12-15 07:03 - 2016-11-13 02:09 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2016-12-15 07:03 - 2016-11-13 02:08 - 25759744 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2016-12-15 07:03 - 2016-11-13 02:08 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2016-12-15 07:03 - 2016-11-13 02:08 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2016-12-15 07:03 - 2016-11-13 02:07 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2016-12-15 07:03 - 2016-11-13 02:07 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2016-12-15 07:03 - 2016-11-13 01:56 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2016-12-15 07:03 - 2016-11-13 01:53 - 06049280 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2016-12-15 07:03 - 2016-11-13 01:52 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2016-12-15 07:03 - 2016-11-13 01:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2016-12-15 07:03 - 2016-11-13 01:41 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2016-12-15 07:03 - 2016-11-13 01:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll

2016-12-15 07:03 - 2016-11-13 01:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2016-12-15 07:03 - 2016-11-13 01:34 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2016-12-15 07:03 - 2016-11-13 01:31 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2016-12-15 07:03 - 2016-11-13 01:30 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2016-12-15 07:03 - 2016-11-13 01:29 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2016-12-15 07:03 - 2016-11-13 01:29 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2016-12-15 07:03 - 2016-11-13 01:29 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2016-12-15 07:03 - 2016-11-13 01:28 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll

2016-12-15 07:03 - 2016-11-13 01:27 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2016-12-15 07:03 - 2016-11-13 01:20 - 02287616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2016-12-15 07:03 - 2016-11-13 01:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2016-12-15 07:03 - 2016-11-13 01:19 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2016-12-15 07:03 - 2016-11-13 01:17 - 20302848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2016-12-15 07:03 - 2016-11-13 01:15 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2016-12-15 07:03 - 2016-11-13 01:14 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2016-12-15 07:03 - 2016-11-13 01:14 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2016-12-15 07:03 - 2016-11-13 01:14 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll

2016-12-15 07:03 - 2016-11-13 01:14 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2016-12-15 07:03 - 2016-11-13 01:11 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2016-12-15 07:03 - 2016-11-13 01:10 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2016-12-15 07:03 - 2016-11-13 01:08 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2016-12-15 07:03 - 2016-11-13 01:08 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2016-12-15 07:03 - 2016-11-13 01:03 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2016-12-15 07:03 - 2016-11-13 00:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2016-12-15 07:03 - 2016-11-13 00:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll

2016-12-15 07:03 - 2016-11-13 00:52 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2016-12-15 07:03 - 2016-11-13 00:51 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2016-12-15 07:03 - 2016-11-13 00:49 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2016-12-15 07:03 - 2016-11-13 00:47 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll

2016-12-15 07:03 - 2016-11-13 00:41 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2016-12-15 07:03 - 2016-11-13 00:40 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll

2016-12-15 07:03 - 2016-11-13 00:38 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2016-12-15 07:03 - 2016-11-13 00:37 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2016-12-15 07:03 - 2016-11-13 00:36 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2016-12-15 07:03 - 2016-11-13 00:36 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2016-12-15 07:03 - 2016-11-13 00:35 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2016-12-15 07:03 - 2016-11-13 00:21 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2016-12-15 07:03 - 2016-11-13 00:20 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2016-12-15 07:03 - 2016-11-13 00:11 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2016-12-15 07:03 - 2016-11-13 00:05 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2016-12-15 07:03 - 2016-11-13 00:02 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2016-12-15 07:03 - 2016-11-13 00:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2016-12-15 07:03 - 2016-11-10 23:32 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll

2016-12-15 07:03 - 2016-11-10 23:19 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll

2016-12-15 07:03 - 2016-11-09 23:41 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe

2016-12-15 07:03 - 2016-11-09 23:33 - 03244032 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2016-12-15 07:03 - 2016-11-09 23:33 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

2016-12-15 07:03 - 2016-11-09 23:33 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll

2016-12-15 07:03 - 2016-11-09 23:33 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll

2016-12-15 07:03 - 2016-11-09 23:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll

2016-12-15 07:03 - 2016-11-09 23:33 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2016-12-15 07:03 - 2016-11-09 23:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

2016-12-15 07:03 - 2016-11-09 23:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2016-12-15 07:03 - 2016-11-09 23:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll

2016-12-15 07:03 - 2016-11-09 23:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll

2016-12-15 07:03 - 2016-11-09 23:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2016-12-15 07:03 - 2016-11-09 23:02 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe

2016-12-15 07:03 - 2016-11-09 22:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe

2016-12-15 07:03 - 2016-11-06 23:33 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2016-12-15 07:03 - 2016-11-06 23:16 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2016-12-15 07:03 - 2016-11-06 23:01 - 03219456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2016-12-15 07:03 - 2016-10-27 22:33 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll

2016-12-15 07:03 - 2016-10-27 22:20 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll

2016-12-14 20:10 - 2016-12-15 23:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2016-12-14 10:10 - 2016-12-14 10:10 - 00010054 _____ C:\Windows\SysWOW64\test.bmp

2016-12-14 06:43 - 2016-12-14 06:48 - 00524288 ___SH C:\Users\Owner\ntuser.dat{beb5abc2-c185-11e6-b5ff-e4d146d3197f}.TMContainer00000000000000000002.regtrans-ms

2016-12-14 06:43 - 2016-12-14 06:48 - 00524288 ___SH C:\Users\Owner\ntuser.dat{beb5abc2-c185-11e6-b5ff-e4d146d3197f}.TMContainer00000000000000000001.regtrans-ms

2016-12-14 06:43 - 2016-12-14 06:48 - 00065536 ___SH C:\Users\Owner\ntuser.dat{beb5abc2-c185-11e6-b5ff-e4d146d3197f}.TM.blf

2016-12-13 10:12 - 2016-12-14 06:43 - 00000000 ____D C:\Program Files (x86)\Innovative Solutions

2016-12-12 15:18 - 2016-12-12 09:37 - 17376896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll

2016-12-12 15:18 - 2016-12-12 09:37 - 14410472 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll

2016-12-12 15:18 - 2016-12-03 03:42 - 00212936 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys

2016-12-12 15:18 - 2016-12-03 03:42 - 00046024 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll

2016-12-12 15:18 - 2016-12-02 02:52 - 01951680 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437619.dll

2016-12-12 15:18 - 2016-12-02 02:52 - 01586744 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437619.dll

2016-12-12 15:18 - 2016-12-02 02:52 - 00000669 _____ C:\Windows\SysWOW64\nv-vk32.json

2016-12-12 15:18 - 2016-12-02 02:52 - 00000669 _____ C:\Windows\system32\nv-vk64.json

2016-12-12 14:55 - 2016-12-21 08:44 - 00524288 ___SH C:\Windows\system32\config\components{e0733e4a-c036-11e6-b068-d4b2c5db6a7a}.TMContainer00000000000000000001.regtrans-ms

2016-12-12 14:55 - 2016-12-21 08:44 - 00065536 ___SH C:\Windows\system32\config\components{e0733e4a-c036-11e6-b068-d4b2c5db6a7a}.TM.blf

2016-12-12 14:55 - 2016-12-12 14:56 - 00524288 ___SH C:\Windows\system32\config\components{e0733e4a-c036-11e6-b068-d4b2c5db6a7a}.TMContainer00000000000000000002.regtrans-ms

2016-12-12 12:46 - 2016-12-12 13:46 - 00524288 ___SH C:\Users\Owner\ntuser.dat{b14be9c5-c02c-11e6-a112-a0a8cde36c96}.TMContainer00000000000000000002.regtrans-ms

2016-12-12 12:46 - 2016-12-12 13:46 - 00524288 ___SH C:\Users\Owner\ntuser.dat{b14be9c5-c02c-11e6-a112-a0a8cde36c96}.TMContainer00000000000000000001.regtrans-ms

2016-12-12 12:46 - 2016-12-12 13:46 - 00065536 ___SH C:\Users\Owner\ntuser.dat{b14be9c5-c02c-11e6-a112-a0a8cde36c96}.TM.blf

2016-12-12 12:35 - 2016-12-12 12:44 - 00524288 ___SH C:\Users\Owner\ntuser.dat{9d057f09-c027-11e6-9c74-87b9a3541b26}.TMContainer00000000000000000002.regtrans-ms

2016-12-12 12:35 - 2016-12-12 12:44 - 00524288 ___SH C:\Users\Owner\ntuser.dat{9d057f09-c027-11e6-9c74-87b9a3541b26}.TMContainer00000000000000000001.regtrans-ms

2016-12-12 12:35 - 2016-12-12 12:44 - 00065536 ___SH C:\Users\Owner\ntuser.dat{9d057f09-c027-11e6-9c74-87b9a3541b26}.TM.blf

2016-12-10 23:48 - 2016-12-10 23:48 - 00000000 ____D C:\ProgramData\VS Revo Group

2016-12-10 22:10 - 2016-12-12 11:19 - 00524288 ___SH C:\Windows\system32\config\components{4f6dfd67-beea-11e6-8b9a-8f0855889368}.TMContainer00000000000000000001.regtrans-ms

2016-12-10 22:10 - 2016-12-12 11:19 - 00065536 ___SH C:\Windows\system32\config\components{4f6dfd67-beea-11e6-8b9a-8f0855889368}.TM.blf

2016-12-10 22:10 - 2016-12-10 22:20 - 00524288 ___SH C:\Windows\system32\config\components{4f6dfd67-beea-11e6-8b9a-8f0855889368}.TMContainer00000000000000000002.regtrans-ms

2016-12-10 21:56 - 2016-12-10 21:56 - 00000000 ____D C:\Program Files\Intel Driver Update Utility

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-04 10:27 - 2015-02-20 23:21 - 00000000 ____D C:\Users\Owner\Desktop\Winword

2017-01-04 10:25 - 2016-11-19 07:53 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\Mozilla

2017-01-04 10:15 - 2015-02-12 19:42 - 00000000 ____D C:\ProgramData\NVIDIA

2017-01-04 10:00 - 2009-07-14 11:45 - 00026928 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2017-01-04 10:00 - 2009-07-14 11:45 - 00026928 ___HC C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2017-01-04 09:52 - 2009-07-14 12:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2017-01-04 09:44 - 2015-02-20 18:12 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Skype

2017-01-04 07:46 - 2015-02-20 17:58 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{049A4847-1101-44F8-B703-1DAD425BE0FA}

2017-01-04 07:06 - 2016-07-04 18:26 - 00000000 ____D C:\ProgramData\Foxit Software

2017-01-02 15:36 - 2015-04-12 00:19 - 00000000 ____D C:\ProgramData\Malwarebytes

2017-01-02 11:29 - 2015-03-19 21:56 - 00000000 ____D C:\Users\Owner\Desktop\ROV

2017-01-02 05:42 - 2016-03-10 16:45 - 00000000 ____D C:\Users\Owner\Desktop\2016 - 2017 O2 Phone Bill

2017-01-02 05:33 - 2009-07-14 12:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2017-01-01 18:14 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\inf

2016-12-31 17:27 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\system32\LogFiles

2016-12-31 10:58 - 2015-04-02 22:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

2016-12-31 10:56 - 2015-08-12 21:44 - 00004235 _____ C:\Users\Owner\AppData\Roaming\Rim.DesktopHelper.Exception.log

2016-12-31 10:56 - 2015-08-12 21:44 - 00004081 _____ C:\Users\Owner\AppData\Roaming\Rim.Desktop.Exception.log

2016-12-31 10:54 - 2016-04-11 09:00 - 00000000 ____D C:\Users\Owner\Desktop\Bike Lift

2016-12-31 10:48 - 2015-02-10 16:41 - 00000000 ____D C:\Windows\SoftwareDistribution

2016-12-31 10:44 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\System32

2016-12-31 10:43 - 2009-07-14 11:45 - 00012288 _____ C:\Windows\system32\umstartup.etl

2016-12-31 10:18 - 2015-08-22 07:24 - 00000000 ____D C:\temp

2016-12-31 10:18 - 2015-02-12 19:42 - 00000000 ____D C:\ProgramData\NVIDIA Corporation

2016-12-31 10:18 - 2015-02-12 19:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation

2016-12-31 10:17 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\SysWOW64

2016-12-31 10:17 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\system32\DriverStore

2016-12-31 10:16 - 2015-02-19 17:08 - 00000442 ___SH C:\Users\Owner\Desktop\desktop.ini

2016-12-31 10:16 - 2009-07-14 11:54 - 00000174 ___SH C:\Users\Public\Desktop\desktop.ini

2016-12-31 10:16 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\system32\catroot2

2016-12-31 10:04 - 2009-07-14 11:45 - 00021504 _____ C:\Windows\system32\umstartup000.etl

2016-12-31 08:56 - 2015-03-19 05:06 - 00000000 ___RD C:\Users\Owner\Desktop\Downloads

2016-12-31 08:32 - 2015-03-20 16:53 - 00000000 ____D C:\Users\Owner\Desktop\mis

2016-12-30 12:29 - 2016-06-27 01:09 - 00000000 ____D C:\Windows\pss

2016-12-30 12:29 - 2015-02-19 17:08 - 00000000 ___RD C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2016-12-30 12:29 - 2009-07-14 10:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

2016-12-30 09:42 - 2015-11-11 11:52 - 00000000 __SHD C:\Config.Msi

2016-12-30 09:42 - 2015-02-10 16:43 - 00000000 __SHD C:\Windows\Installer

2016-12-30 09:41 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\winsxs

2016-12-30 09:40 - 2015-11-13 12:14 - 00000000 ____D C:\ProgramData\Logitech

2016-12-30 09:40 - 2015-02-10 16:48 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2016-12-30 09:40 - 2009-07-14 10:20 - 00000000 ____D C:\Program Files\Common Files

2016-12-30 09:34 - 2015-11-13 12:11 - 00000000 ____D C:\ProgramData\Logishrd

2016-12-29 22:43 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\system32\NDF

2016-12-29 07:02 - 2009-07-14 12:13 - 00784286 _____ C:\Windows\system32\PerfStringBackup.INI

2016-12-29 07:02 - 2009-07-14 09:36 - 00668134 _____ C:\Windows\system32\perfh009.dat

2016-12-29 07:02 - 2009-07-14 09:36 - 00127276 _____ C:\Windows\system32\perfc009.dat

2016-12-28 18:49 - 2015-11-13 12:14 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys

2016-12-28 18:22 - 2015-02-19 17:08 - 00000000 ____D C:\Users\Owner\AppData\Roaming

2016-12-28 18:12 - 2015-11-13 10:27 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Logishrd

2016-12-28 10:55 - 2015-02-19 17:08 - 00000000 ___RD C:\Users\Owner\Pictures

2016-12-28 10:11 - 2009-07-14 12:32 - 00000000 ____D C:\Windows\SysWOW64\LogFiles

2016-12-27 17:32 - 2016-06-23 14:31 - 00262792 _____ (ESET) C:\Windows\system32\Drivers\eamonm.sys

2016-12-27 17:32 - 2016-06-23 14:31 - 00208520 _____ (ESET) C:\Windows\system32\Drivers\epfw.sys

2016-12-27 17:32 - 2016-06-23 14:31 - 00197248 _____ (ESET) C:\Windows\system32\Drivers\ehdrv.sys

2016-12-27 17:32 - 2016-06-23 14:31 - 00084616 _____ (ESET) C:\Windows\system32\Drivers\epfwwfp.sys

2016-12-27 17:32 - 2016-06-23 14:31 - 00061568 _____ (ESET) C:\Windows\system32\Drivers\EpfwLWF.sys

2016-12-27 17:29 - 2009-07-14 11:45 - 00000000 ___SD C:\Windows\system32\Microsoft

2016-12-27 17:23 - 2015-02-28 03:46 - 00000966 _____ C:\Users\Owner\Documents\2FBA5EFE-0000002F.eml

2016-12-27 17:13 - 2015-02-20 17:48 - 00000000 ____D C:\ProgramData\AVAST Software

2016-12-27 16:57 - 2009-07-14 10:20 - 00000000 __RSD C:\Windows\Fonts

2016-12-26 13:31 - 2016-11-07 08:42 - 00000000 ____D C:\Program Files\Max Registry Cleaner

2016-12-24 21:58 - 2015-02-12 19:42 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation

2016-12-24 21:58 - 2015-02-12 19:41 - 00000000 ____D C:\Program Files\NVIDIA Corporation

2016-12-24 13:37 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\system32\config\RegBack

2016-12-23 05:58 - 2015-02-12 19:34 - 00000000 ____D C:\Program Files (x86)\Google

2016-12-22 09:38 - 2016-08-16 06:48 - 00011866 _____ C:\Windows\SysWOW64\swhealthex.log

2016-12-21 14:03 - 2016-06-24 13:03 - 00000000 ____D C:\Windows\System32\Tasks\Intel

2016-12-21 14:03 - 2015-12-03 22:17 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software

2016-12-21 14:03 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\Tasks

2016-12-21 13:29 - 2015-02-20 18:12 - 00000000 ____D C:\ProgramData\Skype

2016-12-21 10:22 - 2015-02-19 17:08 - 00000000 ___RD C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs

2016-12-19 07:18 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\system32\catroot

2016-12-19 06:27 - 2015-02-19 17:08 - 00000000 ____D C:\Users\Owner\AppData\Local\NVIDIA Corporation

2016-12-19 06:27 - 2015-02-10 16:56 - 00000000 ____D C:\ProgramData\Package Cache

2016-12-18 09:39 - 2015-03-19 23:04 - 00000000 ____D C:\Users\Owner\AppData\Local\Diagnostics

2016-12-18 07:56 - 2015-02-19 17:08 - 00000000 ____D C:\Users\Owner\AppData\Local\NVIDIA

2016-12-18 07:55 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\system32\wfp

2016-12-18 07:55 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\system32\wbem

2016-12-18 07:55 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\system32\config\TxR

2016-12-18 07:54 - 2015-02-10 16:57 - 00000000 ___HD C:\Windows\system32\WLANProfiles

2016-12-18 07:54 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\system32\config\systemprofile

2016-12-18 07:54 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\security

2016-12-18 07:54 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\registration

2016-12-18 07:54 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\Help

2016-12-17 17:10 - 2015-04-02 22:22 - 00000801 _____ C:\Users\Owner\Desktop\CCleaner.lnk

2016-12-17 11:43 - 2016-06-26 00:16 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files

2016-12-15 23:08 - 2015-02-20 04:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2016-12-15 13:42 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\rescache

2016-12-15 07:57 - 2015-02-28 05:46 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2016-12-15 07:57 - 2015-02-28 05:46 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2016-12-15 07:57 - 2015-02-28 05:46 - 00000000 ____D C:\Windows\SysWOW64\Macromed

2016-12-15 07:57 - 2015-02-28 05:46 - 00000000 ____D C:\Windows\system32\Macromed

2016-12-15 07:42 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\Microsoft.NET

2016-12-15 07:41 - 2009-07-14 10:20 - 00000000 __RSD C:\Windows\assembly

2016-12-15 07:22 - 2009-07-14 11:45 - 00000000 ____D C:\Windows\debug

2016-12-15 07:09 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\SysWOW64\en-US

2016-12-15 07:09 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\system32\en-US

2016-12-15 07:09 - 2009-07-14 10:20 - 00000000 ____D C:\Program Files\Internet Explorer

2016-12-15 07:09 - 2009-07-14 10:20 - 00000000 ____D C:\Program Files (x86)\Internet Explorer

2016-12-15 07:08 - 2015-02-20 21:41 - 00000000 ____D C:\ProgramData\Microsoft Help

2016-12-15 07:08 - 2015-02-19 17:35 - 00000000 ____D C:\Windows\system32\MRT

2016-12-15 07:07 - 2015-02-19 17:35 - 135632432 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe

2016-12-15 07:05 - 2015-02-10 16:46 - 00768596 _____ C:\Windows\SysWOW64\PerfStringBackup.INI

2016-12-15 07:02 - 2009-07-14 10:20 - 00000000 ____D C:\Windows\Logs

2016-12-14 06:43 - 2016-06-27 07:41 - 00000000 ____D C:\ProgramData\Innovative Solutions

2016-12-14 06:43 - 2015-03-19 04:32 - 00000000 ____D C:\Program Files (x86)\HP Button Manager

2016-12-13 06:30 - 2016-10-07 19:25 - 01853376 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll

2016-12-13 06:30 - 2016-10-07 19:25 - 01755072 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll

2016-12-13 06:30 - 2016-10-07 19:25 - 01452480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll

2016-12-13 06:30 - 2016-10-07 19:25 - 01317312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll

2016-12-13 06:30 - 2016-10-07 19:25 - 00120256 _____ C:\Windows\system32\NvRtmpStreamer64.dll

2016-12-12 12:45 - 2016-06-24 13:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility

2016-12-12 12:45 - 2016-06-24 13:03 - 00000000 ____D C:\Program Files (x86)\Intel Driver Update Utility

2016-12-12 12:45 - 2015-03-19 03:57 - 00000000 ____D C:\Users\Owner\AppData\Roaming\ArcSoft

2016-12-12 12:45 - 2015-02-21 01:06 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\Google

2016-12-12 12:45 - 2015-02-20 21:21 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Eusing

2016-12-12 12:45 - 2015-02-10 16:43 - 00000000 ____D C:\ProgramData\Intel

2016-12-12 12:45 - 2015-02-10 16:43 - 00000000 ____D C:\Program Files\Intel

2016-12-12 12:45 - 2015-02-10 16:43 - 00000000 ____D C:\Program Files (x86)\Intel

2016-12-12 12:45 - 2009-07-14 10:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories

2016-12-12 09:37 - 2015-08-22 07:23 - 17436808 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll

2016-12-12 09:37 - 2015-03-31 19:15 - 03479744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll

2016-12-12 09:37 - 2015-02-12 19:41 - 19947472 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll

2016-12-12 09:37 - 2015-02-12 19:41 - 03941536 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll

2016-12-12 01:47 - 2016-09-22 23:03 - 00548408 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll

2016-12-12 01:47 - 2016-09-22 23:03 - 00081856 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll

2016-12-12 01:47 - 2015-02-12 19:42 - 06384576 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll

2016-12-12 01:47 - 2015-02-12 19:42 - 02475968 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll

2016-12-12 01:47 - 2015-02-12 19:42 - 01764408 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll

2016-12-12 01:47 - 2015-02-12 19:42 - 00392128 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll

2016-12-12 01:47 - 2015-02-12 19:42 - 00071224 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll

2016-12-10 21:54 - 2016-09-23 07:39 - 00524288 ___SH C:\Windows\system32\config\components{bd139d52-8125-11e6-8974-a0a8cde36c9a}.TMContainer00000000000000000002.regtrans-ms

2016-12-10 21:54 - 2016-09-23 07:39 - 00065536 ___SH C:\Windows\system32\config\components{bd139d52-8125-11e6-8974-a0a8cde36c9a}.TM.blf

2016-12-09 15:52 - 2015-02-12 19:42 - 07639617 _____ C:\Windows\system32\nvcoproc.bin

2016-12-05 13:58 - 2016-02-01 10:31 - 00000000 ____D C:\Users\Owner\AppData\Local\CrashDumps

==================== Files in the root of some directories =======

2015-08-12 21:44 - 2016-12-31 10:56 - 0004081 _____ () C:\Users\Owner\AppData\Roaming\Rim.Desktop.Exception.log

2015-08-12 21:43 - 2015-08-12 21:43 - 0001153 _____ () C:\Users\Owner\AppData\Roaming\Rim.Desktop.HttpServerSetup.log

2015-08-12 21:44 - 2016-12-31 10:56 - 0004235 _____ () C:\Users\Owner\AppData\Roaming\Rim.DesktopHelper.Exception.log

2016-06-11 07:41 - 2016-06-26 23:20 - 0007606 _____ () C:\Users\Owner\AppData\Local\resmon.resmoncfg

2015-06-25 11:34 - 2015-06-25 11:34 - 0000057 _____ () C:\ProgramData\Ament.ini

2015-02-10 16:49 - 2015-02-10 16:49 - 0000000 ___HC () C:\ProgramData\DP45977C.lfl

2016-12-17 17:47 - 2017-01-04 09:52 - 0003320 _____ () C:\ProgramData\NvTelemetryContainer.log

2016-12-17 17:47 - 2017-01-04 09:51 - 0003320 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1

Some files in TEMP:

====================

C:\Users\Owner\AppData\Local\Temp\libeay32.dll

C:\Users\Owner\AppData\Local\Temp\msvcr120.dll

C:\Users\Owner\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-24 13:37

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-01-2017

Ran by Owner (04-01-2017 10:29:28)

Running from C:\Users\Owner\Desktop

Windows 7 Professional Service Pack 1 (X64) (2015-02-19 10:08:16)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3090456578-2289362299-1625809071-500 - Administrator - Disabled)

Guest (S-1-5-21-3090456578-2289362299-1625809071-501 - Limited - Disabled)

Owner (S-1-5-21-3090456578-2289362299-1625809071-1000 - Administrator - Enabled) => C:\Users\Owner

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}

AV: ESET Smart Security 9.0.408.0 (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}

AS: ESET Smart Security 9.0.408.0 (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}

AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: ESET Personal firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)

Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)

Alienware Command Center (HKLM-x32\...\InstallShield_{5DBA5090-EAB9-4E1C-8F92-C71A1423F14C}) (Version: 3.6.4.0 - Alienware Corp.)

Alienware Command Center (Version: 3.6.4.0 - Alienware Corp.) Hidden

Alienware On-Screen Display (HKLM-x32\...\InstallShield_{0D69462F-99CC-4F8D-942E-666E21CE59F8}) (Version: 0.33.0.10C - )

Alienware On-Screen Display (x32 Version: 0.33.0.10C - ) Hidden

Ansel (Version: 376.33 - NVIDIA Corporation) Hidden

BBC iPlayer Downloads (HKLM-x32\...\{148784F3-3B6E-4DFA-B7A1-3400B277DAF3}) (Version: 1.14.2 - BBC)

BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)

BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research In Motion Ltd.) Hidden

BlackBerry Device Software Updater (HKLM-x32\...\{E755A98B-F45F-4008-A1A5-FC4CB4D2177A}) (Version: 8.0.0.66 - Research In Motion Ltd)

BlackBerry Device Software v7.1.0 for the BlackBerry 9900 smartphone (HKLM-x32\...\{5E68751C-4CB6-485F-B2AB-3210FADC019F}) (Version: 7.1.0.1033 (Platform 5.1.0.692) - Research In Motion Ltd.)

CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)

CDDRV_Installer (Version: 4.60 - Logitech) Hidden

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.3.6855.61 - Dell)

Dell System Detect - 1 (HKU\S-1-5-21-3090456578-2289362299-1625809071-1000\...\58d94f3ce2c27db0) (Version: 7.11.0.6 - Dell)

Dell System Detect (HKU\S-1-5-21-3090456578-2289362299-1625809071-1000\...\73f463568823ebbe) (Version: 5.14.0.9 - Dell)

EMSC (x32 Version: 0.0.0.25 - Compal Electronics, Inc.) Hidden

erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden

ESET Smart Security (HKLM\...\{C20E6525-879A-47C3-BBC4-6B8096D3F53D}) (Version: 9.0.386.0 - ESET, spol. s r.o.)

Foxit PhantomPDF Standard (HKLM-x32\...\{EA576878-3D17-11E6-B85F-000C2992F709}) (Version: 8.0.1.628 - Foxit Software Inc.)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)

Google Earth (HKLM-x32\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google)

Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden

HP Button Manager (HKLM-x32\...\{465D6ACC-CAB9-40CD-ADAC-A91B071FA30E}) (Version: 3.5.00 - Hewlett-Packard)

HP Deskjet 5520 series Basic Device Software (HKLM\...\{014A59C8-DDA5-4788-906D-1F5CBA8A583D}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)

HP Deskjet 5520 series Help (HKLM-x32\...\{6346CC3B-9816-4C8F-B614-976ECEE7900F}) (Version: 27.0.0 - Hewlett Packard)

HP Deskjet 5520 series Product Improvement Study (HKLM\...\{29E392C4-E0C3-4E96-85B6-03B8E3963310}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)

HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)

HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)

HP Webcam Software Suite (HKLM-x32\...\{D10FE2E3-B2DE-4B0E-ACBD-F87A566B9649}) (Version: 1.1.1.13889 - Hewlett-Packard)

Intel® Driver Update Utility 2.5 (x32 Version: 2.5.0.22 - Intel) Hidden

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)

Intel® Product Improvement Program (x32 Version: 2.1.27.3 - Intel) Hidden

Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.7.1002 - Intel Corporation)

Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.0.0.102 - Intel Corporation)

Intel® Wireless Bluetooth®(patch version 19.0.1629.3590) (HKLM\...\{302600C1-6BDF-4FD1-1603-148929CC1385}) (Version: 19.0.1603.0650 - Intel Corporation)

Intel® Driver Update Utility (HKLM-x32\...\{aa1dec3b-dc4b-4db0-8c18-9157457eff1f}) (Version: 2.5.0.22 - Intel)

Intel® PROSet/Wireless Software (HKLM-x32\...\{bc883058-299e-461f-8e52-4f1dbb355f86}) (Version: 19.0.1 - Intel Corporation)

Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)

Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)

Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)

Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

KhalInstallWrapper (Version: 4.72.40 - Logitech) Hidden

Logitech SetPoint (HKLM-x32\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.72 - Logitech)

Malwarebytes version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)

Max Registry Cleaner (HKLM\...\{8D815D9B-4DD9-437E-BFE2-E7374D3E7025}_is1) (Version: 6.0.0.065 - MaxSecure Software)

Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)

Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)

Mozilla Firefox 50.1.0 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-GB)) (Version: 50.1.0 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)

Nemo PDF To Word (HKLM-x32\...\{6CA8C09B-FA99-49FE-9664-1CE823FAD510}_is1) (Version: - )

NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)

NVIDIA 3D Vision Driver 376.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.33 - NVIDIA Corporation)

NVIDIA GeForce Experience 3.2.0.96 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.2.0.96 - NVIDIA Corporation)

NVIDIA Graphics Driver 376.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.33 - NVIDIA Corporation)

NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)

NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)

NvNodejs (Version: 3.2.0.96 - NVIDIA Corporation) Hidden

NvTelemetry (Version: 2.0.0.0 - NVIDIA Corporation) Hidden

Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.0.23.1036 - Qualcomm Atheros) Hidden

Qualcomm Atheros Killer E220x Drivers (Version: 1.0.23.1036 - Qualcomm Atheros) Hidden

Qualcomm Atheros Killer Network Manager Suite (HKLM-x32\...\{1A258050-DBDF-48E6-B9B1-E404FF5903F7}) (Version: 1.0.23.1036 - Qualcomm Atheros)

Qualcomm Atheros Network Manager (Version: 1.0.23.1036 - Qualcomm Atheros) Hidden

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7260 - Realtek Semiconductor Corp.)

Realtek PCIE Card Reader (HKLM-x32\...\{0D61A55C-3ADC-409F-BF5B-A1766D1F5944}) (Version: 6.2.9200.28134 - Realtek Semiconductor Corp.)

Seagate Dashboard (HKLM-x32\...\{EA266F00-A8E7-43A0-8DED-FBFE3F076934}) (Version: 4.4.1902.0 - Seagate)

Security Task Manager 2.1h (HKLM-x32\...\Security Task Manager) (Version: 2.1h - Neuber Software)

SHIELD Streaming (Version: 7.1.0350 - NVIDIA Corporation) Hidden

SHIELD Wireless Controller Driver (Version: 3.2.0.96 - NVIDIA Corporation) Hidden

Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)

ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.12.0040 - ST Microelectronics)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.8.62 - Synaptics Incorporated)

TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)

TomTom HOME (HKLM-x32\...\{5DCB2EB3-87AD-426E-8D74-8B92C9D731C4}) (Version: 2.9.8 - TomTom)

TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)

Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)

VuRoom (HKLM-x32\...\Edison) (Version: - )

Web Components (HKLM-x32\...\{03B13AF8-9625-478A-AF0E-205337B9415A}_is1) (Version: - )

Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)

Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

WiTopia (HKLM\...\{9F59FA4D-E431-45FA-889F-EC68D998C7D2}_is1) (Version: 2.3.10.243 - WiTopia)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1912DF20-8B66-416B-8086-76CD8EB5412F} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-12-13] (NVIDIA Corporation)

Task: {343A192B-B2A1-47E6-9F33-7DBAA273D505} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-12-13] (NVIDIA Corporation)

Task: {592B51E9-5995-472F-A68F-C9BE997620FC} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-12-13] (NVIDIA Corporation)

Task: {5C3A7076-5954-43D0-BB8B-C31E6387E322} - System32\Tasks\{62D5BDD0-602B-4C6C-AAB8-469CB87A0460} => pcalua.exe -a C:\Users\Owner\Desktop\msicuu2.exe -d C:\Users\Owner\Desktop

Task: {69EDFDEA-3100-400F-A125-A06D8B9D374E} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-12-13] (NVIDIA Corporation)

Task: {A53B5451-2821-4714-BF3A-493727BD872F} - System32\Tasks\Owner => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2016-04-05] (Seagate Technology LLC)

Task: {B9DCE284-A6C9-44D7-A5CF-375A9893A187} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-12-13] (NVIDIA Corporation)

Task: {C09A8DD0-C5EA-485B-A027-1B4DFA19A8A3} - System32\Tasks\Owner DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2016-04-05] (Seagate Technology LLC)

Task: {C620F59E-C26B-47E0-AA2E-0F0B99218B5D} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-12-13] (NVIDIA Corporation)

Task: {CA3AD195-DF4D-4625-BAFA-D31E0899C45C} - System32\Tasks\{A2C39715-CC36-4DBA-B963-4961EFD84C41} => pcalua.exe -a C:\Users\Owner\Desktop\HijackThis.exe -d C:\Users\Owner\Desktop

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-04-07 23:38 - 2012-12-06 19:52 - 00136704 _____ () C:\Windows\System32\zlhp2600.dll

2016-03-09 20:43 - 2016-03-09 20:43 - 00118424 _____ () C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe

2017-01-03 11:25 - 2016-12-14 12:55 - 02259232 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll

2017-01-03 11:25 - 2016-12-14 12:55 - 02247632 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll

2017-01-03 11:25 - 2016-12-14 12:55 - 02813904 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll

2016-10-07 19:25 - 2016-12-13 06:30 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll

2016-10-07 19:25 - 2016-12-13 06:30 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll

2016-06-24 13:03 - 2016-03-09 20:43 - 00460952 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv.exe

2016-06-24 13:03 - 2016-03-09 20:43 - 00709272 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_modeler.dll

2016-06-24 13:03 - 2016-03-09 20:43 - 00188568 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\foreground_window_input.dll

2016-10-07 19:25 - 2016-12-13 06:30 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll

2016-10-07 19:25 - 2016-12-13 06:30 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll

2016-10-07 19:25 - 2016-12-13 06:30 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll

2015-11-11 03:41 - 2015-11-11 03:41 - 00756376 ____C () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:430C6D84 [127]

AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2 [109]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com

IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com

IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com

IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com

IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com

IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com

IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com

IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com

IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com

IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com

IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com

IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com

IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com

IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com

IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net

IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net

IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info

IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com

IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com

IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7871 more sites.

IE trusted site: HKU\S-1-5-21-3090456578-2289362299-1625809071-1000\...\dell.com -> dell.com

IE restricted site: HKU\S-1-5-21-3090456578-2289362299-1625809071-1000\...\007guard.com -> install.007guard.com

IE restricted site: HKU\S-1-5-21-3090456578-2289362299-1625809071-1000\...\008i.com -> 008i.com

IE restricted site: HKU\S-1-5-21-3090456578-2289362299-1625809071-1000\...\008k.com -> www.008k.com

IE restricted site: HKU\S-1-5-21-3090456578-2289362299-1625809071-1000\...\00hq.com -> www.00hq.com

IE restricted site: HKU\S-1-5-21-3090456578-2289362299-1625809071-1000\...\010402.com -> 010402.com

IE restricted site: HKU\S-1-5-21-3090456578-2289362299-1625809071-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com

IE restricted site: HKU\S-1-5-21-3090456578-2289362299-1625809071-1000\...\0scan.com -> www.0scan.com

IE restricted site: HKU\S-1-5-21-3090456578-2289362299-1625809071-1000\...\1-2005-search.com -> www.1-2005-search.com

IE restricted site: HKU\S-1-5-21-3090456578-2289362299-1625809071-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com

IE restricted site: HKU\S-1-5-21-3090456578-2289362299-1625809071-1000\...\1000gratisproben.com -> www.1000gratisproben.com

IE restricted site: HKU\S-1-5-21-3090456578-2289362299-1625809071-1000\...\1001namen.com -> www.1001namen.com

IE restricted site: HKU\S-1-5-21-3090456578-2289362299-1625809071-1000\...\100888290cs.com -> mir.100888290cs.com

IE restricted site: HKU\S-1-5-21-3090456578-2289362299-1625809071-1000\...\100sexlinks.com -> www.100sexlinks.com

IE restricted site: HKU\S-1-5-21-3090456578-2289362299-1625809071-1000\...\10sek.com -> www.10sek.com

IE restricted site: HKU\S-1-5-21-3090456578-2289362299-1625809071-1000\...\12-26.net -> user1.12-26.net

IE restricted site: HKU\S-1-5-21-3090456578-2289362299-1625809071-1000\...\12-27.net -> user1.12-27.net

IE restricted site: HKU\S-1-5-21-3090456578-2289362299-1625809071-1000\...\123fporn.info -> www.123fporn.info

IE restricted site: HKU\S-1-5-21-3090456578-2289362299-1625809071-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com

IE restricted site: HKU\S-1-5-21-3090456578-2289362299-1625809071-1000\...\123moviedownload.com -> www.123moviedownload.com

IE restricted site: HKU\S-1-5-21-3090456578-2289362299-1625809071-1000\...\123simsen.com -> www.123simsen.com

There are 7871 more sites.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 09:34 - 2016-08-21 10:25 - 00450954 ____R C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 1000gratisproben.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com

127.0.0.1 www.100sexlinks.com

127.0.0.1 100sexlinks.com

127.0.0.1 10sek.com

127.0.0.1 www.10sek.com

127.0.0.1 www.1-2005-search.com

127.0.0.1 1-2005-search.com

127.0.0.1 123fporn.info

127.0.0.1 www.123fporn.info

127.0.0.1 123haustiereundmehr.com

127.0.0.1 www.123haustiereundmehr.com

127.0.0.1 123moviedownload.com

127.0.0.1 www.123moviedownload.com

There are 15470 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3090456578-2289362299-1625809071-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 192.168.1.254

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Button Manager.lnk => C:\Windows\pss\HP Button Manager.lnk.CommonStartup

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Killer Network Manager.lnk => C:\Windows\pss\Killer Network Manager.lnk.CommonStartup

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk => C:\Windows\pss\Logitech SetPoint.lnk.CommonStartup

MSCONFIG\startupfolder: C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk => C:\Windows\pss\Logitech . Product Registration.lnk.Startup

MSCONFIG\startupfolder: C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Deskjet 5520 series.lnk => C:\Windows\pss\Monitor Ink Alerts - HP Deskjet 5520 series.lnk.Startup

MSCONFIG\startupreg: DBAgent => "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe" /WinStart

MSCONFIG\startupreg: EvtMgr6 =>

MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

MSCONFIG\startupreg: RCAutoLiveUpdate => C:\Program Files\Max Registry Cleaner\MaxLURC.exe -AUTO

MSCONFIG\startupreg: RCSystemTray => C:\Program Files\Max Registry Cleaner\MaxRCSystemTray.exe

MSCONFIG\startupreg: RIMBBLaunchAgent.exe => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"

MSCONFIG\startupreg: Uploader => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => %SystemRoot%\system32\sppsvc.exe

FirewallRules: [SPPSVC-In-TCP-NoScope] => %SystemRoot%\system32\sppsvc.exe

FirewallRules: [{A6E61A36-FA86-4890-B2AA-CAE382FE656A}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{CD0C55D2-8338-4583-8B63-4EDFBF732150}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{9B1B944D-9DB1-420E-BA11-5A07E7B05EB7}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

FirewallRules: [{45BEBF8C-1A39-4C69-AF57-E0E20108F4C6}] => LPort=2869

FirewallRules: [{E8EC789D-D8C4-480E-940F-B18A100EAE20}] => LPort=1900

FirewallRules: [{6A81004E-DE23-4FF4-A004-1D481661BFD6}] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

FirewallRules: [{073D0EE9-FC55-456C-9AD1-D2B6C2C8542A}] => C:\Program Files (x86)\Windows Live\Mesh\MOE.exe

FirewallRules: [TCP Query User{1950CD7B-5DE8-436A-9AA3-BB537FB4DCBA}C:\program files (x86)\mozilla firefox\firefox.exe] => C:\program files (x86)\mozilla firefox\firefox.exe

FirewallRules: [UDP Query User{AB1A9DF9-53AF-406C-953F-09DEC1829156}C:\program files (x86)\mozilla firefox\firefox.exe] => C:\program files (x86)\mozilla firefox\firefox.exe

FirewallRules: [{429AF49D-E621-4768-B7A4-0201CFD6924A}] => C:\Program Files\HP\HP Deskjet 5520 series\Bin\DeviceSetup.exe

FirewallRules: [{337964D4-EAE7-489C-8342-BB4E8A90184F}] => C:\Program Files\HP\HP Deskjet 5520 series\Bin\HPNetworkCommunicator.exe

FirewallRules: [{905EEBC8-5226-4AA3-A1A3-3D1F12719587}] => C:\Program Files\HP\HP Deskjet 5520 series\Bin\HPNetworkCommunicatorCom.exe

FirewallRules: [{259BF059-7259-47B7-95EB-25BC16E59DB8}] => C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe

FirewallRules: [{0191D10C-CAA8-4192-872E-D2CC7063B7B7}] => C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe

FirewallRules: [{A766E8A5-0A07-42BE-BCF6-EFBDF7265106}] => LPort=4481

FirewallRules: [{90855935-7ED8-47F1-A404-AF71BE684132}] => LPort=4481

FirewallRules: [{49F4EE23-2727-408F-A8D3-467C70A4A29B}] => LPort=4482

FirewallRules: [{06C0F06E-B972-4E9D-A2F9-7ED75FBCEDD8}] => LPort=4482

FirewallRules: [{EC44A7DD-22CB-4904-A371-9391E6B87C24}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{019731B2-4FB2-4E43-B087-56E4CE8DB225}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{4829ECFA-9670-4549-BFF3-CDA801EE625A}] => LPort=8888

FirewallRules: [{87BF5A19-0909-4738-B061-CCAF92BA6E86}] => C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

FirewallRules: [{169834CD-AEBC-4179-8395-E6AB8CB6B95A}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe

FirewallRules: [{01FC2988-6DC4-48E5-854D-0F55AE0A3687}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe

FirewallRules: [{687BF526-21D4-4A0B-B4C2-DB64783C94F9}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{14BBC720-D73D-45A6-8694-AECF6022151B}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{7EC8112C-70A2-462F-91E7-8F6E9EBF9B85}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe

FirewallRules: [{F3E78FF9-113C-4F4E-BA07-48BA01F990DE}] => C:\Program Files (x86)\Skype\Phone\Skype.exe

FirewallRules: [{3FF07573-5F93-4871-BE22-03BD44DDDCBC}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

FirewallRules: [{C6DF765F-9258-4736-803E-CE16D99BE296}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe

FirewallRules: [{8F315FF8-4DFF-4257-BEF0-3D19466F1827}] => C:\Program Files (x86)\TeamViewer\TeamViewer.exe

FirewallRules: [{904F5007-41A9-4C35-9B5B-92744DC62E25}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

FirewallRules: [{9E586F9C-21B4-4BF0-B6F4-30778CA6418A}] => C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Restore Points =========================

31-12-2016 20:03:37 Scheduled Checkpoint

02-01-2017 15:03:28 Norton_Power_Eraser_20170102150325338

04-01-2017 10:12:56 JRT Pre-Junkware Removal

04-01-2017 10:15:19 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: Viscosity Virtual Adapter V9.1

Description: Viscosity Virtual Adapter V9.1

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: SparkLabs Pty Ltd

Service: visctap0901

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:

==================

System errors:

=============

Error: (01/04/2017 10:29:34 AM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The Energy Server Service WILLAMETTE service terminated with the following error:

%%268439557

Error: (01/04/2017 10:29:24 AM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The Energy Server Service WILLAMETTE service terminated with the following error:

%%268439557

Error: (01/04/2017 10:26:07 AM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The Energy Server Service WILLAMETTE service terminated with the following error:

%%268439557

Error: (01/04/2017 10:25:57 AM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The Energy Server Service WILLAMETTE service terminated with the following error:

%%268439557

Error: (01/04/2017 10:22:43 AM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The Energy Server Service WILLAMETTE service terminated with the following error:

%%268439557

Error: (01/04/2017 10:22:33 AM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The Energy Server Service WILLAMETTE service terminated with the following error:

%%268439557

Error: (01/04/2017 10:19:19 AM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The Energy Server Service WILLAMETTE service terminated with the following error:

%%268439557

Error: (01/04/2017 10:19:09 AM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The Energy Server Service WILLAMETTE service terminated with the following error:

%%268439557

Error: (01/04/2017 10:15:55 AM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The Energy Server Service WILLAMETTE service terminated with the following error:

%%268439557

Error: (01/04/2017 10:15:45 AM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The Energy Server Service WILLAMETTE service terminated with the following error:

%%268439557

CodeIntegrity:

===================================

Date: 2017-01-04 09:52:04.746

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\btmaux.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2017-01-04 09:52:04.730

Date: 2017-01-04 09:51:05.245

Date: 2017-01-04 09:51:05.229

Date: 2017-01-04 09:50:04.682

Date: 2017-01-04 09:50:04.650

Date: 2017-01-04 07:06:09.758

Date: 2017-01-04 07:06:09.738

Date: 2017-01-03 23:45:18.334

Date: 2017-01-03 23:45:18.314

==================== Memory info ===========================

Processor: Intel® Core™ i7-4910MQ CPU @ 2.90GHz

Percentage of memory in use: 12%

Total physical RAM: 32695.06 MB

Available physical RAM: 28604.82 MB

Total Virtual: 65388.31 MB

Available Virtual: 61087.4 MB

==================== Drives ================================

Drive e: (DATA1) (Fixed) (Total:931.51 GB) (Free:751 GB) NTFS

Drive f: (DATA2) (Fixed) (Total:74.4 GB) (Free:38.17 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: BACA22BC)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)

========================================================

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: A5B70F2B)

Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================

Disk: 2 (Size: 74.5 GB) (Disk ID: 66F95844)

Partition: GPT.

==================== End of Addition.txt ===========================

Vino's Event Viewer v01c run on Windows 2008 in English

Report run at 04/01/2017 10:53:57

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Critical Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Error Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'System' Date/Time: 04/01/2017 03:53:22

Type: Error Category: 0