Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

internet explorer hangs and freezes... [Solved]


  • This topic is locked This topic is locked

#1
jamally

jamally

    Member

  • Member
  • PipPip
  • 50 posts

I read the post on the job JrOx did in helping lizglass fix her internet explorer problem,, and I want to fix my problem.

I followed the discussion closely, and mine complaint is identical...  My desktop is win 10-64 bit , 2tb sata with 18 gb used,,

Both explorers will freeze up,  meaning IE 11 ,, and Microsoft Edge,,,

and sometimes only display a white page, even though you can detect open page located in

the thin strip beside the window, where the page up and down control is located. So I hope a code recipe can be developed

for me to run and clear up my problem.. (since  computers are all different., and lizglass's code may cause damage.....  holla)

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-01-2017
Ran by captn (administrator) on 10CHOCTAW (10-01-2017 22:47:42)
Running from C:\Users\captn\Desktop
Loaded Profiles: UpdatusUser & captn (Available Profiles: UpdatusUser & captn & Administrator & DefaultAppPool)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Real\RealPlayer\UpdateService\RealPlayerUpdateSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
() C:\Windows\SysWOW64\Codecs\TrayMenu.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Insight Technology Ltd.) C:\Program Files\Commons\xplay.exe
() C:\Program Files (x86)\Real\RealDownloader\downloader2.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealDownloader\realdownloader264.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(VideoLAN) C:\Program Files\VideoLAN\VLC\vlc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Internet Download Manager, Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\idmBroker.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.16112.10211.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\sdiagnhost.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16112.10221.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-28] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [401896 2016-11-01] ()
HKLM-x32\...\Run: [USB3MON] => "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694040 2014-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LTCM Client] => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [2756864 2011-04-07] (Leader Technologies Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [1046496 2016-11-11] (DivX, LLC)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [352648 2016-11-30] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\Real\RealDownloader\downloader2.exe [730864 2016-12-13] ()
HKLM-x32\...\Run: [Codec Settings UAC Manager] => C:\WINDOWS\SysWOW64\Codecs\CodecUACManager.exe [68904 2017-01-08] ()
HKU\S-1-5-21-825610380-2903063623-3906473893-1000\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-21-825610380-2903063623-3906473893-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd)
HKU\S-1-5-21-825610380-2903063623-3906473893-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4015216 2016-12-15] (Tonec Inc.)
HKU\S-1-5-21-825610380-2903063623-3906473893-1001\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [6536008 2016-04-22] (Plex, Inc.)
HKU\S-1-5-21-825610380-2903063623-3906473893-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2017-01-10] (SUPERAntiSpyware)
HKU\S-1-5-21-825610380-2903063623-3906473893-1001\...\Run: [Codec Pack Update Checker] => "C:\WINDOWS\system32\Codecs\UpdateChecker.exe"
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackTrayMenu.lnk [2017-01-10]
ShortcutTarget: CodecPackTrayMenu.lnk -> C:\Windows\SysWOW64\Codecs\TrayMenu.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2016-11-30]
ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\Users\captn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XPlay.lnk [2015-11-28]
ShortcutTarget: XPlay.lnk -> C:\Program Files\Commons\xplay.exe (Insight Technology Ltd.)
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{38993c19-1226-4d77-9c08-e6f1fe8b1104}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-825610380-2903063623-3906473893-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
SearchScopes: HKLM -> {7A1FE267-066C-4ACD-9F7A-3C8E54890A20} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {7A1FE267-066C-4ACD-9F7A-3C8E54890A20} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\program files (x86)\real\realplayer\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2016-11-11] (RealDownloader)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-21] (Oracle Corporation)
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.3.6.255\AVG Web TuneUp.dll => No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-21] (Oracle Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\program files (x86)\real\realplayer\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2016-11-11] (RealDownloader)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {95B5D20C-BD31-4489-8ABF-F8C8BE748463} hxxp://zone.msn.com/bingame/zpagames/zpa_hrtz.cab99160.cab
DPF: HKLM-x32 {9BDF4724-10AA-43D5-BD15-AEA0D2287303} hxxp://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab
DPF: HKLM-x32 {A4110378-789B-455F-AE86-3A1BFC402853} hxxp://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
DPF: HKLM-x32 {B8BE5E93-A60C-4D26-A2DC-220313175592} hxxp://zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: HKLM-x32 {CAC181B0-4D70-402D-B571-C596A47D0CE0} hxxp://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc.)

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2015-06-15] [not signed]
FF HKU\S-1-5-21-825610380-2903063623-3906473893-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-11-16]
FF HKU\S-1-5-21-825610380-2903063623-3906473893-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\captn\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\captn\AppData\Roaming\IDM\idmmzcc5 [2017-01-10] [not signed]
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-21] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-07-22] (Adobe Systems)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2016-11-13] (DivX, LLC)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-06-21] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-06-21] (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=18.1.6.161 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2016-11-30] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=18.1.6.161 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2016-11-30] (RealPlayer)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-07-22] (Adobe Systems)
FF Plugin HKU\S-1-5-21-825610380-2903063623-3906473893-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\captn\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-08-08] (Unity Technologies ApS)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-12-15]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-12-15]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-12-15]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [971160 2016-12-15] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5337600 2016-12-15] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1146128 2016-12-06] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [725976 2016-12-15] (AVG Technologies CZ, s.r.o.)
R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [676336 2015-06-25] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2016-11-01] (Intel Corporation)
R2 RealPlayerUpdateSvc; C:\program files (x86)\real\realplayer\UpdateService\RealPlayerUpdateSvc.exe [35104 2016-11-11] ()
R2 RealTimes Desktop Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [987408 2016-11-30] (RealNetworks, Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 Avgboota; C:\WINDOWS\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\WINDOWS\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdrivera.sys [312576 2016-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\WINDOWS\System32\DRIVERS\avgidsha.sys [267008 2016-10-05] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\WINDOWS\System32\DRIVERS\avgldx64.sys [298240 2016-11-30] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\WINDOWS\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\WINDOWS\System32\DRIVERS\avgmfx64.sys [254208 2016-09-26] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\WINDOWS\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.)
R0 Avguniva; C:\WINDOWS\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\WINDOWS\system32\DRIVERS\avgwfpa.sys [313096 2016-08-04] (AVG Technologies CZ, s.r.o.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 netr28x; C:\WINDOWS\System32\drivers\netr28x.sys [2504192 2016-07-16] (MediaTek Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-10 22:47 - 2017-01-10 22:48 - 00020127 _____ C:\Users\captn\Desktop\FRST.txt
2017-01-10 22:47 - 2017-01-10 22:47 - 00000000 ____D C:\FRST
2017-01-10 22:44 - 2017-01-10 22:44 - 02419200 _____ (Farbar) C:\Users\captn\Desktop\FRST64.exe
2017-01-10 22:07 - 2017-01-10 22:08 - 00892416 _____ (Farbar) C:\Users\captn\Desktop\MiniToolBox.exe
2017-01-10 18:19 - 2017-01-10 18:19 - 00000000 ____D C:\WINDOWS\SysWOW64\Codecs
2017-01-10 18:19 - 2017-01-10 18:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player - Codec Pack
2017-01-09 22:15 - 2017-01-09 22:15 - 00203344 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-09 03:38 - 2017-01-09 03:38 - 00003561 _____ C:\Users\captn\AppData\LocalLow\lpm.dat
2017-01-08 17:08 - 2017-01-08 17:08 - 00055480 _____ C:\WINDOWS\SysWOW64\DiscHandler.exe
2017-01-08 01:18 - 2017-01-08 01:18 - 00000026 _____ C:\Users\captn\dancehall.txt
2017-01-06 19:59 - 2017-01-07 00:59 - 00002567 _____ C:\Users\captn\piccolo's letter.txt
2016-12-31 16:42 - 2016-12-31 22:49 - 00000939 _____ C:\WINDOWS\Tasks\EPSON XP-610 Series Update {CA6E1FFC-03FC-469D-9C2D-90504A393527}.job
2016-12-31 16:42 - 2016-12-31 22:49 - 00000939 _____ C:\WINDOWS\Tasks\EPSON XP-610 Series Update {7B05363D-6601-4821-9E41-DF3D89B917AA}.job
2016-12-31 16:42 - 2016-12-31 22:49 - 00000753 _____ C:\WINDOWS\Tasks\EPSON XP-610 Series Invitation {CA6E1FFC-03FC-469D-9C2D-90504A393527}.job
2016-12-31 16:42 - 2016-12-31 22:49 - 00000753 _____ C:\WINDOWS\Tasks\EPSON XP-610 Series Invitation {7B05363D-6601-4821-9E41-DF3D89B917AA}.job
2016-12-31 16:42 - 2016-12-31 16:42 - 00004136 _____ C:\WINDOWS\System32\Tasks\EPSON XP-610 Series Update {CA6E1FFC-03FC-469D-9C2D-90504A393527}
2016-12-31 16:42 - 2016-12-31 16:42 - 00004136 _____ C:\WINDOWS\System32\Tasks\EPSON XP-610 Series Update {7B05363D-6601-4821-9E41-DF3D89B917AA}
2016-12-31 16:42 - 2016-12-31 16:42 - 00003958 _____ C:\WINDOWS\System32\Tasks\EPSON XP-610 Series Invitation {CA6E1FFC-03FC-469D-9C2D-90504A393527}
2016-12-31 16:42 - 2016-12-31 16:42 - 00003958 _____ C:\WINDOWS\System32\Tasks\EPSON XP-610 Series Invitation {7B05363D-6601-4821-9E41-DF3D89B917AA}
2016-12-16 18:16 - 2016-12-16 18:16 - 00000000 ____D C:\Users\Default\AppData\Roaming\RealNetworks
2016-12-16 18:16 - 2016-12-16 18:16 - 00000000 ____D C:\Users\Default User\AppData\Roaming\RealNetworks
2016-12-15 06:51 - 2016-10-17 10:35 - 00223464 _____ (Tonec Inc.) C:\WINDOWS\system32\Drivers\idmwfp.sys
2016-12-14 23:38 - 2016-12-14 23:38 - 00003278 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2016-12-14 06:29 - 2016-12-14 06:29 - 00645312 _____ C:\WINDOWS\system32\TomsMoComp_ff.dll
2016-12-14 06:28 - 2016-12-14 06:28 - 04027072 _____ C:\WINDOWS\system32\ffmpeg.dll
2016-12-14 06:28 - 2016-12-14 06:28 - 01546944 _____ C:\WINDOWS\system32\ff_samplerate.dll
2016-12-14 06:28 - 2016-12-14 06:28 - 00204480 _____ C:\WINDOWS\system32\libmpeg2_ff.dll
2016-12-14 06:28 - 2016-12-14 06:28 - 00197312 _____ C:\WINDOWS\system32\ff_unrar.dll
2016-12-14 06:28 - 2016-12-14 06:28 - 00170688 _____ C:\WINDOWS\system32\ff_libmad.dll
2016-12-14 06:28 - 2016-12-14 06:28 - 00128704 _____ C:\WINDOWS\system32\ff_wmv9.dll
2016-12-14 06:27 - 2016-12-14 06:27 - 00488640 _____ C:\WINDOWS\system32\ff_kernelDeint.dll
2016-12-14 06:27 - 2016-12-14 06:27 - 00236736 _____ C:\WINDOWS\system32\ff_libdts.dll
2016-12-14 06:27 - 2016-12-14 06:27 - 00130240 _____ C:\WINDOWS\system32\ff_liba52.dll
2016-12-14 06:26 - 2016-12-14 06:26 - 04029632 _____ C:\WINDOWS\SysWOW64\ffmpeg.dll
2016-12-14 06:26 - 2016-12-14 06:26 - 00285376 _____ C:\WINDOWS\SysWOW64\TomsMoComp_ff.dll
2016-12-14 06:26 - 2016-12-14 06:26 - 00171200 _____ C:\WINDOWS\SysWOW64\ff_unrar.dll
2016-12-14 06:26 - 2016-12-14 06:26 - 00150720 _____ C:\WINDOWS\SysWOW64\libmpeg2_ff.dll
2016-12-14 06:26 - 2016-12-14 06:26 - 00113856 _____ C:\WINDOWS\SysWOW64\ff_wmv9.dll
2016-12-14 06:25 - 2016-12-14 06:25 - 01539776 _____ C:\WINDOWS\SysWOW64\ff_samplerate.dll
2016-12-14 06:25 - 2016-12-14 06:25 - 00344256 _____ C:\WINDOWS\SysWOW64\ff_libfaad2.dll
2016-12-14 06:25 - 2016-12-14 06:25 - 00225984 _____ C:\WINDOWS\SysWOW64\ff_libdts.dll
2016-12-14 06:25 - 2016-12-14 06:25 - 00161472 _____ C:\WINDOWS\SysWOW64\ff_libmad.dll
2016-12-14 06:25 - 2016-12-14 06:25 - 00128704 _____ C:\WINDOWS\SysWOW64\ff_liba52.dll
2016-12-14 06:16 - 2016-12-14 06:16 - 00551104 _____ (FFmpeg Project) C:\WINDOWS\system32\swscale-lav-4.dll
2016-12-14 06:16 - 2016-12-14 06:16 - 00534208 _____ (FFmpeg Project) C:\WINDOWS\system32\avutil-lav-55.dll
2016-12-14 06:16 - 2016-12-14 06:16 - 00522432 _____ (Intel Corp.) C:\WINDOWS\system32\IntelQuickSyncDecoder.dll
2016-12-14 06:16 - 2016-12-14 06:16 - 00346304 _____ C:\WINDOWS\system32\libbluray.dll
2016-12-14 06:15 - 2016-12-14 06:15 - 11394752 _____ (FFmpeg Project) C:\WINDOWS\system32\avcodec-lav-57.dll
2016-12-14 06:15 - 2016-12-14 06:15 - 01639616 _____ (FFmpeg Project) C:\WINDOWS\system32\avformat-lav-57.dll
2016-12-14 06:15 - 2016-12-14 06:15 - 00206016 _____ (FFmpeg Project) C:\WINDOWS\system32\avfilter-lav-6.dll
2016-12-14 06:15 - 2016-12-14 06:15 - 00175808 _____ (FFmpeg Project) C:\WINDOWS\system32\avresample-lav-3.dll
2016-12-14 06:13 - 2016-12-14 06:13 - 01750720 _____ (FFmpeg Project) C:\WINDOWS\SysWOW64\avformat-lav-57.dll
2016-12-14 06:13 - 2016-12-14 06:13 - 00578240 _____ (FFmpeg Project) C:\WINDOWS\SysWOW64\avutil-lav-55.dll
2016-12-14 06:13 - 2016-12-14 06:13 - 00550080 _____ (FFmpeg Project) C:\WINDOWS\SysWOW64\swscale-lav-4.dll
2016-12-14 06:13 - 2016-12-14 06:13 - 00412352 _____ (Intel Corp.) C:\WINDOWS\SysWOW64\IntelQuickSyncDecoder.dll
2016-12-14 06:13 - 2016-12-14 06:13 - 00287424 _____ C:\WINDOWS\SysWOW64\libbluray.dll
2016-12-14 06:13 - 2016-12-14 06:13 - 00168640 _____ (FFmpeg Project) C:\WINDOWS\SysWOW64\avresample-lav-3.dll
2016-12-14 06:12 - 2016-12-14 06:12 - 11008192 _____ (FFmpeg Project) C:\WINDOWS\SysWOW64\avcodec-lav-57.dll
2016-12-14 06:12 - 2016-12-14 06:12 - 00200384 _____ (FFmpeg Project) C:\WINDOWS\SysWOW64\avfilter-lav-6.dll
2016-12-14 03:58 - 2016-12-14 03:58 - 00000101 _____ C:\Users\captn\Scan Log.txt
2016-12-13 20:47 - 2016-12-09 05:42 - 01637728 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-12-13 20:47 - 2016-12-09 05:42 - 00137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-12-13 20:47 - 2016-12-09 05:34 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-12-13 20:47 - 2016-12-09 05:34 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-12-13 20:47 - 2016-12-09 05:33 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-12-13 20:47 - 2016-12-09 05:33 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-12-13 20:47 - 2016-12-09 05:32 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-12-13 20:47 - 2016-12-09 05:30 - 00377184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-12-13 20:47 - 2016-12-09 05:29 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-13 20:47 - 2016-12-09 05:28 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-12-13 20:47 - 2016-12-09 05:27 - 00172528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2016-12-13 20:47 - 2016-12-09 05:20 - 02677544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-12-13 20:47 - 2016-12-09 05:20 - 02189664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-12-13 20:47 - 2016-12-09 05:20 - 01738560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-12-13 20:47 - 2016-12-09 05:20 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-12-13 20:47 - 2016-12-09 05:20 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-12-13 20:47 - 2016-12-09 05:19 - 01293152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-12-13 20:47 - 2016-12-09 05:19 - 00168424 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2016-12-13 20:47 - 2016-12-09 05:18 - 02913144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-12-13 20:47 - 2016-12-09 05:18 - 01267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-12-13 20:47 - 2016-12-09 05:18 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2016-12-13 20:47 - 2016-12-09 05:18 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2016-12-13 20:47 - 2016-12-09 05:18 - 00947552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2016-12-13 20:47 - 2016-12-09 05:18 - 00811872 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2016-12-13 20:47 - 2016-12-09 05:18 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-12-13 20:47 - 2016-12-09 05:15 - 08168000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-12-13 20:47 - 2016-12-09 05:15 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-12-13 20:47 - 2016-12-09 05:14 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-12-13 20:47 - 2016-12-09 05:14 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-12-13 20:47 - 2016-12-09 05:11 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-12-13 20:47 - 2016-12-09 05:10 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-12-13 20:47 - 2016-12-09 05:10 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-12-13 20:47 - 2016-12-09 05:09 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2016-12-13 20:47 - 2016-12-09 05:01 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-12-13 20:47 - 2016-12-09 05:01 - 01503544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-12-13 20:47 - 2016-12-09 05:01 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-12-13 20:47 - 2016-12-09 05:00 - 00106896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2016-12-13 20:47 - 2016-12-09 04:59 - 02166752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-12-13 20:47 - 2016-12-09 04:59 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-12-13 20:47 - 2016-12-09 04:57 - 06668040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-12-13 20:47 - 2016-12-09 04:57 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-12-13 20:47 - 2016-12-09 04:56 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-12-13 20:47 - 2016-12-09 04:52 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-12-13 20:47 - 2016-12-09 04:52 - 01415752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2016-12-13 20:47 - 2016-12-09 04:51 - 00117240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2016-12-13 20:47 - 2016-12-09 04:47 - 22563328 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-12-13 20:47 - 2016-12-09 04:45 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-12-13 20:47 - 2016-12-09 04:45 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2016-12-13 20:47 - 2016-12-09 04:42 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-12-13 20:47 - 2016-12-09 04:41 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2016-12-13 20:47 - 2016-12-09 04:41 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2016-12-13 20:47 - 2016-12-09 04:40 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-12-13 20:47 - 2016-12-09 04:38 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-12-13 20:47 - 2016-12-09 04:37 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-12-13 20:47 - 2016-12-09 04:37 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-12-13 20:47 - 2016-12-09 04:37 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-12-13 20:47 - 2016-12-09 04:36 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-12-13 20:47 - 2016-12-09 04:36 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-12-13 20:47 - 2016-12-09 04:36 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2016-12-13 20:47 - 2016-12-09 04:36 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-12-13 20:47 - 2016-12-09 04:36 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2016-12-13 20:47 - 2016-12-09 04:34 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-12-13 20:47 - 2016-12-09 04:34 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2016-12-13 20:47 - 2016-12-09 04:33 - 03777536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-12-13 20:47 - 2016-12-09 04:33 - 01589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2016-12-13 20:47 - 2016-12-09 04:32 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-12-13 20:47 - 2016-12-09 04:31 - 03689984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-12-13 20:47 - 2016-12-09 04:31 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-12-13 20:47 - 2016-12-09 04:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-12-13 20:47 - 2016-12-09 04:30 - 23677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-12-13 20:47 - 2016-12-09 04:30 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-12-13 20:47 - 2016-12-09 04:30 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-12-13 20:47 - 2016-12-09 04:29 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-12-13 20:47 - 2016-12-09 04:28 - 03306496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-12-13 20:47 - 2016-12-09 04:28 - 01004544 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-12-13 20:47 - 2016-12-09 04:27 - 19417088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-12-13 20:47 - 2016-12-09 04:27 - 13084160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-12-13 20:47 - 2016-12-09 04:27 - 05114368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-12-13 20:47 - 2016-12-09 04:27 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-12-13 20:47 - 2016-12-09 04:26 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-12-13 20:47 - 2016-12-09 04:26 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-12-13 20:47 - 2016-12-09 04:25 - 00376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
2016-12-13 20:47 - 2016-12-09 04:24 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-12-13 20:47 - 2016-12-09 04:23 - 12177920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-12-13 20:47 - 2016-12-09 04:22 - 02820096 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-12-13 20:47 - 2016-12-09 04:22 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-12-13 20:47 - 2016-12-09 04:22 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-12-13 20:47 - 2016-12-09 04:21 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-12-13 20:47 - 2016-12-09 04:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-12-13 20:47 - 2016-12-09 04:21 - 01512960 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-12-13 20:47 - 2016-12-09 04:21 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2016-12-13 20:47 - 2016-12-09 04:20 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-12-13 20:47 - 2016-12-09 04:20 - 03198464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-12-13 20:47 - 2016-12-09 04:20 - 00730624 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-12-13 20:47 - 2016-12-09 04:20 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-12-13 20:47 - 2016-12-09 04:20 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-12-13 20:47 - 2016-12-09 04:19 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2016-12-13 20:47 - 2016-12-09 04:19 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-12-13 20:47 - 2016-12-09 04:19 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-12-13 20:47 - 2016-12-09 04:19 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-12-13 20:47 - 2016-12-09 04:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2016-12-13 20:47 - 2016-12-09 04:18 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-12-13 20:47 - 2016-12-09 04:18 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-12-13 20:47 - 2016-12-09 04:18 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-12-13 20:47 - 2016-12-09 04:17 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2016-12-13 20:47 - 2016-12-09 04:17 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2016-12-13 20:47 - 2016-12-09 04:16 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-12-13 20:47 - 2016-12-09 04:16 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-12-13 20:47 - 2016-12-09 04:16 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-12-13 20:47 - 2016-12-09 04:15 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-12-13 20:47 - 2016-12-09 04:15 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-12-13 20:47 - 2016-12-09 04:15 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2016-12-13 20:47 - 2016-12-09 03:54 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-12-13 20:47 - 2016-11-02 05:28 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2016-12-13 20:47 - 2016-11-02 05:25 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-12-13 20:47 - 2016-09-15 11:36 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-12-11 16:08 - 2017-01-10 18:22 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-12-11 13:58 - 2016-12-11 13:58 - 00000000 ____D C:\Users\Administrator\AppData\Local\CEF
2016-12-11 11:38 - 2016-12-11 11:38 - 01309880 _____ (1f0.de - Hendrik Leppkes) C:\WINDOWS\system32\LAVVideo.ax
2016-12-11 11:38 - 2016-12-11 11:38 - 00689336 _____ (1f0.de - Hendrik Leppkes) C:\WINDOWS\system32\LAVSplitter.ax
2016-12-11 11:38 - 2016-12-11 11:38 - 00308920 _____ (1f0.de - Hendrik Leppkes) C:\WINDOWS\system32\LAVAudio.ax
2016-12-11 11:37 - 2016-12-11 11:37 - 01083576 _____ (1f0.de - Hendrik Leppkes) C:\WINDOWS\SysWOW64\LAVVideo.ax
2016-12-11 11:37 - 2016-12-11 11:37 - 00558776 _____ (1f0.de - Hendrik Leppkes) C:\WINDOWS\SysWOW64\LAVSplitter.ax
2016-12-11 11:37 - 2016-12-11 11:37 - 00261304 _____ (1f0.de - Hendrik Leppkes) C:\WINDOWS\SysWOW64\LAVAudio.ax
2016-12-11 03:06 - 2016-12-11 03:06 - 00000000 ____D C:\Users\captn\AppData\Local\CrashRpt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-10 22:45 - 2014-05-09 00:49 - 00000000 ____D C:\Users\captn\Downloads\Video
2017-01-10 22:09 - 2014-05-09 00:49 - 00000000 ____D C:\Users\captn\AppData\Roaming\IDM
2017-01-10 22:07 - 2014-05-09 00:49 - 00000000 ____D C:\Users\captn\AppData\Roaming\DMCache
2017-01-10 21:47 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-01-10 21:30 - 2016-09-24 00:57 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-10 20:46 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-10 20:41 - 2014-05-18 21:24 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-10 20:39 - 2014-05-18 21:24 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-10 20:37 - 2016-09-24 01:21 - 00003668 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task
2017-01-10 18:35 - 2016-09-24 01:21 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-01-10 18:26 - 2016-09-24 01:02 - 02727684 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-10 18:22 - 2015-09-28 18:49 - 00000000 __SHD C:\Users\captn\IntelGraphicsProfiles
2017-01-10 18:21 - 2016-10-23 21:05 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-01-10 18:21 - 2016-09-24 01:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-10 18:21 - 2013-11-19 06:26 - 00000000 ____D C:\ProgramData\NVIDIA
2017-01-10 18:20 - 2016-07-16 01:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-01-10 17:42 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2017-01-10 17:25 - 2014-05-07 23:50 - 00000000 ____D C:\Users\captn\AppData\Roaming\vlc
2017-01-10 15:16 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-10 15:16 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-10 15:12 - 2014-05-07 23:19 - 00000000 ____D C:\ProgramData\MFAData
2017-01-10 01:54 - 2016-05-08 18:53 - 00000000 ____D C:\Users\captn\AppData\Roaming\Kodi
2017-01-08 19:44 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF
2017-01-08 19:29 - 2014-08-16 17:23 - 00000000 ____D C:\Users\captn\Desktop\Avs
2017-01-08 01:18 - 2016-09-24 01:03 - 00000000 ____D C:\Users\captn
2017-01-05 01:42 - 2016-07-16 01:04 - 00008192 _____ C:\WINDOWS\system32\config\ELAM
2017-01-02 21:27 - 2015-10-24 19:05 - 00001009 _____ C:\Users\Public\Desktop\AVG Protection.lnk
2017-01-02 21:27 - 2015-03-25 13:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-01-02 20:57 - 2016-10-19 20:00 - 00000000 ____D C:\AdwCleaner
2017-01-01 13:57 - 2014-12-01 01:19 - 00001104 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2017-01-01 13:57 - 2014-12-01 01:19 - 00001092 _____ C:\Users\Public\Desktop\paint.net.lnk
2017-01-01 13:57 - 2014-08-11 23:03 - 00000000 ____D C:\Program Files\paint.net
2016-12-31 23:10 - 2014-10-07 16:45 - 00000000 ____D C:\Users\captn\Desktop\Security Tools
2016-12-31 22:53 - 2015-05-27 22:24 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-12-31 16:42 - 2009-07-13 22:20 - 00000000 ____D C:\WINDOWS\Tasks
2016-12-30 02:53 - 2016-09-24 01:03 - 00000000 ____D C:\Users\Administrator\AppData\Local\Temp
2016-12-25 21:40 - 2014-05-09 21:11 - 00000000 ____D C:\Users\captn\AppData\Local\Diagnostics
2016-12-24 17:12 - 2016-09-24 01:03 - 00000000 ____D C:\Users\captn\AppData\Local\Microsoft
2016-12-18 15:41 - 2014-05-09 00:49 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
2016-12-16 21:21 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\rescache
2016-12-16 18:16 - 2016-07-16 06:47 - 00000000 ____D C:\Users\Default\AppData\Roaming
2016-12-16 18:16 - 2016-07-16 06:47 - 00000000 ____D C:\Users\Default User\AppData\Roaming
2016-12-16 18:16 - 2015-07-06 15:44 - 00000000 ____D C:\Program Files (x86)\Real
2016-12-16 18:16 - 2014-08-09 20:37 - 00000000 ____D C:\ProgramData\Package Cache
2016-12-16 05:03 - 2016-09-24 00:57 - 00524288 ___SH C:\WINDOWS\system32\config\DRIVERS{b794f0cf-4b5d-11e6-80e4-e41d2d719790}.TMContainer00000000000000000001.regtrans-ms
2016-12-16 05:03 - 2016-09-24 00:57 - 00065536 ___SH C:\WINDOWS\system32\config\DRIVERS{b794f0cf-4b5d-11e6-80e4-e41d2d719790}.TM.blf
2016-12-16 05:02 - 2016-07-16 06:47 - 00000796 ___SH C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
2016-12-16 05:02 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\en-US
2016-12-16 05:02 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\en-US
2016-12-16 05:02 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Boot
2016-12-16 05:02 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-12-16 05:02 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppPatch
2016-12-16 05:02 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\system32\DriverStore
2016-12-14 23:38 - 2016-09-24 01:03 - 00000000 ___RD C:\Users\captn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
2016-12-14 23:38 - 2015-09-28 18:53 - 00002402 _____ C:\Users\captn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-12-14 23:38 - 2015-09-28 18:53 - 00000000 ___RD C:\Users\captn\OneDrive
2016-12-14 03:45 - 2016-06-21 17:39 - 00000865 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-12-11 18:56 - 2016-07-16 06:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-12-11 18:56 - 2016-07-16 06:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-01-2017
Ran by captn (10-01-2017 22:48:32)
Running from C:\Users\captn\Desktop
Windows 10 Pro Version 1607 (X64) (2016-09-24 06:26:08)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-825610380-2903063623-3906473893-500 - Administrator - Enabled) => C:\Users\Administrator
captn (S-1-5-21-825610380-2903063623-3906473893-1001 - Administrator - Enabled) => C:\Users\captn
DefaultAccount (S-1-5-21-825610380-2903063623-3906473893-503 - Limited - Disabled)
Guest (S-1-5-21-825610380-2903063623-3906473893-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-825610380-2903063623-3906473893-1003 - Limited - Enabled)
UpdatusUser (S-1-5-21-825610380-2903063623-3906473893-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acoustica CD/DVD Label Maker (HKLM-x32\...\Acoustica CD/DVD Label Maker) (Version:  - )
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.7.1.418 - Adobe Systems Incorporated)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
AVG (Version: 16.141.7996 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4749 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.141.7996 - AVG Technologies)
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.3.6.255 - AVG Technologies)
AVS Audio Editor 7.3 (HKLM-x32\...\AVS Audio Editor_is1) (Version: 7.3.1.493 - Online Media Technologies Ltd.)
AVS Media Player 4.3.3 (HKLM-x32\...\AVS Media Player_is1) (Version: 4.3.3.117 - Online Media Technologies Ltd.)
AVS Video Converter 9.4.1 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: 9.4.1.594 - Online Media Technologies Ltd.)
Belarc Advisor 8.5c (HKLM-x32\...\Belarc Advisor) (Version: 8.5.3.0 - Belarc Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6452 - CDBurnerXP)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DivX Setup (HKLM\...\DivX Setup) (Version: 3.0.0.125 - DivX, LLC)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
EPSON Connect version 1.0 (HKLM-x32\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)
Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.80.0000 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.44.00 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{7BAC3F7A-B963-468E-982E-B5608A87408D}) (Version: 4.4.4 - SEIKO EPSON CORPORATION)
EPSON XP-610 Series Printer Uninstall (HKLM\...\EPSON XP-610 Series) (Version:  - SEIKO EPSON Corporation)
EPSON XP-610 User’s Guide version 1.0 (HKLM-x32\...\UsersGuideEPSON XP-610 User’s Guide_is1) (Version: 1.0 - )
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
FastStone Capture 8.4 (HKLM-x32\...\FastStone Capture) (Version: 8.4 - FastStone Soft)
FastStone Image Viewer 5.3 (HKLM-x32\...\FastStone Image Viewer) (Version: 5.3 - FastStone Soft)
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version:  - FileHippo.com)
FMW 1 (Version: 1.143.3 - AVG Technologies) Hidden
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.1.28 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Kodi (HKU\S-1-5-21-825610380-2903063623-3906473893-1001\...\Kodi) (Version:  - XBMC-Foundation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LTCM Client (HKLM-x32\...\{B38E9B55-7136-4E66-A084-320512FF3F6F}) (Version: 1.20.3792 - Leader Technologies Inc)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MaxiLink2 (HKLM-x32\...\InstallShield_{9D35B3CD-A04D-43BB-8BE5-E932A31F0575}) (Version: 1.11.42 - Autel)
MaxiLink2 (x32 Version: 1.11.42 - Autel) Hidden
Media Player Codec Pack 4.4.3 (HKLM-x32\...\Media Player - Codec Pack) (Version: 4.4.3 - Media Player Codec Pack)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-825610380-2903063623-3906473893-1001\...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
NVIDIA 3D Vision Controller Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 320.49 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 320.49 - NVIDIA Corporation)
NVIDIA Graphics Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.49 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.24.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.24.2 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0604 - NVIDIA Corporation)
paint.net (HKLM\...\{6AC1101E-7561-43C9-BEEA-4AB1D220D8FF}) (Version: 4.0.13 - dotPDN LLC)
Plex Media Server (HKLM-x32\...\{4083e0fa-f188-4146-a257-61608ff30764}) (Version: 0.9.1606 - Plex, Inc.)
Plex Media Server (x32 Version: 0.9.1606 - Plex, Inc.) Hidden
RealDownloader (x32 Version: 18.1.6.161 - RealNetworks, Inc.) Hidden
RealDownloader (x32 Version: 18.1.6.165 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (RealTimes) (HKLM-x32\...\RealPlayer 18.1) (Version: 18.1.6 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Shark007 STANDARD Codecs (HKLM-x32\...\{898E81AD-6DB9-4750-866B-B8958C5DC7AA}) (Version: 3.3.4 - Shark007)
Shark007 STANDARD x64Components (HKLM\...\STANDARD x64Components_is1) (Version: 3.3.4 - Shark007)
STREaM! version 0.25 (HKLM-x32\...\{3D6A45B2-E535-4AEF-8D24-399EB6BF56F4}_is1) (Version: 0.25 - AidyMatic!)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1228 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Unity Web Player (HKU\S-1-5-21-825610380-2903063623-3906473893-1001\...\UnityWebPlayer) (Version: 4.5.3f3 - Unity Technologies ApS)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
vc2012_redist (x32 Version: 1.0.0.0 - Realnetworks) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Video Downloader (x32 Version: 1.3.0 - RealNetworks) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
vs2015_redist x86 (x32 Version: 1.0.0.0 - Realnetworks) Hidden
Windows 7 Upgrade Advisor (HKLM-x32\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08433F5F-8142-46A4-81B8-EC305F5F08DD} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0B1483C0-B46E-498B-88F5-DCC4DB82FE8F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-21] (Adobe Systems Incorporated)
Task: {11369B6B-1266-47E6-8A9E-C7D28A2C4E1F} - System32\Tasks\{36150F81-E723-457C-9453-AFB02FD1A80C} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2014-07-22] (Adobe Systems Incorporated)
Task: {14C3C173-1097-4F68-AE05-0C88AB5F2077} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {17A2B5C2-C12D-4D45-B220-D01C158B3E84} - System32\Tasks\{1E2EABB9-24D4-4B80-81C3-4252D060C385} => pcalua.exe -a C:\Users\captn\Downloads\Programs\Acoustica-CD-Label-Maker-Installer.exe -d C:\Users\captn\AppData\Roaming\IDM
Task: {1A4B1354-9984-463A-9EAD-D56D4E83A6A5} - System32\Tasks\{7420596B-3FB1-4FA2-A530-6B9E972DA57A} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2014-07-22] (Adobe Systems Incorporated)
Task: {1A5EFEA7-5F6D-4ABC-A833-564D2A1D0C13} - System32\Tasks\EPSON XP-610 Series Invitation {BD54C694-6145-406F-9FC3-AF17894898FB} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [2015-01-18] (SEIKO EPSON CORPORATION)
Task: {1A8F7D1F-1815-4B9F-AB3D-A9920D2D94AE} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {24B258FE-709B-4F0A-803F-F8E2519B3DC8} - System32\Tasks\EPSON XP-610 Series Update {BD54C694-6145-406F-9FC3-AF17894898FB} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [2015-01-18] (SEIKO EPSON CORPORATION)
Task: {28FD388B-82FF-4CFA-81F4-B43C5B91B446} - System32\Tasks\DivXUpdate => C:\Program Files (x86)\Common Files\DivX Shared\Qt4.8\DivXUpdate.exe [2016-11-11] (DivX, LLC)
Task: {2CA03ECD-B3C5-4A03-A68F-969FFA98F6EE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {2D98304E-CC61-4431-BB39-1D5CF35DFDC6} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3127DE2E-3B21-439E-9529-FC1C97BDD9A7} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {31341C99-0B5A-4BB2-A750-455D61DCBF12} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-01-10] (Microsoft Corporation)
Task: {33393EBE-630F-4758-9E49-5223FF01D9EF} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {39866816-8518-48BC-BD19-11A4E273731F} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {39B67286-2494-48E8-857E-2BD0E925BBAA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {3A05610A-44F8-453E-8209-0C083E3B9AC5} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3D21A99A-98D9-4B68-A257-0F4AAC2EE9FD} - System32\Tasks\{41886BD4-9A63-4DDD-B5F6-8A3B87A1D7C3} => C:\Program Files (x86)\MovieTube\Popcorn-Time.exe
Task: {4809BD55-4E3C-47BB-9060-B79A432CFD19} - System32\Tasks\EPSON XP-610 Series Invitation {CE82A3A5-179B-4525-B15D-F942F262149C} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [2015-01-18] (SEIKO EPSON CORPORATION)
Task: {4D654884-C945-4C16-A66F-07E376D29F67} - System32\Tasks\{C354D2BB-060C-4644-A973-C9A88FD0014E} => C:\Program Files (x86)\AVS4YOU\AVSMediaPlayer\AVSMediaPlayer.exe [2016-10-10] (Online Media Technologies Ltd.)
Task: {4D97C53D-AE1E-476D-80FC-7394A6538666} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4EBD45FC-94D9-4823-9D25-FD13D9059E50} - System32\Tasks\RealDownloader Update Check => C:\program files (x86)\real\realplayer\RealDownloader\downloader2.exe
Task: {65847103-4B85-43E5-929E-630A08BC39A1} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-825610380-2903063623-3906473893-1001 => C:\program files (x86)\real\realplayer\RealDownloader\RealUpgrade.exe [2016-11-11] (RealNetworks, Inc.)
Task: {675EC1F7-102C-4AD9-A980-4573F78CCEC8} - System32\Tasks\EPSON XP-610 Series Update {9A3E648C-235D-4FDE-9FE3-401B1844CAF3} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [2015-01-18] (SEIKO EPSON CORPORATION)
Task: {683EA753-F52F-45B7-A237-06344B3F32BC} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {6F474BEB-30BB-4520-9230-21226CD92886} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {7040B899-6163-4B9C-8940-DAE158B103E7} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {74F446D4-DE1D-4593-9802-955342CA5778} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {7A57A806-3A92-4C04-9454-8721160C54A4} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {7C7981A9-EDDD-409D-993E-77144D262AE3} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {7F816984-9C57-4AFE-A955-7A1373854FD0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {81321251-5D22-4B40-8945-906D588D004D} - System32\Tasks\EPSON XP-610 Series Invitation {7B05363D-6601-4821-9E41-DF3D89B917AA} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [2015-01-18] (SEIKO EPSON CORPORATION)
Task: {85FC450D-08E0-420D-8DDF-0B0F1A9FAA54} - System32\Tasks\EPSON XP-610 Series Update {CA6E1FFC-03FC-469D-9C2D-90504A393527} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [2015-01-18] (SEIKO EPSON CORPORATION)
Task: {89030630-D623-4A98-A993-E0CC477E18FF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {89D9EB2D-CA88-4D18-A915-309576A43F84} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8EA6EA87-3FA9-4E6B-A04E-2A6BA57ECADE} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-825610380-2903063623-3906473893-1001 => C:\program files (x86)\real\realplayer\RealDownloader\RealUpgrade.exe [2016-11-11] (RealNetworks, Inc.)
Task: {8FB1037E-9A6E-40A0-8543-FF55DDF67FFE} - System32\Tasks\EPSON XP-610 Series Update {CE82A3A5-179B-4525-B15D-F942F262149C} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [2015-01-18] (SEIKO EPSON CORPORATION)
Task: {95A03CF4-143B-49FD-9B00-CC7C5B00612C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {A81B459A-9B6D-48DB-A25E-911FF2DE8604} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {AB82E4A4-1FA4-4A39-885A-C90798181E96} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {AED5007C-756B-4C8C-A795-35DB980CC1BA} - System32\Tasks\EPSON XP-610 Series Invitation {CA6E1FFC-03FC-469D-9C2D-90504A393527} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [2015-01-18] (SEIKO EPSON CORPORATION)
Task: {AF01CE0E-6F43-4F36-9634-8406DD2C28D3} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B2E0C34D-4AED-4DBB-A031-F4E3BB6931D8} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {B7F0C236-B4BC-453C-8717-938866B9F925} - System32\Tasks\EPSON XP-610 Series Invitation {9A3E648C-235D-4FDE-9FE3-401B1844CAF3} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [2015-01-18] (SEIKO EPSON CORPORATION)
Task: {B8C0C139-CBD1-4753-8FB5-F630594EC972} - System32\Tasks\{1ED9F9D1-E853-4397-A661-3FF6A0D84AF0} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2014-07-22] (Adobe Systems Incorporated)
Task: {C459F58F-63B8-49EE-9E41-F010FFEF4C32} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C6CF1881-53D1-44E4-B2DC-435D14F8D5B4} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {C8F42EF2-0F19-4E6E-8430-047408530456} - System32\Tasks\{2A1EE846-ABCA-432E-BD15-93D23C465BAE} => pcalua.exe -a F:\Auto.dat.exe -d F:\
Task: {D1A2782F-0394-45BF-B9FF-4211E1AEF68D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D256A57F-33EF-416C-9A03-CF8CE72ED961} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {D4FF1B46-E0BC-491B-8838-230359275DEA} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {D5225812-FC10-42D0-A8C9-21F75C670A66} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {D7FB9112-2A50-4658-B9F1-FCDE6004028A} - System32\Tasks\{26016F30-32D8-49EB-82CB-D4045E4091CA} => C:\Program Files (x86)\MovieTube\Popcorn-Time.exe
Task: {DB037B9F-ECD1-4791-9766-2609475C2D89} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-06] (Piriform Ltd)
Task: {DD24DED6-D044-43CD-9B4E-1567F6A1733F} - System32\Tasks\{CF111383-A915-4DE4-A368-0F3798E091E5} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2014-07-22] (Adobe Systems Incorporated)
Task: {E102B9E9-4737-4838-B6C3-FA37448CB8C8} - System32\Tasks\EPSON XP-610 Series Update {7B05363D-6601-4821-9E41-DF3D89B917AA} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [2015-01-18] (SEIKO EPSON CORPORATION)
Task: {E79F211E-D914-46A7-B58A-CFF40B95A446} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {EA7DAB26-077F-41BC-A5DA-1B3C5811BBBA} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FB66EBDF-FC6E-4E9D-A12E-0315B0AA0216} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {FE13A6AD-57CB-4CAD-9E81-28DC1B4C7429} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {FFA116DB-A5BD-4902-8FB9-A40ECA1E7FA7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\EPSON XP-610 Series Invitation {7B05363D-6601-4821-9E41-DF3D89B917AA}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-610 Series Invitation {9A3E648C-235D-4FDE-9FE3-401B1844CAF3}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-610 Series Invitation {BD54C694-6145-406F-9FC3-AF17894898FB}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-610 Series Invitation {CA6E1FFC-03FC-469D-9C2D-90504A393527}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-610 Series Invitation {CE82A3A5-179B-4525-B15D-F942F262149C}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-610 Series Update {7B05363D-6601-4821-9E41-DF3D89B917AA}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE :/EXE:{7B05363D-6601-4821-9E41-DF3D89B917AA} /F:Update  WORKGROUP\10CHOCTAW$ ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON XP-610 Series Update {9A3E648C-235D-4FDE-9FE3-401B1844CAF3}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE :/EXE:{9A3E648C-235D-4FDE-9FE3-401B1844CAF3} /F:Update  SYSTEM ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON XP-610 Series Update {BD54C694-6145-406F-9FC3-AF17894898FB}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE :/EXE:{BD54C694-6145-406F-9FC3-AF17894898FB} /F:Update  WORKGROUP\10CHOCTAW$ ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON XP-610 Series Update {CA6E1FFC-03FC-469D-9C2D-90504A393527}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE :/EXE:{CA6E1FFC-03FC-469D-9C2D-90504A393527} /F:Update  WORKGROUP\10CHOCTAW$ ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON XP-610 Series Update {CE82A3A5-179B-4525-B15D-F942F262149C}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE :/EXE:{CE82A3A5-179B-4525-B15D-F942F262149C} /F:Update  WORKGROUP\10CHOCTAW$ ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-13 20:47 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-11-11 12:52 - 2016-11-11 12:52 - 00035104 _____ () C:\program files (x86)\real\realplayer\UpdateService\RealPlayerUpdateSvc.exe
2016-12-13 20:47 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-12-14 23:37 - 2016-12-14 23:37 - 01678560 _____ () C:\Users\captn\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\amd64\ClientTelemetry.dll
2010-07-14 23:44 - 2010-07-14 23:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2016-05-27 14:50 - 2016-11-01 22:05 - 00401896 _____ () C:\WINDOWS\system32\igfxTray.exe
2016-09-24 04:53 - 2016-09-24 04:53 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-12-13 20:47 - 2016-12-09 04:41 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-12-13 20:47 - 2016-12-09 04:40 - 00693248 _____ () C:\Windows\ShellExperiences\MtcUvc.dll
2016-11-08 22:39 - 2016-11-02 05:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-08 22:39 - 2016-11-02 05:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-08 22:39 - 2016-11-02 05:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-08 22:39 - 2016-11-02 05:15 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-11-08 22:39 - 2016-11-02 05:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-08 22:39 - 2016-11-02 05:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-12-13 22:40 - 2016-12-13 22:46 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-12-13 22:40 - 2016-12-13 22:46 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-12-13 22:40 - 2016-12-13 22:46 - 42130432 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-12-13 22:40 - 2016-12-13 22:41 - 02216448 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\roottools.dll
2016-08-15 19:15 - 2016-08-15 19:15 - 00897224 _____ () C:\Windows\SysWOW64\Codecs\TrayMenu.exe
2016-12-13 13:50 - 2016-12-13 13:50 - 00730864 _____ () C:\Program Files (x86)\Real\RealDownloader\downloader2.exe
2016-06-01 09:45 - 2016-06-01 09:45 - 00152000 _____ () C:\Program Files\VideoLAN\VLC\libvlc.dll
2016-06-01 09:47 - 2016-06-01 09:47 - 02763200 _____ () C:\Program Files\VideoLAN\VLC\libvlccore.dll
2016-06-01 09:46 - 2016-06-01 09:46 - 00626624 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libdshow_plugin.dll
2016-06-01 09:47 - 2016-06-01 09:47 - 00046016 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll
2016-06-01 09:47 - 2016-06-01 09:47 - 00042944 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll
2016-06-01 09:46 - 2016-06-01 09:46 - 00091072 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirect3d_plugin.dll
2016-06-01 09:46 - 2016-06-01 09:46 - 00083392 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll
2016-06-01 09:46 - 2016-06-01 09:46 - 02568640 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll
2016-06-01 09:45 - 2016-06-01 09:45 - 00118720 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll
2016-06-01 09:46 - 2016-06-01 09:46 - 00267712 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll
2016-06-01 09:46 - 2016-06-01 09:46 - 00091072 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libvdr_plugin.dll
2016-06-01 09:46 - 2016-06-01 09:46 - 00059328 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll
2016-06-01 09:45 - 2016-06-01 09:45 - 00074176 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libsmooth_plugin.dll
2016-06-01 09:45 - 2016-06-01 09:45 - 00684480 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libhttplive_plugin.dll
2016-06-01 09:45 - 2016-06-01 09:45 - 00833984 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libdash_plugin.dll
2016-06-01 09:46 - 2016-06-01 09:46 - 00140224 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libzip_plugin.dll
2016-06-01 09:45 - 2016-06-01 09:45 - 00055232 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\librar_plugin.dll
2016-06-01 09:45 - 2016-06-01 09:45 - 00026560 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\librecord_plugin.dll
2016-06-01 09:45 - 2016-06-01 09:45 - 00150464 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll
2016-06-01 09:46 - 2016-06-01 09:46 - 01605056 _____ () C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll
2016-06-01 09:46 - 2016-06-01 09:46 - 00349120 _____ () C:\Program Files\VideoLAN\VLC\plugins\lua\liblua_plugin.dll
2016-06-01 09:46 - 2016-06-01 09:46 - 01487808 _____ () C:\Program Files\VideoLAN\VLC\plugins\misc\libxml_plugin.dll
2016-06-01 09:46 - 2016-06-01 09:46 - 00028608 _____ () C:\Program Files\VideoLAN\VLC\plugins\control\libwin_msg_plugin.dll
2016-06-01 09:46 - 2016-06-01 09:46 - 00068032 _____ () C:\Program Files\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll
2016-06-01 09:46 - 2016-06-01 09:46 - 00051648 _____ () C:\Program Files\VideoLAN\VLC\plugins\control\libwin_hotkeys_plugin.dll
2016-06-01 09:45 - 2016-06-01 09:45 - 00238016 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll
2016-06-01 09:47 - 2016-06-01 09:47 - 12298176 _____ () C:\Program Files\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll
2016-06-01 09:46 - 2016-06-01 09:46 - 00049600 _____ () C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll
2016-06-01 09:47 - 2016-06-01 09:47 - 00330688 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libjpeg_plugin.dll
2016-06-01 09:47 - 2016-06-01 09:47 - 00031168 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll
2016-06-01 09:47 - 2016-06-01 09:47 - 00347584 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libpng_plugin.dll
2016-06-01 09:47 - 2016-06-01 09:47 - 01521088 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll
2016-06-01 09:47 - 2016-06-01 09:47 - 00844736 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll
2016-06-01 09:47 - 2016-06-01 09:47 - 00339392 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll
2016-06-01 09:47 - 2016-06-01 09:47 - 00032704 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libdts_plugin.dll
2016-06-01 09:46 - 2016-06-01 09:46 - 00049600 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll
2016-06-01 09:47 - 2016-06-01 09:47 - 00056256 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libsubstx3g_plugin.dll
2016-06-01 09:47 - 2016-06-01 09:47 - 00437696 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libflac_plugin.dll
2016-06-01 09:47 - 2016-06-01 09:47 - 00038848 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libg711_plugin.dll
2016-06-01 09:47 - 2016-06-01 09:47 - 00028096 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll
2016-06-01 09:46 - 2016-06-01 09:46 - 00199616 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll
2016-06-01 09:47 - 2016-06-01 09:47 - 03009472 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll
2016-06-01 09:47 - 2016-06-01 09:47 - 00426432 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll
2016-06-01 09:47 - 2016-06-01 09:47 - 00031680 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\liba52_plugin.dll
2016-06-01 09:47 - 2016-06-01 09:47 - 00031168 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libmpeg_audio_plugin.dll
2016-06-01 09:47 - 2016-06-01 09:47 - 00035264 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll
2016-06-01 09:47 - 2016-06-01 09:47 - 00455616 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libopus_plugin.dll
2016-06-01 09:47 - 2016-06-01 09:47 - 00135104 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libdvbsub_plugin.dll
2016-06-01 09:47 - 2016-06-01 09:47 - 00032192 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll
2016-06-01 09:47 - 2016-06-01 09:47 - 15975872 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll
2016-06-01 09:46 - 2016-06-01 09:46 - 00916928 _____ () C:\Program Files\VideoLAN\VLC\plugins\text_renderer\libfreetype_plugin.dll
2016-06-01 09:46 - 2016-06-01 09:46 - 00051136 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_sse2_plugin.dll
2016-06-01 09:46 - 2016-06-01 09:46 - 00037824 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_mmx_plugin.dll
2016-06-01 09:46 - 2016-06-01 09:46 - 00816576 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libswscale_plugin.dll
2016-06-01 09:46 - 2016-06-01 09:46 - 00041920 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_sse2_plugin.dll
2016-06-01 09:46 - 2016-06-01 09:46 - 00133056 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_sse2_plugin.dll
2016-06-01 09:46 - 2016-06-01 09:46 - 00068032 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_mmx_plugin.dll
2016-06-01 09:46 - 2016-06-01 09:46 - 00033216 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_mmx_plugin.dll
2016-06-01 09:46 - 2016-06-01 09:46 - 00046528 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuy2_i422_plugin.dll
2016-06-01 09:46 - 2016-06-01 09:46 - 00030656 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libgrey_yuv_plugin.dll
2016-06-01 09:46 - 2016-06-01 09:46 - 00059840 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll
2016-06-01 09:46 - 2016-06-01 09:46 - 00042944 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_plugin.dll
2016-06-01 09:46 - 2016-06-01 09:46 - 00053696 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_plugin.dll
2016-06-01 09:46 - 2016-06-01 09:46 - 00043456 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_plugin.dll
2016-06-01 09:46 - 2016-06-01 09:46 - 00027072 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_i420_plugin.dll
2016-06-01 09:46 - 2016-06-01 09:46 - 00027072 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_filter\libscale_plugin.dll
2016-06-01 09:46 - 2016-06-01 09:46 - 00026560 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_filter\libyuvp_plugin.dll
2016-06-01 09:46 - 2016-06-01 09:46 - 00026560 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_mixer\libfloat_mixer_plugin.dll
2016-06-01 09:46 - 2016-06-01 09:46 - 00034240 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll
2016-06-01 09:46 - 2016-06-01 09:46 - 01515456 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll
2016-11-11 12:52 - 2016-11-11 12:52 - 00040248 _____ () C:\program files (x86)\real\realplayer\UpdateService\DL2UpdatePlugin.dll
2016-11-11 12:52 - 2016-11-11 12:52 - 00042296 _____ () C:\program files (x86)\real\realplayer\UpdateService\RealDownloaderUpdatePlugin.dll
2016-11-11 12:52 - 2016-11-11 12:52 - 00039752 _____ () C:\program files (x86)\real\realplayer\UpdateService\VideoDLUpdatePlugin.dll
2016-12-14 23:37 - 2016-12-14 23:37 - 01244376 _____ () C:\Users\captn\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\ClientTelemetry.dll
2016-11-30 02:28 - 2016-11-30 02:28 - 00101256 _____ () c:\program files (x86)\real\realplayer\CrashRpt\CrashRpt1402.dll
2016-12-02 20:59 - 2016-12-02 20:59 - 48920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2014-10-05 22:10 - 00000938 ___RA C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-825610380-2903063623-3906473893-1000\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\windows\img0.jpg
HKU\S-1-5-21-825610380-2903063623-3906473893-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\captn\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "DivXMediaServer"
HKU\S-1-5-21-825610380-2903063623-3906473893-1001\...\StartupApproved\Run: => "Plex Media Server"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [MSMQ-In-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => LPort=808
FirewallRules: [UDP Query User{FF697683-DD8E-4DEF-8FF0-1148F7CA69EB}C:\users\captn\desktop\channels\firetv build mk2\kodi.exe] => C:\users\captn\desktop\channels\firetv build mk2\kodi.exe
FirewallRules: [TCP Query User{361EB086-5616-4871-9F64-2A9493A6AF39}C:\users\captn\desktop\channels\firetv build mk2\kodi.exe] => C:\users\captn\desktop\channels\firetv build mk2\kodi.exe
FirewallRules: [UDP Query User{4C748C92-14A1-4788-A3F4-B2B7922D9CA2}C:\users\captn\desktop\channels\atmosphere sports build\kodi.exe] => C:\users\captn\desktop\channels\atmosphere sports build\kodi.exe
FirewallRules: [TCP Query User{4F8FB83E-EF71-42F5-B51F-ED06F6B13631}C:\users\captn\desktop\channels\atmosphere sports build\kodi.exe] => C:\users\captn\desktop\channels\atmosphere sports build\kodi.exe
FirewallRules: [UDP Query User{371732CA-BD65-4E99-A14C-EED6C5358201}C:\users\captn\desktop\channels\evolution\kodi.exe] => C:\users\captn\desktop\channels\evolution\kodi.exe
FirewallRules: [TCP Query User{3235116C-674A-48EA-882B-8F031A283D54}C:\users\captn\desktop\channels\evolution\kodi.exe] => C:\users\captn\desktop\channels\evolution\kodi.exe
FirewallRules: [UDP Query User{7AFB9F53-3788-4E02-B73C-DCF053FF329A}C:\users\captn\desktop\jmc build\kodi.exe] => C:\users\captn\desktop\jmc build\kodi.exe
FirewallRules: [TCP Query User{CC34D557-4748-4FC1-85F0-DA3CEA53EC7C}C:\users\captn\desktop\jmc build\kodi.exe] => C:\users\captn\desktop\jmc build\kodi.exe
FirewallRules: [UDP Query User{096D8C51-6B93-48C3-8C45-24D4FD775F85}C:\users\captn\desktop\hands on (touch)\kodi.exe] => C:\users\captn\desktop\hands on (touch)\kodi.exe
FirewallRules: [TCP Query User{613E7528-A63E-40BD-A3BF-4D36B9B0ABBB}C:\users\captn\desktop\hands on (touch)\kodi.exe] => C:\users\captn\desktop\hands on (touch)\kodi.exe
FirewallRules: [{8EB63F0F-A7E5-4362-81F5-24CECE9D79CC}] => C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
FirewallRules: [{96A908F9-D225-4A04-B8B5-4DD9ABAB352B}] => C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{ADD985C0-CCB5-47AE-B07F-C7495F51D48A}] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [UDP Query User{A42CA975-5342-4A03-A082-62E2888DC33E}C:\program files (x86)\kodi\kodi.exe] => C:\program files (x86)\kodi\kodi.exe
FirewallRules: [TCP Query User{6146891C-E7DB-46E2-B908-FF2450B7CFE2}C:\program files (x86)\kodi\kodi.exe] => C:\program files (x86)\kodi\kodi.exe
FirewallRules: [{A9A1E93F-B1D3-4C66-904F-C41390CF68CC}] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{51DDD360-1BCA-499A-B1F3-6EF20F2329DF}] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{80778715-01AC-48DD-B33B-A3D59FE634F8}] => C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{D68D6701-2511-4ADB-91B6-12AE83E56BF2}] => C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [UDP Query User{925D1C34-908F-467A-BAA9-0B2AA5201855}C:\program files (x86)\movietube\popcorn-time.exe] => C:\program files (x86)\movietube\popcorn-time.exe
FirewallRules: [TCP Query User{D7C82713-BF29-4AE2-9D02-3DE1887339F4}C:\program files (x86)\movietube\popcorn-time.exe] => C:\program files (x86)\movietube\popcorn-time.exe
FirewallRules: [{A73A9E1E-B7EE-4EF2-9BB6-031B54CCEF1F}] => LPort=1900
FirewallRules: [{AF1AC9AA-5672-426F-AC22-AA720867EA5E}] => LPort=2869
FirewallRules: [{7A661746-A4A5-46A3-9FD5-4858D52EC2D7}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{00789E70-B792-4358-9A76-56C147A3DBB2}] => C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{665C1980-E1E9-4282-B430-58AE0B71C2FF}] => C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [UDP Query User{E5B76295-8B65-4000-A9ED-F5DB606B2B19}C:\program files (x86)\videolan\vlc\vlc.exe] => C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{AB28798E-0386-4397-9EF2-4B49D3A63BA0}C:\program files (x86)\videolan\vlc\vlc.exe] => C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{64A632F8-6E86-4588-8556-4C09FCEC0315}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{25D8A8F9-0EA6-4026-9D17-C2648DF4790B}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{782A3FB2-AC22-4A29-ABDF-1C9E2E4C1974}] => C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{7F0E840A-0487-4339-8ACC-3DA2881A0C57}] => C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{2993BAEA-00D1-4974-85B7-CC8B5815B8DA}] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{A0AE5391-B065-48BF-8146-E4E14598EBFA}] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{72E3A154-FF22-4B9B-9841-587584A0ED23}] => C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{30B99B7A-42E6-4798-B0BB-E506CB1B3525}] => C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{C4CDB448-4761-4395-9FAB-48D43467DEB8}] => c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{957CCDBA-4CE4-4FDD-A635-6C825CC71B80}] => C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{CF3C0528-2034-4AAE-91A2-60DC4D803E23}] => C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{F3543C72-CFB1-4F2D-A44E-F4CBA22DDA76}] => C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{57B79761-E289-4E72-A45B-729DD463CBD6}] => C:\Program Files (x86)\AVG\Av\avgemca.exe

==================== Restore Points =========================

23-12-2016 21:31:14 Scheduled Checkpoint
01-01-2017 14:12:27 Scheduled Checkpoint
10-01-2017 16:08:23 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (01/10/2017 10:42:18 PM) (Source: ESENT) (EventID: 489) (User: )
Description: SettingSyncHost (7540) An attempt to open the file "C:\Users\captn\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (01/10/2017 10:42:17 PM) (Source: ESENT) (EventID: 489) (User: )
Description: SettingSyncHost (7540) An attempt to open the file "C:\Users\captn\AppData\Local\Microsoft\Windows\SettingSync\remotemetastore\v1\meta.edb" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (01/10/2017 08:41:33 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (01/10/2017 06:39:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.14393.0, time stamp: 0x57899082
Faulting module name: MSHTML.dll, version: 11.0.14393.576, time stamp: 0x584a7915
Exception code: 0xc0000005
Fault offset: 0x00648387
Faulting process id: 0x8d0
Faulting application start time: 0x01d26b9a7dd5aee0
Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Faulting module path: C:\WINDOWS\SYSTEM32\MSHTML.dll
Report Id: f18b4769-1c9c-40d9-b274-7d39818b8939
Faulting package full name:
Faulting package-relative application ID:

Error: (01/10/2017 04:08:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (01/10/2017 01:09:20 AM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Enumerating user sessions to generate filter pools failed.

Details:
 (HRESULT : 0x80040210) (0x80040210)

Error: (01/10/2017 01:09:20 AM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Enumerating user sessions to generate filter pools failed.

Details:
 (HRESULT : 0x80040210) (0x80040210)

Error: (01/10/2017 01:09:20 AM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Enumerating user sessions to generate filter pools failed.

Details:
 (HRESULT : 0x80040210) (0x80040210)

Error: (01/09/2017 11:45:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.14393.0, time stamp: 0x57899082
Faulting module name: Flash.ocx, version: 24.0.0.186, time stamp: 0x584c9498
Exception code: 0xc0000409
Fault offset: 0x00a70c49
Faulting process id: 0x23a4
Faulting application start time: 0x01d26af951bea31f
Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Faulting module path: C:\Windows\System32\Macromed\Flash\Flash.ocx
Report Id: 41553fec-da5a-4090-a931-2e866871d5dd
Faulting package full name:
Faulting package-relative application ID:

Error: (01/09/2017 10:12:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.14393.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2b98

Start Time: 01d26aed053a8fc2

Termination Time: 12

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id: 953fcae2-d6e2-11e6-8e7f-c03fd5421755

Faulting package full name:

Faulting package-relative application ID:

System errors:
=============
Error: (01/10/2017 06:22:00 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/10/2017 06:21:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (01/10/2017 06:20:34 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
Access is denied.

Error: (01/10/2017 04:38:29 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (01/10/2017 04:38:25 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (01/10/2017 04:38:21 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (01/10/2017 04:38:17 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (01/10/2017 04:38:13 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (01/10/2017 04:38:09 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (01/10/2017 04:38:05 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

CodeIntegrity:
===================================
  Date: 2017-01-10 18:21:33.101
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\msvcp140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-10 18:21:33.098
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-10 18:21:33.098
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-10 18:21:33.029
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\msvcp140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-10 18:21:33.026
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-10 18:21:33.026
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-10 18:21:32.699
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-10 15:12:40.306
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-10 15:12:38.357
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-10 15:12:26.400
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel® Core™ i5-4670K CPU @ 3.40GHz
Percentage of memory in use: 42%
Total physical RAM: 8015.21 MB
Available physical RAM: 4645.11 MB
Total Virtual: 16207.21 MB
Available Virtual: 13171.14 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1862.23 GB) (Free:1672.41 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 0B855EF6)
Partition 1: (Active) - (Size=356 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1862.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=449 MB) - (Type=27)

==================== End of Addition.txt ============================

2016-12-11 16:04 - 2016-09-24 01:03 - 00000000 ____D C:\Users\Administrator
2016-12-11 14:25 - 2016-10-26 16:13 - 00010870 ____H C:\Users\Administrator\AppData\Local\IconCache.db
2016-12-11 14:25 - 2016-09-24 01:03 - 00524288 ___SH C:\Users\Administrator\NTUSER.DAT{0de555a7-8224-11e6-a7b9-c20de3ce8982}.TMContainer00000000000000000002.regtrans-ms
2016-12-11 14:25 - 2016-09-24 01:03 - 00524288 ___SH C:\Users\Administrator\NTUSER.DAT{0de555a7-8224-11e6-a7b9-c20de3ce8982}.TMContainer00000000000000000001.regtrans-ms
2016-12-11 14:25 - 2016-09-24 01:03 - 00065536 ___SH C:\Users\Administrator\NTUSER.DAT{0de555a7-8224-11e6-a7b9-c20de3ce8982}.TM.blf
2016-12-11 13:58 - 2016-09-24 01:03 - 00000000 ____D C:\Users\Administrator\AppData\Local
2016-12-11 13:58 - 2016-03-12 19:48 - 00000000 ___RD C:\Users\Administrator\Links
2016-12-11 13:58 - 2016-03-12 19:48 - 00000000 ____D C:\Users\Administrator\AppData\Local\Packages
2016-12-11 13:57 - 2016-10-26 16:09 - 00000174 ___SH C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
2016-12-11 13:57 - 2016-09-24 01:03 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
2016-12-11 13:57 - 2016-03-12 19:48 - 00000402 ___SH C:\Users\Administrator\Documents\desktop.ini
2016-12-11 13:57 - 2016-03-12 19:48 - 00000282 ___SH C:\Users\Administrator\Downloads\desktop.ini
2016-12-11 13:57 - 2016-03-12 19:48 - 00000282 ___SH C:\Users\Administrator\Desktop\desktop.ini
2016-12-11 13:57 - 2016-03-12 19:48 - 00000174 ___SH C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
2016-12-11 13:57 - 2016-03-12 19:48 - 00000000 __SHD C:\Users\Administrator\IntelGraphicsProfiles
2016-12-11 13:57 - 2016-03-12 19:48 - 00000000 ___RD C:\Users\Administrator\Videos
2016-12-11 13:57 - 2016-03-12 19:48 - 00000000 ___RD C:\Users\Administrator\Searches
2016-12-11 13:57 - 2016-03-12 19:48 - 00000000 ___RD C:\Users\Administrator\Saved Games
2016-12-11 13:57 - 2016-03-12 19:48 - 00000000 ___RD C:\Users\Administrator\Pictures
2016-12-11 13:57 - 2016-03-12 19:48 - 00000000 ___RD C:\Users\Administrator\Music
2016-12-11 13:57 - 2016-03-12 19:48 - 00000000 ___RD C:\Users\Administrator\Favorites
2016-12-11 13:57 - 2016-03-12 19:48 - 00000000 ___RD C:\Users\Administrator\Downloads
2016-12-11 13:57 - 2016-03-12 19:48 - 00000000 ___RD C:\Users\Administrator\Documents
2016-12-11 13:57 - 2016-03-12 19:48 - 00000000 ___RD C:\Users\Administrator\Desktop
2016-12-11 13:57 - 2016-03-12 19:48 - 00000000 ___RD C:\Users\Administrator\Contacts
2016-12-11 13:57 - 2016-03-12 19:48 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2016-12-11 13:57 - 2016-03-12 19:48 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2016-12-11 13:57 - 2015-09-10 00:44 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-12-11 03:06 - 2016-09-24 01:33 - 00000174 ___SH C:\Users\captn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
2016-12-11 03:06 - 2016-09-24 01:03 - 00000000 ____D C:\Users\captn\AppData\Local
2016-12-11 03:06 - 2016-09-13 23:25 - 00000282 ___SH C:\Users\captn\Downloads\desktop.ini
2016-12-11 03:06 - 2016-07-14 10:36 - 00000282 ___SH C:\Users\captn\Desktop\desktop.ini
2016-12-11 03:06 - 2014-05-07 23:11 - 00000402 ___SH C:\Users\captn\Documents\desktop.ini
2016-12-11 03:06 - 2014-05-07 23:11 - 00000174 ___SH C:\Users\captn\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
2016-12-11 03:06 - 2014-05-07 23:11 - 00000000 ___RD C:\Users\captn\Videos
2016-12-11 03:06 - 2014-05-07 23:11 - 00000000 ___RD C:\Users\captn\Searches
2016-12-11 03:06 - 2014-05-07 23:11 - 00000000 ___RD C:\Users\captn\Saved Games
2016-12-11 03:06 - 2014-05-07 23:11 - 00000000 ___RD C:\Users\captn\Links
2016-12-11 03:06 - 2014-05-07 23:11 - 00000000 ___RD C:\Users\captn\Documents
2016-12-11 03:06 - 2014-05-07 23:11 - 00000000 ___RD C:\Users\captn\Contacts
2016-12-11 03:06 - 2014-05-07 23:11 - 00000000 ___RD C:\Users\captn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2016-12-11 03:06 - 2014-05-07 23:11 - 00000000 ___RD C:\Users\captn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2016-12-11 03:04 - 2016-07-16 01:04 - 00262144 _____ C:\Users\Default\NTUSER.DAT
2016-12-11 03:03 - 2016-08-16 21:08 - 00000000 ____D C:\Program Files\Google
2016-12-11 03:03 - 2016-08-16 21:08 - 00000000 ____D C:\Program Files (x86)\Google
2016-12-11 03:02 - 2016-07-16 06:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-12-11 03:02 - 2016-07-16 06:47 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2016-12-11 03:02 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2016-12-11 03:02 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-12-11 03:02 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\wbem
2016-12-11 03:02 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\sr-Latn-CS
2016-12-11 03:02 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-12-11 03:02 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-12-11 03:02 - 2016-07-16 06:47 - 00000000 ____D C:\Program Files\Internet Explorer
2016-12-11 03:02 - 2016-07-16 06:47 - 00000000 ____D C:\Program Files (x86)\Internet Explorer
2016-12-11 03:02 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-12-11 03:02 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-12-11 03:02 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-12-11 03:02 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\servicing
2016-12-11 02:19 - 2016-07-16 06:47 - 00000000 ___HD C:\ProgramData

==================== Files in the root of some directories =======

2015-08-12 21:18 - 2015-08-12 21:18 - 0023069 _____ () C:\Users\captn\AppData\Local\recently-used.xbel
2016-05-16 22:09 - 2016-05-16 22:09 - 0000017 _____ () C:\Users\captn\AppData\Local\resmon.resmoncfg
2014-06-03 01:56 - 2014-06-03 01:58 - 0001217 _____ () C:\ProgramData\RUNDLL32.EXE-1788-F.txt
2014-06-03 22:12 - 2014-06-03 22:13 - 0000113 _____ () C:\ProgramData\RUNDLL32.EXE-2416-F.txt
2014-06-03 22:15 - 2014-06-03 22:19 - 0000627 _____ () C:\ProgramData\RUNDLL32.EXE-2432-F.txt
2014-06-04 14:01 - 2014-06-04 14:01 - 0000246 _____ () C:\ProgramData\RUNDLL32.EXE-2504-F.txt
2014-06-04 14:10 - 2014-06-04 14:14 - 0002256 _____ () C:\ProgramData\RUNDLL32.EXE-2592-F.txt
2014-06-04 14:18 - 2014-06-04 14:20 - 0001134 _____ () C:\ProgramData\RUNDLL32.EXE-2616-F.txt
2014-06-04 14:16 - 2014-06-04 14:16 - 0000241 _____ () C:\ProgramData\RUNDLL32.EXE-2724-F.txt
2014-06-04 14:07 - 2014-06-04 14:08 - 0000555 _____ () C:\ProgramData\RUNDLL32.EXE-2736-F.txt
2014-06-04 14:04 - 2014-06-04 14:05 - 0000607 _____ () C:\ProgramData\RUNDLL32.EXE-2812-F.txt
2014-06-03 22:09 - 2014-06-03 22:09 - 0000620 _____ () C:\ProgramData\RUNDLL32.EXE-3060-F.txt

Some files in TEMP:
====================
C:\Users\captn\AppData\Local\Temp\procexp64.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-02 19:04

==================== End of FRST.txt ============================

Attached Thumbnails

  • imagesCA9CS5CC.jpg

  • 0

Advertisements


#2
Jr0x

Jr0x

    Malware removal team

  • Malware Removal
  • 1,830 posts
Hi jamally,

Welcome to :welcome:. My name is Jr0x and I'll be helping you with your problem.

Please Note: I am still in training and my fixes have to be approved by my instructor so there may be a slight delay in my replies. Look upon it as a good thing though in that you have two people looking at your problem.

Before we get started, there are a few things I need you to take note of.
  • Please read through the instructions before attempting to follow those procedures. I would recommend printing them out as some of the instructions would requires you to be in safe mode / offline.
  • If there is anything you are unclear of, please ask before you start the fix.
  • Do not run any scripts / tools on your own, unsupervised usage may cause more harm than good.
  • Please stay with me on this thread, do not start another thread in here (Geeks To Go) or any other forum until I've declared you clean and good to go.
  • There may be delayed response to you as we may live in different timezone.
  • Inform me of anything that happens unexpectedly during the fix at any point of time.
  • As much as we like to make this a easy process for you. Malware removal is a complex multi-step process, and things may happen such as data loss or render your machine unbootable. I would recommend that you backup your personal data before we proceed.
  • Posts that are not replied to in four (4) days will result in the topic being closed. We have not forgotten you; this is just an effort to keep the boards organized and flowing. To continue on your closed topic, please PM me or any Moderator to have the topic reactivated. If, at any time during our working together, I have not responded to you in 2 days (48 hours), then please PM me.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • As we go along please tell me how the computer is running now. Please be as descriptive as possible e.g. I'm still getting web redirects, I am unable to access the internet etc.
Let's get started.

You're right not to run lizglass fix onto your own machine. That could cause more issue than you expect to resolve it.

Work closely with me and I'll try my best to help you to resolve your issue.

First, I would require a fresh set of log to start off.

FRST.gif Re-Scan with Farbar's Recovery Scan Tool (FRST)
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File).
  • Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • Because you selected the Addition.txt check box this log will be created as well. Please also paste that along with the FRST.txt into your reply.
  • You have mixed up the log on your post, by inserting Addition log halfway into the FRST log. Do ensure that you paste the entire FRST log first, before pasting Addition log.

  • 0

#3
jamally

jamally

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts

thank you....  i'm not the sharpest knife in the drawer, but together we'll make the cut....

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-01-2017
Ran by captn (administrator) on 10CHOCTAW (15-01-2017 12:01:39)
Running from C:\Users\captn\Desktop
Loaded Profiles: UpdatusUser & captn (Available Profiles: UpdatusUser & captn & Administrator & DefaultAppPool)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
() C:\Program Files (x86)\Real\RealPlayer\UpdateService\RealPlayerUpdateSvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
() C:\Windows\SysWOW64\Codecs\TrayMenu.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(Insight Technology Ltd.) C:\Program Files\Commons\xplay.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-28] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [401896 2016-11-01] ()
HKLM-x32\...\Run: [USB3MON] => "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694040 2014-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LTCM Client] => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [2756864 2011-04-07] (Leader Technologies Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [1046496 2016-12-22] (DivX, LLC)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [352648 2016-11-30] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\Real\RealDownloader\downloader2.exe [730864 2016-12-13] ()
HKLM-x32\...\Run: [Codec Settings UAC Manager] => C:\WINDOWS\SysWOW64\Codecs\CodecUACManager.exe [68904 2017-01-08] ()
HKU\S-1-5-21-825610380-2903063623-3906473893-1000\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-21-825610380-2903063623-3906473893-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd)
HKU\S-1-5-21-825610380-2903063623-3906473893-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4015216 2016-12-15] (Tonec Inc.)
HKU\S-1-5-21-825610380-2903063623-3906473893-1001\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [6536008 2016-04-22] (Plex, Inc.)
HKU\S-1-5-21-825610380-2903063623-3906473893-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2017-01-10] (SUPERAntiSpyware)
HKU\S-1-5-21-825610380-2903063623-3906473893-1001\...\Run: [Codec Pack Update Checker] => "C:\WINDOWS\system32\Codecs\UpdateChecker.exe"
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackTrayMenu.lnk [2017-01-10]
ShortcutTarget: CodecPackTrayMenu.lnk -> C:\Windows\SysWOW64\Codecs\TrayMenu.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2016-11-30]
ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\Users\captn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XPlay.lnk [2015-11-28]
ShortcutTarget: XPlay.lnk -> C:\Program Files\Commons\xplay.exe (Insight Technology Ltd.)
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{38993c19-1226-4d77-9c08-e6f1fe8b1104}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-825610380-2903063623-3906473893-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
SearchScopes: HKLM -> {7A1FE267-066C-4ACD-9F7A-3C8E54890A20} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {7A1FE267-066C-4ACD-9F7A-3C8E54890A20} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\program files (x86)\real\realplayer\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2016-11-11] (RealDownloader)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-21] (Oracle Corporation)
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.3.6.255\AVG Web TuneUp.dll => No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-21] (Oracle Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\program files (x86)\real\realplayer\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2016-11-11] (RealDownloader)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {95B5D20C-BD31-4489-8ABF-F8C8BE748463} hxxp://zone.msn.com/bingame/zpagames/zpa_hrtz.cab99160.cab
DPF: HKLM-x32 {9BDF4724-10AA-43D5-BD15-AEA0D2287303} hxxp://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab
DPF: HKLM-x32 {A4110378-789B-455F-AE86-3A1BFC402853} hxxp://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
DPF: HKLM-x32 {B8BE5E93-A60C-4D26-A2DC-220313175592} hxxp://zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: HKLM-x32 {CAC181B0-4D70-402D-B571-C596A47D0CE0} hxxp://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc.)

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2015-06-15] [not signed]
FF HKU\S-1-5-21-825610380-2903063623-3906473893-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-11-16]
FF HKU\S-1-5-21-825610380-2903063623-3906473893-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\captn\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\captn\AppData\Roaming\IDM\idmmzcc5 [2017-01-15] [not signed]
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-21] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-07-22] (Adobe Systems)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2016-12-23] (DivX, LLC)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-06-21] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-06-21] (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=18.1.6.161 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2016-11-30] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=18.1.6.161 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2016-11-30] (RealPlayer)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-07-22] (Adobe Systems)
FF Plugin HKU\S-1-5-21-825610380-2903063623-3906473893-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\captn\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-08-08] (Unity Technologies ApS)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-12-15]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-12-15]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-12-15]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [971160 2016-12-15] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5337600 2016-12-15] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1146128 2016-12-06] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [725976 2016-12-15] (AVG Technologies CZ, s.r.o.)
R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [676336 2015-06-25] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2016-11-01] (Intel Corporation)
R2 RealPlayerUpdateSvc; C:\program files (x86)\real\realplayer\UpdateService\RealPlayerUpdateSvc.exe [35104 2016-11-11] ()
R2 RealTimes Desktop Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [987408 2016-11-30] (RealNetworks, Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 Avgboota; C:\WINDOWS\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\WINDOWS\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdrivera.sys [312576 2016-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\WINDOWS\System32\DRIVERS\avgidsha.sys [267008 2016-10-05] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\WINDOWS\System32\DRIVERS\avgldx64.sys [298240 2016-11-30] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\WINDOWS\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\WINDOWS\System32\DRIVERS\avgmfx64.sys [254208 2016-09-26] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\WINDOWS\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.)
R0 Avguniva; C:\WINDOWS\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\WINDOWS\system32\DRIVERS\avgwfpa.sys [313096 2016-08-04] (AVG Technologies CZ, s.r.o.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 netr28x; C:\WINDOWS\System32\drivers\netr28x.sys [2504192 2016-07-16] (MediaTek Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-15 12:01 - 2017-01-15 12:02 - 00019224 _____ C:\Users\captn\Desktop\FRST.txt
2017-01-15 11:55 - 2017-01-15 11:55 - 02419200 _____ (Farbar) C:\Users\captn\Desktop\FRST64.exe
2017-01-13 19:22 - 2017-01-13 19:22 - 00203344 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-13 00:18 - 2017-01-13 00:18 - 00000000 ____D C:\Program Files (x86)\ESET
2017-01-11 13:18 - 2017-01-11 13:18 - 00000215 _____ C:\Users\captn\Desktop\Google.url
2017-01-11 12:46 - 2016-12-22 18:13 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-01-11 12:46 - 2016-12-22 18:13 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-10 22:47 - 2017-01-15 12:01 - 00000000 ____D C:\FRST
2017-01-10 18:58 - 2016-12-21 03:08 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-01-10 18:58 - 2016-12-21 03:08 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-01-10 18:58 - 2016-12-21 03:04 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-01-10 18:58 - 2016-12-21 02:49 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-01-10 18:58 - 2016-12-21 02:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-01-10 18:58 - 2016-12-21 02:45 - 00153952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcmiplugin.dll
2017-01-10 18:58 - 2016-12-21 02:43 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-01-10 18:58 - 2016-12-21 02:43 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-01-10 18:58 - 2016-12-21 02:43 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-01-10 18:58 - 2016-12-21 02:43 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-01-10 18:58 - 2016-12-21 02:42 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-01-10 18:58 - 2016-12-21 02:42 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-01-10 18:58 - 2016-12-21 02:42 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-01-10 18:58 - 2016-12-21 02:42 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-01-10 18:58 - 2016-12-21 02:41 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-10 18:58 - 2016-12-21 02:37 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-01-10 18:58 - 2016-12-21 02:15 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-10 18:58 - 2016-12-21 02:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-01-10 18:58 - 2016-12-21 02:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-01-10 18:58 - 2016-12-21 02:09 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-01-10 18:58 - 2016-12-21 02:08 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-01-10 18:58 - 2016-12-21 02:08 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-01-10 18:58 - 2016-12-21 02:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-10 18:58 - 2016-12-21 02:08 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-01-10 18:58 - 2016-12-21 02:07 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-01-10 18:58 - 2016-12-21 02:06 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-01-10 18:58 - 2016-12-21 02:06 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-01-10 18:58 - 2016-12-21 02:06 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-01-10 18:58 - 2016-12-21 02:06 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-01-10 18:58 - 2016-12-21 02:05 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-01-10 18:58 - 2016-12-21 02:05 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-01-10 18:58 - 2016-12-21 02:05 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-01-10 18:58 - 2016-12-21 02:01 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-01-10 18:58 - 2016-12-21 02:00 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2017-01-10 18:58 - 2016-12-21 01:59 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-01-10 18:58 - 2016-12-21 01:59 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-01-10 18:58 - 2016-12-21 01:58 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-01-10 18:58 - 2016-12-21 01:57 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2017-01-10 18:58 - 2016-12-21 01:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-01-10 18:58 - 2016-12-21 01:56 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-01-10 18:58 - 2016-12-21 01:55 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-10 18:58 - 2016-12-21 01:55 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-01-10 18:58 - 2016-12-21 01:54 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2017-01-10 18:58 - 2016-12-21 01:53 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-01-10 18:58 - 2016-12-21 01:53 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-01-10 18:58 - 2016-12-21 01:51 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-01-10 18:58 - 2016-12-21 01:51 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-01-10 18:58 - 2016-12-21 01:50 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-01-10 18:58 - 2016-12-21 01:49 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-01-10 18:58 - 2016-12-21 01:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-01-10 18:58 - 2016-12-21 01:49 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-01-10 18:58 - 2016-12-21 01:47 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-01-10 18:58 - 2016-12-21 00:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2017-01-10 18:58 - 2016-12-21 00:09 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-01-10 18:58 - 2016-12-21 00:03 - 00136544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqmigplugin.dll
2017-01-10 18:58 - 2016-12-21 00:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-01-10 18:58 - 2016-12-21 00:02 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-01-10 18:58 - 2016-12-21 00:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-01-10 18:58 - 2016-12-21 00:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-01-10 18:58 - 2016-12-21 00:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-01-10 18:58 - 2016-12-21 00:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-01-10 18:58 - 2016-12-21 00:01 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-01-10 18:58 - 2016-12-20 23:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2017-01-10 18:58 - 2016-12-20 23:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-01-10 18:58 - 2016-12-20 23:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2017-01-10 18:58 - 2016-12-20 23:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-10 18:58 - 2016-12-20 23:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-01-10 18:58 - 2016-12-20 23:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2017-01-10 18:58 - 2016-12-20 23:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-01-10 18:58 - 2016-12-20 23:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-01-10 18:58 - 2016-12-20 23:39 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-01-10 18:58 - 2016-12-20 23:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-01-10 18:58 - 2016-12-20 23:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2017-01-10 18:58 - 2016-12-20 23:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-01-10 18:58 - 2016-12-20 23:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-01-10 18:58 - 2016-12-20 23:34 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-01-10 18:58 - 2016-12-20 23:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-01-10 18:58 - 2016-12-20 23:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-01-10 18:58 - 2016-12-20 23:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2017-01-10 18:58 - 2016-12-20 23:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-01-10 18:58 - 2016-12-20 23:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-01-10 18:58 - 2016-12-20 23:26 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2017-01-10 18:58 - 2016-12-20 23:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-01-10 18:58 - 2016-12-20 23:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-01-10 18:58 - 2016-12-20 23:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-01-10 18:58 - 2016-12-20 23:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-01-10 18:58 - 2016-12-14 00:41 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-01-10 18:58 - 2016-12-14 00:41 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-01-10 18:58 - 2016-12-14 00:34 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-01-10 18:58 - 2016-12-14 00:33 - 02169184 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-01-10 18:58 - 2016-12-14 00:33 - 01669984 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-01-10 18:58 - 2016-12-14 00:33 - 01400160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-01-10 18:58 - 2016-12-14 00:33 - 01356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-01-10 18:58 - 2016-12-14 00:33 - 01054048 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2017-01-10 18:58 - 2016-12-14 00:33 - 00992096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2017-01-10 18:58 - 2016-12-14 00:33 - 00822624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-01-10 18:58 - 2016-12-14 00:33 - 00813408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-01-10 18:58 - 2016-12-14 00:33 - 00779616 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2017-01-10 18:58 - 2016-12-14 00:33 - 00752992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-01-10 18:58 - 2016-12-14 00:33 - 00704352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-01-10 18:58 - 2016-12-14 00:33 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-01-10 18:58 - 2016-12-14 00:33 - 00571744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-01-10 18:58 - 2016-12-14 00:33 - 00513376 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2017-01-10 18:58 - 2016-12-14 00:33 - 00406368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-01-10 18:58 - 2016-12-14 00:33 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2017-01-10 18:58 - 2016-12-14 00:33 - 00190816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVDllSurrogate.exe
2017-01-10 18:58 - 2016-12-14 00:23 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-01-10 18:58 - 2016-12-14 00:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2017-01-10 18:58 - 2016-12-14 00:19 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-01-10 18:58 - 2016-12-14 00:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-01-10 18:58 - 2016-12-14 00:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-01-10 18:58 - 2016-12-14 00:17 - 00319288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-01-10 18:58 - 2016-12-14 00:14 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-01-10 18:58 - 2016-12-14 00:14 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2017-01-10 18:58 - 2016-12-14 00:14 - 00089416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-01-10 18:58 - 2016-12-14 00:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-01-10 18:58 - 2016-12-14 00:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2017-01-10 18:58 - 2016-12-14 00:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2017-01-10 18:58 - 2016-12-13 23:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-01-10 18:58 - 2016-12-13 23:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-01-10 18:58 - 2016-12-13 23:46 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-01-10 18:58 - 2016-12-13 23:43 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-01-10 18:58 - 2016-12-13 23:42 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-01-10 18:58 - 2016-12-13 23:42 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-01-10 18:58 - 2016-12-13 23:42 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-10 18:58 - 2016-12-13 23:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-01-10 18:58 - 2016-12-13 23:41 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-01-10 18:58 - 2016-12-13 23:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-01-10 18:58 - 2016-12-13 23:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-01-10 18:58 - 2016-12-13 23:40 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-01-10 18:58 - 2016-12-13 23:39 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-01-10 18:58 - 2016-12-13 23:39 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-01-10 18:58 - 2016-12-13 23:39 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-01-10 18:58 - 2016-12-13 23:38 - 17188864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-01-10 18:58 - 2016-12-13 23:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-01-10 18:58 - 2016-12-13 23:38 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-01-10 18:58 - 2016-12-13 23:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
2017-01-10 18:58 - 2016-12-13 23:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-01-10 18:58 - 2016-12-13 23:36 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-01-10 18:58 - 2016-12-13 23:36 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-01-10 18:58 - 2016-12-13 23:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-01-10 18:58 - 2016-12-13 23:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-01-10 18:58 - 2016-12-13 23:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-01-10 18:58 - 2016-12-13 23:35 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-01-10 18:58 - 2016-12-13 23:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2017-01-10 18:58 - 2016-12-13 23:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-01-10 18:58 - 2016-12-13 23:26 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-01-10 18:58 - 2016-12-13 23:26 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-01-10 18:58 - 2016-12-13 23:25 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2017-01-10 18:58 - 2016-12-13 23:24 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2017-01-10 18:58 - 2016-12-13 23:24 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-01-10 18:58 - 2016-12-13 23:23 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-01-10 18:58 - 2016-12-13 23:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-01-10 18:58 - 2016-12-13 23:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2017-01-10 18:58 - 2016-12-13 23:22 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-01-10 18:58 - 2016-12-13 23:22 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-01-10 18:58 - 2016-12-13 23:22 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-01-10 18:58 - 2016-12-13 23:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-01-10 18:58 - 2016-11-02 07:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-01-10 18:58 - 2016-11-02 06:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-01-10 18:58 - 2016-11-02 05:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-01-10 18:58 - 2016-11-02 05:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-01-10 18:58 - 2016-11-02 05:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-01-10 18:58 - 2016-08-01 23:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-01-10 18:57 - 2016-12-21 02:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-01-10 18:57 - 2016-12-21 02:13 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2017-01-10 18:57 - 2016-12-21 02:12 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2017-01-10 18:57 - 2016-12-21 02:10 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2017-01-10 18:57 - 2016-12-21 02:08 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-01-10 18:57 - 2016-12-21 02:08 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-01-10 18:57 - 2016-12-21 01:53 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-01-10 18:57 - 2016-12-21 01:51 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-01-10 18:57 - 2016-12-20 23:24 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-01-10 18:57 - 2016-12-20 23:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-01-10 18:57 - 2016-12-20 23:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-01-10 18:57 - 2016-12-20 23:22 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-01-10 18:57 - 2016-12-14 00:26 - 01469792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-01-10 18:57 - 2016-12-14 00:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-01-10 18:57 - 2016-12-14 00:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-01-10 18:57 - 2016-12-13 23:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-01-10 18:57 - 2016-12-13 23:40 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2017-01-10 18:57 - 2016-12-13 23:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-10 18:57 - 2016-12-13 23:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2017-01-10 18:57 - 2016-12-13 23:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-01-10 18:57 - 2016-12-13 23:22 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-01-10 18:19 - 2017-01-10 18:19 - 00000000 ____D C:\WINDOWS\SysWOW64\Codecs
2017-01-10 18:19 - 2017-01-10 18:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player - Codec Pack
2017-01-08 17:08 - 2017-01-08 17:08 - 00055480 _____ C:\WINDOWS\SysWOW64\DiscHandler.exe
2017-01-08 01:18 - 2017-01-08 01:18 - 00000026 _____ C:\Users\captn\dancehall.txt
2017-01-06 19:59 - 2017-01-07 00:59 - 00002567 _____ C:\Users\captn\piccolo's letter.txt
2016-12-31 16:42 - 2016-12-31 22:49 - 00000939 _____ C:\WINDOWS\Tasks\EPSON XP-610 Series Update {CA6E1FFC-03FC-469D-9C2D-90504A393527}.job
2016-12-31 16:42 - 2016-12-31 22:49 - 00000939 _____ C:\WINDOWS\Tasks\EPSON XP-610 Series Update {7B05363D-6601-4821-9E41-DF3D89B917AA}.job
2016-12-31 16:42 - 2016-12-31 22:49 - 00000753 _____ C:\WINDOWS\Tasks\EPSON XP-610 Series Invitation {CA6E1FFC-03FC-469D-9C2D-90504A393527}.job
2016-12-31 16:42 - 2016-12-31 22:49 - 00000753 _____ C:\WINDOWS\Tasks\EPSON XP-610 Series Invitation {7B05363D-6601-4821-9E41-DF3D89B917AA}.job
2016-12-31 16:42 - 2016-12-31 16:42 - 00004136 _____ C:\WINDOWS\System32\Tasks\EPSON XP-610 Series Update {CA6E1FFC-03FC-469D-9C2D-90504A393527}
2016-12-31 16:42 - 2016-12-31 16:42 - 00004136 _____ C:\WINDOWS\System32\Tasks\EPSON XP-610 Series Update {7B05363D-6601-4821-9E41-DF3D89B917AA}
2016-12-31 16:42 - 2016-12-31 16:42 - 00003958 _____ C:\WINDOWS\System32\Tasks\EPSON XP-610 Series Invitation {CA6E1FFC-03FC-469D-9C2D-90504A393527}
2016-12-31 16:42 - 2016-12-31 16:42 - 00003958 _____ C:\WINDOWS\System32\Tasks\EPSON XP-610 Series Invitation {7B05363D-6601-4821-9E41-DF3D89B917AA}
2016-12-16 18:16 - 2016-12-16 18:16 - 00000000 ____D C:\Users\Default\AppData\Roaming\RealNetworks
2016-12-16 18:16 - 2016-12-16 18:16 - 00000000 ____D C:\Users\Default User\AppData\Roaming\RealNetworks

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-15 11:59 - 2014-05-09 00:49 - 00000000 ____D C:\Users\captn\Downloads\Video
2017-01-15 11:47 - 2014-10-07 16:45 - 00000000 ____D C:\Users\captn\Desktop\Security Tools
2017-01-15 11:42 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2017-01-15 11:29 - 2016-12-11 16:08 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-01-15 11:29 - 2015-09-28 18:49 - 00000000 __SHD C:\Users\captn\IntelGraphicsProfiles
2017-01-15 04:20 - 2014-05-09 00:49 - 00000000 ____D C:\Users\captn\AppData\Roaming\DMCache
2017-01-15 02:43 - 2014-05-07 23:19 - 00000000 ____D C:\ProgramData\MFAData
2017-01-14 23:53 - 2016-09-24 01:21 - 00003668 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task
2017-01-14 23:43 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-14 19:21 - 2016-09-24 00:57 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-14 00:20 - 2016-09-24 01:02 - 02781834 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-14 00:16 - 2016-09-24 01:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-14 00:16 - 2013-11-19 06:26 - 00000000 ____D C:\ProgramData\NVIDIA
2017-01-14 00:15 - 2016-07-16 01:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-01-13 23:03 - 2014-05-09 00:49 - 00000000 ____D C:\Users\captn\AppData\Roaming\IDM
2017-01-13 19:30 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-13 19:22 - 2015-09-07 21:00 - 00000000 ____D C:\ProgramData\DivX
2017-01-13 04:22 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF
2017-01-12 22:36 - 2015-05-27 22:24 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-01-12 18:52 - 2015-09-26 17:49 - 00000000 ____D C:\Users\captn\Desktop\DivX
2017-01-12 18:52 - 2015-09-07 21:07 - 00000000 ____D C:\Program Files (x86)\DivX
2017-01-12 18:51 - 2016-09-24 01:21 - 00003708 _____ C:\WINDOWS\System32\Tasks\DivXUpdate
2017-01-12 18:51 - 2015-09-07 21:08 - 00000000 ____D C:\Users\captn\AppData\Roaming\DivX
2017-01-12 18:51 - 2015-09-07 21:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2017-01-12 18:15 - 2015-11-04 19:46 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-12 18:03 - 2016-07-16 01:04 - 00008192 _____ C:\WINDOWS\system32\config\ELAM
2017-01-12 01:34 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\rescache
2017-01-11 12:50 - 2015-09-10 00:44 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-11 04:05 - 2016-07-16 06:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-11 04:05 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-01-11 04:05 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-11 04:05 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-01-11 04:05 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-01-11 04:05 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-01-11 03:32 - 2014-05-07 23:50 - 00000000 ____D C:\Users\captn\AppData\Roaming\vlc
2017-01-10 21:47 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-01-10 20:46 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-10 20:41 - 2014-05-18 21:24 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-10 20:39 - 2014-05-18 21:24 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-10 18:35 - 2016-09-24 01:21 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-01-10 18:21 - 2016-10-23 21:05 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-01-10 01:54 - 2016-05-08 18:53 - 00000000 ____D C:\Users\captn\AppData\Roaming\Kodi
2017-01-08 19:29 - 2014-08-16 17:23 - 00000000 ____D C:\Users\captn\Desktop\Avs
2017-01-08 01:18 - 2016-09-24 01:03 - 00000000 ____D C:\Users\captn
2017-01-02 21:27 - 2015-10-24 19:05 - 00001009 _____ C:\Users\Public\Desktop\AVG Protection.lnk
2017-01-02 21:27 - 2015-03-25 13:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-01-02 20:57 - 2016-10-19 20:00 - 00000000 ____D C:\AdwCleaner
2017-01-01 13:57 - 2014-12-01 01:19 - 00001104 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2017-01-01 13:57 - 2014-12-01 01:19 - 00001092 _____ C:\Users\Public\Desktop\paint.net.lnk
2017-01-01 13:57 - 2014-08-11 23:03 - 00000000 ____D C:\Program Files\paint.net
2016-12-31 16:42 - 2009-07-13 22:20 - 00000000 ____D C:\WINDOWS\Tasks
2016-12-30 02:53 - 2016-09-24 01:03 - 00000000 ____D C:\Users\Administrator\AppData\Local\Temp
2016-12-25 21:40 - 2014-05-09 21:11 - 00000000 ____D C:\Users\captn\AppData\Local\Diagnostics
2016-12-24 17:12 - 2016-09-24 01:03 - 00000000 ____D C:\Users\captn\AppData\Local\Microsoft
2016-12-18 15:41 - 2014-05-09 00:49 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager
2016-12-16 18:16 - 2016-07-16 06:47 - 00000000 ____D C:\Users\Default\AppData\Roaming
2016-12-16 18:16 - 2016-07-16 06:47 - 00000000 ____D C:\Users\Default User\AppData\Roaming
2016-12-16 18:16 - 2015-07-06 15:44 - 00000000 ____D C:\Program Files (x86)\Real
2016-12-16 18:16 - 2014-08-09 20:37 - 00000000 ____D C:\ProgramData\Package Cache
2016-12-16 05:02 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\en-US
2016-12-16 05:02 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\en-US
2016-12-16 05:02 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Boot
2016-12-16 05:02 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppPatch

==================== Files in the root of some directories =======

2015-08-12 21:18 - 2015-08-12 21:18 - 0023069 _____ () C:\Users\captn\AppData\Local\recently-used.xbel
2016-05-16 22:09 - 2016-05-16 22:09 - 0000017 _____ () C:\Users\captn\AppData\Local\resmon.resmoncfg
2014-06-03 01:56 - 2014-06-03 01:58 - 0001217 _____ () C:\ProgramData\RUNDLL32.EXE-1788-F.txt
2014-06-03 22:12 - 2014-06-03 22:13 - 0000113 _____ () C:\ProgramData\RUNDLL32.EXE-2416-F.txt
2014-06-03 22:15 - 2014-06-03 22:19 - 0000627 _____ () C:\ProgramData\RUNDLL32.EXE-2432-F.txt
2014-06-04 14:01 - 2014-06-04 14:01 - 0000246 _____ () C:\ProgramData\RUNDLL32.EXE-2504-F.txt
2014-06-04 14:10 - 2014-06-04 14:14 - 0002256 _____ () C:\ProgramData\RUNDLL32.EXE-2592-F.txt
2014-06-04 14:18 - 2014-06-04 14:20 - 0001134 _____ () C:\ProgramData\RUNDLL32.EXE-2616-F.txt
2014-06-04 14:16 - 2014-06-04 14:16 - 0000241 _____ () C:\ProgramData\RUNDLL32.EXE-2724-F.txt
2014-06-04 14:07 - 2014-06-04 14:08 - 0000555 _____ () C:\ProgramData\RUNDLL32.EXE-2736-F.txt
2014-06-04 14:04 - 2014-06-04 14:05 - 0000607 _____ () C:\ProgramData\RUNDLL32.EXE-2812-F.txt
2014-06-03 22:09 - 2014-06-03 22:09 - 0000620 _____ () C:\ProgramData\RUNDLL32.EXE-3060-F.txt

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-12 01:32

==================== End of FRST.txt =

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2017
Ran by captn (15-01-2017 12:02:37)
Running from C:\Users\captn\Desktop
Windows 10 Pro Version 1607 (X64) (2016-09-24 06:26:08)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-825610380-2903063623-3906473893-500 - Administrator - Enabled) => C:\Users\Administrator
captn (S-1-5-21-825610380-2903063623-3906473893-1001 - Administrator - Enabled) => C:\Users\captn
DefaultAccount (S-1-5-21-825610380-2903063623-3906473893-503 - Limited - Disabled)
Guest (S-1-5-21-825610380-2903063623-3906473893-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-825610380-2903063623-3906473893-1003 - Limited - Enabled)
UpdatusUser (S-1-5-21-825610380-2903063623-3906473893-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acoustica CD/DVD Label Maker (HKLM-x32\...\Acoustica CD/DVD Label Maker) (Version:  - )
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20053 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.7.1.418 - Adobe Systems Incorporated)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
AVG (Version: 16.141.7996 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4749 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.141.7996 - AVG Technologies)
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.3.6.255 - AVG Technologies)
AVS Audio Editor 7.3 (HKLM-x32\...\AVS Audio Editor_is1) (Version: 7.3.1.493 - Online Media Technologies Ltd.)
AVS Media Player 4.3.3 (HKLM-x32\...\AVS Media Player_is1) (Version: 4.3.3.117 - Online Media Technologies Ltd.)
AVS Video Converter 9.4.1 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: 9.4.1.594 - Online Media Technologies Ltd.)
Belarc Advisor 8.5c (HKLM-x32\...\Belarc Advisor) (Version: 8.5.3.0 - Belarc Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6452 - CDBurnerXP)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DivX Setup (HKLM\...\DivX Setup) (Version: 3.0.0.141 - DivX, LLC)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
EPSON Connect version 1.0 (HKLM-x32\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)
Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.80.0000 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.44.00 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{7BAC3F7A-B963-468E-982E-B5608A87408D}) (Version: 4.4.4 - SEIKO EPSON CORPORATION)
EPSON XP-610 Series Printer Uninstall (HKLM\...\EPSON XP-610 Series) (Version:  - SEIKO EPSON Corporation)
EPSON XP-610 User’s Guide version 1.0 (HKLM-x32\...\UsersGuideEPSON XP-610 User’s Guide_is1) (Version: 1.0 - )
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
FastStone Capture 8.4 (HKLM-x32\...\FastStone Capture) (Version: 8.4 - FastStone Soft)
FastStone Image Viewer 5.3 (HKLM-x32\...\FastStone Image Viewer) (Version: 5.3 - FastStone Soft)
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version:  - FileHippo.com)
FMW 1 (Version: 1.143.3 - AVG Technologies) Hidden
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.1.28 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Kodi (HKU\S-1-5-21-825610380-2903063623-3906473893-1001\...\Kodi) (Version:  - XBMC-Foundation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LTCM Client (HKLM-x32\...\{B38E9B55-7136-4E66-A084-320512FF3F6F}) (Version: 1.20.3792 - Leader Technologies Inc)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MaxiLink2 (HKLM-x32\...\InstallShield_{9D35B3CD-A04D-43BB-8BE5-E932A31F0575}) (Version: 1.11.42 - Autel)
MaxiLink2 (x32 Version: 1.11.42 - Autel) Hidden
Media Player Codec Pack 4.4.3 (HKLM-x32\...\Media Player - Codec Pack) (Version: 4.4.3 - Media Player Codec Pack)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-825610380-2903063623-3906473893-1001\...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
NVIDIA 3D Vision Controller Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 320.49 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 320.49 - NVIDIA Corporation)
NVIDIA Graphics Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.49 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.24.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.24.2 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0604 - NVIDIA Corporation)
paint.net (HKLM\...\{6AC1101E-7561-43C9-BEEA-4AB1D220D8FF}) (Version: 4.0.13 - dotPDN LLC)
Plex Media Server (HKLM-x32\...\{4083e0fa-f188-4146-a257-61608ff30764}) (Version: 0.9.1606 - Plex, Inc.)
Plex Media Server (x32 Version: 0.9.1606 - Plex, Inc.) Hidden
RealDownloader (x32 Version: 18.1.6.161 - RealNetworks, Inc.) Hidden
RealDownloader (x32 Version: 18.1.6.165 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (RealTimes) (HKLM-x32\...\RealPlayer 18.1) (Version: 18.1.6 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Shark007 STANDARD Codecs (HKLM-x32\...\{898E81AD-6DB9-4750-866B-B8958C5DC7AA}) (Version: 3.3.4 - Shark007)
Shark007 STANDARD x64Components (HKLM\...\STANDARD x64Components_is1) (Version: 3.3.4 - Shark007)
STREaM! version 0.25 (HKLM-x32\...\{3D6A45B2-E535-4AEF-8D24-399EB6BF56F4}_is1) (Version: 0.25 - AidyMatic!)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1228 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Unity Web Player (HKU\S-1-5-21-825610380-2903063623-3906473893-1001\...\UnityWebPlayer) (Version: 4.5.3f3 - Unity Technologies ApS)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
vc2012_redist (x32 Version: 1.0.0.0 - Realnetworks) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Video Downloader (x32 Version: 1.3.0 - RealNetworks) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
vs2015_redist x86 (x32 Version: 1.0.0.0 - Realnetworks) Hidden
Windows 7 Upgrade Advisor (HKLM-x32\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08433F5F-8142-46A4-81B8-EC305F5F08DD} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0B1483C0-B46E-498B-88F5-DCC4DB82FE8F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-21] (Adobe Systems Incorporated)
Task: {11369B6B-1266-47E6-8A9E-C7D28A2C4E1F} - System32\Tasks\{36150F81-E723-457C-9453-AFB02FD1A80C} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2014-07-22] (Adobe Systems Incorporated)
Task: {14C3C173-1097-4F68-AE05-0C88AB5F2077} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {17A2B5C2-C12D-4D45-B220-D01C158B3E84} - System32\Tasks\{1E2EABB9-24D4-4B80-81C3-4252D060C385} => pcalua.exe -a C:\Users\captn\Downloads\Programs\Acoustica-CD-Label-Maker-Installer.exe -d C:\Users\captn\AppData\Roaming\IDM
Task: {1A4B1354-9984-463A-9EAD-D56D4E83A6A5} - System32\Tasks\{7420596B-3FB1-4FA2-A530-6B9E972DA57A} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2014-07-22] (Adobe Systems Incorporated)
Task: {1A5EFEA7-5F6D-4ABC-A833-564D2A1D0C13} - System32\Tasks\EPSON XP-610 Series Invitation {BD54C694-6145-406F-9FC3-AF17894898FB} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [2015-01-18] (SEIKO EPSON CORPORATION)
Task: {1A8F7D1F-1815-4B9F-AB3D-A9920D2D94AE} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {24B258FE-709B-4F0A-803F-F8E2519B3DC8} - System32\Tasks\EPSON XP-610 Series Update {BD54C694-6145-406F-9FC3-AF17894898FB} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [2015-01-18] (SEIKO EPSON CORPORATION)
Task: {2CA03ECD-B3C5-4A03-A68F-969FFA98F6EE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {2D98304E-CC61-4431-BB39-1D5CF35DFDC6} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3127DE2E-3B21-439E-9529-FC1C97BDD9A7} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {31341C99-0B5A-4BB2-A750-455D61DCBF12} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-01-10] (Microsoft Corporation)
Task: {33393EBE-630F-4758-9E49-5223FF01D9EF} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {39866816-8518-48BC-BD19-11A4E273731F} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {39B67286-2494-48E8-857E-2BD0E925BBAA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {3A05610A-44F8-453E-8209-0C083E3B9AC5} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3D21A99A-98D9-4B68-A257-0F4AAC2EE9FD} - System32\Tasks\{41886BD4-9A63-4DDD-B5F6-8A3B87A1D7C3} => C:\Program Files (x86)\MovieTube\Popcorn-Time.exe
Task: {4809BD55-4E3C-47BB-9060-B79A432CFD19} - System32\Tasks\EPSON XP-610 Series Invitation {CE82A3A5-179B-4525-B15D-F942F262149C} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [2015-01-18] (SEIKO EPSON CORPORATION)
Task: {4D654884-C945-4C16-A66F-07E376D29F67} - System32\Tasks\{C354D2BB-060C-4644-A973-C9A88FD0014E} => C:\Program Files (x86)\AVS4YOU\AVSMediaPlayer\AVSMediaPlayer.exe [2016-10-10] (Online Media Technologies Ltd.)
Task: {4D97C53D-AE1E-476D-80FC-7394A6538666} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4EBD45FC-94D9-4823-9D25-FD13D9059E50} - System32\Tasks\RealDownloader Update Check => C:\program files (x86)\real\realplayer\RealDownloader\downloader2.exe
Task: {65847103-4B85-43E5-929E-630A08BC39A1} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-825610380-2903063623-3906473893-1001 => C:\program files (x86)\real\realplayer\RealDownloader\RealUpgrade.exe [2016-11-11] (RealNetworks, Inc.)
Task: {675EC1F7-102C-4AD9-A980-4573F78CCEC8} - System32\Tasks\EPSON XP-610 Series Update {9A3E648C-235D-4FDE-9FE3-401B1844CAF3} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [2015-01-18] (SEIKO EPSON CORPORATION)
Task: {683EA753-F52F-45B7-A237-06344B3F32BC} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {6F474BEB-30BB-4520-9230-21226CD92886} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {7040B899-6163-4B9C-8940-DAE158B103E7} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {74F446D4-DE1D-4593-9802-955342CA5778} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {7A57A806-3A92-4C04-9454-8721160C54A4} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {7C7981A9-EDDD-409D-993E-77144D262AE3} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {7F816984-9C57-4AFE-A955-7A1373854FD0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {81321251-5D22-4B40-8945-906D588D004D} - System32\Tasks\EPSON XP-610 Series Invitation {7B05363D-6601-4821-9E41-DF3D89B917AA} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [2015-01-18] (SEIKO EPSON CORPORATION)
Task: {85FC450D-08E0-420D-8DDF-0B0F1A9FAA54} - System32\Tasks\EPSON XP-610 Series Update {CA6E1FFC-03FC-469D-9C2D-90504A393527} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [2015-01-18] (SEIKO EPSON CORPORATION)
Task: {89030630-D623-4A98-A993-E0CC477E18FF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {89D9EB2D-CA88-4D18-A915-309576A43F84} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8EA6EA87-3FA9-4E6B-A04E-2A6BA57ECADE} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-825610380-2903063623-3906473893-1001 => C:\program files (x86)\real\realplayer\RealDownloader\RealUpgrade.exe [2016-11-11] (RealNetworks, Inc.)
Task: {8FB1037E-9A6E-40A0-8543-FF55DDF67FFE} - System32\Tasks\EPSON XP-610 Series Update {CE82A3A5-179B-4525-B15D-F942F262149C} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [2015-01-18] (SEIKO EPSON CORPORATION)
Task: {95A03CF4-143B-49FD-9B00-CC7C5B00612C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {A81B459A-9B6D-48DB-A25E-911FF2DE8604} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {AA15C374-3013-48F1-9C2A-FE136D8D7D9B} - System32\Tasks\DivXUpdate => C:\Program Files (x86)\Common Files\DivX Shared\DivX Update\DivXUpdate.exe [2016-12-15] (DivX, LLC)
Task: {AB82E4A4-1FA4-4A39-885A-C90798181E96} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {AED5007C-756B-4C8C-A795-35DB980CC1BA} - System32\Tasks\EPSON XP-610 Series Invitation {CA6E1FFC-03FC-469D-9C2D-90504A393527} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [2015-01-18] (SEIKO EPSON CORPORATION)
Task: {AF01CE0E-6F43-4F36-9634-8406DD2C28D3} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B2E0C34D-4AED-4DBB-A031-F4E3BB6931D8} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {B7F0C236-B4BC-453C-8717-938866B9F925} - System32\Tasks\EPSON XP-610 Series Invitation {9A3E648C-235D-4FDE-9FE3-401B1844CAF3} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [2015-01-18] (SEIKO EPSON CORPORATION)
Task: {B8C0C139-CBD1-4753-8FB5-F630594EC972} - System32\Tasks\{1ED9F9D1-E853-4397-A661-3FF6A0D84AF0} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2014-07-22] (Adobe Systems Incorporated)
Task: {C459F58F-63B8-49EE-9E41-F010FFEF4C32} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C6CF1881-53D1-44E4-B2DC-435D14F8D5B4} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {C8F42EF2-0F19-4E6E-8430-047408530456} - System32\Tasks\{2A1EE846-ABCA-432E-BD15-93D23C465BAE} => pcalua.exe -a F:\Auto.dat.exe -d F:\
Task: {D1A2782F-0394-45BF-B9FF-4211E1AEF68D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D256A57F-33EF-416C-9A03-CF8CE72ED961} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {D4FF1B46-E0BC-491B-8838-230359275DEA} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {D5225812-FC10-42D0-A8C9-21F75C670A66} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {D7FB9112-2A50-4658-B9F1-FCDE6004028A} - System32\Tasks\{26016F30-32D8-49EB-82CB-D4045E4091CA} => C:\Program Files (x86)\MovieTube\Popcorn-Time.exe
Task: {DB037B9F-ECD1-4791-9766-2609475C2D89} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-06] (Piriform Ltd)
Task: {DD24DED6-D044-43CD-9B4E-1567F6A1733F} - System32\Tasks\{CF111383-A915-4DE4-A368-0F3798E091E5} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2014-07-22] (Adobe Systems Incorporated)
Task: {E102B9E9-4737-4838-B6C3-FA37448CB8C8} - System32\Tasks\EPSON XP-610 Series Update {7B05363D-6601-4821-9E41-DF3D89B917AA} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [2015-01-18] (SEIKO EPSON CORPORATION)
Task: {E79F211E-D914-46A7-B58A-CFF40B95A446} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {EA7DAB26-077F-41BC-A5DA-1B3C5811BBBA} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FB66EBDF-FC6E-4E9D-A12E-0315B0AA0216} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {FE13A6AD-57CB-4CAD-9E81-28DC1B4C7429} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {FFA116DB-A5BD-4902-8FB9-A40ECA1E7FA7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\EPSON XP-610 Series Invitation {7B05363D-6601-4821-9E41-DF3D89B917AA}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-610 Series Invitation {9A3E648C-235D-4FDE-9FE3-401B1844CAF3}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-610 Series Invitation {BD54C694-6145-406F-9FC3-AF17894898FB}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-610 Series Invitation {CA6E1FFC-03FC-469D-9C2D-90504A393527}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-610 Series Invitation {CE82A3A5-179B-4525-B15D-F942F262149C}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-610 Series Update {7B05363D-6601-4821-9E41-DF3D89B917AA}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE :/EXE:{7B05363D-6601-4821-9E41-DF3D89B917AA} /F:Update  WORKGROUP\10CHOCTAW$ ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON XP-610 Series Update {9A3E648C-235D-4FDE-9FE3-401B1844CAF3}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE :/EXE:{9A3E648C-235D-4FDE-9FE3-401B1844CAF3} /F:Update  SYSTEM ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON XP-610 Series Update {BD54C694-6145-406F-9FC3-AF17894898FB}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE :/EXE:{BD54C694-6145-406F-9FC3-AF17894898FB} /F:Update  WORKGROUP\10CHOCTAW$ ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON XP-610 Series Update {CA6E1FFC-03FC-469D-9C2D-90504A393527}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE :/EXE:{CA6E1FFC-03FC-469D-9C2D-90504A393527} /F:Update  WORKGROUP\10CHOCTAW$ ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON XP-610 Series Update {CE82A3A5-179B-4525-B15D-F942F262149C}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE :/EXE:{CE82A3A5-179B-4525-B15D-F942F262149C} /F:Update  WORKGROUP\10CHOCTAW$ ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-11-11 12:52 - 2016-11-11 12:52 - 00035104 _____ () C:\program files (x86)\real\realplayer\UpdateService\RealPlayerUpdateSvc.exe
2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-13 20:47 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-12-13 20:47 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-05-27 14:50 - 2016-11-01 22:05 - 00401896 _____ () C:\WINDOWS\system32\igfxTray.exe
2016-12-13 20:47 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-12-14 23:37 - 2016-12-14 23:37 - 01678560 _____ () C:\Users\captn\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\amd64\ClientTelemetry.dll
2010-07-14 23:44 - 2010-07-14 23:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2016-09-24 04:53 - 2016-09-24 04:53 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-10 18:58 - 2016-12-21 02:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-10 18:57 - 2016-12-21 01:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-10 18:57 - 2016-12-21 01:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-10 18:57 - 2016-12-21 01:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-10 18:57 - 2016-12-21 01:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-10 18:57 - 2016-12-21 01:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-10 18:58 - 2016-12-21 01:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-12-13 22:40 - 2016-12-13 22:46 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-12-13 22:40 - 2016-12-13 22:46 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-12-13 22:40 - 2016-12-13 22:46 - 42130432 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-12-13 22:40 - 2016-12-13 22:41 - 02216448 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\roottools.dll
2016-08-15 19:15 - 2016-08-15 19:15 - 00897224 _____ () C:\Windows\SysWOW64\Codecs\TrayMenu.exe
2016-11-11 12:52 - 2016-11-11 12:52 - 00040248 _____ () C:\program files (x86)\real\realplayer\UpdateService\DL2UpdatePlugin.dll
2016-11-11 12:52 - 2016-11-11 12:52 - 00042296 _____ () C:\program files (x86)\real\realplayer\UpdateService\RealDownloaderUpdatePlugin.dll
2016-11-11 12:52 - 2016-11-11 12:52 - 00039752 _____ () C:\program files (x86)\real\realplayer\UpdateService\VideoDLUpdatePlugin.dll
2016-12-14 23:37 - 2016-12-14 23:37 - 01244376 _____ () C:\Users\captn\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\ClientTelemetry.dll
2016-11-30 02:28 - 2016-11-30 02:28 - 00101256 _____ () c:\program files (x86)\real\realplayer\CrashRpt\CrashRpt1402.dll
2016-12-02 20:59 - 2016-12-02 20:59 - 48920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2014-10-05 22:10 - 00000938 ___RA C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-825610380-2903063623-3906473893-1000\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\windows\img0.jpg
HKU\S-1-5-21-825610380-2903063623-3906473893-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\captn\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "DivXMediaServer"
HKU\S-1-5-21-825610380-2903063623-3906473893-1001\...\StartupApproved\Run: => "Plex Media Server"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [MSMQ-In-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => LPort=808
FirewallRules: [UDP Query User{FF697683-DD8E-4DEF-8FF0-1148F7CA69EB}C:\users\captn\desktop\channels\firetv build mk2\kodi.exe] => C:\users\captn\desktop\channels\firetv build mk2\kodi.exe
FirewallRules: [TCP Query User{361EB086-5616-4871-9F64-2A9493A6AF39}C:\users\captn\desktop\channels\firetv build mk2\kodi.exe] => C:\users\captn\desktop\channels\firetv build mk2\kodi.exe
FirewallRules: [UDP Query User{4C748C92-14A1-4788-A3F4-B2B7922D9CA2}C:\users\captn\desktop\channels\atmosphere sports build\kodi.exe] => C:\users\captn\desktop\channels\atmosphere sports build\kodi.exe
FirewallRules: [TCP Query User{4F8FB83E-EF71-42F5-B51F-ED06F6B13631}C:\users\captn\desktop\channels\atmosphere sports build\kodi.exe] => C:\users\captn\desktop\channels\atmosphere sports build\kodi.exe
FirewallRules: [UDP Query User{371732CA-BD65-4E99-A14C-EED6C5358201}C:\users\captn\desktop\channels\evolution\kodi.exe] => C:\users\captn\desktop\channels\evolution\kodi.exe
FirewallRules: [TCP Query User{3235116C-674A-48EA-882B-8F031A283D54}C:\users\captn\desktop\channels\evolution\kodi.exe] => C:\users\captn\desktop\channels\evolution\kodi.exe
FirewallRules: [UDP Query User{7AFB9F53-3788-4E02-B73C-DCF053FF329A}C:\users\captn\desktop\jmc build\kodi.exe] => C:\users\captn\desktop\jmc build\kodi.exe
FirewallRules: [TCP Query User{CC34D557-4748-4FC1-85F0-DA3CEA53EC7C}C:\users\captn\desktop\jmc build\kodi.exe] => C:\users\captn\desktop\jmc build\kodi.exe
FirewallRules: [UDP Query User{096D8C51-6B93-48C3-8C45-24D4FD775F85}C:\users\captn\desktop\hands on (touch)\kodi.exe] => C:\users\captn\desktop\hands on (touch)\kodi.exe
FirewallRules: [TCP Query User{613E7528-A63E-40BD-A3BF-4D36B9B0ABBB}C:\users\captn\desktop\hands on (touch)\kodi.exe] => C:\users\captn\desktop\hands on (touch)\kodi.exe
FirewallRules: [{8EB63F0F-A7E5-4362-81F5-24CECE9D79CC}] => C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
FirewallRules: [{96A908F9-D225-4A04-B8B5-4DD9ABAB352B}] => C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{ADD985C0-CCB5-47AE-B07F-C7495F51D48A}] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [UDP Query User{A42CA975-5342-4A03-A082-62E2888DC33E}C:\program files (x86)\kodi\kodi.exe] => C:\program files (x86)\kodi\kodi.exe
FirewallRules: [TCP Query User{6146891C-E7DB-46E2-B908-FF2450B7CFE2}C:\program files (x86)\kodi\kodi.exe] => C:\program files (x86)\kodi\kodi.exe
FirewallRules: [{A9A1E93F-B1D3-4C66-904F-C41390CF68CC}] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{51DDD360-1BCA-499A-B1F3-6EF20F2329DF}] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{80778715-01AC-48DD-B33B-A3D59FE634F8}] => C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{D68D6701-2511-4ADB-91B6-12AE83E56BF2}] => C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [UDP Query User{925D1C34-908F-467A-BAA9-0B2AA5201855}C:\program files (x86)\movietube\popcorn-time.exe] => C:\program files (x86)\movietube\popcorn-time.exe
FirewallRules: [TCP Query User{D7C82713-BF29-4AE2-9D02-3DE1887339F4}C:\program files (x86)\movietube\popcorn-time.exe] => C:\program files (x86)\movietube\popcorn-time.exe
FirewallRules: [{A73A9E1E-B7EE-4EF2-9BB6-031B54CCEF1F}] => LPort=1900
FirewallRules: [{AF1AC9AA-5672-426F-AC22-AA720867EA5E}] => LPort=2869
FirewallRules: [{7A661746-A4A5-46A3-9FD5-4858D52EC2D7}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{00789E70-B792-4358-9A76-56C147A3DBB2}] => C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{665C1980-E1E9-4282-B430-58AE0B71C2FF}] => C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [UDP Query User{E5B76295-8B65-4000-A9ED-F5DB606B2B19}C:\program files (x86)\videolan\vlc\vlc.exe] => C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{AB28798E-0386-4397-9EF2-4B49D3A63BA0}C:\program files (x86)\videolan\vlc\vlc.exe] => C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{64A632F8-6E86-4588-8556-4C09FCEC0315}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{25D8A8F9-0EA6-4026-9D17-C2648DF4790B}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{782A3FB2-AC22-4A29-ABDF-1C9E2E4C1974}] => C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{7F0E840A-0487-4339-8ACC-3DA2881A0C57}] => C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{2993BAEA-00D1-4974-85B7-CC8B5815B8DA}] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{A0AE5391-B065-48BF-8146-E4E14598EBFA}] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{72E3A154-FF22-4B9B-9841-587584A0ED23}] => C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{30B99B7A-42E6-4798-B0BB-E506CB1B3525}] => C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{C4CDB448-4761-4395-9FAB-48D43467DEB8}] => c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{957CCDBA-4CE4-4FDD-A635-6C825CC71B80}] => C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{CF3C0528-2034-4AAE-91A2-60DC4D803E23}] => C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{F3543C72-CFB1-4F2D-A44E-F4CBA22DDA76}] => C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{57B79761-E289-4E72-A45B-729DD463CBD6}] => C:\Program Files (x86)\AVG\Av\avgemca.exe

==================== Restore Points =========================

23-12-2016 21:31:14 Scheduled Checkpoint
01-01-2017 14:12:27 Scheduled Checkpoint
10-01-2017 16:08:23 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (01/15/2017 11:41:00 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.14393.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 21d0

Start Time: 01d26f4d568e0912

Termination Time: 7

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id: 6302af3b-db41-11e6-8e84-c03fd5421755

Faulting package full name:

Faulting package-relative application ID:

Error: (01/14/2017 08:02:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.14393.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2304

Start Time: 01d26ebd9e740bfe

Termination Time: 14

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id: 3d8184a1-dabe-11e6-8e84-c03fd5421755

Faulting package full name:

Faulting package-relative application ID:

Error: (01/14/2017 07:32:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.14393.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1264

Start Time: 01d26ea8eeea9c71

Termination Time: 32

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id: 1b2a6046-daba-11e6-8e84-c03fd5421755

Faulting package full name:

Faulting package-relative application ID:

Error: (01/14/2017 02:50:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 10.0.14393.479 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 17d4

Start Time: 01d26e9dfd765809

Termination Time: 0

Application Path: C:\Windows\explorer.exe

Report Id: a02b648c-da92-11e6-8e84-c03fd5421755

Faulting package full name:

Faulting package-relative application ID:

Error: (01/14/2017 02:39:37 PM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Enumerating user sessions to generate filter pools failed.

Details:
 (HRESULT : 0x80040210) (0x80040210)

Error: (01/14/2017 02:39:37 PM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Enumerating user sessions to generate filter pools failed.

Details:
 (HRESULT : 0x80040210) (0x80040210)

Error: (01/14/2017 02:39:37 PM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Enumerating user sessions to generate filter pools failed.

Details:
 (HRESULT : 0x80040210) (0x80040210)

Error: (01/14/2017 02:39:37 PM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Enumerating user sessions to generate filter pools failed.

Details:
 (HRESULT : 0x80040210) (0x80040210)

Error: (01/14/2017 02:39:37 PM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Enumerating user sessions to generate filter pools failed.

Details:
 (HRESULT : 0x80040210) (0x80040210)

Error: (01/14/2017 02:39:37 PM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Enumerating user sessions to generate filter pools failed.

Details:
 (HRESULT : 0x80040210) (0x80040210)

System errors:
=============
Error: (01/15/2017 11:29:24 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/15/2017 04:20:09 AM) (Source: DCOM) (EventID: 10010) (User: 10CHOCTAW)
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.

Error: (01/15/2017 04:20:09 AM) (Source: DCOM) (EventID: 10010) (User: 10CHOCTAW)
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.

Error: (01/15/2017 04:20:09 AM) (Source: DCOM) (EventID: 10010) (User: 10CHOCTAW)
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.

Error: (01/15/2017 04:20:09 AM) (Source: DCOM) (EventID: 10010) (User: 10CHOCTAW)
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.

Error: (01/15/2017 04:20:09 AM) (Source: DCOM) (EventID: 10010) (User: 10CHOCTAW)
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.

Error: (01/15/2017 04:20:09 AM) (Source: DCOM) (EventID: 10010) (User: 10CHOCTAW)
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.

Error: (01/15/2017 04:20:09 AM) (Source: DCOM) (EventID: 10010) (User: 10CHOCTAW)
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.

Error: (01/15/2017 04:20:08 AM) (Source: DCOM) (EventID: 10010) (User: 10CHOCTAW)
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.

Error: (01/15/2017 04:20:08 AM) (Source: DCOM) (EventID: 10010) (User: 10CHOCTAW)
Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.

CodeIntegrity:
===================================
  Date: 2017-01-15 02:43:40.786
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-15 02:43:39.194
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-15 02:43:26.027
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-15 02:43:23.796
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-15 02:43:23.706
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-15 02:43:23.600
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-15 02:43:16.932
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-14 14:43:07.759
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-14 14:43:05.641
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-14 14:42:45.812
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel® Core™ i5-4670K CPU @ 3.40GHz
Percentage of memory in use: 35%
Total physical RAM: 8015.21 MB
Available physical RAM: 5196.86 MB
Total Virtual: 16207.21 MB
Available Virtual: 13627.92 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1862.23 GB) (Free:1665.82 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 0B855EF6)
Partition 1: (Active) - (Size=356 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1862.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=449 MB) - (Type=27)

==================== End of Addition.txt ============================


  • 0

#4
Jr0x

Jr0x

    Malware removal team

  • Malware Removal
  • 1,830 posts
Hi jamally,

FRST.gifFix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste.
  • Save it on the desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.



Start
CreateRestorePoint:
CloseProcesses:

HKLM-x32\...\Run: [codec Settings UAC Manager] => C:\WINDOWS\SysWOW64\Codecs\CodecUACManager.exe [68904 2017-01-08] ()
GroupPolicyScripts: Restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.3.6.255\AVG Web TuneUp.dll => No File
U3 idsvc; no ImagePath
Task: {2CA03ECD-B3C5-4A03-A68F-969FFA98F6EE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {33393EBE-630F-4758-9E49-5223FF01D9EF} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {39B67286-2494-48E8-857E-2BD0E925BBAA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {6F474BEB-30BB-4520-9230-21226CD92886} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {7A57A806-3A92-4C04-9454-8721160C54A4} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {7F816984-9C57-4AFE-A955-7A1373854FD0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {95A03CF4-143B-49FD-9B00-CC7C5B00612C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {AB82E4A4-1FA4-4A39-885A-C90798181E96} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {B2E0C34D-4AED-4DBB-A031-F4E3BB6931D8} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {D4FF1B46-E0BC-491B-8838-230359275DEA} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {FFA116DB-A5BD-4902-8FB9-A40ECA1E7FA7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION


Emptytemp:
Hosts:
End
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.

Note: Your machine will reboot after the fix.


adwcleaner_new.png Scan with AdwCleaner

Download AdwCleaner from here or from here. Save the file to the Desktop.

Note: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.
  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:
    post-235300-0-92853400-1471390762_thumb.
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove. Please Do Not delete anything at this time.
  • Do not click the Cleaning button.
  • Click the Logfile button to get the log.
  • Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt.
  • Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.
In your next reply, please include the following:
  • FRST fixlog
  • AdwCleaner scan log

  • 0

#5
jamally

jamally

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts

hopefully correct :

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-01-2017
Ran by captn (16-01-2017 15:45:57) Run:2
Running from C:\Users\captn\Desktop
Loaded Profiles: UpdatusUser & captn (Available Profiles: UpdatusUser & captn & Administrator & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:

HKLM-x32\...\Run: [codec Settings UAC Manager] => C:\WINDOWS\SysWOW64\Codecs\CodecUACManager.exe [68904 2017-01-08] ()
GroupPolicyScripts: Restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.3.6.255\AVG Web TuneUp.dll => No File
U3 idsvc; no ImagePath
Task: {2CA03ECD-B3C5-4A03-A68F-969FFA98F6EE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {33393EBE-630F-4758-9E49-5223FF01D9EF} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {39B67286-2494-48E8-857E-2BD0E925BBAA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {6F474BEB-30BB-4520-9230-21226CD92886} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {7A57A806-3A92-4C04-9454-8721160C54A4} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {7F816984-9C57-4AFE-A955-7A1373854FD0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {95A03CF4-143B-49FD-9B00-CC7C5B00612C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {AB82E4A4-1FA4-4A39-885A-C90798181E96} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {B2E0C34D-4AED-4DBB-A031-F4E3BB6931D8} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {D4FF1B46-E0BC-491B-8838-230359275DEA} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {FFA116DB-A5BD-4902-8FB9-A40ECA1E7FA7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION

Emptytemp:
Hosts:
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\codec Settings UAC Manager => value not found.
"C:\WINDOWS\system32\GroupPolicy\Machine" => not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
idsvc => service not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2CA03ECD-B3C5-4A03-A68F-969FFA98F6EE} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{33393EBE-630F-4758-9E49-5223FF01D9EF} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{39B67286-2494-48E8-857E-2BD0E925BBAA} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F474BEB-30BB-4520-9230-21226CD92886} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A57A806-3A92-4C04-9454-8721160C54A4} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7F816984-9C57-4AFE-A955-7A1373854FD0} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{95A03CF4-143B-49FD-9B00-CC7C5B00612C} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AB82E4A4-1FA4-4A39-885A-C90798181E96} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B2E0C34D-4AED-4DBB-A031-F4E3BB6931D8} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D4FF1B46-E0BC-491B-8838-230359275DEA} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FFA116DB-A5BD-4902-8FB9-A40ECA1E7FA7} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key not found.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 15074572 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 1654 B
NetworkService => 0 B
UpdatusUser => 0 B
captn => 57306 B
Administrator => 0 B
DefaultAppPool => 0 B

RecycleBin => 108586 B
EmptyTemp: => 14.5 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 15:46:28 ====

 

 

 

# Username : captn - 10CHOCTAW
# Running from : C:\Users\captn\Downloads\adwcleaner_6.042.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support

 

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

File Found:  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackTrayMenu.lnk

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious keys found.

***** [ Shortcuts ] *****

No infected shortcut found.

# AdwCleaner v6.041 - Logfile created 02/01/2017 at 20:57:00
# Updated on 16/12/2016 by Malwarebytes
# Database : 2017-01-02.1 [Server]
# Operating System : Windows 10 Pro  (X64)
# Username : captn - 10CHOCTAW
# Running from : C:\Users\captn\Downloads\Programs\AdwCleaner_2.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support

 

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious keys found.

***** [ Shortcuts ] *****

No infected shortcut found.

***** [ Scheduled Tasks ] *****

No malicious task found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Web browsers ] *****

No malicious Firefox based browser items found.
No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [6059 Bytes] - [19/10/2016 21:19:59]
C:\AdwCleaner\AdwCleaner[C2].txt - [2094 Bytes] - [11/12/2016 02:59:51]
C:\AdwCleaner\AdwCleaner[C3].txt - [1393 Bytes] - [14/12/2016 03:54:39]
C:\AdwCleaner\AdwCleaner[C4].txt - [2022 Bytes] - [31/12/2016 23:19:44]
C:\AdwCleaner\AdwCleaner[S0].txt - [5582 Bytes] - [19/10/2016 21:18:35]
C:\AdwCleaner\AdwCleaner[S1].txt - [2138 Bytes] - [11/12/2016 02:58:31]
C:\AdwCleaner\AdwCleaner[S2].txt - [1517 Bytes] - [14/12/2016 03:54:12]
C:\AdwCleaner\AdwCleaner[S3].txt - [1588 Bytes] - [31/12/2016 23:14:01]
C:\AdwCleaner\AdwCleaner[S4].txt - [1581 Bytes] - [02/01/2017 20:57:00]


  • 0

#6
Jr0x

Jr0x

    Malware removal team

  • Malware Removal
  • 1,830 posts
Hi jamally,

I see that you have been using and running AdwCleaner for the past months. Do refrain from running and cleaning the machine unsupervised as it could cause more harm than you expected if not managed properly.

JRTbythisisu.png Fix with Junkware Removal Tool

Please download JRT by Thisisu and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Right-click on JRTbythisisu.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Follow the prompts and let this process run uninterrupted.
  • This scan can take a while, depending on your System specs.
  • Upon completion, a log (JRT.txt) will open on your desktop.
Please include the contents of that file in your reply.

Do not forget to re-enable your previously switched off protection software!
Please also manually reboot your machine after this procedure.


adwcleaner_new.pngRe-run AdwCleaner

Close all open windows and browsers.

Re-open AdwCleaner
  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  • Click the Scan button and wait for the scan to finish.
  • Everything left checked will be deleted.
  • Now click the Cleaning button.
  • Once done it will ask to reboot, allow this.
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C5].txt
FRST.gif Re-Scan with Farbar's Recovery Scan Tool (FRST)
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File).
  • Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • Because you selected the Addition.txt check box this log will be created as well. Please also paste that along with the FRST.txt into your reply.
In your next reply, please include the following:
  • JRT log
  • AdwCleaner clean log
  • FRST log
  • FRST Addition log

  • 0

#7
jamally

jamally

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts

here is the loggies...

 

Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Pro x64
Ran by captn (Administrator) on Tue 01/17/2017 at 22:30:51.63
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

File System: 1

Successfully deleted: C:\Users\captn\AppData\Local\crashrpt (Folder)

 

Registry: 0

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 01/17/2017 at 22:33:56.45
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-01-2017
Ran by captn (administrator) on 10CHOCTAW (17-01-2017 22:56:46)
Running from C:\Users\captn\Desktop
Loaded Profiles: UpdatusUser & captn (Available Profiles: UpdatusUser & captn & Administrator & DefaultAppPool)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
() C:\Program Files (x86)\Real\RealPlayer\UpdateService\RealPlayerUpdateSvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Internet Download Manager, Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\idmBroker.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(Insight Technology Ltd.) C:\Program Files\Commons\xplay.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
() C:\Program Files (x86)\Real\RealDownloader\downloader2.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealDownloader\realdownloader264.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-28] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [401896 2016-11-01] ()
HKLM-x32\...\Run: [USB3MON] => "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694040 2014-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LTCM Client] => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [2756864 2011-04-07] (Leader Technologies Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [1046496 2016-12-22] (DivX, LLC)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [352648 2016-11-30] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\Real\RealDownloader\downloader2.exe [730864 2016-12-13] ()
HKU\S-1-5-21-825610380-2903063623-3906473893-1000\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-21-825610380-2903063623-3906473893-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd)
HKU\S-1-5-21-825610380-2903063623-3906473893-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4015216 2016-12-15] (Tonec Inc.)
HKU\S-1-5-21-825610380-2903063623-3906473893-1001\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [6536008 2016-04-22] (Plex, Inc.)
HKU\S-1-5-21-825610380-2903063623-3906473893-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2017-01-10] (SUPERAntiSpyware)
HKU\S-1-5-21-825610380-2903063623-3906473893-1001\...\Run: [Codec Pack Update Checker] => "C:\WINDOWS\system32\Codecs\UpdateChecker.exe"
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2016-11-30]
ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\Users\captn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XPlay.lnk [2015-11-28]
ShortcutTarget: XPlay.lnk -> C:\Program Files\Commons\xplay.exe (Insight Technology Ltd.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{38993c19-1226-4d77-9c08-e6f1fe8b1104}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-825610380-2903063623-3906473893-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
SearchScopes: HKLM -> {7A1FE267-066C-4ACD-9F7A-3C8E54890A20} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {7A1FE267-066C-4ACD-9F7A-3C8E54890A20} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\program files (x86)\real\realplayer\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2016-11-11] (RealDownloader)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-21] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-21] (Oracle Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\program files (x86)\real\realplayer\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2016-11-11] (RealDownloader)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {95B5D20C-BD31-4489-8ABF-F8C8BE748463} hxxp://zone.msn.com/bingame/zpagames/zpa_hrtz.cab99160.cab
DPF: HKLM-x32 {9BDF4724-10AA-43D5-BD15-AEA0D2287303} hxxp://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab
DPF: HKLM-x32 {A4110378-789B-455F-AE86-3A1BFC402853} hxxp://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
DPF: HKLM-x32 {B8BE5E93-A60C-4D26-A2DC-220313175592} hxxp://zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: HKLM-x32 {CAC181B0-4D70-402D-B571-C596A47D0CE0} hxxp://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc.)

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2015-06-15] [not signed]
FF HKU\S-1-5-21-825610380-2903063623-3906473893-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-11-16]
FF HKU\S-1-5-21-825610380-2903063623-3906473893-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\captn\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\captn\AppData\Roaming\IDM\idmmzcc5 [2017-01-17] [not signed]
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-21] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-07-22] (Adobe Systems)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2016-12-23] (DivX, LLC)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-06-21] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-06-21] (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=18.1.6.161 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2016-11-30] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=18.1.6.161 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2016-11-30] (RealPlayer)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-07-22] (Adobe Systems)
FF Plugin HKU\S-1-5-21-825610380-2903063623-3906473893-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\captn\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-08-08] (Unity Technologies ApS)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-12-15]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-12-15]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-12-15]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [971160 2016-12-15] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5337600 2016-12-15] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1146128 2016-12-06] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [725976 2016-12-15] (AVG Technologies CZ, s.r.o.)
R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [676336 2015-06-25] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2016-11-01] (Intel Corporation)
R2 RealPlayerUpdateSvc; C:\program files (x86)\real\realplayer\UpdateService\RealPlayerUpdateSvc.exe [35104 2016-11-11] ()
R2 RealTimes Desktop Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [987408 2016-11-30] (RealNetworks, Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 Avgboota; C:\WINDOWS\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\WINDOWS\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdrivera.sys [312576 2016-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\WINDOWS\System32\DRIVERS\avgidsha.sys [267008 2016-10-05] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\WINDOWS\System32\DRIVERS\avgldx64.sys [298240 2016-11-30] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\WINDOWS\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\WINDOWS\System32\DRIVERS\avgmfx64.sys [254208 2016-09-26] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\WINDOWS\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.)
R0 Avguniva; C:\WINDOWS\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\WINDOWS\system32\DRIVERS\avgwfpa.sys [313096 2016-08-04] (AVG Technologies CZ, s.r.o.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 netr28x; C:\WINDOWS\System32\drivers\netr28x.sys [2504192 2016-07-16] (MediaTek Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-17 22:56 - 2017-01-17 22:57 - 00018876 _____ C:\Users\captn\Desktop\FRST.txt
2017-01-17 22:36 - 2017-01-17 22:36 - 00000000 ____D C:\Users\captn\AppData\Local\CrashRpt
2017-01-17 18:11 - 2017-01-17 22:33 - 00000625 _____ C:\Users\captn\Desktop\JRT.txt
2017-01-17 18:08 - 2017-01-17 18:08 - 01663040 _____ (Malwarebytes) C:\Users\captn\Desktop\JRT.exe
2017-01-16 15:45 - 2017-01-16 15:46 - 00006711 _____ C:\Users\captn\Desktop\Fixlog.txt
2017-01-16 15:41 - 2017-01-16 15:41 - 02419200 _____ (Farbar) C:\Users\captn\Desktop\FRST64.exe
2017-01-16 15:31 - 2017-01-16 15:31 - 00203344 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-13 00:18 - 2017-01-13 00:18 - 00000000 ____D C:\Program Files (x86)\ESET
2017-01-11 13:18 - 2017-01-11 13:18 - 00000215 _____ C:\Users\captn\Desktop\Google.url
2017-01-11 12:46 - 2016-12-22 18:13 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-01-11 12:46 - 2016-12-22 18:13 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-10 22:47 - 2017-01-17 22:56 - 00000000 ____D C:\FRST
2017-01-10 18:58 - 2016-12-21 03:08 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-01-10 18:58 - 2016-12-21 03:08 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-01-10 18:58 - 2016-12-21 03:04 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-01-10 18:58 - 2016-12-21 02:49 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-01-10 18:58 - 2016-12-21 02:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-01-10 18:58 - 2016-12-21 02:45 - 00153952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcmiplugin.dll
2017-01-10 18:58 - 2016-12-21 02:43 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-01-10 18:58 - 2016-12-21 02:43 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-01-10 18:58 - 2016-12-21 02:43 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-01-10 18:58 - 2016-12-21 02:43 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-01-10 18:58 - 2016-12-21 02:42 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-01-10 18:58 - 2016-12-21 02:42 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-01-10 18:58 - 2016-12-21 02:42 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-01-10 18:58 - 2016-12-21 02:42 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-01-10 18:58 - 2016-12-21 02:41 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-10 18:58 - 2016-12-21 02:37 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-01-10 18:58 - 2016-12-21 02:15 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-10 18:58 - 2016-12-21 02:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-01-10 18:58 - 2016-12-21 02:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-01-10 18:58 - 2016-12-21 02:09 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-01-10 18:58 - 2016-12-21 02:08 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-01-10 18:58 - 2016-12-21 02:08 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-01-10 18:58 - 2016-12-21 02:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-10 18:58 - 2016-12-21 02:08 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-01-10 18:58 - 2016-12-21 02:07 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-01-10 18:58 - 2016-12-21 02:06 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-01-10 18:58 - 2016-12-21 02:06 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-01-10 18:58 - 2016-12-21 02:06 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-01-10 18:58 - 2016-12-21 02:06 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-01-10 18:58 - 2016-12-21 02:05 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-01-10 18:58 - 2016-12-21 02:05 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-01-10 18:58 - 2016-12-21 02:05 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-01-10 18:58 - 2016-12-21 02:01 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-01-10 18:58 - 2016-12-21 02:00 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2017-01-10 18:58 - 2016-12-21 01:59 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-01-10 18:58 - 2016-12-21 01:59 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-01-10 18:58 - 2016-12-21 01:58 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-01-10 18:58 - 2016-12-21 01:57 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2017-01-10 18:58 - 2016-12-21 01:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-01-10 18:58 - 2016-12-21 01:56 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-01-10 18:58 - 2016-12-21 01:55 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-10 18:58 - 2016-12-21 01:55 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-01-10 18:58 - 2016-12-21 01:54 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2017-01-10 18:58 - 2016-12-21 01:53 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-01-10 18:58 - 2016-12-21 01:53 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-01-10 18:58 - 2016-12-21 01:51 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-01-10 18:58 - 2016-12-21 01:51 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-01-10 18:58 - 2016-12-21 01:50 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-01-10 18:58 - 2016-12-21 01:49 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-01-10 18:58 - 2016-12-21 01:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-01-10 18:58 - 2016-12-21 01:49 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-01-10 18:58 - 2016-12-21 01:47 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-01-10 18:58 - 2016-12-21 00:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2017-01-10 18:58 - 2016-12-21 00:09 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-01-10 18:58 - 2016-12-21 00:03 - 00136544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqmigplugin.dll
2017-01-10 18:58 - 2016-12-21 00:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-01-10 18:58 - 2016-12-21 00:02 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-01-10 18:58 - 2016-12-21 00:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-01-10 18:58 - 2016-12-21 00:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-01-10 18:58 - 2016-12-21 00:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-01-10 18:58 - 2016-12-21 00:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-01-10 18:58 - 2016-12-21 00:01 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-01-10 18:58 - 2016-12-20 23:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2017-01-10 18:58 - 2016-12-20 23:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-01-10 18:58 - 2016-12-20 23:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2017-01-10 18:58 - 2016-12-20 23:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-10 18:58 - 2016-12-20 23:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-01-10 18:58 - 2016-12-20 23:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2017-01-10 18:58 - 2016-12-20 23:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-01-10 18:58 - 2016-12-20 23:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-01-10 18:58 - 2016-12-20 23:39 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-01-10 18:58 - 2016-12-20 23:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-01-10 18:58 - 2016-12-20 23:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2017-01-10 18:58 - 2016-12-20 23:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-01-10 18:58 - 2016-12-20 23:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-01-10 18:58 - 2016-12-20 23:34 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-01-10 18:58 - 2016-12-20 23:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-01-10 18:58 - 2016-12-20 23:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-01-10 18:58 - 2016-12-20 23:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2017-01-10 18:58 - 2016-12-20 23:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-01-10 18:58 - 2016-12-20 23:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-01-10 18:58 - 2016-12-20 23:26 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2017-01-10 18:58 - 2016-12-20 23:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-01-10 18:58 - 2016-12-20 23:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-01-10 18:58 - 2016-12-20 23:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-01-10 18:58 - 2016-12-20 23:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-01-10 18:58 - 2016-12-14 00:41 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-01-10 18:58 - 2016-12-14 00:41 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-01-10 18:58 - 2016-12-14 00:34 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-01-10 18:58 - 2016-12-14 00:33 - 02169184 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-01-10 18:58 - 2016-12-14 00:33 - 01669984 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-01-10 18:58 - 2016-12-14 00:33 - 01400160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-01-10 18:58 - 2016-12-14 00:33 - 01356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-01-10 18:58 - 2016-12-14 00:33 - 01054048 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2017-01-10 18:58 - 2016-12-14 00:33 - 00992096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2017-01-10 18:58 - 2016-12-14 00:33 - 00822624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-01-10 18:58 - 2016-12-14 00:33 - 00813408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-01-10 18:58 - 2016-12-14 00:33 - 00779616 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2017-01-10 18:58 - 2016-12-14 00:33 - 00752992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-01-10 18:58 - 2016-12-14 00:33 - 00704352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-01-10 18:58 - 2016-12-14 00:33 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-01-10 18:58 - 2016-12-14 00:33 - 00571744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-01-10 18:58 - 2016-12-14 00:33 - 00513376 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2017-01-10 18:58 - 2016-12-14 00:33 - 00406368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-01-10 18:58 - 2016-12-14 00:33 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2017-01-10 18:58 - 2016-12-14 00:33 - 00190816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVDllSurrogate.exe
2017-01-10 18:58 - 2016-12-14 00:23 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-01-10 18:58 - 2016-12-14 00:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2017-01-10 18:58 - 2016-12-14 00:19 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-01-10 18:58 - 2016-12-14 00:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-01-10 18:58 - 2016-12-14 00:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-01-10 18:58 - 2016-12-14 00:17 - 00319288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-01-10 18:58 - 2016-12-14 00:14 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-01-10 18:58 - 2016-12-14 00:14 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2017-01-10 18:58 - 2016-12-14 00:14 - 00089416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-01-10 18:58 - 2016-12-14 00:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-01-10 18:58 - 2016-12-14 00:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2017-01-10 18:58 - 2016-12-14 00:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2017-01-10 18:58 - 2016-12-13 23:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-01-10 18:58 - 2016-12-13 23:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-01-10 18:58 - 2016-12-13 23:46 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-01-10 18:58 - 2016-12-13 23:43 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-01-10 18:58 - 2016-12-13 23:42 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-01-10 18:58 - 2016-12-13 23:42 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-01-10 18:58 - 2016-12-13 23:42 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-10 18:58 - 2016-12-13 23:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-01-10 18:58 - 2016-12-13 23:41 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-01-10 18:58 - 2016-12-13 23:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-01-10 18:58 - 2016-12-13 23:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-01-10 18:58 - 2016-12-13 23:40 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-01-10 18:58 - 2016-12-13 23:39 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-01-10 18:58 - 2016-12-13 23:39 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-01-10 18:58 - 2016-12-13 23:39 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-01-10 18:58 - 2016-12-13 23:38 - 17188864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-01-10 18:58 - 2016-12-13 23:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-01-10 18:58 - 2016-12-13 23:38 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-01-10 18:58 - 2016-12-13 23:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
2017-01-10 18:58 - 2016-12-13 23:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-01-10 18:58 - 2016-12-13 23:36 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-01-10 18:58 - 2016-12-13 23:36 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-01-10 18:58 - 2016-12-13 23:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-01-10 18:58 - 2016-12-13 23:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-01-10 18:58 - 2016-12-13 23:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-01-10 18:58 - 2016-12-13 23:35 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-01-10 18:58 - 2016-12-13 23:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2017-01-10 18:58 - 2016-12-13 23:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-01-10 18:58 - 2016-12-13 23:26 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-01-10 18:58 - 2016-12-13 23:26 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-01-10 18:58 - 2016-12-13 23:25 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2017-01-10 18:58 - 2016-12-13 23:24 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2017-01-10 18:58 - 2016-12-13 23:24 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-01-10 18:58 - 2016-12-13 23:23 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-01-10 18:58 - 2016-12-13 23:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-01-10 18:58 - 2016-12-13 23:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2017-01-10 18:58 - 2016-12-13 23:22 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-01-10 18:58 - 2016-12-13 23:22 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-01-10 18:58 - 2016-12-13 23:22 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-01-10 18:58 - 2016-12-13 23:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-01-10 18:58 - 2016-11-02 07:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-01-10 18:58 - 2016-11-02 06:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-01-10 18:58 - 2016-11-02 05:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-01-10 18:58 - 2016-11-02 05:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-01-10 18:58 - 2016-11-02 05:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-01-10 18:58 - 2016-08-01 23:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-01-10 18:57 - 2016-12-21 02:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-01-10 18:57 - 2016-12-21 02:13 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2017-01-10 18:57 - 2016-12-21 02:12 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2017-01-10 18:57 - 2016-12-21 02:10 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2017-01-10 18:57 - 2016-12-21 02:08 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-01-10 18:57 - 2016-12-21 02:08 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-01-10 18:57 - 2016-12-21 01:53 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-01-10 18:57 - 2016-12-21 01:51 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-01-10 18:57 - 2016-12-20 23:24 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-01-10 18:57 - 2016-12-20 23:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-01-10 18:57 - 2016-12-20 23:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-01-10 18:57 - 2016-12-20 23:22 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-01-10 18:57 - 2016-12-14 00:26 - 01469792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-01-10 18:57 - 2016-12-14 00:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-01-10 18:57 - 2016-12-14 00:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-01-10 18:57 - 2016-12-13 23:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-01-10 18:57 - 2016-12-13 23:40 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2017-01-10 18:57 - 2016-12-13 23:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-10 18:57 - 2016-12-13 23:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2017-01-10 18:57 - 2016-12-13 23:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-01-10 18:57 - 2016-12-13 23:22 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-01-10 18:19 - 2017-01-10 18:19 - 00000000 ____D C:\WINDOWS\SysWOW64\Codecs
2017-01-10 18:19 - 2017-01-10 18:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player - Codec Pack
2017-01-08 17:08 - 2017-01-08 17:08 - 00055480 _____ C:\WINDOWS\SysWOW64\DiscHandler.exe
2017-01-08 01:18 - 2017-01-08 01:18 - 00000026 _____ C:\Users\captn\dancehall.txt
2017-01-06 19:59 - 2017-01-07 00:59 - 00002567 _____ C:\Users\captn\piccolo's letter.txt
2016-12-31 16:42 - 2016-12-31 22:49 - 00000939 _____ C:\WINDOWS\Tasks\EPSON XP-610 Series Update {CA6E1FFC-03FC-469D-9C2D-90504A393527}.job
2016-12-31 16:42 - 2016-12-31 22:49 - 00000939 _____ C:\WINDOWS\Tasks\EPSON XP-610 Series Update {7B05363D-6601-4821-9E41-DF3D89B917AA}.job
2016-12-31 16:42 - 2016-12-31 22:49 - 00000753 _____ C:\WINDOWS\Tasks\EPSON XP-610 Series Invitation {CA6E1FFC-03FC-469D-9C2D-90504A393527}.job
2016-12-31 16:42 - 2016-12-31 22:49 - 00000753 _____ C:\WINDOWS\Tasks\EPSON XP-610 Series Invitation {7B05363D-6601-4821-9E41-DF3D89B917AA}.job
2016-12-31 16:42 - 2016-12-31 16:42 - 00004136 _____ C:\WINDOWS\System32\Tasks\EPSON XP-610 Series Update {CA6E1FFC-03FC-469D-9C2D-90504A393527}
2016-12-31 16:42 - 2016-12-31 16:42 - 00004136 _____ C:\WINDOWS\System32\Tasks\EPSON XP-610 Series Update {7B05363D-6601-4821-9E41-DF3D89B917AA}
2016-12-31 16:42 - 2016-12-31 16:42 - 00003958 _____ C:\WINDOWS\System32\Tasks\EPSON XP-610 Series Invitation {CA6E1FFC-03FC-469D-9C2D-90504A393527}
2016-12-31 16:42 - 2016-12-31 16:42 - 00003958 _____ C:\WINDOWS\System32\Tasks\EPSON XP-610 Series Invitation {7B05363D-6601-4821-9E41-DF3D89B917AA}

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-17 22:53 - 2016-12-11 16:08 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-01-17 22:53 - 2015-09-28 18:49 - 00000000 __SHD C:\Users\captn\IntelGraphicsProfiles
2017-01-17 22:49 - 2016-09-24 01:02 - 02854034 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-17 22:45 - 2016-09-24 01:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-17 22:45 - 2013-11-19 06:26 - 00000000 ____D C:\ProgramData\NVIDIA
2017-01-17 22:44 - 2016-10-19 20:00 - 00000000 ____D C:\AdwCleaner
2017-01-17 22:44 - 2016-07-16 01:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-01-17 22:31 - 2014-05-07 23:19 - 00000000 ____D C:\ProgramData\MFAData
2017-01-17 17:59 - 2014-05-09 00:49 - 00000000 ____D C:\Users\captn\Downloads\Video
2017-01-17 17:42 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2017-01-17 16:51 - 2016-09-24 00:57 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-17 15:17 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-17 15:17 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-17 04:36 - 2014-05-09 00:49 - 00000000 ____D C:\Users\captn\AppData\Roaming\DMCache
2017-01-17 00:47 - 2016-09-24 01:21 - 00003668 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task
2017-01-16 21:19 - 2014-10-07 16:45 - 00000000 ____D C:\Users\captn\Desktop\Security Tools
2017-01-16 16:25 - 2014-05-09 00:49 - 00000000 ____D C:\Users\captn\AppData\Roaming\IDM
2017-01-16 15:26 - 2014-06-19 13:20 - 00000000 ____D C:\Users\captn\AppData\LocalLow\Temp
2017-01-16 15:26 - 2009-07-13 22:20 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-01-13 19:22 - 2015-09-07 21:00 - 00000000 ____D C:\ProgramData\DivX
2017-01-13 04:22 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF
2017-01-12 22:36 - 2015-05-27 22:24 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-01-12 18:52 - 2015-09-26 17:49 - 00000000 ____D C:\Users\captn\Desktop\DivX
2017-01-12 18:52 - 2015-09-07 21:07 - 00000000 ____D C:\Program Files (x86)\DivX
2017-01-12 18:51 - 2016-09-24 01:21 - 00003708 _____ C:\WINDOWS\System32\Tasks\DivXUpdate
2017-01-12 18:51 - 2015-09-07 21:08 - 00000000 ____D C:\Users\captn\AppData\Roaming\DivX
2017-01-12 18:51 - 2015-09-07 21:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2017-01-12 18:15 - 2015-11-04 19:46 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-12 18:03 - 2016-07-16 01:04 - 00008192 _____ C:\WINDOWS\system32\config\ELAM
2017-01-12 01:34 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\rescache
2017-01-11 12:50 - 2015-09-10 00:44 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-11 04:05 - 2016-07-16 06:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-11 04:05 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-01-11 04:05 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-11 04:05 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-01-11 04:05 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-01-11 04:05 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-01-11 03:32 - 2014-05-07 23:50 - 00000000 ____D C:\Users\captn\AppData\Roaming\vlc
2017-01-10 21:47 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-01-10 20:46 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-10 20:41 - 2014-05-18 21:24 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-10 20:39 - 2014-05-18 21:24 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-10 18:35 - 2016-09-24 01:21 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-01-10 18:21 - 2016-10-23 21:05 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-01-10 01:54 - 2016-05-08 18:53 - 00000000 ____D C:\Users\captn\AppData\Roaming\Kodi
2017-01-08 19:29 - 2014-08-16 17:23 - 00000000 ____D C:\Users\captn\Desktop\Avs
2017-01-08 01:18 - 2016-09-24 01:03 - 00000000 ____D C:\Users\captn
2017-01-02 21:27 - 2015-10-24 19:05 - 00001009 _____ C:\Users\Public\Desktop\AVG Protection.lnk
2017-01-02 21:27 - 2015-03-25 13:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-01-01 13:57 - 2014-12-01 01:19 - 00001104 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2017-01-01 13:57 - 2014-12-01 01:19 - 00001092 _____ C:\Users\Public\Desktop\paint.net.lnk
2017-01-01 13:57 - 2014-08-11 23:03 - 00000000 ____D C:\Program Files\paint.net
2016-12-31 16:42 - 2009-07-13 22:20 - 00000000 ____D C:\WINDOWS\Tasks
2016-12-30 02:53 - 2016-09-24 01:03 - 00000000 ____D C:\Users\Administrator\AppData\Local\Temp
2016-12-25 21:40 - 2014-05-09 21:11 - 00000000 ____D C:\Users\captn\AppData\Local\Diagnostics
2016-12-24 17:12 - 2016-09-24 01:03 - 00000000 ____D C:\Users\captn\AppData\Local\Microsoft
2016-12-18 15:41 - 2014-05-09 00:49 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager

==================== Files in the root of some directories =======

2015-08-12 21:18 - 2015-08-12 21:18 - 0023069 _____ () C:\Users\captn\AppData\Local\recently-used.xbel
2016-05-16 22:09 - 2016-05-16 22:09 - 0000017 _____ () C:\Users\captn\AppData\Local\resmon.resmoncfg
2014-06-03 01:56 - 2014-06-03 01:58 - 0001217 _____ () C:\ProgramData\RUNDLL32.EXE-1788-F.txt
2014-06-03 22:12 - 2014-06-03 22:13 - 0000113 _____ () C:\ProgramData\RUNDLL32.EXE-2416-F.txt
2014-06-03 22:15 - 2014-06-03 22:19 - 0000627 _____ () C:\ProgramData\RUNDLL32.EXE-2432-F.txt
2014-06-04 14:01 - 2014-06-04 14:01 - 0000246 _____ () C:\ProgramData\RUNDLL32.EXE-2504-F.txt
2014-06-04 14:10 - 2014-06-04 14:14 - 0002256 _____ () C:\ProgramData\RUNDLL32.EXE-2592-F.txt
2014-06-04 14:18 - 2014-06-04 14:20 - 0001134 _____ () C:\ProgramData\RUNDLL32.EXE-2616-F.txt
2014-06-04 14:16 - 2014-06-04 14:16 - 0000241 _____ () C:\ProgramData\RUNDLL32.EXE-2724-F.txt
2014-06-04 14:07 - 2014-06-04 14:08 - 0000555 _____ () C:\ProgramData\RUNDLL32.EXE-2736-F.txt
2014-06-04 14:04 - 2014-06-04 14:05 - 0000607 _____ () C:\ProgramData\RUNDLL32.EXE-2812-F.txt
2014-06-03 22:09 - 2014-06-03 22:09 - 0000620 _____ () C:\ProgramData\RUNDLL32.EXE-3060-F.txt

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-12 01:32

==================== End of FRST.txt ===

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2017
Ran by captn (17-01-2017 22:57:42)
Running from C:\Users\captn\Desktop
Windows 10 Pro Version 1607 (X64) (2016-09-24 06:26:08)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-825610380-2903063623-3906473893-500 - Administrator - Enabled) => C:\Users\Administrator
captn (S-1-5-21-825610380-2903063623-3906473893-1001 - Administrator - Enabled) => C:\Users\captn
DefaultAccount (S-1-5-21-825610380-2903063623-3906473893-503 - Limited - Disabled)
Guest (S-1-5-21-825610380-2903063623-3906473893-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-825610380-2903063623-3906473893-1003 - Limited - Enabled)
UpdatusUser (S-1-5-21-825610380-2903063623-3906473893-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acoustica CD/DVD Label Maker (HKLM-x32\...\Acoustica CD/DVD Label Maker) (Version:  - )
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20053 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.7.1.418 - Adobe Systems Incorporated)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
AVG (Version: 16.141.7996 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4749 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.141.7996 - AVG Technologies)
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.3.6.255 - AVG Technologies)
AVS Audio Editor 7.3 (HKLM-x32\...\AVS Audio Editor_is1) (Version: 7.3.1.493 - Online Media Technologies Ltd.)
AVS Media Player 4.3.3 (HKLM-x32\...\AVS Media Player_is1) (Version: 4.3.3.117 - Online Media Technologies Ltd.)
AVS Video Converter 9.4.1 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: 9.4.1.594 - Online Media Technologies Ltd.)
Belarc Advisor 8.5c (HKLM-x32\...\Belarc Advisor) (Version: 8.5.3.0 - Belarc Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6452 - CDBurnerXP)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DivX Setup (HKLM\...\DivX Setup) (Version: 3.0.0.141 - DivX, LLC)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
EPSON Connect version 1.0 (HKLM-x32\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)
Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.80.0000 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.44.00 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{7BAC3F7A-B963-468E-982E-B5608A87408D}) (Version: 4.4.4 - SEIKO EPSON CORPORATION)
EPSON XP-610 Series Printer Uninstall (HKLM\...\EPSON XP-610 Series) (Version:  - SEIKO EPSON Corporation)
EPSON XP-610 User’s Guide version 1.0 (HKLM-x32\...\UsersGuideEPSON XP-610 User’s Guide_is1) (Version: 1.0 - )
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
FastStone Capture 8.4 (HKLM-x32\...\FastStone Capture) (Version: 8.4 - FastStone Soft)
FastStone Image Viewer 5.3 (HKLM-x32\...\FastStone Image Viewer) (Version: 5.3 - FastStone Soft)
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version:  - FileHippo.com)
FMW 1 (Version: 1.143.3 - AVG Technologies) Hidden
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.1.28 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Kodi (HKU\S-1-5-21-825610380-2903063623-3906473893-1001\...\Kodi) (Version:  - XBMC-Foundation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LTCM Client (HKLM-x32\...\{B38E9B55-7136-4E66-A084-320512FF3F6F}) (Version: 1.20.3792 - Leader Technologies Inc)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MaxiLink2 (HKLM-x32\...\InstallShield_{9D35B3CD-A04D-43BB-8BE5-E932A31F0575}) (Version: 1.11.42 - Autel)
MaxiLink2 (x32 Version: 1.11.42 - Autel) Hidden
Media Player Codec Pack 4.4.3 (HKLM-x32\...\Media Player - Codec Pack) (Version: 4.4.3 - Media Player Codec Pack)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-825610380-2903063623-3906473893-1001\...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
NVIDIA 3D Vision Controller Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 320.49 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 320.49 - NVIDIA Corporation)
NVIDIA Graphics Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.49 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.24.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.24.2 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0604 - NVIDIA Corporation)
paint.net (HKLM\...\{6AC1101E-7561-43C9-BEEA-4AB1D220D8FF}) (Version: 4.0.13 - dotPDN LLC)
Plex Media Server (HKLM-x32\...\{4083e0fa-f188-4146-a257-61608ff30764}) (Version: 0.9.1606 - Plex, Inc.)
Plex Media Server (x32 Version: 0.9.1606 - Plex, Inc.) Hidden
RealDownloader (x32 Version: 18.1.6.161 - RealNetworks, Inc.) Hidden
RealDownloader (x32 Version: 18.1.6.165 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (RealTimes) (HKLM-x32\...\RealPlayer 18.1) (Version: 18.1.6 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Shark007 STANDARD Codecs (HKLM-x32\...\{898E81AD-6DB9-4750-866B-B8958C5DC7AA}) (Version: 3.3.4 - Shark007)
Shark007 STANDARD x64Components (HKLM\...\STANDARD x64Components_is1) (Version: 3.3.4 - Shark007)
STREaM! version 0.25 (HKLM-x32\...\{3D6A45B2-E535-4AEF-8D24-399EB6BF56F4}_is1) (Version: 0.25 - AidyMatic!)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1228 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Unity Web Player (HKU\S-1-5-21-825610380-2903063623-3906473893-1001\...\UnityWebPlayer) (Version: 4.5.3f3 - Unity Technologies ApS)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
vc2012_redist (x32 Version: 1.0.0.0 - Realnetworks) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Video Downloader (x32 Version: 1.3.0 - RealNetworks) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
vs2015_redist x86 (x32 Version: 1.0.0.0 - Realnetworks) Hidden
Windows 7 Upgrade Advisor (HKLM-x32\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08433F5F-8142-46A4-81B8-EC305F5F08DD} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0B1483C0-B46E-498B-88F5-DCC4DB82FE8F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-21] (Adobe Systems Incorporated)
Task: {11369B6B-1266-47E6-8A9E-C7D28A2C4E1F} - System32\Tasks\{36150F81-E723-457C-9453-AFB02FD1A80C} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2014-07-22] (Adobe Systems Incorporated)
Task: {14C3C173-1097-4F68-AE05-0C88AB5F2077} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {17A2B5C2-C12D-4D45-B220-D01C158B3E84} - System32\Tasks\{1E2EABB9-24D4-4B80-81C3-4252D060C385} => pcalua.exe -a C:\Users\captn\Downloads\Programs\Acoustica-CD-Label-Maker-Installer.exe -d C:\Users\captn\AppData\Roaming\IDM
Task: {1A4B1354-9984-463A-9EAD-D56D4E83A6A5} - System32\Tasks\{7420596B-3FB1-4FA2-A530-6B9E972DA57A} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2014-07-22] (Adobe Systems Incorporated)
Task: {1A5EFEA7-5F6D-4ABC-A833-564D2A1D0C13} - System32\Tasks\EPSON XP-610 Series Invitation {BD54C694-6145-406F-9FC3-AF17894898FB} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [2015-01-18] (SEIKO EPSON CORPORATION)
Task: {1A8F7D1F-1815-4B9F-AB3D-A9920D2D94AE} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {24B258FE-709B-4F0A-803F-F8E2519B3DC8} - System32\Tasks\EPSON XP-610 Series Update {BD54C694-6145-406F-9FC3-AF17894898FB} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [2015-01-18] (SEIKO EPSON CORPORATION)
Task: {2D98304E-CC61-4431-BB39-1D5CF35DFDC6} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3127DE2E-3B21-439E-9529-FC1C97BDD9A7} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {31341C99-0B5A-4BB2-A750-455D61DCBF12} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-01-10] (Microsoft Corporation)
Task: {39866816-8518-48BC-BD19-11A4E273731F} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3A05610A-44F8-453E-8209-0C083E3B9AC5} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3D21A99A-98D9-4B68-A257-0F4AAC2EE9FD} - System32\Tasks\{41886BD4-9A63-4DDD-B5F6-8A3B87A1D7C3} => C:\Program Files (x86)\MovieTube\Popcorn-Time.exe
Task: {4809BD55-4E3C-47BB-9060-B79A432CFD19} - System32\Tasks\EPSON XP-610 Series Invitation {CE82A3A5-179B-4525-B15D-F942F262149C} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [2015-01-18] (SEIKO EPSON CORPORATION)
Task: {4D654884-C945-4C16-A66F-07E376D29F67} - System32\Tasks\{C354D2BB-060C-4644-A973-C9A88FD0014E} => C:\Program Files (x86)\AVS4YOU\AVSMediaPlayer\AVSMediaPlayer.exe [2016-10-10] (Online Media Technologies Ltd.)
Task: {4D97C53D-AE1E-476D-80FC-7394A6538666} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4EBD45FC-94D9-4823-9D25-FD13D9059E50} - System32\Tasks\RealDownloader Update Check => C:\program files (x86)\real\realplayer\RealDownloader\downloader2.exe
Task: {65847103-4B85-43E5-929E-630A08BC39A1} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-825610380-2903063623-3906473893-1001 => C:\program files (x86)\real\realplayer\RealDownloader\RealUpgrade.exe [2016-11-11] (RealNetworks, Inc.)
Task: {675EC1F7-102C-4AD9-A980-4573F78CCEC8} - System32\Tasks\EPSON XP-610 Series Update {9A3E648C-235D-4FDE-9FE3-401B1844CAF3} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [2015-01-18] (SEIKO EPSON CORPORATION)
Task: {683EA753-F52F-45B7-A237-06344B3F32BC} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {7040B899-6163-4B9C-8940-DAE158B103E7} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {74F446D4-DE1D-4593-9802-955342CA5778} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {7C7981A9-EDDD-409D-993E-77144D262AE3} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {81321251-5D22-4B40-8945-906D588D004D} - System32\Tasks\EPSON XP-610 Series Invitation {7B05363D-6601-4821-9E41-DF3D89B917AA} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [2015-01-18] (SEIKO EPSON CORPORATION)
Task: {85FC450D-08E0-420D-8DDF-0B0F1A9FAA54} - System32\Tasks\EPSON XP-610 Series Update {CA6E1FFC-03FC-469D-9C2D-90504A393527} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [2015-01-18] (SEIKO EPSON CORPORATION)
Task: {89030630-D623-4A98-A993-E0CC477E18FF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {89D9EB2D-CA88-4D18-A915-309576A43F84} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8EA6EA87-3FA9-4E6B-A04E-2A6BA57ECADE} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-825610380-2903063623-3906473893-1001 => C:\program files (x86)\real\realplayer\RealDownloader\RealUpgrade.exe [2016-11-11] (RealNetworks, Inc.)
Task: {8FB1037E-9A6E-40A0-8543-FF55DDF67FFE} - System32\Tasks\EPSON XP-610 Series Update {CE82A3A5-179B-4525-B15D-F942F262149C} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [2015-01-18] (SEIKO EPSON CORPORATION)
Task: {A81B459A-9B6D-48DB-A25E-911FF2DE8604} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {AA15C374-3013-48F1-9C2A-FE136D8D7D9B} - System32\Tasks\DivXUpdate => C:\Program Files (x86)\Common Files\DivX Shared\DivX Update\DivXUpdate.exe [2016-12-15] (DivX, LLC)
Task: {AED5007C-756B-4C8C-A795-35DB980CC1BA} - System32\Tasks\EPSON XP-610 Series Invitation {CA6E1FFC-03FC-469D-9C2D-90504A393527} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [2015-01-18] (SEIKO EPSON CORPORATION)
Task: {AF01CE0E-6F43-4F36-9634-8406DD2C28D3} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B7F0C236-B4BC-453C-8717-938866B9F925} - System32\Tasks\EPSON XP-610 Series Invitation {9A3E648C-235D-4FDE-9FE3-401B1844CAF3} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [2015-01-18] (SEIKO EPSON CORPORATION)
Task: {B8C0C139-CBD1-4753-8FB5-F630594EC972} - System32\Tasks\{1ED9F9D1-E853-4397-A661-3FF6A0D84AF0} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2014-07-22] (Adobe Systems Incorporated)
Task: {C459F58F-63B8-49EE-9E41-F010FFEF4C32} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C6CF1881-53D1-44E4-B2DC-435D14F8D5B4} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {C8F42EF2-0F19-4E6E-8430-047408530456} - System32\Tasks\{2A1EE846-ABCA-432E-BD15-93D23C465BAE} => pcalua.exe -a F:\Auto.dat.exe -d F:\
Task: {D1A2782F-0394-45BF-B9FF-4211E1AEF68D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D256A57F-33EF-416C-9A03-CF8CE72ED961} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {D5225812-FC10-42D0-A8C9-21F75C670A66} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {D7FB9112-2A50-4658-B9F1-FCDE6004028A} - System32\Tasks\{26016F30-32D8-49EB-82CB-D4045E4091CA} => C:\Program Files (x86)\MovieTube\Popcorn-Time.exe
Task: {DB037B9F-ECD1-4791-9766-2609475C2D89} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-06] (Piriform Ltd)
Task: {DD24DED6-D044-43CD-9B4E-1567F6A1733F} - System32\Tasks\{CF111383-A915-4DE4-A368-0F3798E091E5} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2014-07-22] (Adobe Systems Incorporated)
Task: {E102B9E9-4737-4838-B6C3-FA37448CB8C8} - System32\Tasks\EPSON XP-610 Series Update {7B05363D-6601-4821-9E41-DF3D89B917AA} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [2015-01-18] (SEIKO EPSON CORPORATION)
Task: {E79F211E-D914-46A7-B58A-CFF40B95A446} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {EA7DAB26-077F-41BC-A5DA-1B3C5811BBBA} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FB66EBDF-FC6E-4E9D-A12E-0315B0AA0216} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {FE13A6AD-57CB-4CAD-9E81-28DC1B4C7429} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\EPSON XP-610 Series Invitation {7B05363D-6601-4821-9E41-DF3D89B917AA}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-610 Series Invitation {9A3E648C-235D-4FDE-9FE3-401B1844CAF3}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-610 Series Invitation {BD54C694-6145-406F-9FC3-AF17894898FB}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-610 Series Invitation {CA6E1FFC-03FC-469D-9C2D-90504A393527}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-610 Series Invitation {CE82A3A5-179B-4525-B15D-F942F262149C}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-610 Series Update {7B05363D-6601-4821-9E41-DF3D89B917AA}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE :/EXE:{7B05363D-6601-4821-9E41-DF3D89B917AA} /F:Update  WORKGROUP\10CHOCTAW$ ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON XP-610 Series Update {9A3E648C-235D-4FDE-9FE3-401B1844CAF3}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE :/EXE:{9A3E648C-235D-4FDE-9FE3-401B1844CAF3} /F:Update  SYSTEM ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON XP-610 Series Update {BD54C694-6145-406F-9FC3-AF17894898FB}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE :/EXE:{BD54C694-6145-406F-9FC3-AF17894898FB} /F:Update  WORKGROUP\10CHOCTAW$ ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON XP-610 Series Update {CA6E1FFC-03FC-469D-9C2D-90504A393527}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE :/EXE:{CA6E1FFC-03FC-469D-9C2D-90504A393527} /F:Update  WORKGROUP\10CHOCTAW$ ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON XP-610 Series Update {CE82A3A5-179B-4525-B15D-F942F262149C}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE :/EXE:{CE82A3A5-179B-4525-B15D-F942F262149C} /F:Update  WORKGROUP\10CHOCTAW$ ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-13 20:47 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-11-11 12:52 - 2016-11-11 12:52 - 00035104 _____ () C:\program files (x86)\real\realplayer\UpdateService\RealPlayerUpdateSvc.exe
2016-12-13 20:47 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-12-14 23:37 - 2016-12-14 23:37 - 01678560 _____ () C:\Users\captn\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\amd64\ClientTelemetry.dll
2016-05-27 14:50 - 2016-11-01 22:05 - 00401896 _____ () C:\WINDOWS\system32\igfxTray.exe
2016-09-24 04:53 - 2016-09-24 04:53 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-10 18:58 - 2016-12-21 02:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-10 18:57 - 2016-12-21 01:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-10 18:57 - 2016-12-21 01:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-10 18:57 - 2016-12-21 01:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-10 18:57 - 2016-12-21 01:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-10 18:57 - 2016-12-21 01:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-10 18:58 - 2016-12-21 01:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-12-13 22:40 - 2016-12-13 22:46 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-12-13 22:40 - 2016-12-13 22:46 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-12-13 22:40 - 2016-12-13 22:46 - 42130432 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-12-13 22:40 - 2016-12-13 22:41 - 02216448 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\roottools.dll
2016-12-13 13:50 - 2016-12-13 13:50 - 00730864 _____ () C:\Program Files (x86)\Real\RealDownloader\downloader2.exe
2017-01-10 18:58 - 2016-12-21 01:47 - 00114176 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Dss.BackgroundTask.dll
2017-01-10 18:58 - 2016-12-21 01:47 - 00115712 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\DeviceSideServicesActionUriHandler.dll
2017-01-10 18:58 - 2016-12-21 01:47 - 00522752 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.NodeWinrtWrap.dll
2016-07-16 06:43 - 2016-07-16 09:28 - 00040448 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\winrt-projections\bin\Winrt_Projections.node
2016-07-16 06:43 - 2016-07-16 09:27 - 00813056 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http\bin\NodeRT_Windows_Web_Http.node
2016-07-16 06:43 - 2016-07-16 09:28 - 00963584 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.headers\bin\NodeRT_Windows_Web_Http_Headers.node
2016-07-16 06:43 - 2016-07-16 09:28 - 00249344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.filters\bin\NodeRT_Windows_Web_Http_Filters.node
2016-07-16 06:43 - 2016-07-16 09:28 - 00572416 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.storage.streams\bin\NodeRT_Windows_Storage_Streams.node
2016-07-16 06:43 - 2016-07-16 09:28 - 00403968 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.foundation\bin\NodeRT_Windows_Foundation.node
2016-07-16 06:43 - 2016-07-16 09:27 - 00183296 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\nodert-buffer-utils\bin\NodeRT_Buffer_Utils.node
2016-07-16 06:43 - 2016-07-16 09:27 - 00288256 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.cortana.pal\bin\NodeRT_Windows_Cortana_PAL.node
2016-12-13 22:42 - 2016-12-13 22:42 - 00055808 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11610.1001.23.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll
2016-11-11 12:52 - 2016-11-11 12:52 - 00040248 _____ () C:\program files (x86)\real\realplayer\UpdateService\DL2UpdatePlugin.dll
2016-11-11 12:52 - 2016-11-11 12:52 - 00042296 _____ () C:\program files (x86)\real\realplayer\UpdateService\RealDownloaderUpdatePlugin.dll
2016-11-11 12:52 - 2016-11-11 12:52 - 00039752 _____ () C:\program files (x86)\real\realplayer\UpdateService\VideoDLUpdatePlugin.dll
2016-12-14 23:37 - 2016-12-14 23:37 - 01244376 _____ () C:\Users\captn\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\ClientTelemetry.dll
2016-11-30 02:28 - 2016-11-30 02:28 - 00101256 _____ () c:\program files (x86)\real\realplayer\CrashRpt\CrashRpt1402.dll
2016-12-02 20:59 - 2016-12-02 20:59 - 48920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2017-01-16 15:46 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-825610380-2903063623-3906473893-1000\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\windows\img0.jpg
HKU\S-1-5-21-825610380-2903063623-3906473893-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\captn\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "DivXMediaServer"
HKU\S-1-5-21-825610380-2903063623-3906473893-1001\...\StartupApproved\Run: => "Plex Media Server"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [MSMQ-In-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => LPort=808
FirewallRules: [UDP Query User{FF697683-DD8E-4DEF-8FF0-1148F7CA69EB}C:\users\captn\desktop\channels\firetv build mk2\kodi.exe] => C:\users\captn\desktop\channels\firetv build mk2\kodi.exe
FirewallRules: [TCP Query User{361EB086-5616-4871-9F64-2A9493A6AF39}C:\users\captn\desktop\channels\firetv build mk2\kodi.exe] => C:\users\captn\desktop\channels\firetv build mk2\kodi.exe
FirewallRules: [UDP Query User{4C748C92-14A1-4788-A3F4-B2B7922D9CA2}C:\users\captn\desktop\channels\atmosphere sports build\kodi.exe] => C:\users\captn\desktop\channels\atmosphere sports build\kodi.exe
FirewallRules: [TCP Query User{4F8FB83E-EF71-42F5-B51F-ED06F6B13631}C:\users\captn\desktop\channels\atmosphere sports build\kodi.exe] => C:\users\captn\desktop\channels\atmosphere sports build\kodi.exe
FirewallRules: [UDP Query User{371732CA-BD65-4E99-A14C-EED6C5358201}C:\users\captn\desktop\channels\evolution\kodi.exe] => C:\users\captn\desktop\channels\evolution\kodi.exe
FirewallRules: [TCP Query User{3235116C-674A-48EA-882B-8F031A283D54}C:\users\captn\desktop\channels\evolution\kodi.exe] => C:\users\captn\desktop\channels\evolution\kodi.exe
FirewallRules: [UDP Query User{7AFB9F53-3788-4E02-B73C-DCF053FF329A}C:\users\captn\desktop\jmc build\kodi.exe] => C:\users\captn\desktop\jmc build\kodi.exe
FirewallRules: [TCP Query User{CC34D557-4748-4FC1-85F0-DA3CEA53EC7C}C:\users\captn\desktop\jmc build\kodi.exe] => C:\users\captn\desktop\jmc build\kodi.exe
FirewallRules: [UDP Query User{096D8C51-6B93-48C3-8C45-24D4FD775F85}C:\users\captn\desktop\hands on (touch)\kodi.exe] => C:\users\captn\desktop\hands on (touch)\kodi.exe
FirewallRules: [TCP Query User{613E7528-A63E-40BD-A3BF-4D36B9B0ABBB}C:\users\captn\desktop\hands on (touch)\kodi.exe] => C:\users\captn\desktop\hands on (touch)\kodi.exe
FirewallRules: [{8EB63F0F-A7E5-4362-81F5-24CECE9D79CC}] => C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
FirewallRules: [{96A908F9-D225-4A04-B8B5-4DD9ABAB352B}] => C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{ADD985C0-CCB5-47AE-B07F-C7495F51D48A}] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [UDP Query User{A42CA975-5342-4A03-A082-62E2888DC33E}C:\program files (x86)\kodi\kodi.exe] => C:\program files (x86)\kodi\kodi.exe
FirewallRules: [TCP Query User{6146891C-E7DB-46E2-B908-FF2450B7CFE2}C:\program files (x86)\kodi\kodi.exe] => C:\program files (x86)\kodi\kodi.exe
FirewallRules: [{A9A1E93F-B1D3-4C66-904F-C41390CF68CC}] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{51DDD360-1BCA-499A-B1F3-6EF20F2329DF}] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{80778715-01AC-48DD-B33B-A3D59FE634F8}] => C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{D68D6701-2511-4ADB-91B6-12AE83E56BF2}] => C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [UDP Query User{925D1C34-908F-467A-BAA9-0B2AA5201855}C:\program files (x86)\movietube\popcorn-time.exe] => C:\program files (x86)\movietube\popcorn-time.exe
FirewallRules: [TCP Query User{D7C82713-BF29-4AE2-9D02-3DE1887339F4}C:\program files (x86)\movietube\popcorn-time.exe] => C:\program files (x86)\movietube\popcorn-time.exe
FirewallRules: [{A73A9E1E-B7EE-4EF2-9BB6-031B54CCEF1F}] => LPort=1900
FirewallRules: [{AF1AC9AA-5672-426F-AC22-AA720867EA5E}] => LPort=2869
FirewallRules: [{7A661746-A4A5-46A3-9FD5-4858D52EC2D7}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{00789E70-B792-4358-9A76-56C147A3DBB2}] => C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{665C1980-E1E9-4282-B430-58AE0B71C2FF}] => C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [UDP Query User{E5B76295-8B65-4000-A9ED-F5DB606B2B19}C:\program files (x86)\videolan\vlc\vlc.exe] => C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [TCP Query User{AB28798E-0386-4397-9EF2-4B49D3A63BA0}C:\program files (x86)\videolan\vlc\vlc.exe] => C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{64A632F8-6E86-4588-8556-4C09FCEC0315}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{25D8A8F9-0EA6-4026-9D17-C2648DF4790B}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{782A3FB2-AC22-4A29-ABDF-1C9E2E4C1974}] => C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{7F0E840A-0487-4339-8ACC-3DA2881A0C57}] => C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{2993BAEA-00D1-4974-85B7-CC8B5815B8DA}] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{A0AE5391-B065-48BF-8146-E4E14598EBFA}] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{72E3A154-FF22-4B9B-9841-587584A0ED23}] => C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{30B99B7A-42E6-4798-B0BB-E506CB1B3525}] => C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{C4CDB448-4761-4395-9FAB-48D43467DEB8}] => c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{957CCDBA-4CE4-4FDD-A635-6C825CC71B80}] => C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{CF3C0528-2034-4AAE-91A2-60DC4D803E23}] => C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{F3543C72-CFB1-4F2D-A44E-F4CBA22DDA76}] => C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{57B79761-E289-4E72-A45B-729DD463CBD6}] => C:\Program Files (x86)\AVG\Av\avgemca.exe

==================== Restore Points =========================

01-01-2017 14:12:27 Scheduled Checkpoint
10-01-2017 16:08:23 Scheduled Checkpoint
17-01-2017 18:09:36 JRT Pre-Junkware Removal
17-01-2017 22:30:52 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (01/17/2017 10:31:03 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (01/17/2017 06:09:45 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (01/17/2017 06:03:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.14393.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 3294

Start Time: 01d27108b84956ff

Termination Time: 7

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id: 2efb9237-dd09-11e6-8e86-c03fd5421755

Faulting package full name:

Faulting package-relative application ID:

Error: (01/17/2017 05:06:56 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (01/17/2017 03:11:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SSUPDATE64.EXE, version: 1.0.0.1080, time stamp: 0x53d80800
Faulting module name: SSUPDATE64.EXE, version: 1.0.0.1080, time stamp: 0x53d80800
Exception code: 0xc0000005
Fault offset: 0x0000000000024ac0
Faulting process id: 0x11d0
Faulting application start time: 0x01d270fde3697f85
Faulting application path: C:\Program Files\SUPERAntiSpyware\SSUPDATE64.EXE
Faulting module path: C:\Program Files\SUPERAntiSpyware\SSUPDATE64.EXE
Report Id: 1e5d36d3-4ad4-44cc-be8e-39062553ff90
Faulting package full name:
Faulting package-relative application ID:

Error: (01/17/2017 01:54:12 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program MicrosoftEdgeCP.exe version 11.0.14393.82 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1ea4

Start Time: 01d27089ce291609

Termination Time: 9

Application Path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

Report Id: be17bfae-dc81-11e6-8e86-c03fd5421755

Faulting package full name: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe

Faulting package-relative application ID: MicrosoftEdge

Error: (01/17/2017 01:33:27 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program MicrosoftEdgeCP.exe version 11.0.14393.82 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2120

Start Time: 01d2708b7670dfbd

Termination Time: 7

Application Path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

Report Id: d88465e5-dc7e-11e6-8e86-c03fd5421755

Faulting package full name: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe

Faulting package-relative application ID: MicrosoftEdge

Error: (01/17/2017 01:32:23 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program MicrosoftEdgeCP.exe version 11.0.14393.82 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 28e8

Start Time: 01d2708b5065f993

Termination Time: 3

Application Path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

Report Id: b245227b-dc7e-11e6-8e86-c03fd5421755

Faulting package full name: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe

Faulting package-relative application ID: MicrosoftEdge

Error: (01/17/2017 01:31:19 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program MicrosoftEdgeCP.exe version 11.0.14393.82 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 858

Start Time: 01d2708ad609ba91

Termination Time: 3

Application Path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

Report Id: 8c37d610-dc7e-11e6-8e86-c03fd5421755

Faulting package full name: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe

Faulting package-relative application ID: MicrosoftEdge

Error: (01/17/2017 01:22:45 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program MicrosoftEdgeCP.exe version 11.0.14393.82 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 960

Start Time: 01d27089ce2bdb9e

Termination Time: 8

Application Path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

Report Id: 59bc7724-dc7d-11e6-8e86-c03fd5421755

Faulting package full name: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe

Faulting package-relative application ID: MicrosoftEdge

System errors:
=============
Error: (01/17/2017 10:53:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/17/2017 10:45:38 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (01/17/2017 10:44:44 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
Access is denied.

Error: (01/17/2017 10:44:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (01/17/2017 10:44:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (01/17/2017 10:44:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Update Service Daemon service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/17/2017 10:44:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Message Queuing service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (01/17/2017 10:44:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The RealTimes Desktop Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/17/2017 10:44:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The RealPlayer Update Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/17/2017 10:44:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Epson Scanner Service service terminated unexpectedly.  It has done this 1 time(s).

CodeIntegrity:
===================================
  Date: 2017-01-17 22:45:41.001
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\msvcp140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-17 22:45:40.999
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-17 22:45:40.998
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-17 22:45:40.337
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\msvcp140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-17 22:45:40.283
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-17 22:45:40.283
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-17 22:45:39.364
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-17 22:35:55.064
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\msvcp140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-17 22:35:55.061
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-17 22:35:55.061
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume2\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel® Core™ i5-4670K CPU @ 3.40GHz
Percentage of memory in use: 31%
Total physical RAM: 8015.21 MB
Available physical RAM: 5467.34 MB
Total Virtual: 16207.21 MB
Available Virtual: 13934.46 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1862.23 GB) (Free:1653.69 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 0B855EF6)
Partition 1: (Active) - (Size=356 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1862.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=449 MB) - (Type=27)

==================== End of Addition.txt

 

# Username : captn - 10CHOCTAW
# Running from : C:\Users\captn\Downloads\adwcleaner_6.042.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support

 

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

File Found:  C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackTrayMenu.lnk

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious keys found.

***** [ Shortcuts ] *****

No infected shortcut found.

# AdwCleaner v6.041 - Logfile created 02/01/2017 at 20:57:00
# Updated on 16/12/2016 by Malwarebytes
# Database : 2017-01-02.1 [Server]
# Operating System : Windows 10 Pro  (X64)
# Username : captn - 10CHOCTAW
# Running from : C:\Users\captn\Downloads\Programs\AdwCleaner_2.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support

 

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious keys found.

***** [ Shortcuts ] *****

No infected shortcut found.

***** [ Scheduled Tasks ] *****

No malicious task found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Web browsers ] *****

No malicious Firefox based browser items found.
No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [6059 Bytes] - [19/10/2016 21:19:59]
C:\AdwCleaner\AdwCleaner[C2].txt - [2094 Bytes] - [11/12/2016 02:59:51]
C:\AdwCleaner\AdwCleaner[C3].txt - [1393 Bytes] - [14/12/2016 03:54:39]
C:\AdwCleaner\AdwCleaner[C4].txt - [2022 Bytes] - [31/12/2016 23:19:44]
C:\AdwCleaner\AdwCleaner[S0].txt - [5582 Bytes] - [19/10/2016 21:18:35]
C:\AdwCleaner\AdwCleaner[S1].txt - [2138 Bytes] - [11/12/2016 02:58:31]
C:\AdwCleaner\AdwCleaner[S2].txt - [1517 Bytes] - [14/12/2016 03:54:12]
C:\AdwCleaner\AdwCleaner[S3].txt - [1588 Bytes] - [31/12/2016 23:14:01]
C:\AdwCleaner\AdwCleaner[S4].txt - [1581 Bytes] - [02/01/2017 20:57:00]


  • 0

#8
Jr0x

Jr0x

    Malware removal team

  • Malware Removal
  • 1,830 posts

Hi jamally,

You ran the scan mode instead of the clean mode for AdwCleaner. Please follow my previous instruction carefully and paste the clean mode log in your next reply.


JHlUMFt.png Malwarebytes Anti-Malware

  • Download Malwarebytes Anti-Malware to your Desktop
  • Double click the file to open it. Install the program. This will upgrade your Malwarebytes from V2.2 to V3
  • Follow the instruction given on screen.
  • Once installed, launch MalwareBytes from your Desktop.
  • Click Settings>Protection
  • Make sure that "scan for rootkits" box under Scan Options are checked
    0zTZMPO.png
  • Go back to Dashboard and click the big, blue Scan Now button.
  • Wait for Malwarebytes Anti-Malware to finish the scan
  • If the program will detect anything, click Remove Selected. The program might want to reboot the system. Allow it it wants to.
  • Once the deletion is done (or after reboot), go to Reports, select the latest Scan Log.
  • Click View Report, then click Export then click Copy to Clipboard.
  • Paste (CTRL+V) the log into your next reply.

Scan with ESET Online Scanner

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit ESET Online Scanner website.
Click Scan Now.

  • Download esetonlinescanner_enu.exe that you'll be given link to.
  • Double click esetonlinescanner_enu.exe.
  • Accept the Terms of Use

To perform the scan:

  • Make sure that Enable detection of potentially unwanted applications is selected.
  • In the Advanced Settings dropdown menu:
    • Enable detection of potentially unsafe applications are checked.
    • Enable detection of suspicious applications are checked.
    • Enable Anti-Stealth technology are checked.
    • Scan archives is checked.
    • Make sure that Clean threats automatically is unchecked.
    • Use custom proxy settings is unchecked.
  • Click Scan
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When the scan is done results will be displayed. Click the Copy to clipboard.
  • When completed it'll show a list of "Threats found", click beneath it on Save to text file.... and save it as ESET log.txt on your Desktop.
  • Then click Do not clean. Place a checkmark at Delete application's data on close, click Finish and close the program.

Please include this logfile in your next reply.
Don't forget to re-enable previously switched-off protection software!
 
 
In your next reply, please include the following:

  • AdwCleaner Clean Mode log
  • Malwarebytes log
  • ESET log
  • And please let me know how is your machine running now? Is there still any freezing occurring on your browser?
     

  • 0

#9
jamally

jamally

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
here we go..... I will try for 24 hrs and get back to you....

adw:
# AdwCleaner v6.042 - Logfile created 18/01/2017 at 20:18:00
# Updated on 06/01/2017 by Malwarebytes
# Database : 2017-01-18.1 [Server]
# Operating System : Windows 10 Pro (X64)
# Username : captn - 10CHOCTAW
# Running from : C:\Users\captn\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****



***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****



***** [ Web browsers ] *****



*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [6059 Bytes] - [19/10/2016 21:19:59]
C:\AdwCleaner\AdwCleaner[C2].txt - [2094 Bytes] - [11/12/2016 02:59:51]
C:\AdwCleaner\AdwCleaner[C3].txt - [1393 Bytes] - [14/12/2016 03:54:39]
C:\AdwCleaner\AdwCleaner[C4].txt - [2022 Bytes] - [31/12/2016 23:19:44]
C:\AdwCleaner\AdwCleaner[C5].txt - [2276 Bytes] - [17/01/2017 22:44:32]
C:\AdwCleaner\AdwCleaner[C6].txt - [1109 Bytes] - [18/01/2017 20:18:00]
C:\AdwCleaner\AdwCleaner[S0].txt - [5582 Bytes] - [19/10/2016 21:18:35]
C:\AdwCleaner\AdwCleaner[S1].txt - [2138 Bytes] - [11/12/2016 02:58:31]
C:\AdwCleaner\AdwCleaner[S2].txt - [1517 Bytes] - [14/12/2016 03:54:12]
C:\AdwCleaner\AdwCleaner[S3].txt - [1588 Bytes] - [31/12/2016 23:14:01]
C:\AdwCleaner\AdwCleaner[S4].txt - [1733 Bytes] - [02/01/2017 20:57:00]
C:\AdwCleaner\AdwCleaner[S5].txt - [2431 Bytes] - [16/01/2017 16:01:21]
C:\AdwCleaner\AdwCleaner[S6].txt - [2333 Bytes] - [17/01/2017 22:43:42]
C:\AdwCleaner\AdwCleaner[S7].txt - [2012 Bytes] - [18/01/2017 20:17:46]

########## EOF - C:\AdwCleaner\AdwCleaner[C6].txt - [1766 Bytes] ##########

ESET:

C:\Users\captn\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.05\agent\stub_data\stubinst_pkg_en-us.cab a variant of Win32/RealNetworks.A potentially unwanted application
C:\Users\captn\Documents\My Filehippo Downloads\cdbxp_setup_4.5.5.5642.exe a variant of Win32/OpenCandy.A potentially unsafe application
C:\Users\captn\Downloads\Compressed\SopCast.zip a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Users\captn\Downloads\Programs\ccsetup519.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\captn\Downloads\Programs\ccsetup521.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\captn\Downloads\Programs\ccsetup522.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\captn\Downloads\Programs\ccsetup523.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\captn\Downloads\Programs\ccsetup524.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\captn\Downloads\Programs\ccsetup525.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\captn\Downloads\Programs\cdbxp_setup_4.5.6.6059.exe a variant of Win32/OpenCandy.A potentially unsafe application
C:\Users\captn\Downloads\Programs\epson15731.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application

Malw:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-01-2017
Ran by captn (administrator) on 10CHOCTAW (17-01-2017 22:56:46)
Running from C:\Users\captn\Desktop
Loaded Profiles: UpdatusUser & captn (Available Profiles: UpdatusUser & captn & Administrator & DefaultAppPool)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvca.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
() C:\Program Files (x86)\Real\RealPlayer\UpdateService\RealPlayerUpdateSvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
(Internet Download Manager, Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\idmBroker.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(Insight Technology Ltd.) C:\Program Files\Commons\xplay.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
() C:\Program Files (x86)\Real\RealDownloader\downloader2.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealDownloader\realdownloader264.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-28] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [401896 2016-11-01] ()
HKLM-x32\...\Run: [USB3MON] => "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694040 2014-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LTCM Client] => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [2756864 2011-04-07] (Leader Technologies Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [1046496 2016-12-22] (DivX, LLC)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [352648 2016-11-30] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\Real\RealDownloader\downloader2.exe [730864 2016-12-13] ()
HKU\S-1-5-21-825610380-2903063623-3906473893-1000\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-21-825610380-2903063623-3906473893-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9288408 2016-12-06] (Piriform Ltd)
HKU\S-1-5-21-825610380-2903063623-3906473893-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4015216 2016-12-15] (Tonec Inc.)
HKU\S-1-5-21-825610380-2903063623-3906473893-1001\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [6536008 2016-04-22] (Plex, Inc.)
HKU\S-1-5-21-825610380-2903063623-3906473893-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2017-01-10] (SUPERAntiSpyware)
HKU\S-1-5-21-825610380-2903063623-3906473893-1001\...\Run: [Codec Pack Update Checker] => "C:\WINDOWS\system32\Codecs\UpdateChecker.exe"
ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2015-08-14] (Tonec Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2016-11-30]
ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\Users\captn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XPlay.lnk [2015-11-28]
ShortcutTarget: XPlay.lnk -> C:\Program Files\Commons\xplay.exe (Insight Technology Ltd.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{38993c19-1226-4d77-9c08-e6f1fe8b1104}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-825610380-2903063623-3906473893-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
SearchScopes: HKLM -> {7A1FE267-066C-4ACD-9F7A-3C8E54890A20} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {7A1FE267-066C-4ACD-9F7A-3C8E54890A20} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\program files (x86)\real\realplayer\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2016-11-11] (RealDownloader)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-21] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-21] (Oracle Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2016-12-10] (Internet Download Manager, Tonec Inc.)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\program files (x86)\real\realplayer\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2016-11-11] (RealDownloader)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {95B5D20C-BD31-4489-8ABF-F8C8BE748463} hxxp://zone.msn.com/bingame/zpagames/zpa_hrtz.cab99160.cab
DPF: HKLM-x32 {9BDF4724-10AA-43D5-BD15-AEA0D2287303} hxxp://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab
DPF: HKLM-x32 {A4110378-789B-455F-AE86-3A1BFC402853} hxxp://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
DPF: HKLM-x32 {B8BE5E93-A60C-4D26-A2DC-220313175592} hxxp://zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: HKLM-x32 {CAC181B0-4D70-402D-B571-C596A47D0CE0} hxxp://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc.)

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2015-06-15] [not signed]
FF HKU\S-1-5-21-825610380-2903063623-3906473893-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016-11-16]
FF HKU\S-1-5-21-825610380-2903063623-3906473893-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\captn\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\captn\AppData\Roaming\IDM\idmmzcc5 [2017-01-17] [not signed]
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-21] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2014-07-22] (Adobe Systems)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2016-12-23] (DivX, LLC)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-06-21] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-06-21] (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=18.1.6.161 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2016-11-30] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=18.1.6.161 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2016-11-30] (RealPlayer)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2014-07-22] (Adobe Systems)
FF Plugin HKU\S-1-5-21-825610380-2903063623-3906473893-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\captn\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-08-08] (Unity Technologies ApS)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-12-15]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-12-15]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2016-12-15]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [971160 2016-12-15] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5337600 2016-12-15] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1146128 2016-12-06] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [725976 2016-12-15] (AVG Technologies CZ, s.r.o.)
R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [676336 2015-06-25] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2016-11-01] (Intel Corporation)
R2 RealPlayerUpdateSvc; C:\program files (x86)\real\realplayer\UpdateService\RealPlayerUpdateSvc.exe [35104 2016-11-11] ()
R2 RealTimes Desktop Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [987408 2016-11-30] (RealNetworks, Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 Avgboota; C:\WINDOWS\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\WINDOWS\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdrivera.sys [312576 2016-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\WINDOWS\System32\DRIVERS\avgidsha.sys [267008 2016-10-05] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\WINDOWS\System32\DRIVERS\avgldx64.sys [298240 2016-11-30] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\WINDOWS\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\WINDOWS\System32\DRIVERS\avgmfx64.sys [254208 2016-09-26] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\WINDOWS\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.)
R0 Avguniva; C:\WINDOWS\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\WINDOWS\system32\DRIVERS\avgwfpa.sys [313096 2016-08-04] (AVG Technologies CZ, s.r.o.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 netr28x; C:\WINDOWS\System32\drivers\netr28x.sys [2504192 2016-07-16] (MediaTek Inc.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-17 22:56 - 2017-01-17 22:57 - 00018876 _____ C:\Users\captn\Desktop\FRST.txt
2017-01-17 22:36 - 2017-01-17 22:36 - 00000000 ____D C:\Users\captn\AppData\Local\CrashRpt
2017-01-17 18:11 - 2017-01-17 22:33 - 00000625 _____ C:\Users\captn\Desktop\JRT.txt
2017-01-17 18:08 - 2017-01-17 18:08 - 01663040 _____ (Malwarebytes) C:\Users\captn\Desktop\JRT.exe
2017-01-16 15:45 - 2017-01-16 15:46 - 00006711 _____ C:\Users\captn\Desktop\Fixlog.txt
2017-01-16 15:41 - 2017-01-16 15:41 - 02419200 _____ (Farbar) C:\Users\captn\Desktop\FRST64.exe
2017-01-16 15:31 - 2017-01-16 15:31 - 00203344 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-13 00:18 - 2017-01-13 00:18 - 00000000 ____D C:\Program Files (x86)\ESET
2017-01-11 13:18 - 2017-01-11 13:18 - 00000215 _____ C:\Users\captn\Desktop\Google.url
2017-01-11 12:46 - 2016-12-22 18:13 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-01-11 12:46 - 2016-12-22 18:13 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-10 22:47 - 2017-01-17 22:56 - 00000000 ____D C:\FRST
2017-01-10 18:58 - 2016-12-21 03:08 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-01-10 18:58 - 2016-12-21 03:08 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-01-10 18:58 - 2016-12-21 03:04 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-01-10 18:58 - 2016-12-21 02:49 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-01-10 18:58 - 2016-12-21 02:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-01-10 18:58 - 2016-12-21 02:45 - 00153952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcmiplugin.dll
2017-01-10 18:58 - 2016-12-21 02:43 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-01-10 18:58 - 2016-12-21 02:43 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-01-10 18:58 - 2016-12-21 02:43 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-01-10 18:58 - 2016-12-21 02:43 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-01-10 18:58 - 2016-12-21 02:42 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-01-10 18:58 - 2016-12-21 02:42 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-01-10 18:58 - 2016-12-21 02:42 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-01-10 18:58 - 2016-12-21 02:42 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-01-10 18:58 - 2016-12-21 02:41 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-10 18:58 - 2016-12-21 02:37 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-01-10 18:58 - 2016-12-21 02:15 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-10 18:58 - 2016-12-21 02:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-01-10 18:58 - 2016-12-21 02:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-01-10 18:58 - 2016-12-21 02:09 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-01-10 18:58 - 2016-12-21 02:08 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-01-10 18:58 - 2016-12-21 02:08 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-01-10 18:58 - 2016-12-21 02:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-10 18:58 - 2016-12-21 02:08 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-01-10 18:58 - 2016-12-21 02:07 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-01-10 18:58 - 2016-12-21 02:06 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-01-10 18:58 - 2016-12-21 02:06 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-01-10 18:58 - 2016-12-21 02:06 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-01-10 18:58 - 2016-12-21 02:06 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-01-10 18:58 - 2016-12-21 02:05 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-01-10 18:58 - 2016-12-21 02:05 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-01-10 18:58 - 2016-12-21 02:05 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-01-10 18:58 - 2016-12-21 02:01 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-01-10 18:58 - 2016-12-21 02:00 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2017-01-10 18:58 - 2016-12-21 01:59 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-01-10 18:58 - 2016-12-21 01:59 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-01-10 18:58 - 2016-12-21 01:58 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-01-10 18:58 - 2016-12-21 01:57 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2017-01-10 18:58 - 2016-12-21 01:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-01-10 18:58 - 2016-12-21 01:56 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-01-10 18:58 - 2016-12-21 01:55 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-10 18:58 - 2016-12-21 01:55 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-01-10 18:58 - 2016-12-21 01:54 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2017-01-10 18:58 - 2016-12-21 01:53 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-01-10 18:58 - 2016-12-21 01:53 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-01-10 18:58 - 2016-12-21 01:51 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-01-10 18:58 - 2016-12-21 01:51 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-01-10 18:58 - 2016-12-21 01:50 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-01-10 18:58 - 2016-12-21 01:49 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-01-10 18:58 - 2016-12-21 01:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-01-10 18:58 - 2016-12-21 01:49 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-01-10 18:58 - 2016-12-21 01:47 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-01-10 18:58 - 2016-12-21 00:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2017-01-10 18:58 - 2016-12-21 00:09 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-01-10 18:58 - 2016-12-21 00:03 - 00136544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqmigplugin.dll
2017-01-10 18:58 - 2016-12-21 00:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-01-10 18:58 - 2016-12-21 00:02 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-01-10 18:58 - 2016-12-21 00:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-01-10 18:58 - 2016-12-21 00:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-01-10 18:58 - 2016-12-21 00:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-01-10 18:58 - 2016-12-21 00:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-01-10 18:58 - 2016-12-21 00:01 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-01-10 18:58 - 2016-12-20 23:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2017-01-10 18:58 - 2016-12-20 23:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-01-10 18:58 - 2016-12-20 23:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2017-01-10 18:58 - 2016-12-20 23:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-10 18:58 - 2016-12-20 23:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-01-10 18:58 - 2016-12-20 23:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2017-01-10 18:58 - 2016-12-20 23:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-01-10 18:58 - 2016-12-20 23:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-01-10 18:58 - 2016-12-20 23:39 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-01-10 18:58 - 2016-12-20 23:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-01-10 18:58 - 2016-12-20 23:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2017-01-10 18:58 - 2016-12-20 23:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-01-10 18:58 - 2016-12-20 23:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-01-10 18:58 - 2016-12-20 23:34 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-01-10 18:58 - 2016-12-20 23:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-01-10 18:58 - 2016-12-20 23:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-01-10 18:58 - 2016-12-20 23:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2017-01-10 18:58 - 2016-12-20 23:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-01-10 18:58 - 2016-12-20 23:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-01-10 18:58 - 2016-12-20 23:26 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2017-01-10 18:58 - 2016-12-20 23:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-01-10 18:58 - 2016-12-20 23:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-01-10 18:58 - 2016-12-20 23:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-01-10 18:58 - 2016-12-20 23:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-01-10 18:58 - 2016-12-14 00:41 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-01-10 18:58 - 2016-12-14 00:41 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-01-10 18:58 - 2016-12-14 00:34 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-01-10 18:58 - 2016-12-14 00:33 - 02169184 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-01-10 18:58 - 2016-12-14 00:33 - 01669984 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-01-10 18:58 - 2016-12-14 00:33 - 01400160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-01-10 18:58 - 2016-12-14 00:33 - 01356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-01-10 18:58 - 2016-12-14 00:33 - 01054048 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2017-01-10 18:58 - 2016-12-14 00:33 - 00992096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2017-01-10 18:58 - 2016-12-14 00:33 - 00822624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-01-10 18:58 - 2016-12-14 00:33 - 00813408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-01-10 18:58 - 2016-12-14 00:33 - 00779616 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2017-01-10 18:58 - 2016-12-14 00:33 - 00752992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-01-10 18:58 - 2016-12-14 00:33 - 00704352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-01-10 18:58 - 2016-12-14 00:33 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-01-10 18:58 - 2016-12-14 00:33 - 00571744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-01-10 18:58 - 2016-12-14 00:33 - 00513376 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2017-01-10 18:58 - 2016-12-14 00:33 - 00406368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-01-10 18:58 - 2016-12-14 00:33 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2017-01-10 18:58 - 2016-12-14 00:33 - 00190816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVDllSurrogate.exe
2017-01-10 18:58 - 2016-12-14 00:23 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-01-10 18:58 - 2016-12-14 00:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2017-01-10 18:58 - 2016-12-14 00:19 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-01-10 18:58 - 2016-12-14 00:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-01-10 18:58 - 2016-12-14 00:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-01-10 18:58 - 2016-12-14 00:17 - 00319288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-01-10 18:58 - 2016-12-14 00:14 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-01-10 18:58 - 2016-12-14 00:14 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2017-01-10 18:58 - 2016-12-14 00:14 - 00089416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-01-10 18:58 - 2016-12-14 00:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-01-10 18:58 - 2016-12-14 00:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2017-01-10 18:58 - 2016-12-14 00:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2017-01-10 18:58 - 2016-12-13 23:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-01-10 18:58 - 2016-12-13 23:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-01-10 18:58 - 2016-12-13 23:46 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-01-10 18:58 - 2016-12-13 23:43 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-01-10 18:58 - 2016-12-13 23:42 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-01-10 18:58 - 2016-12-13 23:42 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-01-10 18:58 - 2016-12-13 23:42 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-10 18:58 - 2016-12-13 23:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-01-10 18:58 - 2016-12-13 23:41 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-01-10 18:58 - 2016-12-13 23:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-01-10 18:58 - 2016-12-13 23:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-01-10 18:58 - 2016-12-13 23:40 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-01-10 18:58 - 2016-12-13 23:39 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-01-10 18:58 - 2016-12-13 23:39 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-01-10 18:58 - 2016-12-13 23:39 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-01-10 18:58 - 2016-12-13 23:38 - 17188864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-01-10 18:58 - 2016-12-13 23:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-01-10 18:58 - 2016-12-13 23:38 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-01-10 18:58 - 2016-12-13 23:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
2017-01-10 18:58 - 2016-12-13 23:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-01-10 18:58 - 2016-12-13 23:36 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-01-10 18:58 - 2016-12-13 23:36 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-01-10 18:58 - 2016-12-13 23:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-01-10 18:58 - 2016-12-13 23:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-01-10 18:58 - 2016-12-13 23:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-01-10 18:58 - 2016-12-13 23:35 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-01-10 18:58 - 2016-12-13 23:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2017-01-10 18:58 - 2016-12-13 23:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-01-10 18:58 - 2016-12-13 23:26 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-01-10 18:58 - 2016-12-13 23:26 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-01-10 18:58 - 2016-12-13 23:25 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2017-01-10 18:58 - 2016-12-13 23:24 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2017-01-10 18:58 - 2016-12-13 23:24 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-01-10 18:58 - 2016-12-13 23:23 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-01-10 18:58 - 2016-12-13 23:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-01-10 18:58 - 2016-12-13 23:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2017-01-10 18:58 - 2016-12-13 23:22 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-01-10 18:58 - 2016-12-13 23:22 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-01-10 18:58 - 2016-12-13 23:22 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-01-10 18:58 - 2016-12-13 23:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-01-10 18:58 - 2016-11-02 07:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-01-10 18:58 - 2016-11-02 06:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-01-10 18:58 - 2016-11-02 05:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-01-10 18:58 - 2016-11-02 05:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-01-10 18:58 - 2016-11-02 05:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-01-10 18:58 - 2016-08-01 23:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-01-10 18:57 - 2016-12-21 02:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-01-10 18:57 - 2016-12-21 02:13 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2017-01-10 18:57 - 2016-12-21 02:12 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2017-01-10 18:57 - 2016-12-21 02:10 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2017-01-10 18:57 - 2016-12-21 02:08 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-01-10 18:57 - 2016-12-21 02:08 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-01-10 18:57 - 2016-12-21 01:53 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-01-10 18:57 - 2016-12-21 01:51 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-01-10 18:57 - 2016-12-20 23:24 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-01-10 18:57 - 2016-12-20 23:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-01-10 18:57 - 2016-12-20 23:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-01-10 18:57 - 2016-12-20 23:22 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-01-10 18:57 - 2016-12-14 00:26 - 01469792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-01-10 18:57 - 2016-12-14 00:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-01-10 18:57 - 2016-12-14 00:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-01-10 18:57 - 2016-12-13 23:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-01-10 18:57 - 2016-12-13 23:40 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2017-01-10 18:57 - 2016-12-13 23:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-10 18:57 - 2016-12-13 23:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2017-01-10 18:57 - 2016-12-13 23:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-01-10 18:57 - 2016-12-13 23:22 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-01-10 18:19 - 2017-01-10 18:19 - 00000000 ____D C:\WINDOWS\SysWOW64\Codecs
2017-01-10 18:19 - 2017-01-10 18:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Player - Codec Pack
2017-01-08 17:08 - 2017-01-08 17:08 - 00055480 _____ C:\WINDOWS\SysWOW64\DiscHandler.exe
2017-01-08 01:18 - 2017-01-08 01:18 - 00000026 _____ C:\Users\captn\dancehall.txt
2017-01-06 19:59 - 2017-01-07 00:59 - 00002567 _____ C:\Users\captn\piccolo's letter.txt
2016-12-31 16:42 - 2016-12-31 22:49 - 00000939 _____ C:\WINDOWS\Tasks\EPSON XP-610 Series Update {CA6E1FFC-03FC-469D-9C2D-90504A393527}.job
2016-12-31 16:42 - 2016-12-31 22:49 - 00000939 _____ C:\WINDOWS\Tasks\EPSON XP-610 Series Update {7B05363D-6601-4821-9E41-DF3D89B917AA}.job
2016-12-31 16:42 - 2016-12-31 22:49 - 00000753 _____ C:\WINDOWS\Tasks\EPSON XP-610 Series Invitation {CA6E1FFC-03FC-469D-9C2D-90504A393527}.job
2016-12-31 16:42 - 2016-12-31 22:49 - 00000753 _____ C:\WINDOWS\Tasks\EPSON XP-610 Series Invitation {7B05363D-6601-4821-9E41-DF3D89B917AA}.job
2016-12-31 16:42 - 2016-12-31 16:42 - 00004136 _____ C:\WINDOWS\System32\Tasks\EPSON XP-610 Series Update {CA6E1FFC-03FC-469D-9C2D-90504A393527}
2016-12-31 16:42 - 2016-12-31 16:42 - 00004136 _____ C:\WINDOWS\System32\Tasks\EPSON XP-610 Series Update {7B05363D-6601-4821-9E41-DF3D89B917AA}
2016-12-31 16:42 - 2016-12-31 16:42 - 00003958 _____ C:\WINDOWS\System32\Tasks\EPSON XP-610 Series Invitation {CA6E1FFC-03FC-469D-9C2D-90504A393527}
2016-12-31 16:42 - 2016-12-31 16:42 - 00003958 _____ C:\WINDOWS\System32\Tasks\EPSON XP-610 Series Invitation {7B05363D-6601-4821-9E41-DF3D89B917AA}

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-17 22:53 - 2016-12-11 16:08 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-01-17 22:53 - 2015-09-28 18:49 - 00000000 __SHD C:\Users\captn\IntelGraphicsProfiles
2017-01-17 22:49 - 2016-09-24 01:02 - 02854034 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-17 22:45 - 2016-09-24 01:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-17 22:45 - 2013-11-19 06:26 - 00000000 ____D C:\ProgramData\NVIDIA
2017-01-17 22:44 - 2016-10-19 20:00 - 00000000 ____D C:\AdwCleaner
2017-01-17 22:44 - 2016-07-16 01:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-01-17 22:31 - 2014-05-07 23:19 - 00000000 ____D C:\ProgramData\MFAData
2017-01-17 17:59 - 2014-05-09 00:49 - 00000000 ____D C:\Users\captn\Downloads\Video
2017-01-17 17:42 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2017-01-17 16:51 - 2016-09-24 00:57 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-17 15:17 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-17 15:17 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-17 04:36 - 2014-05-09 00:49 - 00000000 ____D C:\Users\captn\AppData\Roaming\DMCache
2017-01-17 00:47 - 2016-09-24 01:21 - 00003668 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task
2017-01-16 21:19 - 2014-10-07 16:45 - 00000000 ____D C:\Users\captn\Desktop\Security Tools
2017-01-16 16:25 - 2014-05-09 00:49 - 00000000 ____D C:\Users\captn\AppData\Roaming\IDM
2017-01-16 15:26 - 2014-06-19 13:20 - 00000000 ____D C:\Users\captn\AppData\LocalLow\Temp
2017-01-16 15:26 - 2009-07-13 22:20 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-01-13 19:22 - 2015-09-07 21:00 - 00000000 ____D C:\ProgramData\DivX
2017-01-13 04:22 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF
2017-01-12 22:36 - 2015-05-27 22:24 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-01-12 18:52 - 2015-09-26 17:49 - 00000000 ____D C:\Users\captn\Desktop\DivX
2017-01-12 18:52 - 2015-09-07 21:07 - 00000000 ____D C:\Program Files (x86)\DivX
2017-01-12 18:51 - 2016-09-24 01:21 - 00003708 _____ C:\WINDOWS\System32\Tasks\DivXUpdate
2017-01-12 18:51 - 2015-09-07 21:08 - 00000000 ____D C:\Users\captn\AppData\Roaming\DivX
2017-01-12 18:51 - 2015-09-07 21:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2017-01-12 18:15 - 2015-11-04 19:46 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-12 18:03 - 2016-07-16 01:04 - 00008192 _____ C:\WINDOWS\system32\config\ELAM
2017-01-12 01:34 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\rescache
2017-01-11 12:50 - 2015-09-10 00:44 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-11 04:05 - 2016-07-16 06:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-11 04:05 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-01-11 04:05 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-11 04:05 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-01-11 04:05 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-01-11 04:05 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-01-11 03:32 - 2014-05-07 23:50 - 00000000 ____D C:\Users\captn\AppData\Roaming\vlc
2017-01-10 21:47 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-01-10 20:46 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-10 20:41 - 2014-05-18 21:24 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-10 20:39 - 2014-05-18 21:24 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-10 18:35 - 2016-09-24 01:21 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-01-10 18:21 - 2016-10-23 21:05 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2017-01-10 01:54 - 2016-05-08 18:53 - 00000000 ____D C:\Users\captn\AppData\Roaming\Kodi
2017-01-08 19:29 - 2014-08-16 17:23 - 00000000 ____D C:\Users\captn\Desktop\Avs
2017-01-08 01:18 - 2016-09-24 01:03 - 00000000 ____D C:\Users\captn
2017-01-02 21:27 - 2015-10-24 19:05 - 00001009 _____ C:\Users\Public\Desktop\AVG Protection.lnk
2017-01-02 21:27 - 2015-03-25 13:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2017-01-01 13:57 - 2014-12-01 01:19 - 00001104 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2017-01-01 13:57 - 2014-12-01 01:19 - 00001092 _____ C:\Users\Public\Desktop\paint.net.lnk
2017-01-01 13:57 - 2014-08-11 23:03 - 00000000 ____D C:\Program Files\paint.net
2016-12-31 16:42 - 2009-07-13 22:20 - 00000000 ____D C:\WINDOWS\Tasks
2016-12-30 02:53 - 2016-09-24 01:03 - 00000000 ____D C:\Users\Administrator\AppData\Local\Temp
2016-12-25 21:40 - 2014-05-09 21:11 - 00000000 ____D C:\Users\captn\AppData\Local\Diagnostics
2016-12-24 17:12 - 2016-09-24 01:03 - 00000000 ____D C:\Users\captn\AppData\Local\Microsoft
2016-12-18 15:41 - 2014-05-09 00:49 - 00000000 ____D C:\Program Files (x86)\Internet Download Manager

==================== Files in the root of some directories =======

2015-08-12 21:18 - 2015-08-12 21:18 - 0023069 _____ () C:\Users\captn\AppData\Local\recently-used.xbel
2016-05-16 22:09 - 2016-05-16 22:09 - 0000017 _____ () C:\Users\captn\AppData\Local\resmon.resmoncfg
2014-06-03 01:56 - 2014-06-03 01:58 - 0001217 _____ () C:\ProgramData\RUNDLL32.EXE-1788-F.txt
2014-06-03 22:12 - 2014-06-03 22:13 - 0000113 _____ () C:\ProgramData\RUNDLL32.EXE-2416-F.txt
2014-06-03 22:15 - 2014-06-03 22:19 - 0000627 _____ () C:\ProgramData\RUNDLL32.EXE-2432-F.txt
2014-06-04 14:01 - 2014-06-04 14:01 - 0000246 _____ () C:\ProgramData\RUNDLL32.EXE-2504-F.txt
2014-06-04 14:10 - 2014-06-04 14:14 - 0002256 _____ () C:\ProgramData\RUNDLL32.EXE-2592-F.txt
2014-06-04 14:18 - 2014-06-04 14:20 - 0001134 _____ () C:\ProgramData\RUNDLL32.EXE-2616-F.txt
2014-06-04 14:16 - 2014-06-04 14:16 - 0000241 _____ () C:\ProgramData\RUNDLL32.EXE-2724-F.txt
2014-06-04 14:07 - 2014-06-04 14:08 - 0000555 _____ () C:\ProgramData\RUNDLL32.EXE-2736-F.txt
2014-06-04 14:04 - 2014-06-04 14:05 - 0000607 _____ () C:\ProgramData\RUNDLL32.EXE-2812-F.txt
2014-06-03 22:09 - 2014-06-03 22:09 - 0000620 _____ () C:\ProgramData\RUNDLL32.EXE-3060-F.txt

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-12 01:32

==================== End of FRST.txt ============================
  • 0

#10
Jr0x

Jr0x

    Malware removal team

  • Malware Removal
  • 1,830 posts

Hi jamally,

FRST.gifFix with FRST

  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste.
  • Save it on the desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

 

Start
CreateRestorePoint:
CloseProcesses:

C:\Users\captn\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.05\agent\stub_data\stubinst_pkg_en-us.cab
C:\Users\captn\Documents\My Filehippo Downloads\cdbxp_setup_4.5.5.5642.exe
C:\Users\captn\Downloads\Compressed\SopCast.zip
C:\Users\captn\Downloads\Programs\ccsetup519.exe
C:\Users\captn\Downloads\Programs\ccsetup521.exe
C:\Users\captn\Downloads\Programs\ccsetup522.exe
C:\Users\captn\Downloads\Programs\ccsetup523.exe
C:\Users\captn\Downloads\Programs\ccsetup524.exe
C:\Users\captn\Downloads\Programs\ccsetup525.exe
C:\Users\captn\Downloads\Programs\cdbxp_setup_4.5.6.6059.exe
C:\Users\captn\Downloads\Programs\epson15731.exe

Emptytemp:
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.

Note: Your machine will reboot after the fix.


You have paste the wrong log. I asked for MalwareBytes log and not FRST log.

In your next reply, please include the following:

  • FRST fixlog
  • MalwareBytes log
  • How's your machine is running now?

  • 0

Advertisements


#11
jamally

jamally

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
it is running a lot better... it new tabs from page to page almost instantly . but . sometimes its slow on a plain click to navigate, which may be the website... there has only been one time when my images opened up to a white page , which was in IE 11, Edge seems to be okay...


Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 1/19/17
Scan Time: 3:34 AM
Logfile:
Administrator: Yes

-Software Information-
Version: 3.0.5.1299
Components Version: 1.0.43
Update Package Version: 1.0.1054
License: Trial

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 516516
Time Elapsed: 9 min, 55 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)

Edited by jamally, 19 January 2017 - 04:07 PM.

  • 0

#12
jamally

jamally

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
also.. if I play a video, and close the page, the video sound will still play on for 15 or 20 seconds. does that make sense...
  • 0

#13
Jr0x

Jr0x

    Malware removal team

  • Malware Removal
  • 1,830 posts
Hi jamally,
 
That doesn't really make sense to me, but it could be that your machine is lagging and the process is still running at background (even though it may seem closed) hence the sound.
 
Your machine seem to be clean to me unless you still have any other complaints. If you still have any issue with regards to your machine and not malware related, you may consider to seek help at our Windows 10 sub-forum.


OK! Well done. :thumbsup: Here is the best part of the process! The mullygrubs are gone! That's a technical term for your log(s) appear to be clean! If you have no further issues with your computer, please complete the housekeeping procedures outlined below.
The first thing we need to do is to remove all the tools that we have used. This is so that should you ever be re-infected, you will download updated versions.

Tools CleanUp with DelFix

Download Delfix and save it to the Desktop.
  • Right click the 34079650-4cb0ca87s.jpg and click Run as Administrator.
  • Ensure ALL boxes are checked.
    delfix.JPG
  • Click the Run button.
  • The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.
Delete the following Files and Folders (If Present):

Delete any other .bat, .log, .reg, .txt, and any other files created or downloaded during this process, and left on the desktop and empty the Recycle Bin.

Keeping your software updated

Windows Updates
  • Please go to Start Menu -> Control Panel
  • Under View by: select Large Icons, then tap or click Windows Update.
  • Click on Change Settings

    CheckForUpdates.JPG[/b]
  • Select "Install updates automatically (recommended)" from the Important updates drop-down.

    WUChangeSettings.JPG
  • Choose a day and a time when you know the computer will be on and connected to the internet. The default is 3:00AM every day.
  • Ensure that all of the other check boxes are checked.
  • Click OK.
Malwarebytes Anti-Malware

I recommend keeping Malwarebytes Anti-Malware installed. Make sure to update it and run it at least once a week. If it finds things such as PUP's (Potentially Unwanted Programs) you can delete those with no worries. However, if it finds something like a trojan, come see us.

Keep Java Updated

Java has become the #1 program exploited by thieves and hackers as of today. It's gotten so bad, the Department of Homeland Security recently recommended that users disable Java on their machines.

For more information regarding this, see the two articles below:

Forbes: US Department of Homeland Security Calls on user do disable Java

US warns on Java software

Unless you have software on your machine that absolutely requires Java, I highly recommend you completely remove it from your system.
If you do have software that requires it, then disable it until such time as it's needed by those programs.
Please click the link below for instructions to disable and uninstall Java.

How to Disable Java in your Web Browser

How to Completely Remove and Uninstall Java From Windows PC

Filehippo Updatechecker

Another weapon against malicious programs and viruses is to keeping other programs updated. There are several programs out there that can check for out of date programs on your computer. One is Filehippo. You can run this on a weekly or monthly basis to check your programs for updates and then it will provide a link for you to download them.

Download Filehippo Updatechecker

Tips, Information, and Optional Installation

Watch what you open in your emails. If you get an email from an unknown source with any attached files, do not open it.

Be careful of the websites you visit.

When installing new programs, don't be "click happy" and click through the screens. Many programs come with adware in them and are set to install them by default. Several programs require that you uncheck or select no to prevent the installation. Take you time and read each screen as you go.

To help protect yourself while on the web, I recommend you read Answers to common security questions - Best Practices

Installation of Unchecky (Optional)

This is a very good little program that will automatically uncheck any boxes during a software installation. This helps prevent the software from installing any malware that is by default checked while the program is being installed.

Click here to be taken to Unchecky.com

Click the very large Download button.

Click Save

Once downloaded, double click the program (Vista, Win 7, and 8, right click and Run as Administrator)

Once open, click the Install button.

eF6qWPr.jpg

Then click Finish

1YmbKwi.jpg

Unchecky is now installed and will help you keep unwanted check boxes unchecked.

Installation of CryptoPrevent (Optional)

CryptoPrevent is a free program that prevents CryptoLocker / ransomware from infecting your PC by locking down the OS so the malware can not get a grip on your system. You may read more about this here.

To download and install:
  • Click CryptoPrevent
  • Under the Free Edition column, click on Download button to request for a download link and download to your Desktop
  • Extract the content of the zip file to your Desktop and right-click and select Run as Administrator
  • Accept all the defaults during the install. The last screen of the install has a checkmark in "Launch CryptoPrevent". This is good and will launch the program once you click Finish.
  • You will get a prompt asking if you purchased a Product Key for Automatic Updates. You can answer No.
  • You will then be prompted to learn more about automatic updates or if you want to purchase a key. This is up to you but you don't have to.
  • You will be prompted to click OK to continue and select your protection level. Go ahead and click OK.
  • Click the Apply button to set Default protection.
  • You may get a message stating that Windows Sidebar and Desktop Gadgets are a major security vulnerability and asking you if you want to disable them. If you don't use these features, answer Yes.
  • That's it. The protection is in place.
Note: The free version doesn't provide automatic updates. Periodically, you should open up the program (there is a shortcut on your desktop now) and select the Updates! menu....and select Check for Updates to see if there are any as this infection has serious consequences.

If you have any other questions, please feel free to ask me.
  • 0

#14
jamally

jamally

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts

I was not able to open delfix ..  also how often should I run CCcleaner ,  and  those desktop.ini icons

 are they to be ignored....

I am fairly sure that a part of my problem may also be a hardware heat problem

.. and will explore for some hardware monitoring programs for solutions ...


  • 0

#15
Jr0x

Jr0x

    Malware removal team

  • Malware Removal
  • 1,830 posts

Hi jamally,
 
Is there any specific error while opening delfix? 
 
CCleaner is fine for cleaning up junk files, and uninstallation etc but not for running registry cleanup.

A registry cleaner will not increase your system's speed or performance, and has the potential to break your registry to the point that your PC is no longer bootable.
We strongly advise that people stay away from any of the registry cleaners out there.
Go HERE to get more information about why registry cleaners aren't needed.
 
Yes, you can ignore the Desktop.ini files.
 
To disable it (and it's usually recommended), please follow the instruction.

Disable "Show Hidden Files and Folders" and protected operating system files

  • Click Start button > select Control Panel > select Appearance and Personalization > select Folder Options.
  • Select View tab
  • Select Don't Show hidden files and folders
  • Untick Hide protected operating system files (recommended), and then click OK.

 

A couple of tools that you can use to monitor your hardware temperature and so on are: OpenHardwareMonitor and RealTemp


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP