Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Computer running slow, pages loading slowly, wasnt like that before.

Started by louuu , Apr 07 2017 09:18 AM

Please log in to reply

#1
louuu

Posted 07 April 2017 - 09:18 AM

Member

Member
260 posts

hi and thank you in advance for your kind help. my computer for the last 2 months or so has been running slowly. it takes a while for pages to load and at various times seems like its running much slower than it should be running compared to before. even my mouse sometimes lags and that never happened either. sometimes I have to wait 7 or 8 seconds before a page loads and before it would have been instant. this doesn't happen on any particular site, it happens to many sites and is random and seems to be something happening on my computer. ive tried running my security software like a Norton scan, a malwarebytes scan and a few other tools that I have like Norton power eraser and tdsskiller and everything comes back clean. something is wrong because a few months ago everything was running fast and I didn't have these issues. im thinking maybe whatever is causing this problem is beyond my capabilities and that's why im returning to this forum for help as you've successfully helped me a few times in the past. here are the logs you requested and ill wait for a reply, thank you.

my computer info:

Operating System windows 7 64 bit

dell xps 8500 desktop core i7-3770 3.4ghz w/16gb mem

FRST Text:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by Eve8500 (administrator) on LUIS8500 (07-04-2017 11:00:29)
Running from C:\Users\Eve8500\Desktop
Loaded Profiles: Eve8500 (Available Profiles: Eve8500)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Affinegy, Inc.) C:\Program Files (x86)\Optimum\DigiDo\AffinegyService.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Future Systems Solutions, Inc.) C:\Program Files\Common Files\Future Systems Solutions\Services\CASPERSVCS.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\nis.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
() C:\Program Files\Core Temp\Core Temp.exe
() C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe
(Palm) C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\nis.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(DigiPortal Software, Inc.) C:\Program Files (x86)\DigiPortal Software\ChoiceMail\ChoiceMailClient.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(DigiPortal Software, Inc.) C:\Program Files (x86)\DigiPortal Software\ChoiceMail\ChoiceMailClient.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe
(Cyber Power Systems, Inc.) C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
(DigiPortal Software, Inc.) C:\Program Files (x86)\DigiPortal Software\ChoiceMail\CMServer.exe
(DigiPortal Software, Inc.) C:\Program Files (x86)\DigiPortal Software\ChoiceMail\CMServer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Amazon.com) C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Symantec) C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(DigiPortal Software, Inc) C:\Program Files (x86)\DigiPortal Software\ChoiceMail\CMPreapproval.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Norton Ghost 15.0] => C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe [2598760 2010-03-03] (Symantec Corporation)
HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\...\Run: [ChoiceMail] => C:\Program Files (x86)\DigiPortal Software\ChoiceMail\ChoiceMailClient.exe [7704576 2011-09-30] (DigiPortal Software, Inc.)
HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [KSS] => "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe" autorun
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421736 2017-03-28] (Garmin Ltd. or its subsidiaries)
Startup: C:\Users\Eve8500\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ClearHistory.cmd [2009-05-06] ()
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A8289ACF-9ABC-4E4B-92F6-D56B847D48DF}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004 -> DefaultScope {7186B3F3-5D36-4FA3-829C-5E6683EE41FE} URL = hxxps://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
SearchScopes: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004 -> {58CC1F7C-3B97-4FFD-85DA-ADB5A3B7339F} URL =
SearchScopes: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004 -> {7186B3F3-5D36-4FA3-829C-5E6683EE41FE} URL = hxxps://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.7.0.11\coIEPlg.dll [2015-06-26] (Symantec Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll [2015-06-26] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL [2015-03-04] (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-09-13] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2012-12-27] (Atheros Commnucations)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-09-13] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.7.0.11\coIEPlg.dll [2015-06-26] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll [2015-06-26] (Symantec Corporation)
DPF: HKLM-x32 {3F4AC0C9-3A7D-4115-99B4-2693DE0014AF} hxxp://optimum.net/downloads/TNetworkScannerXControl.ocx
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} hxxps://support.dell.com/systemprofiler/SysProExe.CAB

FireFox:
========
FF ProfilePath: C:\Users\Eve8500\AppData\Roaming\TomTom\HOME\Profiles\53i8do6m.default [2013-08-20]
FF Extension: (Emulator) - C:\Users\Eve8500\AppData\Roaming\TomTom\HOME\Profiles\53i8do6m.default\Extensions\[email protected] [2013-08-20] [not signed]
FF Extension: (No Name) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\[email protected] [not found]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.6.0.32\coFFPlgn
FF Extension: (Norton Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.6.0.32\coFFPlgn [2017-04-07]
FF HKLM-x32\...\Firefox\Extensions: [{40211632-250D-4B8C-B04E-DA45BAE6DF8C}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.6.0.32\coFFPlgn
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll [2013-05-15] ()
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin: @java.com/DTPlugin,version=10.13.2 -> C:\Windows\system32\npDeployJava1.dll [2013-02-04] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll [2013-05-15] ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-09-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-09-13] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2502943303-2344771959-3953300128-1004: etrade.com/ETProPlugin -> C:\Program Files (x86)\E-TRADE Pro\npetproplugin.dll [2015-12-21] (E*Trade Financial)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Eve8500\AppData\Local\Google\Chrome\User Data\Default [2017-04-06]
CHR Extension: (Google Docs) - C:\Users\Eve8500\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-09]
CHR Extension: (Google Drive) - C:\Users\Eve8500\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-08]
CHR Extension: (YouTube) - C:\Users\Eve8500\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-09]
CHR Extension: (Google Search) - C:\Users\Eve8500\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-24]
CHR Extension: (Google Docs Offline) - C:\Users\Eve8500\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Eve8500\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\Eve8500\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-01]
CHR Extension: (Chrome Media Router) - C:\Users\Eve8500\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-06]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [2015-05-28]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [2015-05-28]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ADVService; C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe [25704 2011-11-23] (Amazon.com) [File not signed]
R2 AffinegyService; C:\Program Files (x86)\Optimum\DigiDo\AffinegyService.exe [587120 2011-10-17] (Affinegy, Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-03-17] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [204928 2012-12-27] (Atheros Commnucations) [File not signed]
R2 caspereui; C:\Program Files\Common Files\Future Systems Solutions\Services\CASPERSVCS.EXE [1168984 2014-09-03] (Future Systems Solutions, Inc.)
R2 casperhpb; C:\Program Files\Common Files\Future Systems Solutions\Services\CASPERSVCS.EXE [1168984 2014-09-03] (Future Systems Solutions, Inc.)
S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [248304 2011-08-11] (CyberLink)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342240 2015-05-06] (Futuremark)
S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1099280 2017-03-28] (Garmin Ltd. or its subsidiaries)
S3 GenericMount Helper Service; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe [2227216 2010-02-12] (Symantec)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_2.EXE [2999664 2007-09-12] (Symantec Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [853288 2007-09-20] (Nero AG)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\NIS.exe [276336 2015-03-07] (Symantec Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [382248 2007-10-23] (Nero AG)
R2 Norton Ghost; C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe [4590432 2010-03-03] (Symantec Corporation)
R2 NovacomD; C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe [72192 2011-06-24] (Palm) [File not signed]
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2141192 2016-10-02] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2206224 2016-10-02] (Electronic Arts)
S4 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-07-08] ()
R2 ppped; C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe [1017832 2012-08-03] (Cyber Power Systems, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [292568 2014-12-11] (Realtek Semiconductor)
R2 svcChoiceMail; C:\Program Files (x86)\DigiPortal Software\ChoiceMail\CMServer.exe [4308992 2011-09-30] (DigiPortal Software, Inc.) [File not signed]
R3 svcCMPreApproval; C:\Program Files (x86)\DigiPortal Software\ChoiceMail\CMPreapproval.exe [1687552 2011-09-30] (DigiPortal Software, Inc) [File not signed]
R3 SymSnapService; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [2963960 2009-09-21] (Symantec)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [304408 2017-01-29] (RaMMicHaeL)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [327296 2012-12-27] (Atheros) [File not signed]
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2012-12-26] (Atheros) [File not signed]
S3 Symantec SymSnap VSS Provider; C:\Windows\system32\dllhost.exe /Processid:{4DB90D5C-2D86-4014-9349-741A696FA2A7}

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [10733056 2012-02-23] (Advanced Micro Devices, Inc.) [File not signed]
S3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [328192 2012-02-22] (Advanced Micro Devices, Inc.) [File not signed]
R3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2014-04-09] (Wondershare)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.6.0.32\Definitions\BASHDefs\20170405.003\BHDrvx64.sys [1831064 2017-03-03] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1507000.00B\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
S3 cmnxusbser; C:\Windows\System32\DRIVERS\cmnxusbser.sys [146424 2015-11-24] (Wireless Data Device)
S3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [32464 2016-06-23] (Dell Computer Corporation)
S3 DellProf; C:\Windows\System32\drivers\DellProf.sys [24240 2016-06-23] (Dell Computer Corporation)
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2017-02-15] (Disc Soft Ltd)
S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2017-02-15] (Disc Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497312 2017-01-25] (Symantec Corporation)
S3 ENTECH64; C:\Windows\system32\DRIVERS\ENTECH64.sys [12744 2008-09-17] (EnTech Taiwan)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156824 2017-01-25] (Symantec Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-04-04] ()
R3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [66608 2010-02-12] (Symantec Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.6.0.32\Definitions\IPSDefs\20170406.001\IDSvia64.sys [1038024 2017-02-13] (Symantec Corporation)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [186304 2017-04-04] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [111544 2017-04-07] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-04-07] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251832 2017-04-07] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [82720 2017-04-07] (Malwarebytes)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.6.0.32\Definitions\VirusDefs\20170406.025\ENG64.SYS [138912 2017-03-28] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.6.0.32\Definitions\VirusDefs\20170406.025\EX64.SYS [2151072 2017-03-28] (Symantec Corporation)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2015-05-31] ()
R3 RTCore64; C:\Program Files (x86)\EVGA Precision X\RTCore64.sys [15176 2012-06-29] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-10-23] (Duplex Secure Ltd.)
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1507000.00B\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1507000.00B\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1507000.00B\SYMDS64.SYS [493656 2014-08-25] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1507000.00B\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2015-05-28] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [78936 2014-08-25] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1507000.00B\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1507000.00B\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
R0 symsnap; C:\Windows\System32\DRIVERS\symsnap.sys [170032 2009-09-21] (StorageCraft)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2014-12-28] ()
S3 VProEventMonitor; C:\Windows\System32\DRIVERS\vproeventmonitor.sys [20528 2009-09-21] (Symantec Corporation)
U3 aqeb1447; C:\Windows\System32\Drivers\aqeb1447.sys [0 ] (Intel Corporation) <==== ATTENTION (zero byte File/Folder)
R3 ALSysIO; \??\C:\Users\Eve8500\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
U2 ccEvtMgr; no ImagePath
U2 ccSetMgr; no ImagePath
S4 cpuz130; \??\C:\Users\Eve8500\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X] <==== ATTENTION
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
U3 navapsvc; no ImagePath
S4 NvStUSB; \SystemRoot\system32\drivers\nvstusb.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
U3 SAVRT; no ImagePath
U1 SAVRTPEL; no ImagePath
U3 TlntSvr; no ImagePath
U2 V2iMount; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-07 11:00 - 2017-04-07 11:02 - 00024981 _____ C:\Users\Eve8500\Desktop\FRST.txt
2017-04-07 11:00 - 2017-04-07 11:00 - 00000000 ____D C:\FRST
2017-04-07 10:59 - 2017-04-07 10:59 - 02424832 _____ (Farbar) C:\Users\Eve8500\Desktop\FRST64.exe
2017-04-06 21:17 - 2017-04-06 21:17 - 00000227 _____ C:\Users\Eve8500\Desktop\game x 2b.url
2017-04-06 10:40 - 2017-04-06 10:40 - 00000227 _____ C:\Users\Eve8500\Desktop\game x 2.url
2017-04-05 11:44 - 2017-04-05 16:20 - 00000117 _____ C:\Users\Eve8500\Desktop\auc stuff.txt
2017-04-05 06:50 - 2017-04-05 06:50 - 00000234 _____ C:\Users\Eve8500\Desktop\york pp.url
2017-04-04 09:10 - 2017-04-04 09:10 - 00000234 _____ C:\Users\Eve8500\Desktop\selfie.url
2017-04-01 22:41 - 2017-04-02 19:17 - 00000238 _____ C:\Users\Eve8500\Desktop\DOOM Walkthrough.url
2017-03-31 10:37 - 2017-03-31 10:37 - 00000238 _____ C:\Users\Eve8500\Desktop\j nails.url
2017-03-29 12:25 - 2017-04-06 17:26 - 00000000 ____D C:\ares backups
2017-03-28 14:06 - 2017-03-28 14:06 - 00000222 _____ C:\Users\Eve8500\Desktop\Mafia III.url
2017-03-28 05:06 - 2017-04-07 10:58 - 00082720 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-03-28 05:06 - 2017-04-07 07:57 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-03-28 05:06 - 2017-04-07 07:57 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-03-28 05:06 - 2017-04-04 10:03 - 00077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-03-28 05:06 - 2017-04-04 09:02 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-03-28 05:06 - 2017-03-28 05:06 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-27 12:51 - 2017-03-27 13:15 - 00000000 ____D C:\Users\Eve8500\Desktop\walgreens
2017-03-25 08:42 - 2017-03-25 08:42 - 00001763 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-03-25 08:42 - 2017-03-25 08:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-03-25 08:42 - 2017-03-25 08:42 - 00000000 ____D C:\Program Files\iPod
2017-03-25 08:41 - 2017-03-25 08:41 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-03-25 08:41 - 2017-03-25 08:41 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2017-03-25 08:41 - 2017-03-25 08:41 - 00000000 ____D C:\Program Files\Bonjour
2017-03-25 08:41 - 2017-03-25 08:41 - 00000000 ____D C:\Program Files (x86)\Bonjour
2017-03-25 08:41 - 2017-03-25 08:41 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2017-03-25 01:40 - 2017-03-25 01:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMobie
2017-03-24 23:22 - 2017-03-24 23:22 - 00002052 _____ C:\Users\Eve8500\Desktop\Lego Batman.lnk
2017-03-24 23:15 - 2017-03-24 23:15 - 00000000 ____D C:\Users\Eve8500\AppData\Roaming\Warner Bros. Interactive Entertainment
2017-03-24 19:14 - 2017-03-24 23:04 - 00000000 ____D C:\Program Files (x86)\Lego Batman 3 Beyond Gotham
2017-03-24 18:47 - 2017-03-24 18:47 - 00000978 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEGO Marvel's Avengers.lnk
2017-03-24 12:03 - 2017-03-24 12:03 - 00000000 ____D C:\Users\Eve8500\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DX-Ball 2
2017-03-24 12:03 - 2017-03-24 12:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DX-Ball 2
2017-03-24 12:03 - 2017-03-24 12:03 - 00000000 ____D C:\Program Files (x86)\DXBall2
2017-03-24 02:23 - 2017-04-06 17:24 - 00000000 ____D C:\Users\Eve8500\AppData\Roaming\Kodi
2017-03-24 02:23 - 2017-03-24 02:23 - 00001869 _____ C:\Users\Eve8500\Desktop\Kodi.lnk
2017-03-24 02:20 - 2017-03-24 02:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodi
2017-03-24 02:20 - 2017-03-24 02:20 - 00000000 ____D C:\Program Files (x86)\Kodi
2017-03-23 20:27 - 2017-03-24 01:16 - 00000000 ____D C:\Users\Eve8500\AppData\LocalLow\Unity
2017-03-23 20:27 - 2017-03-24 01:16 - 00000000 ____D C:\Users\Eve8500\AppData\Local\Unity
2017-03-15 19:33 - 2017-03-15 19:33 - 00000137 _____ C:\Users\Eve8500\Desktop\Rebate 1113851526128514.url
2017-03-15 09:12 - 2017-03-04 13:24 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-03-15 09:12 - 2017-03-04 12:39 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-03-15 09:12 - 2017-03-04 04:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-03-15 09:12 - 2017-03-04 04:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-03-15 09:12 - 2017-03-04 04:02 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-03-15 09:12 - 2017-03-04 04:01 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-03-15 09:12 - 2017-03-04 04:01 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-03-15 09:12 - 2017-03-04 04:01 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-03-15 09:12 - 2017-03-04 04:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-03-15 09:12 - 2017-03-04 03:59 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-03-15 09:12 - 2017-03-04 03:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-03-15 09:12 - 2017-03-04 03:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-03-15 09:12 - 2017-03-04 03:48 - 25746944 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-03-15 09:12 - 2017-03-04 03:46 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-03-15 09:12 - 2017-03-04 03:45 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-03-15 09:12 - 2017-03-04 03:45 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-03-15 09:12 - 2017-03-04 03:45 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-03-15 09:12 - 2017-03-04 03:44 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-03-15 09:12 - 2017-03-04 03:36 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-03-15 09:12 - 2017-03-04 03:32 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-03-15 09:12 - 2017-03-04 03:31 - 06045696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-03-15 09:12 - 2017-03-04 03:23 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-03-15 09:12 - 2017-03-04 03:21 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-03-15 09:12 - 2017-03-04 03:16 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-03-15 09:12 - 2017-03-04 03:16 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-03-15 09:12 - 2017-03-04 03:13 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-03-15 09:12 - 2017-03-04 03:11 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-03-15 09:12 - 2017-03-04 02:57 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-03-15 09:12 - 2017-03-04 02:55 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-03-15 09:12 - 2017-03-04 02:54 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-03-15 09:12 - 2017-03-04 02:52 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-03-15 09:12 - 2017-03-04 02:52 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-03-15 09:12 - 2017-03-04 02:26 - 15259648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-03-15 09:12 - 2017-03-04 02:25 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-03-15 09:12 - 2017-03-04 02:12 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-03-15 09:12 - 2017-03-04 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-03-15 09:12 - 2017-03-04 00:18 - 20281856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-03-15 09:12 - 2017-03-02 14:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-03-15 09:12 - 2017-03-02 14:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-03-15 09:12 - 2017-03-02 14:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-03-15 09:12 - 2017-03-02 14:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-03-15 09:12 - 2017-03-02 14:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-03-15 09:12 - 2017-03-02 14:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-03-15 09:12 - 2017-03-02 13:55 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-03-15 09:12 - 2017-03-02 13:54 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-03-15 09:12 - 2017-03-02 13:53 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-03-15 09:12 - 2017-03-02 13:51 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-03-15 09:12 - 2017-03-02 13:50 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-03-15 09:12 - 2017-03-02 13:49 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-03-15 09:12 - 2017-03-02 13:49 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-03-15 09:12 - 2017-03-02 13:41 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-03-15 09:12 - 2017-03-02 13:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-03-15 09:12 - 2017-03-02 13:35 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-03-15 09:12 - 2017-03-02 13:32 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-03-15 09:12 - 2017-03-02 13:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-03-15 09:12 - 2017-03-02 13:29 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-03-15 09:12 - 2017-03-02 13:28 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-03-15 09:12 - 2017-03-02 13:22 - 04604416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-03-15 09:12 - 2017-03-02 13:21 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-03-15 09:12 - 2017-03-02 13:19 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-03-15 09:12 - 2017-03-02 13:17 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-03-15 09:12 - 2017-03-02 13:17 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-03-15 09:12 - 2017-03-02 13:11 - 13654528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-03-15 09:12 - 2017-03-02 12:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-03-15 09:12 - 2017-03-02 12:50 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-03-15 09:12 - 2017-03-02 12:50 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-03-15 09:12 - 2017-02-10 10:33 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-03-15 09:12 - 2017-02-09 12:36 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-03-15 09:12 - 2017-02-09 12:35 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-03-15 09:12 - 2017-02-09 12:35 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-03-15 09:12 - 2017-02-09 12:33 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-03-15 09:12 - 2017-02-09 12:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-03-15 09:12 - 2017-02-09 12:32 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-03-15 09:12 - 2017-02-09 12:31 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-03-15 09:12 - 2017-02-09 12:31 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-03-15 09:12 - 2017-02-09 12:31 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-03-15 09:12 - 2017-02-09 12:31 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-03-15 09:12 - 2017-02-09 12:31 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-03-15 09:12 - 2017-02-09 12:19 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-03-15 09:12 - 2017-02-09 12:19 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-03-15 09:12 - 2017-02-09 12:14 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-03-15 09:12 - 2017-02-09 12:14 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-03-15 09:12 - 2017-02-09 12:00 - 03220480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-03-15 09:12 - 2017-02-09 10:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-03-15 09:12 - 2017-01-11 14:01 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-03-15 09:11 - 2017-02-11 11:58 - 00462848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-03-15 09:11 - 2017-02-11 11:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-03-15 09:11 - 2017-02-11 11:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-03-15 09:11 - 2017-02-10 12:32 - 00803328 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-03-15 09:11 - 2017-02-10 12:32 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-03-15 09:11 - 2017-02-10 12:17 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-03-15 09:11 - 2017-02-10 12:17 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-03-15 09:11 - 2017-02-09 12:35 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-03-15 09:11 - 2017-02-09 12:35 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-03-15 09:11 - 2017-02-09 12:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-03-15 09:11 - 2017-02-09 12:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-03-15 09:11 - 2017-02-09 12:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-03-15 09:11 - 2017-02-09 12:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-03-15 09:11 - 2017-02-09 12:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-03-15 09:11 - 2017-02-09 12:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-03-15 09:11 - 2017-02-09 12:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-03-15 09:11 - 2017-02-09 12:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-03-15 09:11 - 2017-02-09 12:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-03-15 09:11 - 2017-02-09 12:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-03-15 09:11 - 2017-02-09 12:32 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
2017-03-15 09:11 - 2017-02-09 12:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-03-15 09:11 - 2017-02-09 12:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-03-15 09:11 - 2017-02-09 12:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-03-15 09:11 - 2017-02-09 12:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00625664 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:16 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-03-15 09:11 - 2017-02-09 12:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-03-15 09:11 - 2017-02-09 12:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-03-15 09:11 - 2017-02-09 12:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-03-15 09:11 - 2017-02-09 11:59 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-03-15 09:11 - 2017-02-09 11:58 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-03-15 09:11 - 2017-02-09 11:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-03-15 09:11 - 2017-02-09 11:55 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-03-15 09:11 - 2017-02-09 11:55 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-03-15 09:11 - 2017-02-09 11:54 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-03-15 09:11 - 2017-02-09 11:54 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-03-15 09:11 - 2017-02-09 11:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-03-15 09:11 - 2017-02-09 11:51 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcsPlugInService.dll
2017-03-15 09:11 - 2017-02-09 11:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-03-15 09:11 - 2017-02-09 11:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-03-15 09:11 - 2017-02-09 11:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-03-15 09:11 - 2017-02-09 11:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-03-15 09:11 - 2017-02-09 11:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-03-15 09:11 - 2017-02-09 11:49 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 11:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 11:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 11:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 10:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-03-15 09:11 - 2017-02-06 12:14 - 00733696 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-03-15 09:11 - 2017-01-13 14:00 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-03-15 09:11 - 2017-01-13 14:00 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2017-03-15 09:11 - 2017-01-13 13:45 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-03-15 09:11 - 2017-01-13 13:45 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2017-03-15 09:11 - 2017-01-11 14:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2017-03-15 09:11 - 2017-01-11 13:43 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2017-03-15 09:11 - 2017-01-11 13:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2017-03-15 09:11 - 2017-01-06 14:00 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-03-15 09:11 - 2017-01-06 13:44 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-03-15 09:07 - 2017-02-22 19:42 - 00084712 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-03-15 09:07 - 2017-02-22 19:37 - 01285632 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-03-15 09:07 - 2017-02-18 10:05 - 01609216 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-03-15 09:07 - 2017-02-18 10:05 - 00646656 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-03-11 13:32 - 2017-04-06 07:15 - 00000265 _____ C:\Users\Eve8500\Desktop\pop pens.url
2017-03-09 12:57 - 2017-03-09 12:57 - 00000251 _____ C:\Users\Eve8500\Desktop\Organic Facial or Massage - Skin Station- 8 Avenue Brooklyn Groupon.url

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-07 09:44 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Registration
2017-04-07 08:44 - 2015-07-31 06:51 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2017-04-07 08:23 - 2009-07-14 00:45 - 00027936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-07 08:23 - 2009-07-14 00:45 - 00027936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-07 08:03 - 2009-07-14 01:13 - 00784366 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-07 08:03 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2017-04-07 07:57 - 2014-10-14 03:06 - 00251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-04-07 07:57 - 2012-09-25 03:18 - 00000000 ____D C:\ProgramData\Temp
2017-04-07 07:56 - 2013-03-16 11:27 - 00000000 ____D C:\ProgramData\NVIDIA
2017-04-07 07:56 - 2012-12-03 02:59 - 00000000 ____D C:\Program Files (x86)\CyberPower PowerPanel Personal Edition
2017-04-07 07:56 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-06 22:45 - 2016-08-10 02:13 - 00004096 ___SH C:\VSNAP.IDX
2017-04-06 22:44 - 2016-08-07 09:45 - 00003026 _____ C:\Windows\System32\Tasks\EVGAPrecision
2017-04-06 21:46 - 2012-12-19 20:21 - 00000000 ____D C:\Program Files (x86)\Steam
2017-04-06 17:14 - 2015-08-01 12:14 - 00001062 _____ C:\Users\Eve8500\Desktop\returns.txt
2017-04-05 19:02 - 2012-11-30 22:44 - 00000000 ____D C:\Lou Saved Files
2017-04-05 18:55 - 2012-10-23 15:15 - 00000000 ____D C:\DivXtoDvdMovies
2017-04-05 18:52 - 2012-12-01 00:50 - 00000000 ____D C:\Users\Eve8500\Downloads\exercise vids
2017-04-05 18:48 - 2009-07-14 01:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-04-05 16:32 - 2014-08-09 17:34 - 00002193 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-04-05 11:00 - 2012-10-18 18:59 - 00000000 ____D C:\Users\Eve8500\AppData\Roaming\vlc
2017-04-04 09:58 - 2016-11-08 22:23 - 00000000 ____D C:\Users\Eve8500\AppData\Roaming\DesktopOK
2017-04-03 02:43 - 2012-10-18 19:03 - 00000000 ____D C:\Users\Eve8500\AppData\Roaming\uTorrent
2017-04-01 17:01 - 2012-12-01 00:33 - 00000000 ____D C:\LTemp On Desktop
2017-04-01 16:27 - 2012-10-18 19:06 - 00000000 ____D C:\Program Files (x86)\EVGA Precision X
2017-04-01 04:45 - 2013-09-02 14:19 - 00000000 ____D C:\ProgramData\Garmin
2017-04-01 04:43 - 2013-10-30 02:37 - 00000000 ____D C:\ProgramData\Package Cache
2017-04-01 03:57 - 2013-09-02 14:19 - 00000000 ____D C:\Program Files (x86)\Garmin
2017-04-01 03:56 - 2014-10-20 18:18 - 00003554 _____ C:\Windows\System32\Tasks\GarminUpdaterTask
2017-04-01 03:56 - 2013-09-02 14:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2017-03-31 12:44 - 2012-12-01 00:58 - 00000000 ____D C:\Pics
2017-03-30 10:49 - 2012-10-18 18:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware And Cleanup
2017-03-28 14:41 - 2015-01-12 14:10 - 00000000 ____D C:\Users\Eve8500\AppData\Local\LumaEmu_SteamCloud
2017-03-28 14:06 - 2015-02-14 10:46 - 00000000 ____D C:\Users\Eve8500\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2017-03-28 09:13 - 2016-10-07 00:53 - 00000000 ____D C:\Users\Eve8500\AppData\Local\2K Games
2017-03-28 07:08 - 2016-09-04 12:46 - 00000000 ____D C:\Users\Eve8500\Desktop\dd pics
2017-03-28 05:54 - 2013-03-03 05:32 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-03-28 05:06 - 2014-10-14 03:05 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-27 19:48 - 2012-11-19 13:04 - 00000000 ____D C:\Users\Eve8500\AppData\Local\CrashDumps
2017-03-27 14:03 - 2012-11-30 23:50 - 00000000 ____D C:\Lou Videos
2017-03-27 13:53 - 2015-12-04 20:21 - 00000000 ____D C:\Users\Eve8500\Desktop\pix
2017-03-27 13:40 - 2016-03-10 20:31 - 00000000 ____D C:\Users\Eve8500\Desktop\Team V copy
2017-03-25 08:42 - 2015-02-05 09:12 - 00000000 ____D C:\Program Files\iTunes
2017-03-25 08:41 - 2012-10-27 14:53 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-03-25 07:26 - 2016-10-12 22:12 - 00000000 ____D C:\Program Files (x86)\iMobie
2017-03-23 23:59 - 2012-09-25 03:21 - 00000000 ____D C:\ProgramData\Roxio
2017-03-23 20:26 - 2012-11-28 17:55 - 00000000 ____D C:\Users\Eve8500\AppData\Local\Deployment
2017-03-15 21:01 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2017-03-15 09:39 - 2013-03-15 19:29 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-03-15 09:39 - 2013-03-15 19:29 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-03-15 09:39 - 2009-07-14 00:45 - 00546872 _____ C:\Windows\system32\FNTCACHE.DAT
2017-03-15 09:36 - 2014-12-10 05:24 - 00000000 ____D C:\Windows\system32\appraiser
2017-03-15 09:36 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\DVD Maker
2017-03-15 09:18 - 2013-07-10 04:40 - 00000000 ____D C:\Windows\system32\MRT
2017-03-15 09:14 - 2012-10-15 19:48 - 138634176 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-03-15 09:13 - 2015-05-12 20:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-03-11 11:20 - 2009-07-14 01:08 - 00032582 _____ C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2012-10-27 02:17 - 2012-10-27 02:17 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2013-08-12 17:39 - 2013-08-12 17:39 - 0031744 ___SH () C:\Users\Eve8500\AppData\Roaming\Thumbs.db
2012-10-23 15:14 - 2016-01-10 16:17 - 0001057 _____ () C:\Users\Eve8500\AppData\Roaming\vso_ts_preview.xml
2012-12-21 02:31 - 2012-12-21 08:51 - 0000000 _____ () C:\Users\Eve8500\AppData\Local\ars.cache
2012-12-21 02:32 - 2012-12-21 08:52 - 5238714 _____ () C:\Users\Eve8500\AppData\Local\census.cache
2012-12-21 01:21 - 2012-12-21 01:21 - 0000036 _____ () C:\Users\Eve8500\AppData\Local\housecall.guid.cache
2015-01-12 14:10 - 2015-01-12 14:10 - 0000000 ___SH () C:\Users\Eve8500\AppData\Local\LumaEmu
2012-11-01 16:56 - 2012-12-02 20:13 - 0007609 _____ () C:\Users\Eve8500\AppData\Local\Resmon.ResmonCfg
2016-11-15 01:19 - 2016-11-15 01:19 - 0000010 _____ () C:\Users\Eve8500\AppData\Local\sponge.last.runtime.cache
2015-04-05 07:12 - 2015-04-05 07:12 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-08-07 17:46 - 2015-11-13 21:32 - 0000736 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-04-03 10:38

==================== End of FRST.txt ============================

Addition Text:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Eve8500 (07-04-2017 11:02:28)
Running from C:\Users\Eve8500\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-10-15 21:32:13)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2502943303-2344771959-3953300128-500 - Administrator - Disabled)
Eve8500 (S-1-5-21-2502943303-2344771959-3953300128-1004 - Administrator - Enabled) => C:\Users\Eve8500
Guest (S-1-5-21-2502943303-2344771959-3953300128-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2502943303-2344771959-3953300128-1015 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Internet Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\...\uTorrent) (Version: 3.4.1.30740 - BitTorrent Inc.)
3DMark 11 (HKLM-x32\...\{f9e83b9c-ab7e-4005-8f32-4ea69703a5e4}) (Version: 1.0.132.0 - Futuremark)
3DMark 11 (Version: 1.0.132.0 - Futuremark) Hidden
3DMark Vantage (HKLM-x32\...\{C40C3C3D-97CF-44B5-836C-766E374464B3}) (Version: 1.1.0 - Futuremark Corporation)
AB Commander (HKLM\...\AB Commander) (Version: 9.8.1 - WinAbility® Software Corporation)
ACID Music Studio 9.0 (HKLM-x32\...\{78EB80B0-18A0-11E2-9761-F04DA23A5C58}) (Version: 9.0.35 - Sony)
Active@ KillDisk 9.1 (HKLM\...\{81B939C1-0219-42B6-A352-D5E43F2BDFAE}_is1) (Version: 9.1 - LSoft Technologies Inc)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.7.700.202 - Adobe Systems Incorporated)
Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: - Amazon)
Amazon Unbox Video (HKLM-x32\...\InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}) (Version: 2.2.0.153 - Amazon.com)
Amazon Unbox Video (x32 Version: 2.2.0.153 - Amazon.com) Hidden
Ansel (Version: 375.70 - NVIDIA Corporation) Hidden
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{05E07D23-91E9-4E70-A4CC-EF505088F967}) (Version: 5.4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{741291DA-2B34-4D44-8FB6-58EDE21261D8}) (Version: 5.4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{DB18F1C0-846F-46F5-A074-5B97C8AF5C8E}) (Version: 10.3.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.170 - Atheros)
AVI Splitter (HKLM-x32\...\AVI Splitter_is1) (Version: - )
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
calibre (HKLM-x32\...\{7050D165-886B-42BD-A39E-9B28C9728318}) (Version: 2.9.0 - Kovid Goyal)
Call of Duty Infinite Warfare (HKLM-x32\...\Call of Duty Infinite Warfare_is1) (Version: 1.0.0.1 - Activision Blizzard)
Call of Duty: Black Ops III (HKLM\...\Q2FsbG9mRHV0eUJsYWNrT3BzSUlJ_is1) (Version: 1 - )
CameraHelperMsi (x32 Version: 13.40.836.0 - Logitech) Hidden
Casper 8.0 (HKLM\...\{FB725A1C-D2D2-4414-B302-DD6B7AF6DA27}) (Version: 8.0.46120 - Future Systems Solutions, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
ChoiceMail 2012 (HKLM-x32\...\ChoiceMail 2012) (Version: 4.2 - DigiPortal Software Inc)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CleanUp! (HKLM-x32\...\CleanUp!) (Version: - )
ClipGrab 3.4.9 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version: - Philipp Schmieder Medien)
ConvertXtoDVD 4.1.19.365 (HKLM-x32\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.1.19.365 - )
Core Temp 1.0 RC4 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.4) (Version: 5.0.0.4 - Coupons.com Incorporated)
CyberLink PowerDVD 9.6 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.6.1.4418 - CyberLink Corp.)
CyberPower PowerPanel Personal Edition 1.3.4 (HKLM-x32\...\{612DBD6B-D073-43A9-8A26-D89DDF835137}) (Version: 1.3.4 - Cyber Power Systems, Inc.)
DAEMON Tools Toolbar (HKLM-x32\...\DAEMON Tools Toolbar) (Version: 1.0.8.0552 - DT Soft Ltd) <==== ATTENTION
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Dell Inc.)
DigiDo (HKLM-x32\...\DigiDo_is1) (Version: - )
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DOOM (HKLM\...\Steam App 379720) (Version: - id Software)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
DX-Ball 2 v1.25 (HKLM-x32\...\DX-Ball 2 v1.25) (Version: - )
Elevated Installer (x32 Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
E-TRADE Pro 1.10 (HKLM-x32\...\4285-0367-3118-9779) (Version: 1.10 - E*TRADE Financial)
EVGA Precision X 3.0.3 (HKLM-x32\...\PrecisionX) (Version: 3.0.3 - EVGA Corporation)
F.E.A.R. 3 (HKLM-x32\...\F.E.A.R. 3_is1) (Version: - )
FaxTools eXPert (HKLM-x32\...\{C339CAC7-65FF-40F3-9D56-317BF20C8CFF}) (Version: 8.00 - BVRP Software)
Free MP3 Cutter 1.01 (HKLM-x32\...\{847E0734-4457-4B48-BF49-998D1CF2CFA1}_is1) (Version: - PolySoft Solutions)
Free Video Cutter version 1.2.1 (HKLM-x32\...\{B089C7D5-C978-4DB0-AFDE-471A42759CB0}_is1) (Version: 1.2.1 - Free Studio)
Freedom Art Collection (HKLM-x32\...\{54F073B8-7E88-45FE-9648-61F77EC02E0D}) (Version: - )
Freemake Video Converter version 4.1.3 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.3 - Ellora Assets Corporation)
Futuremark SystemInfo (HKLM-x32\...\{0DD83DE7-507E-44AE-BC2D-2FAAFA48CCA5}) (Version: 4.37.548.0 - Futuremark)
Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{bd8bd200-9a60-4969-b267-6b565f36e3da}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Training Center (HKLM-x32\...\{7D542452-84EB-47C0-97BA-735C523AB555}) (Version: 3.6.5 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{DC7720F2-98BE-41C1-B0A8-E391362E86B8}) (Version: 2.3.1.1 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\R3JhbmRUaGVmdEF1dG9W_is1) (Version: 1 - )
Hallmark Card Studio 2014 Deluxe (HKLM-x32\...\{B9FF36AF-29F6-47EC-BE07-D3FB2CA02531}) (Version: 15.0.0.10 - Creative Home)
Holiday Art Collection (HKLM-x32\...\{F68DF664-1C34-48B2-BE8D-AF26F6CFFE90}) (Version: - )
Homefront: The Revolution (HKLM\...\Steam App 223100) (Version: - Dambuster Studios)
InPixio Photo (HKLM-x32\...\{5F0C0CD8-77B1-4C3E-9F01-5AF10D85DBB4}) (Version: 6.04.0 - Avanquest Software)
InstaCards (HKLM-x32\...\{58259C24-7B5E-4977-93B0-E9EEA1B884CE}) (Version: 1.5.0 - Avanquest Software)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
iTunes (HKLM\...\{164600BE-9CEC-44E6-9B38-2B12D5FE2342}) (Version: 12.6.0.100 - Apple Inc.)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Just Cause 3 (HKLM\...\Steam App 225540) (Version: - Avalanche Studios)
Kits Configuration Installer (x32 Version: 8.59.25584 - Microsoft) Hidden
Kodi (HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\...\Kodi) (Version: - XBMC-Foundation)
LEGO MARVEL's Avengers (HKLM\...\bGVnb21hcnZlbHNhdmVuZ2Vycw_is1) (Version: 1 - )
LiveUpdate 3.2 (Symantec Corporation) (HKLM-x32\...\LiveUpdate) (Version: 3.2.0.68 - Symantec Corporation)
Lock my Folder (HKLM-x32\...\Lock my Folder) (Version: - )
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.40 - Logitech Inc.)
LSI PCI-SV92EX Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation)
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50905.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Minecraft: Story Mode - A Telltale Games Series (HKLM\...\TWluZWNyYWZ0U3RvcnlNb2RlQVRlbGx0YWxlR2FtZXNTZXJpZXM=_is1) (Version: 1 - )
Minecraft: Story Mode (HKLM-x32\...\Minecraft: Story Mode_is1) (Version: - )
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Multimedia Card Reader (HKLM-x32\...\InstallShield_{4B3D9AA4-B47A-4349-A64F-04D5A9226D7C}) (Version: 2.2.915.108 - Fitipower)
Multimedia Card Reader (x32 Version: 2.2.915.108 - Fitipower) Hidden
Nero 8 (HKLM-x32\...\{9EDBB857-8028-49CD-B9C9-0B4D10CD1033}) (Version: 8.10.293 - Nero AG)
Norton Ghost (HKLM-x32\...\{B0255743-165B-4BD5-8DA8-37DFB9930015}) (Version: 15.0.1.36526 - Symantec Corporation)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.7.0.11 - Symantec Corporation)
Novacomd (HKLM\...\{BA9A297F-0198-4EE8-90CB-F5036C180E1D}) (Version: 1.0.0.76 - Palm, Inc.)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.53 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.53 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.20.386 - Electronic Arts, Inc.)
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
PMB (HKLM-x32\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.8.02.10270 - Sony Corporation)
Print Artist 2003 (HKLM-x32\...\Print Artist 2003) (Version: - )
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7404 - Realtek Semiconductor Corp.)
Replay Video Capture 6 (HKLM-x32\...\Replay Video Capture6.0.6) (Version: 6.0.6 - Applian Technologies Inc.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
ScummVM 1.8.1 (HKLM-x32\...\ScummVM_is1) (Version: - The ScummVM Team)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
Unchecky v1.0.2 (HKLM-x32\...\Unchecky) (Version: 1.0.2 - RaMMicHaeL)
VCRedistSetup (x32 Version: 1.0.0 - Nero AG) Hidden
Video Download Capture version 4.8.6 (HKLM-x32\...\{3C9D008D-3716-4C3F-90CD-38ED57568FAB}_is1) (Version: 4.8.6 - APOWERSOFT LIMITED)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VoiceOver Kit (HKLM\...\{703D47B8-2869-4A50-B988-BDE18772A474}) (Version: 1.43.128.3 - Apple Inc.)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
WinAVI All in One Converter (HKLM-x32\...\WinAVI All in One Converter) (Version: 1.6.0.4147 - ZJMedia Digital Technology Ltd.)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Driver Package - Palm (WinUSB) Palm Devices (10/09/2009 1.0.1) (HKLM\...\332CCC08910F1AE2E4D90D25DEDE87E3EF797832) (Version: 10/09/2009 1.0.1 - Palm)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Software Development Kit (HKLM-x32\...\{363a2c1e-637f-45ce-933b-5a5463efd945}) (Version: 8.59.29750 - Microsoft Corporation)
WPT Redistributables (x32 Version: 8.59.29750 - Microsoft) Hidden
WPTx64 (x32 Version: 8.59.29722 - Microsoft) Hidden
Xilisoft AVCHD Converter (HKLM-x32\...\Xilisoft AVCHD Converter) (Version: 7.6.0.20121027 - Xilisoft)
Xilisoft Blu-ray Creator 2 (HKLM-x32\...\Xilisoft Blu-ray Creator 2) (Version: 2.0.4.20120816 - Xilisoft)
Xilisoft Video Converter Ultimate (HKLM-x32\...\Xilisoft Video Converter Ultimate) (Version: 7.8.6.20150130 - Xilisoft)
Xilisoft Video Cutter 2 (HKLM-x32\...\Xilisoft Video Cutter 2) (Version: 2.2.0.20130109 - Xilisoft)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {18479F21-34B0-4D30-A0DE-179F4BB5332E} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {216C9EC5-4E11-41D7-A03B-969804CCE42C} - System32\Tasks\Core Temp Autostart Eve8500 => C:\Program Files\Core Temp\Core Temp.exe [2012-10-14] ()
Task: {2AD71A5A-121A-4CCE-B7E9-E1FCB4B9C925} - System32\Tasks\EVGAPrecision => C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe [2012-06-29] ()
Task: {3036EE56-7A2E-4F05-BFC1-EF48F6303142} - System32\Tasks\Future Systems Solutions\Casper\Casper 8.0 Update Notification Task => C:\Program Files (x86)\Future Systems Solutions\Casper 8.0\CASPER.EXE [2016-11-29] (Future Systems Solutions, Inc.)
Task: {40F50DA2-38C7-4BED-9A93-52D73EBF30CA} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe
Task: {46B61A5C-BA68-4B3D-A4B9-3098B585EA44} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-17] (Piriform Ltd)
Task: {503A021C-CD36-4D6F-BF86-8B3B452DE9DA} - System32\Tasks\{247551DD-D264-463B-B18B-78028B70EB2E} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" -c /uninstall STANDARDR /dll OSETUP.DLL
Task: {5AD12929-5A18-4D95-8585-8EB6EE1A21EC} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {5AD578C7-C7F0-4167-BCF2-716FA905ABFE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {63023130-12AA-4CDA-80D3-13FC0E889ED5} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\WSCStub.exe [2015-07-27] (Symantec Corporation)
Task: {6DD79418-02F6-4205-925C-82D6AB8E34C0} - System32\Tasks\EVGAPrecisionX => C:\Program Files (x86)\EVGA\PrecisionX 16\PrecisionX_x64.exe
Task: {7A43869A-143F-4D57-9D99-8DDF3D7967D1} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {7D437B7C-3B5D-498F-A5C0-09212610DEE2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {81A18E3C-34DA-4439-9305-00A25967A7D4} - System32\Tasks\{A1571B6E-4F81-4EA0-B4BB-05CD7C3828CA} => C:\Users\Eve8500\Downloads\iTunes64Setup.exe
Task: {87EFF34E-E809-4B84-A7D4-5BB6F4AC01B7} - System32\Tasks\{DE166F3F-CFD9-4FA9-B774-6C8ABB4DD8FC} => pcalua.exe -a "C:\Users\Eve8500\Desktop\microsoft office 2007 including word\contents of disc\setup.exe" -d "C:\Users\Eve8500\Desktop\microsoft office 2007 including word\contents of disc"
Task: {90389D3E-59CE-47F7-A2C8-7AE589AEB79D} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {91A8B0FD-0F81-460E-970D-9AE6B24C7CB0} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe
Task: {94451F48-1E78-4ED1-B7D9-FBE4960E59CE} - System32\Tasks\{4D2D5A50-639C-4F74-8FA4-2ABCFE5CC553} => pcalua.exe -a "C:\Lou Saved Files\spector\spector cd\spsetup.exe" -d "C:\Lou Saved Files\spector\spector cd"
Task: {9A08F0EA-2E53-4706-A45A-C52E8F747915} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2015-07-27] (Symantec Corporation)
Task: {9D86550E-E6BA-41AE-80D2-3006AC31B390} - System32\Tasks\{9A861C6E-26B5-4D69-A49C-AEDDB201C831} => C:\Users\Eve8500\Downloads\iTunes64Setup.exe
Task: {B5FA3DC1-3F54-4F60-8CF6-EA7541843EE4} - System32\Tasks\{6B5C90D5-8FC4-43D0-A1D5-C856BB328CB8} => pcalua.exe -a "C:\Users\Eve8500\Desktop\lou drive\microsoft office 2007 including word\contents of disc\setup.exe" -d "C:\Users\Eve8500\Desktop\lou drive\microsoft office 2007 including word\contents of disc"
Task: {B8D563BF-D02B-45EE-989C-3E3DDC15473E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {C281C825-3642-423A-98C0-23A922B1FDB0} - System32\Tasks\MdmUpdateTaskMachineCore => "C:\Users\Eve8500\AppData\Roaming\Mozilla\Caches\mdm" <==== ATTENTION
Task: {CD364311-6F99-4D1E-880D-08392AC50B11} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-03-28] ()
Task: {D3318F6B-6C07-4494-9475-ABA5D07DEA41} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-04] (Adobe Systems Incorporated)
Task: {EC5D8A48-A789-4DAB-86CC-B8A527E13E18} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {F9311ED2-67E1-4D48-A4AC-51D18F03E4E6} - System32\Tasks\{F4921858-36E5-49CD-98AE-5D768D586F60} => pcalua.exe -a C:\Users\Eve8500\Desktop\Symantec_Ghost_Solution_Suite_2.5.1_Trial_AllWin_EN.exe -d C:\Users\Eve8500\Desktop

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-03-16 16:08 - 2017-03-16 16:08 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-10-23 12:28 - 2010-04-29 16:40 - 00013312 _____ () C:\Program Files (x86)\Unlocker Beta64\unlockercom.dll
2012-10-23 12:48 - 2012-10-14 21:21 - 00854480 _____ () C:\Program Files\Core Temp\Core Temp.exe
2012-06-29 16:41 - 2012-06-29 16:41 - 00553800 _____ () C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe
2015-06-03 21:12 - 2016-12-29 08:44 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-03-28 05:06 - 2017-04-04 10:03 - 02271520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-03-28 05:06 - 2017-04-04 10:03 - 02267600 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2012-06-30 00:18 - 2012-06-30 00:18 - 00061440 _____ () C:\Program Files (x86)\EVGA Precision X\RTMUI.dll
2012-06-30 00:17 - 2012-06-30 00:17 - 00061440 _____ () C:\Program Files (x86)\EVGA Precision X\RTFC.dll
2012-06-30 00:17 - 2012-06-30 00:17 - 00225280 _____ () C:\Program Files (x86)\EVGA Precision X\RTCore.dll
2012-06-30 00:17 - 2012-06-30 00:17 - 00147456 _____ () C:\Program Files (x86)\EVGA Precision X\RTUI.dll
2012-06-30 00:18 - 2012-06-30 00:18 - 00335872 _____ () C:\Program Files (x86)\EVGA Precision X\RTHAL.dll
2011-05-01 02:04 - 2011-05-01 02:04 - 00013312 _____ () C:\Program Files (x86)\EVGA Precision X\RTTSH.dll
2009-07-13 17:03 - 2009-07-13 21:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2012-11-16 15:09 - 2000-06-24 15:29 - 00655360 _____ () C:\Program Files (x86)\DigiPortal Software\ChoiceMail\libeay32.dll
2012-11-16 15:09 - 2000-06-24 15:29 - 00151552 _____ () C:\Program Files (x86)\DigiPortal Software\ChoiceMail\ssleay32.dll
2011-11-23 22:21 - 2011-11-23 22:21 - 00105576 ____R () C:\Program Files (x86)\Amazon\Amazon Unbox Video\LimelightDownloadManager.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:1CE11B51 [120]
AlternateDataStreams: C:\ProgramData\Temp:285774C5 [202]
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [125]
AlternateDataStreams: C:\ProgramData\Temp:9638A27E [128]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\...\dell.com -> dell.com
IE restricted site: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\...\1001movie.com -> 1001movie.com

There are 6091 more sites.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2017-04-07 07:57 - 00002024 ____A C:\Windows\system32\Drivers\etc\hosts

0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com

There are 4 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Eve8500\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Amazon Unbox.lnk => C:\Windows\pss\Amazon Unbox.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Event Planner Reminder.lnk => C:\Windows\pss\Event Planner Reminder.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^UltraMon.lnk => C:\Windows\pss\UltraMon.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Eve8500^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GUIStartLoad.lnk => C:\Windows\pss\GUIStartLoad.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Eve8500^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk => C:\Windows\pss\Logitech . Product Registration.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Eve8500^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^stop acronis.bat => C:\Windows\pss\stop acronis.bat.Startup
MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: AcronisTibMounterMonitor => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
MSCONFIG\startupreg: AddressBookReminderApp => C:\Program Files (x86)\Creative Home\Hallmark Card Studio 2014 Deluxe\ReminderApp.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\athbttray.exe"
MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\btvstack.exe"
MSCONFIG\startupreg: Avanquest Message => "C:\Users\Eve8500\AppData\Local\Avanquest\Avanquest Message\AQNotif.exe"
MSCONFIG\startupreg: BDRegion => C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe"
MSCONFIG\startupreg: Bomgar_Cleanup_ZD6834250912113 => cmd.exe /C rd /S /Q "C:\ProgramData\apple-scc-0000000052EED2B9" & reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD6834250912113 /f
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: DellSystemDetect => C:\Users\Eve8500\AppData\Local\Apps\2.0\XWW6Y31P.2B0\H08492A2.9KP\dell..tion_6d0a76327dca4869_0007.0009_d84bde3ab35e468d\DellSystemDetect.exe 4zZn5oeQk9WMM5ZBt7fsYA==
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: DigiDo => "C:\Program Files (x86)\Optimum\DigiDo\TrayApp.exe" startup
MSCONFIG\startupreg: EaseUS EPM tray => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.5\bin\EpmNews.exe
MSCONFIG\startupreg: EaseUS EPM Tray Agent => "C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.5\bin\TrayPopupE\TrayTipAgentE.exe"
MSCONFIG\startupreg: EEventManager => C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
MSCONFIG\startupreg: EPSON Artisan 710 Series => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFSA.EXE /FU "C:\Windows\TEMP\E_S4BDF.tmp" /EF "HKCU"
MSCONFIG\startupreg: Fitbit Connect => "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: IAStorIcon => "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LifeCam => "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: Monitor => "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
MSCONFIG\startupreg: NBKeyScan => "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: Nvtmru => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
MSCONFIG\startupreg: PDVD9LanguageShortcut => "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
MSCONFIG\startupreg: PowerPanel Personal Edition User Interaction => C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe
MSCONFIG\startupreg: RemoteControl9 => "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
MSCONFIG\startupreg: RtHDVBg => "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX4
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
MSCONFIG\startupreg: SearchProtection => "C:\Users\Eve8500\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
MSCONFIG\startupreg: ShadowPlay => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: Shwicon9106 => C:\Program Files (x86)\Multimedia Card Reader(9106)\Shwicon9106.exe
MSCONFIG\startupreg: SilentCleanService => C:\Program Files (x86)\iMobie\AnyTrans\${CHECK_RUNSERVICE_NAME}
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
MSCONFIG\startupreg: TrueImageMonitor.exe => "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
MSCONFIG\startupreg: VX3000 => C:\Windows\vVX3000.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{224524EB-DD62-4DCA-911E-3BAD76564CC3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{30490BD4-CBD1-40A1-B080-265B8B3C4BC2}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE
FirewallRules: [{E010AAC5-77CD-42E8-A42F-42B0994257BE}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{E7259E1A-660B-4D32-A82D-9EC01E7A9814}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{06F062DD-544A-4DDC-8883-84CB35BC19B9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A8D13D08-4406-4478-A496-C8AB23FBC881}] => (Allow) C:\Program Files (x86)\Optimum\DigiDo\DigiDo.exe
FirewallRules: [{AE91C3DB-D9FA-4063-89B4-A853D8529907}] => (Allow) C:\Program Files (x86)\Optimum\DigiDo\DigiDo.exe
FirewallRules: [{1BD037D3-33CB-414E-A5FA-B185548DF536}] => (Allow) C:\Program Files (x86)\Optimum\DigiDo\DigiDo.exe
FirewallRules: [{536C40D3-69A8-4275-90AF-5CBA7831ACEA}] => (Allow) C:\Program Files (x86)\Optimum\DigiDo\DigiDo.exe
FirewallRules: [{CF1E5C21-7E0D-42E7-BF07-FB698A557D64}] => (Allow) C:\Program Files (x86)\Optimum\DigiDo\DigiDo.exe
FirewallRules: [{96440FD7-9C51-4B2D-ADB6-EF46FA821296}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{9C1F7D33-7501-4D68-8B6C-DD0D3D168BBD}] => (Allow) C:\Users\Eve8500\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B8C49FC6-015F-44C4-A388-CC0AFC88F43B}] => (Allow) C:\Users\Eve8500\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A501BB9A-10DF-447D-BDA1-BF718D5085D4}] => (Allow) C:\Users\Eve8500\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{988C3580-7974-417B-96DE-4A62815384F8}] => (Allow) C:\Users\Eve8500\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9DB993CF-BEAA-4886-A634-6F3EEE8F44A0}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\Video Download Capture.exe
FirewallRules: [{69E6FF20-4C3A-4FF2-AF04-BEB246DB221D}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\Video Download Capture.exe
FirewallRules: [{061086B3-DF61-465C-8F9F-FC3157F6D3A9}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftSrv.dll
FirewallRules: [{B6228782-9CFC-4725-94DB-F607FE6D5F27}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftSrv.dll
FirewallRules: [{BBB77E1C-96DC-4ACE-BF69-F85F01454774}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDump.dll
FirewallRules: [{07CE74A4-77A0-4A76-A006-4E39B734B73A}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDump.dll
FirewallRules: [{B12E0005-906A-4DD8-AB11-B1B09BA4014A}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftAC.dll
FirewallRules: [{DA053DAA-4ADD-4C9C-9120-536F3920BBD9}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftAC.dll
FirewallRules: [{E211E2D3-FF19-45A2-954F-ED015C098D49}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftPlayer.dll
FirewallRules: [{6AC3FA5C-6768-4636-B8D0-B8D51E565ED4}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftPlayer.dll
FirewallRules: [{305623AD-2A8D-4AE0-BBF1-A9B2C59FFDE8}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDownloaderHelp.dll
FirewallRules: [{556201C9-D3B0-4FDC-90C6-068B65110493}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDownloaderHelp.dll
FirewallRules: [{77BF4D0A-EB98-41D2-BF6A-01B356809FE8}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftHDSDump.dll
FirewallRules: [{808A30FF-507B-4C3C-B113-8C5CD623D3A9}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftHDSDump.dll
FirewallRules: [{012263C7-06BA-4AA1-84D1-A494EB158DD3}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{EF0C58B6-1D34-4B16-B5E5-29E51B03A576}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{32404175-90B3-4B5E-B06D-13D3D911B105}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{4048C59A-6267-4242-ADF3-75B4538AF5C6}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{C8C65673-A930-41D2-B341-282CBE628988}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{2D177758-97A7-4A19-B266-EECD54F387ED}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{0D65720C-CD18-430B-BB4E-4377D32E6BDA}] => (Allow) LPort=3659
FirewallRules: [{9489C8F2-A1C9-4BB5-A133-82E361B1DE3C}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{1FA86863-BDD2-4D9C-99B3-ACAAF30B6757}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{E79BA2B1-6898-488D-8AA1-98074BE4CF98}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{3875DFEA-2F33-44A8-9371-CFC4E3782435}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{209B923B-9A1F-4AF5-AAB7-641A7887DF84}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{F21484E3-CF21-479D-BD78-DBD14D53F683}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{F17696B2-02D6-4C38-B693-1BF4A653AF6C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Homefront_The_Revolution\Bin64\homefront2_release.exe
FirewallRules: [{00AD95AC-E985-4AF0-A895-EFBCDA1E0B96}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Homefront_The_Revolution\Bin64\homefront2_release.exe
FirewallRules: [{470B68B4-D290-4FD7-A9DA-6E8E4BDEA721}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DOOM\DOOMx64.exe
FirewallRules: [{0A86C037-CBC4-4717-846D-CC2003270874}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DOOM\DOOMx64.exe
FirewallRules: [{51EBA168-F137-4C3E-8FF9-0F0DDEE825B0}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{91F7C070-D7BB-46D9-8C52-A222E044DC18}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{3A76DE3C-9F89-4271-9550-16D078BABB36}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Just Cause 3\JustCause3.exe
FirewallRules: [{51A56239-F04D-43D9-B40F-3E4E5C8354B3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Just Cause 3\JustCause3.exe
FirewallRules: [{C6CD041B-F07D-47C3-BB3C-6B7F0051C922}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Mafia III\launcher.exe
FirewallRules: [{9AD61C5F-393B-42FE-B548-B5FFC863C100}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Mafia III\launcher.exe
FirewallRules: [{C0BAA36C-15E7-4B7D-B5A3-5D79C196A321}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{94CD8D0F-DB38-43B8-AC14-403105F462C3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{60FB0E86-68EF-4931-B5BF-5900204A1BE9}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{B226D316-8BBA-4987-B885-3255361D479F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{AC0D83B8-CEA9-4EE2-9317-E504893ADB6E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B76D5835-2C50-4752-B2EF-E31562028BD5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D34A3A7E-D05E-4783-A39B-5E167899CB48}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5AF09DC5-2BE4-4730-A75F-8F027E9F519F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C43456A7-CF6D-48E5-B497-5FC6DE8AE086}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{26405D49-5813-49B1-B9C6-CA490D990819}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (04/07/2017 08:32:42 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).

Error: (04/07/2017 08:22:09 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "c:\program files (x86)\nero\nero8\nero toolkit\DiscSpeed.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (04/07/2017 08:22:08 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "c:\program files (x86)\nero\nero8\nero photosnap\PhotoSnapViewer.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Error: (04/07/2017 08:22:08 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "c:\program files (x86)\nero\nero8\nero photosnap\PhotoSnap.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Error: (04/07/2017 08:18:49 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (04/07/2017 08:17:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: esu.exe, version: 1.0.0.0, time stamp: 0x58dac8d5
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23677, time stamp: 0x589c9620
Exception code: 0xe0434352
Fault offset: 0x0000c54f
Faulting process id: 0x144c
Faulting application start time: 0x01d2af97a92bfc62
Faulting application path: C:\Program Files (x86)\Garmin\Express SelfUpdater\esu.exe
Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report Id: 38f076f6-1b8c-11e7-b890-e006e6a49d8c

Error: (04/07/2017 08:17:50 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: esu.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
   at Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61.MoveNext()
   at System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[[Garmin.Omt.Service.Shared.Overrides+<UpdateDatacenterOverridesAsync>d__61, ExpressSelfUpdater, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]](<UpdateDatacenterOverridesAsync>d__61 ByRef)
   at Garmin.Omt.Service.Shared.Overrides.UpdateDatacenterOverridesAsync(Boolean)
   at Garmin.Omt.Service.Shared.Overrides..cctor()

Exception Info: System.TypeInitializationException
   at Garmin.Omt.Service.Shared.Overrides.get_OmtBaseUrl()
   at Garmin.Omt.Express.SelfUpdater.Program.RealMain()
   at Garmin.Omt.Express.SelfUpdater.Program.Main(System.String[])

Error: (04/06/2017 11:15:23 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).

Error: (04/06/2017 10:40:39 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: A problem prevented Customer Experience Improvement Program data from being sent to Microsoft, (Error 80004005).

Error: (04/06/2017 04:07:39 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "c:\program files (x86)\nero\nero8\nero toolkit\DiscSpeed.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

System errors:
=============
Error: (04/07/2017 09:33:54 AM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: 490@01010004

Error: (04/07/2017 09:33:53 AM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: 490@01010004

Error: (04/07/2017 09:33:51 AM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: 490@01010004

Error: (04/07/2017 09:32:48 AM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: 490@01010004

Error: (04/07/2017 09:32:46 AM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: 490@01010004

Error: (04/07/2017 09:32:45 AM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: 490@01010004

Error: (04/07/2017 09:32:43 AM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: 490@01010004

Error: (04/07/2017 09:32:42 AM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: 490@01010004

Error: (04/07/2017 09:31:24 AM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: 490@01010004

Error: (04/07/2017 09:31:23 AM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: 490@01010004

==================== Memory info ===========================

Processor: Intel® Core™ i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 27%
Total physical RAM: 16344.88 MB
Available physical RAM: 11892.59 MB
Total Virtual: 32687.93 MB
Available Virtual: 28101.43 MB

==================== Drives ================================

Drive c: (Local Disk) (Fixed) (Total:1849.34 GB) (Free:510.42 GB) NTFS
Drive f: (Local Disk) (Fixed) (Total:5588.9 GB) (Free:2363.16 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 6E9B76CD)
Partition 1: (Not Active) - (Size=1849.3 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=13.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 5589 GB) (Disk ID: 00068DDD)

Partition: GPT.

==================== End of Addition.txt ============================

#2
RKinner

Posted 07 April 2017 - 09:50 AM

Malware Expert

Expert
24,625 posts

Get Process Explorer

http://live.sysinter...com/procexp.exe

Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK

Options, Verify Image Signatures

Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a full minute then:

File, Save As, Save. Note the file name. Open the file on your desktop and copy and paste the text to a reply.

Copy the next 2 lines:

TASKLIST /SVC > \junk.txt

notepad \junk.txt

Open an Elevated Command Prompt:

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator

http://www.eightforu...indows-8-a.html

http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.

Hit Enter if notepad does not open. Copy and paste the text from notepad into a reply.

Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download

Latest Version button - Do NOT press the large Start Download button on the upper left!)

Download, Save and Install it. Tell it you do not need CCLEANER. Run Speccy. When it finishes (the little icon in the bottom left will stop moving),

File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System.

(It will be near the top, 10-20 lines down.) Save the file. Attach the file to your next post. Attaching the log is the best option as it is too big for the forum. Attaching is a multi step process.

First click on More Reply Options

Then scroll down to where you see

Choose File and click on it. Point it at the file and hit Open.

Now click on Attach this file.

#3
louuu

Posted 07 April 2017 - 10:17 AM

Member

Topic Starter
Member
260 posts

thank you ron for helping me again. here is what you requested and the speccy file is attached also as requested.

system idle process text:

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 96.13 0 K 24 K 0
procexp64.exe 1.13 42,396 K 63,816 K 6716 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
svchost.exe 0.66 31,080 K 34,540 K 1436 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
System 0.36 136 K 344 K 4
Interrupts 0.35 0 K 0 K n/a Hardware Interrupts and DPCs
dwm.exe 0.31 70,328 K 53,300 K 2372 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
wlmail.exe 0.16 109,588 K 115,180 K 3168 Windows Live Mail Microsoft Corporation (Verified) Microsoft Corporation
csrss.exe 0.14 11,872 K 19,048 K 792 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
iexplore.exe 0.11 139,448 K 155,052 K 2712 Internet Explorer Microsoft Corporation (Verified) Microsoft Corporation
explorer.exe 0.10 84,976 K 113,468 K 2396 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
EVGAPrecision.exe 0.10 7,880 K 3,892 K 2584 EVGAPrecision  (Verified) EVGA
iexplore.exe 0.08 123,844 K 132,200 K 4516 Internet Explorer Microsoft Corporation (Verified) Microsoft Corporation
svchost.exe 0.06 10,196 K 17,936 K 2068 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
MBAMService.exe 0.05 384,088 K 370,180 K 4528 Malwarebytes Service Malwarebytes (Verified) Malwarebytes Corporation
Core Temp.exe 0.04 13,520 K 2,460 K 2572 CPU temperature and system information utility  (No signature was present in the subject)
svchost.exe 0.03 30,512 K 29,140 K 696 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
iexplore.exe 0.03 122,368 K 138,008 K 6848 Internet Explorer Microsoft Corporation (Verified) Microsoft Corporation
csrss.exe 0.03 3,848 K 6,096 K 676 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
nis.exe 0.02 318,512 K 17,188 K 2436 Norton Internet Security Symantec Corporation (Verified) Symantec Corporation
svchost.exe 0.01 6,836 K 12,744 K 960 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.01 8,176 K 12,808 K 172 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
mdm.exe 0.01 2,408 K 5,840 K 2100 Machine Debug Manager Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe 0.01 19,132 K 22,368 K 5868 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.01 325,300 K 331,992 K 724 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
ADVWindowsClientService.exe 0.01 41,980 K 41,100 K 4360 Amazon Unbox Video Service Amazon.com (Certificate expired) Amazon.com
unchecky_bg.exe < 0.01 2,416 K 8,732 K 3984 Unchecky Background Process RaMMicHaeL (Verified) Reason Software Company Inc.
ppped.exe < 0.01 6,796 K 11,128 K 224 PowerPanel Personal Edition Service Cyber Power Systems, Inc. (Verified) Cyber Power Systems
iexplore.exe < 0.01 35,976 K 61,428 K 7264 Internet Explorer Microsoft Corporation (Verified) Microsoft Corporation
iexplore.exe < 0.01 110,184 K 126,304 K 3504 Internet Explorer Microsoft Corporation (Verified) Microsoft Corporation
iexplore.exe < 0.01 29,540 K 45,960 K 7384 Internet Explorer Microsoft Corporation (Verified) Microsoft Corporation
ChoiceMailClient.exe < 0.01 16,908 K 17,780 K 3236  DigiPortal Software, Inc. (No signature was present in the subject) DigiPortal Software, Inc.
TeamViewer_Service.exe < 0.01 5,576 K 15,628 K 1884 TeamViewer 12 TeamViewer GmbH (Verified) TeamViewer GmbH
WmiPrvSE.exe < 0.01 3,476 K 7,688 K 2212 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
CMServer.exe < 0.01 29,360 K 29,248 K 4084  DigiPortal Software, Inc. (No signature was present in the subject) DigiPortal Software, Inc.
svchost.exe < 0.01 43,124 K 62,132 K 1028 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
AppleMobileDeviceService.exe < 0.01 4,580 K 11,760 K 1988 MobileDeviceService Apple Inc. (Verified) Apple Inc.
svchost.exe < 0.01 19,984 K 34,856 K 916 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
wlcomm.exe < 0.01 19,188 K 12,784 K 6620 Windows Live Communications Platform Microsoft Corporation (Verified) Microsoft Corporation
novacomd.exe < 0.01 2,816 K 5,792 K 2832 novacomd Application Palm (No signature was present in the subject) Palm
taskhost.exe < 0.01 60,148 K 45,568 K 1732 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
nis.exe < 0.01 191,536 K 10,276 K 2996 Norton Internet Security Symantec Corporation (Verified) Symantec Corporation
SearchIndexer.exe < 0.01 55,320 K 37,924 K 5876 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
dllhost.exe < 0.01 4,840 K 12,188 K 5664 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
nvxdsync.exe < 0.01 12,448 K 25,568 K 3068 NVIDIA User Experience Driver Component NVIDIA Corporation (Verified) NVIDIA Corporation
ChoiceMailClient.exe < 0.01 6,384 K 13,828 K 2276  DigiPortal Software, Inc. (No signature was present in the subject) DigiPortal Software, Inc.
CMServer.exe < 0.01 4,904 K 7,848 K 4056  DigiPortal Software, Inc. (No signature was present in the subject) DigiPortal Software, Inc.
WUDFHost.exe  2,736 K 7,132 K 5720 Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation (Verified) Microsoft Windows
wmpnetwk.exe  16,104 K 12,128 K 6056 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
wlanext.exe  2,876 K 6,468 K 1620 Windows Wireless LAN 802.11 Extensibility Framework Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe  4,220 K 8,900 K 1124 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe  2,140 K 5,248 K 768 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
VProTray.exe  14,448 K 26,796 K 3592 Tray Application Symantec Corporation (Verified) Symantec Corporation
VProSvc.exe  44,232 K 5,812 K 2500 Service Module Symantec Corporation (Verified) Symantec Corporation
unchecky_svc.exe  1,740 K 5,248 K 3848 Unchecky Service RaMMicHaeL (Verified) Reason Software Company Inc.
UMVPFSrv.exe  1,432 K 4,592 K 1076 Logitech User mode UMVPF service Logitech Inc. (Verified) Logitech
taskeng.exe  3,100 K 7,160 K 1480 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
taskeng.exe  3,260 K 7,240 K 2404 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
SymSnapServicex64.exe  13,520 K 23,068 K 5100 Symantec Snapshot Service Symantec (Verified) Symantec Corporation
svchost.exe  11,292 K 15,260 K 1760 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  3,528 K 6,952 K 1240 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  2,272 K 5,508 K 5920 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  2,404 K 6,268 K 1232 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  1,508 K 3,424 K 3920 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  2,940 K 6,732 K 6008 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe  7,684 K 13,704 K 2008 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
spoolsv.exe  8,604 K 14,384 K 1688 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smss.exe  780 K 1,456 K 444 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
services.exe  7,644 K 11,516 K 828 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
RtkAudioService64.exe  2,632 K 6,068 K 1328 Realtek Audio Service Realtek Semiconductor (Verified) Realtek Semiconductor Corp
RAVBg64.exe  16,220 K 13,596 K 1404 HD Audio Background Process Realtek Semiconductor (Verified) Realtek Semiconductor Corp
procexp.exe  2,548 K 7,744 K 7884 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
NVDisplay.Container.exe  6,208 K 12,100 K 2860 NVIDIA Container NVIDIA Corporation (Verified) NVIDIA Corporation
NBService.exe  3,292 K 8,656 K 2252 Nero BackItUp Nero AG (Verified) Nero AG
MsSpellCheckingFacility.exe  3,528 K 8,920 K 7620 Microsoft Spell Checking Facility Microsoft Corporation (Verified) Microsoft Windows
msdtc.exe  4,196 K 8,924 K 6880 Microsoft Distributed Transaction Coordinator Service Microsoft Corporation (Verified) Microsoft Windows
mDNSResponder.exe  3,468 K 7,168 K 780 Bonjour Service Apple Inc. (Verified) Apple Inc.
mbamtray.exe  18,060 K 27,208 K 3048 Malwarebytes Tray Application Malwarebytes (Verified) Malwarebytes Corporation
lsm.exe  3,188 K 5,028 K 864 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
lsass.exe  11,564 K 18,896 K 856 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
IntuitUpdateService.exe  22,936 K 2,360 K 6252 Intuit Update Service Intuit Inc. (Verified) Intuit
IAStorDataMgrSvc.exe  36,608 K 46,136 K 5184 IAStorDataSvc Intel Corporation (Verified) Intel Corporation - Intel® Rapid Storage Technology
conhost.exe  1,480 K 3,388 K 1632 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
CMPreapproval.exe  7,024 K 11,592 K 5908  DigiPortal Software, Inc (No signature was present in the subject) DigiPortal Software, Inc
CASPERSVCS.EXE  2,808 K 6,964 K 1260 Casper Utility and Support Services Future Systems Solutions, Inc. (Verified) Future Systems Solutions
audiodg.exe  22,596 K 23,348 K 2688 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
Ath_WlanAgent.exe  1,408 K 4,276 K 4168 Atheros Coex Service Application Atheros (Certificate expired) Atheros
Ath_CoexAgent.exe  2,080 K 5,676 K 3304 Atheros Coex Service Application Atheros (Certificate expired) Atheros
armsvc.exe  1,324 K 4,228 K 1876 Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems
agr64svc.exe  6,348 K 6,248 K 1956 LSI Soft Modem Call Progress Service LSI Corporation (Verified) LSI Corporation
AffinegyService.exe  2,640 K 8,532 K 1928 AffinegyService Affinegy, Inc. (Verified) Affinegy
AERTSr64.exe  1,968 K 3,772 K 1904 Andrea filters APO access service (64-bit) Andrea Electronics Corporation (Verified) Andrea Electronics
AdminService.exe  2,800 K 6,072 K 2012 AdminService Application Atheros Commnucations (Certificate expired) Atheros Commnucations

junk text:

Image Name                     PID Services
========================= ======== ============================================
System Idle Process              0 N/A
System                           4 N/A
smss.exe                       444 N/A
csrss.exe                      676 N/A
wininit.exe                    768 N/A
csrss.exe                      792 N/A
services.exe                   828 N/A
lsass.exe                      856 KeyIso, SamSs
lsm.exe                        864 N/A
svchost.exe                    960 DcomLaunch, PlugPlay, Power
svchost.exe                    172 RpcEptMapper, RpcSs
svchost.exe                    696 AudioSrv, Dhcp, eventlog,
                                   HomeGroupProvider, lmhosts, wscsvc
svchost.exe                    724 AudioEndpointBuilder, hidserv,
                                   HomeGroupListener, Netman, PcaSvc, SysMain,
                                   TabletInputService, TrkWks, UxSms, Wlansvc,
                                   WPDBusEnum, wudfsvc
svchost.exe                    916 EventSystem, fdPHost, FontCache, netprofm,
                                   nsi, SstpSvc, WdiServiceHost,
                                   WinHttpAutoProxySvc
svchost.exe                   1028 AeLookupSvc, Appinfo, BITS, Browser,
                                   EapHost, IKEEXT, iphlpsvc, LanmanServer,
                                   MMCSS, ProfSvc, RasMan, Schedule, SENS,
                                   ShellHWDetection, Themes, Winmgmt, wuauserv
UMVPFSrv.exe                  1076 UMVPFSrv
winlogon.exe                  1124 N/A
svchost.exe                   1240 gpsvc
RtkAudioService64.exe         1328 RtkAudioService
RAVBg64.exe                   1404 N/A
svchost.exe                   1436 CryptSvc, Dnscache, LanmanWorkstation,
                                   NlaSvc, TapiSrv
wlanext.exe                   1620 N/A
conhost.exe                   1632 N/A
spoolsv.exe                   1688 Spooler
taskhost.exe                  1732 N/A
svchost.exe                   1760 BFE, DPS, MpsSvc
armsvc.exe                    1876 AdobeARMservice
AERTSr64.exe                  1904 AERTFilters
AffinegyService.exe           1928 AffinegyService
agr64svc.exe                  1956 AgereModemAudio
AppleMobileDeviceService.     1988 Apple Mobile Device Service
AdminService.exe              2012 AtherosSvc
mDNSResponder.exe              780 Bonjour Service
CASPERSVCS.EXE                1260 caspereui, casperhpb
svchost.exe                   2008 DiagTrack
svchost.exe                   2068 FDResPub, SSDPSRV, upnphost, wcncsvc
mdm.exe                       2100 MDM
NBService.exe                 2252 Nero BackItUp Scheduler 3
dwm.exe                       2372 N/A
explorer.exe                  2396 N/A
taskeng.exe                   2404 N/A
nis.exe                       2436 NIS
VProSvc.exe                   2500 Norton Ghost
Core Temp.exe                 2572 N/A
EVGAPrecision.exe             2584 N/A
novacomd.exe                  2832 NovacomD
NVDisplay.Container.exe       2860 NVDisplay.ContainerLocalSystem
nis.exe                       2996 N/A
mbamtray.exe                  3048 N/A
ChoiceMailClient.exe          2276 N/A
nvxdsync.exe                  3068 N/A
ChoiceMailClient.exe          3236 N/A
VProTray.exe                  3592 N/A
ppped.exe                      224 ppped
svchost.exe                   3920 RemoteRegistry
svchost.exe                   1232 stisvc
CMServer.exe                  4056 N/A
CMServer.exe                  4084 svcChoiceMail
TeamViewer_Service.exe        1884 TeamViewer
unchecky_svc.exe              3848 Unchecky
Ath_CoexAgent.exe             3304 ZAtheros Bt and Wlan Coex Agent
unchecky_bg.exe               3984 N/A
Ath_WlanAgent.exe             4168 ZAtheros Wlan Agent
ADVWindowsClientService.e     4360 ADVService
MBAMService.exe               4528 MBAMService
SymSnapServicex64.exe         5100 SymSnapService
SearchIndexer.exe             5876 WSearch
svchost.exe                   5920 bthserv
svchost.exe                   6008 PolicyAgent
wmpnetwk.exe                  6056 WMPNetworkSvc
WUDFHost.exe                  5720 N/A
svchost.exe                   5868 p2pimsvc, p2psvc, PNRPsvc
IAStorDataMgrSvc.exe          5184 IAStorDataMgrSvc
IntuitUpdateService.exe       6252 IntuitUpdateServiceV4
CMPreapproval.exe             5908 svcCMPreApproval
wlmail.exe                    3168 N/A
wlcomm.exe                    6620 N/A
msdtc.exe                     6880 MSDTC
dllhost.exe                   5664 COMSysApp
iexplore.exe                  7384 N/A
iexplore.exe                  2712 N/A
iexplore.exe                  3504 N/A
iexplore.exe                  6848 N/A
MsSpellCheckingFacility.e     7620 N/A
audiodg.exe                   2688 N/A
iexplore.exe                  7264 N/A
iexplore.exe                  4516 N/A
taskeng.exe                   1480 N/A
WmiPrvSE.exe                  2212 N/A
SearchProtocolHost.exe        1348 N/A
SearchFilterHost.exe          2272 N/A
cmd.exe                       7252 N/A
conhost.exe                   7360 N/A
tasklist.exe                  6648 N/A
WmiPrvSE.exe                  7644 N/A

Attached Files

LUIS8500.txt 112.64KB 306 downloads

#4
RKinner

Posted 07 April 2017 - 11:09 AM

Malware Expert

Expert
24,625 posts

Download the attached fixlist.txt to the same location as FRST

Run FRST and press Fix

PC will reboot.

A fix log will be generated please post that

Run FRST again as before. Make sure Addition.txt is checked and hit Scan. Post both logs.

#5
louuu

Posted 07 April 2017 - 12:05 PM

Member

Topic Starter
Member
260 posts

wow, what just happened was scary! as per your instructions I saved the fixlist text to my desktop as that is where I had the frst64 program. I ran the program and pressed fix and then it asked me to reboot so I pressed ok and the computer rebooted. when it came back up my desktop came up but the desktop picture and desktop icons didn't and my computer was completely frozen. nothing else loaded and the mouse and keyboard didn't work and the only option I had was to hold the power button down 5 seconds to shut it off. then I booted up a 2nd time and the same thing happened again? I used my cell phone to take a pic and ive attached it here so you can see what im talking about when it froze. so I had to hold the power button down 5 seconds again and then when I rebooted I went into f8 and clicked on "last good configuration". then when I booted up it worked and went back into my normal desktop. but when it did my Norton program had the red check mark on it saying it was turned off and needed fixing. when I clicked on fix it didnt work. so I went into the settings of Norton and saw the antivirus button was now in the off position and it was greyed out so I couldn't turn it back on. I then rebooted my computer again hoping Norton would self fix and now everything is working fine again including Norton. after all this is when I then proceeded to run FRST64 again and generate the below 2 logs you asked for. im not sure what happened? thanks and ill wait for your reply and I hope doing all of the above didn't somehow cancel out the fixlist changes you wanted me to make. if it did and we need to do it again just let me know.

FRST text:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by Eve8500 (administrator) on LUIS8500 (07-04-2017 13:44:58)
Running from C:\Users\Eve8500\Desktop
Loaded Profiles: Eve8500 (Available Profiles: Eve8500)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Affinegy, Inc.) C:\Program Files (x86)\Optimum\DigiDo\AffinegyService.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Future Systems Solutions, Inc.) C:\Program Files\Common Files\Future Systems Solutions\Services\CASPERSVCS.EXE
() C:\Program Files\Core Temp\Core Temp.exe
() C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\nis.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(DigiPortal Software, Inc.) C:\Program Files (x86)\DigiPortal Software\ChoiceMail\ChoiceMailClient.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\nis.exe
(DigiPortal Software, Inc.) C:\Program Files (x86)\DigiPortal Software\ChoiceMail\ChoiceMailClient.exe
(Palm) C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Cyber Power Systems, Inc.) C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
(DigiPortal Software, Inc.) C:\Program Files (x86)\DigiPortal Software\ChoiceMail\CMServer.exe
(DigiPortal Software, Inc.) C:\Program Files (x86)\DigiPortal Software\ChoiceMail\CMServer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Amazon.com) C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Symantec) C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(DigiPortal Software, Inc) C:\Program Files (x86)\DigiPortal Software\ChoiceMail\CMPreapproval.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Internet Explorer:
==================
HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/
SearchScopes: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004 -> DefaultScope {7186B3F3-5D36-4FA3-829C-5E6683EE41FE} URL = hxxps://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
SearchScopes: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004 -> {7186B3F3-5D36-4FA3-829C-5E6683EE41FE} URL = hxxps://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.7.0.11\coIEPlg.dll [2015-06-26] (Symantec Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll [2015-06-26] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL [2015-03-04] (Symantec Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2012-12-27] (Atheros Commnucations)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.7.0.11\coIEPlg.dll [2015-06-26] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll [2015-06-26] (Symantec Corporation)
DPF: HKLM-x32 {3F4AC0C9-3A7D-4115-99B4-2693DE0014AF} hxxp://optimum.net/downloads/TNetworkScannerXControl.ocx
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} hxxps://support.dell.com/systemprofiler/SysProExe.CAB

FireFox:
========
FF ProfilePath: C:\Users\Eve8500\AppData\Roaming\TomTom\HOME\Profiles\53i8do6m.default [2013-08-20]
FF Extension: (Emulator) - C:\Users\Eve8500\AppData\Roaming\TomTom\HOME\Profiles\53i8do6m.default\Extensions\[email protected] [2013-08-20] [not signed]
FF Extension: (No Name) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\[email protected] [not found]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.6.0.32\coFFPlgn
FF Extension: (Norton Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.6.0.32\coFFPlgn [2017-04-07]
FF HKLM-x32\...\Firefox\Extensions: [{40211632-250D-4B8C-B04E-DA45BAE6DF8C}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.6.0.32\coFFPlgn
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll [2013-05-15] ()
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll [2013-05-15] ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-09-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-09-13] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2502943303-2344771959-3953300128-1004: etrade.com/ETProPlugin -> C:\Program Files (x86)\E-TRADE Pro\npetproplugin.dll [2015-12-21] (E*Trade Financial)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Eve8500\AppData\Local\Google\Chrome\User Data\Default [2017-04-07]
CHR Extension: (Google Docs) - C:\Users\Eve8500\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-09]
CHR Extension: (Google Drive) - C:\Users\Eve8500\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-08]
CHR Extension: (YouTube) - C:\Users\Eve8500\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-09]
CHR Extension: (Google Search) - C:\Users\Eve8500\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-24]
CHR Extension: (Google Docs Offline) - C:\Users\Eve8500\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Eve8500\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\Eve8500\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-01]
CHR Extension: (Chrome Media Router) - C:\Users\Eve8500\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-06]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [2015-05-28]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\Exts\Chrome.crx [2015-05-28]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [10733056 2012-02-23] (Advanced Micro Devices, Inc.) [File not signed]
S3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [328192 2012-02-22] (Advanced Micro Devices, Inc.) [File not signed]
R3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2014-04-09] (Wondershare)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.6.0.32\Definitions\BASHDefs\20170405.003\BHDrvx64.sys [1831064 2017-03-03] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1507000.00B\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
S3 cmnxusbser; C:\Windows\System32\DRIVERS\cmnxusbser.sys [146424 2015-11-24] (Wireless Data Device)
S3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [32464 2016-06-23] (Dell Computer Corporation)
S3 DellProf; C:\Windows\System32\drivers\DellProf.sys [24240 2016-06-23] (Dell Computer Corporation)
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2017-02-15] (Disc Soft Ltd)
S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2017-02-15] (Disc Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497312 2017-01-25] (Symantec Corporation)
S3 ENTECH64; C:\Windows\system32\DRIVERS\ENTECH64.sys [12744 2008-09-17] (EnTech Taiwan)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156824 2017-01-25] (Symantec Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-04-04] ()
R3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [66608 2010-02-12] (Symantec Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.6.0.32\Definitions\IPSDefs\20170406.001\IDSvia64.sys [1038024 2017-02-13] (Symantec Corporation)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [186304 2017-04-04] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [111544 2017-04-07] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-04-07] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251832 2017-04-07] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [82720 2017-04-07] (Malwarebytes)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.6.0.32\Definitions\VirusDefs\20170407.002\ENG64.SYS [138912 2017-04-07] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.6.0.32\Definitions\VirusDefs\20170407.002\EX64.SYS [2151072 2017-04-07] (Symantec Corporation)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2015-05-31] ()
R3 RTCore64; C:\Program Files (x86)\EVGA Precision X\RTCore64.sys [15176 2012-06-29] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-10-23] (Duplex Secure Ltd.)
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1507000.00B\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1507000.00B\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1507000.00B\SYMDS64.SYS [493656 2014-08-25] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1507000.00B\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2015-05-28] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [78936 2014-08-25] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1507000.00B\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1507000.00B\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
R0 symsnap; C:\Windows\System32\DRIVERS\symsnap.sys [170032 2009-09-21] (StorageCraft)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2014-12-28] ()
S3 VProEventMonitor; C:\Windows\System32\DRIVERS\vproeventmonitor.sys [20528 2009-09-21] (Symantec Corporation)
U3 a3jolfmm; no ImagePath
R3 ALSysIO; \??\C:\Users\Eve8500\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
U2 ccEvtMgr; no ImagePath
U2 ccSetMgr; no ImagePath
S4 cpuz130; \??\C:\Users\Eve8500\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X] <==== ATTENTION
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
U3 navapsvc; no ImagePath
S4 NvStUSB; \SystemRoot\system32\drivers\nvstusb.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
U3 SAVRT; no ImagePath
U1 SAVRTPEL; no ImagePath
U3 TlntSvr; no ImagePath
U2 V2iMount; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-07 13:16 - 2017-04-07 13:17 - 00011002 _____ C:\Users\Eve8500\Desktop\Fixlog.txt
2017-04-07 12:40 - 2017-04-07 12:40 - 00000365 _____ C:\Users\Eve8500\Desktop\my topic.url
2017-04-07 12:10 - 2017-04-07 12:11 - 00115345 _____ C:\Users\Eve8500\Desktop\LUIS8500.txt
2017-04-07 12:08 - 2017-04-07 12:08 - 00000806 _____ C:\Users\Public\Desktop\Speccy.lnk
2017-04-07 12:08 - 2017-04-07 12:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2017-04-07 12:08 - 2017-04-07 12:08 - 00000000 ____D C:\Program Files\Speccy
2017-04-07 12:05 - 2017-04-07 12:05 - 06293184 _____ (Piriform Ltd) C:\Users\Eve8500\Desktop\spsetup130.exe
2017-04-07 12:04 - 2017-04-07 12:04 - 00008669 _____ C:\Users\Eve8500\Desktop\junk.txt
2017-04-07 12:03 - 2017-04-07 12:03 - 00010943 _____ C:\Users\Eve8500\Desktop\System Idle Process.txt
2017-04-07 12:00 - 2017-04-07 12:00 - 02710688 _____ (Sysinternals - www.sysinternals.com) C:\Users\Eve8500\Desktop\procexp.exe
2017-04-07 11:02 - 2017-04-07 11:03 - 00056465 _____ C:\Users\Eve8500\Desktop\Additiona.txt
2017-04-07 11:00 - 2017-04-07 13:45 - 00023845 _____ C:\Users\Eve8500\Desktop\FRST.txt
2017-04-07 11:00 - 2017-04-07 13:44 - 00000000 ____D C:\FRST
2017-04-07 11:00 - 2017-04-07 11:03 - 00064928 _____ C:\Users\Eve8500\Desktop\FRSTa.txt
2017-04-07 10:59 - 2017-04-07 10:59 - 02424832 _____ (Farbar) C:\Users\Eve8500\Desktop\FRST64.exe
2017-04-06 21:17 - 2017-04-06 21:17 - 00000227 _____ C:\Users\Eve8500\Desktop\game x 2b.url
2017-04-05 11:44 - 2017-04-05 16:20 - 00000117 _____ C:\Users\Eve8500\Desktop\auc stuff.txt
2017-04-05 06:50 - 2017-04-05 06:50 - 00000234 _____ C:\Users\Eve8500\Desktop\york pp.url
2017-04-04 09:10 - 2017-04-04 09:10 - 00000234 _____ C:\Users\Eve8500\Desktop\selfie.url
2017-04-01 22:41 - 2017-04-02 19:17 - 00000238 _____ C:\Users\Eve8500\Desktop\DOOM Walkthrough.url
2017-03-31 10:37 - 2017-03-31 10:37 - 00000238 _____ C:\Users\Eve8500\Desktop\j nails.url
2017-03-29 12:25 - 2017-04-06 17:26 - 00000000 ____D C:\ares backups
2017-03-28 14:06 - 2017-03-28 14:06 - 00000222 _____ C:\Users\Eve8500\Desktop\Mafia III.url
2017-03-28 05:06 - 2017-04-07 13:41 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-03-28 05:06 - 2017-04-07 13:41 - 00082720 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-03-28 05:06 - 2017-04-07 13:41 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-03-28 05:06 - 2017-04-04 10:03 - 00077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-03-28 05:06 - 2017-04-04 09:02 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-03-28 05:06 - 2017-03-28 05:06 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-27 12:51 - 2017-03-27 13:15 - 00000000 ____D C:\Users\Eve8500\Desktop\walgreens
2017-03-25 08:42 - 2017-03-25 08:42 - 00001763 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-03-25 08:42 - 2017-03-25 08:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-03-25 08:42 - 2017-03-25 08:42 - 00000000 ____D C:\Program Files\iPod
2017-03-25 08:41 - 2017-03-25 08:41 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-03-25 08:41 - 2017-03-25 08:41 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2017-03-25 08:41 - 2017-03-25 08:41 - 00000000 ____D C:\Program Files\Bonjour
2017-03-25 08:41 - 2017-03-25 08:41 - 00000000 ____D C:\Program Files (x86)\Bonjour
2017-03-25 08:41 - 2017-03-25 08:41 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2017-03-25 01:40 - 2017-03-25 01:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMobie
2017-03-24 23:22 - 2017-03-24 23:22 - 00002052 _____ C:\Users\Eve8500\Desktop\Lego Batman.lnk
2017-03-24 23:15 - 2017-03-24 23:15 - 00000000 ____D C:\Users\Eve8500\AppData\Roaming\Warner Bros. Interactive Entertainment
2017-03-24 19:14 - 2017-03-24 23:04 - 00000000 ____D C:\Program Files (x86)\Lego Batman 3 Beyond Gotham
2017-03-24 18:47 - 2017-03-24 18:47 - 00000978 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEGO Marvel's Avengers.lnk
2017-03-24 12:03 - 2017-03-24 12:03 - 00000000 ____D C:\Users\Eve8500\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DX-Ball 2
2017-03-24 12:03 - 2017-03-24 12:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DX-Ball 2
2017-03-24 12:03 - 2017-03-24 12:03 - 00000000 ____D C:\Program Files (x86)\DXBall2
2017-03-24 02:23 - 2017-04-06 17:24 - 00000000 ____D C:\Users\Eve8500\AppData\Roaming\Kodi
2017-03-24 02:23 - 2017-03-24 02:23 - 00001869 _____ C:\Users\Eve8500\Desktop\Kodi.lnk
2017-03-24 02:20 - 2017-03-24 02:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodi
2017-03-24 02:20 - 2017-03-24 02:20 - 00000000 ____D C:\Program Files (x86)\Kodi
2017-03-23 20:27 - 2017-03-24 01:16 - 00000000 ____D C:\Users\Eve8500\AppData\LocalLow\Unity
2017-03-23 20:27 - 2017-03-24 01:16 - 00000000 ____D C:\Users\Eve8500\AppData\Local\Unity
2017-03-15 19:33 - 2017-03-15 19:33 - 00000137 _____ C:\Users\Eve8500\Desktop\Rebate 1113851526128514.url
2017-03-15 09:12 - 2017-03-04 13:24 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-03-15 09:12 - 2017-03-04 12:39 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-03-15 09:12 - 2017-03-04 04:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-03-15 09:12 - 2017-03-04 04:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-03-15 09:12 - 2017-03-04 04:02 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-03-15 09:12 - 2017-03-04 04:01 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-03-15 09:12 - 2017-03-04 04:01 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-03-15 09:12 - 2017-03-04 04:01 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-03-15 09:12 - 2017-03-04 04:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-03-15 09:12 - 2017-03-04 03:59 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-03-15 09:12 - 2017-03-04 03:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-03-15 09:12 - 2017-03-04 03:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-03-15 09:12 - 2017-03-04 03:48 - 25746944 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-03-15 09:12 - 2017-03-04 03:46 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-03-15 09:12 - 2017-03-04 03:45 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-03-15 09:12 - 2017-03-04 03:45 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-03-15 09:12 - 2017-03-04 03:45 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-03-15 09:12 - 2017-03-04 03:44 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-03-15 09:12 - 2017-03-04 03:36 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-03-15 09:12 - 2017-03-04 03:32 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-03-15 09:12 - 2017-03-04 03:31 - 06045696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-03-15 09:12 - 2017-03-04 03:23 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-03-15 09:12 - 2017-03-04 03:21 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-03-15 09:12 - 2017-03-04 03:16 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-03-15 09:12 - 2017-03-04 03:16 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-03-15 09:12 - 2017-03-04 03:13 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-03-15 09:12 - 2017-03-04 03:11 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-03-15 09:12 - 2017-03-04 02:57 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-03-15 09:12 - 2017-03-04 02:55 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-03-15 09:12 - 2017-03-04 02:54 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-03-15 09:12 - 2017-03-04 02:52 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-03-15 09:12 - 2017-03-04 02:52 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-03-15 09:12 - 2017-03-04 02:26 - 15259648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-03-15 09:12 - 2017-03-04 02:25 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-03-15 09:12 - 2017-03-04 02:12 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-03-15 09:12 - 2017-03-04 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-03-15 09:12 - 2017-03-04 00:18 - 20281856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-03-15 09:12 - 2017-03-02 14:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-03-15 09:12 - 2017-03-02 14:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-03-15 09:12 - 2017-03-02 14:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-03-15 09:12 - 2017-03-02 14:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-03-15 09:12 - 2017-03-02 14:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-03-15 09:12 - 2017-03-02 14:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-03-15 09:12 - 2017-03-02 13:55 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-03-15 09:12 - 2017-03-02 13:54 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-03-15 09:12 - 2017-03-02 13:53 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-03-15 09:12 - 2017-03-02 13:51 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-03-15 09:12 - 2017-03-02 13:50 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-03-15 09:12 - 2017-03-02 13:49 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-03-15 09:12 - 2017-03-02 13:49 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-03-15 09:12 - 2017-03-02 13:41 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-03-15 09:12 - 2017-03-02 13:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-03-15 09:12 - 2017-03-02 13:35 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-03-15 09:12 - 2017-03-02 13:32 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-03-15 09:12 - 2017-03-02 13:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-03-15 09:12 - 2017-03-02 13:29 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-03-15 09:12 - 2017-03-02 13:28 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-03-15 09:12 - 2017-03-02 13:22 - 04604416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-03-15 09:12 - 2017-03-02 13:21 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-03-15 09:12 - 2017-03-02 13:19 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-03-15 09:12 - 2017-03-02 13:17 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-03-15 09:12 - 2017-03-02 13:17 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-03-15 09:12 - 2017-03-02 13:11 - 13654528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-03-15 09:12 - 2017-03-02 12:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-03-15 09:12 - 2017-03-02 12:50 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-03-15 09:12 - 2017-03-02 12:50 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-03-15 09:12 - 2017-02-10 10:33 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-03-15 09:12 - 2017-02-09 12:36 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-03-15 09:12 - 2017-02-09 12:35 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-03-15 09:12 - 2017-02-09 12:35 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-03-15 09:12 - 2017-02-09 12:33 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-03-15 09:12 - 2017-02-09 12:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-03-15 09:12 - 2017-02-09 12:32 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-03-15 09:12 - 2017-02-09 12:31 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-03-15 09:12 - 2017-02-09 12:31 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-03-15 09:12 - 2017-02-09 12:31 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-03-15 09:12 - 2017-02-09 12:31 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-03-15 09:12 - 2017-02-09 12:31 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-03-15 09:12 - 2017-02-09 12:19 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-03-15 09:12 - 2017-02-09 12:19 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-03-15 09:12 - 2017-02-09 12:14 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-03-15 09:12 - 2017-02-09 12:14 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-03-15 09:12 - 2017-02-09 12:00 - 03220480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-03-15 09:12 - 2017-02-09 10:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-03-15 09:12 - 2017-01-11 14:01 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-03-15 09:11 - 2017-02-11 11:58 - 00462848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-03-15 09:11 - 2017-02-11 11:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-03-15 09:11 - 2017-02-11 11:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-03-15 09:11 - 2017-02-10 12:32 - 00803328 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-03-15 09:11 - 2017-02-10 12:32 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-03-15 09:11 - 2017-02-10 12:17 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-03-15 09:11 - 2017-02-10 12:17 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-03-15 09:11 - 2017-02-09 12:35 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-03-15 09:11 - 2017-02-09 12:35 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-03-15 09:11 - 2017-02-09 12:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-03-15 09:11 - 2017-02-09 12:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-03-15 09:11 - 2017-02-09 12:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-03-15 09:11 - 2017-02-09 12:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-03-15 09:11 - 2017-02-09 12:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-03-15 09:11 - 2017-02-09 12:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-03-15 09:11 - 2017-02-09 12:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-03-15 09:11 - 2017-02-09 12:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-03-15 09:11 - 2017-02-09 12:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-03-15 09:11 - 2017-02-09 12:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-03-15 09:11 - 2017-02-09 12:32 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
2017-03-15 09:11 - 2017-02-09 12:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-03-15 09:11 - 2017-02-09 12:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-03-15 09:11 - 2017-02-09 12:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-03-15 09:11 - 2017-02-09 12:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00625664 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:16 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-03-15 09:11 - 2017-02-09 12:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-03-15 09:11 - 2017-02-09 12:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-03-15 09:11 - 2017-02-09 12:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-03-15 09:11 - 2017-02-09 11:59 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-03-15 09:11 - 2017-02-09 11:58 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-03-15 09:11 - 2017-02-09 11:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-03-15 09:11 - 2017-02-09 11:55 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-03-15 09:11 - 2017-02-09 11:55 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-03-15 09:11 - 2017-02-09 11:54 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-03-15 09:11 - 2017-02-09 11:54 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-03-15 09:11 - 2017-02-09 11:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-03-15 09:11 - 2017-02-09 11:51 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcsPlugInService.dll
2017-03-15 09:11 - 2017-02-09 11:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-03-15 09:11 - 2017-02-09 11:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-03-15 09:11 - 2017-02-09 11:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-03-15 09:11 - 2017-02-09 11:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-03-15 09:11 - 2017-02-09 11:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-03-15 09:11 - 2017-02-09 11:49 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 11:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 11:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 11:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 10:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-03-15 09:11 - 2017-02-06 12:14 - 00733696 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-03-15 09:11 - 2017-01-13 14:00 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-03-15 09:11 - 2017-01-13 14:00 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2017-03-15 09:11 - 2017-01-13 13:45 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-03-15 09:11 - 2017-01-13 13:45 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2017-03-15 09:11 - 2017-01-11 14:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2017-03-15 09:11 - 2017-01-11 13:43 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2017-03-15 09:11 - 2017-01-11 13:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2017-03-15 09:11 - 2017-01-06 14:00 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-03-15 09:11 - 2017-01-06 13:44 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-03-15 09:07 - 2017-02-22 19:42 - 00084712 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-03-15 09:07 - 2017-02-22 19:37 - 01285632 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-03-15 09:07 - 2017-02-18 10:05 - 01609216 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-03-15 09:07 - 2017-02-18 10:05 - 00646656 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-03-11 13:32 - 2017-04-06 07:15 - 00000265 _____ C:\Users\Eve8500\Desktop\pop pens.url
2017-03-09 12:57 - 2017-03-09 12:57 - 00000251 _____ C:\Users\Eve8500\Desktop\Organic Facial or Massage - Skin Station- 8 Avenue Brooklyn Groupon.url

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-07 13:43 - 2015-07-31 06:51 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2017-04-07 13:41 - 2014-10-14 03:06 - 00251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-04-07 13:41 - 2012-12-03 02:59 - 00000000 ____D C:\Program Files (x86)\CyberPower PowerPanel Personal Edition
2017-04-07 13:41 - 2012-09-25 03:18 - 00000000 ____D C:\ProgramData\Temp
2017-04-07 13:40 - 2013-03-16 11:27 - 00000000 ____D C:\ProgramData\NVIDIA
2017-04-07 13:40 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-07 13:39 - 2016-08-07 09:45 - 00003026 _____ C:\Windows\System32\Tasks\EVGAPrecision
2017-04-07 13:39 - 2009-07-14 00:45 - 00027936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-07 13:39 - 2009-07-14 00:45 - 00027936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-07 13:38 - 2009-07-14 01:13 - 00784366 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-07 13:38 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2017-04-07 13:33 - 2015-08-24 23:44 - 00000008 __RSH C:\ProgramData\ntuser.pol
2017-04-07 13:33 - 2012-10-18 22:28 - 00000008 __RSH C:\Users\Eve8500\ntuser.pol
2017-04-07 13:33 - 2012-10-15 17:32 - 00000000 ____D C:\Users\Eve8500
2017-04-07 13:18 - 2016-08-10 02:13 - 00004096 ___SH C:\VSNAP.IDX
2017-04-07 13:17 - 2013-01-28 15:02 - 00000000 ____D C:\Users\Eve8500\AppData\LocalLow\Temp
2017-04-07 13:16 - 2009-07-13 23:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-04-07 13:16 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2017-04-07 12:08 - 2015-08-26 06:36 - 00000000 ____D C:\ProgramData\Unchecky
2017-04-07 11:27 - 2012-12-01 00:33 - 00000000 ____D C:\LTemp On Desktop
2017-04-07 09:44 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Registration
2017-04-06 21:46 - 2012-12-19 20:21 - 00000000 ____D C:\Program Files (x86)\Steam
2017-04-06 17:14 - 2015-08-01 12:14 - 00001062 _____ C:\Users\Eve8500\Desktop\returns.txt
2017-04-05 19:02 - 2012-11-30 22:44 - 00000000 ____D C:\Lou Saved Files
2017-04-05 18:55 - 2012-10-23 15:15 - 00000000 ____D C:\DivXtoDvdMovies
2017-04-05 18:52 - 2012-12-01 00:50 - 00000000 ____D C:\Users\Eve8500\Downloads\exercise vids
2017-04-05 18:48 - 2009-07-14 01:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-04-05 16:32 - 2014-08-09 17:34 - 00002193 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-04-05 11:00 - 2012-10-18 18:59 - 00000000 ____D C:\Users\Eve8500\AppData\Roaming\vlc
2017-04-04 09:58 - 2016-11-08 22:23 - 00000000 ____D C:\Users\Eve8500\AppData\Roaming\DesktopOK
2017-04-03 02:43 - 2012-10-18 19:03 - 00000000 ____D C:\Users\Eve8500\AppData\Roaming\uTorrent
2017-04-01 16:27 - 2012-10-18 19:06 - 00000000 ____D C:\Program Files (x86)\EVGA Precision X
2017-04-01 04:45 - 2013-09-02 14:19 - 00000000 ____D C:\ProgramData\Garmin
2017-04-01 04:43 - 2013-10-30 02:37 - 00000000 ____D C:\ProgramData\Package Cache
2017-04-01 03:57 - 2013-09-02 14:19 - 00000000 ____D C:\Program Files (x86)\Garmin
2017-04-01 03:56 - 2013-09-02 14:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2017-03-31 12:44 - 2012-12-01 00:58 - 00000000 ____D C:\Pics
2017-03-30 10:49 - 2012-10-18 18:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware And Cleanup
2017-03-28 14:41 - 2015-01-12 14:10 - 00000000 ____D C:\Users\Eve8500\AppData\Local\LumaEmu_SteamCloud
2017-03-28 14:06 - 2015-02-14 10:46 - 00000000 ____D C:\Users\Eve8500\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2017-03-28 09:13 - 2016-10-07 00:53 - 00000000 ____D C:\Users\Eve8500\AppData\Local\2K Games
2017-03-28 07:08 - 2016-09-04 12:46 - 00000000 ____D C:\Users\Eve8500\Desktop\dd pics
2017-03-28 05:54 - 2013-03-03 05:32 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-03-28 05:06 - 2014-10-14 03:05 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-27 19:48 - 2012-11-19 13:04 - 00000000 ____D C:\Users\Eve8500\AppData\Local\CrashDumps
2017-03-27 14:03 - 2012-11-30 23:50 - 00000000 ____D C:\Lou Videos
2017-03-27 13:53 - 2015-12-04 20:21 - 00000000 ____D C:\Users\Eve8500\Desktop\pix
2017-03-27 13:40 - 2016-03-10 20:31 - 00000000 ____D C:\Users\Eve8500\Desktop\Team V copy
2017-03-25 08:42 - 2015-02-05 09:12 - 00000000 ____D C:\Program Files\iTunes
2017-03-25 08:41 - 2012-10-27 14:53 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-03-25 07:26 - 2016-10-12 22:12 - 00000000 ____D C:\Program Files (x86)\iMobie
2017-03-23 23:59 - 2012-09-25 03:21 - 00000000 ____D C:\ProgramData\Roxio
2017-03-23 20:26 - 2012-11-28 17:55 - 00000000 ____D C:\Users\Eve8500\AppData\Local\Deployment
2017-03-15 21:01 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2017-03-15 09:39 - 2013-03-15 19:29 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-03-15 09:39 - 2013-03-15 19:29 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-03-15 09:39 - 2009-07-14 00:45 - 00546872 _____ C:\Windows\system32\FNTCACHE.DAT
2017-03-15 09:36 - 2014-12-10 05:24 - 00000000 ____D C:\Windows\system32\appraiser
2017-03-15 09:36 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\DVD Maker
2017-03-15 09:18 - 2013-07-10 04:40 - 00000000 ____D C:\Windows\system32\MRT
2017-03-15 09:14 - 2012-10-15 19:48 - 138634176 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-03-15 09:13 - 2015-05-12 20:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-03-11 11:20 - 2009-07-14 01:08 - 00032582 _____ C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

LastRegBack: 2017-04-03 10:38

==================== End of FRST.txt ============================

Addition text:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Eve8500 (07-04-2017 13:45:38)
Running from C:\Users\Eve8500\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-10-15 21:32:13)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\...\uTorrent) (Version: 3.4.1.30740 - BitTorrent Inc.)
3DMark 11 (HKLM-x32\...\{f9e83b9c-ab7e-4005-8f32-4ea69703a5e4}) (Version: 1.0.132.0 - Futuremark)
3DMark 11 (Version: 1.0.132.0 - Futuremark) Hidden
3DMark Vantage (HKLM-x32\...\{C40C3C3D-97CF-44B5-836C-766E374464B3}) (Version: 1.1.0 - Futuremark Corporation)
AB Commander (HKLM\...\AB Commander) (Version: 9.8.1 - WinAbility® Software Corporation)
ACID Music Studio 9.0 (HKLM-x32\...\{78EB80B0-18A0-11E2-9761-F04DA23A5C58}) (Version: 9.0.35 - Sony)
Active@ KillDisk 9.1 (HKLM\...\{81B939C1-0219-42B6-A352-D5E43F2BDFAE}_is1) (Version: 9.1 - LSoft Technologies Inc)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.7.700.202 - Adobe Systems Incorporated)
Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: - Amazon)
Amazon Unbox Video (HKLM-x32\...\InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}) (Version: 2.2.0.153 - Amazon.com)
Amazon Unbox Video (x32 Version: 2.2.0.153 - Amazon.com) Hidden
Ansel (Version: 375.70 - NVIDIA Corporation) Hidden
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{05E07D23-91E9-4E70-A4CC-EF505088F967}) (Version: 5.4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{741291DA-2B34-4D44-8FB6-58EDE21261D8}) (Version: 5.4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{DB18F1C0-846F-46F5-A074-5B97C8AF5C8E}) (Version: 10.3.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.170 - Atheros)
AVI Splitter (HKLM-x32\...\AVI Splitter_is1) (Version: - )
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
calibre (HKLM-x32\...\{7050D165-886B-42BD-A39E-9B28C9728318}) (Version: 2.9.0 - Kovid Goyal)
Call of Duty Infinite Warfare (HKLM-x32\...\Call of Duty Infinite Warfare_is1) (Version: 1.0.0.1 - Activision Blizzard)
Call of Duty: Black Ops III (HKLM\...\Q2FsbG9mRHV0eUJsYWNrT3BzSUlJ_is1) (Version: 1 - )
CameraHelperMsi (x32 Version: 13.40.836.0 - Logitech) Hidden
Casper 8.0 (HKLM\...\{FB725A1C-D2D2-4414-B302-DD6B7AF6DA27}) (Version: 8.0.46120 - Future Systems Solutions, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
ChoiceMail 2012 (HKLM-x32\...\ChoiceMail 2012) (Version: 4.2 - DigiPortal Software Inc)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CleanUp! (HKLM-x32\...\CleanUp!) (Version: - )
ClipGrab 3.4.9 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version: - Philipp Schmieder Medien)
ConvertXtoDVD 4.1.19.365 (HKLM-x32\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.1.19.365 - )
Core Temp 1.0 RC4 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.4) (Version: 5.0.0.4 - Coupons.com Incorporated)
CyberLink PowerDVD 9.6 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.6.1.4418 - CyberLink Corp.)
CyberPower PowerPanel Personal Edition 1.3.4 (HKLM-x32\...\{612DBD6B-D073-43A9-8A26-D89DDF835137}) (Version: 1.3.4 - Cyber Power Systems, Inc.)
DAEMON Tools Toolbar (HKLM-x32\...\DAEMON Tools Toolbar) (Version: 1.0.8.0552 - DT Soft Ltd) <==== ATTENTION
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Dell Inc.)
DigiDo (HKLM-x32\...\DigiDo_is1) (Version: - )
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DOOM (HKLM\...\Steam App 379720) (Version: - id Software)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
DX-Ball 2 v1.25 (HKLM-x32\...\DX-Ball 2 v1.25) (Version: - )
Elevated Installer (x32 Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
E-TRADE Pro 1.10 (HKLM-x32\...\4285-0367-3118-9779) (Version: 1.10 - E*TRADE Financial)
EVGA Precision X 3.0.3 (HKLM-x32\...\PrecisionX) (Version: 3.0.3 - EVGA Corporation)
F.E.A.R. 3 (HKLM-x32\...\F.E.A.R. 3_is1) (Version: - )
FaxTools eXPert (HKLM-x32\...\{C339CAC7-65FF-40F3-9D56-317BF20C8CFF}) (Version: 8.00 - BVRP Software)
Free MP3 Cutter 1.01 (HKLM-x32\...\{847E0734-4457-4B48-BF49-998D1CF2CFA1}_is1) (Version: - PolySoft Solutions)
Free Video Cutter version 1.2.1 (HKLM-x32\...\{B089C7D5-C978-4DB0-AFDE-471A42759CB0}_is1) (Version: 1.2.1 - Free Studio)
Freedom Art Collection (HKLM-x32\...\{54F073B8-7E88-45FE-9648-61F77EC02E0D}) (Version: - )
Freemake Video Converter version 4.1.3 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.3 - Ellora Assets Corporation)
Futuremark SystemInfo (HKLM-x32\...\{0DD83DE7-507E-44AE-BC2D-2FAAFA48CCA5}) (Version: 4.37.548.0 - Futuremark)
Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{bd8bd200-9a60-4969-b267-6b565f36e3da}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Training Center (HKLM-x32\...\{7D542452-84EB-47C0-97BA-735C523AB555}) (Version: 3.6.5 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{DC7720F2-98BE-41C1-B0A8-E391362E86B8}) (Version: 2.3.1.1 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\R3JhbmRUaGVmdEF1dG9W_is1) (Version: 1 - )
Hallmark Card Studio 2014 Deluxe (HKLM-x32\...\{B9FF36AF-29F6-47EC-BE07-D3FB2CA02531}) (Version: 15.0.0.10 - Creative Home)
Holiday Art Collection (HKLM-x32\...\{F68DF664-1C34-48B2-BE8D-AF26F6CFFE90}) (Version: - )
Homefront: The Revolution (HKLM\...\Steam App 223100) (Version: - Dambuster Studios)
InPixio Photo (HKLM-x32\...\{5F0C0CD8-77B1-4C3E-9F01-5AF10D85DBB4}) (Version: 6.04.0 - Avanquest Software)
InstaCards (HKLM-x32\...\{58259C24-7B5E-4977-93B0-E9EEA1B884CE}) (Version: 1.5.0 - Avanquest Software)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
iTunes (HKLM\...\{164600BE-9CEC-44E6-9B38-2B12D5FE2342}) (Version: 12.6.0.100 - Apple Inc.)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Just Cause 3 (HKLM\...\Steam App 225540) (Version: - Avalanche Studios)
Kits Configuration Installer (x32 Version: 8.59.25584 - Microsoft) Hidden
Kodi (HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\...\Kodi) (Version: - XBMC-Foundation)
LEGO MARVEL's Avengers (HKLM\...\bGVnb21hcnZlbHNhdmVuZ2Vycw_is1) (Version: 1 - )
LiveUpdate 3.2 (Symantec Corporation) (HKLM-x32\...\LiveUpdate) (Version: 3.2.0.68 - Symantec Corporation)
Lock my Folder (HKLM-x32\...\Lock my Folder) (Version: - )
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.40 - Logitech Inc.)
LSI PCI-SV92EX Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation)
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50905.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Minecraft: Story Mode - A Telltale Games Series (HKLM\...\TWluZWNyYWZ0U3RvcnlNb2RlQVRlbGx0YWxlR2FtZXNTZXJpZXM=_is1) (Version: 1 - )
Minecraft: Story Mode (HKLM-x32\...\Minecraft: Story Mode_is1) (Version: - )
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Multimedia Card Reader (HKLM-x32\...\InstallShield_{4B3D9AA4-B47A-4349-A64F-04D5A9226D7C}) (Version: 2.2.915.108 - Fitipower)
Multimedia Card Reader (x32 Version: 2.2.915.108 - Fitipower) Hidden
Nero 8 (HKLM-x32\...\{9EDBB857-8028-49CD-B9C9-0B4D10CD1033}) (Version: 8.10.293 - Nero AG)
Norton Ghost (HKLM-x32\...\{B0255743-165B-4BD5-8DA8-37DFB9930015}) (Version: 15.0.1.36526 - Symantec Corporation)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.7.0.11 - Symantec Corporation)
Novacomd (HKLM\...\{BA9A297F-0198-4EE8-90CB-F5036C180E1D}) (Version: 1.0.0.76 - Palm, Inc.)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.53 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.53 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.20.386 - Electronic Arts, Inc.)
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
PMB (HKLM-x32\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.8.02.10270 - Sony Corporation)
Print Artist 2003 (HKLM-x32\...\Print Artist 2003) (Version: - )
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7404 - Realtek Semiconductor Corp.)
Replay Video Capture 6 (HKLM-x32\...\Replay Video Capture6.0.6) (Version: 6.0.6 - Applian Technologies Inc.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
ScummVM 1.8.1 (HKLM-x32\...\ScummVM_is1) (Version: - The ScummVM Team)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
Unchecky v1.0.2 (HKLM-x32\...\Unchecky) (Version: 1.0.2 - RaMMicHaeL)
VCRedistSetup (x32 Version: 1.0.0 - Nero AG) Hidden
Video Download Capture version 4.8.6 (HKLM-x32\...\{3C9D008D-3716-4C3F-90CD-38ED57568FAB}_is1) (Version: 4.8.6 - APOWERSOFT LIMITED)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VoiceOver Kit (HKLM\...\{703D47B8-2869-4A50-B988-BDE18772A474}) (Version: 1.43.128.3 - Apple Inc.)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
WinAVI All in One Converter (HKLM-x32\...\WinAVI All in One Converter) (Version: 1.6.0.4147 - ZJMedia Digital Technology Ltd.)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Driver Package - Palm (WinUSB) Palm Devices (10/09/2009 1.0.1) (HKLM\...\332CCC08910F1AE2E4D90D25DEDE87E3EF797832) (Version: 10/09/2009 1.0.1 - Palm)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Software Development Kit (HKLM-x32\...\{363a2c1e-637f-45ce-933b-5a5463efd945}) (Version: 8.59.29750 - Microsoft Corporation)
WPT Redistributables (x32 Version: 8.59.29750 - Microsoft) Hidden
WPTx64 (x32 Version: 8.59.29722 - Microsoft) Hidden
Xilisoft AVCHD Converter (HKLM-x32\...\Xilisoft AVCHD Converter) (Version: 7.6.0.20121027 - Xilisoft)
Xilisoft Blu-ray Creator 2 (HKLM-x32\...\Xilisoft Blu-ray Creator 2) (Version: 2.0.4.20120816 - Xilisoft)
Xilisoft Video Converter Ultimate (HKLM-x32\...\Xilisoft Video Converter Ultimate) (Version: 7.8.6.20150130 - Xilisoft)
Xilisoft Video Cutter 2 (HKLM-x32\...\Xilisoft Video Cutter 2) (Version: 2.2.0.20130109 - Xilisoft)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1F9BD804-7498-4936-80CF-F9D6EE152ACA} - System32\Tasks\EVGAPrecision => C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe [2012-06-29] ()
Task: {216C9EC5-4E11-41D7-A03B-969804CCE42C} - System32\Tasks\Core Temp Autostart Eve8500 => C:\Program Files\Core Temp\Core Temp.exe [2012-10-14] ()
Task: {3036EE56-7A2E-4F05-BFC1-EF48F6303142} - System32\Tasks\Future Systems Solutions\Casper\Casper 8.0 Update Notification Task => C:\Program Files (x86)\Future Systems Solutions\Casper 8.0\CASPER.EXE [2016-11-29] (Future Systems Solutions, Inc.)
Task: {327847B2-D21C-4F80-AEB7-B8086B47A51F} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2015-07-27] (Symantec Corporation)
Task: {40F50DA2-38C7-4BED-9A93-52D73EBF30CA} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe
Task: {46B61A5C-BA68-4B3D-A4B9-3098B585EA44} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-17] (Piriform Ltd)
Task: {503A021C-CD36-4D6F-BF86-8B3B452DE9DA} - System32\Tasks\{247551DD-D264-463B-B18B-78028B70EB2E} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" -c /uninstall STANDARDR /dll OSETUP.DLL
Task: {5AD12929-5A18-4D95-8585-8EB6EE1A21EC} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {5AD578C7-C7F0-4167-BCF2-716FA905ABFE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {63023130-12AA-4CDA-80D3-13FC0E889ED5} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\WSCStub.exe [2015-07-27] (Symantec Corporation)
Task: {6DD79418-02F6-4205-925C-82D6AB8E34C0} - System32\Tasks\EVGAPrecisionX => C:\Program Files (x86)\EVGA\PrecisionX 16\PrecisionX_x64.exe
Task: {7A43869A-143F-4D57-9D99-8DDF3D7967D1} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {7D437B7C-3B5D-498F-A5C0-09212610DEE2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {81A18E3C-34DA-4439-9305-00A25967A7D4} - System32\Tasks\{A1571B6E-4F81-4EA0-B4BB-05CD7C3828CA} => C:\Users\Eve8500\Downloads\iTunes64Setup.exe
Task: {87EFF34E-E809-4B84-A7D4-5BB6F4AC01B7} - System32\Tasks\{DE166F3F-CFD9-4FA9-B774-6C8ABB4DD8FC} => pcalua.exe -a "C:\Users\Eve8500\Desktop\microsoft office 2007 including word\contents of disc\setup.exe" -d "C:\Users\Eve8500\Desktop\microsoft office 2007 including word\contents of disc"
Task: {9D86550E-E6BA-41AE-80D2-3006AC31B390} - System32\Tasks\{9A861C6E-26B5-4D69-A49C-AEDDB201C831} => C:\Users\Eve8500\Downloads\iTunes64Setup.exe
Task: {B5FA3DC1-3F54-4F60-8CF6-EA7541843EE4} - System32\Tasks\{6B5C90D5-8FC4-43D0-A1D5-C856BB328CB8} => pcalua.exe -a "C:\Users\Eve8500\Desktop\lou drive\microsoft office 2007 including word\contents of disc\setup.exe" -d "C:\Users\Eve8500\Desktop\lou drive\microsoft office 2007 including word\contents of disc"
Task: {B8D563BF-D02B-45EE-989C-3E3DDC15473E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {D3318F6B-6C07-4494-9475-ABA5D07DEA41} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-04] (Adobe Systems Incorporated)
Task: {EC5D8A48-A789-4DAB-86CC-B8A527E13E18} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {F9311ED2-67E1-4D48-A4AC-51D18F03E4E6} - System32\Tasks\{F4921858-36E5-49CD-98AE-5D768D586F60} => pcalua.exe -a C:\Users\Eve8500\Desktop\Symantec_Ghost_Solution_Suite_2.5.1_Trial_AllWin_EN.exe -d C:\Users\Eve8500\Desktop

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:285774C5 [202]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

There are 6091 more sites.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2017-04-07 13:41 - 00001235 ____A C:\Windows\system32\Drivers\etc\hosts

There are 4 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

Name: A31BYYC3 IDE Controller
Description: A31BYYC3 IDE Controller
Class Guid: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard mass storage controllers)
Service: a3jolfmm
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (04/07/2017 01:41:49 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: D@01010004

Error: (04/07/2017 01:41:49 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: D@01010004

Error: (04/07/2017 01:41:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (04/07/2017 01:41:17 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.

Error: (04/07/2017 01:38:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Symantec Real Time Storage Protection x64 service failed to start due to the following error:
The system cannot find the file specified.

Error: (04/07/2017 01:38:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Symantec Real Time Storage Protection x64 service failed to start due to the following error:
The system cannot find the file specified.

Error: (04/07/2017 01:37:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Symantec Real Time Storage Protection x64 service failed to start due to the following error:
The system cannot find the file specified.

==================== Memory info ===========================

Processor: Intel® Core™ i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 23%
Total physical RAM: 16344.88 MB
Available physical RAM: 12476.65 MB
Total Virtual: 32687.93 MB
Available Virtual: 28382.2 MB

==================== Drives ================================

Drive c: (Local Disk) (Fixed) (Total:1849.34 GB) (Free:522.15 GB) NTFS
Drive f: (Local Disk) (Fixed) (Total:5588.9 GB) (Free:2363.16 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 5589 GB) (Disk ID: 00068DDD)

Partition: GPT.

==================== End of Addition.txt ============================

Attached Thumbnails

#6
RKinner

Posted 07 April 2017 - 12:30 PM

Malware Expert

Expert
24,625 posts

Let's run Rogue Killer

http://www.adlice.co...iller/#download

Portable 64 bits <==Use this one

Download and Save.

Right click on the downloaded file (RogueKillerX64.exe or RogueKiller.exe) and Run As admin

Start Scan

Will take about 20 minutes to complete.

Open Report

Export TXT (save it to your desktop as rk) Save

Do not let Rogue Killer remove anything until you hear from me. Leave Rogue Killer up (but minimized) so you won't have to rescan.

Open rk.txt and copy and paste it to your next Reply.

#7
louuu

Posted 07 April 2017 - 04:27 PM

Member

Topic Starter
Member
260 posts

hi again ron. the scan took 3.5 hours to run, probably because I have a 2tb hard drive. anyway, heres the text file and ive left it open on my desktop as per your instructions so I don't have to run the scan again.

RogueKiller V12.10.3.0 (x64) [Apr 3 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.co...ad/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Eve8500 [Administrator]
Started from : C:\Users\Eve8500\Desktop\RogueKillerX64.exe
Mode : Scan -- Date : 04/07/2017 14:43:22 (Duration : 03:32:36)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 19 ¤¤¤
[PUP.Coupons|Suspicious.Path|PUP.Gen0|VT.W64.HfsAdware.300E] (X64) HKEY_CLASSES_ROOT\CLSID\{1A53AD8B-D0B9-4E7F-88E4-50C07A65F2DC} (C:\Windows\COUPON~2.OCX) -> Found
[PUP.Coupons|Suspicious.Path|PUP.Gen0|VT.W64.HfsAdware.300E] (X64) HKEY_CLASSES_ROOT\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC} (C:\Windows\COUPON~2.OCX) -> Found
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\DAEMON Tools Toolbar -> Found
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2502943303-2344771959-3953300128-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0 -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2502943303-2344771959-3953300128-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2502943303-2344771959-3953300128-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyDocs : 0 -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2502943303-2344771959-3953300128-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2502943303-2344771959-3953300128-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0 -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2502943303-2344771959-3953300128-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 0 -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2502943303-2344771959-3953300128-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0 -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2502943303-2344771959-3953300128-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0 -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2502943303-2344771959-3953300128-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2502943303-2344771959-3953300128-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyDocs : 0 -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2502943303-2344771959-3953300128-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2502943303-2344771959-3953300128-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0 -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2502943303-2344771959-3953300128-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 0 -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2502943303-2344771959-3953300128-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0 -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 10 ¤¤¤
[PUP.Coupons|PUP.Gen1][File] C:\OffStart\Coupons\Coupons.com - Print Coupons.lnk [LNK@] C:\PROGRA~2\Coupons\COUPON~1.URL -> Found
[PUP.Coupons|PUP.Gen1][File] C:\OffStart\Coupons\Uninstall Coupon Printer for Windows.lnk [LNK@] C:\PROGRA~2\Coupons\UNINST~1.EXE "/U:C:\Program Files (x86)\Coupons\Uninstall\uninstall.xml" -> Found
[PUP.Gen1][Folder] C:\ProgramData\Trymedia -> Found
[PUP.Gen1][Folder] C:\Users\Eve8500\AppData\Roaming\Tencent -> Found
[PUP.Coupons|PUP.Gen1][Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons -> Found
[Adw.WifiHotSpot][Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HotSpot -> Found
[PUP.Gen1][Folder] C:\ProgramData\Trymedia -> Found
[PUP.Coupons|PUP.Gen1][Folder] C:\Program Files (x86)\Coupons -> Found
[PUP.Gen1][Folder] C:\Program Files (x86)\DAEMON Tools Toolbar -> Found
[PUP.Gen1][Folder] C:\Program Files (x86)\Tencent -> Found

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WD2002FAEX-007B SCSI Disk Device +++++
--- User ---
[MBR] 4a81a106e9fecb1351930d7ba1d87467
[BSP] bfdac078ca22f3e575b38b7cebb1119d : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1893726 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 3878352896 | Size: 14001 MB [Error reading VBR! ([83] An attempt was made to move the file pointer before the beginning of the file. )]
User != LL1 ... KO!
--- LL1 ---
[MBR] 4a81a106e9fecb1351930d7ba1d87467
[BSP] bfdac078ca22f3e575b38b7cebb1119d : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1893726 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 3878352896 | Size: 14001 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
Error reading LL2 MBR! ([1] Incorrect function. )

+++++ PhysicalDrive1: WDC WD60EZRX-00MVLB1 SCSI Disk Device +++++
--- User ---
[MBR] 3277eccd4912fbe7bb2dbdd0474dca3b
[BSP] 808c95604ff6eb03a55b06195439f560 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - Microsoft reserved partition | Offset (sectors): 34 | Size: 128 MB
1 - Basic data partition | Offset (sectors): 264192 | Size: 5723037 MB
User = LL1 ... OK
Error reading LL2 MBR! ([18] The program issued a command but the command length is incorrect. )

+++++ PhysicalDrive2: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive5: Generic- MS/MS-Pro USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

#8
RKinner

Posted 07 April 2017 - 07:15 PM

Malware Expert

Expert
24,625 posts

Let it remove these:

[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found

[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found

[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2502943303-2344771959-3953300128-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0 -> Found

[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2502943303-2344771959-3953300128-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> Found

[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2502943303-2344771959-3953300128-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyDocs : 0 -> Found

[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2502943303-2344771959-3953300128-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found

[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2502943303-2344771959-3953300128-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0 -> Found

[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2502943303-2344771959-3953300128-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 0 -> Found

[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2502943303-2344771959-3953300128-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0 -> Found

[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2502943303-2344771959-3953300128-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0 -> Found

[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2502943303-2344771959-3953300128-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> Found

[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2502943303-2344771959-3953300128-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyDocs : 0 -> Found

[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2502943303-2344771959-3953300128-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found

[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2502943303-2344771959-3953300128-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0 -> Found

[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2502943303-2344771959-3953300128-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 0 -> Found

[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2502943303-2344771959-3953300128-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0 -> Found

[PUP.Gen1][Folder] C:\ProgramData\Trymedia -> Found

[PUP.Gen1][Folder] C:\Users\Eve8500\AppData\Roaming\Tencent -> Found

[Adw.WifiHotSpot][Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HotSpot -> Found

[PUP.Gen1][Folder] C:\ProgramData\Trymedia -> Found

[PUP.Gen1][Folder] C:\Program Files (x86)\DAEMON Tools Toolbar -> Found

[PUP.Gen1][Folder] C:\Program Files (x86)\Tencent -> Found

There is something going on with the MBR. See if you can run aswMBR:

Download aswMBR.exe to your desktop.

The link is a direct download so the page won't change.

Right click the aswMBR.exe and select Run As Administrator to run it

Wait until the AV Scan shows up at the bottom left.

Change AV Scan: from Quick Scan to C:\

Click the "Scan" button to start scan

If it asks you to allow the Avast engine to download then say Yes. It will take a while to finish.

On completion of the scan (Note if the Fix button is enabled and tell me but do not push any buttons) click save log, save it to your desktop and post in your next reply

If it crashes then try it again but uncheck Trace Disk IO Calls before hitting Scan.

Once it finishes you will get two files. Submit the mbr.dat file to virustoatl.com and see what they say about.

#9
louuu

Posted 07 April 2017 - 07:49 PM

Member

Topic Starter
Member
260 posts

i removed the ones you told me to remove using rogue killer. i noticed that the top 2 items in rogue killer that were red had checkmarks on them along with some other ones that were checked on the bottom but I only left checkmarks on the ones you selected and removed checkmarks on the ones that had checkmarks that you didn't select. when I ran aswmbr it did crash. so I ran it again and unchecked trace disk io calls and it still crashed again. when I attempt to run it, it says "this computer supports virtualization technology. do you want to use it for rootkit detection?" and I said yes. then it asks if I want to download the latest avast virus definitions and I also said yes. I just want to make sure saying yes to both of those was ok. just to try a 3rd time i ran it again saying yes to both questions again and unchecking the trace disk io calls again and it still crashed a 3rd time. ill wait for your reply, thanks.

#10
RKinner

Posted 07 April 2017 - 09:59 PM

Malware Expert

Expert
24,625 posts

Rogue Killer doesn't like Coupons. I think it's overkill but you can certainly remove them if you want.

If you can get aswmbr to run by answering no then do so otherwise we'll try something else.

Download the SPTD standalone installer from Duplex Secure.

http://www.duplexsec...om/en/downloads

Right click and Run As Admin. and choose to uninstall.

Reboot

Run a FRST scan again with addition.txt checked and post both logs.

#11
louuu

Posted 07 April 2017 - 10:24 PM

Member

Topic Starter
Member
260 posts

i didn't want to run the 3.5 hour scan again for rogue killer so im ok with the coupon thing. I tried running aswmbr again and I said no to both options and unchecked trace disk io calls but it still crashed again so I stopped trying that. I ran the SPTD standalone installer and then uninstalled and rebooted and then I ran frst again and heres the 2 logs. by the way, my Norton said a program I used for 2 years called freemake video converter (I use this to rotate my iphone videos when i download them to my computer) should be removed today. it didnt say that for the last 2 years but since it did come up today with norton I uninstalled the old version from 2 years ago and installed the new version today off their website. so far nothing has come up from Norton but I thought I should at least tell you that as I do see some lines in the below text files that has that program in it. if you think I should permanently uninstall that program I will. ill wait for your reply, thank you.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by Eve8500 (administrator) on LUIS8500 (08-04-2017 00:13:52)
Running from C:\Users\Eve8500\Desktop
Loaded Profiles: Eve8500 (Available Profiles: Eve8500)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> csrss.exe
Failed to access process -> csrss.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Affinegy, Inc.) C:\Program Files (x86)\Optimum\DigiDo\AffinegyService.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Future Systems Solutions, Inc.) C:\Program Files\Common Files\Future Systems Solutions\Services\CASPERSVCS.EXE
() C:\Program Files\Core Temp\Core Temp.exe
() C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\nis.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\nis.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Palm) C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(DigiPortal Software, Inc.) C:\Program Files (x86)\DigiPortal Software\ChoiceMail\ChoiceMailClient.exe
(DigiPortal Software, Inc.) C:\Program Files (x86)\DigiPortal Software\ChoiceMail\ChoiceMailClient.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Cyber Power Systems, Inc.) C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe
(DigiPortal Software, Inc.) C:\Program Files (x86)\DigiPortal Software\ChoiceMail\CMServer.exe
(DigiPortal Software, Inc.) C:\Program Files (x86)\DigiPortal Software\ChoiceMail\CMServer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
Failed to access process -> WmiPrvSE.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
Failed to access process -> WmiPrvSE.exe
(Amazon.com) C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Symantec) C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe
Failed to access process -> WUDFHost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(DigiPortal Software, Inc) C:\Program Files (x86)\DigiPortal Software\ChoiceMail\CMPreapproval.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\cltlmh.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Internet Explorer:
==================
HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/
SearchScopes: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004 -> DefaultScope {7186B3F3-5D36-4FA3-829C-5E6683EE41FE} URL = hxxps://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
SearchScopes: HKU\S-1-5-21-2502943303-2344771959-3953300128-1004 -> {7186B3F3-5D36-4FA3-829C-5E6683EE41FE} URL = hxxps://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.7.0.11\coIEPlg.dll [2015-06-26] (Symantec Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll [2015-06-26] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL [2015-03-04] (Symantec Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2012-12-27] (Atheros Commnucations)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.7.0.11\coIEPlg.dll [2015-06-26] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\coIEPlg.dll [2015-06-26] (Symantec Corporation)
DPF: HKLM-x32 {3F4AC0C9-3A7D-4115-99B4-2693DE0014AF} hxxp://optimum.net/downloads/TNetworkScannerXControl.ocx
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} hxxps://support.dell.com/systemprofiler/SysProExe.CAB

FireFox:
========
FF ProfilePath: C:\Users\Eve8500\AppData\Roaming\TomTom\HOME\Profiles\53i8do6m.default [2013-08-20]
FF Extension: (Emulator) - C:\Users\Eve8500\AppData\Roaming\TomTom\HOME\Profiles\53i8do6m.default\Extensions\[email protected] [2013-08-20] [not signed]
FF Extension: (No Name) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\[email protected] [not found]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.6.0.32\coFFPlgn
FF Extension: (Norton Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.6.0.32\coFFPlgn [2017-04-08]
FF HKLM-x32\...\Firefox\Extensions: [{40211632-250D-4B8C-B04E-DA45BAE6DF8C}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.6.0.32\coFFPlgn
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll [2013-05-15] ()
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll [2013-05-15] ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [No File]
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-09-13] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-09-13] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-29] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2502943303-2344771959-3953300128-1004: etrade.com/ETProPlugin -> C:\Program Files (x86)\E-TRADE Pro\npetproplugin.dll [2015-12-21] (E*Trade Financial)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ADVService; C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe [25704 2011-11-23] (Amazon.com) [File not signed]
R2 AffinegyService; C:\Program Files (x86)\Optimum\DigiDo\AffinegyService.exe [587120 2011-10-17] (Affinegy, Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-03-17] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [204928 2012-12-27] (Atheros Commnucations) [File not signed]
R2 caspereui; C:\Program Files\Common Files\Future Systems Solutions\Services\CASPERSVCS.EXE [1168984 2014-09-03] (Future Systems Solutions, Inc.)
R2 casperhpb; C:\Program Files\Common Files\Future Systems Solutions\Services\CASPERSVCS.EXE [1168984 2014-09-03] (Future Systems Solutions, Inc.)
S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [248304 2011-08-11] (CyberLink)
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [107008 2016-10-21] (Freemake) [File not signed]
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342240 2015-05-06] (Futuremark)
S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1099280 2017-03-28] (Garmin Ltd. or its subsidiaries)
S3 GenericMount Helper Service; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe [2227216 2010-02-12] (Symantec)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_2.EXE [2999664 2007-09-12] (Symantec Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [853288 2007-09-20] (Nero AG)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\NIS.exe [276336 2015-03-07] (Symantec Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [382248 2007-10-23] (Nero AG)
R2 Norton Ghost; C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe [4590432 2010-03-03] (Symantec Corporation)
R2 NovacomD; C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe [72192 2011-06-24] (Palm) [File not signed]
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-29] (NVIDIA Corporation)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2141192 2016-10-02] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2206224 2016-10-02] (Electronic Arts)
S4 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-07-08] ()
R2 ppped; C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe [1017832 2012-08-03] (Cyber Power Systems, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [292568 2014-12-11] (Realtek Semiconductor)
R2 svcChoiceMail; C:\Program Files (x86)\DigiPortal Software\ChoiceMail\CMServer.exe [4308992 2011-09-30] (DigiPortal Software, Inc.) [File not signed]
R3 svcCMPreApproval; C:\Program Files (x86)\DigiPortal Software\ChoiceMail\CMPreapproval.exe [1687552 2011-09-30] (DigiPortal Software, Inc) [File not signed]
R3 SymSnapService; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [2963960 2009-09-21] (Symantec)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [304408 2017-01-29] (RaMMicHaeL)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [327296 2012-12-27] (Atheros) [File not signed]
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2012-12-26] (Atheros) [File not signed]
S3 Symantec SymSnap VSS Provider; C:\Windows\system32\dllhost.exe /Processid:{4DB90D5C-2D86-4014-9349-741A696FA2A7}

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [10733056 2012-02-23] (Advanced Micro Devices, Inc.) [File not signed]
S3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [328192 2012-02-22] (Advanced Micro Devices, Inc.) [File not signed]
R3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2014-04-09] (Wondershare)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.6.0.32\Definitions\BASHDefs\20170405.003\BHDrvx64.sys [1831064 2017-03-03] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1507000.00B\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
S3 cmnxusbser; C:\Windows\System32\DRIVERS\cmnxusbser.sys [146424 2015-11-24] (Wireless Data Device)
S3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [32464 2016-06-23] (Dell Computer Corporation)
S3 DellProf; C:\Windows\System32\drivers\DellProf.sys [24240 2016-06-23] (Dell Computer Corporation)
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2017-02-15] (Disc Soft Ltd)
S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2017-02-15] (Disc Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497312 2017-01-25] (Symantec Corporation)
S3 ENTECH64; C:\Windows\system32\DRIVERS\ENTECH64.sys [12744 2008-09-17] (EnTech Taiwan)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156824 2017-01-25] (Symantec Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-04-04] ()
R3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [66608 2010-02-12] (Symantec Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.6.0.32\Definitions\IPSDefs\20170407.001\IDSvia64.sys [1038024 2017-02-13] (Symantec Corporation)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [186304 2017-04-04] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [111544 2017-04-08] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-04-08] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251832 2017-04-08] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [82720 2017-04-08] (Malwarebytes)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.6.0.32\Definitions\VirusDefs\20170407.008\ENG64.SYS [138912 2017-04-07] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.6.0.32\Definitions\VirusDefs\20170407.008\EX64.SYS [2151072 2017-04-07] (Symantec Corporation)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2015-05-31] ()
R3 RTCore64; C:\Program Files (x86)\EVGA Precision X\RTCore64.sys [15176 2012-06-29] ()
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1507000.00B\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1507000.00B\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1507000.00B\SYMDS64.SYS [493656 2014-08-25] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1507000.00B\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2015-05-28] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [78936 2014-08-25] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1507000.00B\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1507000.00B\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
R0 symsnap; C:\Windows\System32\DRIVERS\symsnap.sys [170032 2009-09-21] (StorageCraft)
S3 VProEventMonitor; C:\Windows\System32\DRIVERS\vproeventmonitor.sys [20528 2009-09-21] (Symantec Corporation)
R3 ALSysIO; \??\C:\Users\Eve8500\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
U2 ccEvtMgr; no ImagePath
U2 ccSetMgr; no ImagePath
S4 cpuz130; \??\C:\Users\Eve8500\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X] <==== ATTENTION
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
U3 navapsvc; no ImagePath
S4 NvStUSB; \SystemRoot\system32\drivers\nvstusb.sys [X]
S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]
U3 SAVRT; no ImagePath
U1 SAVRTPEL; no ImagePath
S4 sptd; \SystemRoot\System32\Drivers\sptd.sys [X]
U3 TlntSvr; no ImagePath
U2 V2iMount; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-08 00:13 - 2017-04-08 00:14 - 00023890 _____ C:\Users\Eve8500\Desktop\FRST.txt
2017-04-08 00:04 - 2017-04-08 00:04 - 00593952 _____ (Duplex Secure Ltd) C:\Users\Eve8500\Desktop\SPTDinst-v189-x64.exe
2017-04-07 22:14 - 2017-04-07 22:14 - 00000000 ____D C:\Users\Eve8500\AppData\Local\FreemakeVideoConverter
2017-04-07 22:13 - 2017-04-07 22:13 - 00001334 _____ C:\Users\Public\Desktop\Freemake Video.lnk
2017-04-07 22:13 - 2017-04-07 22:13 - 00000000 ____D C:\Users\Eve8500\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2017-04-07 22:13 - 2017-04-07 22:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2017-04-07 22:13 - 2017-04-07 22:13 - 00000000 ____D C:\Program Files (x86)\Freemake
2017-04-07 21:27 - 2017-04-07 21:27 - 05200384 _____ (AVAST Software) C:\Users\Eve8500\Desktop\aswmbr.exe
2017-04-07 20:00 - 2017-04-07 20:00 - 00000000 ____D C:\Users\Eve8500\Documents\freemake
2017-04-07 19:39 - 2017-04-07 19:39 - 00000213 _____ C:\Users\Eve8500\Desktop\youtube question.url
2017-04-07 18:25 - 2017-04-07 18:25 - 00014494 _____ C:\Users\Eve8500\Desktop\rk.txt
2017-04-07 15:04 - 2017-04-07 15:04 - 00000234 _____ C:\Users\Eve8500\Desktop\711 firestick.url
2017-04-07 14:41 - 2017-04-07 14:41 - 26218056 _____ C:\Users\Eve8500\Desktop\RogueKillerX64.exe
2017-04-07 13:45 - 2017-04-07 13:46 - 00051308 _____ C:\Users\Eve8500\Desktop\Additionb.txt
2017-04-07 13:16 - 2017-04-07 13:17 - 00011002 _____ C:\Users\Eve8500\Desktop\Fixlog.txt
2017-04-07 12:40 - 2017-04-07 21:51 - 00000378 _____ C:\Users\Eve8500\Desktop\my topic.url
2017-04-07 12:10 - 2017-04-07 12:11 - 00115345 _____ C:\Users\Eve8500\Desktop\LUIS8500.txt
2017-04-07 12:08 - 2017-04-07 12:08 - 00000806 _____ C:\Users\Public\Desktop\Speccy.lnk
2017-04-07 12:08 - 2017-04-07 12:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2017-04-07 12:08 - 2017-04-07 12:08 - 00000000 ____D C:\Program Files\Speccy
2017-04-07 12:05 - 2017-04-07 12:05 - 06293184 _____ (Piriform Ltd) C:\Users\Eve8500\Desktop\spsetup130.exe
2017-04-07 12:04 - 2017-04-07 12:04 - 00008669 _____ C:\Users\Eve8500\Desktop\junk.txt
2017-04-07 12:03 - 2017-04-07 12:03 - 00010943 _____ C:\Users\Eve8500\Desktop\System Idle Process.txt
2017-04-07 12:00 - 2017-04-07 12:00 - 02710688 _____ (Sysinternals - www.sysinternals.com) C:\Users\Eve8500\Desktop\procexp.exe
2017-04-07 11:02 - 2017-04-07 11:03 - 00056465 _____ C:\Users\Eve8500\Desktop\Additiona.txt
2017-04-07 11:00 - 2017-04-08 00:13 - 00000000 ____D C:\FRST
2017-04-07 11:00 - 2017-04-07 13:46 - 00065344 _____ C:\Users\Eve8500\Desktop\FRSTb.txt
2017-04-07 11:00 - 2017-04-07 11:03 - 00064928 _____ C:\Users\Eve8500\Desktop\FRSTa.txt
2017-04-07 10:59 - 2017-04-07 10:59 - 02424832 _____ (Farbar) C:\Users\Eve8500\Desktop\FRST64.exe
2017-04-06 21:17 - 2017-04-06 21:17 - 00000227 _____ C:\Users\Eve8500\Desktop\game x 2b.url
2017-04-05 11:44 - 2017-04-05 16:20 - 00000117 _____ C:\Users\Eve8500\Desktop\auc stuff.txt
2017-04-01 22:41 - 2017-04-02 19:17 - 00000238 _____ C:\Users\Eve8500\Desktop\DOOM Walkthrough.url
2017-03-29 12:25 - 2017-04-06 17:26 - 00000000 ____D C:\ares backups
2017-03-28 14:06 - 2017-03-28 14:06 - 00000222 _____ C:\Users\Eve8500\Desktop\Mafia III.url
2017-03-28 05:06 - 2017-04-08 00:10 - 00082720 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-03-28 05:06 - 2017-04-08 00:09 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-03-28 05:06 - 2017-04-08 00:09 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-03-28 05:06 - 2017-04-04 10:03 - 00077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-03-28 05:06 - 2017-04-04 09:02 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-03-28 05:06 - 2017-03-28 05:06 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-27 12:51 - 2017-03-27 13:15 - 00000000 ____D C:\Users\Eve8500\Desktop\walgreens
2017-03-25 08:42 - 2017-03-25 08:42 - 00001763 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-03-25 08:42 - 2017-03-25 08:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-03-25 08:42 - 2017-03-25 08:42 - 00000000 ____D C:\Program Files\iPod
2017-03-25 08:41 - 2017-03-25 08:41 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-03-25 08:41 - 2017-03-25 08:41 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2017-03-25 08:41 - 2017-03-25 08:41 - 00000000 ____D C:\Program Files\Bonjour
2017-03-25 08:41 - 2017-03-25 08:41 - 00000000 ____D C:\Program Files (x86)\Bonjour
2017-03-25 08:41 - 2017-03-25 08:41 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2017-03-25 01:40 - 2017-03-25 01:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMobie
2017-03-24 23:22 - 2017-03-24 23:22 - 00002052 _____ C:\Users\Eve8500\Desktop\Lego Batman.lnk
2017-03-24 23:15 - 2017-03-24 23:15 - 00000000 ____D C:\Users\Eve8500\AppData\Roaming\Warner Bros. Interactive Entertainment
2017-03-24 19:14 - 2017-03-24 23:04 - 00000000 ____D C:\Program Files (x86)\Lego Batman 3 Beyond Gotham
2017-03-24 18:47 - 2017-03-24 18:47 - 00000978 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEGO Marvel's Avengers.lnk
2017-03-24 12:03 - 2017-03-24 12:03 - 00000000 ____D C:\Users\Eve8500\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DX-Ball 2
2017-03-24 12:03 - 2017-03-24 12:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DX-Ball 2
2017-03-24 12:03 - 2017-03-24 12:03 - 00000000 ____D C:\Program Files (x86)\DXBall2
2017-03-24 02:23 - 2017-04-06 17:24 - 00000000 ____D C:\Users\Eve8500\AppData\Roaming\Kodi
2017-03-24 02:23 - 2017-03-24 02:23 - 00001869 _____ C:\Users\Eve8500\Desktop\Kodi.lnk
2017-03-24 02:20 - 2017-03-24 02:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodi
2017-03-24 02:20 - 2017-03-24 02:20 - 00000000 ____D C:\Program Files (x86)\Kodi
2017-03-23 20:27 - 2017-03-24 01:16 - 00000000 ____D C:\Users\Eve8500\AppData\LocalLow\Unity
2017-03-23 20:27 - 2017-03-24 01:16 - 00000000 ____D C:\Users\Eve8500\AppData\Local\Unity
2017-03-15 19:33 - 2017-03-15 19:33 - 00000137 _____ C:\Users\Eve8500\Desktop\Rebate 1113851526128514.url
2017-03-15 09:12 - 2017-03-04 13:24 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-03-15 09:12 - 2017-03-04 12:39 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-03-15 09:12 - 2017-03-04 04:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-03-15 09:12 - 2017-03-04 04:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-03-15 09:12 - 2017-03-04 04:02 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-03-15 09:12 - 2017-03-04 04:01 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-03-15 09:12 - 2017-03-04 04:01 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-03-15 09:12 - 2017-03-04 04:01 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-03-15 09:12 - 2017-03-04 04:01 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-03-15 09:12 - 2017-03-04 03:59 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-03-15 09:12 - 2017-03-04 03:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-03-15 09:12 - 2017-03-04 03:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-03-15 09:12 - 2017-03-04 03:48 - 25746944 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-03-15 09:12 - 2017-03-04 03:46 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-03-15 09:12 - 2017-03-04 03:45 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-03-15 09:12 - 2017-03-04 03:45 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-03-15 09:12 - 2017-03-04 03:45 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-03-15 09:12 - 2017-03-04 03:44 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-03-15 09:12 - 2017-03-04 03:36 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-03-15 09:12 - 2017-03-04 03:32 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-03-15 09:12 - 2017-03-04 03:31 - 06045696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-03-15 09:12 - 2017-03-04 03:23 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-03-15 09:12 - 2017-03-04 03:21 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-03-15 09:12 - 2017-03-04 03:16 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-03-15 09:12 - 2017-03-04 03:16 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-03-15 09:12 - 2017-03-04 03:13 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-03-15 09:12 - 2017-03-04 03:11 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-03-15 09:12 - 2017-03-04 02:57 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-03-15 09:12 - 2017-03-04 02:55 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-03-15 09:12 - 2017-03-04 02:54 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-03-15 09:12 - 2017-03-04 02:52 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-03-15 09:12 - 2017-03-04 02:52 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-03-15 09:12 - 2017-03-04 02:26 - 15259648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-03-15 09:12 - 2017-03-04 02:25 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-03-15 09:12 - 2017-03-04 02:12 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-03-15 09:12 - 2017-03-04 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-03-15 09:12 - 2017-03-04 00:18 - 20281856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-03-15 09:12 - 2017-03-02 14:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-03-15 09:12 - 2017-03-02 14:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-03-15 09:12 - 2017-03-02 14:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-03-15 09:12 - 2017-03-02 14:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-03-15 09:12 - 2017-03-02 14:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-03-15 09:12 - 2017-03-02 14:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-03-15 09:12 - 2017-03-02 13:55 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-03-15 09:12 - 2017-03-02 13:54 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-03-15 09:12 - 2017-03-02 13:53 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-03-15 09:12 - 2017-03-02 13:51 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-03-15 09:12 - 2017-03-02 13:50 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-03-15 09:12 - 2017-03-02 13:49 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-03-15 09:12 - 2017-03-02 13:49 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-03-15 09:12 - 2017-03-02 13:41 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-03-15 09:12 - 2017-03-02 13:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-03-15 09:12 - 2017-03-02 13:35 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-03-15 09:12 - 2017-03-02 13:32 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-03-15 09:12 - 2017-03-02 13:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-03-15 09:12 - 2017-03-02 13:29 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-03-15 09:12 - 2017-03-02 13:28 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-03-15 09:12 - 2017-03-02 13:22 - 04604416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-03-15 09:12 - 2017-03-02 13:21 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-03-15 09:12 - 2017-03-02 13:19 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-03-15 09:12 - 2017-03-02 13:17 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-03-15 09:12 - 2017-03-02 13:17 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-03-15 09:12 - 2017-03-02 13:11 - 13654528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-03-15 09:12 - 2017-03-02 12:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-03-15 09:12 - 2017-03-02 12:50 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-03-15 09:12 - 2017-03-02 12:50 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-03-15 09:12 - 2017-02-10 10:33 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-03-15 09:12 - 2017-02-09 12:36 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-03-15 09:12 - 2017-02-09 12:35 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-03-15 09:12 - 2017-02-09 12:35 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-03-15 09:12 - 2017-02-09 12:33 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-03-15 09:12 - 2017-02-09 12:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-03-15 09:12 - 2017-02-09 12:32 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-03-15 09:12 - 2017-02-09 12:31 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-03-15 09:12 - 2017-02-09 12:31 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-03-15 09:12 - 2017-02-09 12:31 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-03-15 09:12 - 2017-02-09 12:31 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-03-15 09:12 - 2017-02-09 12:31 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-03-15 09:12 - 2017-02-09 12:19 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-03-15 09:12 - 2017-02-09 12:19 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-03-15 09:12 - 2017-02-09 12:14 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-03-15 09:12 - 2017-02-09 12:14 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-03-15 09:12 - 2017-02-09 12:00 - 03220480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-03-15 09:12 - 2017-02-09 10:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-03-15 09:12 - 2017-01-11 14:01 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-03-15 09:11 - 2017-02-11 11:58 - 00462848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-03-15 09:11 - 2017-02-11 11:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-03-15 09:11 - 2017-02-11 11:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-03-15 09:11 - 2017-02-10 12:32 - 00803328 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-03-15 09:11 - 2017-02-10 12:32 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-03-15 09:11 - 2017-02-10 12:17 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2017-03-15 09:11 - 2017-02-10 12:17 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-03-15 09:11 - 2017-02-09 12:35 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-03-15 09:11 - 2017-02-09 12:35 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-03-15 09:11 - 2017-02-09 12:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-03-15 09:11 - 2017-02-09 12:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-03-15 09:11 - 2017-02-09 12:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-03-15 09:11 - 2017-02-09 12:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-03-15 09:11 - 2017-02-09 12:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-03-15 09:11 - 2017-02-09 12:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-03-15 09:11 - 2017-02-09 12:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-03-15 09:11 - 2017-02-09 12:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-03-15 09:11 - 2017-02-09 12:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-03-15 09:11 - 2017-02-09 12:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-03-15 09:11 - 2017-02-09 12:32 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
2017-03-15 09:11 - 2017-02-09 12:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-03-15 09:11 - 2017-02-09 12:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-03-15 09:11 - 2017-02-09 12:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-03-15 09:11 - 2017-02-09 12:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00625664 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:16 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00481792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 12:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-03-15 09:11 - 2017-02-09 12:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-03-15 09:11 - 2017-02-09 12:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-03-15 09:11 - 2017-02-09 12:02 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-03-15 09:11 - 2017-02-09 11:59 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-03-15 09:11 - 2017-02-09 11:58 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-03-15 09:11 - 2017-02-09 11:55 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-03-15 09:11 - 2017-02-09 11:55 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-03-15 09:11 - 2017-02-09 11:55 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-03-15 09:11 - 2017-02-09 11:54 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-03-15 09:11 - 2017-02-09 11:54 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-03-15 09:11 - 2017-02-09 11:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-03-15 09:11 - 2017-02-09 11:51 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcsPlugInService.dll
2017-03-15 09:11 - 2017-02-09 11:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-03-15 09:11 - 2017-02-09 11:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-03-15 09:11 - 2017-02-09 11:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-03-15 09:11 - 2017-02-09 11:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-03-15 09:11 - 2017-02-09 11:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-03-15 09:11 - 2017-02-09 11:49 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 11:49 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 11:49 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 11:49 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-03-15 09:11 - 2017-02-09 10:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-03-15 09:11 - 2017-02-06 12:14 - 00733696 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-03-15 09:11 - 2017-01-13 14:00 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-03-15 09:11 - 2017-01-13 14:00 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2017-03-15 09:11 - 2017-01-13 13:45 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-03-15 09:11 - 2017-01-13 13:45 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2017-03-15 09:11 - 2017-01-11 14:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2017-03-15 09:11 - 2017-01-11 13:43 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2017-03-15 09:11 - 2017-01-11 13:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2017-03-15 09:11 - 2017-01-06 14:00 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-03-15 09:11 - 2017-01-06 13:44 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-03-15 09:07 - 2017-02-22 19:42 - 00084712 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-03-15 09:07 - 2017-02-22 19:37 - 01285632 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-03-15 09:07 - 2017-02-18 10:05 - 01609216 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-03-15 09:07 - 2017-02-18 10:05 - 00646656 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-03-11 13:32 - 2017-04-06 07:15 - 00000265 _____ C:\Users\Eve8500\Desktop\pop pens.url
2017-03-09 12:57 - 2017-03-09 12:57 - 00000251 _____ C:\Users\Eve8500\Desktop\Organic Facial or Massage - Skin Station- 8 Avenue Brooklyn Groupon.url

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-04-08 00:11 - 2015-07-31 06:51 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2017-04-08 00:11 - 2012-09-25 03:18 - 00000000 ____D C:\ProgramData\Temp
2017-04-08 00:09 - 2014-10-14 03:06 - 00251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-04-08 00:09 - 2012-12-03 02:59 - 00000000 ____D C:\Program Files (x86)\CyberPower PowerPanel Personal Edition
2017-04-08 00:08 - 2013-03-16 11:27 - 00000000 ____D C:\ProgramData\NVIDIA
2017-04-08 00:08 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-08 00:06 - 2016-08-07 09:45 - 00003026 _____ C:\Windows\System32\Tasks\EVGAPrecision
2017-04-08 00:03 - 2012-11-19 13:04 - 00000000 ____D C:\Users\Eve8500\AppData\Local\CrashDumps
2017-04-07 22:15 - 2009-07-14 00:45 - 00027936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-07 22:15 - 2009-07-14 00:45 - 00027936 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-07 22:13 - 2014-04-25 19:39 - 00000000 ____D C:\ProgramData\Freemake
2017-04-07 22:12 - 2009-07-14 01:13 - 00784366 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-07 22:12 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2017-04-07 21:26 - 2014-12-28 13:42 - 00000000 ____D C:\ProgramData\RogueKiller
2017-04-07 20:05 - 2014-04-25 19:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake vid rotater
2017-04-07 15:13 - 2016-09-04 12:46 - 00000000 ____D C:\Users\Eve8500\Desktop\dd pics
2017-04-07 14:43 - 2014-12-28 13:42 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-04-07 13:33 - 2015-08-24 23:44 - 00000008 __RSH C:\ProgramData\ntuser.pol
2017-04-07 13:33 - 2012-10-18 22:28 - 00000008 __RSH C:\Users\Eve8500\ntuser.pol
2017-04-07 13:33 - 2012-10-15 17:32 - 00000000 ____D C:\Users\Eve8500
2017-04-07 13:18 - 2016-08-10 02:13 - 00004096 ___SH C:\VSNAP.IDX
2017-04-07 13:17 - 2013-01-28 15:02 - 00000000 ____D C:\Users\Eve8500\AppData\LocalLow\Temp
2017-04-07 13:16 - 2009-07-13 23:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-04-07 13:16 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2017-04-07 12:08 - 2015-08-26 06:36 - 00000000 ____D C:\ProgramData\Unchecky
2017-04-07 11:27 - 2012-12-01 00:33 - 00000000 ____D C:\LTemp On Desktop
2017-04-07 09:44 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\Registration
2017-04-06 21:46 - 2012-12-19 20:21 - 00000000 ____D C:\Program Files (x86)\Steam
2017-04-06 17:14 - 2015-08-01 12:14 - 00001062 _____ C:\Users\Eve8500\Desktop\returns.txt
2017-04-05 19:02 - 2012-11-30 22:44 - 00000000 ____D C:\Lou Saved Files
2017-04-05 18:55 - 2012-10-23 15:15 - 00000000 ____D C:\DivXtoDvdMovies
2017-04-05 18:52 - 2012-12-01 00:50 - 00000000 ____D C:\Users\Eve8500\Downloads\exercise vids
2017-04-05 18:48 - 2009-07-14 01:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-04-05 16:32 - 2014-08-09 17:34 - 00002193 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-04-05 11:00 - 2012-10-18 18:59 - 00000000 ____D C:\Users\Eve8500\AppData\Roaming\vlc
2017-04-04 09:58 - 2016-11-08 22:23 - 00000000 ____D C:\Users\Eve8500\AppData\Roaming\DesktopOK
2017-04-03 02:43 - 2012-10-18 19:03 - 00000000 ____D C:\Users\Eve8500\AppData\Roaming\uTorrent
2017-04-01 16:27 - 2012-10-18 19:06 - 00000000 ____D C:\Program Files (x86)\EVGA Precision X
2017-04-01 04:45 - 2013-09-02 14:19 - 00000000 ____D C:\ProgramData\Garmin
2017-04-01 04:43 - 2013-10-30 02:37 - 00000000 ____D C:\ProgramData\Package Cache
2017-04-01 03:57 - 2013-09-02 14:19 - 00000000 ____D C:\Program Files (x86)\Garmin
2017-04-01 03:56 - 2013-09-02 14:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2017-03-31 12:44 - 2012-12-01 00:58 - 00000000 ____D C:\Pics
2017-03-30 10:49 - 2012-10-18 18:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware And Cleanup
2017-03-28 14:41 - 2015-01-12 14:10 - 00000000 ____D C:\Users\Eve8500\AppData\Local\LumaEmu_SteamCloud
2017-03-28 14:06 - 2015-02-14 10:46 - 00000000 ____D C:\Users\Eve8500\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2017-03-28 09:13 - 2016-10-07 00:53 - 00000000 ____D C:\Users\Eve8500\AppData\Local\2K Games
2017-03-28 05:54 - 2013-03-03 05:32 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-03-28 05:06 - 2014-10-14 03:05 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-27 14:03 - 2012-11-30 23:50 - 00000000 ____D C:\Lou Videos
2017-03-27 13:53 - 2015-12-04 20:21 - 00000000 ____D C:\Users\Eve8500\Desktop\pix
2017-03-27 13:40 - 2016-03-10 20:31 - 00000000 ____D C:\Users\Eve8500\Desktop\Team V copy
2017-03-25 08:42 - 2015-02-05 09:12 - 00000000 ____D C:\Program Files\iTunes
2017-03-25 08:41 - 2012-10-27 14:53 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-03-25 07:26 - 2016-10-12 22:12 - 00000000 ____D C:\Program Files (x86)\iMobie
2017-03-23 23:59 - 2012-09-25 03:21 - 00000000 ____D C:\ProgramData\Roxio
2017-03-23 20:26 - 2012-11-28 17:55 - 00000000 ____D C:\Users\Eve8500\AppData\Local\Deployment
2017-03-15 21:01 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2017-03-15 09:39 - 2013-03-15 19:29 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-03-15 09:39 - 2013-03-15 19:29 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-03-15 09:39 - 2009-07-14 00:45 - 00546872 _____ C:\Windows\system32\FNTCACHE.DAT
2017-03-15 09:36 - 2014-12-10 05:24 - 00000000 ____D C:\Windows\system32\appraiser
2017-03-15 09:36 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\DVD Maker
2017-03-15 09:18 - 2013-07-10 04:40 - 00000000 ____D C:\Windows\system32\MRT
2017-03-15 09:14 - 2012-10-15 19:48 - 138634176 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-03-15 09:13 - 2015-05-12 20:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-03-11 11:20 - 2009-07-14 01:08 - 00032582 _____ C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

Some files in TEMP:
====================
2017-04-07 14:42 - 2017-02-09 12:33 - 1732864 _____ (Microsoft Corporation) C:\Users\Eve8500\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

LastRegBack: 2017-04-03 10:38

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-03-2017
Ran by Eve8500 (08-04-2017 00:15:17)
Running from C:\Users\Eve8500\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-10-15 21:32:13)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\...\uTorrent) (Version: 3.4.1.30740 - BitTorrent Inc.)
3DMark 11 (HKLM-x32\...\{f9e83b9c-ab7e-4005-8f32-4ea69703a5e4}) (Version: 1.0.132.0 - Futuremark)
3DMark 11 (Version: 1.0.132.0 - Futuremark) Hidden
3DMark Vantage (HKLM-x32\...\{C40C3C3D-97CF-44B5-836C-766E374464B3}) (Version: 1.1.0 - Futuremark Corporation)
AB Commander (HKLM\...\AB Commander) (Version: 9.8.1 - WinAbility® Software Corporation)
ACID Music Studio 9.0 (HKLM-x32\...\{78EB80B0-18A0-11E2-9761-F04DA23A5C58}) (Version: 9.0.35 - Sony)
Active@ KillDisk 9.1 (HKLM\...\{81B939C1-0219-42B6-A352-D5E43F2BDFAE}_is1) (Version: 9.1 - LSoft Technologies Inc)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.7.700.202 - Adobe Systems Incorporated)
Adobe Flash Player 23 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: - Amazon)
Amazon Unbox Video (HKLM-x32\...\InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}) (Version: 2.2.0.153 - Amazon.com)
Amazon Unbox Video (x32 Version: 2.2.0.153 - Amazon.com) Hidden
Ansel (Version: 375.70 - NVIDIA Corporation) Hidden
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{05E07D23-91E9-4E70-A4CC-EF505088F967}) (Version: 5.4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{741291DA-2B34-4D44-8FB6-58EDE21261D8}) (Version: 5.4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{DB18F1C0-846F-46F5-A074-5B97C8AF5C8E}) (Version: 10.3.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.170 - Atheros)
AVI Splitter (HKLM-x32\...\AVI Splitter_is1) (Version: - )
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
calibre (HKLM-x32\...\{7050D165-886B-42BD-A39E-9B28C9728318}) (Version: 2.9.0 - Kovid Goyal)
Call of Duty Infinite Warfare (HKLM-x32\...\Call of Duty Infinite Warfare_is1) (Version: 1.0.0.1 - Activision Blizzard)
Call of Duty: Black Ops III (HKLM\...\Q2FsbG9mRHV0eUJsYWNrT3BzSUlJ_is1) (Version: 1 - )
CameraHelperMsi (x32 Version: 13.40.836.0 - Logitech) Hidden
Casper 8.0 (HKLM\...\{FB725A1C-D2D2-4414-B302-DD6B7AF6DA27}) (Version: 8.0.46120 - Future Systems Solutions, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
ChoiceMail 2012 (HKLM-x32\...\ChoiceMail 2012) (Version: 4.2 - DigiPortal Software Inc)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CleanUp! (HKLM-x32\...\CleanUp!) (Version: - )
ClipGrab 3.4.9 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version: - Philipp Schmieder Medien)
ConvertXtoDVD 4.1.19.365 (HKLM-x32\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.1.19.365 - )
Core Temp 1.0 RC4 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.4) (Version: 5.0.0.4 - Coupons.com Incorporated)
CyberLink PowerDVD 9.6 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.6.1.4418 - CyberLink Corp.)
CyberPower PowerPanel Personal Edition 1.3.4 (HKLM-x32\...\{612DBD6B-D073-43A9-8A26-D89DDF835137}) (Version: 1.3.4 - Cyber Power Systems, Inc.)
DAEMON Tools Toolbar (HKLM-x32\...\DAEMON Tools Toolbar) (Version: 1.0.8.0552 - DT Soft Ltd) <==== ATTENTION
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Dell Inc.)
DigiDo (HKLM-x32\...\DigiDo_is1) (Version: - )
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DOOM (HKLM\...\Steam App 379720) (Version: - id Software)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
DX-Ball 2 v1.25 (HKLM-x32\...\DX-Ball 2 v1.25) (Version: - )
Elevated Installer (x32 Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
E-TRADE Pro 1.10 (HKLM-x32\...\4285-0367-3118-9779) (Version: 1.10 - E*TRADE Financial)
EVGA Precision X 3.0.3 (HKLM-x32\...\PrecisionX) (Version: 3.0.3 - EVGA Corporation)
F.E.A.R. 3 (HKLM-x32\...\F.E.A.R. 3_is1) (Version: - )
FaxTools eXPert (HKLM-x32\...\{C339CAC7-65FF-40F3-9D56-317BF20C8CFF}) (Version: 8.00 - BVRP Software)
Free MP3 Cutter 1.01 (HKLM-x32\...\{847E0734-4457-4B48-BF49-998D1CF2CFA1}_is1) (Version: - PolySoft Solutions)
Free Video Cutter version 1.2.1 (HKLM-x32\...\{B089C7D5-C978-4DB0-AFDE-471A42759CB0}_is1) (Version: 1.2.1 - Free Studio)
Freedom Art Collection (HKLM-x32\...\{54F073B8-7E88-45FE-9648-61F77EC02E0D}) (Version: - )
Freemake Video Converter version 4.1.9 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.9 - Ellora Assets Corporation)
Futuremark SystemInfo (HKLM-x32\...\{0DD83DE7-507E-44AE-BC2D-2FAAFA48CCA5}) (Version: 4.37.548.0 - Futuremark)
Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{bd8bd200-9a60-4969-b267-6b565f36e3da}) (Version: 5.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 5.3.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Training Center (HKLM-x32\...\{7D542452-84EB-47C0-97BA-735C523AB555}) (Version: 3.6.5 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{DC7720F2-98BE-41C1-B0A8-E391362E86B8}) (Version: 2.3.1.1 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{57BB4801-61C8-4E74-9672-2160728A461E}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\R3JhbmRUaGVmdEF1dG9W_is1) (Version: 1 - )
Hallmark Card Studio 2014 Deluxe (HKLM-x32\...\{B9FF36AF-29F6-47EC-BE07-D3FB2CA02531}) (Version: 15.0.0.10 - Creative Home)
Holiday Art Collection (HKLM-x32\...\{F68DF664-1C34-48B2-BE8D-AF26F6CFFE90}) (Version: - )
Homefront: The Revolution (HKLM\...\Steam App 223100) (Version: - Dambuster Studios)
InPixio Photo (HKLM-x32\...\{5F0C0CD8-77B1-4C3E-9F01-5AF10D85DBB4}) (Version: 6.04.0 - Avanquest Software)
InstaCards (HKLM-x32\...\{58259C24-7B5E-4977-93B0-E9EEA1B884CE}) (Version: 1.5.0 - Avanquest Software)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
iTunes (HKLM\...\{164600BE-9CEC-44E6-9B38-2B12D5FE2342}) (Version: 12.6.0.100 - Apple Inc.)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Just Cause 3 (HKLM\...\Steam App 225540) (Version: - Avalanche Studios)
Kits Configuration Installer (x32 Version: 8.59.25584 - Microsoft) Hidden
Kodi (HKU\S-1-5-21-2502943303-2344771959-3953300128-1004\...\Kodi) (Version: - XBMC-Foundation)
LEGO MARVEL's Avengers (HKLM\...\bGVnb21hcnZlbHNhdmVuZ2Vycw_is1) (Version: 1 - )
LiveUpdate 3.2 (Symantec Corporation) (HKLM-x32\...\LiveUpdate) (Version: 3.2.0.68 - Symantec Corporation)
Lock my Folder (HKLM-x32\...\Lock my Folder) (Version: - )
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.40 - Logitech Inc.)
LSI PCI-SV92EX Soft Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation)
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50905.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Minecraft: Story Mode - A Telltale Games Series (HKLM\...\TWluZWNyYWZ0U3RvcnlNb2RlQVRlbGx0YWxlR2FtZXNTZXJpZXM=_is1) (Version: 1 - )
Minecraft: Story Mode (HKLM-x32\...\Minecraft: Story Mode_is1) (Version: - )
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Multimedia Card Reader (HKLM-x32\...\InstallShield_{4B3D9AA4-B47A-4349-A64F-04D5A9226D7C}) (Version: 2.2.915.108 - Fitipower)
Multimedia Card Reader (x32 Version: 2.2.915.108 - Fitipower) Hidden
Nero 8 (HKLM-x32\...\{9EDBB857-8028-49CD-B9C9-0B4D10CD1033}) (Version: 8.10.293 - Nero AG)
Norton Ghost (HKLM-x32\...\{B0255743-165B-4BD5-8DA8-37DFB9930015}) (Version: 15.0.1.36526 - Symantec Corporation)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.7.0.11 - Symantec Corporation)
Novacomd (HKLM\...\{BA9A297F-0198-4EE8-90CB-F5036C180E1D}) (Version: 1.0.0.76 - Palm, Inc.)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 376.53 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.53 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.20.386 - Electronic Arts, Inc.)
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
PMB (HKLM-x32\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.8.02.10270 - Sony Corporation)
Print Artist 2003 (HKLM-x32\...\Print Artist 2003) (Version: - )
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7404 - Realtek Semiconductor Corp.)
Replay Video Capture 6 (HKLM-x32\...\Replay Video Capture6.0.6) (Version: 6.0.6 - Applian Technologies Inc.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
ScummVM 1.8.1 (HKLM-x32\...\ScummVM_is1) (Version: - The ScummVM Team)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
Unchecky v1.0.2 (HKLM-x32\...\Unchecky) (Version: 1.0.2 - RaMMicHaeL)
VCRedistSetup (x32 Version: 1.0.0 - Nero AG) Hidden
Video Download Capture version 4.8.6 (HKLM-x32\...\{3C9D008D-3716-4C3F-90CD-38ED57568FAB}_is1) (Version: 4.8.6 - APOWERSOFT LIMITED)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VoiceOver Kit (HKLM\...\{703D47B8-2869-4A50-B988-BDE18772A474}) (Version: 1.43.128.3 - Apple Inc.)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
WinAVI All in One Converter (HKLM-x32\...\WinAVI All in One Converter) (Version: 1.6.0.4147 - ZJMedia Digital Technology Ltd.)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Driver Package - Palm (WinUSB) Palm Devices (10/09/2009 1.0.1) (HKLM\...\332CCC08910F1AE2E4D90D25DEDE87E3EF797832) (Version: 10/09/2009 1.0.1 - Palm)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Software Development Kit (HKLM-x32\...\{363a2c1e-637f-45ce-933b-5a5463efd945}) (Version: 8.59.29750 - Microsoft Corporation)
WPT Redistributables (x32 Version: 8.59.29750 - Microsoft) Hidden
WPTx64 (x32 Version: 8.59.29722 - Microsoft) Hidden
Xilisoft AVCHD Converter (HKLM-x32\...\Xilisoft AVCHD Converter) (Version: 7.6.0.20121027 - Xilisoft)
Xilisoft Blu-ray Creator 2 (HKLM-x32\...\Xilisoft Blu-ray Creator 2) (Version: 2.0.4.20120816 - Xilisoft)
Xilisoft Video Converter Ultimate (HKLM-x32\...\Xilisoft Video Converter Ultimate) (Version: 7.8.6.20150130 - Xilisoft)
Xilisoft Video Cutter 2 (HKLM-x32\...\Xilisoft Video Cutter 2) (Version: 2.2.0.20130109 - Xilisoft)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {216C9EC5-4E11-41D7-A03B-969804CCE42C} - System32\Tasks\Core Temp Autostart Eve8500 => C:\Program Files\Core Temp\Core Temp.exe [2012-10-14] ()
Task: {3036EE56-7A2E-4F05-BFC1-EF48F6303142} - System32\Tasks\Future Systems Solutions\Casper\Casper 8.0 Update Notification Task => C:\Program Files (x86)\Future Systems Solutions\Casper 8.0\CASPER.EXE [2016-11-29] (Future Systems Solutions, Inc.)
Task: {3B55C869-4EC0-42CF-8633-69C48B0900AB} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2015-07-27] (Symantec Corporation)
Task: {40F50DA2-38C7-4BED-9A93-52D73EBF30CA} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe
Task: {46B61A5C-BA68-4B3D-A4B9-3098B585EA44} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-17] (Piriform Ltd)
Task: {503A021C-CD36-4D6F-BF86-8B3B452DE9DA} - System32\Tasks\{247551DD-D264-463B-B18B-78028B70EB2E} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" -c /uninstall STANDARDR /dll OSETUP.DLL
Task: {5AD12929-5A18-4D95-8585-8EB6EE1A21EC} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {5AD578C7-C7F0-4167-BCF2-716FA905ABFE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {63023130-12AA-4CDA-80D3-13FC0E889ED5} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\WSCStub.exe [2015-07-27] (Symantec Corporation)
Task: {6DD79418-02F6-4205-925C-82D6AB8E34C0} - System32\Tasks\EVGAPrecisionX => C:\Program Files (x86)\EVGA\PrecisionX 16\PrecisionX_x64.exe
Task: {79F98378-B3DD-45D6-A4F1-2EFC834213B3} - System32\Tasks\EVGAPrecision => C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe [2012-06-29] ()
Task: {7A43869A-143F-4D57-9D99-8DDF3D7967D1} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {7D437B7C-3B5D-498F-A5C0-09212610DEE2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {81A18E3C-34DA-4439-9305-00A25967A7D4} - System32\Tasks\{A1571B6E-4F81-4EA0-B4BB-05CD7C3828CA} => C:\Users\Eve8500\Downloads\iTunes64Setup.exe
Task: {87EFF34E-E809-4B84-A7D4-5BB6F4AC01B7} - System32\Tasks\{DE166F3F-CFD9-4FA9-B774-6C8ABB4DD8FC} => pcalua.exe -a "C:\Users\Eve8500\Desktop\microsoft office 2007 including word\contents of disc\setup.exe" -d "C:\Users\Eve8500\Desktop\microsoft office 2007 including word\contents of disc"
Task: {9D86550E-E6BA-41AE-80D2-3006AC31B390} - System32\Tasks\{9A861C6E-26B5-4D69-A49C-AEDDB201C831} => C:\Users\Eve8500\Downloads\iTunes64Setup.exe
Task: {B5FA3DC1-3F54-4F60-8CF6-EA7541843EE4} - System32\Tasks\{6B5C90D5-8FC4-43D0-A1D5-C856BB328CB8} => pcalua.exe -a "C:\Users\Eve8500\Desktop\lou drive\microsoft office 2007 including word\contents of disc\setup.exe" -d "C:\Users\Eve8500\Desktop\lou drive\microsoft office 2007 including word\contents of disc"
Task: {B8D563BF-D02B-45EE-989C-3E3DDC15473E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {D3318F6B-6C07-4494-9475-ABA5D07DEA41} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-04] (Adobe Systems Incorporated)
Task: {EC5D8A48-A789-4DAB-86CC-B8A527E13E18} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {F9311ED2-67E1-4D48-A4AC-51D18F03E4E6} - System32\Tasks\{F4921858-36E5-49CD-98AE-5D768D586F60} => pcalua.exe -a C:\Users\Eve8500\Desktop\Symantec_Ghost_Solution_Suite_2.5.1_Trial_AllWin_EN.exe -d C:\Users\Eve8500\Desktop

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:285774C5 [202]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

There are 6091 more sites.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2017-04-08 00:09 - 00001235 ____A C:\Windows\system32\Drivers\etc\hosts

There are 4 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Amazon Unbox.lnk => C:\Windows\pss\Amazon Unbox.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Event Planner Reminder.lnk => C:\Windows\pss\Event Planner Reminder.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^UltraMon.lnk => C:\Windows\pss\UltraMon.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Eve8500^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GUIStartLoad.lnk => C:\Windows\pss\GUIStartLoad.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Eve8500^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk => C:\Windows\pss\Logitech . Product Registration.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Eve8500^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^stop acronis.bat => C:\Windows\pss\stop acronis.bat.Startup
MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: AcronisTibMounterMonitor => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
MSCONFIG\startupreg: AddressBookReminderApp => C:\Program Files (x86)\Creative Home\Hallmark Card Studio 2014 Deluxe\ReminderApp.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\athbttray.exe"
MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\btvstack.exe"
MSCONFIG\startupreg: Avanquest Message => "C:\Users\Eve8500\AppData\Local\Avanquest\Avanquest Message\AQNotif.exe"
MSCONFIG\startupreg: BDRegion => C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe"
MSCONFIG\startupreg: Bomgar_Cleanup_ZD6834250912113 => cmd.exe /C rd /S /Q "C:\ProgramData\apple-scc-0000000052EED2B9" & reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD6834250912113 /f
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: DellSystemDetect => C:\Users\Eve8500\AppData\Local\Apps\2.0\XWW6Y31P.2B0\H08492A2.9KP\dell..tion_6d0a76327dca4869_0007.0009_d84bde3ab35e468d\DellSystemDetect.exe 4zZn5oeQk9WMM5ZBt7fsYA==
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: DigiDo => "C:\Program Files (x86)\Optimum\DigiDo\TrayApp.exe" startup
MSCONFIG\startupreg: EaseUS EPM tray => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.5\bin\EpmNews.exe
MSCONFIG\startupreg: EaseUS EPM Tray Agent => "C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.5\bin\TrayPopupE\TrayTipAgentE.exe"
MSCONFIG\startupreg: EEventManager => C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
MSCONFIG\startupreg: EPSON Artisan 710 Series => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFSA.EXE /FU "C:\Windows\TEMP\E_S4BDF.tmp" /EF "HKCU"
MSCONFIG\startupreg: Fitbit Connect => "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: IAStorIcon => "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LifeCam => "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: Monitor => "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
MSCONFIG\startupreg: NBKeyScan => "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: Nvtmru => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
MSCONFIG\startupreg: PDVD9LanguageShortcut => "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
MSCONFIG\startupreg: PMBVolumeWatcher => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
MSCONFIG\startupreg: PowerPanel Personal Edition User Interaction => C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe
MSCONFIG\startupreg: ProductUpdater => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
MSCONFIG\startupreg: RemoteControl9 => "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
MSCONFIG\startupreg: RtHDVBg => "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX4
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
MSCONFIG\startupreg: SearchProtection => "C:\Users\Eve8500\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
MSCONFIG\startupreg: ShadowPlay => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: Shwicon9106 => C:\Program Files (x86)\Multimedia Card Reader(9106)\Shwicon9106.exe
MSCONFIG\startupreg: SilentCleanService => C:\Program Files (x86)\iMobie\AnyTrans\${CHECK_RUNSERVICE_NAME}
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
MSCONFIG\startupreg: TrueImageMonitor.exe => "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
MSCONFIG\startupreg: VX3000 => C:\Windows\vVX3000.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (04/08/2017 12:09:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FreemakeUtilsService.exe, version: 1.0.0.0, time stamp: 0x5809d459
Faulting module name: KERNELBASE.dll, version: 6.1.7601.23677, time stamp: 0x589c9620
Exception code: 0xe0434352
Fault offset: 0x0000c54f
Faulting process id: 0x814
Faulting application start time: 0x01d2b01dd232f349
Faulting application path: C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report Id: 1a7fed05-1c11-11e7-8a6f-e006e6a49d8c

Error: (04/08/2017 12:08:50 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: FreemakeUtilsService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
   at FreemakeUtilsService.Statistics.Manager.ApplyNewTargetsConfigs()
   at FreemakeUtilsService.Statistics.Manager.TargetsConfigSyncCompleted(System.Object, System.EventArgs)
   at FreemakeUtilsService.Common.Synchronizer.OnWorkerCompleted(System.Object, System.ComponentModel.RunWorkerCompletedEventArgs)
   at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(System.ComponentModel.RunWorkerCompletedEventArgs)
   at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (04/08/2017 12:03:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: aswmbr.exe, version: 1.0.1.2290, time stamp: 0x54b4df14
Faulting module name: ntdll.dll, version: 6.1.7601.23677, time stamp: 0x589c957a
Exception code: 0xc0000005
Fault offset: 0x0002e49b
Faulting process id: 0x548
Faulting application start time: 0x01d2b01cd1c77c49
Faulting application path: C:\Users\Eve8500\Desktop\aswmbr.exe
Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report Id: 437d0858-1c10-11e7-a19b-e006e6a49d8c

Error: (04/07/2017 09:48:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: aswmbr.exe, version: 1.0.1.2290, time stamp: 0x54b4df14
Faulting module name: ntdll.dll, version: 6.1.7601.23677, time stamp: 0x589c957a
Exception code: 0xc0000005
Fault offset: 0x0002e49b
Faulting process id: 0x1138
Faulting application start time: 0x01d2b0095d9a9253
Faulting application path: C:\Users\Eve8500\Desktop\aswmbr.exe
Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report Id: 7352f4d1-1bfd-11e7-8753-e006e6a49d8c

Error: (04/07/2017 09:41:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: aswmbr.exe, version: 1.0.1.2290, time stamp: 0x54b4df14
Faulting module name: ntdll.dll, version: 6.1.7601.23677, time stamp: 0x589c957a
Exception code: 0xc0000005
Fault offset: 0x0002e49b
Faulting process id: 0x1104
Faulting application start time: 0x01d2b008bb032130
Faulting application path: C:\Users\Eve8500\Desktop\aswmbr.exe
Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report Id: 6be1d3a2-1bfc-11e7-8753-e006e6a49d8c

Error: (04/07/2017 09:37:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: aswmbr.exe, version: 1.0.1.2290, time stamp: 0x54b4df14
Faulting module name: ntdll.dll, version: 6.1.7601.23677, time stamp: 0x589c957a
Exception code: 0xc0000005
Fault offset: 0x0002e49b
Faulting process id: 0x1288
Faulting application start time: 0x01d2b00755b28178
Faulting application path: C:\Users\Eve8500\Desktop\aswmbr.exe
Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report Id: e8c441e8-1bfb-11e7-8753-e006e6a49d8c

Error: (04/07/2017 06:17:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18616, time stamp: 0x58b84bfb
Faulting module name: jscript9.dll, version: 11.0.9600.18616, time stamp: 0x58b854b0
Exception code: 0xc0000005
Fault offset: 0x00116f55
Faulting process id: 0x22f8
Faulting application start time: 0x01d2afeca89d3a5a
Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Faulting module path: C:\Windows\SysWOW64\jscript9.dll
Report Id: fcee8030-1bdf-11e7-8753-e006e6a49d8c

Error: (04/07/2017 06:16:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18616, time stamp: 0x58b84bfb
Faulting module name: jscript9.dll, version: 11.0.9600.18616, time stamp: 0x58b854b0
Exception code: 0xc0000005
Fault offset: 0x00116d39
Faulting process id: 0x1eac
Faulting application start time: 0x01d2afec890476a5
Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Faulting module path: C:\Windows\SysWOW64\jscript9.dll
Report Id: dfdd5def-1bdf-11e7-8753-e006e6a49d8c

System errors:
=============
Error: (04/08/2017 12:09:54 AM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: D@01010004

Error: (04/08/2017 12:09:54 AM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: D@01010004

Error: (04/08/2017 12:09:41 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Freemake Improver service terminated unexpectedly. It has done this 1 time(s).

Error: (04/08/2017 12:09:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (04/08/2017 12:09:22 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.

Error: (04/07/2017 11:14:09 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

==================== Memory info ===========================

Processor: Intel® Core™ i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 21%
Total physical RAM: 16344.88 MB
Available physical RAM: 12881.96 MB
Total Virtual: 32687.93 MB
Available Virtual: 29129.7 MB

==================== Drives ================================

Drive c: (Local Disk) (Fixed) (Total:1849.34 GB) (Free:521.41 GB) NTFS
Drive f: (Local Disk) (Fixed) (Total:5588.9 GB) (Free:2363.16 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 5589 GB) (Disk ID: 00068DDD)

Partition: GPT.

==================== End of Addition.txt ============================

#12
RKinner

Posted 07 April 2017 - 10:43 PM

Malware Expert

Expert
24,625 posts

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:

2. Click Properties, and then click Tools.

3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,

4. Check both boxes and then click Start.

You will receive the following message:

The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?

Click Yes to schedule the disk check, but don't restart yet.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. Does this finish without complaint? IF it says it couldn't fix everything then:

Copy the next two lines:

findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt

notepad \windows\logs\cbs\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.

Hit Enter if notepad does not open. Copy and paste the text from notepad into a reply. Close nOtepad. Close the Command Window.

1. Please download the Event Viewer Tool by Vino Rosso

http://images.malwar...om/vino/VEW.exe

and save it to your Desktop:

2. Right-click VEW.exe and Run AS Administrator

3. Under 'Select log to query', select:

* System

4. Under 'Select type to list', select:

* Error

* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'

Type 20 in the 1 to 20 box

Then click the Run button.

Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application. (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)

bedtime for me.

#13
louuu

Posted 08 April 2017 - 06:39 AM

Member

Topic Starter
Member
260 posts

good morning ron. so I ran the error checking through the night as I slept. when I woke up it was just about done and took about 5 hours. I remember doing this a year or two ago and it took about that much time back then too as I have a 2tb hard drive. I was able to take 2 screen shots as it was finishing and I don't know if you want to see them but if you do I attached them below using the attach files section. when my system rebooted I ran the sfc /scannow and that did complete 100% successfully with no errors. it said the windows resource protection did not find any integrity violations. since that did complete successfully I didn't do the additional command prompt steps since those were only if the first step didn't fix everything or encountered problems. and finally here are the 2 vew files you requested. thanks again and ill wait for your reply.

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 08/04/2017 8:27:06 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 08/04/2017 11:47:01 AM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {7D1933CB-86F6-4A98-8628-01BE94C9A575} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 08/04/2017 11:46:34 AM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Freemake Improver service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 08/04/2017 11:46:30 AM
Type: Error Category: 0
Event: 1 Source: VDS Basic Provider
Unexpected failure. Error code: D@01010004

Log: 'System' Date/Time: 08/04/2017 11:45:44 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Origin Web Helper Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 08/04/2017 11:45:44 AM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 08/04/2017 11:46:26 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.01#058F63626476&1#.

Log: 'System' Date/Time: 08/04/2017 11:45:59 AM
Type: Warning Category: 0
Event: 7039 Source: Service Control Manager
A service process other than the one launched by the Service Control Manager connected when starting the Choice Mail service. The Service Control Manager launched process 3360 and process 3336 connected instead. Note that if this service is configured to start under a debugger, this behavior is expected.

Log: 'System' Date/Time: 08/04/2017 5:10:09 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 08/04/2017 5:10:09 AM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\system32\athihvs.dll

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 08/04/2017 8:29:29 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 08/04/2017 12:25:51 PM
Type: Error Category: 0
Event: 80 Source: SideBySide
Activation context generation failed for "c:\program files (x86)\nero\nero8\nero toolkit\DiscSpeed.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Log: 'Application' Date/Time: 08/04/2017 12:25:50 PM
Type: Error Category: 0
Event: 80 Source: SideBySide
Activation context generation failed for "c:\program files (x86)\nero\nero8\nero photosnap\PhotoSnapViewer.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Log: 'Application' Date/Time: 08/04/2017 12:25:50 PM
Type: Error Category: 0
Event: 80 Source: SideBySide
Activation context generation failed for "c:\program files (x86)\nero\nero8\nero photosnap\PhotoSnap.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.

Log: 'Application' Date/Time: 08/04/2017 12:19:19 PM
Type: Error Category: 0
Event: 35 Source: SideBySide
Activation context generation failed for "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8. Component identity found in manifest does not match the identity of the component requested. Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use sxstrace.exe for detailed diagnosis.

Log: 'Application' Date/Time: 08/04/2017 11:46:33 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: FreemakeUtilsService.exe, version: 1.0.0.0, time stamp: 0x5809d459 Faulting module name: KERNELBASE.dll, version: 6.1.7601.23677, time stamp: 0x589c9620 Exception code: 0xe0434352 Fault offset: 0x0000c54f Faulting process id: 0x810 Faulting application start time: 0x01d2b05d93a3e46f Faulting application path: C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe Faulting module path: C:\Windows\syswow64\KERNELBASE.dll Report Id: 0330cc4f-1c51-11e7-8a46-e006e6a49d8c

Log: 'Application' Date/Time: 08/04/2017 11:46:31 AM
Type: Error Category: 0
Event: 1026 Source: .NET Runtime
Application: FreemakeUtilsService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
   at FreemakeUtilsService.Statistics.Manager.ApplyNewTargetsConfigs()
   at FreemakeUtilsService.Statistics.Manager.TargetsConfigSyncCompleted(System.Object, System.EventArgs)
   at FreemakeUtilsService.Common.Synchronizer.OnWorkerCompleted(System.Object, System.ComponentModel.RunWorkerCompletedEventArgs)
   at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(System.ComponentModel.RunWorkerCompletedEventArgs)
   at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Attached Thumbnails

#14
RKinner

Posted 08 April 2017 - 07:12 AM

Malware Expert

Expert
24,625 posts

Uninstall:

Freemake Video Converter

Nero 8

Origin

Windows Live Essentials

as they are all causing errors. You can try reinstalling them later.

Also

you do not have the latest Java.

First go into Control Panel, Add/Remove Software (XP) or Programs and Features (Vista/Win 7) and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)

I see:

Java 8 Update 101

Java has been very vulnerable to infection so unless you absolutely need it you should not reinstall it.

If you feel you must have Java:

Get the latest Java at:

http://www.java.com/en/

Save it to your PC then close all browsers and install it. Do not let it install the yahoo toolbar or other foistware.

Once installed, go into Control Panel, Java, Security and set the slider to the Highest then OK.

(If you also want the 64 bit version then use the 64 bit version of IE to get it.)

After you uninstall the above then:

Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

1. Please download the Event Viewer Tool by Vino Rosso

http://images.malwar...om/vino/VEW.exe

and save it to your Desktop (if you don't already have it)

2. Right-click VEW.exe and Run AS Administrator

3. Under 'Select log to query', select:

* System

4. Under 'Select type to list', select:

* Error

* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'

Type 20 in the 1 to 20 box

Then click the Run button.

Notepad will open with the output log.

#15
louuu

Posted 08 April 2017 - 09:45 AM

Member

Topic Starter
Member
260 posts

one important thing ron. when I uninstalled windows live essentials it removed my windows email program that I had been using. I don't remember if it was windows mail 2009 or 2012 but when I researched it to reinstall it, it said its no longer available to install. I downloaded it but it wont install at all and looking online it apparently isn't going to work anymore after jan 2017 which has already passed. so right now I have no email program on my system and im not sure what to do. now I wish I had unchecked the email program box when it asked me to uninstall and just uninstalled the rest leaving the email intact. the only good news is I do use Norton ghost so I believe I can retrieve my old email files once I get a new email program installed if that new program would allow me to transfer them? what do you suggest I do regarding my not having email anymore as im not even sure what program to get/use? anyway, I did everything you asked, including deleting java and I didn't reinstall it for now. if something comes up where I need it than ill install the newest java version at that time. heres the vew logs. thanks and ill wait for your reply.

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 08/04/2017 11:36:40 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 08/04/2017 3:33:57 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.01#058F63626476&1#.

Log: 'System' Date/Time: 08/04/2017 3:33:44 PM
Type: Warning Category: 0
Event: 7039 Source: Service Control Manager
A service process other than the one launched by the Service Control Manager connected when starting the Choice Mail service. The Service Control Manager launched process 3212 and process 3228 connected instead. Note that if this service is configured to start under a debugger, this behavior is expected.

Log: 'System' Date/Time: 08/04/2017 3:32:12 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 08/04/2017 3:32:12 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\system32\athihvs.dll

Log: 'System' Date/Time: 08/04/2017 3:29:30 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&1&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.01#058F63626476&1#.

Log: 'System' Date/Time: 08/04/2017 3:29:13 PM
Type: Warning Category: 0
Event: 7039 Source: Service Control Manager
A service process other than the one launched by the Service Control Manager connected when starting the Choice Mail service. The Service Control Manager launched process 3284 and process 3308 connected instead. Note that if this service is configured to start under a debugger, this behavior is expected.

Log: 'System' Date/Time: 08/04/2017 3:27:34 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 08/04/2017 3:27:34 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\system32\athihvs.dll

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 08/04/2017 11:37:37 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~