Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer acting suspicious and now PC saying windows lisence expiring


  • This topic is locked This topic is locked

#1
Destiny000

Destiny000

    Member

  • Member
  • PipPipPip
  • 130 posts

Computer has been acting weird, and I honestly cant necessarily say specifically what because it can also be blamed on an internet connection, hardware, etc. Although I will mention some odd things. And now I keep getting a PC error telling me my windows license is expiring soon and to put in a new one and that it cannot verify the license, etc. 0.o

 

I have windows 8 Asus Laptop k550J and I have malware bytes premium. This has only been happening for a few days now but suspicious delay symptoms, programs not always opening, programs crashing, etc are steadily growing to be more quickly. I worry my computer may eventually not turn on or become unusable. I also think its affecting devices I plug into it as well, as in when i view them on my pc, transfering, loading ect. is not always normal and when in a window doing these things it can crash.  This is not its normal behavior and if it is malware I would rather make sure it isn't since this is my only computer. Thank you for your help.

 

Here is the Frst scan:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-05-2017
Ran by Owner (administrator) on ASUS (10-05-2017 18:37:40)
Running from C:\Users\Owner\Downloads
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.15.458\AsusWSWinService.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Scarlet.Crush Productions) C:\Users\Owner\Desktop\ScpServer\bin\ScpService.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Red Software) C:\Program Files\PDFescape Desktop\creator-ws.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
() C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(RaMMicHaeL) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\JPN\JpnIME.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusSmartGestureDetector64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Conexant Systems, Inc) C:\Program Files\CONEXANT\SAII\SmartAudio.exe
(Ellanet Ltd) C:\Users\Owner\Desktop\Move Mouse.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.15.458\AsusWSPanel.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.EXE
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Apowersoft) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\Video Download Capture 6.exe
(The CefSharp Authors) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\Apowersoft.Browser.exe
() C:\Program Files (x86)\Apowersoft\Video Download Capture 6\rtmpsrv.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [915160 2014-05-12] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-09] (Conexant Systems, Inc.)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-07-26] (Apple Inc.)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.15.458\ASUSWSLoader.exe [63272 2014-12-04] ()
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [623880 2008-11-18] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM Group Policy restriction on software: C:\Users\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.js <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.bat <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.jse <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.bat <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.jse <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.cmd <====== ATTENTION
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [134784 2014-02-26] (Qualcomm®Atheros®)
HKU\S-1-5-21-1526803253-2289046572-84949769-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3074128 2016-03-10] (Valve Corporation)
HKU\S-1-5-21-1526803253-2289046572-84949769-1001\...\Run: [eagleget_setup] => C:\Users\Owner\AppData\Local\Temp\is-0VSSF.tmp\eagleget_setup.tmp -V <===== ATTENTION
HKU\S-1-5-21-1526803253-2289046572-84949769-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4701888 2017-02-06] (Disc Soft Ltd)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.15.458\ASUSWSShellExt64.dll [2014-11-18] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.15.458\ASUSWSShellExt64.dll [2014-11-18] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.15.458\ASUSWSShellExt64.dll [2014-11-18] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Owner\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-14] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Owner\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-14] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Owner\AppData\Local\MEGAsync\ShellExtX64.dll [2016-11-14] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Owner\AppData\Local\MEGAsync\ShellExtX32.dll [2016-11-14] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Owner\AppData\Local\MEGAsync\ShellExtX32.dll [2016-11-14] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Owner\AppData\Local\MEGAsync\ShellExtX32.dll [2016-11-14] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2017-03-09]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2017-03-09]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Canada ULC.)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2017-03-09]
ShortcutTarget: MEGAsync.lnk -> C:\Users\Owner\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{80F47847-F11C-4D35-8FA6-66F7AAB1988F}: [DhcpNameServer] 192.168.175.250 192.168.175.251
Tcpip\..\Interfaces\{EDF205E8-2C6C-4BF6-BF85-E7B908B9F746}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{FE5A5C68-39E2-4870-B8C4-C3A58A04D977}: [DhcpNameServer] 209.222.18.222 209.222.18.218

Internet Explorer:
==================
HKU\S-1-5-21-1526803253-2289046572-84949769-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.ca/
HKU\S-1-5-21-1526803253-2289046572-84949769-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
SearchScopes: HKU\S-1-5-21-1526803253-2289046572-84949769-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1526803253-2289046572-84949769-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-12-23] (IObit)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-04-19] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-01-29] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-04-19] (Oracle Corporation)
BHO-x32: PDFescape Desktop Helper -> {E5F815EE-1391-4A6C-A0DD-488E9A6EC0F2} -> C:\Program Files (x86)\PDFescape Desktop\creator-ie-helper.dll [2016-08-16] (Red Software)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
Toolbar: HKLM-x32 - PDFescape Desktop Toolbar - {BB94CCC5-F838-412D-9760-28A307E376B5} - C:\Program Files (x86)\PDFescape Desktop\creator-ie-plugin.dll [2016-08-16] (Red Software)
Handler-x32: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll [2011-01-18] (Intuit, Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: fk87ys5q.default
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fk87ys5q.default [2017-05-10]
FF Extension: (Flash Video Downloader - YouTube HD Download [4K]) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fk87ys5q.default\Extensions\[email protected] [2017-04-19]
FF Extension: (EagleGet Free Downloader) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fk87ys5q.default\Extensions\[email protected] [2017-04-02]
FF Extension: (YouTube Video and Audio Downloader) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fk87ys5q.default\Extensions\[email protected] [2017-05-02]
FF Extension: (Youtube and more - Easy Video Downloader) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fk87ys5q.default\Extensions\[email protected] [2017-04-11]
FF Extension: (FlashGot) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fk87ys5q.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2017-03-30]
FF Extension: (Download YouTube Videos as MP4) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fk87ys5q.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2017-04-11]
FF Extension: (YouTube Video Download and Convert) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\fk87ys5q.default\Extensions\{e8deb9e5-5688-4655-838a-b7a121a9f16e}.xpi [2017-04-11]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\PDFescape Desktop\resources\pdfescapedesktopfirefoxextension
FF Extension: (PDFescape Desktop Creator) - C:\Program Files\PDFescape Desktop\resources\pdfescapedesktopfirefoxextension [2016-10-24] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_148.dll [2017-04-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-02-28] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-02-28] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.0-git -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-02-28] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-02-12] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-02-12] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-02-12] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-02-12] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-04-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-04-19] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: PDFescape Desktop -> C:\Program Files (x86)\PDFescape Desktop\np-previewer.dll [2016-08-16] (Red Software)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-19] (Microsoft Corporation)

Chrome:
=======
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default [2017-05-09]
CHR Extension: (Google Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-09]
CHR Extension: (Flash Video Downloader) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2017-03-09]
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-09]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-09]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-09]
CHR Extension: (Bulk Media Downloader) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehfdcgbfcboceiclmjaofdannmjdeaoi [2017-04-25]
CHR Extension: (Google Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-12-09]
CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-09]
CHR Extension: (Turbo Download Manager) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kemfccojgjoilhfmcblgimbggikekjip [2017-04-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Video Downloader Pro) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofcgiflmicieegobmapobiohjeokdbcd [2017-03-09]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-09]
CHR Extension: (Chrome Media Router) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-26]
CHR HKLM\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - C:\Program Files (x86)\EagleGet\addon\[email protected] <not found>

Opera:
=======
OPR Extension: (Adguard AdBlocker) - C:\Users\Owner\AppData\Roaming\Opera Software\Opera Stable\Extensions\bopfaehpakahokaelnomggbohfbimcia [2017-02-12]
OPR Extension: (360 Internet Protection) - C:\Users\Owner\AppData\Roaming\Opera Software\Opera Stable\Extensions\cnpeghmjdfdmneiljeibjnemfdkojdhl [2017-03-09]
OPR Extension: (Vimeo™ Videos Downloader) - C:\Users\Owner\AppData\Roaming\Opera Software\Opera Stable\Extensions\dkcajioehopjiajmmiiajpomnjnikdhn [2017-03-09]
OPR Extension: (Any Media Downloader) - C:\Users\Owner\AppData\Roaming\Opera Software\Opera Stable\Extensions\faehphipoljdginnjklhakadmiaehgod [2017-03-22]
OPR Extension: (HD Video Downloader) - C:\Users\Owner\AppData\Roaming\Opera Software\Opera Stable\Extensions\gacckcgfmoapndlfjdjiffiblljijhep [2017-03-09]
OPR Extension: (Video Downloader Plus) - C:\Users\Owner\AppData\Roaming\Opera Software\Opera Stable\Extensions\gboebcadlnfamdgfgedimjdnnmkcpaem [2017-03-09]
OPR Extension: (Simple Video Downloader) - C:\Users\Owner\AppData\Roaming\Opera Software\Opera Stable\Extensions\hjcafkocoibofnjmeggflaafoimajanb [2017-03-09]
OPR Extension: (Vimeo Free Downloader) - C:\Users\Owner\AppData\Roaming\Opera Software\Opera Stable\Extensions\hoonegabmoiammemaolpilhpfcbomopn [2017-03-09]
OPR Extension: (Video Downloader Pro) - C:\Users\Owner\AppData\Roaming\Opera Software\Opera Stable\Extensions\ibehiiilehaakkhkigckfjfknboalpbe [2017-03-09]
OPR Extension: (Force Download) - C:\Users\Owner\AppData\Roaming\Opera Software\Opera Stable\Extensions\klahcccondnnonafcbcdgbahphglbjjg [2017-03-09]
OPR Extension: (Youtube to MP3 Converter) - C:\Users\Owner\AppData\Roaming\Opera Software\Opera Stable\Extensions\lemijcdigjkjafpnjaepmpmhmladcfdh [2016-03-17]
OPR Extension: (Video Downloader 2015) - C:\Users\Owner\AppData\Roaming\Opera Software\Opera Stable\Extensions\mpnpijldpdipnfbjpfjgopcdnjejgbda [2017-03-09]
OPR Extension: (FVD Video Downloader) - C:\Users\Owner\AppData\Roaming\Opera Software\Opera Stable\Extensions\neacgcjokggofibnbfapeaejhclmpple [2017-04-10]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.15.458\AsusWSWinService.exe [71168 2014-12-04] (ASUS Cloud Corporation) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [319104 2014-02-26] (Windows ® Win 7 DDK provider) [File not signed]
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2017-02-06] (Disc Soft Ltd)
R2 Ds3Service; C:\Users\Owner\Desktop\ScpServer\bin\ScpService.exe [381952 2014-03-13] (Scarlet.Crush Productions) [File not signed]
S3 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2016-08-03] (Freemake) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [33640 2017-04-07] (HP Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282072 2014-03-17] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-09] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2940704 2015-12-23] (IObit)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2012-07-31] (Hewlett-Packard) [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-23] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-23] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-02-09] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-02-23] (NVIDIA Corporation)
S3 PDFescape Desktop; C:\Program Files\PDFescape Desktop\ws.exe [2142184 2016-08-16] (Red Software)
S3 PDFescape Desktop CrashHandler; C:\Program Files\PDFescape Desktop\crash-handler-ws.exe [926184 2016-08-16] (Red Software)
R2 PDFescape Desktop Creator; C:\Program Files\PDFescape Desktop\creator-ws.exe [733672 2016-08-16] (Red Software)
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2012-07-31] (Hewlett-Packard) [File not signed]
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [24576 2011-01-17] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2008-11-18] (Intuit Inc.) [File not signed]
R2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [117400 2016-06-08] ()
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [304408 2017-02-01] (RaMMicHaeL)
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [416408 2016-06-08] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2014-02-25] (Atheros) [File not signed]
S2 NVIDIA Wireless Controller Service; "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3892224 2014-03-07] (Qualcomm Atheros Communications, Inc.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [69904 2014-09-19] (ASUS Corporation)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-02-25] (Qualcomm Atheros)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2017-04-10] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2017-04-10] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77440 2017-04-13] ()
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-05] ( )
R0 MBAMChameleon; C:\Windows\System32\drivers\MBAMChameleon.sys [186304 2017-04-23] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [111544 2017-05-09] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-05-09] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [251832 2017-05-09] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [92096 2017-05-10] (Malwarebytes)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
R2 npf; C:\Windows\system32\drivers\npf.sys [36600 2014-04-17] (Riverbed Technology, Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-02-23] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47672 2017-01-05] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [57792 2017-01-20] (NVIDIA Corporation)
R2 plctrl; C:\Program Files\ASUS\P4G\plctrl.sys [14136 2014-02-11] (Windows ® Win 7 DDK provider)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [827096 2015-03-12] (Realsil Semiconductor Corporation)
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
U0 msahci; system32\drivers\msahci.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-10 18:37 - 2017-05-10 18:38 - 00060408 _____ C:\Users\Owner\Downloads\FRST.txt
2017-05-10 18:28 - 2017-05-10 18:28 - 02429440 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe
2017-05-10 18:25 - 2017-05-10 18:30 - 00003480 _____ C:\Windows\System32\Tasks\ASUS Live Update1
2017-05-10 18:22 - 2017-05-10 18:23 - 06752896 _____ (ESET spol. s r.o.) C:\Users\Owner\Downloads\esetonlinescanner_enu.exe
2017-05-09 20:29 - 2017-05-09 04:37 - 279642266 _____ C:\Users\Owner\Desktop\Sailor Moon Crystal III 33.mp4
2017-05-09 18:50 - 2017-05-09 18:50 - 00000000 ____D C:\Users\Owner\Desktop\Episode 1
2017-05-09 18:49 - 2017-05-10 18:30 - 00000000 ____D C:\Users\Owner\AppData\Local\Adobe
2017-05-09 18:24 - 2017-05-09 18:29 - 04102600 _____ C:\Users\Owner\Desktop\adwcleaner_6.046 (1).exe
2017-05-09 09:59 - 2017-05-09 09:59 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsign0af97676b81846d1
2017-05-09 09:55 - 2017-05-09 09:55 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsignf209f107c14d1349
2017-05-09 09:04 - 2017-05-09 10:55 - 00000000 ____D C:\Users\Owner\Desktop\episode 2
2017-05-08 10:27 - 2017-05-08 10:27 - 00000000 ____D C:\Users\Owner\AppData\Roaming\8061
2017-05-08 09:48 - 2017-05-08 09:48 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Plcore
2017-05-08 09:43 - 2017-05-08 10:00 - 00000000 ____D C:\Users\Owner\AppData\Roaming\DVDFab10
2017-05-08 09:43 - 2017-05-08 09:43 - 00001978 _____ C:\Users\Owner\Desktop\DVDFab Mini.lnk
2017-05-08 09:43 - 2017-05-08 09:43 - 00001936 _____ C:\Users\Owner\Desktop\DVDFab 10.lnk
2017-05-08 09:43 - 2017-05-08 09:43 - 00000087 _____ C:\Users\Owner\AppData\Roaming\1de0de73-de3e-46c6-81b0-f6455f081644
2017-05-08 09:43 - 2017-05-08 09:43 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DVDFab 10
2017-05-08 09:43 - 2017-05-08 09:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDFab 10
2017-05-08 09:42 - 2017-05-08 09:43 - 00000000 ____D C:\Users\Owner\Documents\DVDFab10
2017-05-08 09:42 - 2017-05-08 09:43 - 00000000 ____D C:\Program Files (x86)\DVDFab 10
2017-05-08 09:41 - 2017-05-08 08:45 - 114993648 ____N (DVDFab) C:\Users\Owner\Desktop\DVDFab_10036_223-59-32.exe
2017-05-07 18:46 - 2017-05-07 18:55 - 11625424 _____ (DVDFab) C:\Users\Owner\Downloads\DVDFab_10036.exe.part
2017-05-07 18:36 - 2017-05-07 18:36 - 00000000 ____D C:\Users\Owner\AppData\Roaming\23520
2017-05-07 17:48 - 2017-05-07 18:29 - 00000000 ____D C:\ProgramData\DVD Shrink
2017-05-07 17:48 - 2017-05-07 17:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Shrink
2017-05-07 17:48 - 2017-05-07 17:48 - 00000000 ____D C:\Program Files (x86)\DVD Shrink
2017-05-07 17:37 - 2017-05-07 17:37 - 01117491 _____ (DVD Shrink ) C:\Users\Owner\Downloads\dvdshrink32setup.exe
2017-05-07 17:35 - 2017-05-07 17:35 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Ashampoo
2017-05-07 17:34 - 2017-05-09 08:47 - 00000000 ____D C:\ProgramData\Ashampoo
2017-05-07 17:34 - 2017-05-07 17:35 - 00000000 ____D C:\Users\Owner\AppData\Local\ashampoo
2017-05-06 09:34 - 2017-05-06 09:35 - 00394024 _____ C:\Windows\Minidump\050617-37328-01.dmp
2017-05-06 09:34 - 2017-05-06 09:34 - 840162630 _____ C:\Windows\MEMORY.DMP
2017-05-06 09:34 - 2017-05-06 09:34 - 00000000 ____D C:\Windows\Minidump
2017-05-06 09:31 - 2017-05-06 09:31 - 00000000 ____D C:\Users\Owner\AppData\Roaming\27917
2017-05-05 19:25 - 2017-05-05 19:25 - 00001947 _____ C:\Users\Owner\AppData\Local\recently-used.xbel
2017-05-05 11:40 - 2017-05-05 11:41 - 06190856 _____ C:\Users\Owner\Downloads\[HorribleSubs] Akagami no Shirayukihime - 15 [1080p].mkv
2017-05-05 11:36 - 2017-05-05 11:38 - 01299400 _____ C:\Users\Owner\Downloads\[HorribleSubs] Akagami no Shirayukihime - 13 [1080p].mkv
2017-05-03 21:39 - 2017-05-05 19:13 - 769635636 _____ C:\Users\Owner\Downloads\[HorribleSubs] Akagami no Shirayukihime - 08 [1080p].mkv
2017-05-03 21:39 - 2017-05-05 18:40 - 00000000 ____D C:\Users\Owner\AppData\Local\gtk-2.0
2017-05-03 21:35 - 2017-05-03 21:35 - 00000000 ____D C:\Users\Owner\AppData\Local\enchant
2017-05-03 21:33 - 2017-05-05 19:25 - 00000000 ____D C:\Users\Owner\AppData\Roaming\HexChat
2017-05-03 21:33 - 2017-05-03 21:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HexChat
2017-05-03 21:33 - 2017-05-03 21:33 - 00000000 ____D C:\Program Files\HexChat
2017-05-03 21:23 - 2017-05-03 21:33 - 09391144 _____ (HexChat ) C:\Users\Owner\Downloads\HexChat 2.12.4 x64.exe
2017-05-01 11:11 - 2017-05-01 11:13 - 66207280 _____ (APOWERSOFT LIMITED ) C:\Users\Owner\Downloads\bdac0ea-video-download-capture-6.2.4.0_20170430.exe
2017-04-26 16:50 - 2017-04-26 16:50 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsignc0392bc2da6551ef
2017-04-26 16:50 - 2017-04-26 16:50 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsign4dc9b617995a2fbb
2017-04-26 16:50 - 2017-04-26 16:50 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsign42564133308bcf04
2017-04-26 16:48 - 2017-04-26 16:48 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsign7b63d192249f3877
2017-04-26 16:47 - 2017-04-26 16:47 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsignb1a1a5a19a16274e
2017-04-26 16:47 - 2017-04-26 16:47 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsign98e033756c45ce0c
2017-04-25 19:10 - 2017-04-25 19:10 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsignf662ea7f05274a09
2017-04-25 19:09 - 2017-04-25 19:09 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsign788c909043377fce
2017-04-25 19:09 - 2017-04-25 19:09 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsign18be0fbf0f982a92
2017-04-25 18:24 - 2017-04-25 18:24 - 02050989 _____ C:\Users\Owner\Desktop\Untitled2.rdl
2017-04-25 16:11 - 2017-04-25 16:11 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsign0fb8d35feab95808
2017-04-25 16:09 - 2017-04-25 16:09 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsign9a6b9974a645f43c
2017-04-25 16:09 - 2017-04-25 16:09 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsign2d0b609036d0afac
2017-04-25 15:26 - 2017-04-25 15:26 - 00000000 _____ C:\Users\Owner\Desktop\0BxtZKowp0cDcMHhGQ1JCcE4yR0k
2017-04-25 15:22 - 2017-04-25 15:22 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2017-04-25 13:43 - 2016-06-02 06:38 - 02999536 _____ C:\Users\Owner\Desktop\KMSAuto Net 2015 v1.3.8 Portable.rar
2017-04-25 13:14 - 2017-04-25 13:14 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsigna6820abac6115385
2017-04-25 13:02 - 2017-04-25 13:02 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsign184d7e4e96c036b1
2017-04-25 12:59 - 2017-04-25 12:59 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsign470f32f0fd9e72cb
2017-04-25 12:58 - 2017-04-25 12:58 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsigna1e0307e17aa034b
2017-04-25 12:58 - 2017-04-25 12:58 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsign8c6776d39e6ee1e9
2017-04-25 12:58 - 2017-04-25 12:58 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsign3a518a88c48b6a2d
2017-04-25 12:55 - 2017-04-25 12:55 - 00017308 _____ C:\Users\Owner\Documents\song list (1).tif
2017-04-25 12:54 - 2017-04-25 12:54 - 00017308 _____ C:\Users\Owner\Documents\song list.tif
2017-04-23 18:56 - 2017-04-23 18:56 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsignfce63f27f365a6e2
2017-04-23 18:56 - 2017-04-23 18:56 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsignc16d69e667093f40
2017-04-23 18:56 - 2017-04-23 18:56 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsign728821b51232d411
2017-04-23 18:47 - 2017-04-23 18:47 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsigne1b3e076e10dbfb2
2017-04-23 18:47 - 2017-04-23 18:47 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsign26791a3a8b653ad8
2017-04-23 18:46 - 2017-04-23 18:46 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsignec5091a670c9ab0a
2017-04-23 18:46 - 2017-04-23 18:46 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsignaf48766be232a6a7
2017-04-23 18:45 - 2017-04-23 18:45 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsigndf4ecaf06ce5d907
2017-04-23 18:45 - 2017-04-23 18:45 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsigna19901a97078ec75
2017-04-23 17:56 - 2017-04-23 17:56 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsignf309689bb5992617
2017-04-23 17:55 - 2017-04-23 17:55 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsignafe7e082681055b5
2017-04-23 17:55 - 2017-04-23 17:55 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsign83b2275a27f42ba5
2017-04-23 17:46 - 2017-04-23 17:46 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsign25f4d738a72407bb
2017-04-23 17:43 - 2017-04-23 17:43 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsignbf981b8a958e1c24
2017-04-23 17:43 - 2017-04-23 17:43 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsign852049f66a9e030b
2017-04-23 17:35 - 2017-04-23 18:48 - 00000000 ____D C:\Users\Owner\Desktop\new images
2017-04-23 17:25 - 2017-04-23 17:25 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsigndc51d6e2e10caa5f
2017-04-23 17:25 - 2017-04-23 17:25 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsignbfb2964e83669ad7
2017-04-23 17:25 - 2017-04-23 17:25 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsign266364f49a1a64cf
2017-04-23 16:17 - 2017-04-23 16:17 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsignf098d09c8ffa11b6
2017-04-23 16:17 - 2017-04-23 16:17 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsigna2b0775d717ff145
2017-04-23 16:17 - 2017-04-23 16:17 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsign8705a53c0ccdd797
2017-04-23 15:39 - 2017-04-23 15:39 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsign641b6ff3e44ecbc5
2017-04-23 15:38 - 2017-04-23 15:38 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsignce27ae28aaee7544
2017-04-23 15:38 - 2017-04-23 15:38 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsign54ea2a99fac778a8
2017-04-23 13:14 - 2017-04-23 13:14 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsign7f47546d54366090
2017-04-23 13:08 - 2017-04-23 13:08 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsign2ea3df258784ece5
2017-04-23 13:08 - 2017-04-23 13:08 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsign163f2dbd8e0c1b2e
2017-04-23 13:08 - 2017-04-23 13:08 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsign0ed8292a0bef444b
2017-04-23 13:07 - 2017-04-23 13:07 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsigne2b9357a92fcacec
2017-04-23 13:07 - 2017-04-23 13:07 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsign8ef6c0564a3c8bb4
2017-04-23 12:22 - 2017-04-23 12:22 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsign26c120825d9064cc
2017-04-23 12:21 - 2017-04-23 12:21 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsignb74f991e4683cb78
2017-04-23 12:21 - 2017-04-23 12:21 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsign330afc9b84ee49d0
2017-04-23 11:25 - 2017-04-23 11:25 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsign43a25712a7a0d0e1
2017-04-23 11:24 - 2017-04-23 11:24 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsigna9d03ecf7a13b5d6
2017-04-23 11:24 - 2017-04-23 11:24 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsign73a610efac83a36b
2017-04-23 11:10 - 2017-04-23 11:10 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsignd3a16bac6725ae76
2017-04-23 11:10 - 2017-04-23 11:10 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsignb09d9428d0e1872f
2017-04-23 11:10 - 2017-04-23 11:10 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsign44f26a72ad086448
2017-04-23 11:05 - 2017-04-23 11:05 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsign1414e83b9e50bbab
2017-04-23 11:03 - 2017-04-23 11:03 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsignaa23475ebee22154
2017-04-23 11:03 - 2017-04-23 11:03 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsign52d555baf7921077
2017-04-23 09:40 - 2017-04-23 09:40 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsign38ad70f97309958e
2017-04-23 09:40 - 2017-04-23 09:40 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsign30bd8c3c85aed7db
2017-04-23 09:40 - 2017-04-23 09:40 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsign27a41c00b2c5ece8
2017-04-23 09:14 - 2017-05-09 18:49 - 00001539 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AsusSmartGestureDetector.lnk
2017-04-23 09:05 - 2017-04-23 09:05 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsign42fa5a07d8f7447f
2017-04-23 08:47 - 2017-04-23 08:47 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsign616df51891d92938
2017-04-23 08:47 - 2017-04-23 08:47 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsign5ef970b0c7b7dfaf
2017-04-23 08:36 - 2017-04-23 08:36 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsignf4645b35781f6b85
2017-04-23 08:36 - 2017-04-23 08:36 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsign8179a98a0a652c68
2017-04-23 08:36 - 2017-04-23 08:36 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsign4df8693eb5abac81
2017-04-23 08:36 - 2017-04-23 08:36 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsign0b1afd30795456ba
2017-04-23 08:34 - 2017-04-23 08:34 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsignc368391345a2981b
2017-04-23 08:34 - 2017-04-23 08:34 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsign91532e195496c4f2
2017-04-23 08:33 - 2017-04-23 08:33 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsign2b816306c073c367
2017-04-23 08:32 - 2017-04-23 08:32 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsigne56279f772a5019a
2017-04-23 08:32 - 2017-04-23 08:32 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsignb754dbcc600b6485
2017-04-22 15:22 - 2017-04-22 15:22 - 00026556 _____ C:\Users\Owner\Documents\Untitled1.rdl
2017-04-22 15:05 - 2017-04-22 15:05 - 00001268 _____ C:\Users\Public\Desktop\RonyaSoft CD DVD Label Maker.lnk
2017-04-22 15:05 - 2017-04-22 15:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RonyaSoft
2017-04-22 15:04 - 2017-04-22 15:04 - 00000000 ____D C:\Program Files (x86)\RonyaSoft
2017-04-22 14:02 - 2017-04-22 15:02 - 00000000 ____D C:\Users\Public\Documents\RonyaSoft
2017-04-22 11:45 - 2017-04-22 11:45 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsign6c31dc6230fcae51
2017-04-22 11:19 - 2017-04-22 11:19 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsign8b5a9477c980d854
2017-04-22 11:19 - 2017-04-22 11:19 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsign493b746cc2b42a59
2017-04-19 09:32 - 2017-04-19 09:32 - 00000000 ____D C:\Users\Owner\Desktop\Vaccines for burning
2017-04-18 18:20 - 2017-04-18 18:20 - 00000237 _____ C:\Users\Owner\.swfinfo
2017-04-16 20:05 - 2017-04-16 20:05 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsign7bfb1dc14429886c
2017-04-16 20:04 - 2017-04-16 20:04 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsign535d87735726d54a
2017-04-16 20:04 - 2017-04-16 20:04 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsign4081c77d3d24fa60
2017-04-16 19:28 - 2017-04-16 19:28 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsignf9330bed6110fa11
2017-04-16 19:26 - 2017-04-16 19:26 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsignf7e01cc8c885ac69
2017-04-16 19:26 - 2017-04-16 19:26 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsign577e66932be8dfa7
2017-04-16 19:24 - 2017-04-16 19:24 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsignfc6d1904638d054e
2017-04-16 19:16 - 2017-04-16 19:16 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsign9fa423a3c70afa35
2017-04-16 19:16 - 2017-04-16 19:16 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsign053d9e7aa9ef47e3
2017-04-16 10:16 - 2017-04-16 10:16 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsign1c9995c03922f477
2017-04-16 10:10 - 2017-04-16 10:10 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsign452ee60afba80f90
2017-04-16 10:10 - 2017-04-16 10:10 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsign38916b4efbf4063b
2017-04-15 23:52 - 2017-04-15 23:52 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsignddd61b2f56983bbb
2017-04-15 23:52 - 2017-04-15 23:52 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsigna263d02e96f44e9e
2017-04-15 23:52 - 2017-04-15 23:52 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsign05942cb440837a83
2017-04-15 23:48 - 2017-04-23 14:18 - 00000000 ____D C:\Users\Owner\Desktop\Enlarged photo shop to print photos
2017-04-15 23:46 - 2017-04-15 23:46 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsigne9ac98c2a7845447
2017-04-15 23:46 - 2017-04-15 23:46 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsigncb67378c041c32f9
2017-04-15 23:46 - 2017-04-15 23:46 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsigncaaddae83c26a4e6
2017-04-15 21:57 - 2017-04-15 21:57 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsign62c95b86daaf6437
2017-04-15 21:53 - 2017-04-15 21:53 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsignc59d2e62fc4ace96
2017-04-15 21:53 - 2017-04-15 21:53 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsign41f41b9128e9222b
2017-04-15 21:52 - 2017-04-15 21:52 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsigne9cfbb05bb6696a1
2017-04-15 21:46 - 2017-04-15 21:46 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsignc74b7b576eb58936
2017-04-15 21:46 - 2017-04-15 21:46 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsign5a2ff78e2307c7fa
2017-04-15 21:35 - 2017-04-15 21:35 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsign2405a614333ce40b
2017-04-15 21:22 - 2017-04-15 21:22 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsignce212d3d8189371c
2017-04-15 21:22 - 2017-04-15 21:22 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsignc9be00c6dfea6a3c
2017-04-15 20:45 - 2017-04-15 20:45 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsignf7c03d70fc093085
2017-04-15 20:43 - 2017-04-15 20:43 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsignfcfc0ae5d87aa6e2
2017-04-15 20:43 - 2017-04-15 20:43 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsign54069120af8f5df5
2017-04-15 20:41 - 2017-04-15 20:41 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\Adobe
2017-04-15 20:23 - 2017-04-15 20:23 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsignd0fb848d7241e9ef
2017-04-15 20:22 - 2017-04-15 20:22 - 00003494 _____ C:\Windows\System32\Tasks\[email protected]
2017-04-15 20:22 - 2017-04-15 20:22 - 00000000 ____D C:\Users\Owner\AppData\Roaming\NVIDIA
2017-04-15 20:22 - 2017-04-15 20:22 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsign8fb5fdc073613a0f
2017-04-15 20:22 - 2017-04-15 20:22 - 00000000 ____D C:\Users\Owner\AppData\Local\Tempzxpsign1426aaffb47bb2b2
2017-04-15 20:22 - 2017-04-15 20:22 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-04-15 17:52 - 2017-04-15 17:52 - 00001058 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2017.lnk
2017-04-15 17:51 - 2017-04-15 17:51 - 00000000 ____D C:\Program Files\Adobe
2017-04-15 17:46 - 2017-04-15 17:46 - 00001316 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2017 (32 Bit).lnk
2017-04-15 17:39 - 2017-04-15 17:52 - 00000000 ____D C:\Program Files\Common Files\Adobe
2017-04-15 17:36 - 2017-04-15 17:36 - 00001560 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2017-04-15 17:32 - 2017-04-16 10:10 - 00000000 ____D C:\ProgramData\Adobe
2017-04-14 10:13 - 2017-05-03 08:46 - 00000057 _____ C:\Users\Owner\Desktop\Ciel Nosurge to download need.txt
2017-04-12 15:16 - 2017-04-12 15:17 - 00000000 ____D C:\Users\Owner\Desktop\Video Recipes
2017-04-12 05:36 - 2017-04-24 20:31 - 00000000 ____D C:\Users\Owner\Desktop\images to perhaps print
2017-04-11 02:52 - 2017-04-11 02:52 - 00000000 ____D C:\Users\Owner\AppData\Local\Disc_Soft_Ltd
2017-04-11 02:35 - 2017-04-11 02:35 - 00000000 ____D C:\Users\Owner\Documents\Any Video Converter
2017-04-11 01:15 - 2017-04-11 01:15 - 00000000 ____D C:\Users\Owner\Documents\DVDFab9
2017-04-10 23:05 - 2017-04-10 23:05 - 00001338 _____ C:\Users\Public\Desktop\Apowersoft Video Converter Studio.lnk
2017-04-10 22:29 - 2017-04-10 22:29 - 00000000 ____D C:\Users\Public\Documents\Daemon Tools Images
2017-04-10 22:28 - 2017-04-10 22:31 - 00000000 ____D C:\Users\Owner\AppData\Roaming\DAEMON Tools Lite
2017-04-10 22:28 - 2017-04-10 22:28 - 00047672 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtliteusbbus.sys
2017-04-10 22:28 - 2017-04-10 22:28 - 00030264 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2017-04-10 22:28 - 2017-04-10 22:28 - 00001787 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2017-04-10 22:28 - 2017-04-10 22:28 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2017-04-10 22:27 - 2017-04-10 22:27 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2017-04-10 22:07 - 2013-09-15 08:52 - 3061776384 ____R C:\Users\Owner\Desktop\DVD1.iso
2017-04-10 22:03 - 2017-04-10 22:03 - 00000000 ____D C:\Users\Owner\Documents\WonderFox Soft
2017-04-10 22:02 - 2017-04-10 22:02 - 00001302 _____ C:\Users\Owner\Desktop\WonderFox DVD Ripper Pro.lnk
2017-04-10 22:02 - 2017-04-10 22:02 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WonderFox Soft
2017-04-10 22:02 - 2017-04-10 22:02 - 00000000 ____D C:\Program Files (x86)\WonderFox Soft
2017-04-10 09:41 - 2017-04-10 10:28 - 00001716 _____ C:\Users\Owner\Desktop\Recuva.lnk
2017-04-10 09:41 - 2017-04-10 09:44 - 00000000 ____D C:\Program Files\Recuva

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-10 18:37 - 2016-07-31 19:18 - 00000000 ____D C:\FRST
2017-05-10 18:30 - 2016-09-10 12:24 - 00003470 _____ C:\Windows\System32\Tasks\ASUS Live Update2
2017-05-10 18:30 - 2016-03-06 12:36 - 00003910 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{B7DB0767-57CE-4816-B106-9D5AFB57ECA3}
2017-05-10 18:20 - 2016-03-04 10:38 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1526803253-2289046572-84949769-1001
2017-05-10 18:18 - 2016-03-03 16:36 - 00000000 ____D C:\ProgramData\NVIDIA
2017-05-10 18:16 - 2017-03-21 20:36 - 00092096 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-05-10 18:16 - 2016-05-10 14:07 - 00000000 ____D C:\ProgramData\ProductData
2017-05-10 18:15 - 2016-11-28 03:05 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\Mozilla
2017-05-10 18:15 - 2016-03-04 10:36 - 00000093 _____ C:\Users\Owner\AppData\Roaming\sp_data.sys
2017-05-09 23:17 - 2017-03-01 16:57 - 00000000 ____D C:\Users\Owner\AppData\Roaming\vlc
2017-05-09 22:59 - 2017-03-30 11:48 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Apowersoft
2017-05-09 22:58 - 2016-03-06 17:49 - 00000000 ____D C:\Users\Owner\AppData\Local\CrashDumps
2017-05-09 20:29 - 2016-03-08 23:47 - 11205632 ___SH C:\Users\Owner\Desktop\Thumbs.db
2017-05-09 18:49 - 2016-03-06 17:35 - 00000000 __RDO C:\Users\Owner\OneDrive
2017-05-09 18:48 - 2017-03-21 20:36 - 00251832 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-05-09 18:48 - 2017-03-21 20:36 - 00111544 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-05-09 18:48 - 2017-03-21 20:36 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-05-09 18:48 - 2013-08-22 08:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-09 18:48 - 2013-08-22 07:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-05-09 18:47 - 2016-04-13 21:44 - 00000000 ____D C:\AdwCleaner
2017-05-09 18:47 - 2016-03-06 17:09 - 00000000 ____D C:\Users\Owner\AppData\Roaming\IObit
2017-05-09 18:41 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\system32\NDF
2017-05-09 18:41 - 2013-08-22 07:36 - 00000000 ____D C:\Windows\Inf
2017-05-09 18:19 - 2016-03-16 20:15 - 00000000 ____D C:\Users\Owner\AppData\Local\ElevatedDiagnostics
2017-05-09 18:02 - 2016-12-04 11:32 - 00000000 ____D C:\Users\Owner\AppData\Roaming\DVD Flick
2017-05-09 18:02 - 2016-03-08 18:40 - 00000000 ____D C:\Users\Owner\AppData\Roaming\dvdcss
2017-05-09 08:46 - 2016-12-06 01:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-05-09 08:46 - 2016-04-08 20:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-08 11:17 - 2014-11-21 02:44 - 00865068 _____ C:\Windows\system32\PerfStringBackup.INI
2017-05-08 10:22 - 2016-05-31 20:50 - 00000288 _____ C:\Windows\Tasks\Uninstaller_SkipUac_Owner.job
2017-05-08 10:14 - 2017-03-09 13:36 - 00002388 _____ C:\Windows\System32\Tasks\Uninstaller_SkipUac_Owner
2017-05-07 18:43 - 2017-03-20 19:59 - 00000000 ____D C:\Users\Owner\AppData\Roaming\HandBrake
2017-05-07 18:28 - 2016-03-07 22:59 - 06093824 ___SH C:\Users\Owner\Downloads\Thumbs.db
2017-05-06 12:01 - 2016-03-06 18:00 - 00000000 ____D C:\Users\Owner\AppData\Roaming\DVDFab9
2017-05-06 09:51 - 2016-03-04 10:32 - 00000000 ____D C:\Users\Owner
2017-05-06 09:48 - 2016-11-14 21:15 - 00012896 _____ C:\Users\Owner\Desktop\owe barb.xlsx
2017-05-05 12:02 - 2016-11-13 21:04 - 00000000 ____D C:\Users\Owner\AppData\Roaming\transmission
2017-05-02 18:23 - 2017-03-09 13:34 - 00002217 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-01 11:16 - 2017-03-30 11:48 - 00001362 _____ C:\Users\Public\Desktop\Video Download Capture.lnk
2017-05-01 11:01 - 2016-12-05 15:17 - 00000000 ____D C:\Users\Owner\Documents\EGDownloads
2017-04-28 13:12 - 2016-07-19 12:43 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-28 13:12 - 2016-07-19 12:43 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-26 16:20 - 2016-03-04 10:33 - 00000000 ____D C:\Users\Owner\AppData\Local\Packages
2017-04-25 17:58 - 2016-03-06 17:26 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-04-23 16:18 - 2016-08-15 12:48 - 00000000 ____D C:\Users\Owner\Desktop\POssible Poster makes and to prints
2017-04-23 10:25 - 2017-03-21 20:36 - 00186304 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-04-23 09:49 - 2016-03-06 18:06 - 00000000 ____D C:\Program Files (x86)\BHOK IT Consulting
2017-04-23 09:47 - 2016-07-19 13:27 - 00000000 ____D C:\Users\Owner\Desktop\Gnosis Images
2017-04-22 14:32 - 2016-03-06 20:30 - 00346112 ___SH C:\Users\Owner\Documents\Thumbs.db
2017-04-22 09:56 - 2017-03-30 13:13 - 00000000 ____D C:\ProgramData\Apowersoft
2017-04-22 09:25 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\AppReadiness
2017-04-19 23:20 - 2016-03-07 10:25 - 00000000 ____D C:\ProgramData\Oracle
2017-04-19 19:43 - 2016-03-07 11:24 - 00000000 ____D C:\Program Files (x86)\Java
2017-04-19 19:43 - 2016-03-07 11:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-04-19 19:42 - 2016-03-07 11:24 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2017-04-19 19:42 - 2016-03-06 17:04 - 00000000 ____D C:\ProgramData\Unchecky
2017-04-15 20:43 - 2016-03-04 10:33 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Adobe
2017-04-15 17:45 - 2017-03-04 13:25 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-04-15 17:41 - 2015-04-10 04:46 - 00000000 ____D C:\ProgramData\Package Cache
2017-04-15 17:27 - 2013-08-22 07:25 - 00000234 _____ C:\Windows\win.ini
2017-04-13 18:14 - 2017-03-21 20:35 - 00077440 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-04-12 15:18 - 2016-12-09 01:00 - 00004288 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-04-12 15:18 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-04-12 15:18 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\system32\Macromed
2017-04-12 10:00 - 2016-03-03 16:36 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-04-12 09:59 - 2017-01-24 23:24 - 00004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-04-12 09:59 - 2016-10-20 19:31 - 00003852 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-04-12 09:58 - 2016-10-20 19:31 - 00003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-04-12 09:58 - 2016-10-20 19:31 - 00003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-04-12 09:58 - 2016-10-20 19:31 - 00003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-04-12 09:58 - 2016-10-20 19:31 - 00003554 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-04-12 09:58 - 2016-10-20 19:31 - 00003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-04-12 09:58 - 2016-03-03 16:36 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-04-12 09:58 - 2016-03-03 16:35 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-04-11 02:35 - 2016-04-14 22:14 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Anvsoft
2017-04-11 02:07 - 2016-03-06 18:00 - 00000000 ____D C:\Program Files (x86)\DVDFab 9
2017-04-11 01:15 - 2016-03-06 18:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDFab 9
2017-04-11 00:25 - 2017-03-15 22:09 - 00000000 ____D C:\Users\Owner\Documents\Calibre Library
2017-04-11 00:08 - 2016-11-11 18:10 - 00000000 ____D C:\Users\Owner\Desktop\Kitty
2017-04-11 00:05 - 2016-09-29 10:45 - 00000000 ____D C:\Users\Owner\Desktop\BOS
2017-04-10 23:05 - 2017-03-30 11:48 - 00000000 ____D C:\Users\Owner\Documents\Apowersoft
2017-04-10 23:05 - 2017-03-30 11:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apowersoft
2017-04-10 23:04 - 2017-03-30 11:48 - 00000000 ____D C:\Program Files (x86)\Apowersoft

==================== Files in the root of some directories =======

2017-05-08 09:43 - 2017-05-08 09:43 - 0000087 _____ () C:\Users\Owner\AppData\Roaming\1de0de73-de3e-46c6-81b0-f6455f081644
2016-03-04 10:36 - 2017-05-10 18:15 - 0000093 _____ () C:\Users\Owner\AppData\Roaming\sp_data.sys
2017-05-05 19:25 - 2017-05-05 19:25 - 0001947 _____ () C:\Users\Owner\AppData\Local\recently-used.xbel
2016-04-28 17:30 - 2017-02-08 16:33 - 0002840 _____ () C:\ProgramData\hpzinstall.log
2015-04-10 04:45 - 2012-09-07 05:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2015-04-10 04:45 - 2009-07-22 04:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2015-04-10 04:45 - 2012-09-07 05:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS

Some files in TEMP:
====================
2017-03-31 10:12 - 2017-03-31 10:12 - 0040448 ____N () C:\Users\Owner\AppData\Local\Temp\proxy_vole8168997612936070811.dll
2017-03-04 13:25 - 2017-03-04 13:25 - 0175416 ____T (Symantec Corporation) C:\Users\Owner\AppData\Local\Temp\SCC.dll
2017-05-08 09:42 - 2017-05-08 10:00 - 2119184 _____ (DVDFab) C:\Users\Owner\AppData\Local\Temp\setup.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-05-05 14:42

==================== End of FRST.txt ============================

 

 

 

 

Here is the addition scan:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-05-2017
Ran by Owner (10-05-2017 18:38:21)
Running from C:\Users\Owner\Downloads
Windows 8.1 (Update) (X64) (2016-03-04 16:32:23)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1526803253-2289046572-84949769-500 - Administrator - Disabled)
Guest (S-1-5-21-1526803253-2289046572-84949769-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1526803253-2289046572-84949769-1003 - Limited - Enabled)
Owner (S-1-5-21-1526803253-2289046572-84949769-1001 - Administrator - Enabled) => C:\Users\Owner

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

. . . (Version: 2.1.28.3 - Intel) Hidden
. . . (x32 Version: 2.6.1.4 - Intel) Hidden
64 Bit HP CIO Components Installer (Version: 13.2.1 - Hewlett-Packard) Hidden
7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
ActivePresenter (HKLM-x32\...\{A2A40277-D807-4754-95A3-2F294C2C51D3}_is1) (Version: 6.0.5 - Atomi Systems, Inc.)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.4 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF03}) (Version: 18.0.1 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.)
Amazon Kindle (HKU\S-1-5-21-1526803253-2289046572-84949769-1001\...\Amazon Kindle) (Version: 1.17.0.44170 - Amazon)
Ansel (Version: 378.66 - NVIDIA Corporation) Hidden
Any Audio Converter 5.9.3 (HKLM-x32\...\Any Audio Converter_is1) (Version:  - Any-Audio-Converter.com)
Apowersoft Video Converter Studio V4.6.0 (HKLM-x32\...\{195E8D7F-292B-4B04-A6E7-E96CAF04C767}_is1) (Version: 4.6.0 - APOWERSOFT LIMITED)
Apple Application Support (32-bit) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.4.3 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.8 - ASUS)
ASUS Screen Saver (HKLM-x32\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 2.0.8 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 3.0.8 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.01.0003 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0035 - ASUS)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Audio Product Tool (HKLM-x32\...\{032D9888-CC94-4AD6-9451-481CB7D67061}) (Version: 1.03 - Actions)
Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
calibre 64bit (HKLM\...\{188A3B49-B0F8-41F2-BFE0-0152BEC51B6D}) (Version: 2.81.0 - Kovid Goyal)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.41.50 - Conexant)
CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
CyberLink MediaStory (HKLM-x32\...\InstallShield_{55762F9A-FCE3-45d5-817B-051218658423}) (Version: 1.0.1314 - CyberLink Corp.)
D110 (x32 Version: 140.0.353.000 - Hewlett-Packard) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.5.1.0230 - Disc Soft Ltd)
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Device Setup (HKLM-x32\...\{1F07F2C7-596F-4F34-B805-2C61A3E50E5A}) (Version: 1.0.20 - ASUSTek Computer Inc.)
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Dolphin (HKLM-x32\...\Dolphin) (Version: 5.0 - Dolphin Team)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
DVDFab 10.0.3.6 (26/04/2017) (HKLM-x32\...\DVDFab 10) (Version: 10.0.3.6 - Fengtao Software Inc.)
DVDFab 9.1.9.5 (28/03/2015) (HKLM-x32\...\DVDFab 9_is1) (Version:  - Fengtao Software Inc.)
emWave2 (HKLM-x32\...\emWave23.3.0.7385) (Version: 3.3.0.7385 - Heartmath Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Evernote v. 5.8.3 (HKLM-x32\...\{404B3FB8-A820-11E4-83FC-00163E98E7D6}) (Version: 5.8.3.6507 - Evernote Corp.)
Express Scribe Transcription Software (HKLM-x32\...\Scribe) (Version: 5.85 - NCH Software)
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
Foxit PhantomPDF (HKLM-x32\...\{045A0488-55C1-45B1-9992-4B4134904D61}) (Version: 7.0.59.127 - Foxit Software Inc.)
Freemake Audio Converter version 1.1.8 (HKLM-x32\...\Freemake Audio Converter_is1) (Version: 1.1.8 - Ellora Assets Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.96 - Google Inc.)
Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HandBrake 1.0.3 (HKLM-x32\...\HandBrake) (Version: 1.0.3 - )
Helium Audio Splitter (build 343) (HKLM-x32\...\{4ED951FE-165D-4F01-9E21-E9D75C3F3AE4}_is1) (Version: 1.9.0.343 - Imploded Software)
HexChat (HKLM\...\HexChat_is1) (Version: 2.12.4 - HexChat)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 6 (HKLM\...\{A5E2418D-B360-419D-AAAD-0D8F2E98FBF6}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Solutions Framework (HKLM-x32\...\{CE7447C2-EF12-4EF3-BE51-BFC3B049C0F6}) (Version: 12.6.14.19 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPAppStudio (x32 Version: 140.0.95.000 - Hewlett-Packard) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{fe2eebd3-ee15-4538-bb19-b627e3f2a911}) (Version: 2.6.1.4 - Intel)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 5.2.1.116 - IObit)
IrfanView 4.44 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.44 - Irfan Skiljan)
iTunes (HKLM\...\{955524E7-79EB-4CA9-BA4D-FD2DF587651B}) (Version: 12.4.3.1 - Apple Inc.)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Lucent Heart (HKLM\...\Steam App 283060) (Version:  - Playcoo)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50905.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24516 (HKLM-x32\...\{b8e12890-118d-4721-8e54-05d978086712}) (Version: 14.0.24516.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24516 (HKLM-x32\...\{c325004c-5538-45b3-a7ad-94473a4dcd3b}) (Version: 14.0.24516.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Mozilla Firefox 53.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 53.0.2 (x86 en-US)) (Version: 53.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 53.0.2.6333 - Mozilla)
Mp3tag v2.75 (HKLM-x32\...\Mp3tag) (Version: v2.75 - Florian Heidenreich)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
NVIDIA GeForce Experience 3.4.0.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.4.0.70 - NVIDIA Corporation)
NVIDIA Graphics Driver 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.66 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.3.16.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Opera Stable 43.0.2442.1144 (HKLM-x32\...\Opera 43.0.2442.1144) (Version: 43.0.2442.1144 - Opera Software)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
paint.net (HKLM\...\{A1D05314-DC32-4668-A97E-51060EC8BCCE}) (Version: 4.0.12 - dotPDN LLC)
PCSX2 - Playstation 2 Emulator (HKLM-x32\...\pcsx2) (Version:  - )
PDFescape Desktop (HKLM-x32\...\PDFescape Desktop) (Version: 1.0.6.28181 - RedSoftware)
PDFescape Desktop Asian Fonts Pack (Version: 1.0.16.29260 - Red Software) Hidden
PDFescape Desktop Convert Module (Version: 1.0.16.29260 - Red Software) Hidden
PDFescape Desktop Create Module (Version: 1.0.16.29260 - Red Software) Hidden
PDFescape Desktop Edit Module (Version: 1.0.16.29260 - Red Software) Hidden
PDFescape Desktop Forms Module (Version: 1.0.16.29260 - Red Software) Hidden
PDFescape Desktop Insert Module (Version: 1.0.16.29260 - Red Software) Hidden
PDFescape Desktop Review Module (Version: 1.0.16.29260 - Red Software) Hidden
PDFescape Desktop Secure Module (Version: 1.0.16.29260 - Red Software) Hidden
PDFescape Desktop View Module (Version: 1.0.16.29260 - Red Software) Hidden
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
PS_AIO_07_D110_SW_Min (x32 Version: 140.0.365.000 - Hewlett-Packard) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
QuickBooks (x32 Version: 19.0.4007.1091 - Intuit Canada Limited) Hidden
QuickBooks Premier: Retail Edition 2010 (HKLM-x32\...\{69CAC0F3-5CA1-4AFB-8DF9-BD982998B36F}) (Version: 19.0.4007.1091 - Intuit Canada Limited)
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.21243 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.29.314.2014 - Realtek)
Recorder Devices for ShareX 0.12.8 (HKLM\...\Recorder Devices for ShareX_is1) (Version: 0.12.8 - )
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
RonyaSoft CD DVD Label Maker 3.02 (HKLM-x32\...\RonyaSoft CD DVD Label Maker) (Version: 3.02 - RonyaSoft)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
ScoreCloud Studio (HKLM-x32\...\ScoreCloud) (Version: 3.4 - DoReMIR Music Research)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
StudioTax 2015 (HKLM-x32\...\{F03D988F-D2E1-45F1-BC74-283618FD8EE3}) (Version: 11.0.5.1 - BHOK IT Consulting)
StudioTax 2016 (HKLM-x32\...\{F2860D11-4319-4697-8E0B-D99D5B80E592}) (Version: 12.0.7.0 - BHOK IT Consulting)
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.1.2 - Krzysztof Kowalczyk)
SupportSoft Assisted Service (HKLM-x32\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
Transmission-Qt (HKLM\...\Transmission-Qt) (Version: 2.84.9 - Transmission)
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Unchecky v1.0.2 (HKLM-x32\...\Unchecky) (Version: 1.0.2 - RaMMicHaeL)
Update for Japanese Microsoft IME Postal Code Dictionary (HKLM-x32\...\{15015752-9990-4516-A2B1-93823281FB8E}) (Version: 15.0.1759 - Microsoft Corporation)
Update for Japanese Microsoft IME Standard Dictionary (HKLM-x32\...\{E75B82FD-B6FD-4653-8685-F3A97BDFEA6E}) (Version: 15.0.2013 - Microsoft Corporation)
Update for Japanese Microsoft IME Standard Extended Dictionary (HKLM-x32\...\{01E87699-A49D-413A-B75B-7C434FEF979C}) (Version: 15.0.2013 - Microsoft Corporation)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version:  - Microsoft)
Video Download Capture V6.2.4 (HKLM-x32\...\{b3336f66-e079-4ff6-abdb-51e2fab781d5}_is1) (Version: 6.2.4 - APOWERSOFT LIMITED)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VSDC Free Screen Recorder version 1.2.4.185 (HKLM-x32\...\VSDC Free Screen Recorder_is1) (Version: 1.2.4.185 - Flash-Integro LLC)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.1.15.458 - ASUS Cloud Corporation)
WIDI Recognition System Pro 3.3 (remove only) (HKLM-x32\...\WIDI Recognition System Pro 3.3) (Version:  - )
Windows Driver Package - ASUS (ATP) Mouse  (07/02/2014 6.0.0.39) (HKLM\...\51B9B97722559D76D6429B83B71A86106A35BFCE) (Version: 07/02/2014 6.0.0.39 - ASUS)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies)
WonderFox DVD Ripper Pro 8.4 (HKLM-x32\...\WonderFox DVD Ripper Pro) (Version: 8.4 - WonderFox Soft, Inc.)
Zan Image Printer (HKLM\...\zvprt50) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1526803253-2289046572-84949769-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {013EDA2D-1FF6-4C26-9F6F-6F4D2673B497} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {075CB3EE-7030-4478-B884-1B8F18AA310D} - System32\Tasks\P4GIntlCtrl => C:\Program Files\ASUS\P4G\IntlDPST.exe [2014-02-11] ()
Task: {0929A590-67C8-4039-ADAF-AD4BC268FF04} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {0F89384A-FDA3-4627-BF61-00002D787DBF} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-23] (NVIDIA Corporation)
Task: {1646FA6C-D1C1-4A05-938E-9D371F06ABBE} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-02-23] (NVIDIA Corporation)
Task: {1CD3F226-8E53-47AF-B986-97FC7BD8BC7C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-19] (Google Inc.)
Task: {1F11BC9E-F0AC-4874-9549-71F42E92EC73} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {36B9B2C7-D9ED-472D-B024-207C9565BAB2} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {37B3E291-9047-4D64-B9DC-40D5E8F9594A} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-23] (NVIDIA Corporation)
Task: {3E7D331B-A841-4050-90F5-579B9C8D4888} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {48FED751-1F8D-4907-AD3F-596A7C34B726} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {56307030-0AE8-4F72-AF05-4EE808DCDA41} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-04-12] (Adobe Systems Incorporated)
Task: {64AE8F8A-F1E3-4EBD-BEDF-E0270A5ABA7D} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-02-23] (NVIDIA Corporation)
Task: {66945C11-427E-4844-A0DD-BC911345F1E2} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2014-04-02] (ASUS)
Task: {691B2936-6D3F-48FD-B193-27D7C6F14946} - System32\Tasks\Uninstaller_SkipUac_Owner => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-12-24] (IObit)
Task: {721A3B82-DFDF-464E-8B63-8C16C0400ED0} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {7D4DCBE0-488A-4B1D-AB5D-2622299A76E5} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-23] (NVIDIA Corporation)
Task: {7E03ECD4-6042-45B8-892B-F7570DE72D6B} - System32\Tasks\USER_ESRV_SVC_WILLAMETTE => Wscript.exe //B //NoLogo "C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.vbs"
Task: {80E7D770-A8B4-403F-A2FB-EFA2BD2846E5} - System32\Tasks\{875D3F96-FFF7-41AD-A1D5-78FE49626AE8} => pcalua.exe -a C:\Downloads\wit-v2.31a-r6005-cygwin\wit-v2.31a-r6005-cygwin\windows-install.exe -d C:\Downloads\wit-v2.31a-r6005-cygwin\wit-v2.31a-r6005-cygwin
Task: {83FAD7FA-9BF8-4C24-909D-9CEE043B79CE} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2017-03-15] ()
Task: {8C5DA3CB-6EB2-450B-B56A-9F641106E1D0} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {92A39342-31E0-442E-A65D-3360D2D675D6} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2014-02-11] (ASUS)
Task: {AE42BAB5-F910-4A3D-859F-D04FB1A3827B} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-23] (NVIDIA Corporation)
Task: {BD5071AB-427B-454D-95FF-CD98585C3C22} - System32\Tasks\Opera scheduled Autoupdate 1457306947 => C:\Program Files (x86)\Opera\launcher.exe [2017-02-27] (Opera Software)
Task: {C0252D08-29C7-46DE-AF1A-B8DB508DF001} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2014-09-19] (AsusTek)
Task: {D1DCE02B-252F-4241-B51F-9CD1F5CADC00} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2014-01-14] (ASUSTek Computer Inc.)
Task: {D741398F-06F4-49E3-A387-7C94723E7763} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {D81888F8-AA89-4664-B45F-2E330C6AD32F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {E61CEA40-5171-4542-83F1-09F00A3D4107} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-02-23] (NVIDIA Corporation)
Task: {E94B468A-4740-4AFB-9995-4FE436096E7F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-19] (Google Inc.)
Task: {F21F1823-400C-4525-B121-978C65A520F8} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2015-03-03] (ASUSTek Computer Inc.)
Task: {F38E020B-1E79-4DE9-A8C0-C70254E199EC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
Task: {F8AECAFD-5514-4005-9EB6-02DF4F8D34CE} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Uninstaller_SkipUac_Owner.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DVDFab 10\DVDFab Online.lnk -> hxxp://www.dvdfab.cn/

ShortcutWithArgument: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Turbo Download Manager.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=kemfccojgjoilhfmcblgimbggikekjip

==================== Loaded Modules (Whitelisted) ==============

2017-02-24 14:30 - 2017-02-09 16:57 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-07-05 15:23 - 2016-07-05 15:23 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-07-05 15:23 - 2016-07-05 15:23 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-10-20 19:31 - 2017-02-23 12:35 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-20 19:31 - 2017-02-23 12:35 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-06-08 18:04 - 2016-06-08 18:04 - 00117400 _____ () C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
2017-03-21 20:35 - 2017-04-13 18:14 - 02271520 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-03-21 20:35 - 2017-04-13 18:14 - 02267600 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2014-02-11 19:08 - 2014-02-11 19:08 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2014-02-11 19:08 - 2014-02-11 19:08 - 00028672 _____ () C:\Program Files\ASUS\P4G\plctrl.dll
2014-10-20 02:05 - 2014-03-17 21:10 - 00080312 _____ () C:\Windows\system32\igfxexps.dll
2014-02-26 00:14 - 2014-02-26 00:14 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-02-26 00:11 - 2014-02-26 00:11 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2014-02-26 00:17 - 2014-02-26 00:17 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2017-02-23 09:29 - 2017-02-23 09:29 - 08909512 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-05-01 08:13 - 2016-11-14 18:09 - 00592384 _____ () C:\Users\Owner\AppData\Local\MEGAsync\ShellExtX64.dll
2016-03-04 11:31 - 2016-03-04 11:32 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\ErrorReporting.dll
2017-03-30 11:48 - 2017-04-30 09:34 - 00211096 _____ () C:\Program Files (x86)\Apowersoft\Video Download Capture 6\rtmpsrv.exe
2016-03-06 17:09 - 2015-12-23 17:27 - 00629536 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2016-03-07 13:50 - 2017-02-23 12:35 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-10-20 19:31 - 2017-02-23 12:35 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-20 19:31 - 2017-02-23 12:35 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2014-04-02 16:46 - 2014-04-02 16:46 - 00117248 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2014-04-02 16:46 - 2014-04-02 16:46 - 00037936 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2014-04-02 16:46 - 2014-04-02 16:46 - 00018992 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDColorEnhance.dll
2014-04-02 16:46 - 2014-04-02 16:46 - 00020528 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDRegammaAndGamut.dll
2016-10-20 19:31 - 2017-02-23 12:34 - 65708992 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2016-10-20 19:31 - 2017-02-23 08:30 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-10-20 19:31 - 2017-02-23 08:30 - 00252352 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-10-20 19:31 - 2017-02-23 08:30 - 02443320 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-10-20 19:31 - 2017-02-23 08:30 - 00385592 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-10-20 19:31 - 2017-02-23 08:30 - 00543288 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-10-20 19:31 - 2017-02-23 08:30 - 00468536 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-03-06 17:09 - 2015-12-23 17:27 - 00355616 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2016-03-06 17:09 - 2015-12-23 17:27 - 00190240 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2016-03-06 17:09 - 2015-12-23 17:27 - 00057632 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2016-03-03 16:32 - 2013-12-09 17:26 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2017-03-30 11:48 - 2017-01-02 15:00 - 01176576 _____ () C:\Program Files (x86)\Apowersoft\Video Download Capture 6\CefSharp.Core.dll
2017-03-30 11:48 - 2017-04-11 14:50 - 61096960 _____ () C:\Program Files (x86)\Apowersoft\Video Download Capture 6\libcef.dll
2017-05-09 18:50 - 2017-05-09 18:50 - 00081408 ____T () C:\Users\Owner\AppData\Local\Microsoft\bass_vst.dll
2017-05-09 18:50 - 2017-05-09 22:58 - 01758720 ____T () C:\Users\Owner\AppData\Local\Microsoft\engine_vx.dll
2017-03-30 11:48 - 2017-01-02 14:59 - 01047552 _____ () C:\Program Files (x86)\Apowersoft\Video Download Capture 6\SDL2.dll
2017-03-30 11:48 - 2017-01-02 14:59 - 00364544 _____ () C:\Program Files (x86)\Apowersoft\Video Download Capture 6\log4cplus.dll
2017-03-30 11:48 - 2017-01-02 14:59 - 00046592 _____ () C:\Program Files (x86)\Apowersoft\Video Download Capture 6\httpfilterv2_dll.dll
2017-03-30 11:48 - 2017-01-02 14:59 - 00075264 _____ () C:\Program Files (x86)\Apowersoft\Video Download Capture 6\ismdownloadv2_dll.dll
2017-03-30 11:48 - 2017-01-02 14:59 - 00020992 _____ () C:\Program Files (x86)\Apowersoft\Video Download Capture 6\mms_dll.dll
2017-03-30 11:48 - 2017-01-02 14:59 - 00107520 _____ () C:\Program Files (x86)\Apowersoft\Video Download Capture 6\zlib1.dll
2017-02-23 09:29 - 2017-02-23 09:29 - 08909512 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-05-01 08:15 - 2016-11-14 18:09 - 00564736 _____ () C:\Users\Owner\AppData\Local\MEGAsync\ShellExtX32.dll
2017-03-30 11:48 - 2017-01-02 14:59 - 00622080 _____ () C:\Program Files (x86)\Apowersoft\Video Download Capture 6\libuseass.dll
2017-03-30 11:48 - 2017-01-02 14:59 - 00279059 _____ () C:\Program Files (x86)\Apowersoft\Video Download Capture 6\libfontconfig-1.dll
2017-03-30 11:48 - 2017-01-02 14:59 - 01563136 _____ () C:\Program Files (x86)\Apowersoft\Video Download Capture 6\libass.dll
2017-03-30 11:48 - 2017-01-02 14:59 - 00143096 _____ () C:\Program Files (x86)\Apowersoft\Video Download Capture 6\libexpat-1.dll
2017-03-30 11:48 - 2017-01-02 14:59 - 00458752 _____ () C:\Program Files (x86)\Apowersoft\Video Download Capture 6\freetype6.dll
2017-03-30 11:48 - 2017-01-02 15:00 - 00799744 _____ () C:\Program Files (x86)\Apowersoft\Video Download Capture 6\CefSharp.BrowserSubprocess.Core.dll
2017-03-30 11:48 - 2017-04-11 14:50 - 02243072 _____ () C:\Program Files (x86)\Apowersoft\Video Download Capture 6\libglesv2.dll
2017-03-30 11:48 - 2017-04-11 14:50 - 00079360 _____ () C:\Program Files (x86)\Apowersoft\Video Download Capture 6\libegl.dll
2013-04-27 10:24 - 2013-04-27 10:24 - 00071680 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\checkmetro.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKLM\...\.scr: CryptoPreventSCR => "C:\Program Files (x86)\Foolish IT\CryptoPrevent\CryptoPreventFilterMod.CryptoPreventEXEC" "%1" /S %*

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 07:25 - 2017-05-09 18:48 - 00002230 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us

There are 9 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1526803253-2289046572-84949769-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "QuickBooks Update Agent.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "XboxStat"
HKLM\...\StartupApproved\Run32: => "Intuit SyncManager"
HKLM\...\StartupApproved\Run32: => "ProductUpdater"
HKU\S-1-5-21-1526803253-2289046572-84949769-1001\...\StartupApproved\StartupFolder: => "MEGAsync.lnk"
HKU\S-1-5-21-1526803253-2289046572-84949769-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1526803253-2289046572-84949769-1001\...\StartupApproved\Run: => "eagleget_setup"
HKU\S-1-5-21-1526803253-2289046572-84949769-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{40EC0B1D-44A8-425D-998A-4C8AC9C31BE5}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{C80460E0-9D6D-4EC9-AFF5-C39E6CECB375}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{6BDE2CE0-D48D-4653-AA1F-5E7D5C9457F9}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{E7705C98-8651-4A2A-A4E7-1DEFE50FA3DE}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{4B12FEDC-D36F-44F7-89F5-26E1E85B163E}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{7B90B0CD-3E06-4292-AA47-5F6615284E88}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A790A1C6-F9D4-4888-91D7-0384122804BE}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{DCE83B38-EE22-40E7-ABA0-F0CA86C4CB41}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E9DAB338-89C5-487A-B84C-F392643AD9C3}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{3FD1946F-9C5A-4690-8B55-1BE96602E2B3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Lucent Heart\LucentPatch.exe
FirewallRules: [{FCEF6BAD-5562-4A5E-A4D8-F7C3A4B7CEC6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Lucent Heart\LucentPatch.exe
FirewallRules: [{7135F96C-9B8C-48BA-986B-9F87277AB9FE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1A8BDC33-4FE9-451E-B6D1-931BC5676E38}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{5BE1F031-1828-49FD-9B24-4F6410A05E8D}C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe] => (Block) C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe
FirewallRules: [UDP Query User{ABDCA425-F758-47EC-983C-852ED9B3402C}C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe] => (Block) C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe
FirewallRules: [{EF0A6209-EFA4-4D19-9C65-4403C145A256}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{797A7534-2A39-4C85-A883-137F9DD469B4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{49703BE2-925C-46A6-9C0C-54AB4C8858F4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{464DCDFA-36AC-4F19-BAD1-1D3BC0FBA6FE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{D104523F-80BD-4BBA-A903-A50D0C464184}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{EA1F3511-6F76-4117-BD17-A16371E0002F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{A18962E3-F18C-43E7-BDF2-E6F8CFF10DE8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{2A2EF035-68E9-4F68-80BF-D196E7DAA244}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{5ABB2D10-CDEA-42D0-B6BD-349AC3325B85}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{A780FA01-FED6-4157-B0FE-9ED8350BDE93}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{DDC1E423-2329-49D9-9F05-4F5BDB24B068}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{64FFA3FC-7227-4F1F-92F2-AB6A7B4A5398}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{61924848-B5C2-4608-9182-05D7F2D6ED54}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS2B20\HPDiagnosticCoreUI.exe
FirewallRules: [{46D95229-860D-4E02-8DDA-E3DF8AA9BB56}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS2B20\HPDiagnosticCoreUI.exe
FirewallRules: [{5C8FDAC9-5536-479C-A5C4-E610B00609BD}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS595B\HPDiagnosticCoreUI.exe
FirewallRules: [{767B0C4A-D72C-43C5-894A-5ABF3169C6A5}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS595B\HPDiagnosticCoreUI.exe
FirewallRules: [{BA555286-D69D-4A77-A849-7E8FB6F69073}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS611C\HPDiagnosticCoreUI.exe
FirewallRules: [{96CAE66A-B686-4BB9-A50F-6039F9799195}] => (Allow) C:\Users\Owner\AppData\Local\Temp\7zS611C\HPDiagnosticCoreUI.exe
FirewallRules: [{1DDD9F2F-1DE2-442C-8CC2-498F41A34FC4}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{D7B6D7EE-CB82-42AF-8359-9F96067BCFF7}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{6565DA83-AC93-4745-BEB4-9BB60D7BD9E7}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{EE0F6E38-91A7-4926-8CB4-E60034A05B16}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{7B184D0C-7574-411B-8C94-B2CE7C013598}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{E1BD963C-577A-456B-BEFC-077CB4A06C16}C:\program files (x86)\microsoft directx sdk (june 2010)\utilities\bin\x86\audconsole3.exe] => (Allow) C:\program files (x86)\microsoft directx sdk (june 2010)\utilities\bin\x86\audconsole3.exe
FirewallRules: [UDP Query User{D9457B4F-B8A8-4817-9B9E-E0E1E1D458BA}C:\program files (x86)\microsoft directx sdk (june 2010)\utilities\bin\x86\audconsole3.exe] => (Allow) C:\program files (x86)\microsoft directx sdk (june 2010)\utilities\bin\x86\audconsole3.exe
FirewallRules: [TCP Query User{8FA7A724-E98C-41FF-9F12-2B1D98D4EB54}C:\program files\transmission\transmission-qt.exe] => (Allow) C:\program files\transmission\transmission-qt.exe
FirewallRules: [UDP Query User{49CC2EC4-7854-43B1-B6A7-D2254FC8362A}C:\program files\transmission\transmission-qt.exe] => (Allow) C:\program files\transmission\transmission-qt.exe
FirewallRules: [TCP Query User{4F7EBBC5-E644-4123-810F-8C4E35628851}C:\program files\transmission\transmission-qt.exe] => (Allow) C:\program files\transmission\transmission-qt.exe
FirewallRules: [UDP Query User{E56C86C4-A264-42AC-AB8A-A93D032AC37A}C:\program files\transmission\transmission-qt.exe] => (Allow) C:\program files\transmission\transmission-qt.exe
FirewallRules: [{A7BDCE84-98A0-48A0-A9D0-CDDC40A0505A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{CC38A50A-3002-4645-B2D3-EA2AA3A35C67}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{14F8674A-CCD5-4DFD-8242-7A5F34073282}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{CA5ADD49-2C2B-41B5-BB50-30AE7B2F39F1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E1E62B62-9AF5-4A42-B544-7564A3FDE48C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{AF116FF5-12F9-4A26-BEE9-A2C7DDA16D4B}] => (Allow) C:\Program Files (x86)\Opera\43.0.2442.991\opera.exe
FirewallRules: [{9228C997-F131-47C8-AF41-B4C03E6D761F}] => (Allow) C:\Program Files (x86)\FlashIntegro\ScreenRecorder\ScreenRecorder.exe
FirewallRules: [{7BA92F04-F376-4D47-85E0-B2D0CD3CAB98}] => (Allow) C:\Program Files (x86)\FlashIntegro\ScreenRecorder\ScreenRecorder.exe
FirewallRules: [{0DBEC6E4-D151-4A19-AE22-FD4072E7C10C}] => (Allow) C:\Program Files (x86)\FlashIntegro\ScreenRecorder\Updater.exe
FirewallRules: [{91914256-7DDD-471B-A004-F1BB6023957F}] => (Allow) C:\Program Files (x86)\FlashIntegro\ScreenRecorder\Updater.exe
FirewallRules: [TCP Query User{49B7E43E-48B3-4D52-A23C-772E50690745}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{BC1F4B61-775E-4689-9F9A-871EABEBE2F8}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [{39FF7C37-9588-43C4-B1E5-8235DAA5039C}] => (Allow) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
FirewallRules: [{F051CCB6-377B-497D-AF5D-04C6EB3BB1D8}] => (Allow) C:\Program Files (x86)\ATOMI\ActivePresenter\ActivePresenter.exe
FirewallRules: [{FECA67E2-0829-40C8-BDCE-644817B592C2}] => (Allow) C:\Program Files (x86)\ATOMI\ActivePresenter\ActivePresenter.exe
FirewallRules: [{E181687D-A538-46D2-A87F-F073BE128215}] => (Allow) C:\Program Files (x86)\ATOMI\ActivePresenter\rlhtmlrenderer.exe
FirewallRules: [{0B496926-65C7-49F2-A25A-E45DBCE75854}] => (Allow) C:\Program Files (x86)\ATOMI\ActivePresenter\rlhtmlrenderer.exe
FirewallRules: [{318CA157-5403-4A60-BD26-42D160079554}] => (Allow) C:\Program Files (x86)\ATOMI\ActivePresenter\rlactivator.exe
FirewallRules: [{077163F0-A109-4B99-8417-8E3C5B8BB457}] => (Allow) C:\Program Files (x86)\ATOMI\ActivePresenter\rlactivator.exe
FirewallRules: [TCP Query User{9BFF6FA5-1685-488B-8994-F6D9263BCFFB}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{2C53226A-3BB7-4F4B-8833-57064EBB7359}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [{5129574B-BB95-414E-BC3D-A1AFE4FB1FBE}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Converter Studio\Video Converter Studio.exe
FirewallRules: [{6403CCC3-0AC1-47F9-A4AB-5ECBBB891DD4}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Converter Studio\Video Converter Studio.exe
FirewallRules: [{68C3E735-1C64-4C78-9529-898F5A26AF89}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\Video Download Capture 6.exe
FirewallRules: [{1D6D7102-D06C-4368-B323-8D8F89EA865C}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\Video Download Capture 6.exe
FirewallRules: [{935F1AD5-12E8-4C25-93D0-CD26355A9A3F}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\rtmpsrv.exe
FirewallRules: [{98D0107C-E953-43A8-A3FC-064C122ED958}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture 6\rtmpsrv.exe
FirewallRules: [{957A7165-848A-471D-A252-FC237BE2F78A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{1FC69F16-1A7C-49A0-A391-2FAA93486AC6}C:\program files (x86)\dvdfab 10\dvdfab.exe] => (Allow) C:\program files (x86)\dvdfab 10\dvdfab.exe
FirewallRules: [UDP Query User{E22ADA0A-701A-4C69-B13B-C19748C4901C}C:\program files (x86)\dvdfab 10\dvdfab.exe] => (Allow) C:\program files (x86)\dvdfab 10\dvdfab.exe

==================== Restore Points =========================

05-05-2017 14:03:35 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: Unknown USB Device (Device Descriptor Request Failed)
Description: Unknown USB Device (Device Descriptor Request Failed)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/10/2017 06:32:41 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "c:\program files (x86)\eset\eset online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

Error: (05/10/2017 06:25:49 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (05/10/2017 06:22:45 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=fe1c3238-432a-43a1-8e25-97e7d1ef10f3;NotificationInterval=1440;Trigger=NetworkQuarantineRetry

Error: (05/10/2017 06:22:19 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=fe1c3238-432a-43a1-8e25-97e7d1ef10f3;NotificationInterval=1440;Trigger=TimerEvent

Error: (05/10/2017 06:20:19 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=fe1c3238-432a-43a1-8e25-97e7d1ef10f3;NotificationInterval=1440;Trigger=TimerEvent

Error: (05/10/2017 06:19:58 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=dca14e37-0c5c-444f-9b35-1e2f161f5ac3;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=fe1c3238-432a-43a1-8e25-97e7d1ef10f3;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (05/09/2017 10:58:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Video Download Capture 6.exe, version: 6.2.4.0, time stamp: 0x59053f04
Faulting module name: msvcrt.dll, version: 7.0.9600.17415, time stamp: 0x54504b2e
Exception code: 0xc0000005
Fault offset: 0x0000c34c
Faulting process id: 0x1ac0
Faulting application start time: 0x01d2c927671d17a5
Faulting application path: C:\Program Files (x86)\Apowersoft\Video Download Capture 6\Video Download Capture 6.exe
Faulting module path: C:\Windows\SYSTEM32\msvcrt.dll
Report Id: 45e4cef2-353d-11e7-82c3-f0795907df78
Faulting package full name:
Faulting package-relative application ID:

Error: (05/09/2017 10:58:14 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Video Download Capture 6.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.AccessViolationException
   at Apowersoft.Media.FFMpeg.AVCodecDll.av_picture_copy(Apowersoft.Media.FFMpeg.AVPicture ByRef, Apowersoft.Media.FFMpeg.AVFrame ByRef, Apowersoft.Media.FFMpeg.AVPixelFormat, Int32, Int32)
   at Apowersoft.Media.FFMpeg.VideoPlayClass.queue_picture(VideoState, Apowersoft.Media.FFMpeg.AVFrame ByRef, Double, Double, Int64, SerialClass)
   at Apowersoft.Media.FFMpeg.VideoPlayClass.video_thread(System.Object)

Error: (05/09/2017 08:52:38 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "WmiApRpl" in DLL "C:\Windows\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (05/09/2017 08:52:38 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.


System errors:
=============
Error: (05/09/2017 06:48:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Media Player Network Sharing Service service depends on the Windows Search service which failed to start because of the following error:
The service did not start due to a logon failure.

Error: (05/09/2017 06:48:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
The service did not start due to a logon failure.

Error: (05/09/2017 06:48:03 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
The request is not supported.


To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (05/09/2017 06:48:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
The service did not start due to a logon failure.

Error: (05/09/2017 06:48:01 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
The request is not supported.


To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (05/09/2017 06:47:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Support Solutions Framework Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/09/2017 06:47:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The BBUpdate service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/09/2017 06:47:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (05/09/2017 06:47:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Dynamic Application Loader Host Interface Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/09/2017 06:47:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® ME Service service terminated unexpectedly.  It has done this 1 time(s).


CodeIntegrity:
===================================
  Date: 2017-04-23 10:22:39.033
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-04-23 10:22:38.648
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-04-23 08:32:48.692
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-04-23 08:32:48.414
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-04-15 18:03:23.405
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-04-15 18:03:23.202
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-04-03 23:52:38.277
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-04-03 23:52:38.043
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-04-01 11:07:25.618
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-04-01 11:07:25.394
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i7-4710HQ CPU @ 2.50GHz
Percentage of memory in use: 27%
Total physical RAM: 12171.01 MB
Available physical RAM: 8796.16 MB
Total Virtual: 24459.01 MB
Available Virtual: 20193.21 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:279.45 GB) (Free:41.04 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Data) (Fixed) (Total:403.07 GB) (Free:168.52 GB) NTFS
Drive e: (The Truth About Vaccines) (CDROM) (Total:4.92 GB) (Free:0 GB) UDF
Drive j: () (Fixed) (Total:2794.51 GB) (Free:872.96 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: F03AAA7D)

Partition: GPT.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 1.

==================== End of Addition.txt ============================

 

Please help me! I very much appreciate your time and support!


  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
Hello,

There's evidence of illegal software on your system.
The software is Adobe and the crack is your host file, it allows you to by-pass Adobe activation.

127.0.0.1 na1r.services.adobe.com
127.0.0.1 hlrcv.stage.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly


Other evidence is also present in the log file==>

Task: {36B9B2C7-D9ED-472D-B024-207C9565BAB2} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe

autokms.exe is a file that goes along with a keygen. Such as you downloading a keygen to hack some software. It usually gets installed when you crack Microsoft Office.



It's against forum policy to assist with this type of software
  • 0

#3
Destiny000

Destiny000

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts

So is the program the actual problem? I'm not the only one who uses this computer. Apparently the problems currently present did not start after installation of said program, they only started within the last three days of the previous post. So if that program is not the problem and there is something else I am fine with uninstalling that program myself to figure out what is really going on.


  • 0

#4
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 8,087 posts
There's evidence of illegal software on your system.

Topic is closed. do not pm me any more. Take it in for repair.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP