Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

wifi dropouts and google products not loading

virus malware

  • Please log in to reply

#1
digikiwi

digikiwi

    Member

  • Member
  • PipPipPip
  • 260 posts

Hi GtG folks,

great to see this website is still going, I haven't been here for 10+ years!!

 

I have a fairly new laptop with Windows 10 and keep having my wifi network dropping out intermittently.  It will suddenly say "no network available" but this is not happening on other devices on the same network. Also, Google products will take forever to load quite frequently, for example search result links, or google maps.

 

I run Eset Smart Security which finds nothing on scanning, and Malware bytes.  MB found some PUP as listed below a while back.  I also had someting called kmspico but can't find a log on this.

 

Here is the report from MB, followed by FRST anf then Addition.txt

 

Any help greatly appreciated.

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 10/24/17
Scan Time: 6:17 PM
Log File: ac86d2f6-b87a-11e7-ba75-a402b9e06469.json
Administrator: Yes

-Software Information-
Version: 3.2.2.2029
Components Version: 1.0.212
Update Package Version: 1.0.3079
License: Trial

-System Information-
OS: Windows 10 (Build 15063.674)
CPU: x64
File System: NTFS
User: ERFWYL\Earthwhile

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 360469
Threats Detected: 1
Threats Quarantined: 1
Time Elapsed: 1 min, 24 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
PUP.Optional.Conduit, C:\USERS\EARTHWHILE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1EEQFRP3.DEFAULT\PREFS.JS, Replaced, [577], [301520],1.0.3079

Physical Sector: 0
(No malicious items detected)


(end)

 

 

FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-11-2017
Ran by Earthwhile (administrator) on ERFWYL (23-11-2017 21:33:04)
Running from C:\Users\Earthwhile\Desktop
Loaded Profiles: Earthwhile (Available Profiles: Earthwhile)
Platform: Windows 10 Pro Version 1709 16299.64 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxCUIService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\Intel Driver and Support Assistant\SUR\SurSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxEM.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(ESET) C:\Program Files\ESET\ESET Security\egui.exe
(f.lux Software LLC) C:\Users\Earthwhile\AppData\Local\FluxSoftware\Flux\flux.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11710.1001.27.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(The SABnzbd-team) C:\Program Files\SABnzbd\SABnzbd.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-30] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-26] (Logitech, Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmdS.exe [324216 2017-11-12] (ESET)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3567928 2017-11-13] (Dropbox, Inc.)
HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe [131360 2017-09-18] (Intel)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1160408 2017-03-29] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499640 2017-03-29] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-10-12] (Adobe Systems Incorporated)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1091263799-938790483-100364564-1001\...\Run: [f.lux] => C:\Users\Earthwhile\AppData\Local\FluxSoftware\Flux\flux.exe [1678840 2017-10-11] (f.lux Software LLC)
HKU\S-1-5-21-1091263799-938790483-100364564-1001\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-1091263799-938790483-100364564-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [40417680 2017-11-01] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{631fb250-ba41-4078-ac5c-d5001b8fc4c0}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Internet Explorer:
==================
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2017-11-17] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems Incorporated)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-26] (Logitech, Inc.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-11-10] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-10-24] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-29] (Adobe Systems Incorporated)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-26] (Logitech, Inc.)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2017-11-10] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-29] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2017-03-28] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2017-03-29] (Adobe Systems Incorporated)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-10] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-11-10] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-10] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-11-10] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-10] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-11-10] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-11-10] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-11-10] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 1eeqfrp3.default
FF ProfilePath: C:\Users\Earthwhile\AppData\Roaming\Mozilla\Firefox\Profiles\1eeqfrp3.default [2017-11-23]
FF Homepage: Mozilla\Firefox\Profiles\1eeqfrp3.default -> hxxp://www.google.co.nz/
FF NetworkProxy: Mozilla\Firefox\Profiles\1eeqfrp3.default -> type", 0
FF Extension: (AdBlocker for YouTube™) - C:\Users\Earthwhile\AppData\Roaming\Mozilla\Firefox\Profiles\1eeqfrp3.default\Extensions\[email protected] [2017-09-30]
FF Extension: (NoScript) - C:\Users\Earthwhile\AppData\Roaming\Mozilla\Firefox\Profiles\1eeqfrp3.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-11-21]
FF Extension: (Adblock Plus) - C:\Users\Earthwhile\AppData\Roaming\Mozilla\Firefox\Profiles\1eeqfrp3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-11-09]
FF Extension: (Tab Mix Plus) - C:\Users\Earthwhile\AppData\Roaming\Mozilla\Firefox\Profiles\1eeqfrp3.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2017-09-30] [Lagacy]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2017-10-10] [Lagacy]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2017-10-18] [Lagacy] [not signed]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-10-24] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-12] (Adobe Systems)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [No File]
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-14] (Google, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-10-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-10-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-25] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2017-03-29] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-12] (Adobe Systems)

Chrome:
=======
CHR Profile: C:\Users\Earthwhile\AppData\Local\Google\Chrome\User Data\Default [2017-11-20]
CHR Extension: (Slides) - C:\Users\Earthwhile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\Earthwhile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-18]
CHR Extension: (Google Drive) - C:\Users\Earthwhile\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-30]
CHR Extension: (YouTube) - C:\Users\Earthwhile\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-30]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Earthwhile\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2017-10-18]
CHR Extension: (Adobe Acrobat) - C:\Users\Earthwhile\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-10-13]
CHR Extension: (Sheets) - C:\Users\Earthwhile\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-18]
CHR Extension: (Google Docs Offline) - C:\Users\Earthwhile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-10-01]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Earthwhile\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-10-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Earthwhile\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-30]
CHR Extension: (Gmail) - C:\Users\Earthwhile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-30]
CHR Extension: (Chrome Media Router) - C:\Users\Earthwhile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-20]
CHR HKU\S-1-5-21-1091263799-938790483-100364564-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2017-03-29]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-12] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8063656 2017-11-02] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-10-01] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-10-01] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51016 2017-11-13] (Dropbox, Inc.)
R2 DSAService; C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe [22816 2017-09-18] (Intel)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2648184 2017-11-12] (ESET)
R2 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1392792 2015-11-09] (Intel Corporation)
S3 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] ()
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268968 2017-11-12] ()
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2016-06-15] (HP Inc.) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2016-06-15] (HP Inc.) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4297920 2017-09-30] (Microsoft Corporation)
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver and Support Assistant\SUR\SurSvc.exe [157456 2017-03-07] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-08-29] (TeamViewer GmbH)
S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-30] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3758760 2017-11-12] (Intel® Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AsusPTPDrv; C:\WINDOWS\System32\drivers\AsusPTPFilter.sys [95224 2016-05-20] (ASUS Corporation)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [55784 2015-11-09] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [52200 2015-11-09] (Intel Corporation)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [132848 2017-11-12] (ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [107344 2017-05-04] (ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15392 2017-11-12] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [180088 2017-11-12] (ESET)
R2 ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [50752 2017-05-04] (ESET)
R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [78192 2017-05-04] (ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [102160 2017-11-12] (ESET)
S3 ESETCleanersDriver; C:\WINDOWS\system32\Drivers\ESETCleanersDriver.sys [181160 2017-10-04] (ESET)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [260072 2015-11-09] (Intel Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [245768 2017-08-07] (Intel Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2017-11-21] (Malwarebytes)
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7638536 2017-10-29] (Intel Corporation)
S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
R3 SensorsAlsDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [259584 2017-09-30] (Microsoft Corporation)
S3 ssudcdf; C:\WINDOWS\System32\drivers\ssudcdf.sys [36608 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssuddmgr; C:\WINDOWS\System32\drivers\ssuddmgr.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudobex; C:\WINDOWS\System32\drivers\ssudobex.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64640 2016-09-05] (QUALCOMM Incorporated)
S3 ssudrmnet; C:\WINDOWS\System32\drivers\ssudrmnet.sys [70400 2014-01-22] (DEVGURU Co., LTD.)
S3 ssudserd; C:\WINDOWS\System32\drivers\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ss_conn_usb_driver; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver.sys [26368 2014-01-22] (DEVGURU Co., LTD.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-30] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-30] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-23 21:22 - 2017-11-23 21:22 - 000043343 _____ C:\Users\Earthwhile\Desktop\Addition.txt
2017-11-23 21:21 - 2017-11-23 21:33 - 000022481 _____ C:\Users\Earthwhile\Desktop\FRST.txt
2017-11-23 21:20 - 2017-11-23 21:21 - 000000000 ____D C:\Users\Earthwhile\Downloads\vir
2017-11-23 21:20 - 2017-11-23 21:20 - 002391552 _____ (Farbar) C:\Users\Earthwhile\Desktop\FRST64.exe
2017-11-21 17:18 - 2017-11-21 17:18 - 000000000 ____D C:\Users\Earthwhile\Downloads\Typing Instructor Platinum for Kids
2017-11-21 16:52 - 2017-11-21 16:52 - 000000000 ____D C:\Program Files\Common Files\Intel
2017-11-21 16:30 - 2017-11-21 16:39 - 205787409 _____ C:\Users\Earthwhile\Downloads\WLAN_Intel_Win10_64_VER184033.zip
2017-11-20 19:24 - 2017-11-20 19:24 - 000000000 ____D C:\Users\Earthwhile\AppData\Local\Tempzxpsign44dea0fb177fb460
2017-11-20 19:22 - 2017-11-20 19:22 - 000000000 ____D C:\Users\Earthwhile\AppData\Local\Tempzxpsign654bbf22913cc968
2017-11-20 19:22 - 2017-11-20 19:22 - 000000000 ____D C:\Users\Earthwhile\AppData\Local\Tempzxpsign57f589d9456defd4
2017-11-20 19:22 - 2017-11-20 19:22 - 000000000 ____D C:\Users\Earthwhile\AppData\Local\Tempzxpsign4af98a29dcc00894
2017-11-19 15:35 - 2017-11-18 18:44 - 000000000 ____D C:\Windows.old
2017-11-18 19:39 - 2017-11-18 19:39 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2017-11-18 19:38 - 2017-11-18 19:38 - 000000020 ___SH C:\Users\Earthwhile\ntuser.ini
2017-11-18 19:38 - 2017-11-18 19:38 - 000000000 ___RD C:\Users\Earthwhile\3D Objects
2017-11-18 19:38 - 2017-11-18 19:38 - 000000000 ___HD C:\Users\Earthwhile\MicrosoftEdgeBackups
2017-11-18 19:38 - 2017-11-18 19:38 - 000000000 ____D C:\ProgramData\USOShared
2017-11-18 18:43 - 2017-11-21 17:13 - 000918046 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-18 18:42 - 2017-11-21 16:53 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-18 18:42 - 2017-11-21 13:17 - 000003550 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
2017-11-18 18:42 - 2017-11-21 13:17 - 000003540 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
2017-11-18 18:42 - 2017-11-18 19:40 - 000003366 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1091263799-938790483-100364564-1001
2017-11-18 18:42 - 2017-11-18 18:43 - 000007623 _____ C:\WINDOWS\diagwrn.xml
2017-11-18 18:42 - 2017-11-18 18:43 - 000007623 _____ C:\WINDOWS\diagerr.xml
2017-11-18 18:42 - 2017-11-18 18:42 - 000022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-11-18 18:42 - 2017-11-18 18:42 - 000003444 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2017-11-18 18:42 - 2017-11-18 18:42 - 000003344 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-18 18:42 - 2017-11-18 18:42 - 000003220 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2017-11-18 18:42 - 2017-11-18 18:42 - 000003120 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-11-18 18:42 - 2017-11-18 18:42 - 000002968 _____ C:\WINDOWS\System32\Tasks\Update Checker
2017-11-18 18:42 - 2017-11-18 18:42 - 000002924 _____ C:\WINDOWS\System32\Tasks\ATK Package 36D18D69AFC3
2017-11-18 18:42 - 2017-11-18 18:42 - 000002762 _____ C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-ERFWYL-Earthwhile
2017-11-18 18:42 - 2017-11-18 18:42 - 000002584 _____ C:\WINDOWS\System32\Tasks\USER_ESRV_SVC_QUEENCREEK
2017-11-18 18:42 - 2017-11-18 18:42 - 000002540 _____ C:\WINDOWS\System32\Tasks\AutoPico Daily Restart
2017-11-18 18:42 - 2017-11-18 18:42 - 000002346 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_ListenToDevice
2017-11-18 18:42 - 2017-11-18 18:42 - 000002340 _____ C:\WINDOWS\System32\Tasks\ASUS USB Charger Plus
2017-11-18 18:42 - 2017-11-18 18:42 - 000002280 _____ C:\WINDOWS\System32\Tasks\RTKCPL
2017-11-18 18:42 - 2017-11-18 18:42 - 000002214 _____ C:\WINDOWS\System32\Tasks\ATK Package A22126881260
2017-11-18 18:42 - 2017-11-18 18:42 - 000002214 _____ C:\WINDOWS\System32\Tasks\ASUS Splendid ACMON
2017-11-18 18:42 - 2017-11-18 18:42 - 000000000 ____D C:\WINDOWS\System32\Tasks\Intel
2017-11-18 18:39 - 2017-11-18 18:39 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-11-18 18:38 - 2017-11-19 20:50 - 000000000 ____D C:\Users\Earthwhile\AppData\Local\Packages
2017-11-18 18:38 - 2017-11-18 19:38 - 000000000 ____D C:\Users\Earthwhile
2017-11-18 18:37 - 2017-09-30 02:41 - 002241024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-11-18 18:37 - 2016-11-30 08:36 - 000113672 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2017-11-18 18:36 - 2017-11-23 01:35 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-11-18 18:36 - 2017-11-21 16:53 - 000383656 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-11-18 18:17 - 2017-11-12 20:21 - 000180088 _____ (ESET) C:\WINDOWS\system32\Drivers\ehdrv.sys
2017-11-18 18:17 - 2017-11-12 20:21 - 000132848 _____ (ESET) C:\WINDOWS\system32\Drivers\eamonm.sys
2017-11-18 18:17 - 2017-11-12 20:21 - 000102160 _____ (ESET) C:\WINDOWS\system32\Drivers\epfwwfp.sys
2017-11-18 18:17 - 2017-11-12 20:21 - 000015392 _____ (ESET) C:\WINDOWS\system32\Drivers\eelam.sys
2017-11-18 18:17 - 2017-05-04 13:18 - 000107344 _____ (ESET) C:\WINDOWS\system32\Drivers\edevmon.sys
2017-11-18 18:17 - 2017-05-04 13:18 - 000078192 _____ (ESET) C:\WINDOWS\system32\Drivers\epfw.sys
2017-11-18 18:17 - 2017-05-04 13:18 - 000050752 _____ (ESET) C:\WINDOWS\system32\Drivers\ekbdflt.sys
2017-11-18 18:15 - 2017-11-19 15:35 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-11-18 06:49 - 2017-11-18 18:16 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2017-11-18 06:46 - 2017-11-18 06:46 - 000000000 ____D C:\WINDOWS\containers
2017-11-18 06:45 - 2017-11-18 06:45 - 025246208 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-11-18 06:45 - 2017-11-18 06:45 - 023658496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-11-18 06:45 - 2017-11-18 06:45 - 021753344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2017-11-18 06:45 - 2017-11-18 06:45 - 019339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-11-18 06:45 - 2017-11-18 06:45 - 018914304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-11-18 06:45 - 2017-11-18 06:45 - 017083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2017-11-18 06:45 - 2017-11-18 06:45 - 013655552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-11-18 06:45 - 2017-11-18 06:45 - 012687360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2017-11-18 06:45 - 2017-11-18 06:45 - 008099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-11-18 06:45 - 2017-11-18 06:45 - 006791472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-11-18 06:45 - 2017-11-18 06:45 - 006035968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-11-18 06:45 - 2017-11-18 06:45 - 006015200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-11-18 06:45 - 2017-11-18 06:45 - 004742144 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-11-18 06:45 - 2017-11-18 06:45 - 004648528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-11-18 06:45 - 2017-11-18 06:45 - 004487968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-11-18 06:45 - 2017-11-18 06:45 - 003679232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-11-18 06:45 - 2017-11-18 06:45 - 002717392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-11-18 06:45 - 2017-11-18 06:45 - 002465848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-11-18 06:45 - 2017-11-18 06:45 - 002269080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2017-11-18 06:45 - 2017-11-18 06:45 - 001970520 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-11-18 06:45 - 2017-11-18 06:45 - 001507736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-11-18 06:45 - 2017-11-18 06:45 - 001454568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2017-11-18 06:45 - 2017-11-18 06:45 - 001377080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-11-18 06:45 - 2017-11-18 06:45 - 001015008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-11-18 06:45 - 2017-11-18 06:45 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-11-18 06:45 - 2017-11-18 06:45 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-11-18 06:45 - 2017-11-18 06:45 - 000665600 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2017-11-18 06:45 - 2017-11-18 06:45 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-11-18 06:45 - 2017-11-18 06:45 - 000541184 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2017-11-18 06:45 - 2017-11-18 06:45 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-11-18 06:45 - 2017-11-18 06:45 - 000336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicRuntimes.dll
2017-11-18 06:45 - 2017-11-18 06:45 - 000285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-11-18 06:45 - 2017-11-18 06:45 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-11-18 06:45 - 2017-11-18 06:45 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 008590744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-11-18 06:44 - 2017-11-18 06:44 - 007831248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 005906264 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 003670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-11-18 06:44 - 2017-11-18 06:44 - 003478016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 003313968 _____ C:\WINDOWS\system32\Windows.Mirage.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 002972672 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 002905600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-11-18 06:44 - 2017-11-18 06:44 - 002869248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 002864640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 002862080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 002781696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 002633216 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 002573208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-11-18 06:44 - 2017-11-18 06:44 - 002474584 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 002467840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 002400664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-11-18 06:44 - 2017-11-18 06:44 - 002392576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 002106368 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-11-18 06:44 - 2017-11-18 06:44 - 001954048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 001856000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 001822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 001806336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 001667584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 001664000 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 001641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 001634288 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 001615720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 001587200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 001554216 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 001547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 001528904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 001485824 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 001463856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 001436432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 001426152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 001323840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 001322496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 001280000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 001261864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 001246432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 001200024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-11-18 06:44 - 2017-11-18 06:44 - 001170008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 001167360 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 001053592 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-11-18 06:44 - 2017-11-18 06:44 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2017-11-18 06:44 - 2017-11-18 06:44 - 000982016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 000975872 _____ C:\WINDOWS\system32\FaceProcessor.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2017-11-18 06:44 - 2017-11-18 06:44 - 000925184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 000839928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Perception.Stub.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-11-18 06:44 - 2017-11-18 06:44 - 000768512 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 000739696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-11-18 06:44 - 2017-11-18 06:44 - 000710920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 000685056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 000677280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-11-18 06:44 - 2017-11-18 06:44 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 000654848 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-11-18 06:44 - 2017-11-18 06:44 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 000618496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 000612760 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 000610712 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 000603920 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2017-11-18 06:44 - 2017-11-18 06:44 - 000599040 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 000597160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 000591872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 000566272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 000559512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-11-18 06:44 - 2017-11-18 06:44 - 000555416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-11-18 06:44 - 2017-11-18 06:44 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2017-11-18 06:44 - 2017-11-18 06:44 - 000506256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 000487424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 000479912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 000478208 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 000465408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 000464416 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 000442880 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 000436120 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 000428952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2017-11-18 06:44 - 2017-11-18 06:44 - 000418712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 000374032 _____ (Microsoft Corporation) C:\WINDOWS\system32\vac.exe
2017-11-18 06:44 - 2017-11-18 06:44 - 000373656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-11-18 06:44 - 2017-11-18 06:44 - 000372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 000362176 _____ (Microsoft Corporation) C:\WINDOWS\system32\BioIso.exe
2017-11-18 06:44 - 2017-11-18 06:44 - 000354200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 000353688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 000328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-11-18 06:44 - 2017-11-18 06:44 - 000269696 _____ C:\WINDOWS\system32\FaceProcessorCore.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 000246168 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 000232344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-11-18 06:44 - 2017-11-18 06:44 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 000187288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-11-18 06:44 - 2017-11-18 06:44 - 000184984 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 000147864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-11-18 06:44 - 2017-11-18 06:44 - 000139672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-11-18 06:44 - 2017-11-18 06:44 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2017-11-18 06:44 - 2017-11-18 06:44 - 000123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2017-11-18 06:44 - 2017-11-18 06:44 - 000097792 _____ C:\WINDOWS\system32\runexehelper.exe
2017-11-18 06:44 - 2017-11-18 06:44 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 000086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthmodem.sys
2017-11-18 06:44 - 2017-11-18 06:44 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CapabilityAccessManagerClient.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 000060824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\urscx01000.sys
2017-11-18 06:44 - 2017-11-18 06:44 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2017-11-18 06:44 - 2017-11-18 06:44 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdrleakdiag.exe
2017-11-18 06:44 - 2017-11-18 06:44 - 000045464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2017-11-18 06:44 - 2017-11-18 06:44 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdrleakdiag.exe
2017-11-18 06:44 - 2017-11-18 06:44 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-11-18 06:44 - 2017-11-18 06:44 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcVSp1res.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcVSp1res.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-11-18 06:44 - 2017-11-18 06:44 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-11-18 06:35 - 2017-11-18 06:35 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-11-18 06:35 - 2017-11-18 06:35 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2017-11-18 06:35 - 2017-11-18 06:35 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-11-18 06:35 - 2017-11-18 06:35 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-11-18 06:35 - 2017-11-18 06:35 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2017-11-18 06:35 - 2017-11-18 06:35 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-11-18 06:35 - 2017-11-18 06:35 - 000000000 ____D C:\Program Files\Reference Assemblies
2017-11-18 06:35 - 2017-11-18 06:35 - 000000000 ____D C:\Program Files\MSBuild
2017-11-18 06:35 - 2017-11-18 06:35 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-11-18 06:35 - 2017-11-18 06:35 - 000000000 ____D C:\Program Files (x86)\MSBuild
2017-11-18 06:25 - 2017-11-18 06:25 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2017-11-17 22:43 - 2017-11-18 18:44 - 000000000 ___DC C:\WINDOWS\Panther
2017-11-17 22:37 - 2017-11-17 22:37 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2017-11-15 13:40 - 2017-11-19 15:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-11-14 17:35 - 2017-11-15 20:17 - 000011071 _____ C:\Users\Earthwhile\Desktop\hucklebery costings.xlsx
2017-11-13 23:26 - 2017-11-13 23:26 - 000051016 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-11-13 23:26 - 2017-11-13 23:26 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-11-13 23:26 - 2017-11-13 23:26 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-11-13 23:26 - 2017-11-13 23:26 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-11-13 20:21 - 2017-11-21 16:53 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-11-13 20:21 - 2017-11-19 15:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-11-13 20:21 - 2017-11-13 20:21 - 000000000 ____D C:\ProgramData\MB3CoreBackup
2017-11-12 22:25 - 2017-11-12 22:25 - 004268200 _____ (Intel® Corporation) C:\WINDOWS\system32\wlihvui.dll
2017-11-12 22:25 - 2017-11-12 22:25 - 002604200 _____ (Intel® Corporation) C:\WINDOWS\system32\iwmssvc.dll
2017-11-11 02:32 - 2017-11-13 17:57 - 020116201 _____ C:\Users\Earthwhile\Downloads\SABnzbd-2.3.1-win-setup.exe
2017-11-07 21:18 - 2017-11-07 21:18 - 000000000 ____D C:\Users\Earthwhile\AppData\Local\Tempzxpsigncb387094024ab827
2017-11-07 21:10 - 2017-11-07 21:10 - 000000000 ____D C:\Users\Earthwhile\AppData\Local\Tempzxpsign9b857a916002933d
2017-11-07 21:10 - 2017-11-07 21:10 - 000000000 ____D C:\Users\Earthwhile\AppData\Local\Tempzxpsign80445543a7ce76dc
2017-11-07 21:10 - 2017-11-07 21:10 - 000000000 ____D C:\Users\Earthwhile\AppData\Local\Tempzxpsign28421622002e8782
2017-10-29 22:06 - 2017-10-29 22:06 - 013334260 _____ C:\WINDOWS\system32\Drivers\Netwfw04.dat
2017-10-29 22:06 - 2017-10-29 22:06 - 007638536 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\Netwtw04.sys
2017-10-29 18:39 - 2017-10-29 18:39 - 000000000 ____D C:\Users\Default\AppData\Local\Google
2017-10-29 18:39 - 2017-10-29 18:39 - 000000000 ____D C:\Users\Default User\AppData\Local\Google
2017-10-28 19:34 - 2017-10-28 19:34 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2017-10-28 19:34 - 2017-10-28 19:34 - 000000000 ____D C:\Program Files\Hewlett-Packard
2017-10-28 19:34 - 2017-10-28 19:34 - 000000000 _____ C:\WINDOWS\HPMProp.INI
2017-10-28 19:33 - 2017-08-23 11:26 - 000556784 _____ (HP Inc.) C:\WINDOWS\SysWOW64\hpcdmc32.dll
2017-10-28 19:33 - 2017-08-23 11:26 - 000204016 _____ (HP Inc.) C:\WINDOWS\system32\hpmtp210.dll
2017-10-28 19:33 - 2017-08-23 11:25 - 000529136 _____ (HP Inc.) C:\WINDOWS\system32\hpcpn210.dll
2017-10-28 19:33 - 2017-08-23 11:25 - 000494320 _____ (HP Inc.) C:\WINDOWS\SysWOW64\hpcc3210.dll
2017-10-28 19:33 - 2017-08-23 11:25 - 000265128 _____ (HP Inc.) C:\WINDOWS\system32\hpmml210.dll
2017-10-28 19:33 - 2017-08-23 11:25 - 000242088 _____ (HP Inc.) C:\WINDOWS\system32\hpmja210.dll
2017-10-28 19:33 - 2017-08-23 11:25 - 000229616 _____ (HP Inc.) C:\WINDOWS\system32\hpmpm081.dll
2017-10-28 19:33 - 2017-08-23 11:25 - 000178416 _____ (HP Inc.) C:\WINDOWS\system32\hpcjpm.dll
2017-10-28 19:33 - 2017-08-23 11:25 - 000127728 _____ (HP Inc.) C:\WINDOWS\system32\hpmpw081.dll
2017-10-28 19:33 - 2017-08-23 11:24 - 000310696 _____ (HP Inc.) C:\WINDOWS\system32\hpmlm190.dll
2017-10-28 19:33 - 2017-08-23 11:24 - 000195312 _____ (Hewlett-Packard) C:\WINDOWS\system32\hppdcompio.dll
2017-10-28 19:33 - 2017-08-23 11:24 - 000169200 _____ (Hewlett-Packard) C:\WINDOWS\SysWOW64\hppccompio.dll
2017-10-28 19:33 - 2017-08-23 11:24 - 000061352 _____ (Hewlett-Packard) C:\WINDOWS\system32\FxCompChannel_x64.dll
2017-10-28 19:07 - 2017-10-28 19:08 - 018600800 _____ C:\Users\Earthwhile\Downloads\hp printer 40 50 upd-pcl6-x64-6.5.0.22695.exe
2017-10-28 07:40 - 2017-11-23 21:33 - 000000000 ____D C:\FRST
2017-10-28 07:40 - 2017-10-28 07:41 - 000112064 _____ C:\Users\Earthwhile\Downloads\FRST.txt
2017-10-28 07:40 - 2017-10-28 07:41 - 000043407 _____ C:\Users\Earthwhile\Downloads\Addition.txt
2017-10-28 07:36 - 2017-10-28 07:36 - 002403328 _____ (Farbar) C:\Users\Earthwhile\Downloads\FRST64.exe
2017-10-28 07:31 - 2017-10-28 07:39 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-10-28 07:31 - 2017-10-28 07:31 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\3155F261.sys
2017-10-28 07:30 - 2017-10-28 07:30 - 000000000 ____D C:\Users\Earthwhile\Downloads\mbar rootkit
2017-10-28 07:25 - 2017-10-28 07:30 - 017583333 _____ C:\Users\Earthwhile\Downloads\mbar-1.10.3.1001.zip
2017-10-27 21:46 - 2017-10-27 21:46 - 000000000 ____D C:\Users\Earthwhile\AppData\Local\Tempzxpsignf80356f7abb1e033
2017-10-27 21:45 - 2017-10-27 21:45 - 000000000 ____D C:\Users\Earthwhile\AppData\Local\Tempzxpsign895889c56fcdc74a
2017-10-27 21:44 - 2017-10-27 21:44 - 000000000 ____D C:\Users\Earthwhile\AppData\Local\Tempzxpsigne0f9807534a93f55
2017-10-27 21:44 - 2017-10-27 21:44 - 000000000 ____D C:\Users\Earthwhile\AppData\Local\Tempzxpsign9b97b773e5553bc4
2017-10-27 21:44 - 2017-10-27 21:44 - 000000000 ____D C:\Users\Earthwhile\AppData\Local\Tempzxpsign38e0592c3f30040a
2017-10-27 21:44 - 2017-10-27 21:44 - 000000000 ____D C:\Users\Earthwhile\AppData\Local\Tempzxpsign31938385a98fe660
2017-10-27 19:00 - 2017-10-27 18:14 - 011584088 _____ (SurfRight B.V.) C:\Users\Earthwhile\Desktop\HitmanPro_x64.exe
2017-10-27 18:35 - 2017-10-27 18:35 - 000001682 _____ C:\WINDOWS\system32\.crusader
2017-10-27 18:19 - 2017-10-27 19:12 - 000000000 ____D C:\ProgramData\HitmanPro
2017-10-27 17:48 - 2017-10-28 07:08 - 000000000 ____D C:\AdwCleaner
2017-10-27 17:45 - 2017-10-27 17:46 - 008250832 _____ (Malwarebytes) C:\Users\Earthwhile\Desktop\adwcleaner_7.0.3.1.exe
2017-10-27 17:37 - 2017-10-27 17:39 - 001423671 _____ C:\Users\Earthwhile\Downloads\adwcleaner_7.0.3.1.exe.part
2017-10-24 21:17 - 2017-10-24 21:17 - 000811358 _____ C:\Users\Earthwhile\Downloads\noscript-5.1.3.xpi

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-23 20:45 - 2017-09-30 02:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2017-11-23 20:44 - 2017-09-30 02:46 - 000000000 ___HD C:\Program Files\WindowsApps
2017-11-23 20:44 - 2017-09-30 02:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-11-23 20:42 - 2017-10-10 17:16 - 000000000 ____D C:\Users\Earthwhile\AppData\Local\Adobe
2017-11-23 20:39 - 2017-10-01 06:52 - 000000206 _____ C:\Users\Earthwhile\AppData\Roaming\sp_data.sys
2017-11-22 18:05 - 2017-09-13 04:44 - 000000000 ____D C:\Users\Earthwhile\Downloads\incomplete
2017-11-21 22:13 - 2017-10-10 16:45 - 000000000 ____D C:\Users\Earthwhile\AppData\Roaming\uTorrent
2017-11-21 16:54 - 2017-08-31 14:40 - 000000000 ____D C:\Users\Earthwhile\AppData\LocalLow\Mozilla
2017-11-21 16:53 - 2017-10-05 09:15 - 000000000 ____D C:\ProgramData\Package Cache
2017-11-21 16:53 - 2017-09-29 21:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2017-11-21 16:53 - 2016-08-31 09:53 - 000000000 __SHD C:\Users\Earthwhile\IntelGraphicsProfiles
2017-11-21 16:52 - 2017-10-05 09:15 - 000000000 ____D C:\ProgramData\Intel
2017-11-21 16:52 - 2017-09-30 19:46 - 000000000 ____D C:\Program Files (x86)\Intel
2017-11-21 16:51 - 2017-09-30 02:44 - 000000000 ____D C:\WINDOWS\INF
2017-11-21 16:50 - 2017-10-05 20:51 - 000000000 ____D C:\Users\Earthwhile\Downloads\driver
2017-11-21 16:50 - 2017-09-30 19:46 - 000000000 ____D C:\Program Files\Intel
2017-11-21 15:57 - 2017-09-09 19:13 - 000000000 ____D C:\Users\Earthwhile\Desktop\delete
2017-11-19 21:43 - 2017-09-30 22:22 - 000000000 ____D C:\Users\Earthwhile\AppData\Roaming\vlc
2017-11-19 20:50 - 2017-09-30 02:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-11-19 20:49 - 2017-09-30 02:46 - 000000000 ____D C:\WINDOWS\appcompat
2017-11-19 15:36 - 2017-09-30 02:46 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-11-19 15:35 - 2017-10-10 17:16 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-11-19 15:35 - 2017-10-05 21:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver and Support Assistant
2017-11-19 15:35 - 2017-10-05 09:16 - 000000000 ___HD C:\WINDOWS\system32\WLANProfiles
2017-11-19 15:35 - 2017-10-02 18:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2017-11-19 15:35 - 2017-10-01 20:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2017-11-19 15:35 - 2017-10-01 16:39 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-11-19 15:35 - 2017-10-01 06:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2017-11-19 15:35 - 2017-09-30 22:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2017-11-19 15:35 - 2017-09-30 21:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-11-19 15:35 - 2017-09-30 21:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RocketDock
2017-11-19 15:35 - 2017-09-30 21:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2017-11-19 15:35 - 2017-09-30 20:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2017-11-19 15:35 - 2017-09-30 02:49 - 000000000 ____D C:\WINDOWS\Setup
2017-11-19 15:35 - 2017-09-30 02:46 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-11-19 15:35 - 2017-09-30 02:46 - 000000000 ____D C:\WINDOWS\system32\spool
2017-11-19 15:35 - 2017-09-30 02:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-11-19 15:35 - 2017-09-30 02:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-11-19 15:35 - 2017-09-30 02:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-11-18 19:54 - 2017-09-30 02:46 - 000000000 ___RD C:\WINDOWS\PrintDialog
2017-11-18 19:40 - 2017-09-30 20:05 - 000002380 _____ C:\Users\Earthwhile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-11-18 19:40 - 2016-08-31 09:55 - 000000000 ___RD C:\Users\Earthwhile\OneDrive
2017-11-18 19:38 - 2017-09-30 20:03 - 000000000 ____D C:\Users\Earthwhile\AppData\Local\TileDataLayer
2017-11-18 19:38 - 2016-08-31 09:08 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-11-18 18:44 - 2017-09-30 02:46 - 000000000 ____D C:\ProgramData\USOPrivate
2017-11-18 18:43 - 2017-09-30 20:43 - 000002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-11-18 18:42 - 2017-10-02 18:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtek
2017-11-18 18:42 - 2017-09-30 02:46 - 000000000 ____D C:\WINDOWS\Registration
2017-11-18 18:40 - 2017-09-13 12:09 - 000000000 ____D C:\Users\Earthwhile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SABnzbd
2017-11-18 18:40 - 2017-09-02 01:23 - 000000000 ____D C:\Users\Earthwhile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-11-18 18:39 - 2017-09-30 02:46 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-11-18 18:38 - 2017-09-29 21:45 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2017-11-18 18:37 - 2017-10-18 14:21 - 000018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2017-11-18 18:37 - 2017-09-30 19:46 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-11-18 18:37 - 2017-09-30 19:46 - 000000000 ____D C:\WINDOWS\system32\DAX2
2017-11-18 18:37 - 2017-09-30 19:46 - 000000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2017-11-18 18:22 - 2017-09-30 02:46 - 000000000 __RHD C:\Users\Public\Libraries
2017-11-18 18:16 - 2017-10-18 13:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2017-11-18 18:16 - 2017-10-01 06:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICEpower
2017-11-18 18:16 - 2017-09-30 20:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2017-11-18 18:16 - 2017-09-30 19:46 - 000000000 ____D C:\Program Files\Realtek
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\system32\te-IN
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\system32\ta-IN
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\system32\si-LK
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\system32\or-IN
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\system32\km-KH
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\system32\is-IS
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\system32\id-ID
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\system32\be-BY
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\system32\as-IN
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\system32\am-ET
2017-11-18 06:46 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2017-11-18 06:46 - 2017-09-30 02:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-11-18 06:46 - 2017-09-30 02:46 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-11-18 06:46 - 2017-09-30 02:46 - 000000000 ____D C:\WINDOWS\TextInput
2017-11-18 06:46 - 2017-09-30 02:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-11-18 06:46 - 2017-09-30 02:46 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-11-18 06:46 - 2017-09-30 02:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-11-18 06:46 - 2017-09-29 21:45 - 000000000 ____D C:\WINDOWS\system32\Dism
2017-11-18 06:36 - 2017-09-30 02:46 - 000000000 ____D C:\WINDOWS\system32\en-GB
2017-11-18 06:33 - 2017-09-30 03:41 - 000000000 ____D C:\WINDOWS\OCR
2017-11-17 22:37 - 2017-09-30 21:05 - 000000000 ____D C:\Program Files\Microsoft Office
2017-11-16 20:50 - 2017-09-30 20:28 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-11-16 20:50 - 2017-09-30 20:28 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-11-16 13:28 - 2017-10-08 18:19 - 000000000 ____D C:\Users\Earthwhile\AppData\Local\ElevatedDiagnostics
2017-11-16 13:15 - 2017-09-30 20:28 - 000001007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-11-16 13:15 - 2017-09-30 20:28 - 000000000 ____D C:\Users\Earthwhile\AppData\Roaming\Mozilla
2017-11-15 13:40 - 2017-10-01 20:10 - 000000000 ____D C:\Program Files (x86)\Dropbox
2017-11-13 20:00 - 2017-09-30 21:50 - 000000000 ____D C:\Program Files\SABnzbd
2017-11-13 06:08 - 2017-09-30 20:03 - 000000000 ____D C:\Users\Earthwhile\AppData\Roaming\Adobe
2017-11-10 21:25 - 2017-09-30 21:33 - 000000000 ____D C:\Users\Earthwhile\AppData\Roaming\TeamViewer
2017-11-09 22:29 - 2017-10-05 21:37 - 000000000 ____D C:\Program Files (x86)\Intel Driver and Support Assistant
2017-11-04 18:42 - 2017-09-30 21:32 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2017-11-04 14:25 - 2017-09-30 02:49 - 000835568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-11-04 14:25 - 2017-09-30 02:49 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-11-01 08:54 - 2017-10-04 07:08 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-10-28 07:32 - 2017-10-04 07:08 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-10-27 21:08 - 2017-09-30 21:18 - 000000000 ____D C:\ProgramData\Foxit Software
2017-10-27 18:35 - 2017-09-30 20:10 - 000000000 ____D C:\Program Files\KMSpico
2017-10-27 17:50 - 2017-10-10 16:47 - 000000000 ____D C:\Users\Earthwhile\AppData\Roaming\Lavasoft
2017-10-27 17:50 - 2017-10-10 16:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2017-10-27 17:50 - 2017-10-10 16:47 - 000000000 ____D C:\Program Files (x86)\Lavasoft
2017-10-27 17:50 - 2017-10-10 16:46 - 000000000 ____D C:\ProgramData\Lavasoft

==================== Files in the root of some directories =======

2017-10-01 06:52 - 2017-11-23 20:39 - 000000206 _____ () C:\Users\Earthwhile\AppData\Roaming\sp_data.sys
2017-10-02 19:09 - 2017-10-02 19:09 - 000003584 _____ () C:\Users\Earthwhile\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-11-18 18:36

==================== End of FRST.txt ============================

 

Addition:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-11-2017
Ran by Earthwhile (23-11-2017 21:33:33)
Running from C:\Users\Earthwhile\Desktop
Windows 10 Pro Version 1709 16299.64 (X64) (2017-11-18 05:44:40)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1091263799-938790483-100364564-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1091263799-938790483-100364564-503 - Limited - Disabled)
Earthwhile (S-1-5-21-1091263799-938790483-100364564-1001 - Administrator - Enabled) => C:\Users\Earthwhile
Guest (S-1-5-21-1091263799-938790483-100364564-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1091263799-938790483-100364564-1003 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-1091263799-938790483-100364564-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Smart Security Premium (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Smart Security Premium (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

. . (HKLM\...\{8FD6FE5A-E1E1-47F3-BBE6-FE2B1364DCB8}) (Version: 7.1 - Intel) Hidden
. . . (HKLM-x32\...\{2394186A-5445-4293-B739-352009350342}) (Version: 3.0.0.9 - Intel) Hidden
µTorrent (HKU\S-1-5-21-1091263799-938790483-100364564-1001\...\uTorrent) (Version: 3.5.0.44090 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (HKLM\...\{13DA9C7C-EBFB-40D0-94A1-55B42883DF21}) (Version: 21.2.1 - HP Inc.) Hidden
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.20 - Adobe Systems)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.0.327 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_0) (Version: 18.0.0 - Adobe Systems Incorporated)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.4.3 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.15.0003 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.7 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0050 - ASUS)
AudioWizard (HKLM-x32\...\{57E770A2-2BAF-4CAA-BAA3-BD896E2254D3}) (Version: 1.0.1.8 - ICEpower a/s)
Backup and Sync from Google (HKLM-x32\...\{604582EB-8259-4ED6-9B1B-6F2494D4B640}) (Version: 3.37.7411.4599 - Google, Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 39.4.49 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.65.1 - Dropbox, Inc.) Hidden
ESET Smart Security Premium (HKLM\...\{CB568622-B54D-4F68-9D68-0375CA200326}) (Version: 10.1.219.0 - ESET, spol. s r.o.)
f.lux (HKU\S-1-5-21-1091263799-938790483-100364564-1001\...\Flux) (Version:  - f.lux Software LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{ECF2E224-42F5-4E50-B58E-94CA70E85697}) (Version: 7.3.0.3832 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Intel® Wireless Bluetooth® (HKLM-x32\...\{00000080-0190-1033-84C8-B8D95FA3C8C3}) (Version: 19.80.0 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{01f3f6b8-1a81-4b10-b51f-f69af12e1d69}) (Version: 3.0.0.9 - Intel)
Intel® PROSet/Wireless Software (HKLM-x32\...\{6da487a6-c50d-494e-aaa0-6d8ce9c37ef3}) (Version: 20.10.2 - Intel Corporation)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version:  - )
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.8625.2127 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1091263799-938790483-100364564-1001\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Mozilla Firefox 57.0 (x64 en-GB) (HKLM\...\Mozilla Firefox 57.0 (x64 en-GB)) (Version: 57.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 56.0 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2127 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.8326.2076 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7831 - Realtek Semiconductor Corp.)
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version:  - Punk Software)
SABnzbd 2.3.1 (HKLM-x32\...\SABnzbd) (Version: 2.3.1 - The SABnzbd Team)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.83369 - TeamViewer)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.1.0 - ASUS)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1091263799-938790483-100364564-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-01] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-01] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-11-01] (Google)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] ()
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] ()
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ContextMenuHandlers1: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-11-12] (ESET)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-01] (Google)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-12] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-12] (Alexander Roshal)
ContextMenuHandlers2: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-11-12] (ESET)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-11-01] (Google)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.19.0.dll [2017-11-13] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxDTCM.dll [2016-11-30] (Intel Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-06-10] ()
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat Elements\ContextMenuShim64.dll [2012-09-23] (Adobe Systems Inc.)
ContextMenuHandlers6: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-11-12] (ESET)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-12] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-12] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {097C30CA-8561-4C30-BDBE-7597F4198B2C} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-10-01] ()
Task: {09825B1F-B4BB-4D8F-AE63-F127CA81445B} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {1744CFFA-5B0C-44C2-921F-A94C6E688554} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {2FDB6742-4269-4926-B636-7451C36392EB} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2016-02-23] (ASUSTek Computer Inc.)
Task: {3735075D-3D0C-4B08-A5FD-F21E59685A64} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-05-27] (Realtek Semiconductor)
Task: {37DA60E8-0661-4EF4-9601-C93890E9C7A6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-11-17] (Microsoft Corporation)
Task: {398EC12C-1F22-4CB1-ACDF-2A2D215DE084} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2016-05-27] (Realtek Semiconductor)
Task: {3DFBD9B9-425B-4D5A-868E-C556CED00874} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe
Task: {4ACBA890-928A-4344-B648-436F1D0A1729} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\task.vbs"
Task: {647E1269-B031-4C3A-8AB2-3BFF2DDC2038} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-11-02] (Microsoft Corporation)
Task: {710B70D9-F17A-491B-8CA6-24B6CB601900} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-10-01] (Dropbox, Inc.)
Task: {9754ACB9-69B5-46B1-865F-76B74802D642} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {AC6EE79B-0940-4685-A6E8-19996614F178} - System32\Tasks\AdobeAAMUpdater-1.0-ERFWYL-Earthwhile => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {AD58B13C-FF57-405E-B7E9-88922E52A3F3} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-10-01] ()
Task: {B038B54B-6E0A-4678-89DC-77FED7060C54} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-09-22] (ASUSTek Computer Inc.)
Task: {B245A6E8-C496-4722-ABB7-21D673D3B51B} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2016-02-23] (ASUS)
Task: {B90EFDE7-C461-4E18-B9CF-96DCA31860FF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-09-30] (Google Inc.)
Task: {D2863E3C-2A53-42B4-AA47-C5F1983C50BF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-11-17] (Microsoft Corporation)
Task: {DBE55EAC-49F5-4573-B38B-08294D90D7DE} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-09-22] (ASUSTek Computer Inc.)
Task: {E539B2C6-39C6-4AEF-8A74-453CE293986A} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {F57D0BFE-075A-40A0-9C1D-AF29D9885455} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-10-01] (Dropbox, Inc.)
Task: {F7FB3047-6A96-4291-8444-73E31E38E2E9} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-11-02] (Microsoft Corporation)
Task: {FEE8AA52-49EE-4344-A14B-724695186765} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-09-30] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-09-30 02:41 - 2017-09-30 02:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-07 19:04 - 2017-03-07 19:04 - 000157456 _____ () C:\Program Files\Intel Driver and Support Assistant\SUR\SurSvc.exe
2017-10-04 07:08 - 2017-11-01 08:55 - 002299344 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2016-06-10 01:41 - 2016-06-10 01:41 - 000491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2017-09-30 21:08 - 2017-11-10 21:03 - 008931496 _____ () C:\Program Files\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2017-09-30 02:42 - 2017-09-30 03:42 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-09-30 02:42 - 2017-09-30 03:42 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-11-12 20:24 - 2017-11-12 20:25 - 000087552 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-11-12 20:24 - 2017-11-12 20:25 - 000206336 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-11-12 20:24 - 2017-11-12 20:25 - 025461760 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-11-07 21:06 - 2017-11-07 21:07 - 002552832 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\skypert.dll
2017-11-12 20:24 - 2017-11-12 20:25 - 000685056 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2017-09-30 21:29 - 2007-09-02 13:58 - 000495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe
2017-09-30 20:13 - 2017-09-30 20:15 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11710.1001.27.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-11-13 20:00 - 2017-11-13 20:00 - 000050688 _____ () C:\Program Files\SABnzbd\lib\_socket.pyd
2017-11-13 20:00 - 2017-11-13 20:00 - 002101760 _____ () C:\Program Files\SABnzbd\lib\_ssl.pyd
2017-11-13 20:00 - 2017-11-13 20:00 - 000092672 _____ () C:\Program Files\SABnzbd\lib\bz2.pyd
2017-11-13 20:00 - 2017-11-13 20:00 - 001483264 _____ () C:\Program Files\SABnzbd\lib\_hashlib.pyd
2017-11-13 20:00 - 2017-11-13 20:00 - 000129024 _____ () C:\Program Files\SABnzbd\lib\win32api.pyd
2017-11-13 20:00 - 2017-11-13 20:00 - 000136704 _____ () C:\Program Files\SABnzbd\lib\pywintypes27.dll
2017-11-13 20:00 - 2017-11-13 20:00 - 000547328 _____ () C:\Program Files\SABnzbd\lib\pythoncom27.dll
2017-11-13 20:00 - 2017-11-13 20:00 - 000120832 _____ () C:\Program Files\SABnzbd\lib\_ctypes.pyd
2017-11-13 20:00 - 2017-11-13 20:00 - 000011776 _____ () C:\Program Files\SABnzbd\lib\select.pyd
2017-11-13 20:00 - 2017-11-13 20:00 - 000022016 _____ () C:\Program Files\SABnzbd\lib\win32event.pyd
2017-11-13 20:00 - 2017-11-13 20:00 - 000052736 _____ () C:\Program Files\SABnzbd\lib\win32service.pyd
2017-11-13 20:00 - 2017-11-13 20:00 - 000064000 _____ () C:\Program Files\SABnzbd\lib\_sqlite3.pyd
2017-11-13 20:00 - 2017-11-13 20:00 - 000785408 _____ () C:\Program Files\SABnzbd\lib\sqlite3.dll
2017-11-13 20:00 - 2017-11-13 20:00 - 000692224 _____ () C:\Program Files\SABnzbd\lib\unicodedata.pyd
2017-11-13 20:00 - 2017-11-13 20:00 - 000008192 _____ () C:\Program Files\SABnzbd\lib\cryptography.hazmat.bindings._constant_time.pyd
2017-11-13 20:00 - 2017-11-13 20:00 - 000164864 _____ () C:\Program Files\SABnzbd\lib\_cffi_backend.pyd
2017-11-13 20:00 - 2017-11-13 20:00 - 002779648 _____ () C:\Program Files\SABnzbd\lib\cryptography.hazmat.bindings._openssl.pyd
2017-11-13 20:00 - 2017-11-13 20:00 - 000012288 _____ () C:\Program Files\SABnzbd\lib\sabyenc.pyd
2017-11-13 20:00 - 2017-11-13 20:00 - 000044032 _____ () C:\Program Files\SABnzbd\lib\win32process.pyd
2017-11-13 20:00 - 2017-11-13 20:00 - 000017920 _____ () C:\Program Files\SABnzbd\lib\_subprocessww.pyd
2017-11-13 20:00 - 2017-11-13 20:00 - 000013824 _____ () C:\Program Files\SABnzbd\lib\Cheetah._namemapper.pyd
2017-11-13 20:00 - 2017-11-13 20:00 - 000186368 _____ () C:\Program Files\SABnzbd\lib\pyexpat.pyd
2017-11-13 20:00 - 2017-11-13 20:00 - 000135168 _____ () C:\Program Files\SABnzbd\lib\win32security.pyd
2017-11-13 20:00 - 2017-11-13 20:00 - 000148480 _____ () C:\Program Files\SABnzbd\lib\win32file.pyd
2017-11-13 20:00 - 2017-11-13 20:00 - 000034816 _____ () C:\Program Files\SABnzbd\lib\_multiprocessing.pyd
2017-11-13 20:00 - 2017-11-13 20:00 - 000062976 _____ () C:\Program Files\SABnzbd\lib\win32evtlog.pyd
2017-11-13 20:00 - 2017-11-13 20:00 - 000031232 _____ () C:\Program Files\SABnzbd\lib\servicemanager.pyd
2017-11-13 20:00 - 2017-11-13 20:00 - 000222720 _____ () C:\Program Files\SABnzbd\lib\win32gui.pyd
2017-11-13 20:00 - 2017-11-13 20:00 - 000009728 _____ () C:\Program Files\SABnzbd\lib\timer.pyd
2017-11-13 20:00 - 2017-11-13 20:00 - 000392192 _____ () C:\Program Files\SABnzbd\lib\winxpgui.pyd
2017-09-30 21:29 - 2007-09-02 13:57 - 000069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll
2016-02-23 18:56 - 2016-02-23 18:56 - 000027648 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2016-02-23 18:56 - 2016-02-23 18:56 - 000124928 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2016-02-23 18:56 - 2016-02-23 18:56 - 000029184 _____ () C:\Program Files (x86)\ASUS\Splendid\VideoEnhance.dll
2017-09-30 21:08 - 2017-11-10 21:03 - 008930992 _____ () C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1091263799-938790483-100364564-1001\...\localhost -> localhost

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-10-01 16:39 - 2017-10-01 16:38 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1091263799-938790483-100364564-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Earthwhile\Pictures\China\Canon\IMG_0998.JPG
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "EvtMgr6"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "DSATray"
HKU\S-1-5-21-1091263799-938790483-100364564-1001\...\StartupApproved\Run: => "GoogleDriveSync"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B290F102-B349-4466-94DA-59C90016AFCD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{551372AF-E1A3-40BC-86C6-ADAD494CF3C1}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{D5A516FE-E3CA-4ED1-A740-DC9459BB9B62}] => (Allow) C:\Program Files\SABnzbd\SABnzbd.exe
FirewallRules: [{F62ADC83-F5F2-450E-B84A-176C831DD663}] => (Allow) C:\Users\Earthwhile\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5795F8D7-3B57-48F6-8B9B-9395C76BFDE8}] => (Allow) C:\Users\Earthwhile\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C5A85C18-9C17-48FD-8F31-37AAD3F628CA}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{55E5487A-1F0D-43B7-815B-69F0EF56F0C1}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{744D0645-674D-4EED-97C0-9D2B8A41B68B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{B1161E3F-A127-411B-8677-0C2EB8A0023E}] => (Allow) C:\Program Files\SABnzbd\SABnzbd.exe
FirewallRules: [{FB0C1F92-DE76-4A95-BDF2-942900E2BF81}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{BC7547F3-F878-4A50-BAC4-E2ADBA5FC47D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{824DAB1A-E43D-4158-B132-FAD33F49773D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{BA395B3A-F883-49B0-B8E5-21919AD99A3F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{5F7CD71D-6F09-4DD4-AF6B-1722C002150E}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{2F89E315-141E-4BF8-9003-5C3845B7B4D9}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{D2B84DEB-4751-44B0-B084-237D64EE1DB2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{482F788E-3013-4F52-8A61-58C826575D72}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{6C728EF7-2B0D-4606-855D-41E1B4D85D8F}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

==================== Restore Points =========================

19-11-2017 20:50:08 Windows Update
21-11-2017 16:50:32 Intel® PROSet/Wireless Software

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/21/2017 04:53:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 10.0.16299.64, time stamp: 0x71a5988e
Faulting module name: ntdll.dll, version: 10.0.16299.64, time stamp: 0x493793ea
Exception code: 0xc0000005
Fault offset: 0x00000000000a38ad
Faulting process id: 0xe7c
Faulting application start time: 0x01d361c3faabf7e6
Faulting application path: C:\WINDOWS\system32\AUDIODG.EXE
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 3a15f2f9-ac3e-43d0-931e-c04c6d97a1f7
Faulting package full name:
Faulting package-relative application ID:

Error: (11/21/2017 04:52:44 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0

Error: (11/21/2017 04:52:44 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0

Error: (11/21/2017 04:52:44 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0

Error: (11/18/2017 06:42:30 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider IntelWLANEventProvider attempted to register query "select * from CIntelQosEvent" whose target class "CIntelQosEvent" in //./root/DEFAULT namespace does not exist. The query will be ignored.

Error: (11/18/2017 06:42:30 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider IntelWLANEventProvider attempted to register query "select * from CIntelDot1xEvent" whose target class "CIntelDot1xEvent" in //./root/DEFAULT namespace does not exist. The query will be ignored.

Error: (11/18/2017 06:42:30 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider IntelWLANEventProvider attempted to register query "select * from CIntelWLANEvent" whose target class "CIntelWLANEvent" in //./root/DEFAULT namespace does not exist. The query will be ignored.

Error: (11/18/2017 06:42:30 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider  attempted to register query "select * from CIntelQosEvent" whose target class "CIntelQosEvent" in //./root/DEFAULT namespace does not exist. The query will be ignored.

Error: (11/18/2017 06:42:30 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider  attempted to register query "select * from CIntelDot1xEvent" whose target class "CIntelDot1xEvent" in //./root/DEFAULT namespace does not exist. The query will be ignored.

Error: (11/18/2017 06:42:30 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider  attempted to register query "select * from CIntelWLANEvent" whose target class "CIntelWLANEvent" in //./root/DEFAULT namespace does not exist. The query will be ignored.


System errors:
=============
Error: (11/23/2017 08:42:20 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/23/2017 08:39:23 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/22/2017 05:24:26 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/22/2017 05:21:27 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/21/2017 05:10:59 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/21/2017 04:53:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/21/2017 04:53:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/21/2017 04:53:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/21/2017 04:53:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (11/21/2017 04:53:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================
  Date: 2017-11-18 19:38:48.482
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eplgEdge.dll that did not meet the Store signing level requirements.

  Date: 2017-11-18 19:38:48.298
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eplgEdge.dll that did not meet the Store signing level requirements.

  Date: 2017-11-18 19:38:34.542
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eplgEdge.dll that did not meet the Store signing level requirements.

  Date: 2017-11-18 19:38:34.319
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eplgEdge.dll that did not meet the Store signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i7-6500U CPU @ 2.50GHz
Percentage of memory in use: 53%
Total physical RAM: 8088.23 MB
Available physical RAM: 3764.48 MB
Total Virtual: 10008.23 MB
Available Virtual: 4388.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:475.84 GB) (Free:138.69 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: B6A1F09F)

Partition: GPT.

==================== End of Addition.txt ============================

 

 

 

 

 


  • 0

Advertisements







Similar Topics


Also tagged with one or more of these keywords: virus, malware

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP