Jump to content

Can't install MAMB dnx fails on browsers


Recommended Posts

Trojan issues yesterday. Mostly gone (superanti, followed by adwclean and zoek) but on each reboot they reappear.

AdwCleaner names dnsapi in System32.

MBAM won't run (just says application error) or remove (Cannot Import dll:C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.dll) or load a new version 2.2.1.1043 (Could not call proc)

I run Avast, which also removes stuff, but everything reappears at reboot.

 

As suggested when I posted this on the wrong place  (sorry) I ran FRST.

FRST.txt reads:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-08-2016 01
Ran by Steve Williams (administrator) on KICKASSSW (16-08-2016 12:20:18)
Running from D:\Desktop
Loaded Profiles: Steve Williams (Available Profiles: Steve Williams)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSWinService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(ASUSTeK) C:\Program Files (x86)\ASUS\ROG Game First III\AsusGameFirstService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Gaming Center\vivokey.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Spotify Ltd) C:\Users\Steve Williams\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Windows\SysWOW64\UMonit64.exe
() C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
() C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(深圳市驱动人生软件技术有限公司) C:\Program Files (x86)\OSTotoSoft\DriverTalent\TrayTool.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(iSkySoft) C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(CyberLink) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSPanel.exe
() C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSService.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1605.1582.0_x64__8wekyb3d8bbwe\Calculator.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\EXCEL.EXE
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\epson\MyEpson Portal\mep.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3348712 2015-07-22] (ELAN Microelectronics Corp.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-27] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated)
HKLM\...\Run: [MMReminderService] => C:\Program Files\Mindjet\MindManager 16\MMReminderService.exe [124104 2015-10-08] (Mindjet)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-07-26] (Apple Inc.)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\ASUSWSLoader.exe [63296 2014-08-20] ()
HKLM-x32\...\Run: [ROGNB] => C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe [463872 2013-05-15] ()
HKLM-x32\...\Run: [ASUS ROG MacroKey] => C:\Program Files (x86)\ASUS\ASUS ROG MacroKey\Hid.exe [2036224 2014-07-30] (ASUS)
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498720 2016-06-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2292912 2015-09-17] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [71680 2015-11-23] ()
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9071752 2016-08-16] (AVAST Software)
HKLM-x32\...\Run: [DriverTalent] => C:\Program Files (x86)\OSTotoSoft\DriverTalent\DriverTalent.exe [3180200 2016-07-28] (OSToto Co., Ltd.)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [1667072 2012-02-28] (AimerSoft)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2131856 2016-06-20] (iSkySoft)
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\iSkysoft\Video Converter Ultimate\DelayPluginI.exe [1971872 2016-03-28] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM-x32\...\Run: [win_en_77] => "C:\Program Files (x86)\win_en_77\win_en_77.exe"
HKU\S-1-5-21-1510182464-20956567-2200914830-1001\...\Run: [Spotify Web Helper] => C:\Users\Steve Williams\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1525360 2016-04-19] (Spotify Ltd)
HKU\S-1-5-21-1510182464-20956567-2200914830-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-07-21] (SUPERAntiSpyware)
HKU\S-1-5-21-1510182464-20956567-2200914830-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3011152 2015-11-10] (Valve Corporation)
HKU\S-1-5-21-1510182464-20956567-2200914830-1001\...\Run: [Spotify] => C:\Users\Steve Williams\AppData\Roaming\Spotify\Spotify.exe [6855280 2016-04-19] (Spotify Ltd)
HKU\S-1-5-21-1510182464-20956567-2200914830-1001\...\Run: [GoogleChromeAutoLaunch_3C7425FEE2BD406F762A0393D391EE22] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [961352 2016-08-03] (Google Inc.)
HKU\S-1-5-21-1510182464-20956567-2200914830-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1400232 2016-07-31] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-1510182464-20956567-2200914830-1001\...\RunOnce: [Uninstall C:\Users\Steve Williams\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Steve Williams\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64"
HKU\S-1-5-21-1510182464-20956567-2200914830-1001\...\RunOnce: [Uninstall C:\Users\Steve Williams\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Steve Williams\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1"
HKU\S-1-5-21-1510182464-20956567-2200914830-1001\...\RunOnce: [Uninstall C:\Users\Steve Williams\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Steve Williams\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
HKU\S-1-5-21-1510182464-20956567-2200914830-1001\...\RunOnce: [Uninstall C:\Users\Steve Williams\AppData\Local\Microsoft\OneDrive\17.3.6281.1202] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Steve Williams\AppData\Local\Microsoft\OneDrive\17.3.6281.1202"
HKU\S-1-5-21-1510182464-20956567-2200914830-1001\...\RunOnce: [Uninstall C:\Users\Steve Williams\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Steve Williams\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-1510182464-20956567-2200914830-1001\...\RunOnce: [Uninstall C:\Users\Steve Williams\AppData\Local\Microsoft\OneDrive\17.3.6301.0127] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Steve Williams\AppData\Local\Microsoft\OneDrive\17.3.6301.0127"
HKU\S-1-5-21-1510182464-20956567-2200914830-1001\...\RunOnce: [Uninstall C:\Users\Steve Williams\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Steve Williams\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
HKU\S-1-5-21-1510182464-20956567-2200914830-1001\...\RunOnce: [Uninstall C:\Users\Steve Williams\AppData\Local\Microsoft\OneDrive\17.3.6302.0225] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Steve Williams\AppData\Local\Microsoft\OneDrive\17.3.6302.0225"
HKU\S-1-5-21-1510182464-20956567-2200914830-1001\...\RunOnce: [Uninstall C:\Users\Steve Williams\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Steve Williams\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64"
HKU\S-1-5-21-1510182464-20956567-2200914830-1001\...\RunOnce: [Uninstall C:\Users\Steve Williams\AppData\Local\Microsoft\OneDrive\17.3.6386.0412] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Steve Williams\AppData\Local\Microsoft\OneDrive\17.3.6386.0412"
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1400232 2016-07-31] (Garmin Ltd. or its subsidiaries)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-09-11] ()
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.11.399\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.11.399\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.11.399\ASUSWSShellExt64.dll [2013-06-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-08-16] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{4d54af11-a50c-4c2e-8319-3b3d7004e40e}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{60b4f4ce-7527-41d4-a31e-81ede120d60c}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{ec88f9dc-c4c9-44a6-9e1b-ea0bae047fec}: [DhcpNameServer] 192.168.1.254
ManualProxies: 

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1510182464-20956567-2200914830-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1510182464-20956567-2200914830-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-07-19] (Microsoft Corporation)
BHO: CmjBrowserHelperObject Object -> {6FE6A929-59D1-4763-91AD-29B61CFFB35B} -> C:\Program Files\Mindjet\MindManager 16\Mm8InternetExplorer.dll [2015-10-08] (Mindjet)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-06-15] (Oracle Corporation)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (Seiko Epson Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-06-14] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-15] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-07-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-08-10] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: iSkysoft iMedia Converter Deluxe 5.1.0 -> {AEAF002F-E6D8-4A21-ABD3-2B309B79A6CE} -> C:\ProgramData\iSkysoft\Video Converter Ultimate\WSBrowserAppMgr.dll [2016-03-28] (Wondershare)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-06-14] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-10] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2015-07-31] (Seiko Epson Corporation)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
Handler: WSISVCUchrome - {78A543EB-3A61-4ED3 -  No File

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-15] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-09-17] (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2013-12-18] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2013-12-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-10-23] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-10-23] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-10] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-07-21] ()
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-09-17] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1510182464-20956567-2200914830-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Steve Williams\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-19] (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-08-16]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-08-16]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2016-03-05] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2016-07-13]
FF HKLM-x32\...\Firefox\Extensions: [ISVCU@iSkysoft.com] - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com_xpi
FF Extension: iSkysoft iMedia Converter Deluxe - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com_xpi [2016-05-20]

Chrome: 
=======
CHR StartupUrls: Default -> "hxxps://www.google.co.uk/"
CHR DefaultSearchKeyword: Default -> google.co.uk
CHR Profile: C:\Users\Steve Williams\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (HD for YouTube™) - C:\Users\Steve Williams\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjbfncbadcmnkopckegnmjgihagponf [2016-04-19]
CHR Extension: (Google Docs) - C:\Users\Steve Williams\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-18]
CHR Extension: (Google Drive) - C:\Users\Steve Williams\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-18]
CHR Extension: (YouTube) - C:\Users\Steve Williams\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-18]
CHR Extension: (OneTab) - C:\Users\Steve Williams\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2016-06-13]
CHR Extension: (Black Menu for Google™) - C:\Users\Steve Williams\AppData\Local\Google\Chrome\User Data\Default\Extensions\eignhdfgaldabilaaegmdfbajngjmoke [2016-08-15]
CHR Extension: (Google Docs Offline) - C:\Users\Steve Williams\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-18]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Steve Williams\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2016-08-15]
CHR Extension: (Eye Dropper) - C:\Users\Steve Williams\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmdcmlfkchdmnmnmheododdhjedfccka [2016-08-15]
CHR Extension: (WhatFont) - C:\Users\Steve Williams\AppData\Local\Google\Chrome\User Data\Default\Extensions\jabopobgcpjmedljpbcaablpmlmfcogm [2016-06-17]
CHR Extension: (Grammarly for Chrome) - C:\Users\Steve Williams\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2016-08-15]
CHR Extension: (Skype) - C:\Users\Steve Williams\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-06-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Steve Williams\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-10]
CHR Extension: (Adblock Pro) - C:\Users\Steve Williams\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2016-05-16]
CHR Extension: (Gmail) - C:\Users\Steve Williams\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-18]
CHR Extension: (Chrome Media Router) - C:\Users\Steve Williams\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-09]
CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2016-06-23]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]
CHR HKLM-x32\...\Chrome\Extension: [npdicihegicnhaangkdmcgbjceoemeoo] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [669872 2015-09-15] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2159832 2016-08-12] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSWinService.exe [71168 2014-08-20] (ASUS Cloud Corporation) [File not signed]
R2 AsusGameFirstService; C:\Program Files (x86)\ASUS\ROG Game First III\AsusGameFirstService.exe [345912 2014-08-29] (ASUSTeK)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197640 2016-08-16] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [676336 2015-06-25] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2015-11-23] (Freemake) [File not signed]
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [809488 2016-07-31] (Garmin Ltd. or its subsidiaries)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155192 2015-08-27] (NVIDIA Corporation)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [121288 2014-05-09] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [827392 2013-09-02] (Intel(R) Corporation) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-10-23] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-10-23] (Intel Corporation)
R2 LDrvSvc; c:\program files (x86)\ostotosoft\drivertalent\LDrvSvc.dll [172200 2016-07-28] ()
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [239184 2014-02-15] ()
R2 MyEpson Portal Service; C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [703984 2014-09-22] (SEIKO EPSON CORPORATION)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-08-27] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544568 2015-08-27] (NVIDIA Corporation)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [614664 2014-10-20] (CyberLink)
S3 ThunderboltService; C:\Program Files\Intel\Thunderbolt Software\tbtsvc.exe [1179944 2014-05-13] (Intel Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-08-16] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-08-16] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-08-16] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-08-16] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-08-16] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [968536 2016-08-16] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513496 2016-08-16] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-08-16] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-08-16] (AVAST Software)
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [165376 2015-10-30] (Microsoft Corporation)
R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [36864 2015-10-30] (Microsoft Corporation)
S3 CT_QUALCOMM_U_drv; C:\Windows\system32\DRIVERS\CT_QUALCOMM_U_drv.sys [118016 2009-04-27] (QUALCOMM Incorporated) [File not signed]
S3 GeneStor; C:\Windows\System32\drivers\GeneStor.sys [107208 2014-01-17] (GenesysLogic)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [263952 2015-07-14] (Intel Corporation)
R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [77992 2014-08-04] (Intel Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-06] ( )
S3 libusb0; C:\Windows\system32\DRIVERS\libusb0.sys [52832 2014-06-17] (hxxp://libusb-win32.sourceforge.net)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-10-23] (Intel Corporation)
R3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3485696 2015-10-30] (Intel Corporation)
R1 NFC_Driver; C:\Windows\System32\drivers\NFC_Driver.sys [48336 2014-03-27] (Titan ARC Corp.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-08-27] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [887552 2015-07-02] (Realtek                                            )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 usbrndis6; C:\Windows\System32\drivers\usb80236.sys [23040 2015-10-30] (Microsoft Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 WsAudio_Device(1); C:\Windows\system32\drivers\VirtualAudio1.sys [31080 2013-01-25] (Wondershare)
R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-16 12:20 - 2016-08-16 12:20 - 00000000 ____D C:\FRST
2016-08-16 10:10 - 2016-08-16 10:10 - 00000000 ____D C:\Users\Steve Williams\AppData\Local\NetworkTiles
2016-08-16 09:48 - 2016-08-16 09:48 - 00000000 ____D C:\Users\Steve Williams\AppData\Local\ActiveSync
2016-08-16 08:42 - 2016-08-16 08:42 - 00001090 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone 1 Browser.lnk
2016-08-16 08:41 - 2016-08-16 08:41 - 00391496 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2016-08-16 08:41 - 2016-08-16 08:41 - 00053208 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2016-08-15 21:44 - 2016-08-15 21:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-08-15 21:43 - 2016-08-15 21:43 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-08-15 21:43 - 2016-08-15 21:43 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-08-15 18:50 - 2016-08-16 09:42 - 00000000 ____D C:\zoek_backup
2016-08-15 18:33 - 2016-08-15 18:33 - 00000000 ____D C:\WINDOWS\system32\gie
2016-08-15 18:07 - 2016-08-15 18:33 - 00000000 ____D C:\SUPERDelete
2016-08-15 17:24 - 2016-08-15 17:24 - 00187904 _____ C:\WINDOWS\rsrcs.dll
2016-08-15 17:21 - 2016-08-15 18:34 - 00000000 ____D C:\Program Files\Yhid
2016-08-15 17:21 - 2016-08-15 17:21 - 00000000 ____D C:\Users\Steve Williams\AppData\Local\Tempfolder
2016-08-10 22:15 - 2016-08-10 22:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-08-10 22:15 - 2016-08-10 22:15 - 00000000 ____D C:\Program Files\iTunes
2016-08-10 22:15 - 2016-08-10 22:15 - 00000000 ____D C:\Program Files\iPod
2016-08-10 22:15 - 2016-08-10 22:15 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-08-10 14:23 - 2016-08-10 14:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-08-10 14:02 - 2016-08-03 12:14 - 01505984 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-08-10 14:02 - 2016-08-03 12:14 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-10 14:02 - 2016-08-03 12:14 - 00050368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-08-10 14:02 - 2016-08-03 11:36 - 07469408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-08-10 14:02 - 2016-08-03 11:36 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-08-10 14:02 - 2016-08-03 11:36 - 00037744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2016-08-10 14:02 - 2016-08-03 11:30 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-08-10 14:02 - 2016-08-03 11:23 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-08-10 14:02 - 2016-08-03 11:23 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-08-10 14:02 - 2016-08-03 11:22 - 01322760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-08-10 14:02 - 2016-08-03 11:22 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-08-10 14:02 - 2016-08-03 11:22 - 00465248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-08-10 14:02 - 2016-08-03 11:22 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-08-10 14:02 - 2016-08-03 11:22 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-08-10 14:02 - 2016-08-03 11:21 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-08-10 14:02 - 2016-08-03 11:21 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-10 14:02 - 2016-08-03 11:21 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-08-10 14:02 - 2016-08-03 11:21 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-08-10 14:02 - 2016-08-03 11:20 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-08-10 14:02 - 2016-08-03 11:20 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-08-10 14:02 - 2016-08-03 11:19 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-10 14:02 - 2016-08-03 11:19 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-10 14:02 - 2016-08-03 11:13 - 01988448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-10 14:02 - 2016-08-03 11:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-10 14:02 - 2016-08-03 11:13 - 00393056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-08-10 14:02 - 2016-08-03 11:11 - 00422744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-08-10 14:02 - 2016-08-03 10:51 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-08-10 14:02 - 2016-08-03 10:51 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-08-10 14:02 - 2016-08-03 10:46 - 22384128 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-08-10 14:02 - 2016-08-03 10:44 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-08-10 14:02 - 2016-08-03 10:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-08-10 14:02 - 2016-08-03 10:44 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2016-08-10 14:02 - 2016-08-03 10:43 - 16985088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-08-10 14:02 - 2016-08-03 10:41 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2016-08-10 14:02 - 2016-08-03 10:41 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-08-10 14:02 - 2016-08-03 10:41 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-08-10 14:02 - 2016-08-03 10:41 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-08-10 14:02 - 2016-08-03 10:40 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2016-08-10 14:02 - 2016-08-03 10:40 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-08-10 14:02 - 2016-08-03 10:40 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2016-08-10 14:02 - 2016-08-03 10:40 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-08-10 14:02 - 2016-08-03 10:40 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-08-10 14:02 - 2016-08-03 10:39 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-10 14:02 - 2016-08-03 10:39 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-08-10 14:02 - 2016-08-03 10:38 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-08-10 14:02 - 2016-08-03 10:38 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-08-10 14:02 - 2016-08-03 10:37 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-08-10 14:02 - 2016-08-03 10:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-08-10 14:02 - 2016-08-03 10:36 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-08-10 14:02 - 2016-08-03 10:36 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-08-10 14:02 - 2016-08-03 10:35 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-08-10 14:02 - 2016-08-03 10:35 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2016-08-10 14:02 - 2016-08-03 10:34 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-08-10 14:02 - 2016-08-03 10:33 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-08-10 14:02 - 2016-08-03 10:33 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-08-10 14:02 - 2016-08-03 10:31 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-08-10 14:02 - 2016-08-03 10:31 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-08-10 14:02 - 2016-08-03 10:31 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2016-08-10 14:02 - 2016-08-03 10:30 - 24613888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-10 14:02 - 2016-08-03 10:30 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-08-10 14:02 - 2016-08-03 10:30 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-08-10 14:02 - 2016-08-03 10:29 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-08-10 14:02 - 2016-08-03 10:29 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-08-10 14:02 - 2016-08-03 10:29 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-08-10 14:02 - 2016-08-03 10:29 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-10 14:02 - 2016-08-03 10:29 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-08-10 14:02 - 2016-08-03 10:29 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-08-10 14:02 - 2016-08-03 10:29 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-08-10 14:02 - 2016-08-03 10:28 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-08-10 14:02 - 2016-08-03 10:28 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-08-10 14:02 - 2016-08-03 10:28 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-08-10 14:02 - 2016-08-03 10:27 - 07536640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-08-10 14:02 - 2016-08-03 10:27 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-08-10 14:02 - 2016-08-03 10:27 - 01717760 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-10 14:02 - 2016-08-03 10:27 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-08-10 14:02 - 2016-08-03 10:20 - 13390336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-08-10 14:02 - 2016-08-03 10:18 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-08-10 14:02 - 2016-08-03 10:18 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-08-10 14:02 - 2016-08-03 10:18 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-10 14:02 - 2016-08-03 10:17 - 02175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-08-10 14:02 - 2016-08-03 10:16 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2016-08-10 14:02 - 2016-08-03 10:16 - 03589120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-10 14:02 - 2016-08-03 10:16 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-08-10 14:02 - 2016-08-03 10:16 - 01732096 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-10 14:02 - 2016-08-03 10:15 - 07833088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-08-10 14:02 - 2016-08-03 10:14 - 04895232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-08-10 14:02 - 2016-08-03 10:14 - 01997824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-08-10 14:02 - 2016-08-03 10:13 - 03025920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-08-10 14:02 - 2016-08-03 10:13 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-08-10 14:02 - 2016-08-03 10:12 - 02746368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-08-10 14:02 - 2016-08-03 10:11 - 04171264 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-08-10 14:02 - 2016-08-03 06:52 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2016-08-10 14:02 - 2016-08-03 06:34 - 00501592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-08-10 14:02 - 2016-08-03 06:34 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-08-10 14:02 - 2016-08-03 06:33 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-08-10 14:02 - 2016-08-03 06:31 - 02921368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-10 14:02 - 2016-08-03 06:31 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-08-10 14:02 - 2016-08-03 06:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-08-10 14:02 - 2016-08-03 06:30 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-08-10 14:02 - 2016-08-03 06:30 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-08-10 14:02 - 2016-08-03 06:30 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-08-10 14:02 - 2016-08-03 05:57 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-08-10 14:02 - 2016-08-03 05:48 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-08-10 14:02 - 2016-08-03 05:47 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-08-10 14:02 - 2016-08-03 05:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-08-10 14:02 - 2016-08-03 05:44 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2016-08-10 14:02 - 2016-08-03 05:42 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-08-10 14:02 - 2016-08-03 05:40 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2016-08-10 14:02 - 2016-08-03 05:39 - 19351040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-08-10 14:02 - 2016-08-03 05:37 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-08-10 14:02 - 2016-08-03 05:37 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-08-10 14:02 - 2016-08-03 05:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-08-10 14:02 - 2016-08-03 05:35 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe
2016-08-10 14:02 - 2016-08-03 05:34 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-08-10 14:02 - 2016-08-03 05:34 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-08-10 14:02 - 2016-08-03 05:33 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-08-10 14:02 - 2016-08-03 05:33 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-08-10 14:02 - 2016-08-03 05:33 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-08-10 14:02 - 2016-08-03 05:32 - 12585984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-08-10 14:02 - 2016-08-03 05:32 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-08-10 14:02 - 2016-08-03 05:32 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-08-10 14:02 - 2016-08-03 05:32 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-08-10 14:02 - 2016-08-03 05:31 - 06743040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-08-10 14:02 - 2016-08-03 05:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-08-10 14:02 - 2016-08-03 05:29 - 12133376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-08-10 14:02 - 2016-08-03 05:28 - 03663360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-08-10 14:02 - 2016-08-03 05:25 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-08-10 14:02 - 2016-08-03 05:25 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2016-08-10 14:02 - 2016-08-03 05:23 - 05660672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-08-10 14:02 - 2016-08-03 05:23 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-08-10 14:02 - 2016-08-03 05:22 - 02501120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-08-10 14:02 - 2016-08-03 05:22 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-10 14:02 - 2016-08-03 05:21 - 01708032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-08-10 14:02 - 2016-08-03 05:19 - 02180096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-08-03 07:21 - 2016-08-03 07:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2016-08-02 18:24 - 2016-08-02 18:24 - 00000000 ___HD C:\$WINDOWS.~BT
2016-07-31 08:38 - 2016-07-31 08:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2016-07-21 21:00 - 2016-07-21 21:17 - 00000000 ____D C:\Users\Steve Williams\AppData\Roaming\ImgBurn
2016-07-21 20:59 - 2016-08-15 18:43 - 00001948 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
2016-07-21 20:59 - 2016-07-21 20:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
2016-07-21 20:59 - 2016-07-21 20:59 - 00000000 ____D C:\Program Files (x86)\ImgBurn

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-16 12:13 - 2015-10-16 18:13 - 00000939 _____ C:\WINDOWS\Tasks\EPSON XP-950 Series Update {BAEA7C0A-E8B3-4C89-9EBF-F5EB44F29879}.job
2016-08-16 12:13 - 2015-10-16 18:13 - 00000753 _____ C:\WINDOWS\Tasks\EPSON XP-950 Series Invitation {BAEA7C0A-E8B3-4C89-9EBF-F5EB44F29879}.job
2016-08-16 12:06 - 2015-07-25 04:24 - 00000093 _____ C:\Users\Steve Williams\AppData\Roaming\sp_data.sys
2016-08-16 12:00 - 2015-07-25 09:48 - 00003550 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
2016-08-16 12:00 - 2015-07-25 09:48 - 00003540 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
2016-08-16 11:59 - 2015-07-27 00:47 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d0c7fd62685f75.job
2016-08-16 11:42 - 2016-01-30 16:42 - 00000939 _____ C:\WINDOWS\Tasks\EPSON XP-950 Series Update {6A3B470F-51E3-4B88-A963-EC3F5D017661}.job
2016-08-16 11:42 - 2016-01-30 16:42 - 00000753 _____ C:\WINDOWS\Tasks\EPSON XP-950 Series Invitation {6A3B470F-51E3-4B88-A963-EC3F5D017661}.job
2016-08-16 11:42 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2016-08-16 11:23 - 2015-07-26 23:23 - 00000372 _____ C:\WINDOWS\Tasks\PremiumScanner.job
2016-08-16 10:52 - 2015-07-25 01:27 - 00000000 ____D C:\Users\Steve Williams\AppData\Roaming\vlc
2016-08-16 10:23 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF
2016-08-16 10:23 - 2015-08-14 10:36 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-08-16 10:22 - 2015-07-25 04:29 - 00000000 ____D C:\Users\Steve Williams\AppData\Roaming\WebStorage
2016-08-16 10:18 - 2015-07-26 11:40 - 00003808 _____ C:\WINDOWS\System32\Tasks\AutoKMS
2016-08-16 10:17 - 2015-07-27 00:47 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0c7fd62601eb2.job
2016-08-16 10:17 - 2015-07-24 23:28 - 00000000 ____D C:\Users\Steve Williams\AppData\Local\Adobe
2016-08-16 10:16 - 2015-12-03 04:46 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-16 10:16 - 2015-10-30 07:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-08-16 10:04 - 2015-08-12 18:38 - 00000000 ____D C:\Users\Steve Williams\AppData\Local\CrashDumps
2016-08-16 10:04 - 2015-07-27 00:14 - 00000000 ____D C:\AdwCleaner
2016-08-16 08:49 - 2015-07-25 04:25 - 00004170 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{616E28AB-FDD7-4959-AE79-AA6FACAAB9BC}
2016-08-16 08:42 - 2016-06-16 07:25 - 00004008 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1466058313
2016-08-16 08:41 - 2016-06-16 07:21 - 00037144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2016-08-16 08:41 - 2015-10-13 22:43 - 00968536 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2016-08-16 08:41 - 2015-10-13 22:43 - 00513496 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2016-08-16 08:41 - 2015-10-13 22:43 - 00292704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys.147133329356205
2016-08-16 08:41 - 2015-10-13 22:43 - 00292704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys.147133329123404
2016-08-16 08:41 - 2015-10-13 22:43 - 00292704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys
2016-08-16 08:41 - 2015-10-13 22:43 - 00163416 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2016-08-16 08:41 - 2015-10-13 22:43 - 00108816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2016-08-16 08:41 - 2015-10-13 22:43 - 00103064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2016-08-16 08:41 - 2015-10-13 22:43 - 00074544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2016-08-16 08:41 - 2015-10-13 22:43 - 00037656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2016-08-16 08:41 - 2015-10-13 22:43 - 00004004 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-08-15 20:25 - 2016-04-19 07:20 - 00000000 ____D C:\Avenger
2016-08-15 19:32 - 2015-07-25 04:24 - 00000000 ____D C:\Users\Steve Williams\AppData\Local\Packages
2016-08-15 19:06 - 2015-12-08 23:31 - 00000008 __RSH C:\ProgramData\ntuser.pol
2016-08-15 19:02 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2016-08-15 18:43 - 2016-07-11 08:38 - 00001137 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Urban Lightscape.lnk
2016-08-15 18:43 - 2016-06-16 07:25 - 00001224 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-08-15 18:43 - 2016-03-25 01:17 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-08-15 18:43 - 2016-03-09 07:55 - 00001090 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2016-08-15 18:43 - 2015-12-26 19:19 - 00002025 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2016-08-15 18:43 - 2015-12-03 04:44 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-08-15 18:43 - 2015-12-03 04:40 - 00001295 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudioWizard.lnk
2016-08-15 18:43 - 2015-11-01 21:59 - 00001164 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Audition CC 2015.lnk
2016-08-15 18:43 - 2015-11-01 09:58 - 00002194 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Screen Recorder.lnk
2016-08-15 18:43 - 2015-11-01 09:58 - 00002111 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector 14 (64-bit).lnk
2016-08-15 18:43 - 2015-10-07 18:42 - 00001300 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2016-08-15 18:43 - 2015-09-30 20:38 - 00001176 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2016-08-15 18:43 - 2015-08-14 09:54 - 00002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
2016-08-15 18:43 - 2015-08-14 09:54 - 00002289 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
2016-08-15 18:43 - 2015-08-14 09:54 - 00002128 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2016-08-15 18:43 - 2015-07-25 10:21 - 00001126 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CC 2015.lnk
2016-08-15 18:43 - 2015-07-24 23:37 - 00002118 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Update Management Tool.lnk
2016-08-15 18:43 - 2015-07-24 23:35 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC.lnk
2016-08-15 18:43 - 2015-07-24 23:30 - 00001130 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC (64 Bit).lnk
2016-08-15 18:43 - 2015-07-24 19:47 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-15 18:43 - 2014-10-29 07:26 - 00002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games App - asus.lnk
2016-08-15 18:42 - 2016-04-24 16:57 - 00002890 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Mindjet MindManager 2016.lnk
2016-08-15 18:42 - 2016-01-25 18:40 - 00000767 _____ C:\Users\Steve Williams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2016-08-15 18:42 - 2015-08-14 10:38 - 00002392 _____ C:\Users\Steve Williams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-08-15 18:42 - 2015-07-27 07:30 - 00002890 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Mindjet MindManager 15.lnk
2016-08-15 18:42 - 2015-07-24 20:01 - 00001846 _____ C:\Users\Steve Williams\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2016-08-15 18:33 - 2015-12-09 14:37 - 00000000 ____D C:\WINDOWS\PCHEALTH
2016-08-15 18:33 - 2015-07-24 19:44 - 00000000 ____D C:\Users\Steve Williams\AppData\Local\Apps\2.0
2016-08-15 18:22 - 2015-07-25 00:37 - 00000000 ____D C:\Users\Steve Williams\AppData\Roaming\qBittorrent
2016-08-15 18:08 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-08-15 17:38 - 2016-07-14 00:04 - 00000000 ____D C:\Program Files (x86)\Vertus Fluid Mask 3
2016-08-15 17:29 - 2015-07-26 11:43 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-08-15 17:11 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-08-15 17:06 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-15 08:05 - 2015-08-03 10:51 - 00001456 _____ C:\Users\Steve Williams\AppData\Local\Adobe Save for Web 13.0 Prefs
2016-08-14 00:42 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\rescache
2016-08-13 23:28 - 2015-07-24 21:26 - 00000000 ____D C:\Users\Steve Williams\AppData\Roaming\Chief Architect Inc
2016-08-13 10:41 - 2016-07-09 18:50 - 00000000 ____D C:\Users\Steve Williams\AppData\Local\Chief Architect Premier X8
2016-08-10 22:15 - 2016-03-25 01:16 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-08-10 22:12 - 2016-01-26 13:16 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-08-10 22:12 - 2015-09-25 07:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2016-08-10 22:12 - 2015-08-30 17:36 - 00000000 ____D C:\Users\Steve Williams\.oracle_jre_usage
2016-08-10 22:12 - 2015-08-14 08:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-08-10 22:12 - 2015-08-14 08:10 - 00000000 ____D C:\Program Files (x86)\Java
2016-08-10 20:22 - 2015-07-25 04:17 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-10 20:15 - 2015-10-30 19:08 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-10 20:15 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-10 20:15 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2016-08-10 20:15 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\en-GB
2016-08-10 20:15 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-08-10 14:28 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-08-10 14:28 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-10 14:27 - 2015-07-26 02:58 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-10 14:27 - 2015-07-26 00:46 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-08-10 14:27 - 2013-08-22 14:25 - 00000199 _____ C:\WINDOWS\win.ini
2016-08-10 14:23 - 2015-07-26 02:58 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-07 11:12 - 2015-10-01 10:03 - 00000000 ____D C:\Users\Steve Williams\AppData\Local\ElevatedDiagnostics
2016-08-03 07:21 - 2016-04-21 22:48 - 00003624 _____ C:\WINDOWS\System32\Tasks\GarminUpdaterTask
2016-08-03 07:21 - 2016-04-21 22:48 - 00000000 ____D C:\Program Files (x86)\Garmin
2016-08-02 18:24 - 2015-12-03 04:39 - 00000000 ___DC C:\WINDOWS\Panther
2016-07-31 08:38 - 2015-07-25 00:36 - 00000000 ____D C:\Program Files (x86)\qBittorrent
2016-07-29 16:53 - 2015-07-27 00:47 - 00004014 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1d0c7fd62685f75
2016-07-29 16:53 - 2015-07-27 00:47 - 00003782 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1d0c7fd62601eb2
2016-07-28 15:37 - 2015-08-04 17:45 - 00000000 ____D C:\Users\Steve Williams\AppData\Roaming\Skype
2016-07-28 15:25 - 2014-10-29 07:25 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-07-28 15:25 - 2014-10-29 07:25 - 00000000 ____D C:\ProgramData\Skype
2016-07-28 15:19 - 2015-08-03 10:15 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-07-27 06:54 - 2015-08-06 12:12 - 00000000 ____D C:\Users\Steve Williams\AppData\Roaming\FileZilla
2016-07-25 09:19 - 2015-12-03 04:41 - 00000000 ____D C:\Users\Steve Williams
2016-07-25 09:18 - 2015-10-10 08:17 - 00000000 ____D C:\Users\Steve Williams\AppData\Roaming\Epson
2016-07-25 07:02 - 2015-07-28 09:22 - 00000000 ____D C:\Users\Steve Williams\AppData\Roaming\dvdcss
2016-07-21 20:44 - 2015-09-30 20:38 - 00000000 ____D C:\Program Files (x86)\CDBurnerXP

==================== Files in the root of some directories =======

2015-09-08 10:08 - 2015-09-08 10:08 - 0000132 _____ () C:\Users\Steve Williams\AppData\Roaming\Adobe PNG Format CC Prefs
2016-05-20 09:42 - 2016-05-20 09:42 - 0000582 _____ () C:\Users\Steve Williams\AppData\Roaming\AutoGK.ini
2016-05-05 15:22 - 2016-05-07 17:41 - 0000424 _____ () C:\Users\Steve Williams\AppData\Roaming\burnaware.ini
2015-10-28 23:30 - 2016-02-18 23:41 - 0099384 _____ () C:\Users\Steve Williams\AppData\Roaming\inst.exe
2015-10-28 23:30 - 2016-02-18 23:41 - 0007859 _____ () C:\Users\Steve Williams\AppData\Roaming\pcouffin.cat
2015-10-28 23:30 - 2016-02-18 23:41 - 0001167 _____ () C:\Users\Steve Williams\AppData\Roaming\pcouffin.inf
2015-10-28 23:30 - 2016-02-18 23:41 - 0000055 _____ () C:\Users\Steve Williams\AppData\Roaming\pcouffin.log
2015-10-28 23:30 - 2016-02-18 23:41 - 0082816 _____ (VSO Software) C:\Users\Steve Williams\AppData\Roaming\pcouffin.sys
2016-07-11 08:13 - 2016-07-11 08:14 - 0000164 _____ () C:\Users\Steve Williams\AppData\Roaming\PLGComp.ini
2015-07-25 04:24 - 2016-08-16 12:06 - 0000093 _____ () C:\Users\Steve Williams\AppData\Roaming\sp_data.sys
2016-03-28 09:13 - 2016-03-28 09:41 - 0000009 _____ () C:\Users\Steve Williams\AppData\Roaming\update.dat
2016-03-28 09:15 - 2016-04-10 23:18 - 0000004 _____ () C:\Users\Steve Williams\AppData\Roaming\Microsoft\notaut.txt
2015-08-03 10:51 - 2016-08-15 08:05 - 0001456 _____ () C:\Users\Steve Williams\AppData\Local\Adobe Save for Web 13.0 Prefs
2015-12-03 04:40 - 2015-12-03 04:40 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-10-29 07:25 - 2012-09-07 12:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2014-10-29 07:25 - 2009-07-22 11:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe

Some files in TEMP:
====================
C:\Users\Steve Williams\AppData\Local\Temp\libeay32.dll
C:\Users\Steve Williams\AppData\Local\Temp\msvcr120.dll
C:\Users\Steve Williams\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll
[2016-04-13 07:44] - [2016-04-13 07:44] - 0686976 ____N (Microsoft Corporation) C820B156EABF59C22ACDDD0F41D1459C

C:\WINDOWS\SysWOW64\dnsapi.dll
[2016-04-13 07:44] - [2016-04-13 07:44] - 0535080 ____A () D41D8CD98F00B204E9800998ECF8427E

C:\WINDOWS\SysWOW64\dnsapi.dll => no Company Name <===== ATTENTION

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-08-14 18:07

==================== End of FRST.txt ============================
 

Addition.txt reads:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-08-2016 01
Ran by Steve Williams (16-08-2016 12:20:39)
Running from D:\Desktop
Windows 10 Home Version 1511 (X64) (2015-12-03 03:47:37)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1510182464-20956567-2200914830-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1510182464-20956567-2200914830-503 - Limited - Disabled)
Guest (S-1-5-21-1510182464-20956567-2200914830-501 - Limited - Disabled)
Steve Williams (S-1-5-21-1510182464-20956567-2200914830-1001 - Administrator - Enabled) => C:\Users\Steve Williams

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

A Ruler for Windows (HKLM\...\{DCF4C336-18DB-449B-9238-821B7F28B614}_is1) (Version: 3.1 - Latour)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.17 - Adobe Systems)
Adobe Audition CC 2015 (HKLM-x32\...\{839A3566-AED6-4787-A849-5CBE2B1DC6AE}) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.3.0.151 - Adobe Systems Incorporated)
Adobe Dreamweaver CC 2015 (HKLM-x32\...\{EE2A0AA8-0386-11E5-8603-BC82F5DB1A71}) (Version: 16.0.0 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Update Management Tool (HKLM-x32\...\{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1) (Version: 6.2 - PainteR)
Aimersoft DRM Media Converter(Build 1.5.5.0) (HKLM-x32\...\Aimersoft DRM Media Converter_is1) (Version:  - Aimersoft Software)
Alien Skin Exposure 7 (HKLM\...\Alien Skin Exposure 7) (Version:  - Alien Skin)
Alien Skin Exposure X (HKLM\...\Alien Skin Exposure X) (Version:  - Alien Skin)
Alien Skin Eye Candy 7 (HKLM\...\Alien Skin Eye Candy 7) (Version:  - Alien Skin)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Any Video Converter 5.8.1 (HKLM-x32\...\Any Video Converter) (Version: 5.8.1 - Anvsoft)
Apple Application Support (32-bit) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ASUS Gaming Center (HKLM-x32\...\{23C8A788-4790-4F3C-B103-0ACC7D9DC5BE}) (Version: 1.0.5 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.4.1 - ASUS)
ASUS ROG Gaming Mouse (HKLM-x32\...\{3B9E171F-A955-4834-B877-447C0A437260}) (Version: 2.00.026 - ASUS)
ASUS ROG MacroKey (HKLM-x32\...\{348022C5-F497-4333-AFEE-208F22F169F2}_is1) (Version: 1.0.0.28 - G-spy Co., Ltd)
ASUS Screen Saver (HKLM-x32\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 2.0.8 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.02.0001 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.0.2 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0037 - ASUS)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
AutoEye (HKLM\...\{D4CBB77C-8143-44E9-9506-6DA1925DAA5C}) (Version: 2.00.0000 - Auto FX Software)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.2.2276 - AVAST Software)
Avidemux 2.6 - 64 bits (HKLM-x32\...\Avidemux 2.6 - 64 bits (64-bit)) (Version: 2.6.11.160129 - )
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BurnAware Free 9.1 (HKLM-x32\...\BurnAware Free_is1) (Version:  - Burnaware)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6229 - CDBurnerXP)
Chief Architect Premier X7 (64 bit) (HKLM\...\{DECCC633-A59B-408E-85DD-2A2B1964747F}) (Version: 17.1.0.0 - Chief Architect)
Chief Architect Premier X8 (64 bit) (HKLM\...\{962D03CF-6BBF-4448-976B-4A02F186EE42}) (Version: 18.2.0.0 - Chief Architect)
ChrisPC Free VideoTube Downloader 8.40 (HKLM-x32\...\{6006089C-84B5-4F18-8113-1234567890DE}_is1) (Version:  - Chris P.C. srl)
CyberLink MediaStory (HKLM-x32\...\InstallShield_{55762F9A-FCE3-45d5-817B-051218658423}) (Version: 1.0.1314 - CyberLink Corp.)
CyberLink PowerDirector 14 (HKLM-x32\...\{6BADCD73-E925-46F7-A295-FF2448632728}) (Version: 14.0.2019.0 - CyberLink Corp.)
Dark Souls III, âåðñèÿ 2.0 (HKLM-x32\...\Dark Souls III_is1) (Version: 2.0 - Bandai Namco)
Device Setup (HKLM-x32\...\{1F07F2C7-596F-4F34-B805-2C61A3E50E5A}) (Version: 1.0.18 - ASUSTek Computer Inc.)
Driver Talent (HKLM-x32\...\{29FE44D7-BC89-4188-8B0E-F6BA073C15A5}_is1) (Version: 6.4.35.122 - OSToto Co., Ltd.)
ELAN Touchpad 11.5.20.3_X64_WHQL (HKLM\...\Elantech) (Version: 11.5.20.3 - ELAN Microelectronic Corp.)
Elevated Installer (x32 Version: 4.1.25.0 - Garmin Ltd or its subsidiaries) Hidden
EngraverIII 1.0 (HKLM\...\EngraverIII plug-in for Adobe Photoshop and comp~D21F431D_is1) (Version:  - )
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.80.0000 - Seiko Epson Corporation)
Epson Easy Photo Print 2 (HKLM-x32\...\{07AA1C7F-E8CA-4FDC-B975-BC9EBC22B6DE}) (Version: 2.7.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
EPSON Manuals (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.52.0.0 - SEIKO EPSON CORPORATION)
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.43.00 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-950 Series Printer Uninstall (HKLM\...\EPSON XP-950 Series) (Version:  - SEIKO EPSON Corporation)
FFMPEG Addon (HKLM-x32\...\{111124AF-1ED4-44EF-B674-111111985342}_is1) (Version: 1.00 - FFMPEG)
FileZilla Client 3.19.0 (HKLM-x32\...\FileZilla Client) (Version: 3.19.0 - Tim Kosse)
FocalBlade 2.02 (Plugin) (HKLM\...\FocalBlade 2.02 (Plugin)_is1) (Version:  - The Plugin Site)
Focus Magic 4.02 (HKLM-x32\...\Focus Magic_is1) (Version: 4.02 - Acclaim Software Ltd)
Foxit PhantomPDF (HKLM-x32\...\{FC76E6BB-7CBB-4CD6-8178-3BCADC0526C3}) (Version: 6.0.62.801 - Foxit Corporation)
Freemake Video Converter version 4.1.9 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.9 - Ellora Assets Corporation)
Garmin Express (HKLM-x32\...\{686d881a-083e-4030-80db-52c493bf89d3}) (Version: 4.1.25.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.1.25.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.1.25.0 - Garmin Ltd or its subsidiaries) Hidden
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.1.1 - Genesys Logic)
get_iplayer 4.9 (HKLM-x32\...\get_iplayer) (Version: 4.9 - infradead.org)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Grammarly for Microsoft® Office Suite (HKU\S-1-5-21-1510182464-20956567-2200914830-1001\...\{b1eb8775-bc01-49f5-9885-9ff3c9b4a7a3}) (Version: 6.5.57 - Grammarly)
Grammarly for Microsoft® Office Suite (Version: 6.5.57 - Grammarly) Hidden
HWiNFO64 Version 5.02 (HKLM\...\HWiNFO64_is1) (Version: 5.02 - Martin Malík - REALiX)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1016 - Intel Corporation)
Intel Driver Update Utility (HKLM-x32\...\{ca4bc3a8-b99c-4416-90d8-351a8ceab458}) (Version: 2.2.0.2 - Intel)
Intel(R) Driver Update Utility 2.2 (x32 Version: 2.2.0.1 - Intel) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.6.0.1038 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 17.0.1419.2) (HKLM\...\{302600C1-6BDF-4FD1-1405-148929CC1385}) (Version: 17.0.1405.0464 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{85b9d34f-7397-4e39-8600-07942ef6ca04}) (Version: 17.0.5 - Intel Corporation)
iSkysoft Helper Compact 2.5.0 (HKLM-x32\...\{9BF12010-8799-41A5-A671-E9CFDE9E79F3}_is1) (Version: 2.5.0 - iSkysoft)
iSkysoft iMedia Converter Deluxe(Build 5.9.0.1) (HKLM-x32\...\iSkysoft iMedia Converter Deluxe_is1) (Version: 5.9.0.1 - iSkysoft Software)
iTunes (HKLM\...\{955524E7-79EB-4CA9-BA4D-FD2DF587651B}) (Version: 12.4.3.1 - Apple Inc.)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.15 - Oracle Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation)
Java SE Development Kit 8 Update 60 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180600}) (Version: 8.0.600.27 - Oracle Corporation)
Mad Max (HKLM-x32\...\Mad Max_is1) (Version:  - )
MakeMKV v1.9.4 (HKLM-x32\...\MakeMKV) (Version: v1.9.4 - GuinpinSoft inc)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Maxx Audio Installer (x64) (Version: 2.6.6168.8 - Waves Audio Ltd.) Hidden
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mindjet MindManager 15 (HKLM\...\{0D54C615-A3F1-4BF2-BC79-7CA61F8ADB34}) (Version: 15.1.173 - Mindjet)
Mindjet MindManager 2016 (HKLM\...\{2B218B30-3403-4617-898A-E0FA74C221CB}) (Version: 16.0.152 - Mindjet)
MiniTool Partition Wizard Professional Edition 8.1.1 (HKLM-x32\...\{2991A446-D356-44EC-930A-42E8B02A67C0}_is1) (Version:  - MiniTool Solution Ltd.)
MKVToolNix 9.1.0 (64bit) (HKLM-x32\...\MKVToolNix) (Version: 9.1.0 - Moritz Bunkus)
Mobile Broadband HL Service (HKLM-x32\...\Mobile Broadband HL Service) (Version: 22.001.25.00.03 - Huawei Technologies Co.,Ltd)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MyEpson Portal (HKLM-x32\...\MyEpson Portal) (Version:  - SEIKO EPSON Corporation)
MyEpson Portal (x32 Version: 1.1.1.0 - SEIKO EPSON CORPORATION) Hidden
NewBlue Titler Pro for Windows (HKLM-x32\...\NewBlue Titler Pro for Windows) (Version: 1.0 - NewBlue)
NewBlue Video Essentials for Windows (HKLM-x32\...\NewBlue Video Essentials for Windows) (Version: 3.0 - NewBlue)
NewBlue Video Essentials V for Windows (HKLM-x32\...\NewBlue Video Essentials V for Windows) (Version: 3.0 - NewBlue)
NewBlue Video Essentials VI for Windows (HKLM-x32\...\NewBlue Video Essentials VI for Windows) (Version: 3.0 - NewBlue)
NewBlue Video Essentials VII for Windows (HKLM-x32\...\NewBlue Video Essentials VII for Windows) (Version: 3.0 - NewBlue)
Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.11 - Google)
NVIDIA GeForce Experience 2.5.14.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.14.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.62 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 355.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 355.60 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.13.4 - OBS Project)
OpenOffice 4.1.1 (HKLM-x32\...\{86F2B095-3998-41D5-833D-1C5075300950}) (Version: 4.11.9775 - Apache Software Foundation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
PeaZip 5.7.0 (HKLM-x32\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version:  - Giorgio Tani)
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Power Retouch 8.0 x64 Full Pack of plug-ins (HKLM\...\Power Retouch 8.0 x64 Full Pack of plug-ins) (Version: 8.0 - Power Retouch)
proDAD Adorage 3.0 (64bit) (HKLM\...\proDAD-Adorage-3.0) (Version: 3.0.114.1 - proDAD GmbH)
qBittorrent 3.3.6 (HKLM-x32\...\qBittorrent) (Version: 3.3.6 - The qBittorrent project)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.34.617.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
ROG Game First III (HKLM-x32\...\{0C6E32E1-31D9-49F1-B67F-2941994002D5}) (Version: 1.00.16 - ASUSTeK Computer Inc.)
SafeZone Stable 1.51.2220.47 (x32 Version: 1.51.2220.47 - Avast Software) Hidden
SecondLifeViewer (HKLM-x32\...\SecondLifeViewer) (Version: 3.8.6.305981 - Linden Research, Inc.)
SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.14.5 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype™ 7.26 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.26.101 - Skype Technologies S.A.)
Smart View 2.0 (HKLM-x32\...\{FBAAAFAE-08A8-4C63-87EA-4AEA9DEE53E1}) (Version: 1.0.0.0 - Samsung)
SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.8 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (x32 Version: 5.1.8 - SmartSound Software Inc.) Hidden
Spotify (HKU\S-1-5-21-1510182464-20956567-2200914830-1001\...\Spotify) (Version: 1.0.27.75.gdc223232 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1204 - SUPERAntiSpyware.com)
SUPERHOT (HKLM-x32\...\1456141688_is1) (Version: 2.0.0.4 - GOG.com)
Thunderbolt(TM) Software (HKLM\...\{BED2816F-D47A-41DA-AFCF-44E1B257C368}) (Version: 2.0.4.250 - Intel(R) Corporation)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0419-1000-0000000FF1CE}_Office15.PROPLUS_{E248798E-B471-4172-93CF-F1A7A356C7D8}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0422-1000-0000000FF1CE}_Office15.PROPLUS_{348C113E-01A7-4674-99BB-175A99690767}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 7.4 - Ubisoft)
Urban Lightscape (HKLM-x32\...\urbanlightscape) (Version:  - )
USB_Burning_Tool (HKLM-x32\...\{0F91E44C-2FAD-4298-8051-40E52C7E1341}_is1) (Version: 1.0.72 - Amlogic, Inc.)
Vertus Fluid Mask 3 3.3.14 (HKLM-x32\...\vertusFluidMask3) (Version: 3.3.14 - )
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VSO ConvertXToDVD 6 (HKLM-x32\...\{8FC36FA6-C508-44FB-B137-1CB46D8258B2}_is1) (Version: 6.0.0.20 - VSO Software)
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.1.11.399 - ASUS Cloud Corporation)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.0.11.14 - WildTangent)
WIN (HKLM-x32\...\win_en_77_is1) (Version:  - ) <==== ATTENTION
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - libusb-win32 WorldCup Device (02/23/2013 1.2.6.0) (HKLM\...\607E81836F3E58EDC7289F7B7047149AE2C7F301) (Version: 02/23/2013 1.2.6.0 - libusb-win32)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
WinHTTrack Website Copier 3.48-22 (x64) (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.48.22 - HTTrack)
WinX DVD Ripper Platinum 7.5.11 (HKLM-x32\...\WinX DVD Ripper Platinum_is1) (Version:  - Digiarty Software, Inc.)
XviD MPEG4 Video Codec (remove only) (HKLM-x32\...\XviD MPEG4 Video Codec) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1510182464-20956567-2200914830-1001_Classes\CLSID\{2AD206F1-152C-4F9D-A24E-6F93FE7A4AFC}\InprocServer32 -> C:\Users\Steve Williams\AppData\Local\Grammarly\Grammarly for Microsoft Office Suite\6.5.57\DB0DC721A7254B7381AFA328823E1409\GrammarlyShim64.dll (CompanyName)
CustomCLSID: HKU\S-1-5-21-1510182464-20956567-2200914830-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Steve Williams\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1510182464-20956567-2200914830-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {12B1D724-3044-4B4F-A28E-6561593C42B7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {1C700DEB-6FE8-4DA4-9F88-C7707A23C65B} - \Irsaneta -> No File <==== ATTENTION
Task: {22791651-2984-4A17-9BE7-F75A5E2AE9F1} - System32\Tasks\AdobeAAMUpdater-1.0-KickassSW-Steve Williams => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-01-07] (Adobe Systems Incorporated)
Task: {26A23979-5B58-4F93-85FB-9B2ABB911B33} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2014-06-11] (ASUSTek Computer Inc.)
Task: {27B199E0-AB48-4DA0-A8A0-AD3B8C3E2BAC} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2015-06-24] (Realtek Semiconductor)
Task: {2C8335D0-AC00-40F8-8242-54956D089A37} - System32\Tasks\Gaming Center => C:\Program Files (x86)\ASUS\ASUS Gaming Center\vivokey.exe [2014-10-03] (ASUSTek Computer Inc.)
Task: {35ED6479-FC3A-49AB-AAE4-24371BE81D0F} - \PremiumScanner -> No File <==== ATTENTION
Task: {36E27157-D0DB-4D2D-A708-3BCE4417161E} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2014-09-02] (ASUSTek Computer Inc.)
Task: {39486CFE-9339-418F-9510-F8597FEEDD7D} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-06-03] ()
Task: {528EB5A7-4D54-44EE-8A80-C0386E5E41FE} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {56D07EB0-740B-4291-AF33-7945B4B63B64} - System32\Tasks\GoogleUpdateTaskMachineCore1d0c641801a0073 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-27] (Google Inc.)
Task: {5745608E-DF18-4C4B-A712-2579D68E0D95} - System32\Tasks\EPSON XP-950 Series Update {6A3B470F-51E3-4B88-A963-EC3F5D017661} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLIE.EXE [2015-10-01] (SEIKO EPSON CORPORATION)
Task: {5F603998-E7A2-42A7-B223-A907F4C98D96} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {64202161-1A34-46A4-9BEE-3DC033C7A27D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {65B6F6B2-BF71-428C-A831-16F33147009C} - System32\Tasks\SafeZone scheduled Autoupdate 1466058313 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-07-25] (Avast Software)
Task: {67409967-0F2D-4267-ACB6-BCA1110DB98C} - System32\Tasks\EPSON XP-950 Series Update {BAEA7C0A-E8B3-4C89-9EBF-F5EB44F29879} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLIE.EXE [2015-10-01] (SEIKO EPSON CORPORATION)
Task: {68467136-4262-4E51-9807-774FD0BF8871} - System32\Tasks\EPSON XP-950 Series Invitation {6A3B470F-51E3-4B88-A963-EC3F5D017661} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLIE.EXE [2015-10-01] (SEIKO EPSON CORPORATION)
Task: {68DEF548-FF6A-4A5E-BCE8-594B0E94A025} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {6A2462F7-D96A-42B4-A9E2-E320ED670FF3} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {75680A40-9522-4D8A-AAAC-AEB639B701B6} - System32\Tasks\EPSON XP-950 Series Invitation {BAEA7C0A-E8B3-4C89-9EBF-F5EB44F29879} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLIE.EXE [2015-10-01] (SEIKO EPSON CORPORATION)
Task: {7D5BCBAD-C9CB-48AD-96CB-8FCCEE14D342} - System32\Tasks\GoogleUpdateTaskMachineCore1d0c7fd62601eb2 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-27] (Google Inc.)
Task: {85002F00-6F9B-4F26-AB4E-FC0FC658766D} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {96CC6185-2DAB-4255-83DA-5BDBF2C5CE04} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {AF47DC54-6C30-4243-BE6F-4E5ED11EAC8F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {B186E769-7454-418E-B273-AC7DC451BB52} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2015-07-26] ()
Task: {B3970E5B-B49F-47DE-97B4-B7C4BC9C65B5} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2014-09-11] (ASUSTek Computer Inc.)
Task: {B3C57A66-D809-4B5D-9F6E-6C0A47CB02FB} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => tbtsvc.exe
Task: {B56690BF-20F9-4E12-BD79-FA26A9B5EA92} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => Thunderbolt.exe
Task: {BBDF9975-A5C8-419E-8EC6-DADB71EFDDB6} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-06-03] ()
Task: {BF9F4ECC-D3BC-465B-8DF6-CDFCB9C6F484} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-06-03] ()
Task: {CC7FFF72-3D1F-4325-B7B0-EE20059FD35A} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-08-16] (AVAST Software)
Task: {CF28BDE0-19B3-49E1-A32E-E0299E24FD54} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {CF8B92A4-4AAE-4A01-93BA-B089AD39AE54} - System32\Tasks\GoogleUpdateTaskMachineUA1d0c7fd62685f75 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-27] (Google Inc.)
Task: {D6D0C689-759F-44E2-8264-68738E2512B7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {D7328A94-D2F2-4447-9D50-808AF4543C62} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => Thunderbolt.exe
Task: {DD203B4B-29CE-4CCD-80BF-8C71C962AD82} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2014-06-03] (ASUS)
Task: {E0E52142-DA21-4D85-A3C3-68B72E19DA21} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2016-07-31] ()
Task: {E2310A4D-4690-4266-B6EB-677AB97F2BD5} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-06-24] (Realtek Semiconductor)
Task: {E653A454-A05A-4FF3-85C5-08D82AAF91D8} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => start ThunderboltService
Task: {EE6F9908-A5B8-49C8-A28D-6BF946D45CE8} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {F10A8C07-C67D-4418-94B8-4AC57CC2005A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-27] (Google Inc.)
Task: {F144189F-E4D5-4ED4-BEE9-59C4557F092A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {F309FA75-4664-4D77-BB37-D508B92A633B} - System32\Tasks\UMonitor Task => C:\Windows\SysWOW64\UMonit64.exe [2014-02-26] ()
Task: {F51C401E-2D0C-4C3E-A96E-A6A82533520A} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {F689B795-71E0-499C-B111-336CFD7E84DE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {FD415F4C-512A-4960-8611-36480845089A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\EPSON XP-950 Series Invitation {6A3B470F-51E3-4B88-A963-EC3F5D017661}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLIE.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-950 Series Invitation {BAEA7C0A-E8B3-4C89-9EBF-F5EB44F29879}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLIE.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-950 Series Update {6A3B470F-51E3-4B88-A963-EC3F5D017661}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLIE.EXE:/EXE:{6A3B470F-51E3-4B88-A963-EC3F5D017661} /F:Update  WORKGROUP\KICKASSSW$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON XP-950 Series Update {BAEA7C0A-E8B3-4C89-9EBF-F5EB44F29879}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLIE.EXE:/EXE:{BAEA7C0A-E8B3-4C89-9EBF-F5EB44F29879} /F:Update  WORKGROUP\KICKASSSW$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0c641801a0073.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d0c7fd62601eb2.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d0c7fd62685f75.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\PremiumScanner.job => c:\programdata\{92a3f385-6452-5a84-92a3-3f385645ce15}\sevensetup.exe <==== ATTENTION

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Public\Desktop\Mad Max Launcher.lnk -> C:\Mad Max\Launcher.bat ()

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-12-03 04:40 - 2015-07-13 18:37 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-03-18 23:56 - 2016-03-18 23:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-07-05 15:23 - 2016-07-05 15:23 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-08-14 14:30 - 2014-02-15 07:59 - 00239184 _____ () C:\ProgramData\MobileBrServ\mbbservice.exe
2016-07-12 23:40 - 2016-07-01 05:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-12 23:40 - 2016-07-01 05:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-09-11 19:02 - 2015-09-11 19:02 - 00803488 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-05-18 02:59 - 2016-05-18 02:59 - 00959168 _____ () C:\Users\Steve Williams\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-06-14 13:37 - 2016-06-14 13:37 - 08909504 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-06-27 16:22 - 2016-06-27 16:22 - 00052912 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2016-05-20 09:55 - 2015-02-27 14:38 - 00721263 _____ () C:\WINDOWS\SysWOW64\ISCM64.dll
2015-12-18 01:36 - 2015-12-07 05:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-12 23:41 - 2016-07-01 04:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-07-12 23:42 - 2016-07-01 04:49 - 00674816 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
2016-07-12 23:41 - 2016-07-01 04:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-12 23:40 - 2016-07-01 04:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-12 23:41 - 2016-07-01 04:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-12 23:41 - 2016-07-01 04:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-01-27 20:50 - 2014-02-26 04:13 - 00053248 _____ () C:\Windows\SysWOW64\UMonit64.exe
2015-01-27 20:52 - 2013-05-15 15:39 - 00463872 _____ () C:\Program Files (x86)\ASUS Gaming Mouse\hid.exe
2015-10-11 10:10 - 2015-11-23 17:05 - 00071680 _____ () C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
2014-08-20 06:14 - 2014-08-20 06:14 - 01362240 _____ () C:\Program Files (x86)\ASUS\WebStorage\2.1.11.399\AsusWSService.exe
2016-06-04 12:00 - 2016-06-04 12:00 - 00017920 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-06-04 12:00 - 2016-06-04 12:00 - 13105152 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-06-04 12:00 - 2016-06-04 12:00 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2016-03-04 07:38 - 2016-03-04 07:38 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-06-28 04:13 - 2016-06-28 04:13 - 03790336 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1605.1582.0_x64__8wekyb3d8bbwe\Calculator.exe
2015-12-15 00:42 - 2015-12-15 00:43 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1605.1582.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2014-11-25 14:48 - 2014-11-25 14:48 - 00178944 _____ () C:\Program Files\Mindjet\MindManager 15\zlib64.dll
2015-12-17 23:27 - 2015-12-17 23:27 - 04890848 _____ () C:\Program Files (x86)\Adobe\Acrobat 11.0\PDFMaker\Common\X64\AdobePDFMakerX.dll
2015-04-22 17:23 - 2015-04-22 17:23 - 02210480 _____ () C:\Program Files\Microsoft Office\Office15\tmpod.dll
2015-10-13 16:10 - 2015-10-13 16:10 - 01428648 _____ () C:\Program Files\Microsoft Office\Office15\ADDINS\UmOutlookAddin.dll
2016-08-16 08:41 - 2016-08-16 08:41 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-08-16 09:47 - 2016-08-16 09:47 - 03016192 _____ () C:\Program Files\AVAST Software\Avast\defs\16081600\algo.dll
2016-08-16 08:41 - 2016-08-16 08:41 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2015-11-03 18:24 - 2016-07-28 09:51 - 00172200 _____ () c:\program files (x86)\ostotosoft\drivertalent\ldrvsvc.dll
2015-11-03 18:24 - 2015-12-16 10:45 - 00186640 _____ () c:\program files (x86)\ostotosoft\drivertalent\CrashCatch.dll
2015-11-03 18:24 - 2015-10-23 08:34 - 00254824 _____ () c:\program files (x86)\ostotosoft\drivertalent\updater\checkupdate.dll
2015-11-03 18:24 - 2016-07-28 09:51 - 00174760 _____ () c:\program files (x86)\ostotosoft\drivertalent\substat.dll
2015-11-03 18:24 - 2015-10-23 08:34 - 00103776 _____ () c:\program files (x86)\ostotosoft\drivertalent\dstudp.dll
2015-11-03 18:24 - 2015-10-23 08:34 - 00117088 _____ () c:\program files (x86)\ostotosoft\drivertalent\udp.dll
2016-07-31 14:54 - 2016-07-31 14:54 - 00073216 _____ () C:\Program Files (x86)\Garmin\Device Interaction Service\FixBootSector.dll
2014-06-03 21:01 - 2014-06-03 21:01 - 00018992 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDColorEnhance.dll
2014-06-03 21:01 - 2014-06-03 21:01 - 00117248 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2014-06-03 21:01 - 2014-06-03 21:01 - 00037936 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2014-06-03 21:01 - 2014-06-03 21:01 - 00020528 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDRegammaAndGamut.dll
2015-07-24 23:01 - 2015-08-27 01:37 - 00011896 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-07-01 15:15 - 2016-07-01 15:15 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-11-03 18:24 - 2016-07-28 09:51 - 00174760 _____ () C:\Program Files (x86)\OSTotoSoft\DriverTalent\substat.dll
2016-05-20 09:55 - 2016-06-20 14:51 - 01506304 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\DAQExp.dll
2016-05-20 09:55 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\CBSCreateVC.dll
2015-01-27 20:48 - 2013-10-23 14:44 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2013-04-27 10:24 - 2013-04-27 10:24 - 00071680 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\checkmetro.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-08-14 10:07 - 2016-08-15 18:33 - 00001444 ____A C:\WINDOWS\system32\Drivers\etc\hosts

107.178.255.88 www.google-analytics.com
107.178.255.88 www.statcounter.com
107.178.255.88 statcounter.com
107.178.255.88 ssl.google-analytics.com
107.178.255.88 partner.googleadservices.com
107.178.255.88 google-analytics.com
107.178.248.130 static.doubleclick.net
107.178.247.130 connect.facebook.net
107.178.255.88 www.google-analytics.com
107.178.255.88 www.statcounter.com
107.178.255.88 statcounter.com
107.178.255.88 ssl.google-analytics.com
107.178.255.88 partner.googleadservices.com
107.178.255.88 google-analytics.com
107.178.248.130 static.doubleclick.net
107.178.247.130 connect.facebook.net

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1510182464-20956567-2200914830-1001\Control Panel\Desktop\\Wallpaper -> D:\Downloads\love_abstract_design-1920x1080.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "MMReminderService"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Aimersoft Helper Compact.exe"
HKU\S-1-5-21-1510182464-20956567-2200914830-1001\...\StartupApproved\Run: => "GarminExpressTrayApp"
HKU\S-1-5-21-1510182464-20956567-2200914830-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1510182464-20956567-2200914830-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1510182464-20956567-2200914830-1001\...\StartupApproved\Run: => "Steam"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{D67AADAC-82B3-4CB2-9211-92215E5B155A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [UDP Query User{E51C986E-853E-4433-8875-BC5BD5402568}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Allow) C:\program files (x86)\secondlifeviewer\slvoice.exe
FirewallRules: [TCP Query User{1BD8CAFE-1660-4083-ABFA-9633382D24F5}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Allow) C:\program files (x86)\secondlifeviewer\slvoice.exe
FirewallRules: [UDP Query User{41ECEBF0-E65E-4887-B057-C0294FE74D0A}D:\r.g. catalyst\borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe] => (Allow) D:\r.g. catalyst\borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [TCP Query User{1A6C3D8D-55BE-42A3-86A8-BFEEC87FE565}D:\r.g. catalyst\borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe] => (Allow) D:\r.g. catalyst\borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [UDP Query User{7C9FEA82-D8AB-4493-8A1B-5D19D7911BCC}D:\r.g. catalyst\borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe] => (Block) D:\r.g. catalyst\borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [TCP Query User{265A74BC-B72A-48B6-86AE-C91BC914C707}D:\r.g. catalyst\borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe] => (Block) D:\r.g. catalyst\borderlands the pre-sequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [UDP Query User{22E769F4-4A5E-478C-B453-746DE27B5DE9}C:\users\steve williams\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\steve williams\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{C1366ACA-965E-4F6D-B58B-105824EE9A6D}C:\users\steve williams\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\steve williams\appdata\roaming\spotify\spotify.exe
FirewallRules: [{67A6B5D8-A4C7-40A8-A3B1-6ABCE7F5C4E6}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DTLService.exe
FirewallRules: [{33A9F9AC-FE62-49E3-BF2F-A0EC7E10A27E}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\download\MiniThunderPlatform.exe
FirewallRules: [{5E530F88-D8DB-45A1-8918-02D169C990F3}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\LDrvSvc.dll
FirewallRules: [{3163A745-B82D-43A5-879E-C3F1B7B311B0}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DriverTalent.exe
FirewallRules: [UDP Query User{65BC2E38-4E7D-441D-8DDF-C1D4240B7422}C:\program files (x86)\mythtv\bin\mythwelcome.exe] => (Allow) C:\program files (x86)\mythtv\bin\mythwelcome.exe
FirewallRules: [TCP Query User{2C425020-F619-44C5-993D-C185CDF56D76}C:\program files (x86)\mythtv\bin\mythwelcome.exe] => (Allow) C:\program files (x86)\mythtv\bin\mythwelcome.exe
FirewallRules: [{32DCC02E-BDFF-4C46-A28C-2425848DEE48}] => (Block) %ProgramFiles%\Adobe\Adobe Audition CC 2015\Adobe Audition CC.exe
FirewallRules: [{857AB4D8-D318-489D-8BF3-E9EFB370D605}] => (Allow) C:\Program Files\CyberLink\PowerDirector14\PDR10.EXE
FirewallRules: [UDP Query User{302C8BE1-EAA7-48E2-B6AB-468E977CC93E}C:\users\steve williams\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\steve williams\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{462A9AB9-DB6C-4C71-A387-3E49819CE21B}C:\users\steve williams\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\steve williams\appdata\roaming\spotify\spotify.exe
FirewallRules: [{94BA5431-B578-4EE8-B851-C6D9DBD63512}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{51A3EDD1-8272-4D42-A454-6C0129C08749}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [UDP Query User{C9F6A7D3-26DD-488C-9F1C-137F345824B1}C:\program files (x86)\r.g. mechanics\alien isolation\ai.exe] => (Block) C:\program files (x86)\r.g. mechanics\alien isolation\ai.exe
FirewallRules: [TCP Query User{C7AB83CB-65DF-4F1B-A0F9-44C22AE3346F}C:\program files (x86)\r.g. mechanics\alien isolation\ai.exe] => (Block) C:\program files (x86)\r.g. mechanics\alien isolation\ai.exe
FirewallRules: [UDP Query User{7853B619-0556-4CEF-89DE-3429DA63D9B7}C:\program files (x86)\r.g. mechanics\alien isolation\ai.exe] => (Allow) C:\program files (x86)\r.g. mechanics\alien isolation\ai.exe
FirewallRules: [TCP Query User{1E75139E-ECE2-4A19-911A-5452AECE63DF}C:\program files (x86)\r.g. mechanics\alien isolation\ai.exe] => (Allow) C:\program files (x86)\r.g. mechanics\alien isolation\ai.exe
FirewallRules: [UDP Query User{F3954AF8-7F64-4973-95DA-D0A0E4DE37DF}C:\program files (x86)\ubisoft\ubisoft game launcher\games\assassin's creed unity\acu.exe] => (Block) C:\program files (x86)\ubisoft\ubisoft game launcher\games\assassin's creed unity\acu.exe
FirewallRules: [TCP Query User{8E510A38-4252-4C80-9FD4-F05FC04B0917}C:\program files (x86)\ubisoft\ubisoft game launcher\games\assassin's creed unity\acu.exe] => (Block) C:\program files (x86)\ubisoft\ubisoft game launcher\games\assassin's creed unity\acu.exe
FirewallRules: [{9EDF7D76-53B0-4664-AE0C-E03F00EDAA95}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{F3B32477-CCB8-48DC-9391-D8023297BC17}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{231E383E-B8E7-41ED-8845-494D3B565400}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{D1930286-C404-41ED-B794-7645E30E6C41}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{C3DC9097-64F9-4A79-9E61-9DD51F7E8745}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{0175297C-C021-4C98-8C83-A388B53B4537}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{346243CD-090E-460A-BFB8-966A02D63D7D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6AF10EA9-F417-419E-9FD3-2D8AEB7DA309}] => (Allow) C:\Windows\system32\ftp.exe
FirewallRules: [{20FD2F54-50B9-4DB0-A308-D67CA278C78D}] => (Allow) C:\Windows\system32\ftp.exe
FirewallRules: [{A0BE35DB-92AB-435A-A469-2C7648E82F12}] => (Allow) C:\Windows\SysWOW64\ftp.exe
FirewallRules: [{4B3F3321-5BA6-4382-B017-B9AE4B0859DB}] => (Allow) C:\Windows\SysWOW64\ftp.exe
FirewallRules: [{B47126A7-9143-4875-801F-2D5649006CD3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{9CCFFA5F-D28B-4694-B3F1-461C2CF52EA2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{756C70FF-D0C3-43E5-B517-1530451B0087}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{1E4E79BE-7080-4278-AAAD-26C0BE806FDD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{6AB956F2-13EC-44D4-81A8-AFBB57309BA0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{DF859D3D-4FDF-4EED-888D-B760EB05CDB7}] => (Block) %ProgramFiles%\Adobe\Adobe Photoshop CC (64 Bit)\Photoshop.exe
FirewallRules: [{5DC8B782-A75D-4CA8-91F5-0C927C0E9E00}] => (Block) %ProgramFiles% (x86)\Adobe\Adobe Photoshop CC\Photoshop.exe
FirewallRules: [{AF12AF60-F5F2-4274-A60B-B81C65E88894}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{90510E54-A1EB-4323-9944-D96642E904D6}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{BD0DB9F8-1147-436B-AEB5-CE40C4CDA315}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{9CE943D1-DF1A-48B2-A784-C9DB98BD55DE}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{90431775-2B15-4D12-833C-04263A3AD113}] => (Allow) C:\Program Files (x86)\SmartView2\Smart View 2.0.exe
FirewallRules: [{2EB85F25-957E-41FE-83A6-EA638526EC68}] => (Allow) C:\Program Files (x86)\SmartView2\Smart View 2.0.exe
FirewallRules: [{72518F8E-DAA5-4349-8B45-F6C39597EBB3}] => (Allow) C:\Program Files (x86)\SmartView2\Smart View 2.0.exe
FirewallRules: [{36B2B5A2-8C52-4996-A012-B833FC79D427}] => (Allow) C:\Program Files (x86)\SmartView2\Smart View 2.0.exe
FirewallRules: [{55CEDC3B-8509-4A7C-8152-BB16F144FD82}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{95E9A819-9521-4693-AA54-5C276A777843}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{AA91916A-C515-42C4-9CC5-0B9840E705C6}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{ECFB5594-79F0-46CA-B1DF-E93DC4692D5F}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{3C18F63A-B12A-4F67-8979-9CD2ABD8A454}] => (Allow) C:\WINDOWS\system32\ftp.exe
FirewallRules: [{3FA1FD4A-D219-4D3C-87E6-609C4432FE0B}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{428194B3-A7E7-44F9-90EC-2952A78558A1}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{49B58926-D90E-4BE2-B40D-73DEF62F5ED6}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{02000DD5-D84B-4083-8B2B-1511544C35EF}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{8E166083-34C6-4EA7-B284-612353FE1940}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{A4793236-8AEF-4C19-A1E5-E2B7A1F3E695}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{BDB8395C-8FF3-49D3-BA73-8E1D4E09217A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{424B6FEB-AF33-4204-8291-5ABF0F2C09B2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A80E26E2-9ECD-44AB-A5D9-DC45D5BCD166}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9DF9BE0A-9C83-4A6A-BECB-FA9DAB41C726}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{27B9D8B5-EFFA-43B0-BDA0-E81AE809254A}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{BE6AF9BF-2E02-43FA-AA75-CEA47E32BC93}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [TCP Query User{5DF98C3E-7684-4A1E-847C-62293C9C8B2C}F:\f.e.a.r. 3\f.e.a.r. 3.exe] => (Block) F:\f.e.a.r. 3\f.e.a.r. 3.exe
FirewallRules: [UDP Query User{FFDB04B9-14A2-4B07-8DD1-8A79E85E89F2}F:\f.e.a.r. 3\f.e.a.r. 3.exe] => (Block) F:\f.e.a.r. 3\f.e.a.r. 3.exe
FirewallRules: [TCP Query User{E6337D69-FAF8-4422-976F-BDB52F2E2791}F:\f.e.a.r. 3\f.e.a.r. 3.exe] => (Block) F:\f.e.a.r. 3\f.e.a.r. 3.exe
FirewallRules: [UDP Query User{ABB3F8A7-190A-42EE-BC09-BF1B5DC1F80E}F:\f.e.a.r. 3\f.e.a.r. 3.exe] => (Block) F:\f.e.a.r. 3\f.e.a.r. 3.exe
FirewallRules: [{95101846-1719-4280-ABFE-30331A35853B}] => (Block) F:\SUPERHOT\SUPERHOT.exe
FirewallRules: [TCP Query User{6F35B1F3-4EC8-45D6-B061-53E79173126B}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Allow) C:\program files (x86)\qbittorrent\qbittorrent.exe
FirewallRules: [UDP Query User{7490EA0F-6813-40D8-A86B-4143FA721BF2}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Allow) C:\program files (x86)\qbittorrent\qbittorrent.exe
FirewallRules: [{A20162BA-6395-4617-9494-241EC4E5F990}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{D1D52609-332F-43CC-8322-3144FD77311D}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{2F78A8EC-B13B-4822-98FF-ED308F3F3DC6}] => (Allow) C:\Users\Steve Williams\AppData\Local\Temp\NEWFM91I7R\chromedriver.exe

==================== Restore Points =========================

03-08-2016 07:21:13 Garmin Express
10-08-2016 14:19:40 Windows Update
15-08-2016 18:54:26 zoek.exe restore point

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/16/2016 10:18:45 AM) (Source: IntelDalJhi) (EventID: 11) (User: )
Description: Intel(R) Dynamic Application Loader Host Interface Service has encountered an internal connection problem.

Error: (08/16/2016 10:04:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SkypeHost.exe, version: 10.1.2123.36, time stamp: 0x56eb679c
Faulting module name: SkyWrap.dll, version: 10.1.2123.36, time stamp: 0x56eb6787
Exception code: 0xc0000005
Fault offset: 0x001f5f47
Faulting process ID: 0x900
Faulting application start time: 0xSkypeHost.exe0
Faulting application path: SkypeHost.exe1
Faulting module path: SkypeHost.exe2
Report ID: SkypeHost.exe3
Faulting package full name: SkypeHost.exe4
Faulting package-relative application ID: SkypeHost.exe5

Error: (08/16/2016 09:48:40 AM) (Source: IntelDalJhi) (EventID: 11) (User: )
Description: Intel(R) Dynamic Application Loader Host Interface Service has encountered an internal connection problem.

Error: (08/16/2016 09:47:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AutoKMS.exe, version: 2.5.0.0, time stamp: 0x52ea7aea
Faulting module name: KERNELBASE.dll, version: 10.0.10586.494, time stamp: 0x5775e4c5
Exception code: 0xe0434352
Fault offset: 0x0000000000071f28
Faulting process ID: 0x6dc
Faulting application start time: 0xAutoKMS.exe0
Faulting application path: AutoKMS.exe1
Faulting module path: AutoKMS.exe2
Report ID: AutoKMS.exe3
Faulting package full name: AutoKMS.exe4
Faulting package-relative application ID: AutoKMS.exe5

Error: (08/16/2016 09:47:39 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: AutoKMS.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.IOException
   at  . . (System.String)
   at  . . ()
   at  . . ( . , System.String, Boolean, System.String, Int32, System.String, System.String, Boolean, Boolean, Boolean, Boolean, Boolean, Boolean, System.String, System.String)
   at  . . (Int32, System.String, System.String, System.String, Boolean, Boolean, Boolean,  . , Boolean, Boolean, System.String, Boolean, Boolean, System.String)
   at  . . ( . )
   at  . . ()

Error: (08/16/2016 09:40:24 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: MSDTC4

Error: (08/16/2016 09:24:08 AM) (Source: IntelDalJhi) (EventID: 11) (User: )
Description: Intel(R) Dynamic Application Loader Host Interface Service has encountered an internal connection problem.

Error: (08/16/2016 09:20:50 AM) (Source: IntelDalJhi) (EventID: 11) (User: )
Description: Intel(R) Dynamic Application Loader Host Interface Service has encountered an internal connection problem.

Error: (08/16/2016 08:44:50 AM) (Source: IntelDalJhi) (EventID: 11) (User: )
Description: Intel(R) Dynamic Application Loader Host Interface Service has encountered an internal connection problem.

Error: (08/16/2016 01:50:14 AM) (Source: IntelDalJhi) (EventID: 11) (User: )
Description: Intel(R) Dynamic Application Loader Host Interface Service has encountered an internal connection problem.


System errors:
=============
Error: (08/16/2016 12:20:23 PM) (Source: DCOM) (EventID: 10010) (User: KickassSW)
Description: {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}

Error: (08/16/2016 11:09:15 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {F3B4E234-7A68-4E43-B813-E4BA55A065F6}

Error: (08/16/2016 10:53:59 AM) (Source: DCOM) (EventID: 10010) (User: KickassSW)
Description: {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}

Error: (08/16/2016 10:53:29 AM) (Source: DCOM) (EventID: 10010) (User: KickassSW)
Description: {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}

Error: (08/16/2016 10:20:00 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

Error: (08/16/2016 10:15:57 AM) (Source: DCOM) (EventID: 10010) (User: KickassSW)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (08/16/2016 10:15:57 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_622df service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (08/16/2016 10:12:21 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {F3B4E234-7A68-4E43-B813-E4BA55A065F6}

Error: (08/16/2016 10:05:00 AM) (Source: DCOM) (EventID: 10010) (User: KickassSW)
Description: {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}

Error: (08/16/2016 10:04:43 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
%%1056 = An instance of the service is already running.


CodeIntegrity:
===================================
  Date: 2016-08-10 20:17:01.234
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-10 14:51:21.168
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-13 03:42:35.038
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-13 03:32:03.155
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-11 12:18:39.413
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-20 13:39:40.193
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Steve Williams\AppData\Local\Temp\ASC-27A9098D\setup32\vfdriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-06-20 06:53:44.602
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-18 02:23:51.461
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-15 23:00:43.284
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-15 12:57:02.041
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz
Percentage of memory in use: 14%
Total physical RAM: 24525.09 MB
Available physical RAM: 20929.47 MB
Total Virtual: 50125.09 MB
Available Virtual: 46801.48 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:167.8 GB) (Free:22.09 GB) NTFS
Drive d: (OS Data) (Fixed) (Total:58 GB) (Free:22.14 GB) NTFS
Drive e: (Docs) (Fixed) (Total:97.66 GB) (Free:49.54 GB) NTFS
Drive f: (Torrents) (Fixed) (Total:833.86 GB) (Free:88.26 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 3F8EFAAF)

Partition: GPT.

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 4737057D)

Partition: GPT.

==================== End of Addition.txt ============================
 

Help? Please?

Thankyou in advance.

 

Steve

Link to post
Share on other sites

Hello SadruddinW and welcome to Malwarebytes,

Hello and welcome to Malwarebytes,

My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please:

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Run FRST one more time:

Type the following in the edit box after "Search:".

dnsapi.dll

Click Search button and post the log (Search.txt) it makes to your reply.
 
Thank you,
 
Kevin...
Link to post
Share on other sites

Hi Kev

 

I think I did this correctly.

Loaded as admin.

Waited for db search to complete.

Put dnsapi.dll in the Search box

Clicked Search Files

Hope that's right.

 

Got this in Search.txt:

Farbar Recovery Scan Tool (x64) Version: 15-08-2016 01
Ran by Steve Williams (16-08-2016 16:52:07)
Running from D:\Desktop
Boot Mode: Normal

================== Search Files: "dnsapi.dll" =============

C:\Windows\WinSxS\wow64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_10.0.10586.212_none_0d0987cfb6756063\dnsapi.dll
[2016-04-13 07:44][2016-03-29 10:28] 0535080 ____A (Microsoft Corporation) 6A7ACABAE92C837F5C1330188EAE36AE [File is digitally signed]

C:\Windows\WinSxS\wow64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_10.0.10586.0_none_2c65f66b01dd8f12\dnsapi.dll
[2015-10-30 08:18][2016-07-22 14:51] 0017780 ____A () 4C8C167B131EBE7A4D94504F82DAD316 [File not signed]

C:\Windows\WinSxS\amd64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_10.0.10586.212_none_02b4dd7d82149e68\dnsapi.dll
[2016-04-13 07:44][2016-03-29 11:11] 0686976 ____A (Microsoft Corporation) 9A3E17CDB177913C2A111C80F3D0DBB4 [File is digitally signed]

C:\Windows\WinSxS\amd64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_10.0.10586.0_none_22114c18cd7ccd17\dnsapi.dll
[2015-10-30 08:18][2016-06-08 22:47] 0010782 ____A () E4E48EFBCF7DF993A1377CB0518411BC [File not signed]

C:\Windows\SysWOW64\dnsapi.dll
[2016-04-13 07:44][2016-04-13 07:44] 0535080 ____A () D41D8CD98F00B204E9800998ECF8427E [File not signed]

C:\Windows\System32\dnsapi.dll
[2016-04-13 07:44][2016-04-13 07:44] 0686976 ____N (Microsoft Corporation) C820B156EABF59C22ACDDD0F41D1459C [File not signed]

====== End of Search ======
 

Thanks

Link to post
Share on other sites

Thanks for the log, continue as follows:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Please open Malwarebytes Anti-Malware.
 
  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the Scan is complete Apply Actions to any found entries.
  • Wait for the prompt to restart the computer to appear (if applicable), then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.


To get the log from Malwarebytes do the following:
 
  • Click on the History tab > Application Logs.
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
    XML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Next,

Download AdwCleaner by Xplode onto your Desktop.
 
  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...


Next,

Download Sophos Free Virus Removal Tool and save it to your desktop.
 
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found please confirm that result....


Next,

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs. "FRST.txt" and "Addition.txt"

Let me see those logs, also tell me if you have any remaining issues or concerns...

Thank you,

Kevin

Fixlist.txt

Link to post
Share on other sites

Hi Kevin.

That was a monster overnight session, especially Sophos.

Now all seems good, MBAM working fine, and browsers fixed.

Now to the logs......

FRST Fixlog:

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-08-2016 01
Ran by Steve Williams (16-08-2016 23:32:10) Run:1
Running from D:\Desktop
Loaded Profiles: Steve Williams (Available Profiles: Steve Williams)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
Replace: C:\Windows\WinSxS\wow64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_10.0.10586.212_none_0d0987cfb6756063\dnsapi.dll C:\Windows\SysWOW64\dnsapi.dll
Replace: C:\Windows\WinSxS\amd64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_10.0.10586.212_none_02b4dd7d82149e68\dnsapi.dll C:\Windows\System32\dnsapi.dll
HKLM-x32\...\Run: [win_en_77] => "C:\Program Files (x86)\win_en_77\win_en_77.exe"
C:\Program Files (x86)\win_en_77
C:\Users\Steve Williams\AppData\Local\Temp\libeay32.dll
C:\Users\Steve Williams\AppData\Local\Temp\msvcr120.dll
C:\Users\Steve Williams\AppData\Local\Temp\sqlite3.dll 
Task: C:\WINDOWS\Tasks\PremiumScanner.job => c:\programdata\{92a3f385-6452-5a84-92a3-3f385645ce15}\sevensetup.exe <==== ATTENTION 
c:\programdata\{92a3f385-6452-5a84-92a3-3f385645ce15}\sevensetup.exe
c:\programdata\{92a3f385-6452-5a84-92a3-3f385645ce15}
RemoveProxy:
Hosts:
CMD: ipconfig /flushdns
EmptyTemp:
end

*****************

Restore point was successfully created.
Processes closed successfully.
C:\Windows\SysWOW64\dnsapi.dll => moved successfully
C:\Windows\WinSxS\wow64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_10.0.10586.212_none_0d0987cfb6756063\dnsapi.dll copied successfully to C:\Windows\SysWOW64\dnsapi.dll
C:\Windows\System32\dnsapi.dll => moved successfully
C:\Windows\WinSxS\amd64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_10.0.10586.212_none_02b4dd7d82149e68\dnsapi.dll copied successfully to C:\Windows\System32\dnsapi.dll
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\win_en_77 => value removed successfully
"C:\Program Files (x86)\win_en_77" => not found.
C:\Users\Steve Williams\AppData\Local\Temp\libeay32.dll => moved successfully
C:\Users\Steve Williams\AppData\Local\Temp\msvcr120.dll => moved successfully
C:\Users\Steve Williams\AppData\Local\Temp\sqlite3.dll => moved successfully
C:\WINDOWS\Tasks\PremiumScanner.job => moved successfully
"c:\programdata\{92a3f385-6452-5a84-92a3-3f385645ce15}\sevensetup.exe" => not found.
"c:\programdata\{92a3f385-6452-5a84-92a3-3f385645ce15}" => not found.

========= RemoveProxy: =========

HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1510182464-20956567-2200914830-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1510182464-20956567-2200914830-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 41474063 B
Java, Flash, Steam htmlcache => 27688548 B
Windows/system/drivers => 1918991 B
Edge => 1343137 B
Chrome => 343962700 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 245222 B
NetworkService => 0 B
Steve Williams => 14515265 B

RecycleBin => 0 B
EmptyTemp: => 411.2 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 23:32:42 ====
 

Malwarebytes Antimalware:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 16/08/2016
Scan Time: 23:38
Logfile: MBAMSCan.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.08.16.11
Rootkit Database: v2016.08.15.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Steve Williams

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 365350
Time Elapsed: 7 min, 26 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.Tuto4PC, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\win_en_77_is1, Quarantined, [4685aaa1b4e6cd69242fc12f49ba33cd], 

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 4
PUP.Optional.VBates.BrwsrFlsh, C:\Program Files\Yhid, Quarantined, [8645014ad3c73ff76fca544928dc3bc5], 
PUP.Optional.VBates.BrwsrFlsh, C:\Program Files\Yhid\libraries, Quarantined, [8645014ad3c73ff76fca544928dc3bc5], 
PUP.Optional.VBates.BrwsrFlsh, C:\Program Files\Yhid\nss, Quarantined, [8645014ad3c73ff76fca544928dc3bc5], 
PUP.Optional.VBates.BrwsrFlsh, C:\Program Files\Yhid\resources, Quarantined, [8645014ad3c73ff76fca544928dc3bc5], 

Files: 23
PUP.Optional.ProntSpooler, C:\Users\Steve Williams\AppData\Local\Apps\2.0\abril.stt, Quarantined, [9833d7741b7f6dc90f7f9365798a2dd3], 
PUP.Optional.VBates.BrwsrFlsh, C:\Program Files\Yhid\tree.js, Quarantined, [8645014ad3c73ff76fca544928dc3bc5], 
PUP.Optional.VBates.BrwsrFlsh, C:\Program Files\Yhid\config.js, Quarantined, [8645014ad3c73ff76fca544928dc3bc5], 
PUP.Optional.VBates.BrwsrFlsh, C:\Program Files\Yhid\Imoz.dat, Quarantined, [8645014ad3c73ff76fca544928dc3bc5], 
PUP.Optional.VBates.BrwsrFlsh, C:\Program Files\Yhid\Lijgajkemc.dat, Quarantined, [8645014ad3c73ff76fca544928dc3bc5], 
PUP.Optional.VBates.BrwsrFlsh, C:\Program Files\Yhid\Sastigpaelbayau.dat, Quarantined, [8645014ad3c73ff76fca544928dc3bc5], 
PUP.Optional.VBates.BrwsrFlsh, C:\Program Files\Yhid\setup.ico, Quarantined, [8645014ad3c73ff76fca544928dc3bc5], 
PUP.Optional.VBates.BrwsrFlsh, C:\Program Files\Yhid\Tiam.dat, Quarantined, [8645014ad3c73ff76fca544928dc3bc5], 
PUP.Optional.VBates.BrwsrFlsh, C:\Program Files\Yhid\wlist.js, Quarantined, [8645014ad3c73ff76fca544928dc3bc5], 
PUP.Optional.VBates.BrwsrFlsh, C:\Program Files\Yhid\libraries\DataExchangeScript.js, Quarantined, [8645014ad3c73ff76fca544928dc3bc5], 
PUP.Optional.VBates.BrwsrFlsh, C:\Program Files\Yhid\nss\certutil.exe, Quarantined, [8645014ad3c73ff76fca544928dc3bc5], 
PUP.Optional.VBates.BrwsrFlsh, C:\Program Files\Yhid\nss\mozcrt19.dll, Quarantined, [8645014ad3c73ff76fca544928dc3bc5], 
PUP.Optional.VBates.BrwsrFlsh, C:\Program Files\Yhid\nss\nspr4.dll, Quarantined, [8645014ad3c73ff76fca544928dc3bc5], 
PUP.Optional.VBates.BrwsrFlsh, C:\Program Files\Yhid\nss\nss3.dll, Quarantined, [8645014ad3c73ff76fca544928dc3bc5], 
PUP.Optional.VBates.BrwsrFlsh, C:\Program Files\Yhid\nss\plc4.dll, Quarantined, [8645014ad3c73ff76fca544928dc3bc5], 
PUP.Optional.VBates.BrwsrFlsh, C:\Program Files\Yhid\nss\plds4.dll, Quarantined, [8645014ad3c73ff76fca544928dc3bc5], 
PUP.Optional.VBates.BrwsrFlsh, C:\Program Files\Yhid\nss\smime3.dll, Quarantined, [8645014ad3c73ff76fca544928dc3bc5], 
PUP.Optional.VBates.BrwsrFlsh, C:\Program Files\Yhid\nss\softokn3.dll, Quarantined, [8645014ad3c73ff76fca544928dc3bc5], 
PUP.Optional.VBates.BrwsrFlsh, C:\Program Files\Yhid\resources\config.js, Quarantined, [8645014ad3c73ff76fca544928dc3bc5], 
PUP.Optional.VBates.BrwsrFlsh, C:\Program Files\Yhid\resources\LocalScript.js, Quarantined, [8645014ad3c73ff76fca544928dc3bc5], 
PUP.Optional.VBates.BrwsrFlsh, C:\Program Files\Yhid\resources\uninstall.html, Quarantined, [8645014ad3c73ff76fca544928dc3bc5], 
PUP.Optional.VBates.BrwsrFlsh, C:\Program Files\Yhid\resources\wlist.js, Quarantined, [8645014ad3c73ff76fca544928dc3bc5], 
PUP.Optional.HijackHosts.Gen, C:\Windows\System32\gie\redx\dodf.dat, Quarantined, [d1fabb90c8d280b617d23366d92be41c], 

Physical Sectors: 0
(No malicious items detected)


(end)
 

 

ADWCleaner found and cleaned one problem:

# AdwCleaner v6.000 - Logfile created 16/08/2016 at 23:51:37
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-08-16.1 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : Steve Williams - KICKASSSW
# Running from : D:\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

[#] Value deleted on reboot: HKLM\SOFTWARE\Google\Chrome\Extensions\npdicihegicnhaangkdmcgbjceoemeoo []


***** [ Web browsers ] *****

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [8060 Bytes] - [15/08/2016 19:20:52]
C:\AdwCleaner\AdwCleaner[C2].txt - [1783 Bytes] - [16/08/2016 09:17:24]
C:\AdwCleaner\AdwCleaner[C3].txt - [1929 Bytes] - [16/08/2016 09:21:06]
C:\AdwCleaner\AdwCleaner[C4].txt - [2076 Bytes] - [16/08/2016 09:23:51]
C:\AdwCleaner\AdwCleaner[C5].txt - [2295 Bytes] - [16/08/2016 10:04:23]
C:\AdwCleaner\AdwCleaner[C6].txt - [1198 Bytes] - [16/08/2016 23:51:37]
C:\AdwCleaner\AdwCleaner[R1].txt - [7343 Bytes] - [27/07/2015 00:14:13]
C:\AdwCleaner\AdwCleaner[R2].txt - [839 Bytes] - [27/07/2015 10:13:42]
C:\AdwCleaner\AdwCleaner[R3].txt - [954 Bytes] - [27/07/2015 15:59:27]
C:\AdwCleaner\AdwCleaner[R4].txt - [3328 Bytes] - [31/07/2015 07:50:35]
C:\AdwCleaner\AdwCleaner[R5].txt - [3255 Bytes] - [03/08/2015 09:57:23]
C:\AdwCleaner\AdwCleaner[S0].txt - [6899 Bytes] - [27/07/2015 00:17:44]
C:\AdwCleaner\AdwCleaner[S1].txt - [902 Bytes] - [27/07/2015 10:14:29]
C:\AdwCleaner\AdwCleaner[S2].txt - [3315 Bytes] - [03/08/2015 10:06:59]
C:\AdwCleaner\AdwCleaner[S3].txt - [8094 Bytes] - [15/08/2016 19:19:25]
C:\AdwCleaner\AdwCleaner[S4].txt - [1924 Bytes] - [16/08/2016 09:16:17]
C:\AdwCleaner\AdwCleaner[S5].txt - [2070 Bytes] - [16/08/2016 09:20:21]
C:\AdwCleaner\AdwCleaner[S6].txt - [2216 Bytes] - [16/08/2016 09:23:23]
C:\AdwCleaner\AdwCleaner[S7].txt - [2362 Bytes] - [16/08/2016 09:48:43]
C:\AdwCleaner\AdwCleaner[S8].txt - [2435 Bytes] - [16/08/2016 10:02:58]
C:\AdwCleaner\AdwCleaner[S9].txt - [2556 Bytes] - [16/08/2016 23:51:13]

########## EOF - C:\AdwCleaner\AdwCleaner[C6].txt - [2363 Bytes] ##########
 

 

And Sophos also found just one error:

2016-08-16 22:54:22.100    Sophos Virus Removal Tool version 2.5.6
2016-08-16 22:54:22.100    Copyright (c) 2009-2016 Sophos Limited. All rights reserved.

2016-08-16 22:54:22.100    This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2016-08-16 22:54:22.100    Windows version 6.2 SP 0.0  build 9200 SM=0x300 PT=0x1 WOW64
2016-08-16 22:54:22.100    Checking for updates...
2016-08-16 22:54:22.163    Update progress: proxy server not available
2016-08-16 22:54:29.226    Option all = no
2016-08-16 22:54:29.226    Option recurse = yes
2016-08-16 22:54:29.226    Option archive = no
2016-08-16 22:54:29.226    Option service = yes
2016-08-16 22:54:29.226    Option confirm = yes
2016-08-16 22:54:29.226    Option sxl = yes
2016-08-16 22:54:29.226    Option max-data-age = 35
2016-08-16 22:54:29.226    Option vdl-logging = yes
2016-08-16 22:54:29.226    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2016-08-16 22:54:29.226    Machine ID:    096c4e16052c489392014157c481ce26
2016-08-16 22:54:29.226    Component SVRTcli.exe version 2.5.6
2016-08-16 22:54:29.226    Component control.dll version 2.5.6
2016-08-16 22:54:29.226    Component SVRTservice.exe version 2.5.6
2016-08-16 22:54:29.226    Component engine\osdp.dll version 1.44.1.2252
2016-08-16 22:54:29.226    Component engine\veex.dll version 3.65.2.2252
2016-08-16 22:54:29.226    Component engine\savi.dll version 9.0.1.2252
2016-08-16 22:54:29.226    Component rkdisk.dll version 1.5.30.0
2016-08-16 22:54:29.226    Version info:    Product version    2.5.6
2016-08-16 22:54:29.226    Version info:    Detection engine    3.65.2
2016-08-16 22:54:29.226    Version info:    Detection data    5.30
2016-08-16 22:54:29.226    Version info:    Build date    09/08/2016
2016-08-16 22:54:29.226    Version info:    Data files added    182
2016-08-16 22:54:29.226    Version info:    Last successful update    (not yet updated)
2016-08-16 22:55:08.231    Downloading updates...
2016-08-16 22:55:08.231    Update progress: [I96736] sdds.svrt_10: adding primary package C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED baseVersion=1
2016-08-16 22:55:08.231    Update progress: [I95020] sdds.svrt_10: looking for packages included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2016-08-16 22:55:08.231    Update progress: [I22529] sdds.svrt_10: looking for supplements included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2016-08-16 22:55:08.231    Update progress: [I49502] sdds.savi0910.xml: found supplement SAVIW32 LATEST path= baseVersion= [included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=]
2016-08-16 22:55:08.231    Update progress: [I95020] sdds.savi0910.xml: looking for packages included from product SAVIW32 LATEST path=
2016-08-16 22:55:08.231    Update progress: [I22529] sdds.savi0910.xml: looking for supplements included from product SAVIW32 LATEST path=
2016-08-16 22:55:08.231    Update progress: [I49502] sdds.data0910.xml: found supplement IDE531 LATEST path= baseVersion= [included from product SAVIW32 LATEST path=]
2016-08-16 22:55:08.231    Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE531 LATEST path=
2016-08-16 22:55:08.231    Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE531 LATEST path=
2016-08-16 22:55:08.231    Update progress: [I49502] sdds.data0910.xml: found supplement IDE532 LATEST path= baseVersion= [included from product IDE531 LATEST path=]
2016-08-16 22:55:08.231    Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE532 LATEST path=
2016-08-16 22:55:08.231    Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE532 LATEST path=
2016-08-16 22:55:08.231    Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2016-08-16 22:55:08.325    Update progress: [I19463] Syncing product SAVIW32 LATEST path=
2016-08-16 22:55:08.325    Update progress: [I19463] Product download size 149796374 bytes
2016-08-16 22:55:10.263    Update progress: [I19463] Syncing product IDE531 LATEST path=
2016-08-16 22:55:10.278    Update progress: [I19463] Product download size 2071874 bytes
2016-08-16 22:55:10.434    Update progress: [I19463] Syncing product IDE532 LATEST path=
2016-08-16 22:55:10.434    Update progress: [I19463] Product download size 504339 bytes
2016-08-16 22:55:10.528    Installing updates...
2016-08-16 22:55:11.153    Error level 1
2016-08-16 22:55:12.872    Update successful
2016-08-16 22:55:18.670    Option all = no
2016-08-16 22:55:18.670    Option recurse = yes
2016-08-16 22:55:18.670    Option archive = no
2016-08-16 22:55:18.670    Option service = yes
2016-08-16 22:55:18.670    Option confirm = yes
2016-08-16 22:55:18.670    Option sxl = yes
2016-08-16 22:55:18.670    Option max-data-age = 35
2016-08-16 22:55:18.670    Option vdl-logging = yes
2016-08-16 22:55:18.670    Customer ID:    094260ca9b3af99f9d4a3909fc47a743
2016-08-16 22:55:18.670    Machine ID:    096c4e16052c489392014157c481ce26
2016-08-16 22:55:18.670    Component SVRTcli.exe version 2.5.6
2016-08-16 22:55:18.670    Component control.dll version 2.5.6
2016-08-16 22:55:18.670    Component SVRTservice.exe version 2.5.6
2016-08-16 22:55:18.670    Component engine\osdp.dll version 1.44.1.2252
2016-08-16 22:55:18.670    Component engine\veex.dll version 3.65.2.2252
2016-08-16 22:55:18.670    Component engine\savi.dll version 9.0.1.2252
2016-08-16 22:55:18.670    Component rkdisk.dll version 1.5.30.0
2016-08-16 22:55:18.670    Version info:    Product version    2.5.6
2016-08-16 22:55:18.670    Version info:    Detection engine    3.65.2
2016-08-16 22:55:18.670    Version info:    Detection data    5.30
2016-08-16 22:55:18.670    Version info:    Build date    09/08/2016
2016-08-16 22:55:18.670    Version info:    Data files added    184
2016-08-16 22:55:18.670    Version info:    Last successful update    16/08/2016 23:55:12

2016-08-16 23:02:45.246    Could not open C:\hiberfil.sys
2016-08-16 23:02:47.043    Could not open C:\pagefile.sys
2016-08-16 23:10:51.673    Could not open C:\swapfile.sys
2016-08-16 23:10:51.704    Could not open C:\System Volume Information\{1af84322-5e38-11e6-82e2-5cc5d48c3eac}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-08-16 23:10:51.704    Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-08-16 23:10:51.704    Could not open C:\System Volume Information\{5e7615c4-63df-11e6-82ee-5cc5d48c3eac}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-08-16 23:10:51.704    Could not open C:\System Volume Information\{9d41bbc9-5750-11e6-82e1-5cc5d48c3eac}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-08-16 23:10:51.704    Could not open C:\System Volume Information\{dd9c18d2-630f-11e6-82e5-5cc5d48c3eac}{3808876b-c176-4e48-b7ae-04046e6cc752}
2016-08-16 23:13:39.329    Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2016-08-16 23:13:39.329    Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2016-08-16 23:13:40.517    Could not open C:\Windows\System32\config\BBI
2016-08-16 23:13:40.532    Could not open C:\Windows\System32\config\RegBack\DEFAULT
2016-08-16 23:13:40.532    Could not open C:\Windows\System32\config\RegBack\SAM
2016-08-16 23:13:40.532    Could not open C:\Windows\System32\config\RegBack\SECURITY
2016-08-16 23:13:40.532    Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2016-08-16 23:13:40.532    Could not open C:\Windows\System32\config\RegBack\SYSTEM
2016-08-16 23:21:07.403    Password protected file F:\iStorage HDD\VIG work\27th March meeting LH.docx
2016-08-16 23:23:20.377    >>> Virus 'Mal/Generic-S' found in file F:\Utorcomplete\Nuance Dragon NaturallySpeaking 13.00.000.525 Premium-[FirstUploads]\Setup\setup.exe
2016-08-16 23:25:45.704    Could not open LOGICAL:0006:00000000
2016-08-16 23:25:45.720    Could not open G:\
2016-08-16 23:25:45.813    The following items will be cleaned up:
2016-08-16 23:25:45.813    Mal/Generic-S
 

As I say, looking good. Son banned from my essential laptop. If I get any probs in the next couple of days I'll report back.

Thanks so much for the support. Amazing.

Is tgat it for now, or is there anything else I need to do.

Yours (a very happy) Steve

Link to post
Share on other sites

Yes one more move, clean up tools etc.

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:


  •    
  • Remove disinfection tools <----- this will remove tools we have used.
       
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
       
  • Reset system settings   <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection

Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin...  busy.gif

 

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.