Rootkit problems

[12Marko]

I have rootkit infections. Windows 10 64. I was at first able to open in safe mode and download malwarebytes. It found over 300 infections and quarantined. It showed rootkit C:\windows\system32\drivers\msidntfs.sym but it will not remove it. I ran malwarebytes anti rootkit and it also found c:\windows\system32\drivers\rdplrcjd.sym and says they are rootkit agent.PUA. It acts like it is going to clean them up and wants to restart but before it can restart I get the windows stop code.

Now, it will not even let me open in safe mode. I was going to try to reload Windows and start from scratch but it won't even let me do that.

[Aura]

Hi 12Marko

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.

• As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens
• As long as I'm assisting you on Malwarebytes Forums, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you
• The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system
• If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!
• If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
• Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced
• I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against Malwarebytes Forums's rules
• In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process
• I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone
  This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread
  

This being said, it's time to clean-up some malware, so let's get started, shall we?

What error are you getting now when you try to open MBAR?

[12Marko]

I can get it to open and update and run a scan. It finds the rootkit I listed above and asks me to reboot to clean up the infection but before it can do a reboot i get the windows stop code so it won't let mar clean up the infections.

[Aura]

Can you .zip the C:\Windows\Minidump folder, and attach it here?

[12Marko]

Here you go.

minidump.zip

[Aura]

When you run MBAR, how many threats does it detects? Only 2? Also, are both of them .sys files in the C:\Windows\system32\drivers folder?

[12Marko]

Only the two.  Yes

[Aura]

Do you have a USB Flash Drive? If so, how big is it?

[12Marko]

64 gig. I just formatted it

[Aura]

Good, follow the instructions below.

Farbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

• Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located)
• Right-click on the FRST executable and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
• Click on the Fix button
  
• On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad
• Copy and paste its content in your next reply
  

fixlist.txt

[12Marko]

Fix result of Farbar Recovery Scan Tool (x64) Version: 19-09-2017
Ran by benne (19-09-2017 20:43:30) Run:2
Running from G:\
Loaded Profiles: benne (Available Profiles: pmwsm_000 & benne)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CMD: bcdedit.exe /set {default} recoveryenabled yes
CMD: dir C:\Windows\
CMD: dir C:\Windows\system32\drivers
*****************

========= bcdedit.exe /set {default} recoveryenabled yes =========

The operation completed successfully.

========= End of CMD: =========

========= dir C:\Windows\ =========

 Volume in drive C is For Applications
 Volume Serial Number is C8AC-3518

 Directory of C:\Windows

09/19/2017  08:39 PM    <DIR>          .
09/19/2017  08:39 PM    <DIR>          ..
03/18/2017  05:03 PM    <DIR>          addins
09/19/2017  11:55 AM    <DIR>          appcompat
08/09/2017  05:00 AM    <DIR>          AppPatch
09/18/2017  05:00 PM    <DIR>          AppReadiness
03/18/2017  05:03 PM    <DIR>          bcastdvr
07/17/2017  03:12 PM            64,512 bfsvc.exe
03/18/2017  05:03 PM    <DIR>          Boot
03/18/2017  05:03 PM    <DIR>          Branding
09/19/2017  08:40 PM    <DIR>          CbsTemp
03/18/2017  04:59 PM            34,390 Core.xml
03/18/2014  05:24 AM            35,851 CoreConnectedSingleLanguage.xml
08/21/2014  12:20 AM                10 csup.txt
03/18/2017  05:03 PM    <DIR>          Cursors
09/10/2017  04:30 PM    <DIR>          debug
07/17/2017  11:35 AM             7,623 diagerr.xml
03/18/2017  05:03 PM    <DIR>          diagnostics
07/17/2017  11:35 AM             7,623 diagwrn.xml
03/18/2017  10:29 PM    <DIR>          DigitalLocker
03/18/2017  10:29 PM    <DIR>          en-US
06/20/2017  02:04 AM         4,847,424 explorer.exe
03/18/2017  05:03 PM    <DIR>          GameBarPresenceWriter
03/18/2017  05:03 PM    <DIR>          Globalization
07/17/2017  11:18 AM    <DIR>          Help
07/17/2017  03:12 PM           975,360 HelpPane.exe
12/05/2015  01:06 AM    <DIR>          Hewlett-Packard
03/18/2017  04:57 PM            18,432 hh.exe
07/17/2017  11:31 AM    <DIR>          HoloShell
07/10/2017  10:30 AM    <DIR>          HP
10/17/2014  05:11 PM           233,464 hpoins21.dat
10/14/2012  09:59 AM             6,174 hpomdl21.dat
03/18/2017  10:29 PM    <DIR>          IME
08/09/2017  05:00 AM    <DIR>          ImmersiveControlPanel
09/18/2017  09:15 PM    <DIR>          INF
03/18/2017  05:03 PM    <DIR>          InfusedApps
07/17/2017  11:22 AM    <DIR>          InputMethod
03/18/2017  05:03 PM    <DIR>          L2Schemas
07/17/2017  11:22 AM    <DIR>          LiveKernelReports
07/23/2017  10:38 AM    <DIR>          Logs
01/24/2016  08:33 PM    <DIR>          MediaViewer
09/19/2017  08:38 PM       840,082,729 MEMORY.DMP
03/18/2017  04:57 PM            43,131 mib.bin
09/10/2017  04:39 PM    <DIR>          Microsoft.NET
03/18/2017  05:03 PM    <DIR>          Migration
09/19/2017  08:38 PM    <DIR>          Minidump
09/04/2017  06:54 PM    <DIR>          MiracastView
03/18/2017  05:03 PM    <DIR>          ModemLogs
03/18/2017  04:58 PM           246,784 notepad.exe
03/31/2017  10:09 PM             1,951 NvContainerRecovery.bat
03/18/2017  10:30 PM    <DIR>          OCR
03/18/2017  05:03 PM    <DIR>          Offline Web Pages
09/10/2017  04:30 PM    <DIR>          Panther
03/18/2017  05:03 PM    <DIR>          Performance
03/18/2017  05:03 PM    <DIR>          PLA
03/18/2017  10:31 PM    <DIR>          PolicyDefinitions
09/19/2017  08:41 PM    <DIR>          Prefetch
09/04/2017  06:53 PM    <DIR>          PrintDialog
07/17/2017  03:13 PM    <DIR>          Provisioning
09/18/2017  04:52 PM    <DIR>          pss
03/18/2017  04:57 PM           321,024 regedit.exe
07/17/2017  11:31 AM    <DIR>          Registration
08/09/2017  06:08 AM    <DIR>          rescache
03/18/2017  05:03 PM    <DIR>          Resources
09/10/2017  04:06 PM           187,904 rsrcs.dll
03/18/2017  05:03 PM    <DIR>          SchCache
03/18/2017  05:03 PM    <DIR>          schemas
03/18/2017  05:03 PM    <DIR>          security
07/17/2017  11:17 AM    <DIR>          ServiceProfiles
03/18/2017  10:29 PM    <DIR>          servicing
07/17/2017  03:14 PM    <DIR>          Setup
09/19/2017  08:39 PM             1,588 setupact.log
09/19/2017  08:37 PM                 0 setuperr.log
08/09/2017  05:00 AM    <DIR>          ShellExperiences
03/18/2017  10:30 PM    <DIR>          SKB
09/13/2017  06:57 AM    <DIR>          SoftwareDistribution
03/18/2017  05:03 PM    <DIR>          Speech
03/18/2017  05:03 PM    <DIR>          Speech_OneCore
03/18/2017  04:58 PM           130,560 splwow64.exe
03/18/2017  05:03 PM    <DIR>          System
08/22/2013  09:25 AM               219 system.ini
09/19/2017  08:38 PM    <DIR>          System32
03/18/2017  10:31 PM    <DIR>          SystemApps
03/18/2017  10:31 PM    <DIR>          SystemResources
09/12/2017  01:09 PM    <DIR>          SysWOW64
03/18/2017  05:03 PM    <DIR>          TAPI
09/13/2017  01:27 PM    <DIR>          Tasks
09/19/2017  08:43 PM    <DIR>          Temp
11/14/2015  02:42 PM    <DIR>          ToastData
03/18/2017  05:03 PM    <DIR>          tracing
07/17/2017  11:23 AM    <DIR>          twain_32
03/18/2017  04:58 PM            65,536 twain_32.dll
09/07/2017  12:25 PM            39,816 uninstaller.dat
03/29/2004  05:23 PM            90,112 unvise32.exe
02/08/2016  08:33 PM    <DIR>          vpnplugins
03/18/2017  05:03 PM    <DIR>          Vss
03/18/2017  05:03 PM    <DIR>          Web
10/17/2014  05:11 PM               159 win.ini
09/19/2017  08:39 PM               275 WindowsUpdate.log
03/18/2017  04:58 PM            10,240 winhlp32.exe
09/18/2017  05:03 PM    <DIR>          WinSxS
03/18/2017  04:56 PM           316,640 WMSysPr9.prx
03/18/2017  04:58 PM            11,264 write.exe
              29 File(s)    847,780,795 bytes
              74 Dir(s)  94,434,754,560 bytes free

========= End of CMD: =========

========= dir C:\Windows\system32\drivers =========

 Volume in drive C is For Applications
 Volume Serial Number is C8AC-3518

 Directory of C:\Windows\system32\drivers

09/19/2017  08:38 PM    <DIR>          .
09/19/2017  08:38 PM    <DIR>          ..
09/13/2017  07:03 AM           253,888 044B4CED.sys
09/13/2017  07:14 AM           253,888 10DF557C.sys
09/13/2017  07:11 AM           253,888 11875313.sys
09/13/2017  06:57 AM           253,888 12FF48A7.sys
03/18/2017  04:56 PM           238,080 1394ohci.sys
09/13/2017  06:59 AM           253,888 1F7E4A05.sys
09/13/2017  07:09 AM           253,888 2CF951C3.sys
03/18/2017  04:56 PM           107,424 3ware.sys
09/12/2017  08:54 PM           253,888 616C7AA3.sys
09/12/2017  08:56 PM           253,888 6DEB7C01.sys
09/13/2017  06:49 AM           253,888 7032421C.sys
09/13/2017  06:51 AM           253,888 7EBC4370.sys
07/28/2017  01:23 AM           723,360 acpi.sys
03/18/2017  04:56 PM            20,480 AcpiDev.sys
03/18/2017  04:56 PM           127,392 acpiex.sys
03/18/2017  04:56 PM            12,800 acpipagr.sys
03/18/2017  04:56 PM            14,848 acpipmi.sys
03/18/2017  04:56 PM            14,336 acpitime.sys
03/18/2017  04:56 PM         1,135,512 adp80xx.sys
03/18/2017  04:57 PM           610,712 afd.sys
03/18/2017  04:58 PM           108,544 agilevpn.sys
03/18/2017  04:57 PM           239,616 ahcache.sys
03/18/2017  04:56 PM           176,640 amdk8.sys
03/18/2017  04:56 PM           172,544 amdppm.sys
03/18/2017  04:56 PM            83,352 amdsata.sys
03/18/2017  04:56 PM           259,488 amdsbs.sys
03/18/2017  04:56 PM            27,040 amdxata.sys
03/07/2016  06:03 PM            92,312 AmUStor.sys
03/18/2017  04:58 PM           184,736 appid.sys
03/18/2017  04:58 PM            17,920 applockerfltr.sys
03/18/2017  04:56 PM           132,000 arcsas.sys
03/18/2017  04:57 PM            28,672 asyncmac.sys
03/18/2017  04:56 PM            29,088 atapi.sys
03/18/2017  04:56 PM           194,464 ataport.sys
03/18/2017  04:56 PM            57,344 BasicDisplay.sys
07/17/2017  03:12 PM            35,840 BasicRender.sys
03/18/2017  04:56 PM            36,256 battc.sys
03/18/2017  04:56 PM             9,728 bcmfn2.sys
03/18/2017  04:57 PM            10,240 beep.sys
03/18/2017  04:56 PM           101,888 bowser.sys
07/28/2017  12:25 AM           115,712 bridge.sys
03/18/2017  04:56 PM            23,552 BtaMPM.sys
03/18/2017  04:56 PM            43,520 BthAvrcpTg.sys
07/28/2017  12:25 AM           105,472 bthenum.sys
07/28/2017  12:08 AM            97,792 bthhfenum.sys
03/18/2017  04:56 PM            32,256 BthhfHid.sys
03/18/2017  04:56 PM            66,560 bthmodem.sys
07/07/2017  02:22 AM           130,048 bthpan.sys
07/28/2017  12:20 AM           982,016 bthport.sys
03/18/2017  04:56 PM            85,504 BTHUSB.SYS
09/05/2013  07:37 PM         1,390,904 btmhsf.sys
03/18/2017  04:56 PM            39,424 buttonconverter.sys
03/18/2017  04:56 PM           533,920 bxvbda.sys
03/18/2017  04:56 PM            53,664 CAD.sys
03/18/2017  04:56 PM           122,880 capimg.sys
03/18/2017  04:57 PM            93,184 cdfs.sys
03/18/2017  04:56 PM           160,256 cdrom.sys
03/18/2017  04:57 PM            77,216 CEA.sys
06/26/2017  09:25 AM            77,800 cfwids.sys
03/18/2017  04:56 PM           102,816 cht4dx64.sys
03/18/2017  04:56 PM           347,032 cht4sx64.sys
03/18/2017  04:56 PM         2,104,224 cht4vx64.sys
03/18/2017  04:56 PM            49,152 circlass.sys
03/18/2017  04:57 PM           391,584 Classpnp.sys
03/18/2017  04:58 PM            12,288 cldflt.sys
07/31/2017  10:38 PM           382,368 clfs.sys
03/18/2017  04:58 PM           877,472 ClipSp.sys
03/18/2017  04:56 PM            30,208 CmBatt.sys
03/18/2017  04:56 PM            28,064 cmimcext.sys
03/18/2017  04:58 PM           642,688 cng.sys
03/18/2017  04:57 PM            39,840 cnghwassist.sys
03/18/2017  04:57 PM            56,224 condrv.sys
05/29/2012  05:53 PM            27,456 cpqdfw.sys
03/18/2017  04:57 PM            86,432 crashdmp.sys
07/17/2017  03:12 PM           112,544 dam.sys
03/18/2017  04:56 PM            45,568 devauthe.sys
03/18/2017  04:57 PM           150,528 dfsc.sys
03/18/2017  04:56 PM           102,816 disk.sys
03/18/2017  04:58 PM            38,816 Diskdump.sys
03/18/2017  04:57 PM            15,360 Dmpusbstor.sys
03/18/2017  04:56 PM            47,104 dmvsc.sys
03/18/2017  04:56 PM            97,280 drmk.sys
03/18/2017  04:56 PM            16,232 drmkaud.sys
03/18/2017  04:57 PM            35,744 Dumpata.sys
03/18/2017  04:59 PM            91,152 dumpfve.sys
07/17/2017  03:12 PM           188,824 dumpsd.sys
03/18/2017  04:58 PM            32,256 dumpsdport.sys
03/18/2017  04:57 PM            25,600 Dumpstorport.sys
07/31/2017  10:32 PM         2,444,704 dxgkrnl.sys
07/17/2017  03:12 PM           409,504 dxgmms1.sys
07/31/2017  10:32 PM           712,600 dxgmms2.sys
03/18/2017  04:57 PM            88,992 EhStorClass.sys
03/18/2017  04:56 PM           119,200 EhStorTcgDrv.sys
03/18/2017  10:31 PM    <DIR>          en-US
03/18/2017  04:56 PM            13,824 errdev.sys
07/17/2017  11:30 AM    <DIR>          etc
03/18/2017  04:56 PM         3,419,040 evbda.sys
03/18/2017  04:57 PM           347,136 exfat.sys
09/19/2017  08:38 PM           101,824 farflt.sys
07/17/2017  03:12 PM           363,424 fastfat.sys
03/18/2017  04:56 PM            32,768 fdc.sys
03/18/2017  04:56 PM            54,272 filecrypt.sys
03/18/2017  04:57 PM            86,432 fileinfo.sys
03/18/2017  04:57 PM            36,864 filetrace.sys
03/18/2017  04:56 PM            26,624 flpydisk.sys
03/18/2017  04:57 PM           386,464 fltMgr.sys
03/18/2017  04:56 PM            63,904 fsdepends.sys
03/18/2017  04:57 PM            33,688 fs_rec.sys
07/28/2017  01:15 AM           715,168 fvevol.sys
03/18/2017  04:57 PM           419,744 FWPKCLNT.SYS
10/03/2012  04:14 PM            33,240 GEARAspiWDM.sys
03/18/2017  04:56 PM            21,504 genericusbfn.sys
03/18/2017  04:57 PM         3,440,660 gm.dls
03/18/2017  04:57 PM               646 gmreadme.txt
03/18/2017  04:58 PM             8,192 gpuenergydrv.sys
06/29/2017  12:24 PM            45,680 Hamdrv.sys
06/20/2017  01:12 AM            86,528 hdaudbus.sys
03/18/2017  04:56 PM            38,296 hidbatt.sys
03/18/2017  04:56 PM           106,496 hidbth.sys
03/18/2017  04:56 PM           180,736 hidclass.sys
03/18/2017  04:56 PM            52,224 hidi2c.sys
03/18/2017  04:56 PM            51,104 hidinterrupt.sys
03/18/2017  04:56 PM            46,592 hidir.sys
03/18/2017  04:56 PM            40,960 hidparse.sys
03/18/2017  04:56 PM            40,960 hidusb.sys
05/31/2017  01:06 PM           209,608 HipShieldK.sys
03/18/2017  04:56 PM            64,416 HpSAMD.sys
07/07/2017  03:07 AM         1,106,848 http.sys
03/18/2017  04:57 PM            74,648 hvservice.sys
03/18/2017  04:56 PM           118,688 hvsocket.sys
03/18/2017  04:57 PM            29,600 hwpolicy.sys
03/18/2017  04:56 PM            16,896 hyperkbd.sys
03/18/2017  04:56 PM           115,200 i8042prt.sys
03/18/2017  04:56 PM            33,280 iagpio.sys
03/18/2017  04:56 PM            81,408 iai2c.sys
03/18/2017  04:56 PM            70,656 iaLPSS2i_GPIO2.sys
03/18/2017  04:56 PM            85,504 iaLPSS2i_GPIO2_BXT_P.sys
03/18/2017  04:56 PM           165,376 iaLPSS2i_I2C.sys
03/18/2017  04:56 PM           168,448 iaLPSS2i_I2C_BXT_P.sys
03/18/2017  04:56 PM            38,128 iaLPSSi_GPIO.sys
03/18/2017  04:56 PM           113,152 iaLPSSi_I2C.sys
03/18/2017  04:56 PM           673,184 iaStorAV.sys
03/18/2017  04:56 PM           412,064 iaStorV.sys
03/18/2017  04:56 PM           526,240 ibbus.sys
03/09/2017  11:10 PM           230,656 ibtusb.sys
09/19/2017  11:55 AM            79,064 imofugc.sys
03/18/2017  04:58 PM            36,864 IndirectKmd.sys
03/18/2017  04:56 PM            19,360 intelide.sys
03/18/2017  04:56 PM            74,840 intelpep.sys
03/18/2017  04:56 PM           193,536 intelppm.sys
03/18/2017  04:57 PM            49,568 iorate.sys
03/18/2017  04:57 PM            87,040 ipfltdrv.sys
03/18/2017  04:56 PM            92,064 IPMIDrv.sys
03/18/2017  04:58 PM           214,528 ipnat.sys
03/18/2017  04:57 PM           120,320 irda.sys
03/18/2017  04:57 PM            19,968 irenum.sys
03/18/2017  04:56 PM            22,944 isapnp.sys
03/18/2017  04:56 PM            64,416 kbdclass.sys
03/18/2017  04:56 PM            40,448 kbdhid.sys
03/18/2017  04:56 PM            23,040 kdnic.sys
03/18/2017  04:58 PM           390,144 ks.sys
03/18/2017  04:57 PM           136,088 ksecdd.sys
03/18/2017  04:58 PM           170,912 ksecpkg.sys
07/17/2017  03:12 PM            27,136 ksthunk.sys
03/18/2017  04:58 PM            66,560 lltdio.sys
03/18/2017  04:56 PM           108,960 lsi_sas.sys
03/18/2017  04:56 PM           123,808 lsi_sas2i.sys
03/18/2017  04:56 PM           103,328 lsi_sas3i.sys
03/18/2017  04:56 PM            82,848 lsi_sss.sys
03/18/2017  04:57 PM           124,928 luafv.sys
09/23/2005  10:18 PM           261,120 MarvinBus64.sys
03/18/2017  04:56 PM           405,408 mausbhost.sys
03/18/2017  04:56 PM            51,104 mausbip.sys
08/24/2017  11:27 AM            77,440 mbae64.sys
09/19/2017  08:38 PM            45,472 mbam.sys
09/13/2017  01:27 PM           192,960 MBAMChameleon.sys
09/19/2017  08:38 PM           253,888 MBAMSwissArmy.sys
03/18/2017  04:57 PM            23,552 mcd.sys
03/18/2017  04:56 PM            59,808 megasas.sys
03/18/2017  04:56 PM            64,416 MegaSas2i.sys
03/18/2017  04:56 PM           575,904 megasr.sys
06/26/2017  09:25 AM           487,408 mfeaack.sys
05/02/2017  11:07 AM           476,176 mfeaack.sys.0980.deleteme
06/26/2017  09:25 AM           355,312 mfeavfk.sys
05/02/2017  11:07 AM           353,808 mfeavfk.sys.bf23.deleteme
04/07/2017  02:42 AM            30,224 mfeclnrk.sys
06/26/2017  09:25 AM            84,544 mfeelamk.sys
06/26/2017  09:25 AM           506,352 mfefirek.sys
06/26/2017  09:25 AM           933,360 mfehidk.sys
04/07/2017  02:42 AM           495,632 mfencbdc.sys
04/07/2017  02:42 AM           107,544 mfencrk.sys
06/26/2017  09:25 AM           116,208 mfeplk.sys
05/02/2017  11:07 AM           109,072 mfeplk.sys.d942.deleteme
06/26/2017  09:25 AM           253,424 mfewfpk.sys
07/28/2017  12:25 AM            97,280 Microsoft.Bluetooth.Legacy.LEEnumerator.sys
03/18/2017  04:56 PM           842,656 mlx4_bus.sys
03/18/2017  04:57 PM            50,688 mmcss.sys
03/18/2017  04:57 PM            42,496 modem.sys
03/18/2017  04:56 PM            39,424 monitor.sys
03/18/2017  04:56 PM            60,320 mouclass.sys
03/18/2017  04:56 PM            33,280 mouhid.sys
03/18/2017  04:57 PM           105,880 mountmgr.sys
03/18/2017  04:58 PM            76,800 mpsdrv.sys
03/18/2017  04:57 PM           144,384 mrxdav.sys
03/18/2017  04:57 PM           467,352 mrxsmb.sys
07/07/2017  02:08 AM           285,696 mrxsmb10.sys
07/07/2017  03:12 AM           228,256 mrxsmb20.sys
03/18/2017  04:57 PM            31,744 msfs.sys
07/16/2016  07:42 AM                 3 MsftWdf_Kernel_01019_Inbox_Critical.Wdf
03/18/2017  04:57 PM           169,888 msgpioclx.sys
03/18/2017  04:56 PM            49,056 msgpiowin32.sys
03/18/2017  04:57 PM             8,704 mshidkmdf.sys
03/18/2017  04:57 PM            12,288 mshidumdf.sys
09/19/2017  08:38 PM            81,696 msidntfs.sys
03/18/2017  04:56 PM            19,352 msisadrv.sys
07/28/2017  01:20 AM           279,968 msiscsi.sys
06/20/2017  01:14 AM            32,768 mskssrv.sys
03/18/2017  04:57 PM            83,456 mslldp.sys
03/18/2017  04:58 PM            10,752 mspclock.sys
03/18/2017  04:58 PM            10,752 mspqm.sys
03/18/2017  04:57 PM           367,000 msrpc.sys
03/18/2017  04:56 PM            44,960 mssmbios.sys
03/18/2017  04:58 PM            12,800 mstee.sys
03/18/2017  04:56 PM            16,896 MTConfig.sys
03/18/2017  04:57 PM           123,808 mup.sys
03/18/2017  04:56 PM            63,904 mvumis.sys
09/19/2017  12:17 PM            94,144 mwac.sys
03/18/2017  04:56 PM           108,960 ndfltr.sys
06/20/2017  02:08 AM         1,242,528 ndis.sys
03/18/2017  04:57 PM            50,688 ndiscap.sys
03/18/2017  04:57 PM           128,512 NdisImPlatform.sys
03/18/2017  04:58 PM            27,136 ndistapi.sys
03/18/2017  04:58 PM            65,536 ndisuio.sys
03/18/2017  04:57 PM            20,992 NdisVirtualBus.sys
03/18/2017  04:58 PM           192,000 ndiswan.sys
03/18/2017  04:58 PM            62,464 ndproxy.sys
03/18/2017  04:58 PM           127,488 Ndu.sys
03/18/2017  04:57 PM           122,368 NetAdapterCx.sys
03/18/2017  04:57 PM            57,760 netbios.sys
03/18/2017  04:57 PM           305,152 netbt.sys
07/07/2017  03:20 AM           519,584 netio.sys
07/17/2017  03:12 PM           118,784 netvsc.sys
03/18/2017  04:56 PM         3,485,696 Netwbw02.sys
03/18/2017  04:56 PM         3,549,068 Netwfw02.dat
03/18/2017  04:57 PM            69,120 npfs.sys
03/18/2017  04:56 PM            27,136 npsvctrig.sys
03/18/2017  04:57 PM            41,984 nsiproxy.sys
07/28/2017  01:24 AM         2,327,456 ntfs.sys
03/18/2017  04:57 PM            20,376 ntosext.sys
03/18/2017  04:57 PM             7,680 null.sys
03/18/2017  04:56 PM            80,896 nvdimmn.sys
05/08/2017  02:35 AM           218,040 nvhda64v.sys
05/08/2017  02:37 AM        14,841,784 nvlddmkm.sys
03/18/2017  04:56 PM           150,432 nvraid.sys
03/18/2017  04:56 PM           166,304 nvstor.sys
03/18/2017  04:58 PM           549,888 nwifi.sys
03/18/2017  04:57 PM           152,992 pacer.sys
03/18/2017  04:56 PM            97,792 parport.sys
03/18/2017  04:57 PM           159,648 partmgr.sys
03/18/2017  04:56 PM           353,696 pci.sys
03/18/2017  04:56 PM            16,800 pciide.sys
03/18/2017  04:56 PM            53,656 pciidex.sys
03/18/2017  04:56 PM           120,224 pcmcia.sys
03/18/2017  04:57 PM            52,640 pcw.sys
07/07/2017  03:24 AM           117,664 pdc.sys
03/18/2017  04:58 PM           741,376 PEAuth.sys
03/18/2017  04:56 PM            58,784 percsas2i.sys
03/18/2017  04:56 PM            61,848 percsas3i.sys
03/18/2017  04:56 PM           101,376 pmem.sys
03/18/2017  04:56 PM           373,248 portcls.sys
03/18/2017  04:56 PM           172,032 processr.sys
03/18/2017  04:57 PM            49,664 qwavedrv.sys
03/18/2017  04:57 PM            17,920 rasacd.sys
03/18/2017  04:58 PM           107,008 rasl2tp.sys
03/18/2017  04:57 PM            81,920 raspppoe.sys
03/18/2017  04:58 PM            97,792 raspptp.sys
03/18/2017  04:58 PM            79,872 rassstp.sys
03/18/2017  04:57 PM           434,080 rdbss.sys
03/18/2017  10:31 PM            27,136 rdpbus.sys
03/18/2017  10:31 PM           183,296 rdpdr.sys
09/05/2013  06:18 PM           116,048 rdplrcjd.sys
03/18/2017  10:31 PM            30,624 rdpvideominiport.sys
03/18/2017  04:57 PM           282,528 rdyboost.sys
03/18/2017  04:57 PM         1,735,584 refs.sys
03/18/2017  04:57 PM           936,864 refsv1.sys
03/18/2017  04:57 PM            14,336 registry.sys
07/31/2017  09:41 PM           180,736 rfcomm.sys
03/18/2017  04:56 PM            40,960 RfxVmt.sys
03/18/2017  04:57 PM           150,016 rmcast.sys
03/18/2017  04:57 PM            34,816 RNDISMP.sys
07/17/2017  03:12 PM            13,312 rootmdm.sys
02/12/2009  03:11 PM            26,024 rsdrvx64.sys
03/18/2017  04:58 PM            82,432 rspndr.sys
02/17/2016  05:27 PM           896,768 rt640x64.sys
07/09/2013  05:58 PM           263,896 RtsUStor.sys
03/18/2017  04:56 PM           110,496 sbp2port.sys
03/18/2017  04:57 PM            43,520 scfilter.sys
03/18/2017  04:56 PM            91,040 scmbus.sys
03/18/2017  04:57 PM           175,520 scsiport.sys
07/17/2017  03:12 PM           287,648 sdbus.sys
03/18/2017  04:56 PM            31,128 SDFRd.sys
03/18/2017  04:56 PM            98,208 sdport.sys
03/18/2017  04:56 PM            94,624 sdstor.sys
03/18/2017  04:57 PM            75,680 SerCx.sys
03/18/2017  04:57 PM           154,016 SerCx2.sys
03/18/2017  04:56 PM            26,112 serenum.sys
03/18/2017  04:56 PM            84,480 serial.sys
03/18/2017  04:56 PM            28,672 sermouse.sys
03/18/2017  04:56 PM            13,312 serscan.sys
03/18/2017  04:56 PM            18,432 sfloppy.sys
03/18/2017  04:56 PM            44,960 sisraid2.sys
03/18/2017  04:56 PM            81,824 sisraid4.sys
03/18/2017  04:58 PM            32,672 SleepStudyHelper.sys
03/18/2017  04:57 PM            21,504 smclib.sys
03/18/2017  04:56 PM           167,328 spacedump.sys
03/18/2017  04:56 PM           587,168 spaceport.sys
03/18/2017  10:31 PM            40,352 SpatialGraphFilter.sys
03/18/2017  04:57 PM            80,288 SpbCx.sys
07/17/2017  03:12 PM           414,208 srv.sys
07/17/2017  03:12 PM           722,944 srv2.sys
03/18/2017  04:57 PM           255,488 srvnet.sys
01/22/2014  09:52 AM           108,800 ssudbus.sys
01/22/2014  09:52 AM           206,080 ssudmdm.sys
03/18/2017  04:56 PM            31,136 stexstor.sys
07/17/2017  03:12 PM           144,288 storahci.sys
03/18/2017  04:56 PM            95,648 stornvme.sys
07/17/2017  03:12 PM           546,208 storport.sys
03/18/2017  04:58 PM            79,872 storqosflt.sys
03/18/2017  04:56 PM            36,760 storufs.sys
03/18/2017  04:56 PM            36,768 storvsc.sys
03/18/2017  04:57 PM            75,776 stream.sys
01/07/2014  12:29 PM           551,936 stwrt64.sys
03/18/2017  04:56 PM            18,336 swenum.sys
03/18/2017  04:56 PM            64,512 Synth3dVsc.sys
04/21/2016  05:10 AM            27,136 tap0901.sys
03/18/2017  04:57 PM            31,232 tape.sys
03/18/2017  04:57 PM            28,064 tbs.sys
07/28/2017  01:10 AM         2,679,200 tcpip.sys
03/18/2017  04:57 PM            51,712 tcpipreg.sys
03/18/2017  04:57 PM            40,352 tdi.sys
07/31/2017  10:36 PM           119,712 tdx.sys
03/18/2017  10:31 PM            37,280 terminpt.sys
07/17/2017  03:12 PM           130,464 tm.sys
07/17/2017  03:12 PM           219,040 tpm.sys
03/18/2017  04:56 PM            61,440 TsUsbFlt.sys
03/18/2017  04:56 PM            35,328 TsUsbGD.sys
03/18/2017  04:58 PM           162,304 tunnel.sys
03/18/2017  04:56 PM            78,752 uaspstor.sys
03/18/2017  04:58 PM           104,448 UcmCx.sys
03/18/2017  04:58 PM           179,200 UcmTcpciCx.sys
07/28/2017  12:27 AM            51,712 UcmUcsi.sys
03/18/2017  04:56 PM           213,920 Ucx01000.sys
03/18/2017  04:56 PM            45,568 Udecx.sys
03/18/2017  04:57 PM           324,096 udfs.sys
03/18/2017  04:56 PM            29,600 uefi.sys
03/18/2017  04:58 PM           263,584 ufx01000.sys
03/18/2017  04:56 PM            98,712 UfxChipidea.sys
03/18/2017  04:56 PM           138,656 ufxsynopsys.sys
03/18/2017  04:56 PM            57,856 umbus.sys
08/09/2017  05:00 AM    <DIR>          UMDF
03/18/2017  04:56 PM            14,336 umpass.sys
03/18/2017  04:56 PM            29,600 urschipidea.sys
03/18/2017  04:58 PM            59,288 urscx01000.sys
03/18/2017  04:56 PM            28,064 urssynopsys.sys
03/18/2017  04:57 PM            23,040 usb8023.sys
06/10/2015  11:08 PM            54,784 usbaapl64.sys
03/18/2017  04:57 PM            37,888 USBCAMD2.sys
03/18/2017  04:56 PM           173,984 usbccgp.sys
03/18/2017  04:56 PM           103,424 usbcir.sys
03/18/2017  04:56 PM            32,160 usbd.sys
03/18/2017  04:56 PM            98,200 usbehci.sys
03/18/2017  04:56 PM           511,904 usbhub.sys
07/28/2017  01:15 AM           554,400 USBHUB3.SYS
03/18/2017  04:56 PM            30,720 usbohci.sys
03/18/2017  04:56 PM           466,336 usbport.sys
03/18/2017  04:56 PM            27,136 usbprint.sys
03/18/2017  04:56 PM            32,768 usbrpm.sys
03/18/2017  04:56 PM            71,680 usbser.sys
03/18/2017  04:56 PM           131,488 USBSTOR.SYS
03/18/2017  04:56 PM            35,328 usbuhci.sys
07/17/2017  03:12 PM           388,000 USBXHCI.SYS
03/18/2017  04:56 PM            54,176 vdrvroot.sys
03/18/2017  04:57 PM           215,456 VerifierExt.sys
07/17/2017  03:12 PM           730,016 vhdmp.sys
03/18/2017  04:56 PM            35,328 vhf.sys
03/18/2017  04:57 PM            49,664 videoprt.sys
07/31/2017  10:30 PM            82,336 vmbkmcl.sys
07/31/2017  09:44 PM            83,968 vmbkmclr.sys
03/18/2017  04:56 PM           107,424 vmbus.sys
03/18/2017  04:56 PM            25,088 VMBusHID.sys
03/18/2017  04:56 PM            13,824 vmgencounter.sys
03/18/2017  04:56 PM            10,240 vmgid.sys
03/18/2017  04:56 PM             9,216 vms3cap.sys
03/18/2017  04:56 PM            47,520 vmstorfl.sys
03/18/2017  04:56 PM            83,360 volmgr.sys
03/18/2017  04:57 PM           373,664 volmgrx.sys
03/18/2017  04:57 PM           397,216 volsnap.sys
03/18/2017  04:56 PM            16,288 volume.sys
03/18/2017  04:56 PM            74,656 vpci.sys
03/18/2017  04:56 PM           166,816 vsmraid.sys
03/18/2017  04:56 PM           305,568 VSTXRAID.SYS
03/18/2017  04:58 PM            27,136 vwifibus.sys
03/18/2017  04:58 PM            77,312 vwififlt.sys
03/18/2017  04:58 PM            41,472 vwifimp.sys
03/18/2017  04:56 PM            30,720 wacompen.sys
03/18/2017  04:58 PM            81,408 wanarp.sys
03/18/2017  04:57 PM            55,808 watchdog.sys
06/20/2017  02:00 AM           142,752 wcifs.sys
03/18/2017  04:57 PM            72,192 wcnfs.sys
03/18/2017  04:56 PM            44,632 WdBoot.sys
11/12/2015  11:50 PM            26,880 wdcsam64.sys
03/18/2017  04:57 PM           902,376 Wdf01000.sys
03/18/2017  04:56 PM           294,816 WdFilter.sys
03/18/2017  04:57 PM            61,672 WdfLdr.sys
06/20/2017  01:07 AM           757,248 WdiWiFi.sys
03/18/2017  04:56 PM           121,248 WdNisDrv.sys
03/18/2017  04:57 PM            46,488 werkernel.sys
03/18/2017  04:57 PM           164,768 wfplwfs.sys
03/18/2017  04:57 PM            35,744 wimmount.sys
03/18/2017  04:58 PM            70,232 WindowsTrustedRT.sys
03/18/2017  04:56 PM            18,520 WindowsTrustedRTProxy.sys
03/18/2017  04:56 PM            31,648 winhv.sys
03/18/2017  04:57 PM            55,296 winhvr.sys
03/18/2017  04:56 PM            32,160 winmad.sys
03/18/2017  04:58 PM           217,088 winnat.sys
03/18/2017  04:56 PM            90,112 winusb.sys
03/18/2017  04:56 PM            64,920 winverbs.sys
03/18/2017  04:56 PM            18,432 wmiacpi.sys
03/18/2017  04:57 PM            20,384 wmilib.sys
03/18/2017  04:57 PM           208,288 wof.sys
03/18/2017  04:59 PM            30,624 WpdUpFltr.sys
03/18/2017  04:57 PM            33,184 WppRecorder.sys
03/18/2017  04:57 PM            23,552 ws2ifsl.sys
03/18/2017  04:56 PM            22,528 WSDPrint.sys
03/18/2017  04:56 PM            24,576 WSDScan.sys
03/18/2017  04:57 PM           100,864 WUDFPf.sys
03/18/2017  04:57 PM           220,672 WUDFRd.sys
07/17/2017  03:12 PM           277,504 xboxgip.sys
03/18/2017  04:56 PM            46,592 xinputhid.sys
             436 File(s)    107,704,713 bytes
               5 Dir(s)  94,434,283,520 bytes free

========= End of CMD: =========

==== End of Fixlog 20:43:32 ====

[Aura]

And now for the fun part.

Farbar Recovery Scan Tool (FRST) - Recovery Environment Scan
Follow the instructions below to download and execute a scan on your system with FRST from the Recovery Environment, and provide the logs in your next reply.

Item(s) required:

• USB Flash Drive (size depend on if you have to create a USB Recovery or Installation media)
• CD/DVD (optional: only needed if you need to create a Recovery or Installation media and your USB Flash Drive is too small)
• Another computer (optional: only needed if you cannot work from the infected computer directly)
  

Preparing the USB Flash Drive

• Download the right version of FRST for your system:
  
  • FRST 64-bit
    
• Move the executable (FRST.exe or FRST64.exe) on your USB Flash Drive
• Download the attached fixlist.txt, and move it on your USB Flash Drive as well
  

Boot in the Recovery Environment

• Plug your USB Flash Drive in the infected computer
• To enter the Recovery Environment with Windows Vista and Windows 7, follow the instructions below:
  
  • Restart the computer
  • Once you've seen your BIOS splashscreen (the computer manufacturer logo), tap the F8 key repeatedly until the Advanced Boot Options menu appears
  • Use the arrow keys to select Repair your computer, and press on Enter
  • Select your keyboard layout (US, French, etc.) and click on Next
  • Click on Command Prompt to open the command prompt
    Note:If you can't access the Recovery Environment using the F8 method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on SevenForums.
    
• To enter the Recovery Environment with Windows 8 or Windows 8.1, follow the instructions in this tutorial on EightForums
  Note:If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial.
• To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums
  Note:If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on TenForums.
  

Once in the command prompt

• In the command prompt, type notepad and press on Enter
• Notepad will open. Click on the File menu and select Open
• Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad
• In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe and press on Enter
• Note: Replace the letter e with the drive letter of your USB Flash Drive
• FRST will open
• Click on Yes to accept the disclaimer
• Click on the Fix button and wait for the scan to complete
• A log called fixlog.txt will be saved on your USB Flash Drive. Attach it in your next reply
  

fixlist.txt

[12Marko]

Fix result of Farbar Recovery Scan Tool (x64) Version: 19-09-2017
Ran by SYSTEM (19-09-2017 21:07:02) Run:3
Running from f:\
Boot Mode: Recovery
==============================================

fixlist content:
*****************
C:\Windows\System32\drivers\msidntfs.sys
C:\Windows\System32\drivers\rdplrcjd.sys
*****************

C:\Windows\System32\drivers\msidntfs.sys => moved successfully
C:\Windows\System32\drivers\rdplrcjd.sys => moved successfully

==== End of Fixlog 21:07:02 ====

Fixlog.txt

[Aura]

Now you should be able to install and run a scan with Malwarebytes properly.

Malwarebytes - Clean Mode

• Download and install the free version of Malwarebytes
  Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point
• Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so
• Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan
• Let the scan run, the time required to complete the scan depends of your system and computer specs
• Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button
  
  • If it asks you to restart your computer to complete the removal, do so
    
• Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply
  

[12Marko]

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 9/19/17
Scan Time: 9:21 PM
Log File: 17d649e0-9da2-11e7-8dcd-a0d3c13ee0d2.json
Administrator: Yes

-Software Information-
Version: 3.2.2.2018
Components Version: 1.0.188
Update Package Version: 1.0.2845
License: Premium

-System Information-
OS: Windows 10 (Build 15063.540)
CPU: x64
File System: NTFS
User: BASEMENT\benne

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 438681
Threats Detected: 3
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 4 min, 52 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 3
Adware.5Hex, C:\PROGRAMDATA\MALWAREBYTES' ANTI-MALWARE (PORTABLE)\MSIDNTFS.SYS-K.MBAM, No Action By User, [5390], [425145],1.0.2845
Adware.5Hex, C:\PROGRAMDATA\MALWAREBYTES' ANTI-MALWARE (PORTABLE)\MSIDNTFS.SYS-U.MBAM, No Action By User, [5390], [425145],1.0.2845
Rootkit.Agent.PUA, C:\PROGRAMDATA\MALWAREBYTES' ANTI-MALWARE (PORTABLE)\RDPLRCJD.SYS-K.MBAM, No Action By User, [6013], [427182],1.0.2845

Physical Sector: 0
(No malicious items detected)

(end)

[Aura]

Good. Now let's do a sweep with AdwCleaner and RogueKiller.

AdwCleaner - Fix Mode

• Download AdwCleaner and move it to your Desktop
• Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
• Accept the EULA (I accept), then click on Scan
• Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
  
• Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
• After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply
  

RogueKiller

• Download the right version of RogueKiller for your Windows version (32 or 64-bit)
• Once done, move the executable file to your Desktop, right-click on it and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
• Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
• Wait for the scan to complete
• On completion, the results will be displayed
• Check every single entry (threat found), and click on the Remove Selected button
• On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
• This will open the report in Notepad. Copy/paste its content in your next reply
  

Your next reply(ies) should therefore contain:

• Copy/pasted AdwCleaner clean log
• Copy/pasted RogueKiller clean log
  

[12Marko]

# AdwCleaner 7.0.2.1 - Logfile created on Wed Sep 20 01:44:44 2017
# Updated on 2017/29/08 by Malwarebytes 
# Running on Windows 10 Home (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\Program Files (x86)\AVG Security Toolbar
Deleted: C:\Users\benne\AppData\Local\YSearchUtil
Deleted: C:\Users\pmwsm_000\AppData\Local\YSearchUtil
Deleted: C:\Users\pmwsm_000\AppData\Local\SweetLabs App Platform
Deleted: C:\Users\benne\AppData\Local\Pokki
Deleted: C:\Users\Default\AppData\Local\Pokki
Deleted: C:\Users\Default User\AppData\Local\Pokki
Deleted: C:\Program Files (x86)\BeansPlayer
Deleted: C:\ProgramData\WindowsReporting
Deleted: C:\ProgramData\Application Data\WindowsReporting
Deleted: C:\Users\All Users\WindowsReporting
Deleted: C:\Users\benne\AppData\Local\IPNinja
Deleted: C:\ProgramData\Avg_Update_0215tb
Deleted: C:\ProgramData\Avg_Update_1114tb
Deleted: C:\ProgramData\Avg_Update_1214tb

***** [ Files ] *****

Deleted: C:\Windows\\rsrcs.dll
Deleted: C:\Users\benne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Menu.lnk
Deleted: C:\Users\benne\appdata\local\installationconfiguration.xml
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
Deleted: C:\Users\pmwsm_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

Cleaned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk[http:\\www%2dsearching.com\?prd=set_epc&s=H9Azamobl20544AU,8ced84cc-0ced-4874-af18-ffff1309d1ed,]
Cleaned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk[http:\\www-searching.com\?prd=set_epc&s=H9Azamobl20544AU,8ced84cc-0ced-4874-af18-ffff1309d1ed,]
Cleaned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk[http:\\www-searching.com\?prd=set_epc&s=H9Azamobl20544AU,8ced84cc-0ced-4874-af18-ffff1309d1ed,]
Cleaned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk[http:\\www-searching.com\?prd=set_epc&s=H9Azamobl20544AU,8ced84cc-0ced-4874-af18-ffff1309d1ed,]
Cleaned: C:\Users\benne\Desktop\Google Chrome.lnk[http:\\www%2dsearching.com\?prd=set_epc&s=H9Azamobl20544AU,8ced84cc-0ced-4874-af18-ffff1309d1ed,]
Cleaned: C:\Users\benne\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk[http:\\www%2dsearching.com\?prd=set_epc&s=H9Azamobl20544AU,8ced84cc-0ced-4874-af18-ffff1309d1ed,]
Cleaned: C:\Users\benne\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk[http:\\www%2dsearching.com\?prd=set_epc&s=H9Azamobl20544AU,8ced84cc-0ced-4874-af18-ffff1309d1ed,]

***** [ Tasks ] *****

Deleted: SweetLabs App Platform
Deleted: Microsoft\Windows\Multimedia\Manager
Deleted: Microsoft\Windows\Windows Error Reporting\ErrorReporting
Deleted: Microsoft\Windows\Multimedia\Driver
Deleted: AVG-Secure-Search-Update_0615tb_RML

***** [ Registry ] *****

Deleted: [Key] - HKU\S-1-5-21-3101684064-3434913050-970958240-1006\Software\Pokki
Deleted: [Key] - HKCU\Software\Pokki
Deleted: [Key] - HKLM\SOFTWARE\pcv-var
Deleted: [Key] - HKU\S-1-5-21-3101684064-3434913050-970958240-1006\Software\VideoBox
Deleted: [Key] - HKCU\Software\VideoBox
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Deleted: [Key] - HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
Deleted: [Key] - HKCU\Software\Classes\Directory\shell\pokki
Deleted: [Key] - HKCU\Software\Classes\Drive\shell\pokki
Deleted: [Key] - HKCU\Software\Classes\lnkfile\shell\pokki

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0

*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [4805 B] - [2017/9/20 1:42:24]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

 

RogueKiller V12.11.16.0 (x64) [Sep 18 2017] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.15063) 64 bits version
Started in : Normal mode
User : benne [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 09/19/2017 21:48:38 (Duration : 00:30:39)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 1 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f373538b-9d98-4a4a-b22a-bc4ee023888a} | NameServer : 10.9.0.1,10.8.0.1 ([][])  -> Replaced ()

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 5 ¤¤¤
[PUP.Gen1][File] C:\Users\benne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk [LNK@] C:\PROGRA~1\INTERN~1\iexplore.exe http://www%2dsearching.com/?prd=set_epc&s=H9Azamobl20544AU,8ced84cc-0ced-4874-af18-ffff1309d1ed, -> Shortcut cleaned
[PUP.Gen1][File] C:\Users\benne\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk [LNK@] C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe http://www%2dsearching.com/?prd=set_epc&s=H9Azamobl20544AU,8ced84cc-0ced-4874-af18-ffff1309d1ed, -> Shortcut cleaned
[PUP.Pokki|PUP.Gen0|PUP.Gen1][File] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start Menu.lnk [LNK@] C:\Users\benne\AppData\Local\Pokki\Engine\HostAppService.exe /OPEN"menu" -> Deleted
[PUP.Gen3][File] C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml -> Deleted
[PUP.Gen1][File] C:\Users\benne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk [LNK@] C:\PROGRA~1\INTERN~1\iexplore.exe http://www%2dsearching.com/?prd=set_epc&s=H9Azamobl20544AU,8ced84cc-0ced-4874-af18-ffff1309d1ed, -> Deleted

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 3 ¤¤¤
[PUP.Gen0][Chrome:Addon] Profile 1 : Honey [bmnlcjabgnpnenekpadlanbbkooimhnj] -> Deleted
[PUP.Gen1|PUM.HomePage][Chrome:Config] Profile 1 [SecurePrefs] : homepage [http://homepage-web.com/?s=hp&m=home] -> Deleted
[PUM.HomePage][Chrome:Config] Profile 1 [SecurePrefs] : session.startup_urls [https://www.aesoponline.com/navigator/Dashboard.aspx?x=x&loggedin=1|https://www.office.com/?auth=2|https://outlook.office.com/owa/?realm=hse.k12.in.us&exsvurl=1&ll-cc=1033&modurl=0|https://mail.google.com/mail/u/0/#inbox|http://www.hse.k12.in.us/ADM/home.aspx|https://www.pandora.com/station/play/3693302357463113058] -> Deleted

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: MTFDDAK256MAM-1K1 +++++
--- User ---
[MBR] cf6dcd1095958d271e5b8f608d9e8470
[BSP] 88a47314a72b84f888c64eeb414e1fc7 : Empty|VT.Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 1023 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2097152 | Size: 360 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 2834432 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 3096576 | Size: 227629 MB
4 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 469280768 | Size: 450 MB
5 - [SYSTEM] Basic data partition | Offset (sectors): 470202368 | Size: 14602 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: ST1000DM003-1ER162 +++++
--- User ---
[MBR] 9c98a6acb2e3de317e798c8edc6d098f
[BSP] 99da88db3385fb921738287c0a100a18 : Empty MBR Code
Partition table:
0 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 2048 | Size: 128 MB
1 - Basic data partition | Offset (sectors): 264192 | Size: 953740 MB
User = LL1 ... OK
User = LL2 ... OK

[Aura]

Good Now let's run a new scan with FRST to see if there's anything left to remove.

Farbar Recovery Scan Tool (FRST) - Scan mode
Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply.

• Right-click on the executable and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
• Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds
• Click on the Scan button
• On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files
• Copy and paste the content of both FRST.txt and Addition.txt in your next reply
  

[12Marko]

Does It need to be from the flash drive in recovery mode or can  I download  it and run it directly from the PC?

[Aura]

You can run the scan with FRST from your desktop, no need for the USB anymore.

[12Marko]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-09-2017
Ran by benne (administrator) on BASEMENT (20-09-2017 11:43:04)
Running from C:\Users\benne\Desktop
Loaded Profiles: benne (Available Profiles: pmwsm_000 & benne)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(The OpenVPN Project) C:\Program Files\OpenVPN\bin\openvpnserv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.5.312.0\McCSPServiceHost.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(McAfee, Inc.) C:\Program Files\McAfee\VUL\McVulCtr.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
() C:\Program Files\OpenVPN\bin\openvpn-gui.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3957816 2014-02-07] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-02-07] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-02-07] (Hewlett-Packard)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1794904 2014-07-16] (NVIDIA Corporation)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2014-01-07] (Hewlett-Packard )
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3101684064-3434913050-970958240-1006\...\Run: [OPENVPN-GUI] => C:\Program Files\OpenVPN\bin\openvpn-gui.exe [638592 2017-07-14] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-10-17]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
GroupPolicy: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll => No File 
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll => No File 
Hosts: 127.0.0.1 license.piriform.com
Tcpip\Parameters: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{21c4f29d-caeb-4b0a-bd18-8bf236565f6d}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{25d93a20-93ab-42e9-92ac-6d14904f643b}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{68d6e09a-2621-416a-b415-6a4b49440833}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{68d6e09a-2621-416a-b415-6a4b49440833}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{68de6de0-f6bf-4cc1-8adf-1b088d3f0cb3}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{6b203546-25dc-48db-be96-1b6112704765}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{8718928d-cbeb-45ea-a621-800a9249001d}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{886ad7b5-0847-40eb-8565-a30c2beb7f46}: [NameServer] 8.8.8.8
Tcpip\..\Interfaces\{8b5379c0-5886-4c88-902d-a8e299e11b2d}: [NameServer] 208.67.222.222,208.67.220.220

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1
HKU\S-1-5-21-3101684064-3434913050-970958240-1006\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3101684064-3434913050-970958240-1006\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK14/1
HKU\S-1-5-21-3101684064-3434913050-970958240-1006\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://js.redirect.hp.com/jumpstation?bd=all&c=143&locale=ww_ww&pf=cndt&s=ieHPtab&tp=iehome
SearchScopes: HKLM -> {832ECD25-4CAA-4BBA-8858-14B4D3A14A77} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {832ECD25-4CAA-4BBA-8858-14B4D3A14A77} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-07-23] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-23] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-07-23] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-07-23] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-23] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-23] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-23] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-23] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2017-08-08] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2017-08-08] (McAfee, Inc.)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_130.dll [2017-09-12] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2017-08-08] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2017-08-08] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-07-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-07-23] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-03-31] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-03-31] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)

Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\benne\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-09-20]
CHR Extension: (Google Slides) - C:\Users\benne\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-09-10]
CHR Extension: (Google Docs) - C:\Users\benne\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-09-10]
CHR Extension: (Google Drive) - C:\Users\benne\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-09-10]
CHR Extension: (YouTube) - C:\Users\benne\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-10]
CHR Extension: (Honey) - C:\Users\benne\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2017-09-19]
CHR Extension: (Adblock Plus) - C:\Users\benne\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-09-10]
CHR Extension: (uBlock Origin) - C:\Users\benne\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-09-10]
CHR Extension: (Adblock for Youtube™) - C:\Users\benne\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2017-09-10]
CHR Extension: (Youtube Button) - C:\Users\benne\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coicnnbpjlebpmaelfamheecckofmfak [2017-09-10]
CHR Extension: (Tampermonkey) - C:\Users\benne\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-09-10]
CHR Extension: (Selection Reader (Text to Speech)) - C:\Users\benne\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fdffijlhedcdiblbingmagmdnokokgbi [2017-09-10]
CHR Extension: (Google Sheets) - C:\Users\benne\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-09-10]
CHR Extension: (WebRTC Control) - C:\Users\benne\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fjkmabmdepjfammlpliljpnbhleegehm [2017-09-10]
CHR Extension: (HTTPS Everywhere) - C:\Users\benne\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2017-09-12]
CHR Extension: (Google Docs Offline) - C:\Users\benne\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-09-10]
CHR Extension: (AdBlock) - C:\Users\benne\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-09-19]
CHR Extension: (Audio Channel) - C:\Users\benne\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hafdgamhnmiioimpcdhhbhgcjndgmphd [2017-09-12]
CHR Extension: (TTSReader - Unlimited Text-To-Speech) - C:\Users\benne\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\melfcogdhodeocnkdiplgdpkllopbhan [2017-09-10]
CHR Extension: (Ghostery Fixer) - C:\Users\benne\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mkaegpmdlhnpldpoadmnnbddbkcdmbhb [2017-09-10]
CHR Extension: (Ghostery) - C:\Users\benne\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2017-09-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\benne\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-10]
CHR Extension: (Gmail) - C:\Users\benne\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-09-10]
CHR Extension: (Chrome Media Router) - C:\Users\benne\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-10]
CHR HKLM-x32\...\Chrome\Extension: [jkfpchpiljkaemlpmpebnglgkomamfeo] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3705536 2017-07-03] (Microsoft Corporation)
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1511728 2017-08-10] (McAfee, Inc.)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5738528 2014-11-07] (Fitbit, Inc.) [File not signed]
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1093648 2017-05-23] (Garmin Ltd. or its subsidiaries)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321896 2017-07-06] (HP Inc.)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-10-14] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.5.312.0\\McCSPServiceHost.exe [2139832 2017-05-30] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [242640 2017-06-21] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [394704 2017-06-21] (McAfee, Inc.)
R3 mfevtp; C:\WINDOWS\system32\mfevtps.exe [350160 2017-06-21] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1546904 2017-08-17] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-03-31] (NVIDIA Corporation)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-02-07] (Softex Inc.) [File not signed]
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv2.exe [15872 2016-11-25] ( ) [File not signed]
R2 OpenVPNServiceInteractive; C:\Program Files\OpenVPN\bin\openvpnserv.exe [72832 2017-07-14] (The OpenVPN Project)
S3 OpenVPNServiceLegacy; C:\Program Files\OpenVPN\bin\openvpnserv.exe [72832 2017-07-14] (The OpenVPN Project)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1042288 2017-05-22] (Intel Security, Inc.)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
S2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe" -s [X]
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
S2 McAPExe; "C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 btmhsf; C:\WINDOWS\system32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.)
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [77800 2017-06-26] (McAfee, Inc.)
R1 ElRawDisk; C:\WINDOWS\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-08-24] ()
S3 Hamachi; C:\WINDOWS\system32\DRIVERS\Hamdrv.sys [45680 2017-06-29] (LogMeIn Inc.)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [209608 2017-05-31] (McAfee, Inc.)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [230656 2017-03-09] (Intel Corporation)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [192960 2017-09-13] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [101824 2017-09-20] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [45472 2017-09-20] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [253888 2017-09-20] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [94144 2017-09-20] (Malwarebytes)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [487408 2017-06-26] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [355312 2017-06-26] (McAfee, Inc.)
U3 mfeavfk01; no ImagePath
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [84544 2017-06-26] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [506352 2017-06-26] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [933360 2017-06-26] (McAfee, Inc.)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [504792 2017-06-27] (McAfee LLC.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [108504 2017-06-27] (McAfee LLC.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [116208 2017-06-26] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [253424 2017-06-26] (McAfee, Inc.)
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3485696 2017-03-18] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvhdc.inf_amd64_2112cfa205ccb4cd\nvlddmkm.sys [14841784 2017-05-08] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [896768 2016-02-17] (Realtek )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Apple, Inc.) [File not signed]
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
S2 BstHdDrv; \??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [X]
S1 CLVirtualDrive; \SystemRoot\system32\DRIVERS\CLVirtualDrive.sys [X]
S0 mfbgn; System32\drivers\rdplrcjd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-20 11:43 - 2017-09-20 11:43 - 000024715 _____ C:\Users\benne\Desktop\FRST.txt
2017-09-20 11:39 - 2017-09-20 11:39 - 002399744 _____ (Farbar) C:\Users\benne\Downloads\FRST64 (1).exe
2017-09-20 11:39 - 2017-09-20 11:38 - 002399744 _____ (Farbar) C:\Users\benne\Desktop\FRST64.exe
2017-09-20 11:38 - 2017-09-20 11:38 - 002399744 _____ (Farbar) C:\Users\benne\Downloads\FRST64.exe
2017-09-20 08:11 - 2017-09-20 08:11 - 000000000 ____D C:\Users\benne\AppData\Local\CrashDumps
2017-09-20 08:09 - 2017-09-20 08:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2017-09-19 22:31 - 2017-09-05 01:30 - 000287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-09-19 22:31 - 2017-09-05 01:21 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-09-19 22:31 - 2017-09-05 01:18 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-09-19 22:31 - 2017-09-05 01:12 - 001409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-09-19 22:31 - 2017-09-05 01:12 - 001292880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-09-19 22:31 - 2017-09-05 01:12 - 000627080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-09-19 22:31 - 2017-09-05 01:12 - 000081176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2017-09-19 22:31 - 2017-09-05 00:53 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-09-19 22:31 - 2017-09-05 00:52 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-09-19 22:31 - 2017-09-05 00:50 - 004330920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2017-09-19 22:31 - 2017-09-05 00:46 - 004471888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-09-19 22:31 - 2017-09-05 00:45 - 005821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-09-19 22:31 - 2017-09-05 00:45 - 002476712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-09-19 22:31 - 2017-09-05 00:45 - 002166808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-09-19 22:31 - 2017-09-05 00:45 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-09-19 22:31 - 2017-09-05 00:45 - 000085784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialUIBroker.exe
2017-09-19 22:31 - 2017-09-05 00:44 - 000569264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2017-09-19 22:31 - 2017-09-05 00:43 - 000611096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-09-19 22:31 - 2017-09-05 00:43 - 000359560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-09-19 22:31 - 2017-09-05 00:43 - 000280480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-09-19 22:31 - 2017-09-05 00:43 - 000169376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-09-19 22:31 - 2017-09-05 00:43 - 000042456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbs.dll
2017-09-19 22:31 - 2017-09-05 00:42 - 002330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-09-19 22:31 - 2017-09-05 00:42 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-09-19 22:31 - 2017-09-05 00:42 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-09-19 22:31 - 2017-09-05 00:42 - 000291904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2017-09-19 22:31 - 2017-09-05 00:42 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-09-19 22:31 - 2017-09-05 00:41 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-09-19 22:31 - 2017-09-05 00:41 - 006761560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-09-19 22:31 - 2017-09-05 00:41 - 004671832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-09-19 22:31 - 2017-09-05 00:41 - 001106904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2017-09-19 22:31 - 2017-09-05 00:41 - 001013912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2017-09-19 22:31 - 2017-09-05 00:40 - 000052768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2017-09-19 22:31 - 2017-09-05 00:37 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-09-19 22:31 - 2017-09-05 00:28 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2017-09-19 22:31 - 2017-09-05 00:28 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
2017-09-19 22:31 - 2017-09-05 00:27 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-09-19 22:31 - 2017-09-05 00:26 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-09-19 22:31 - 2017-09-05 00:26 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-09-19 22:31 - 2017-09-05 00:26 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2017-09-19 22:31 - 2017-09-05 00:26 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2017-09-19 22:31 - 2017-09-05 00:25 - 013844480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-09-19 22:31 - 2017-09-05 00:25 - 001448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-09-19 22:31 - 2017-09-05 00:25 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-09-19 22:31 - 2017-09-05 00:25 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-09-19 22:31 - 2017-09-05 00:24 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-09-19 22:31 - 2017-09-05 00:23 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-09-19 22:31 - 2017-09-05 00:22 - 000742912 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2017-09-19 22:31 - 2017-09-05 00:22 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-09-19 22:31 - 2017-09-05 00:21 - 006728704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-09-19 22:31 - 2017-09-05 00:21 - 001178624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2017-09-19 22:31 - 2017-09-05 00:21 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2017-09-19 22:31 - 2017-09-05 00:21 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.exe
2017-09-19 22:31 - 2017-09-05 00:20 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-09-19 22:31 - 2017-09-05 00:19 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-09-19 22:31 - 2017-09-05 00:19 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.dll
2017-09-19 22:31 - 2017-09-05 00:19 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2017-09-19 22:31 - 2017-09-05 00:19 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll
2017-09-19 22:31 - 2017-09-05 00:18 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2017-09-19 22:31 - 2017-09-05 00:18 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-09-19 22:31 - 2017-09-05 00:18 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll
2017-09-19 22:31 - 2017-09-05 00:18 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll
2017-09-19 22:31 - 2017-09-05 00:18 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll
2017-09-19 22:31 - 2017-09-05 00:17 - 000918528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2017-09-19 22:31 - 2017-09-05 00:17 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll
2017-09-19 22:31 - 2017-09-05 00:17 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2017-09-19 22:31 - 2017-09-05 00:17 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-09-19 22:31 - 2017-09-05 00:16 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-09-19 22:31 - 2017-09-05 00:16 - 000844288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2017-09-19 22:31 - 2017-09-05 00:16 - 000563200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2017-09-19 22:31 - 2017-09-05 00:16 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-09-19 22:31 - 2017-09-05 00:16 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
2017-09-19 22:31 - 2017-09-05 00:15 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-09-19 22:31 - 2017-09-05 00:15 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-09-19 22:31 - 2017-09-05 00:15 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-09-19 22:31 - 2017-09-05 00:15 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-09-19 22:31 - 2017-09-05 00:15 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2017-09-19 22:31 - 2017-09-05 00:14 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-09-19 22:31 - 2017-09-05 00:14 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-09-19 22:31 - 2017-09-05 00:14 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-09-19 22:31 - 2017-09-05 00:13 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-09-19 22:31 - 2017-09-05 00:13 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-09-19 22:31 - 2017-09-05 00:12 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-09-19 22:31 - 2017-09-05 00:12 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-09-19 22:31 - 2017-09-05 00:12 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-09-19 22:31 - 2017-09-05 00:11 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-09-19 22:31 - 2017-09-05 00:11 - 001355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-09-19 22:31 - 2017-09-05 00:11 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-09-19 22:31 - 2017-09-05 00:11 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-09-19 22:31 - 2017-09-05 00:11 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-09-19 22:31 - 2017-09-05 00:10 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-09-19 22:31 - 2017-09-05 00:10 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-09-19 22:31 - 2017-09-05 00:10 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-09-19 22:31 - 2017-09-05 00:10 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthHFSrv.dll
2017-09-19 22:31 - 2017-09-05 00:06 - 000221696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2017-09-19 22:31 - 2017-09-05 00:06 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-09-19 22:31 - 2017-09-05 00:04 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
2017-09-19 22:31 - 2017-09-05 00:04 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-09-19 22:30 - 2017-09-05 01:31 - 001596592 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-09-19 22:30 - 2017-09-05 01:31 - 001346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-09-19 22:30 - 2017-09-05 01:31 - 001147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-09-19 22:30 - 2017-09-05 01:31 - 001024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-09-19 22:30 - 2017-09-05 01:31 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-09-19 22:30 - 2017-09-05 01:31 - 000750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-09-19 22:30 - 2017-09-05 01:31 - 000115792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2017-09-19 22:30 - 2017-09-05 01:27 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-09-19 22:30 - 2017-09-05 01:27 - 000136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-09-19 22:30 - 2017-09-05 01:26 - 008319904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-09-19 22:30 - 2017-09-05 01:26 - 001930840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-09-19 22:30 - 2017-09-05 01:25 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-09-19 22:30 - 2017-09-05 01:25 - 000159648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2017-09-19 22:30 - 2017-09-05 01:24 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-09-19 22:30 - 2017-09-05 01:24 - 000519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-09-19 22:30 - 2017-09-05 01:23 - 004462120 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2017-09-19 22:30 - 2017-09-05 01:23 - 001242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-09-19 22:30 - 2017-09-05 01:20 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-09-19 22:30 - 2017-09-05 01:19 - 004848960 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-09-19 22:30 - 2017-09-05 01:19 - 002443168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-09-19 22:30 - 2017-09-05 01:18 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-09-19 22:30 - 2017-09-05 01:18 - 005477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-09-19 22:30 - 2017-09-05 01:18 - 002972552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2017-09-19 22:30 - 2017-09-05 01:18 - 002647224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-09-19 22:30 - 2017-09-05 01:18 - 001668344 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2017-09-19 22:30 - 2017-09-05 01:18 - 000685512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2017-09-19 22:30 - 2017-09-05 01:18 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-09-19 22:30 - 2017-09-05 01:17 - 000316320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-09-19 22:30 - 2017-09-05 01:16 - 001320344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-09-19 22:30 - 2017-09-05 01:16 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-09-19 22:30 - 2017-09-05 01:16 - 000724200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-09-19 22:30 - 2017-09-05 01:16 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-09-19 22:30 - 2017-09-05 01:16 - 000546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-09-19 22:30 - 2017-09-05 01:16 - 000410168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-09-19 22:30 - 2017-09-05 01:16 - 000228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-09-19 22:30 - 2017-09-05 01:16 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-09-19 22:30 - 2017-09-05 01:16 - 000049720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbs.dll
2017-09-19 22:30 - 2017-09-05 01:15 - 003116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-09-19 22:30 - 2017-09-05 01:15 - 000871448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-09-19 22:30 - 2017-09-05 01:15 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-09-19 22:30 - 2017-09-05 01:15 - 000381824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2017-09-19 22:30 - 2017-09-05 01:15 - 000257440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-09-19 22:30 - 2017-09-05 01:14 - 021352656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-09-19 22:30 - 2017-09-05 01:14 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-09-19 22:30 - 2017-09-05 01:14 - 004708504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-09-19 22:30 - 2017-09-05 01:14 - 001146176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2017-09-19 22:30 - 2017-09-05 01:14 - 000958664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2017-09-19 22:30 - 2017-09-05 01:14 - 000254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-09-19 22:30 - 2017-09-05 01:14 - 000094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-09-19 22:30 - 2017-09-05 01:13 - 001619816 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-09-19 22:30 - 2017-09-05 01:13 - 000064680 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2017-09-19 22:30 - 2017-09-05 01:11 - 002675104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-09-19 22:30 - 2017-09-05 01:11 - 000610720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2017-09-19 22:30 - 2017-09-05 01:11 - 000387936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-09-19 22:30 - 2017-09-05 00:53 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-09-19 22:30 - 2017-09-05 00:45 - 023679488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-09-19 22:30 - 2017-09-05 00:31 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-09-19 22:30 - 2017-09-05 00:30 - 001639936 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-09-19 22:30 - 2017-09-05 00:30 - 001275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-09-19 22:30 - 2017-09-05 00:30 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-09-19 22:30 - 2017-09-05 00:30 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-09-19 22:30 - 2017-09-05 00:30 - 000447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-09-19 22:30 - 2017-09-05 00:30 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-09-19 22:30 - 2017-09-05 00:30 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-09-19 22:30 - 2017-09-05 00:30 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
2017-09-19 22:30 - 2017-09-05 00:30 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-09-19 22:30 - 2017-09-05 00:29 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll
2017-09-19 22:30 - 2017-09-05 00:28 - 017371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-09-19 22:30 - 2017-09-05 00:28 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-09-19 22:30 - 2017-09-05 00:27 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-09-19 22:30 - 2017-09-05 00:27 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\CfgSPCellular.dll
2017-09-19 22:30 - 2017-09-05 00:27 - 000131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAPNCsp.dll
2017-09-19 22:30 - 2017-09-05 00:27 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2017-09-19 22:30 - 2017-09-05 00:27 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-09-19 22:30 - 2017-09-05 00:27 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\datamarketsvc.dll
2017-09-19 22:30 - 2017-09-05 00:27 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-09-19 22:30 - 2017-09-05 00:27 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-09-19 22:30 - 2017-09-05 00:26 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2017-09-19 22:30 - 2017-09-05 00:26 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\csplte.dll
2017-09-19 22:30 - 2017-09-05 00:26 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2017-09-19 22:30 - 2017-09-05 00:26 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2017-09-19 22:30 - 2017-09-05 00:26 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-09-19 22:30 - 2017-09-05 00:26 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-09-19 22:30 - 2017-09-05 00:26 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.exe
2017-09-19 22:30 - 2017-09-05 00:26 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnpinst.exe
2017-09-19 22:30 - 2017-09-05 00:25 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-09-19 22:30 - 2017-09-05 00:25 - 000527872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-09-19 22:30 - 2017-09-05 00:25 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-09-19 22:30 - 2017-09-05 00:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-09-19 22:30 - 2017-09-05 00:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
2017-09-19 22:30 - 2017-09-05 00:24 - 000457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-09-19 22:30 - 2017-09-05 00:24 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmvsc.dll
2017-09-19 22:30 - 2017-09-05 00:24 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll
2017-09-19 22:30 - 2017-09-05 00:24 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-09-19 22:30 - 2017-09-05 00:24 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2017-09-19 22:30 - 2017-09-05 00:24 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcrecovery.dll
2017-09-19 22:30 - 2017-09-05 00:24 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll
2017-09-19 22:30 - 2017-09-05 00:24 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2017-09-19 22:30 - 2017-09-05 00:24 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-09-19 22:30 - 2017-09-05 00:23 - 020509184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-09-19 22:30 - 2017-09-05 00:23 - 000739840 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2017-09-19 22:30 - 2017-09-05 00:23 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-09-19 22:30 - 2017-09-05 00:23 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-09-19 22:30 - 2017-09-05 00:23 - 000305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2017-09-19 22:30 - 2017-09-05 00:23 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-09-19 22:30 - 2017-09-05 00:23 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2017-09-19 22:30 - 2017-09-05 00:23 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll
2017-09-19 22:30 - 2017-09-05 00:23 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2017-09-19 22:30 - 2017-09-05 00:22 - 023684608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-09-19 22:30 - 2017-09-05 00:22 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2017-09-19 22:30 - 2017-09-05 00:22 - 000556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-09-19 22:30 - 2017-09-05 00:22 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-09-19 22:30 - 2017-09-05 00:22 - 000477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll
2017-09-19 22:30 - 2017-09-05 00:22 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-09-19 22:30 - 2017-09-05 00:22 - 000413184 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2017-09-19 22:30 - 2017-09-05 00:22 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-09-19 22:30 - 2017-09-05 00:22 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2017-09-19 22:30 - 2017-09-05 00:22 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-09-19 22:30 - 2017-09-05 00:22 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-09-19 22:30 - 2017-09-05 00:22 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-09-19 22:30 - 2017-09-05 00:22 - 000213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll
2017-09-19 22:30 - 2017-09-05 00:22 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
2017-09-19 22:30 - 2017-09-05 00:22 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-09-19 22:30 - 2017-09-05 00:21 - 001051136 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2017-09-19 22:30 - 2017-09-05 00:21 - 000946688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll
2017-09-19 22:30 - 2017-09-05 00:21 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2017-09-19 22:30 - 2017-09-05 00:21 - 000691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2017-09-19 22:30 - 2017-09-05 00:21 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-09-19 22:30 - 2017-09-05 00:21 - 000408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-09-19 22:30 - 2017-09-05 00:21 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2017-09-19 22:30 - 2017-09-05 00:21 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-09-19 22:30 - 2017-09-05 00:20 - 007337472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-09-19 22:30 - 2017-09-05 00:20 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-09-19 22:30 - 2017-09-05 00:20 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-09-19 22:30 - 2017-09-05 00:20 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-09-19 22:30 - 2017-09-05 00:20 - 000546816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-09-19 22:30 - 2017-09-05 00:20 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-09-19 22:30 - 2017-09-05 00:20 - 000282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2017-09-19 22:30 - 2017-09-05 00:20 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-09-19 22:30 - 2017-09-05 00:19 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-09-19 22:30 - 2017-09-05 00:19 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-09-19 22:30 - 2017-09-05 00:19 - 001085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-09-19 22:30 - 2017-09-05 00:19 - 001028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-09-19 22:30 - 2017-09-05 00:19 - 000996864 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2017-09-19 22:30 - 2017-09-05 00:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-09-19 22:30 - 2017-09-05 00:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-09-19 22:30 - 2017-09-05 00:19 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2017-09-19 22:30 - 2017-09-05 00:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-09-19 22:30 - 2017-09-05 00:19 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-09-19 22:30 - 2017-09-05 00:18 - 012801536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-09-19 22:30 - 2017-09-05 00:18 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-09-19 22:30 - 2017-09-05 00:18 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-09-19 22:30 - 2017-09-05 00:18 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-09-19 22:30 - 2017-09-05 00:18 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2017-09-19 22:30 - 2017-09-05 00:18 - 000874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-09-19 22:30 - 2017-09-05 00:18 - 000864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-09-19 22:30 - 2017-09-05 00:18 - 000832000 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2017-09-19 22:30 - 2017-09-05 00:18 - 000803328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-09-19 22:30 - 2017-09-05 00:18 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-09-19 22:30 - 2017-09-05 00:18 - 000564736 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-09-19 22:30 - 2017-09-05 00:18 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2017-09-19 22:30 - 2017-09-05 00:18 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-09-19 22:30 - 2017-09-05 00:18 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-09-19 22:30 - 2017-09-05 00:18 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-09-19 22:30 - 2017-09-05 00:18 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-09-19 22:30 - 2017-09-05 00:18 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-09-19 22:30 - 2017-09-05 00:17 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-09-19 22:30 - 2017-09-05 00:17 - 008207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-09-19 22:30 - 2017-09-05 00:17 - 002765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-09-19 22:30 - 2017-09-05 00:17 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-09-19 22:30 - 2017-09-05 00:17 - 001397760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-09-19 22:30 - 2017-09-05 00:17 - 000757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2017-09-19 22:30 - 2017-09-05 00:16 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-09-19 22:30 - 2017-09-05 00:16 - 002680320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2017-09-19 22:30 - 2017-09-05 00:16 - 000440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
2017-09-19 22:30 - 2017-09-05 00:16 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-09-19 22:30 - 2017-09-05 00:16 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-09-19 22:30 - 2017-09-05 00:15 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-09-19 22:30 - 2017-09-05 00:15 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-09-19 22:30 - 2017-09-05 00:15 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-09-19 22:30 - 2017-09-05 00:15 - 003059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-09-19 22:30 - 2017-09-05 00:15 - 002503680 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-09-19 22:30 - 2017-09-05 00:15 - 002055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-09-19 22:30 - 2017-09-05 00:15 - 001736704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2017-09-19 22:30 - 2017-09-05 00:15 - 001460224 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-09-19 22:30 - 2017-09-05 00:15 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-09-19 22:30 - 2017-09-05 00:15 - 001143296 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-09-19 22:30 - 2017-09-05 00:15 - 001077248 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-09-19 22:30 - 2017-09-05 00:15 - 000706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-09-19 22:30 - 2017-09-05 00:15 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-09-19 22:30 - 2017-09-05 00:15 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-09-19 22:30 - 2017-09-05 00:14 - 011887104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-09-19 22:30 - 2017-09-05 00:14 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-09-19 22:30 - 2017-09-05 00:14 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-09-19 22:30 - 2017-09-05 00:14 - 002445824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-09-19 22:30 - 2017-09-05 00:14 - 002177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-09-19 22:30 - 2017-09-05 00:14 - 002006528 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2017-09-19 22:30 - 2017-09-05 00:14 - 001657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-09-19 22:30 - 2017-09-05 00:14 - 001583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-09-19 22:30 - 2017-09-05 00:14 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-09-19 22:30 - 2017-09-05 00:14 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-09-19 22:30 - 2017-09-05 00:14 - 000827904 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-09-19 22:30 - 2017-09-05 00:14 - 000810496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-09-19 22:30 - 2017-09-05 00:13 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-09-19 22:30 - 2017-09-05 00:13 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-09-19 22:30 - 2017-09-05 00:13 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-09-19 22:30 - 2017-09-05 00:12 - 006265856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-09-19 22:30 - 2017-09-05 00:12 - 002153984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2017-09-19 22:30 - 2017-09-05 00:11 - 003654656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-09-19 22:30 - 2017-09-05 00:11 - 001463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-09-19 22:30 - 2017-09-05 00:11 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2017-09-19 22:30 - 2017-09-05 00:09 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2017-09-19 22:30 - 2017-09-05 00:07 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
2017-09-19 22:30 - 2017-09-05 00:07 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-09-19 22:30 - 2017-09-05 00:06 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-09-19 22:30 - 2017-09-01 01:55 - 000031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-09-19 22:20 - 2017-09-19 22:20 - 000007596 _____ C:\Users\benne\Desktop\rk_F8E0.tmp.txt
2017-09-19 21:48 - 2017-09-19 21:48 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-09-19 21:48 - 2017-09-19 21:48 - 000000000 ____D C:\ProgramData\RogueKiller
2017-09-19 21:47 - 2017-09-19 21:47 - 000004449 _____ C:\Users\benne\Desktop\AdwCleaner[C0].txt
2017-09-19 21:47 - 2017-09-19 21:47 - 000000915 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-09-19 21:47 - 2017-09-19 21:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-09-19 21:47 - 2017-09-19 21:47 - 000000000 ____D C:\Program Files\RogueKiller
2017-09-19 21:41 - 2017-09-19 21:41 - 035884000 _____ (Adlice Software ) C:\Users\benne\Desktop\setup.exe
2017-09-19 21:39 - 2017-09-19 21:46 - 000000000 ____D C:\AdwCleaner
2017-09-19 21:39 - 2017-09-19 21:39 - 008182736 _____ (Malwarebytes) C:\Users\benne\Desktop\AdwCleaner.exe
2017-09-19 21:20 - 2017-09-20 00:36 - 000101824 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-09-19 21:20 - 2017-09-19 21:20 - 000460548 _____ C:\WINDOWS\Minidump\091917-7375-01.dmp
2017-09-19 20:59 - 2017-09-19 20:59 - 000475892 _____ C:\WINDOWS\Minidump\091917-16984-01.dmp
2017-09-19 20:57 - 2017-09-19 20:57 - 000468316 _____ C:\WINDOWS\Minidump\091917-27734-01.dmp
2017-09-19 20:50 - 2017-09-19 20:50 - 000451628 _____ C:\WINDOWS\Minidump\091917-38500-01.dmp
2017-09-19 20:39 - 2017-09-20 11:43 - 000000000 ____D C:\FRST
2017-09-19 20:38 - 2017-09-19 20:38 - 000477180 _____ C:\WINDOWS\Minidump\091917-12968-01.dmp
2017-09-19 20:30 - 2017-09-19 20:30 - 000463508 _____ C:\WINDOWS\Minidump\091917-21812-01.dmp
2017-09-19 20:20 - 2017-09-19 20:20 - 000468436 _____ C:\WINDOWS\Minidump\091917-21921-01.dmp
2017-09-19 20:09 - 2017-09-19 20:09 - 000466604 _____ C:\WINDOWS\Minidump\091917-22093-01.dmp
2017-09-19 19:58 - 2017-09-19 19:58 - 000459148 _____ C:\WINDOWS\Minidump\091917-22500-02.dmp
2017-09-19 19:47 - 2017-09-19 19:48 - 000460892 _____ C:\WINDOWS\Minidump\091917-21609-01.dmp
2017-09-19 19:37 - 2017-09-19 19:37 - 000465492 _____ C:\WINDOWS\Minidump\091917-21953-01.dmp
2017-09-19 19:26 - 2017-09-19 19:26 - 000462132 _____ C:\WINDOWS\Minidump\091917-22312-01.dmp
2017-09-19 19:15 - 2017-09-19 19:15 - 000461204 _____ C:\WINDOWS\Minidump\091917-21781-03.dmp
2017-09-19 19:05 - 2017-09-19 19:05 - 000471228 _____ C:\WINDOWS\Minidump\091917-42656-01.dmp
2017-09-19 18:53 - 2017-09-19 18:53 - 000471588 _____ C:\WINDOWS\Minidump\091917-17703-01.dmp
2017-09-19 18:42 - 2017-09-19 18:42 - 000467604 _____ C:\WINDOWS\Minidump\091917-21515-01.dmp
2017-09-19 18:32 - 2017-09-19 18:32 - 000475220 _____ C:\WINDOWS\Minidump\091917-43296-01.dmp
2017-09-19 18:27 - 2017-09-20 10:07 - 000004034 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2017-09-19 18:27 - 2017-09-19 18:27 - 000004222 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2017-09-19 18:20 - 2017-09-19 18:21 - 000470956 _____ C:\WINDOWS\Minidump\091917-58328-01.dmp
2017-09-19 18:09 - 2017-09-19 18:09 - 000463572 _____ C:\WINDOWS\Minidump\091917-22015-04.dmp
2017-09-19 17:58 - 2017-09-19 17:58 - 000457084 _____ C:\WINDOWS\Minidump\091917-22187-01.dmp
2017-09-19 17:48 - 2017-09-19 17:48 - 000498676 _____ C:\WINDOWS\Minidump\091917-22484-01.dmp
2017-09-19 17:37 - 2017-09-19 17:37 - 000434292 _____ C:\WINDOWS\Minidump\091917-22015-03.dmp
2017-09-19 17:26 - 2017-09-19 17:26 - 000458212 _____ C:\WINDOWS\Minidump\091917-22640-01.dmp
2017-09-19 17:15 - 2017-09-19 17:15 - 000457580 _____ C:\WINDOWS\Minidump\091917-21703-01.dmp
2017-09-19 17:05 - 2017-09-19 17:05 - 000457988 _____ C:\WINDOWS\Minidump\091917-21750-02.dmp
2017-09-19 16:57 - 2017-09-19 16:57 - 004706991 _____ C:\Users\benne\Desktop\minidump.zip
2017-09-19 16:54 - 2017-09-19 16:54 - 000464708 _____ C:\WINDOWS\Minidump\091917-22593-01.dmp
2017-09-19 16:52 - 2017-09-19 18:48 - 000000000 ____D C:\Users\benne\Desktop\minidump
2017-09-19 16:43 - 2017-09-19 16:43 - 000577708 _____ C:\WINDOWS\Minidump\091917-22687-01.dmp
2017-09-19 16:32 - 2017-09-19 16:33 - 000469140 _____ C:\WINDOWS\Minidump\091917-22203-03.dmp
2017-09-19 16:22 - 2017-09-19 16:22 - 000562788 _____ C:\WINDOWS\Minidump\091917-22437-01.dmp
2017-09-19 16:11 - 2017-09-19 16:11 - 000459396 _____ C:\WINDOWS\Minidump\091917-22140-01.dmp
2017-09-19 16:00 - 2017-09-19 16:00 - 000464428 _____ C:\WINDOWS\Minidump\091917-21765-02.dmp
2017-09-19 15:49 - 2017-09-19 15:50 - 000608140 _____ C:\WINDOWS\Minidump\091917-22031-01.dmp
2017-09-19 15:39 - 2017-09-19 15:39 - 000463060 _____ C:\WINDOWS\Minidump\091917-22531-01.dmp
2017-09-19 15:28 - 2017-09-19 15:28 - 000566276 _____ C:\WINDOWS\Minidump\091917-21781-01.dmp
2017-09-19 15:17 - 2017-09-19 15:17 - 000464324 _____ C:\WINDOWS\Minidump\091917-22171-02.dmp
2017-09-19 15:07 - 2017-09-19 15:07 - 000459340 _____ C:\WINDOWS\Minidump\091917-21968-02.dmp
2017-09-19 14:56 - 2017-09-19 14:56 - 000457820 _____ C:\WINDOWS\Minidump\091917-21781-02.dmp
2017-09-19 14:45 - 2017-09-19 14:45 - 000462652 _____ C:\WINDOWS\Minidump\091917-22078-03.dmp
2017-09-19 14:34 - 2017-09-19 14:35 - 000453940 _____ C:\WINDOWS\Minidump\091917-21859-01.dmp
2017-09-19 14:24 - 2017-09-19 14:24 - 000462524 _____ C:\WINDOWS\Minidump\091917-21875-01.dmp
2017-09-19 14:13 - 2017-09-19 14:13 - 000458668 _____ C:\WINDOWS\Minidump\091917-22328-01.dmp
2017-09-19 14:02 - 2017-09-19 14:02 - 000471308 _____ C:\WINDOWS\Minidump\091917-21796-02.dmp
2017-09-19 13:52 - 2017-09-19 13:52 - 000436348 _____ C:\WINDOWS\Minidump\091917-22125-01.dmp
2017-09-19 13:41 - 2017-09-19 13:41 - 000460284 _____ C:\WINDOWS\Minidump\091917-23296-01.dmp
2017-09-19 13:30 - 2017-09-19 13:30 - 000465580 _____ C:\WINDOWS\Minidump\091917-21906-02.dmp
2017-09-19 13:19 - 2017-09-19 13:19 - 000464068 _____ C:\WINDOWS\Minidump\091917-21625-01.dmp
2017-09-19 13:09 - 2017-09-19 13:09 - 000454332 _____ C:\WINDOWS\Minidump\091917-23062-01.dmp
2017-09-19 12:58 - 2017-09-19 12:58 - 000560196 _____ C:\WINDOWS\Minidump\091917-21765-01.dmp
2017-09-19 12:47 - 2017-09-19 12:47 - 000471212 _____ C:\WINDOWS\Minidump\091917-12515-01.dmp
2017-09-19 12:45 - 2017-09-19 12:45 - 004922400 _____ (AO Kaspersky Lab) C:\Users\benne\Desktop\tdsskiller.exe
2017-09-19 12:39 - 2017-09-19 12:39 - 000470068 _____ C:\WINDOWS\Minidump\091917-22421-03.dmp
2017-09-19 12:30 - 2017-09-19 12:30 - 000380928 _____ C:\Users\benne\Desktop\ynuqum8r.exe
2017-09-19 12:19 - 2017-09-19 12:19 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\benne\Desktop\rkill.exe
2017-09-18 18:09 - 2017-09-19 11:46 - 000000000 ____D C:\Users\benne\AppData\LocalLow\uTorrent
2017-09-18 17:57 - 2017-09-18 17:57 - 000000000 ____D C:\Users\benne\AppData\Local\ElevatedDiagnostics
2017-09-18 17:04 - 2017-09-19 21:20 - 788092269 _____ C:\WINDOWS\MEMORY.DMP
2017-09-18 16:52 - 2017-09-18 16:52 - 000000000 ____D C:\WINDOWS\pss
2017-09-13 12:43 - 2017-09-13 13:34 - 000184136 _____ (Emsisoft Ltd) C:\WINDOWS\system32\eamclean.exe
2017-09-13 12:43 - 2017-09-13 13:34 - 000000138 _____ C:\WINDOWS\system32\eamclean.dat
2017-09-13 12:38 - 2017-09-13 13:35 - 000000000 ____D C:\EEK
2017-09-13 11:38 - 2017-09-13 11:38 - 016563352 _____ (Malwarebytes Corp.) C:\Users\benne\Desktop\mbar-1.09.3.1001.exe
2017-09-13 08:11 - 2017-09-19 11:55 - 000079064 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\imofugc.sys
2017-09-13 07:42 - 2017-09-19 21:36 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-09-13 07:41 - 2017-09-19 12:24 - 000000000 ____D C:\Users\benne\Desktop\mbar
2017-09-13 07:36 - 2017-09-13 07:36 - 004922400 _____ (AO Kaspersky Lab) C:\Users\benne\Downloads\tdsskiller.exe
2017-09-13 07:14 - 2017-09-13 07:14 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\10DF557C.sys
2017-09-13 07:11 - 2017-09-13 07:11 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\11875313.sys
2017-09-13 07:09 - 2017-09-13 07:09 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\2CF951C3.sys
2017-09-13 07:03 - 2017-09-13 07:03 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\044B4CED.sys
2017-09-13 06:59 - 2017-09-13 06:59 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\1F7E4A05.sys
2017-09-13 06:57 - 2017-09-13 06:57 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\12FF48A7.sys
2017-09-13 06:51 - 2017-09-20 09:44 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-09-13 06:51 - 2017-09-13 06:51 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\7EBC4370.sys
2017-09-13 06:49 - 2017-09-13 06:49 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\7032421C.sys
2017-09-12 20:56 - 2017-09-12 20:56 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\6DEB7C01.sys
2017-09-12 20:54 - 2017-09-12 20:54 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\616C7AA3.sys
2017-09-12 20:43 - 2017-09-19 11:47 - 000000000 ____D C:\Program Files\Emsisoft Anti-Malware
2017-09-12 20:04 - 2017-09-20 00:36 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-09-12 20:04 - 2017-09-20 00:36 - 000045472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-09-12 20:04 - 2017-09-13 13:27 - 000192960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-09-12 20:04 - 2017-09-12 20:04 - 000004978 _____ C:\Users\benne\Documents\cc_20170912_200409.reg
2017-09-12 20:04 - 2017-09-12 20:04 - 000001928 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-09-12 20:04 - 2017-09-12 20:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-09-12 20:04 - 2017-08-24 11:27 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-09-12 20:03 - 2017-09-12 20:04 - 066347240 _____ (Malwarebytes ) C:\Users\benne\Desktop\mb3-setup-consumer-3.2.2.2018 (1).exe
2017-09-12 19:29 - 2017-09-12 19:29 - 000000000 ____D C:\Users\benne\Desktop\New folder
2017-09-12 19:21 - 2017-09-12 19:21 - 000061734 _____ C:\Users\benne\Documents\cc_20170912_192150.reg
2017-09-12 13:09 - 2017-09-12 13:09 - 020684288 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2017-09-12 12:46 - 2017-09-12 12:46 - 000000000 ____D C:\Program Files\Malwarebytes
2017-09-12 12:44 - 2017-09-12 12:47 - 059941984 _____ (Malwarebytes ) C:\Users\benne\Desktop\mb3-setup-consumer-3.2.2.2018.exe.crdownload
2017-09-12 12:44 - 2017-09-12 12:45 - 066347240 _____ (Malwarebytes ) C:\Users\benne\Desktop\mb3-setup-consumer-3.2.2.2018.exe
2017-09-12 12:43 - 2017-09-13 13:27 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-09-10 19:54 - 2017-09-10 19:54 - 000000000 ____D C:\Users\benne\Documents\New folder
2017-09-10 19:47 - 2017-09-10 19:47 - 000060562 _____ C:\Users\benne\Documents\cc_20170910_194724.reg
2017-09-10 19:32 - 2017-09-10 19:32 - 219152384 _____ C:\DFOptimize_11.bin
2017-09-10 19:32 - 2017-09-10 19:32 - 1073741824 _____ C:\DFOptimize_9.bin
2017-09-10 19:32 - 2017-09-10 19:32 - 1073741824 _____ C:\DFOptimize_8.bin
2017-09-10 19:32 - 2017-09-10 19:32 - 1073741824 _____ C:\DFOptimize_10.bin
2017-09-10 19:31 - 2017-09-10 19:31 - 1073741824 _____ C:\DFOptimize_7.bin
2017-09-10 19:31 - 2017-09-10 19:31 - 1073741824 _____ C:\DFOptimize_6.bin
2017-09-10 19:31 - 2017-09-10 19:31 - 1073741824 _____ C:\DFOptimize_5.bin
2017-09-10 19:31 - 2017-09-10 19:31 - 1073741824 _____ C:\DFOptimize_4.bin
2017-09-10 19:31 - 2017-09-10 19:31 - 1073741824 _____ C:\DFOptimize_3.bin
2017-09-10 19:31 - 2017-09-10 19:31 - 1073741824 _____ C:\DFOptimize_2.bin
2017-09-10 19:30 - 2017-09-10 19:30 - 1073741824 _____ C:\DFOptimize_1.bin
2017-09-10 19:30 - 2017-09-10 19:30 - 1073741824 _____ C:\DFOptimize_0.bin
2017-09-10 17:49 - 2017-09-10 17:49 - 000025080 _____ C:\Users\benne\Documents\cc_20170910_174953.reg
2017-09-10 17:46 - 2017-09-10 17:46 - 000565690 _____ C:\Users\benne\Documents\cc_20170910_174638.reg
2017-09-10 17:30 - 2017-09-10 17:30 - 000000000 ____D C:\Users\benne\AppData\Local\Windows Live
2017-09-10 17:23 - 2017-09-10 17:23 - 000000000 ____D C:\Users\benne\AppData\Roaming\WildTangent
2017-09-10 17:22 - 2012-10-24 15:44 - 000656048 _____ (WildTangent, Inc.) C:\ProgramData\uninstall1377245.exe
2017-09-10 17:20 - 2017-09-10 17:20 - 000000000 ____D C:\ProgramData\WildTangentUninstall1222960
2017-09-10 17:20 - 2012-10-24 15:44 - 000656048 _____ (WildTangent, Inc.) C:\ProgramData\uninstall1222826.exe
2017-09-10 17:04 - 2017-09-10 17:04 - 000000000 ____D C:\Users\benne\AppData\Local\pinger.com
2017-09-10 16:54 - 2017-09-10 16:54 - 000000000 ____D C:\Users\benne\AppData\Local\Apple Computer
2017-09-10 16:41 - 2017-09-10 16:41 - 000000000 ____D C:\Users\benne\AppData\LocalLow\Evernote
2017-09-10 16:40 - 2017-09-10 16:40 - 000000000 ____D C:\Users\benne\AppData\Roaming\Dropbox
2017-09-10 16:31 - 2017-09-10 16:31 - 001023760 _____ C:\Users\benne\Documents\cc_20170910_163121.reg
2017-09-10 16:18 - 2017-09-10 16:27 - 000000000 ____D C:\Program Files\Speccy
2017-09-10 16:18 - 2017-09-10 16:18 - 000000853 _____ C:\Users\Public\Desktop\Speccy.lnk
2017-09-10 16:18 - 2017-09-10 16:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2017-09-10 16:17 - 2017-09-18 17:02 - 000000000 ____D C:\Program Files\Recuva
2017-09-10 16:17 - 2017-09-10 16:17 - 000001715 _____ C:\Users\Public\Desktop\Recuva.lnk
2017-09-10 16:17 - 2017-09-10 16:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2017-09-10 16:16 - 2017-09-10 16:26 - 000000000 ____D C:\Program Files\Defraggler
2017-09-10 16:16 - 2017-09-10 16:16 - 000001781 _____ C:\Users\Public\Desktop\Defraggler.lnk
2017-09-10 16:16 - 2017-09-10 16:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
2017-09-10 16:10 - 2017-09-10 16:10 - 000000258 __RSH C:\Users\benne\ntuser.pol
2017-09-10 16:09 - 2017-09-19 21:20 - 000000000 ____D C:\WINDOWS\Minidump
2017-09-10 16:06 - 2017-09-13 07:22 - 000000000 ____D C:\Users\benne\AppData\Local\vmaymyv
2017-09-10 16:06 - 2017-09-13 07:22 - 000000000 ____D C:\Users\benne\AppData\Local\imedamk
2017-09-10 16:06 - 2017-09-10 16:06 - 000000000 ____D C:\Users\benne\AppData\Local\CEF
2017-09-10 16:05 - 2017-09-10 16:05 - 000140800 _____ C:\Users\benne\AppData\Local\installer.dat
2017-09-10 16:05 - 2017-09-10 16:05 - 000000000 ____D C:\Users\benne\AppData\Roaming\c
2017-09-10 16:05 - 2017-09-10 16:05 - 000000000 ____D C:\Users\benne\AppData\Local\DBG
2017-09-10 16:04 - 2017-09-10 17:48 - 000016782 _____ C:\WINDOWS\System32\Tasks\RGL Mail
2017-09-10 16:04 - 2017-09-10 16:05 - 000000000 ____D C:\Users\benne\AppData\Roaming\Windows_x64_nheqminer-5c
2017-09-10 16:00 - 2017-09-10 16:00 - 000000000 ____D C:\WINDOWS\SysWOW64\vmapcri
2017-09-10 16:00 - 2017-09-10 16:00 - 000000000 ____D C:\WINDOWS\system32\vmapcri
2017-09-10 16:00 - 2017-09-10 16:00 - 000000000 ____D C:\Users\benne\AppData\Roaming\et
2017-09-10 15:59 - 2017-09-10 15:59 - 000000000 ____D C:\Users\benne\AppData\Roaming\NVIDIA
2017-09-10 15:55 - 2017-09-10 15:55 - 000000000 ____D C:\Users\benne\AppData\Roaming\WinRAR
2017-09-10 15:45 - 2017-09-10 15:45 - 000000000 ____D C:\Users\benne\AppData\Local\MicrosoftEdge
2017-09-10 15:42 - 2017-09-10 15:42 - 000000000 ____D C:\Users\benne\AppData\Local\VPNetworkLLC
2017-09-10 15:40 - 2017-09-10 15:40 - 000002213 _____ C:\Users\Public\Desktop\TorGuard.lnk
2017-09-10 15:39 - 2017-09-10 15:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VPNetwork LLC
2017-09-10 15:39 - 2017-09-10 15:39 - 000000000 ____D C:\Program Files (x86)\VPNetwork LLC
2017-09-10 15:35 - 2017-09-19 21:44 - 000002336 _____ C:\Users\benne\Desktop\Google Chrome.lnk
2017-09-10 15:34 - 2017-09-10 15:34 - 000000000 ____D C:\Users\benne\OpenVPN
2017-09-10 15:33 - 2017-09-10 16:22 - 000026608 ____H C:\Users\benne\AppData\Local\IconCache.db.backup
2017-09-08 09:34 - 2017-09-08 09:34 - 000000000 ____D C:\Users\benne\AppData\Roaming\Google
2017-09-08 06:09 - 2017-09-08 06:09 - 000000000 ____D C:\Users\benne\AppData\Local\Hewlett-Packard
2017-09-07 12:25 - 2017-09-07 12:25 - 000039816 _____ C:\WINDOWS\uninstaller.dat
2017-09-06 17:20 - 2017-09-06 17:20 - 000000000 ____D C:\Users\benne\AppData\Local\Apple
2017-09-05 06:07 - 2017-09-05 06:07 - 000000000 ____D C:\Users\benne\AppData\Roaming\Macromedia
2017-09-05 05:29 - 2017-09-05 05:29 - 000000000 ____D C:\Users\benne\AppData\Roaming\Hewlett-Packard
2017-09-04 20:57 - 2017-09-04 20:57 - 000000000 ____D C:\Users\benne\AppData\Local\NetworkTiles
2017-09-04 18:43 - 2017-09-04 18:43 - 000000000 ____D C:\Users\benne\AppData\Roaming\Sun
2017-09-04 18:43 - 2017-09-04 18:43 - 000000000 ____D C:\Users\benne\AppData\LocalLow\Sun
2017-09-04 18:43 - 2017-09-04 18:43 - 000000000 ____D C:\Users\benne\.oracle_jre_usage
2017-09-04 18:41 - 2017-09-04 18:41 - 000000000 ____D C:\Users\benne\AppData\Roaming\Skype
2017-09-04 18:40 - 2017-09-19 21:46 - 000000000 ___RD C:\Users\benne\OneDrive
2017-09-04 18:39 - 2017-09-04 18:39 - 000000000 ____D C:\Users\benne\AppData\Local\Comms
2017-09-04 18:38 - 2017-09-10 16:54 - 000000000 ____D C:\Users\benne\AppData\Roaming\Apple Computer
2017-09-04 18:38 - 2017-09-04 18:38 - 000000000 ____D C:\Users\benne\AppData\Local\NVIDIA
2017-09-04 18:38 - 2017-09-04 18:38 - 000000000 ____D C:\Users\benne\AppData\Local\LogMeIn
2017-09-04 18:37 - 2017-09-19 12:18 - 000000000 ____D C:\Users\benne
2017-09-04 18:37 - 2017-09-10 17:31 - 000000000 ____D C:\Users\benne\AppData\Local\Packages
2017-09-04 18:37 - 2017-09-10 17:05 - 000000000 ____D C:\Users\benne\AppData\Roaming\Adobe
2017-09-04 18:37 - 2017-09-10 15:34 - 000000000 ____D C:\Users\benne\AppData\Local\ConnectedDevicesPlatform
2017-09-04 18:37 - 2017-09-08 09:39 - 000000000 ____D C:\Users\benne\AppData\Local\Google
2017-09-04 18:37 - 2017-09-04 18:38 - 000000000 ____D C:\Users\benne\AppData\Local\VirtualStore
2017-09-04 18:37 - 2017-09-04 18:37 - 000000020 ___SH C:\Users\benne\ntuser.ini
2017-09-04 18:37 - 2017-09-04 18:37 - 000000000 ____D C:\Users\benne\AppData\Local\TileDataLayer
2017-09-04 18:37 - 2017-09-04 18:37 - 000000000 ____D C:\Users\benne\AppData\Local\Publishers
2017-09-04 18:37 - 2016-09-26 04:07 - 000000000 ____D C:\Users\benne\Documents\hp.system.package.metadata
2017-09-04 18:37 - 2016-09-26 04:07 - 000000000 ____D C:\Users\benne\Documents\hp.applications.package.appdata
2017-09-04 18:37 - 2016-09-26 04:07 - 000000000 ____D C:\Users\benne\AppData\Roaming\TuneUp Software
2017-09-04 15:35 - 2017-09-04 15:35 - 000231760 _____ C:\Users\pmwsm_000\Desktop\CrucialScan.exe
2017-08-23 06:07 - 2017-08-23 06:07 - 000154102 _____ C:\Users\pmwsm_000\Desktop\FHS Aesop attachment Memo.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-20 11:35 - 2017-07-17 11:17 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-09-20 08:12 - 2017-03-18 16:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-09-20 08:08 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-09-20 08:07 - 2014-08-26 20:02 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-09-20 00:43 - 2017-07-17 11:19 - 000008556 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-09-20 00:37 - 2017-03-18 17:01 - 000000000 ____D C:\WINDOWS\INF
2017-09-20 00:36 - 2017-07-17 11:31 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-09-20 00:36 - 2017-07-17 11:17 - 000503096 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-09-20 00:36 - 2016-09-26 03:55 - 000000000 ____D C:\ProgramData\NVIDIA
2017-09-20 00:36 - 2014-08-21 00:02 - 000000000 ____D C:\ProgramData\McAfee
2017-09-20 00:36 - 2014-08-21 00:02 - 000000000 ____D C:\Program Files (x86)\McAfee
2017-09-20 00:35 - 2017-03-18 07:40 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2017-09-20 00:34 - 2017-03-18 17:03 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-09-20 00:34 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2017-09-20 00:34 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\SysWOW64\F12
2017-09-20 00:34 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-09-20 00:34 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\setup
2017-09-20 00:34 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-09-20 00:34 - 2017-03-18 17:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-09-20 00:34 - 2017-03-18 17:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-09-19 23:03 - 2016-02-08 21:11 - 000000000 ____D C:\Program Files\Common Files\McAfee
2017-09-19 21:44 - 2016-07-16 07:47 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-09-19 21:44 - 2014-11-03 21:59 - 000002264 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-09-19 21:44 - 2014-08-26 20:18 - 000001154 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-09-19 20:57 - 2017-03-18 07:40 - 017301504 _____ C:\WINDOWS\system32\config\HARDWARE
2017-09-19 18:30 - 2017-07-17 11:31 - 000003126 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2017-09-19 18:28 - 2017-07-17 11:31 - 000000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2017-09-19 18:28 - 2017-03-18 17:03 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2017-09-19 18:26 - 2017-07-19 09:24 - 000003442 _____ C:\WINDOWS\System32\Tasks\McAfee Remediation (Prepare)
2017-09-19 11:55 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\appcompat
2017-09-18 17:00 - 2017-03-18 17:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-09-13 07:42 - 2016-01-30 14:27 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-09-12 13:09 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-09-12 13:09 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-09-10 20:00 - 2017-03-18 17:03 - 000000000 ____D C:\Program Files\RGL Mail
2017-09-10 17:55 - 2014-11-12 20:04 - 000000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cffed55ec1f5e0.job
2017-09-10 17:55 - 2014-11-03 21:59 - 000000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2017-09-10 17:48 - 2017-07-17 11:31 - 000003434 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1d04112a8273379
2017-09-10 17:48 - 2017-07-17 11:31 - 000003352 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1cffed55ec1f5e0
2017-09-10 17:48 - 2017-07-17 11:31 - 000003352 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-09-10 17:48 - 2017-07-17 11:31 - 000003180 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-09-10 17:48 - 2017-07-17 11:31 - 000002762 _____ C:\WINDOWS\System32\Tasks\GarminUpdaterTask
2017-09-10 17:43 - 2014-08-20 23:51 - 000000000 ____D C:\ProgramData\CyberLink
2017-09-10 17:43 - 2014-08-20 23:44 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2017-09-10 17:41 - 2014-08-20 23:41 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-09-10 17:38 - 2014-08-20 23:47 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2017-09-10 17:26 - 2017-05-17 17:35 - 000000000 ____D C:\Program Files\UNP
2017-09-10 17:24 - 2014-08-20 23:56 - 000000000 ____D C:\Program Files (x86)\WildGames
2017-09-10 17:24 - 2014-08-20 23:55 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-09-10 17:23 - 2014-08-20 23:55 - 000000000 ____D C:\ProgramData\WildTangent
2017-09-10 17:23 - 2014-08-20 23:55 - 000000000 ____D C:\Program Files (x86)\WildTangent Games
2017-09-10 17:17 - 2014-09-07 14:44 - 000000000 ____D C:\Program Files (x86)\Vstplugins
2017-09-10 17:16 - 2014-10-07 18:49 - 000000000 ____D C:\ProgramData\Skype
2017-09-10 17:12 - 2015-05-26 04:13 - 000000000 ____D C:\ProgramData\Apple Computer
2017-09-10 17:08 - 2014-09-07 18:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Studio Plugins
2017-09-10 17:08 - 2014-09-07 18:24 - 000000000 ____D C:\Program Files (x86)\Pinnacle
2017-09-10 17:06 - 2014-09-07 18:18 - 000000000 ____D C:\ProgramData\Pinnacle
2017-09-10 17:04 - 2014-08-20 23:54 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2017-09-10 17:03 - 2014-08-26 20:18 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-09-10 16:57 - 2014-10-17 17:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2017-09-10 16:54 - 2015-06-01 15:46 - 000000000 ____D C:\Program Files\Common Files\Apple
2017-09-10 16:39 - 2017-03-18 17:03 - 000000000 __RHD C:\Users\Public\Libraries
2017-09-10 16:39 - 2014-10-25 18:57 - 000000000 ____D C:\ProgramData\BlueStacks
2017-09-10 16:37 - 2015-10-11 16:31 - 000000000 ____D C:\Program Files (x86)\betternet
2017-09-10 16:30 - 2017-07-11 12:06 - 000000000 ___DC C:\WINDOWS\Panther
2017-09-10 16:30 - 2014-10-25 18:56 - 000000000 ____D C:\ProgramData\BlueStacksSetup
2017-09-10 16:30 - 2014-08-30 11:58 - 000000000 ____D C:\Program Files (x86)\Steam
2017-09-10 16:09 - 2017-03-17 11:28 - 000000000 ____D C:\WINDOWS\system32\%LOCALAPPDATA%
2017-09-10 16:05 - 2014-08-20 23:54 - 000000258 __RSH C:\ProgramData\ntuser.pol
2017-09-10 16:05 - 2013-08-22 11:36 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-09-10 15:42 - 2017-07-17 11:19 - 000000000 ____D C:\Users\pmwsm_000
2017-09-10 15:42 - 2017-05-26 15:38 - 000000366 _____ C:\WINDOWS\Tasks\HPCeeScheduleForpmwsm_000.job
2017-09-10 15:40 - 2014-04-02 17:21 - 000000000 ____D C:\ProgramData\Package Cache
2017-09-04 18:54 - 2017-03-18 17:03 - 000000000 ___RD C:\WINDOWS\MiracastView
2017-09-04 18:53 - 2017-03-18 17:03 - 000000000 ___RD C:\WINDOWS\PrintDialog
2017-09-03 12:55 - 2017-08-17 20:23 - 000000000 ____D C:\Users\pmwsm_000\AppData\Local\LogMeIn Hamachi
2017-09-01 06:10 - 2017-07-17 11:31 - 000003274 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForpmwsm_000
2017-08-21 12:53 - 2016-12-04 18:32 - 000000000 ____D C:\Users\pmwsm_000\AppData\LocalLow\Mozilla

==================== Files in the root of some directories =======

2017-09-10 16:05 - 2017-09-10 16:05 - 000140800 _____ () C:\Users\benne\AppData\Local\installer.dat
2016-03-07 18:56 - 2016-03-07 18:56 - 000000057 _____ () C:\ProgramData\Ament.ini
2014-10-17 17:04 - 2017-09-10 17:16 - 000004080 _____ () C:\ProgramData\hpzinstall.log
2016-02-06 13:47 - 2016-11-18 17:17 - 000000629 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2017-09-10 17:20 - 2012-10-24 15:44 - 000656048 _____ (WildTangent, Inc.) C:\ProgramData\uninstall1222826.exe
2017-09-10 17:22 - 2012-10-24 15:44 - 000656048 _____ (WildTangent, Inc.) C:\ProgramData\uninstall1377245.exe

Files to move or delete:
====================
C:\ProgramData\uninstall1222826.exe
C:\ProgramData\uninstall1377245.exe

Some files in TEMP:
====================
2017-09-19 21:48 - 2017-06-20 02:10 - 001930320 _____ (Microsoft Corporation) C:\Users\benne\AppData\Local\Temp\dllnt_dump.dll
2017-07-19 05:19 - 2017-07-19 05:19 - 000739904 _____ (Oracle Corporation) C:\Users\pmwsm_000\AppData\Local\Temp\jre-8u141-windows-au.exe
2017-08-01 05:18 - 2017-08-01 05:18 - 000740416 _____ (Oracle Corporation) C:\Users\pmwsm_000\AppData\Local\Temp\jre-8u144-windows-au.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-09-19 22:32

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-09-2017
Ran by benne (20-09-2017 11:44:21)
Running from C:\Users\benne\Desktop
Windows 10 Home Version 1703 (X64) (2017-07-17 15:36:18)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3101684064-3434913050-970958240-500 - Administrator - Enabled)
benne (S-1-5-21-3101684064-3434913050-970958240-1006 - Administrator - Enabled) => C:\Users\benne
DefaultAccount (S-1-5-21-3101684064-3434913050-970958240-503 - Limited - Disabled)
Guest (S-1-5-21-3101684064-3434913050-970958240-501 - Limited - Disabled)
pmwsm_000 (S-1-5-21-3101684064-3434913050-970958240-1001 - Administrator - Enabled) => C:\Users\pmwsm_000
VPNMPHB (S-1-5-21-3101684064-3434913050-970958240-1005 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: McAfee VirusScan (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
AIO_Scan (HKLM-x32\...\{104066F4-5897-4067-85D3-4C88B67CCF75}) (Version: 130.0.421.000 - Hewlett-Packard) Hidden
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\{F60B8711-9A86-46F0-B4F0-E9E4D74E5DFD}) (Version: 20.28.3317.04403 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\AmUStor) (Version: 20.28.3317.04403 - Alcor Micro Corp.)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 381.65 - NVIDIA Corporation) Hidden
ANT Drivers Installer x64 (HKLM\...\{A1EECEC9-2A14-4BE2-8820-66747A61AA8F}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
BufferChm (HKLM-x32\...\{FA0FF682-CC70-4C57-93CD-E276F3E7537E}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
C4380 (HKLM-x32\...\{06856518-366B-4393-8013-E0B0C56C2E8E}) (Version: 140.0.425.000 - Hewlett-Packard) Hidden
C4380_Help (HKLM-x32\...\{a1f89c34-f061-447d-ac10-b5f1896a5923}) (Version: 100.0.206.000 - Hewlett-Packard) Hidden
Copy (HKLM-x32\...\{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
DocProc (HKLM-x32\...\{9B362566-EC1B-4700-BB9C-EC661BDE2175}) (Version: 140.0.185.000 - Hewlett-Packard) Hidden
Elevated Installer (HKLM-x32\...\{C07003B9-FDC4-45A1-9591-ACBF55C6B022}) (Version: 5.5.0.0 - Garmin Ltd or its subsidiaries) Hidden
Fax (HKLM-x32\...\{9294F169-72EE-4D74-AE92-CA25F64B4FF8}) (Version: 140.0.307.000 - Hewlett-Packard) Hidden
Fitbit Connect (HKLM-x32\...\{E54705FB-98A6-4C03-B2DC-D8C3B5486DCD}) (Version: 2.0.0.6512 - Fitbit Inc.)
Garmin Express (HKLM-x32\...\{265e66eb-aaef-49b6-a890-ab4a7a60f4a9}) (Version: 5.5.0.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{F7E67BDA-D15C-48B3-BE25-CC97739F1FDA}) (Version: 5.5.0.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (HKLM-x32\...\{3E614111-85D4-4894-9970-AF03BD189E91}) (Version: 5.5.0.0 - Garmin Ltd or its subsidiaries) Hidden
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Gods Will Be Watching (HKLM-x32\...\Steam App 274290) (Version:  - Deconstructeam)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService2 (HKLM-x32\...\{BB3447F6-9553-4AA9-960E-0DB5310C5779}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Documentation (HKLM-x32\...\{06600E94-1C34-40E2-AB09-D30AECF78172}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Officejet Pro 6830 Basic Device Software (HKLM\...\{98040AB6-D667-409C-81E7-DB65836B3EE0}) (Version: 33.1.73.49987 - Hewlett-Packard Co.)
HP Officejet Pro 6830 Help (HKLM-x32\...\{28693307-6F99-4B5D-9FA3-4D9132DDA716}) (Version: 34.0.0 - Hewlett Packard)
HP Photosmart All-In-One Driver Software (HKLM\...\{A96C5DB7-40F9-46DD-B36F-9E657D1D9E04}) (Version: 14.0 - HP)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7493.4758 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.06 - Hewlett-Packard)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.4.19.3 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.7.27.15 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM-x32\...\{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}) (Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6496.0 - IDT)
Inst5675 (HKLM\...\{2DE6247C-7077-451B-8BA7-FFD1A2ABBB47}) (Version: 8.01.06 - Softex Inc.) Hidden
Inst5676 (HKLM\...\{878F6913-7421-4713-97F7-0A736EE2A188}) (Version: 8.01.06 - Softex Inc.) Hidden
Intel(R) PRO/Wireless Driver (HKLM\...\{47a10c10-a8ba-4682-bf62-1b3340f292d6}) (Version: 16.10.0000.1228 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 3.0.1342.1) (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) 4.0 (HKLM-x32\...\{A405194D-16D1-44FA-8FF8-D43684D77005}) (Version: 17.0.1407.02 - Intel Corporation)
Malwarebytes version 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes)
MarketResearch (HKLM-x32\...\{D360FA88-17C8-4F14-B67F-13AAF9607B12}) (Version: 140.0.299.000 - Hewlett-Packard) Hidden
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.7766.2099 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)
Network64 (HKLM\...\{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}) (Version: 140.0.306.000 - Hewlett-Packard) Hidden
NVIDIA 3D Vision Driver 381.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 381.65 - NVIDIA Corporation)
NVIDIA Graphics Driver 381.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 381.65 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.26 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.7766.2099 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.7766.2099 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.7766.2099 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
OpenVPN 2.3.6-I001  (HKLM-x32\...\OpenVPN) (Version: 2.3.6-I001 - )
OpenVPN 2.4.3-I602  (HKLM\...\OpenVPN) (Version: 2.4.3-I602 - OpenVPN Technologies, Inc.)
Pinnacle Video Driver (HKLM\...\{6DE721A5-5E89-4D74-994C-652BB3C0672E}) (Version: 12.1.0.030 - Pinnacle Systems)
Port Forward Network Utilities (HKLM-x32\...\{88B1D36C-7B70-4C48-8D2F-AAB956ECF4C3}) (Version: 2.0.20 - Portforward, LLC)
Product Improvement Study for HP Officejet Pro 6830 (HKLM\...\{96ABEAD3-67AE-4BF7-8A16-F745352049B3}) (Version: 33.1.73.49987 - Hewlett-Packard Co.)
PS_AIO_02_ProductContext (HKLM-x32\...\{720C16FC-5423-47B3-A249-5C05FB376E9A}) (Version: 140.0.425.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software (HKLM-x32\...\{97AD3490-480B-42B2-8001-326621AF34AC}) (Version: 140.0.425.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software_Min (HKLM-x32\...\{7AB63BFD-91C6-4C21-B2C6-D33A1FC8DE8F}) (Version: 140.0.425.000 - Hewlett-Packard) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.0.7316 - CyberLink Corp.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
RogueKiller version 12.11.16.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.16.0 - Adlice Software)
Scan (HKLM-x32\...\{06A1D88C-E102-4527-AF70-29FFD7AF215A}) (Version: 140.0.253.000 - Hewlett-Packard) Hidden
SecurityCenter (HKLM-x32\...\MSC) (Version: 16.0.3 - McAfee, Inc.)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
SolutionCenter (HKLM-x32\...\{BC5DD87B-0143-4D14-AAE6-97109614DC6B}) (Version: 140.0.299.000 - Hewlett-Packard) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
Status (HKLM-x32\...\{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}) (Version: 140.0.342.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
Toolbox (HKLM-x32\...\{292F0F52-B62D-4E71-921B-89A682402201}) (Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (HKLM-x32\...\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}) (Version: 140.0.297.000 - Hewlett-Packard) Hidden
TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
TurboTax 2016 (HKLM-x32\...\TurboTax 2016) (Version: 2016.0 - Intuit, Inc)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.2 - VideoLAN)
VPNetwork LLC - TorGuard - Online Privacy Protection Services (HKLM-x32\...\VPNetwork LLC TorGuard) (Version: "0.3.70" - "VPNetwork LLC")
WebReg (HKLM-x32\...\{8EE94FD8-5F52-4463-A340-185D16328158}) (Version: 140.0.297.017 - Hewlett-Packard) Hidden
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-19] (Igor Pavlov)
ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd)
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2017-08-08] (McAfee, Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-12-02] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-19] (Igor Pavlov)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-01] (Piriform Ltd)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-03-31] (NVIDIA Corporation)
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2017-08-08] (McAfee, Inc.)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-01] (Piriform Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-12-02] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-12-02] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0244A8D6-C293-44E2-BBE3-70D8D388F463} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {0DA8800D-0070-4A3B-91C6-84434B10DF80} - System32\Tasks\GoogleUpdateTaskMachineUA1d04112a8273379 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {0FBDA84A-BC71-4819-AEDC-F301BB5DF387} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {107EEDF4-2DF4-43EB-821C-235C99D160ED} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-07-03] (Microsoft Corporation)
Task: {14843A18-AB5D-4A85-AD5F-8718C96042C4} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {24C02593-3A5B-4E41-AF23-027005CEF75A} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2017-05-31] (McAfee, Inc.)
Task: {27D6A47B-2325-4B9E-94EB-D518135B7052} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {289F2526-9E0A-49D3-BEC7-C076ECCDD9F1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-08-08] (Microsoft Corporation)
Task: {2AC7FDA2-18B5-4881-8B0D-72DEAE231128} - \HPCustParticipation HP Officejet Pro 6830 -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {39123EE1-621A-483F-9E5D-407478ECDD33} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {40A7BA1F-54D4-4A9A-9E83-FAEE471D461D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {47220139-AEEC-43F8-9054-FCEEB980E2EE} - System32\Tasks\HPCeeScheduleForpmwsm_000 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {4832DEC5-E0F7-4102-BC72-3909D042F397} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {49FB01C5-B0B0-472E-BC02-D9A4912159F2} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {4AC8D053-C32A-4F2D-9510-AA73352F46F4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {4D4242D3-57A0-4ABF-A014-A52FCC13F01A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-08-14] (HP Inc.)
Task: {4D5CF8FD-6289-4ACB-9566-ACDC1B28F32A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-08-08] (Microsoft Corporation)
Task: {501F473C-EEA3-4A20-AF61-1E5722671A2A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {54D4AB9E-B096-45BC-8978-AA4BEBBF1E8B} - System32\Tasks\GoogleUpdateTaskMachineUA1cffed55ec1f5e0 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {6D43C72D-25BC-4935-A023-4DC17CD841A7} - System32\Tasks\AVG_SYS_TASK_0814av_DELETE => C:\ProgramData\Avg_Update_0814av\AVG-Secure-Search-Update_0814av.exe
Task: {7A2D2116-5C92-485C-9676-1DC2847FCBB1} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {7A983DE0-826E-4CD1-AB6C-8DA8C94004DA} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2017-05-23] ()
Task: {82C9AD9F-04F7-452F-B922-23E411A0A274} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {92BFF101-1E6C-4ACA-8987-0861BEFAA5DA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {9B0B6F27-F5BD-4B04-8E97-72A97420D960} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-09-01] (HP Inc.)
Task: {9C628567-C198-4307-AFAD-B1A15EA230F6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {9C7519CC-46E5-450C-8B72-ADF1429622EE} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {A761A783-6CF1-4F5D-9E24-3C379CC25E12} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-07-03] (Microsoft Corporation)
Task: {AF1D920D-FA25-4B06-9230-1A4541C38734} - System32\Tasks\{91E35F1B-E96F-4C32-8DB6-D9FB2450134F} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe" -c /AppMode=SETUP /Uninstall /UDS=1
Task: {AF2A8FA4-F6D5-4DC0-B942-80E5EC8790E2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {B22AFAD1-5616-448E-A6B9-56A3F6AAE77E} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.50.1291.1\mcdatrep.exe [2017-02-10] (McAfee, Inc.)
Task: {B3E702A2-0D68-4842-B922-6C5D89B9B036} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {B9E27F31-B3C4-40F6-A173-418F1DFD10C8} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2017-08-03] (McAfee, Inc.)
Task: {BD0AADEE-8FA7-4CC6-884B-DEC4AC342724} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3101684064-3434913050-970958240-1001 => C:\Users\benne\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {BE6FA07D-E3D9-4BE2-A741-A668D7AE060F} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {C1CF8818-ADD4-4D0A-A32F-2E9F7F47F9B9} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-09-12] (Adobe Systems Incorporated)
Task: {C6DF2664-6205-4C53-BDCF-AF888CFE7F74} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {CA8657AC-DAD4-4E45-9336-1ADCD625FCD8} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-08-08] (Microsoft Corporation)
Task: {D5B82284-F68E-4D4D-BFE0-0B5665A2AC4D} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {E14C5794-6F5C-4233-8206-9E2CE32A0C48} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.50.1291.1\mcdatrep.exe [2017-02-10] (McAfee, Inc.)
Task: {E21AE44E-4723-4E04-BC30-45DD489276C9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {E4637FC1-8D84-44B9-9B60-9278C6936814} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {E47F66A4-2052-432D-AB9F-72997D2D10D2} - \Microsoft\Windows\Setup\GWXTriggers\Logon-URT -> No File <==== ATTENTION
Task: {E7757796-F033-4D1B-98AB-61A776C5B237} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-08-08] (Microsoft Corporation)
Task: {EE197C93-EECA-4216-B6AF-871FA76C4418} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {EFE8E5BE-1DCA-4830-904A-9B2E92D3A31E} - System32\Tasks\RGL Mail => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\RGL Mail\RGL Mail.dll",uNLrsXUH <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1cffed55ec1f5e0.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForpmwsm_000.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-02-07 13:24 - 2014-02-07 13:24 - 002108928 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2014-02-07 13:21 - 2014-02-07 13:21 - 000021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2014-02-07 13:21 - 2014-02-07 13:21 - 000035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2014-02-07 13:21 - 2014-02-07 13:21 - 000055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2014-02-07 13:40 - 2014-02-07 13:40 - 000368528 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2014-02-07 13:40 - 2014-02-07 13:40 - 000714128 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2017-09-12 20:04 - 2017-08-24 11:27 - 002264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 000085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-12-17 19:38 - 2015-12-17 19:38 - 001328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-07-25 13:26 - 2017-08-11 14:08 - 000595608 _____ () C:\Program Files\McAfee\MfeAV\RealProtectAMScanIf.dll
2017-07-25 13:26 - 2017-08-11 14:08 - 000586728 _____ () C:\Program Files\McAfee\MfeAV\RepairModule.dll
2017-03-18 16:58 - 2017-03-18 16:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2016-05-31 11:41 - 2017-01-29 09:55 - 008930504 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2014-02-07 13:28 - 2014-02-07 13:28 - 000065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2017-07-14 09:26 - 2017-07-14 09:26 - 000638592 _____ () C:\Program Files\OpenVPN\bin\openvpn-gui.exe
2017-03-18 16:59 - 2017-03-18 22:31 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-08-24 16:10 - 2017-08-23 04:48 - 003824472 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libglesv2.dll
2017-08-24 16:10 - 2017-08-23 04:48 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libegl.dll
2017-02-14 09:42 - 2017-02-14 09:42 - 000326144 _____ () C:\Program Files (x86)\Garmin\Device Interaction Service\GpsImgWrapper.dll
2017-05-23 09:00 - 2017-05-23 09:00 - 000073216 _____ () C:\Program Files (x86)\Garmin\Device Interaction Service\FixBootSector.dll
2017-07-17 13:30 - 2017-07-17 13:30 - 000863744 _____ () C:\WINDOWS\mod_frst.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMChameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMChameleon => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2017-09-10 16:18 - 000000857 ____R C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 license.piriform.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3101684064-3434913050-970958240-1006\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 208.67.222.222 - 208.67.220.220
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "Fitbit Connect"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{62306BF0-9D23-48AC-8101-175BB67C18E4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{92BB7482-5AB2-4738-957F-0CDCB0145E54}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{5A6D6906-5C4C-40C5-BCC8-979A254AE1FC}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{CFA3D709-6CB5-4B19-9B81-6EC765BB1634}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{99A6A35F-8319-4FB1-8CB7-CCDA60AB0E3E}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{47941D13-0FB8-4317-92F4-7A9C31C9B7E8}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{D4C7B929-9C34-4672-BAE3-AB8EECAE28B9}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{24B37988-3EA0-4B89-A4B1-0170F5A4E82B}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{0072013F-EA8F-479F-A1D6-E384733FCE64}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{1FEE6C22-CECE-4E5C-BC15-AE77F9BFDF34}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{5A246D74-5DC8-415C-8967-0CA42D5D90C3}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{2800F4D0-1293-42E8-8491-078E90E972E4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{C0C871C2-70B3-44DA-A954-A9641A9376E7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{2B5BB98D-40CB-473A-A574-8D25E7BB61BF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{00420E61-B1C7-4ED2-9422-C7FF52747676}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D0904FB2-E7DA-450B-BA35-F3E8589DB22F}] => (Allow) LPort=1900
FirewallRules: [{A956959F-FEAB-40AF-84D9-8375F1C506F1}] => (Allow) LPort=2869
FirewallRules: [{621C6009-EDFF-4226-96AC-29CD9C312A96}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Gods Will Be Watching\gwbw.exe
FirewallRules: [{9F8352CF-CDBA-4DA6-8852-CECDBD2B2E88}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Gods Will Be Watching\gwbw.exe
FirewallRules: [{5740C306-C15A-4939-9500-7449F5238218}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{AFD91EF2-C971-43C5-BBBD-CA13AEECED1B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{B7004B91-80C2-4E6B-BE55-674B1CAC5246}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A6E3ED0B-6F46-44FB-BCD7-92F7F21A72E0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EE3F79F7-8514-4EFD-A459-4BC3430D5421}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{6021C986-5C31-43DD-BAD6-DFF4E703C3CE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{46CF3140-0622-4DF7-928E-CF11D84A4401}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{2527AE5A-ECA5-4117-B534-0E21D307732F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{F5264A59-C011-4840-822C-879B0B41C18D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{2A7F3A5B-1108-4F6E-BA6A-4D26E24D494F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{51707EE7-AE4B-403A-A9D4-93CD8DC9367E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{821F4F78-2FCC-4D4F-A486-FB80DC5FA2C8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{70274AB2-97C6-4F1A-8469-C83F09961B52}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{6F7F638F-7E94-4EE7-B326-D4FA235D1E53}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{1B36C8DE-2DAC-4AEE-9E7D-C4F6C297EDFC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{0F6D2DE2-EA1E-472B-80AB-BB0CF16062C9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{8F15A537-F6B6-487A-A87E-EDABD7F1637D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{FD158691-0A80-45C3-B4A0-243453A92BDB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{8A467F7A-05D9-4AE5-85A3-F3DAD79DC617}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{A1879DF8-E752-40C6-8E10-56A5224E4DF4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{52EDEFBA-D93F-4121-A0F6-801B119A427F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{DBA5C51E-2FE4-46D8-A047-24D03DB292D1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{B86C39CB-88E8-474C-836A-F1F912F2A64D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{0D2FFA4D-0410-462C-86DD-DF1D14BC0897}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{C2B02AE1-5677-47BF-9DC8-125B27C2D230}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{A30526CE-3058-46FD-9833-8F500C8EDE8B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{2F330D7C-1EA6-420A-98EF-327A42E6B6E4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{FFAC340F-4F5C-4C77-A13A-F376D531BCC2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{EC54C19B-FB37-46D4-9B2C-9B8CDEC10F63}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{62C431DA-E6CB-4910-8942-E571322D44D4}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{54B1994A-3AE1-404B-B86B-4C682430A0D7}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{CD5C65C9-EFCE-4298-9EFF-5F2DECD37B32}] => (Allow) C:\Users\pmwsm_000\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{673B8B04-9ECE-484E-89E9-4801D422F4FD}] => (Allow) C:\Users\pmwsm_000\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A7F46BC4-109E-4435-9235-9581AE891BEE}] => (Allow) C:\Users\pmwsm_000\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8BC75B93-4C9D-4004-8339-42F213DCC638}] => (Allow) C:\Users\pmwsm_000\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{33B67AE3-4264-4B3F-9B58-7EC4BD80776C}] => (Allow) C:\Users\pmwsm_000\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9923DC53-4ECF-4E94-BEC0-545D503BC196}] => (Allow) C:\Users\pmwsm_000\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E3D50808-4EBF-47D2-9A2A-4DEAC38BB8B8}] => (Allow) LPort=25565
FirewallRules: [{1ACE7325-5272-4FAE-B58F-C28FB6AC65B5}] => (Allow) LPort=25565
FirewallRules: [{418DEE67-7BE7-47C1-82E2-DDA673004D23}] => (Allow) LPort=25565
FirewallRules: [{19F713AD-D8AB-4B0B-A1FD-EB656459DC63}] => (Allow) LPort=25565
FirewallRules: [TCP Query User{5654F011-83B0-45BF-AA72-6122199EA8D5}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{FA85A07D-F1D4-4DDB-BBAF-D18159B9D9AE}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{A106765F-51B8-41B0-9CD8-8EA625A25E63}] => (Allow) LPort=25565
FirewallRules: [{A6D557DA-6D87-4888-B10F-9DF40D822870}] => (Allow) LPort=25565
FirewallRules: [{6B345B73-9612-40AE-9C14-13131F3B85A4}] => (Allow) LPort=25566
FirewallRules: [{41561329-91D4-499F-B65E-C836D35F7663}] => (Allow) LPort=25566
FirewallRules: [{9F077CEE-5D5D-4692-8757-CD1D6509426A}] => (Allow) LPort=25566
FirewallRules: [{F0217DC7-CA6D-4F12-B893-7AD013DF92B7}] => (Allow) LPort=25566
FirewallRules: [{383F006F-8AC2-45F5-99B6-051A62EBE434}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\bin\FaxApplications.exe
FirewallRules: [{F6DE583B-5683-43A0-AFE4-2D26C5A78000}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\bin\DigitalWizards.exe
FirewallRules: [{6262F975-8657-4409-A762-F30553E777A6}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\bin\SendAFax.exe
FirewallRules: [{944C3999-DF93-4483-99A8-A2B53FB37638}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\Bin\DeviceSetup.exe
FirewallRules: [{1F8534F8-2CC8-4081-9AA2-860779573FD7}] => (Allow) LPort=5357
FirewallRules: [{05A914E7-294E-45D6-A7CC-1A35430A9027}] => (Allow) C:\Program Files\HP\HP Officejet Pro 6830\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{135F9610-B537-4544-820A-496AAECB2C8F}] => (Allow) LPort=1723
FirewallRules: [{8322B37C-94C1-4A98-8375-A318EFBD807D}] => (Allow) LPort=1723
FirewallRules: [{1D397F42-900B-4F4C-BE10-17DD9C3C2BB6}] => (Allow) LPort=434
FirewallRules: [{0024B81A-C870-484C-8C50-7C1E27305974}] => (Allow) LPort=43
FirewallRules: [{78E34130-190B-45E2-BCCC-D7B42F31505F}] => (Allow) LPort=47
FirewallRules: [{7723E881-94D3-4B9A-B71B-039376016A6C}] => (Allow) LPort=47
FirewallRules: [{6E1942C9-8647-4827-9AFD-33A99E00C6F9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{BA23BBA5-84E9-445C-A9F2-2863215CD260}] => (Allow) C:\Users\benne\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E16C031E-E17E-4929-9EB9-D03F7686E218}] => (Allow) C:\Users\benne\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AE2F73E0-1B90-40EF-AA89-185FD5C58B13}] => (Allow) C:\WINDOWS\system32\rundll32.exe

==================== Restore Points =========================

17-08-2017 07:44:24 Scheduled Checkpoint
10-09-2017 15:40:06 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215
10-09-2017 20:04:07 9-10-17
10-09-2017 20:04:54 9-10-17
19-09-2017 11:55:13 Malwarebytes Anti-Rootkit Restore Point

==================== Faulty Device Manager Devices =============

Name: Officejet Pro 6830
Description: Officejet Pro 6830
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: LogMeIn Hamachi Virtual Ethernet Adapter
Description: LogMeIn Hamachi Virtual Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: LogMeIn Inc.
Service: Hamachi
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (09/20/2017 08:34:15 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (09/20/2017 08:14:31 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: BASEMENT)
Description: Package 2703103D.McAfeeCentral_4.5.153.1_x64__4ehj4w4frejdr+McAfeeCentral was terminated because it took too long to suspend.

Error: (09/20/2017 08:10:54 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BASEMENT)
Description: Activation of app Microsoft.MicrosoftEdge_8wekyb3d8bbwe!ContentProcess failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/20/2017 08:10:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.15063.608, time stamp: 0x59ae240c
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x291c
Faulting application start time: 0x01d332097f4d7d04
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: unknown
Report Id: 4b2228c4-7d4e-44d9-a254-88cc490ba608
Faulting package full name: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess

Error: (09/20/2017 08:07:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_AppReadiness, version: 10.0.15063.0, time stamp: 0x02799ef5
Faulting module name: ntdll.dll, version: 10.0.15063.608, time stamp: 0x8274fd8b
Exception code: 0xc0000374
Fault offset: 0x00000000000f775f
Faulting process id: 0xb58
Faulting application start time: 0x01d33209052db497
Faulting application path: C:\WINDOWS\System32\svchost.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 2f2decda-3c50-4622-86db-b5fd48013753
Faulting package full name: 
Faulting package-relative application ID:

Error: (09/20/2017 03:50:58 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (09/19/2017 10:19:04 PM) (Source: Microsoft Security Client) (EventID: 2003) (User: )
Description: Event-ID 2003

Error: (09/19/2017 10:19:03 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (09/19/2017 10:19:03 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (09/19/2017 10:18:49 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

System errors:
=============
Error: (09/20/2017 08:14:19 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/20/2017 08:12:25 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8007000d: 2017-09 Security Update for Adobe Flash Player for Windows 10 Version 1703 for x64-based Systems (KB4038806).

Error: (09/20/2017 08:11:29 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8007000d: 2017-09 Security Update for Adobe Flash Player for Windows 10 Version 1703 for x64-based Systems (KB4038806).

Error: (09/20/2017 08:10:24 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

Error: (09/20/2017 08:07:33 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The App Readiness service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/20/2017 08:07:23 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/20/2017 08:07:23 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/20/2017 12:40:04 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8007000d: 2017-09 Security Update for Adobe Flash Player for Windows 10 Version 1703 for x64-based Systems (KB4038806).

Error: (09/20/2017 12:38:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee AP Service service failed to start due to the following error: 
The system cannot find the file specified.

Error: (09/20/2017 12:38:10 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee AP Service service failed to start due to the following error: 
The system cannot find the file specified.

CodeIntegrity:
===================================
  Date: 2017-09-20 08:10:49.643
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-09-20 08:10:49.325
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-09-19 12:16:38.433
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-09-19 12:16:38.108
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

  Date: 2017-09-10 15:59:56.327
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Users\benne\AppData\Roaming\Microsoft\Protect\f5ff5927-10de-4a9a-847c-dd42ea383f29.rs that did not meet the Microsoft signing level requirements.

==================== Memory info =========================== 

Processor: AMD A8-7600 Radeon R7, 10 Compute Cores 4C+6G 
Percentage of memory in use: 39%
Total physical RAM: 8116.94 MB
Available physical RAM: 4878.78 MB
Total Virtual: 13206.38 MB
Available Virtual: 9399.54 MB

==================== Drives ================================

Drive c: (For Applications) (Fixed) (Total:222.29 GB) (Free:65.05 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery Image) (Fixed) (Total:14.26 GB) (Free:1.81 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (For Files) (Fixed) (Total:931.39 GB) (Free:903.26 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 9F389F3F)

Partition: GPT.

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: ECCF1851)

Partition: GPT.

==================== End of Addition.txt ============================

 

[Aura]

Almost done!

Farbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

• Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located)
• Right-click on the FRST executable and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
• Click on the Fix button
  
• On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad
• Copy and paste its content in your next reply
  

How's your system behaving now? Are there any other issues to address?

fixlist.txt

[12Marko]

Here is the fixlog.  One thing I've noticed is that there is now an Administrator account that was not there before and my password does not work for it.  Could this have been created by the rootkit?

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 19-09-2017
Ran by benne (20-09-2017 13:19:00) Run:4
Running from C:\Users\benne\Desktop
Loaded Profiles: benne (Available Profiles: pmwsm_000 & benne)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
GroupPolicy: Restriction <==== ATTENTION

Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll => No File 
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll => No File 

S0 mfbgn; System32\drivers\rdplrcjd.sys [X]

Task: {0244A8D6-C293-44E2-BBE3-70D8D388F463} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {14843A18-AB5D-4A85-AD5F-8718C96042C4} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {2AC7FDA2-18B5-4881-8B0D-72DEAE231128} - \HPCustParticipation HP Officejet Pro 6830 -> No File <==== ATTENTION
Task: {39123EE1-621A-483F-9E5D-407478ECDD33} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {40A7BA1F-54D4-4A9A-9E83-FAEE471D461D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {49FB01C5-B0B0-472E-BC02-D9A4912159F2} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {4AC8D053-C32A-4F2D-9510-AA73352F46F4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {6D43C72D-25BC-4935-A023-4DC17CD841A7} - System32\Tasks\AVG_SYS_TASK_0814av_DELETE => C:\ProgramData\Avg_Update_0814av\AVG-Secure-Search-Update_0814av.exe
Task: {7A2D2116-5C92-485C-9676-1DC2847FCBB1} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {AF1D920D-FA25-4B06-9230-1A4541C38734} - System32\Tasks\{91E35F1B-E96F-4C32-8DB6-D9FB2450134F} => C:\WINDOWS\system32\pcalua.exe -a "C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe" -c /AppMode=SETUP /Uninstall /UDS=1
Task: {AF2A8FA4-F6D5-4DC0-B942-80E5EC8790E2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {B3E702A2-0D68-4842-B922-6C5D89B9B036} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {C6DF2664-6205-4C53-BDCF-AF888CFE7F74} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {D5B82284-F68E-4D4D-BFE0-0B5665A2AC4D} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {E47F66A4-2052-432D-AB9F-72997D2D10D2} - \Microsoft\Windows\Setup\GWXTriggers\Logon-URT -> No File <==== ATTENTION
Task: {EE197C93-EECA-4216-B6AF-871FA76C4418} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {EFE8E5BE-1DCA-4830-904A-9B2E92D3A31E} - System32\Tasks\RGL Mail => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\RGL Mail\RGL Mail.dll",uNLrsXUH <==== ATTENTION

C:\Program Files\RGL Mail
C:\Program Files (x86)\AVG
C:\ProgramData\Avg_Update_0814av
C:\ProgramData\ntuser.pol
C:\Users\benne\ntuser.pol
C:\Users\benne\AppData\Local\CEF
C:\Users\benne\AppData\Local\vmaymyv
C:\Users\benne\AppData\Local\imedamk
C:\Users\benne\AppData\Local\installer.dat
C:\Users\benne\AppData\Roaming\c
C:\Users\benne\AppData\Roaming\et
C:\WINDOWS\uninstaller.dat
C:\WINDOWS\system32\vmapcri
2017-09-13 07:14 - 2017-09-13 07:14 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\10DF557C.sys
2017-09-13 07:11 - 2017-09-13 07:11 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\11875313.sys
2017-09-13 07:09 - 2017-09-13 07:09 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\2CF951C3.sys
2017-09-13 07:03 - 2017-09-13 07:03 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\044B4CED.sys
2017-09-13 06:59 - 2017-09-13 06:59 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\1F7E4A05.sys
2017-09-13 06:57 - 2017-09-13 06:57 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\12FF48A7.sys
2017-09-13 06:51 - 2017-09-13 06:51 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\7EBC4370.sys
2017-09-13 06:49 - 2017-09-13 06:49 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\7032421C.sys
2017-09-12 20:56 - 2017-09-12 20:56 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\6DEB7C01.sys
2017-09-12 20:54 - 2017-09-12 20:54 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\616C7AA3.sys
C:\WINDOWS\SysWOW64\vmapcri

CMD: netsh winsock reset

EmptyTemp:
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000008 => key removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000008 => key removed successfully
HKLM\System\CurrentControlSet\Services\mfbgn => key removed successfully
mfbgn => service removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0244A8D6-C293-44E2-BBE3-70D8D388F463} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0244A8D6-C293-44E2-BBE3-70D8D388F463} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{14843A18-AB5D-4A85-AD5F-8718C96042C4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{14843A18-AB5D-4A85-AD5F-8718C96042C4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2AC7FDA2-18B5-4881-8B0D-72DEAE231128} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2AC7FDA2-18B5-4881-8B0D-72DEAE231128} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPCustParticipation HP Officejet Pro 6830 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{39123EE1-621A-483F-9E5D-407478ECDD33} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{39123EE1-621A-483F-9E5D-407478ECDD33} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{40A7BA1F-54D4-4A9A-9E83-FAEE471D461D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{40A7BA1F-54D4-4A9A-9E83-FAEE471D461D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{49FB01C5-B0B0-472E-BC02-D9A4912159F2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{49FB01C5-B0B0-472E-BC02-D9A4912159F2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4AC8D053-C32A-4F2D-9510-AA73352F46F4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4AC8D053-C32A-4F2D-9510-AA73352F46F4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6D43C72D-25BC-4935-A023-4DC17CD841A7} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6D43C72D-25BC-4935-A023-4DC17CD841A7} => key removed successfully
C:\WINDOWS\System32\Tasks\AVG_SYS_TASK_0814av_DELETE => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG_SYS_TASK_0814av_DELETE => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7A2D2116-5C92-485C-9676-1DC2847FCBB1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A2D2116-5C92-485C-9676-1DC2847FCBB1} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AF1D920D-FA25-4B06-9230-1A4541C38734} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF1D920D-FA25-4B06-9230-1A4541C38734} => key removed successfully
C:\WINDOWS\System32\Tasks\{91E35F1B-E96F-4C32-8DB6-D9FB2450134F} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{91E35F1B-E96F-4C32-8DB6-D9FB2450134F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AF2A8FA4-F6D5-4DC0-B942-80E5EC8790E2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF2A8FA4-F6D5-4DC0-B942-80E5EC8790E2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B3E702A2-0D68-4842-B922-6C5D89B9B036} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B3E702A2-0D68-4842-B922-6C5D89B9B036} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C6DF2664-6205-4C53-BDCF-AF888CFE7F74} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6DF2664-6205-4C53-BDCF-AF888CFE7F74} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D5B82284-F68E-4D4D-BFE0-0B5665A2AC4D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D5B82284-F68E-4D4D-BFE0-0B5665A2AC4D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E47F66A4-2052-432D-AB9F-72997D2D10D2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E47F66A4-2052-432D-AB9F-72997D2D10D2} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-URT => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EE197C93-EECA-4216-B6AF-871FA76C4418} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EE197C93-EECA-4216-B6AF-871FA76C4418} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{EFE8E5BE-1DCA-4830-904A-9B2E92D3A31E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EFE8E5BE-1DCA-4830-904A-9B2E92D3A31E} => key removed successfully
C:\WINDOWS\System32\Tasks\RGL Mail => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RGL Mail => key removed successfully
C:\Program Files\RGL Mail => moved successfully
"C:\Program Files (x86)\AVG" => not found.
"C:\ProgramData\Avg_Update_0814av" => not found.
C:\ProgramData\ntuser.pol => moved successfully
C:\Users\benne\ntuser.pol => moved successfully
C:\Users\benne\AppData\Local\CEF => moved successfully
C:\Users\benne\AppData\Local\vmaymyv => moved successfully
C:\Users\benne\AppData\Local\imedamk => moved successfully
C:\Users\benne\AppData\Local\installer.dat => moved successfully
C:\Users\benne\AppData\Roaming\c => moved successfully
C:\Users\benne\AppData\Roaming\et => moved successfully
C:\WINDOWS\uninstaller.dat => moved successfully
C:\WINDOWS\system32\vmapcri => moved successfully
C:\WINDOWS\system32\Drivers\10DF557C.sys => moved successfully
C:\WINDOWS\system32\Drivers\11875313.sys => moved successfully
C:\WINDOWS\system32\Drivers\2CF951C3.sys => moved successfully
C:\WINDOWS\system32\Drivers\044B4CED.sys => moved successfully
C:\WINDOWS\system32\Drivers\1F7E4A05.sys => moved successfully
C:\WINDOWS\system32\Drivers\12FF48A7.sys => moved successfully
C:\WINDOWS\system32\Drivers\7EBC4370.sys => moved successfully
C:\WINDOWS\system32\Drivers\7032421C.sys => moved successfully
C:\WINDOWS\system32\Drivers\6DEB7C01.sys => moved successfully
C:\WINDOWS\system32\Drivers\616C7AA3.sys => moved successfully
C:\WINDOWS\SysWOW64\vmapcri => moved successfully

========= netsh winsock reset =========

Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 11003

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

=========== EmptyTemp: ==========

BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 12760099 B
Java, Flash, Steam htmlcache => 525 B
Windows/system/drivers => 12147791130 B
Edge => 29785 B
Chrome => 45855717 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 146432 B
systemprofile32 => 137 B
LocalService => 132842 B
NetworkService => 140 B
pmwsm_000 => 116670038 B
benne => 38535047 B

RecycleBin => 280105345 B
EmptyTemp: => 11.8 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 13:20:03 ====

[Aura]

Where do you see that Administrator account? Can you provide me a screenshot/picture of it?

[12Marko]

Does It need to be from the flash drive in recovery mode or can  I download  it and run it directly from the PC?