Solved Proxy hijack malware has caused problems with restarting

[Aaron1015]

Hi,
For some reason it won't let me upload my FRST and Addition logs. I'm going to paste them verbatim into replies to this post (apparently they're too many characters to post both of them here). I hope this is OK.

Thanks for all you do. I'm dying over here with this problem.

 

[Aaron1015]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-01-2017
Ran by Aaron (administrator) on BRONCO (02-02-2017 21:55:33)
Running from C:\Users\Aaron\Desktop
Loaded Profiles: Aaron & Guest (Available Profiles: Aaron & Guest)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagenta.exe
() C:\Program Files (x86)\SurfEasy VPN\client\SurfEasyService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
() C:\Windows\src_srv\winsrcsrv.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(AVG Netherlands B.V) C:\Program Files (x86)\AVG Driver Updater\AVG Driver Updater.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Spotify Ltd) C:\Users\Aaron\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe
() C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_23_0_0_205.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_23_0_0_205.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-07-22] (Adobe Systems Incorporated)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14416624 2017-02-02] (Copyright 2017.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2014-10-25] (Power Software Ltd)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2303152 2015-07-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-05-20] (Oracle Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26142864 2017-01-18] (Dropbox, Inc.)
HKU\S-1-5-21-844885531-4042678230-2856532195-1001\...\Run: [Spotify Web Helper] => C:\Users\Aaron\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1444976 2017-01-03] (Spotify Ltd)
HKU\S-1-5-21-844885531-4042678230-2856532195-1001\...\Run: [Spotify] => C:\Users\Aaron\AppData\Roaming\Spotify\Spotify.exe [7153264 2017-01-03] (Spotify Ltd)
HKU\S-1-5-21-844885531-4042678230-2856532195-1001\...\Run: [AceStream] => C:\Users\Aaron\AppData\Roaming\ACEStream\engine\ace_engine.exe
HKU\S-1-5-21-844885531-4042678230-2856532195-1001\...\RunOnce: [Uninstall C:\Users\Aaron\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Aaron\AppData\Local\Microsoft\OneDrive\17.3.5892.0626_1\amd64"
HKU\S-1-5-21-844885531-4042678230-2856532195-1001\...\MountPoints2: {1945a199-cc19-11e5-beea-448a5ba4c6e7} - "D:\LaunchU3.exe" -a
HKU\S-1-5-21-844885531-4042678230-2856532195-501\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [371928 2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] ()
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.11.0.dll [2017-01-18] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA3100 Smart Wizard.lnk [2016-03-08]
ShortcutTarget: NETGEAR WNA3100 Smart Wizard.lnk -> C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe ()
GroupPolicyScripts\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => 127.0.0.1:8003
ProxyEnable: [S-1-5-19] => Proxy is enabled.
ProxyServer: [S-1-5-19] => 127.0.0.1:8003
ProxyEnable: [S-1-5-20] => Proxy is enabled.
ProxyServer: [S-1-5-20] => 127.0.0.1:8003
ProxyEnable: [S-1-5-21-844885531-4042678230-2856532195-1001] => Proxy is enabled.
ProxyServer: [S-1-5-21-844885531-4042678230-2856532195-1001] => 127.0.0.1:8003
ProxyEnable: [S-1-5-21-844885531-4042678230-2856532195-501] => Proxy is enabled.
ProxyServer: [S-1-5-21-844885531-4042678230-2856532195-501] => 127.0.0.1:8003
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.25
Tcpip\..\Interfaces\{1f243cdf-79d4-4da3-8bd0-bdbb2037ae39}: [DhcpNameServer] 192.168.0.1 205.171.2.25
Tcpip\..\Interfaces\{62156716-e2f4-4580-a0b4-93aba71fdace}: [DhcpNameServer] 192.168.0.1 205.171.2.25

Internet Explorer:
==================
HKU\S-1-5-21-844885531-4042678230-2856532195-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-844885531-4042678230-2856532195-1001 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-844885531-4042678230-2856532195-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-06-11] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-11] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-11] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-11] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: 78xkqaey.default
FF ProfilePath: C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\78xkqaey.default [2017-02-02]
FF user.js: detected! => C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\78xkqaey.default\user.js [2016-06-10]
FF NetworkProxy: Mozilla\Firefox\Profiles\78xkqaey.default -> type", 0
FF Extension: (AdBlocker Ultimate) - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\78xkqaey.default\Extensions\adblockultimate@adblockultimate.net.xpi [2016-12-31]
FF Extension: (Diagnostics) - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\78xkqaey.default\features\{8e86b51c-8b69-4b25-ab06-17df99433f4a}\diagnostics@mozilla.org.xpi [2017-02-02]
FF Extension: (Send HSTS Priming Requests) - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\78xkqaey.default\features\{8e86b51c-8b69-4b25-ab06-17df99433f4a}\hsts-priming@mozilla.org.xpi [2017-02-02]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_205.dll [2016-10-31] ()
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-11] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-11] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-07-23] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_23_0_0_205.dll [2016-10-31] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-11] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-10-25] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-10-25] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-30] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-07-23] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-844885531-4042678230-2856532195-1001: @acestream.net/acestreamplugin,version=3.1.11 -> C:\Users\Aaron\AppData\Roaming\ACEStream\player\npace_plugin.dll [No File]
FF Plugin HKU\S-1-5-21-844885531-4042678230-2856532195-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Aaron\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [No File]

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default [2017-02-02]
CHR Extension: (Google Slides) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-06]
CHR Extension: (Google Docs) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-06]
CHR Extension: (Google Drive) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-06]
CHR Extension: (YouTube) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-06]
CHR Extension: (Google Search) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-03-06]
CHR Extension: (Session Buddy) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2017-01-09]
CHR Extension: (Google Sheets) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-06]
CHR Extension: (Google Docs Offline) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18]
CHR Extension: (AdBlock) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-02-01]
CHR Extension: (Ace Stream Web Extension) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjbepbhonbojpoaenhckjocchgfiaofo [2016-10-30]
CHR Extension: (Ad.Block Plus) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfclfpagjbajdhoonjakjiipbmpldhkp [2016-03-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-27]
CHR Extension: (Ad.Block) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\oahdemopcekbpcbhgmebpjhfgdlemgfe [2016-03-07]
CHR Extension: (Browsec VPN - Privacy and Security Online) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\omghfjlpggmjjaagoclmmobgdodcjboh [2016-12-26]
CHR Extension: (Gmail) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-06]
CHR Extension: (Chrome Media Router) - C:\Users\Aaron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-02]
CHR HKU\S-1-5-21-844885531-4042678230-2856532195-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [680112 2015-07-22] (Adobe Systems Incorporated)
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [971160 2017-01-09] (AVG Technologies CZ, s.r.o.)
S4 avgfws; C:\Program Files (x86)\AVG\Av\avgfwsa.exe [1824184 2017-01-09] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5337600 2017-01-09] (AVG Technologies CZ, s.r.o.)
S4 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1146128 2016-12-06] (AVG Technologies CZ, s.r.o.)
S4 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [725976 2017-01-09] (AVG Technologies CZ, s.r.o.)
S4 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-12-07] (Dropbox, Inc.)
S4 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-12-07] (Dropbox, Inc.)
S4 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46400 2017-01-03] (Dropbox, Inc.)
S4 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2016-11-01] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-20] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-10-25] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-01-20] (NVIDIA Corporation)
S3 PAExec; C:\WINDOWS\PAExec.exe [189112 2016-06-11] (Power Admin LLC)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-30] (Microsoft Corporation)
R2 srcsrv; C:\WINDOWS\src_srv\winsrcsrv.exe [15360 2017-01-29] () [File not signed]
R2 SurfEasyVPN; C:\Program Files (x86)\SurfEasy VPN\client\SurfEasyService.exe [1663880 2016-09-28] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [5907216 2017-01-09] (AVG Technologies CZ, s.r.o.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S4 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [285152 2010-08-26] ()
S4 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [652240 2016-07-14] (Wacom Technology, Corp.)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14416624 2017-02-02] (Copyright 2017.)
S2 NVIDIA Wireless Controller Service; "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 Avgboota; C:\WINDOWS\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\WINDOWS\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\WINDOWS\system32\DRIVERS\avgfwd6a.sys [73992 2016-10-23] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdrivera.sys [312576 2016-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\WINDOWS\System32\DRIVERS\avgidsha.sys [267008 2016-10-05] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\WINDOWS\System32\DRIVERS\avgldx64.sys [298240 2016-11-30] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\WINDOWS\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\WINDOWS\System32\DRIVERS\avgmfx64.sys [254208 2016-09-26] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\WINDOWS\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.)
R0 Avguniva; C:\WINDOWS\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\WINDOWS\system32\DRIVERS\avgwfpa.sys [313096 2016-08-04] (AVG Technologies CZ, s.r.o.)
S3 CMUSBDAC; C:\WINDOWS\system32\DRIVERS\CMUSBDAC.sys [3792904 2016-11-30] (C-MEDIA)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2017-01-20] ()
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
S3 LcUvcUpper; C:\WINDOWS\system32\DRIVERS\LcUvcUpper.sys [37912 2015-11-29] (Microsoft Corporation)
S3 LifeCamTrueColor; C:\WINDOWS\system32\DRIVERS\LifeCamTrueColor.sys [37928 2016-07-27] (Microsoft Corporation)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176584 2017-02-01] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [110536 2017-02-02] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-02-02] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [251848 2017-02-02] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
S3 NPF; C:\WINDOWS\system32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_848dea456d3c865e\nvlddmkm.sys [14159928 2016-10-26] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-01-20] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [46016 2017-01-20] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-01-20] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
R3 tapse01; C:\WINDOWS\System32\drivers\tapse01.sys [26624 2016-09-28] (The OpenVPN Project)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2016-02-15] (AVG Netherlands B.V.)
R1 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [131144 2016-12-20] (Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [205440 2016-12-20] (Oracle Corporation)
S3 WacHidRouterPro; C:\WINDOWS\System32\drivers\wachidrouter.sys [102864 2016-03-02] (Wacom Technology)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-02-02] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-02-02] (Zemana Ltd.)
S3 dbx; system32\DRIVERS\dbx.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-02 21:55 - 2017-02-02 21:55 - 00030499 _____ C:\Users\Aaron\Desktop\FRST.txt
2017-02-02 21:55 - 2017-02-02 21:55 - 00000000 ____D C:\FRST
2017-02-02 21:48 - 2017-02-02 21:55 - 02420736 _____ (Farbar) C:\Users\Aaron\Desktop\FRST64.exe
2017-02-02 21:39 - 2017-02-02 21:39 - 00000000 ___HD C:\$Windows.~WS
2017-02-02 21:33 - 2017-02-02 21:34 - 18309328 _____ (Microsoft Corporation) C:\Users\Aaron\Downloads\MediaCreationTool.exe
2017-02-02 21:11 - 2017-02-02 21:28 - 00000000 ____D C:\Windows10Upgrade
2017-02-02 21:11 - 2017-02-02 21:11 - 00000731 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Upgrade Assistant.lnk
2017-02-02 21:03 - 2017-02-02 21:03 - 00000000 ____D C:\ProgramData\dbg
2017-02-02 20:41 - 2017-02-02 21:29 - 00000000 ____D C:\Users\TEMP\AppData\Local\Packages
2017-02-02 20:41 - 2017-02-02 21:29 - 00000000 ____D C:\Users\TEMP
2017-02-02 20:40 - 2017-02-02 21:55 - 00084398 _____ C:\WINDOWS\ZAM.krnl.trace
2017-02-02 20:40 - 2017-02-02 21:55 - 00039074 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-02-02 20:06 - 2017-02-02 20:06 - 00000000 ____D C:\WINDOWS\pss
2017-02-02 20:00 - 2017-02-02 20:00 - 01875496 _____ (LogMeIn, Inc.) C:\Users\Aaron\Downloads\Support-LogMeInRescue (1).exe
2017-02-02 19:51 - 2017-02-02 19:51 - 00004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-02 19:50 - 2017-02-02 19:50 - 00000000 ____D C:\WINDOWS\LastGood
2017-02-02 19:50 - 2017-01-20 10:39 - 00156608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2017-02-02 19:50 - 2017-01-20 10:39 - 00124352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2017-02-02 19:50 - 2017-01-20 10:39 - 00057792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2017-02-02 19:50 - 2017-01-20 05:36 - 00001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2017-02-02 19:39 - 2017-02-02 19:40 - 00000196 _____ C:\Users\Aaron\Desktop\rejoin link.txt
2017-02-02 19:25 - 2017-02-02 19:25 - 00141864 _____ C:\Users\Aaron\Downloads\bluescreenview_setup.exe
2017-02-02 19:25 - 2017-02-02 19:25 - 00000000 ____D C:\Program Files (x86)\NirSoft
2017-02-02 19:18 - 2017-02-02 20:11 - 00000000 ____D C:\Users\Aaron\AppData\Local\LogMeIn Rescue Applet
2017-02-02 19:18 - 2017-02-02 19:18 - 01875496 _____ (LogMeIn, Inc.) C:\Users\Aaron\Downloads\Support-LogMeInRescue.exe
2017-02-02 19:18 - 2017-02-02 19:18 - 00002326 _____ C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Support.lnk
2017-02-02 18:36 - 2017-02-02 18:36 - 00001305 _____ C:\Users\Aaron\Desktop\new_chrome.exe - Shortcut.lnk
2017-02-02 18:01 - 2017-02-02 18:01 - 00000000 ____D C:\Users\Aaron\AppData\Local\PeerDistRepub
2017-02-02 17:45 - 2017-02-02 17:54 - 00000000 ____D C:\zoek
2017-02-02 17:28 - 2017-02-02 17:28 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-02-02 17:28 - 2017-02-02 17:28 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2017-02-02 17:28 - 2017-02-02 17:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-02-02 17:28 - 2017-02-02 17:28 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-02-02 17:27 - 2017-02-02 17:27 - 05677776 _____ (Zemana Ltd. ) C:\Users\Aaron\Downloads\Zemana.AntiMalware.Setup.exe
2017-02-02 17:27 - 2017-02-02 17:27 - 00000000 ____D C:\Users\Aaron\AppData\Local\Zemana
2017-02-02 17:19 - 2017-02-02 17:39 - 00012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2017-02-02 17:17 - 2017-02-02 17:59 - 00000000 ____D C:\zoek_backup
2017-02-02 17:17 - 2017-02-02 17:54 - 00003757 _____ C:\runcheck.txt
2017-02-02 17:15 - 2017-02-02 17:16 - 00000000 ____D C:\Program Files\HitmanPro
2017-02-02 17:10 - 2017-02-02 17:15 - 11581544 _____ (SurfRight B.V.) C:\Users\Aaron\Downloads\HitmanPro_x64.exe
2017-02-02 17:09 - 2017-02-02 17:10 - 04015056 _____ C:\Users\Aaron\Downloads\adwcleaner_6.043.exe
2017-02-02 09:29 - 2017-02-02 17:19 - 00000000 ____D C:\ProgramData\HitmanPro
2017-02-02 09:24 - 2017-02-02 09:24 - 00001361 _____ C:\Users\Aaron\Desktop\JRT.txt
2017-02-02 08:24 - 2017-02-02 18:49 - 00000000 ____D C:\AdwCleaner
2017-02-01 18:42 - 2017-02-01 18:42 - 00000000 ____D C:\Users\Aaron\Desktop\Chrome
2017-02-01 18:20 - 2017-02-01 18:20 - 00000000 ___HD C:\$SysReset
2017-02-01 17:43 - 2017-02-01 17:43 - 01065376 _____ (Google Inc.) C:\Users\Aaron\Downloads\ChromeSetup.exe
2017-02-01 17:12 - 2017-02-02 18:11 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-02-01 17:12 - 2017-02-01 17:12 - 00250208 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-02-01 17:06 - 2017-02-02 21:30 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-01 17:06 - 2017-02-02 21:30 - 00110536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-02-01 17:06 - 2017-02-02 21:30 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-02-01 17:06 - 2017-02-01 18:49 - 00176584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-02-01 17:05 - 2017-02-01 17:05 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-01 17:05 - 2017-02-01 17:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-01 17:05 - 2017-02-01 17:05 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-01 17:05 - 2017-02-01 16:58 - 55566792 _____ (Malwarebytes ) C:\Users\Aaron\Desktop\mb3-setup-consumer-3.0.6.1469.exe
2017-02-01 17:05 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-02-01 16:40 - 2017-02-01 16:40 - 00000000 ____D C:\$WINDOWS.~BT
2017-02-01 16:21 - 2017-02-02 21:39 - 00000000 ____D C:\WINDOWS\Panther
2017-02-01 15:49 - 2017-02-02 17:33 - 00000000 ___HD C:\Program Files (x86)\Regulations
2017-02-01 15:49 - 2017-02-02 17:33 - 00000000 ___HD C:\Program Files (x86)\Polly
2017-02-01 15:49 - 2017-02-02 17:33 - 00000000 ___HD C:\Program Files (x86)\perils
2017-02-01 15:49 - 2017-02-01 15:49 - 00000000 ____D C:\Program Files (x86)\shimmers
2017-02-01 15:46 - 2017-02-01 15:46 - 00719521 _____ C:\WINDOWS\unins000.exe
2017-02-01 15:46 - 2017-02-01 15:46 - 00002943 _____ C:\WINDOWS\unins000.dat
2017-02-01 15:46 - 2017-02-01 15:46 - 00000000 ____D C:\WINDOWS\src_srv
2017-02-01 15:36 - 2017-02-01 15:36 - 00000000 ____D C:\Users\Aaron\AppData\Roaming\PDAppFlex
2017-02-01 14:51 - 2017-02-02 21:32 - 00000480 _____ C:\WINDOWS\Tasks\AVG Driver Updater Startup.job
2017-02-01 14:51 - 2017-02-02 21:30 - 00000534 _____ C:\WINDOWS\Tasks\AVG Driver Updater Scan.job
2017-02-01 14:51 - 2017-02-02 20:42 - 00003324 _____ C:\WINDOWS\System32\Tasks\AVG Driver Updater Scan
2017-02-01 14:51 - 2017-02-02 19:45 - 00002974 _____ C:\WINDOWS\System32\Tasks\AVG Driver Updater Startup
2017-02-01 14:51 - 2017-02-01 14:51 - 00000000 ____D C:\Users\Aaron\AppData\Local\AVG Netherlands BV
2017-02-01 14:49 - 2017-02-02 14:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Driver Updater
2017-02-01 14:49 - 2017-02-02 14:10 - 00000000 ____D C:\Program Files (x86)\AVG Driver Updater
2017-02-01 14:49 - 2017-02-01 14:49 - 00002513 _____ C:\Users\Public\Desktop\AVG Driver Updater.lnk
2017-02-01 14:27 - 2017-02-01 14:27 - 00000000 ____D C:\Users\Aaron\AppData\Local\Chromium
2017-02-01 13:23 - 2017-02-01 13:23 - 00008704 _____ (Maj) C:\WINDOWS\pernicious.exe
2017-01-30 11:36 - 2017-01-30 11:36 - 00108896 _____ C:\Users\Aaron\Desktop\AaronWestCoverLetter.Seattlepi.pdf
2017-01-26 19:50 - 2017-01-26 19:50 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-01-24 17:30 - 2016-12-20 23:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-24 17:30 - 2016-12-20 20:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-24 09:58 - 2017-02-02 17:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-23 14:27 - 2017-01-23 14:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-01-18 17:35 - 2017-02-01 15:19 - 00000000 ____D C:\Users\Aaron\AppData\LocalLow\uTorrent
2017-01-12 11:14 - 2017-01-12 11:14 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-01-12 11:14 - 2017-01-12 11:14 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-01-12 11:14 - 2017-01-12 11:14 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-01-12 01:02 - 2017-01-17 21:43 - 00000000 ____D C:\Users\Aaron\Desktop\Hearst
2017-01-10 21:10 - 2016-12-21 00:08 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-01-10 21:10 - 2016-12-21 00:08 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-01-10 21:10 - 2016-12-21 00:04 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-01-10 21:10 - 2016-12-20 23:49 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-01-10 21:10 - 2016-12-20 23:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-01-10 21:10 - 2016-12-20 23:43 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-01-10 21:10 - 2016-12-20 23:43 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-01-10 21:10 - 2016-12-20 23:43 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-01-10 21:10 - 2016-12-20 23:43 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-01-10 21:10 - 2016-12-20 23:42 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-01-10 21:10 - 2016-12-20 23:42 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-01-10 21:10 - 2016-12-20 23:42 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-01-10 21:10 - 2016-12-20 23:42 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-01-10 21:10 - 2016-12-20 23:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-01-10 21:10 - 2016-12-20 23:41 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-10 21:10 - 2016-12-20 23:37 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-01-10 21:10 - 2016-12-20 23:15 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-10 21:10 - 2016-12-20 23:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-01-10 21:10 - 2016-12-20 23:13 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2017-01-10 21:10 - 2016-12-20 23:12 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2017-01-10 21:10 - 2016-12-20 23:10 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2017-01-10 21:10 - 2016-12-20 23:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-01-10 21:10 - 2016-12-20 23:09 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-01-10 21:10 - 2016-12-20 23:08 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-01-10 21:10 - 2016-12-20 23:08 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-01-10 21:10 - 2016-12-20 23:08 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-01-10 21:10 - 2016-12-20 23:08 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-01-10 21:10 - 2016-12-20 23:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-10 21:10 - 2016-12-20 23:08 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-01-10 21:10 - 2016-12-20 23:07 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-01-10 21:10 - 2016-12-20 23:06 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-01-10 21:10 - 2016-12-20 23:06 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-01-10 21:10 - 2016-12-20 23:06 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-01-10 21:10 - 2016-12-20 23:06 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-01-10 21:10 - 2016-12-20 23:05 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-01-10 21:10 - 2016-12-20 23:05 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-01-10 21:10 - 2016-12-20 23:05 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-01-10 21:10 - 2016-12-20 23:01 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-01-10 21:10 - 2016-12-20 23:00 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2017-01-10 21:10 - 2016-12-20 22:59 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-01-10 21:10 - 2016-12-20 22:59 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-01-10 21:10 - 2016-12-20 22:58 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-01-10 21:10 - 2016-12-20 22:57 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2017-01-10 21:10 - 2016-12-20 22:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-01-10 21:10 - 2016-12-20 22:56 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-01-10 21:10 - 2016-12-20 22:55 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-10 21:10 - 2016-12-20 22:55 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-01-10 21:10 - 2016-12-20 22:54 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2017-01-10 21:10 - 2016-12-20 22:53 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-01-10 21:10 - 2016-12-20 22:53 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-01-10 21:10 - 2016-12-20 22:53 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-01-10 21:10 - 2016-12-20 22:51 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-01-10 21:10 - 2016-12-20 22:51 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-01-10 21:10 - 2016-12-20 22:51 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-01-10 21:10 - 2016-12-20 22:50 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-01-10 21:10 - 2016-12-20 22:49 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-01-10 21:10 - 2016-12-20 22:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-01-10 21:10 - 2016-12-20 22:49 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-01-10 21:10 - 2016-12-20 22:47 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-01-10 21:10 - 2016-12-20 21:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2017-01-10 21:10 - 2016-12-20 21:09 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-01-10 21:10 - 2016-12-20 21:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-01-10 21:10 - 2016-12-20 21:02 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-01-10 21:10 - 2016-12-20 21:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-01-10 21:10 - 2016-12-20 21:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-01-10 21:10 - 2016-12-20 21:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-01-10 21:10 - 2016-12-20 21:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-01-10 21:10 - 2016-12-20 21:01 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-01-10 21:10 - 2016-12-20 20:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2017-01-10 21:10 - 2016-12-20 20:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-01-10 21:10 - 2016-12-20 20:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2017-01-10 21:10 - 2016-12-20 20:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-10 21:10 - 2016-12-20 20:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-01-10 21:10 - 2016-12-20 20:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2017-01-10 21:10 - 2016-12-20 20:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-01-10 21:10 - 2016-12-20 20:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-01-10 21:10 - 2016-12-20 20:39 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-01-10 21:10 - 2016-12-20 20:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-01-10 21:10 - 2016-12-20 20:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2017-01-10 21:10 - 2016-12-20 20:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-01-10 21:10 - 2016-12-20 20:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-01-10 21:10 - 2016-12-20 20:34 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-01-10 21:10 - 2016-12-20 20:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-01-10 21:10 - 2016-12-20 20:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-01-10 21:10 - 2016-12-20 20:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2017-01-10 21:10 - 2016-12-20 20:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-01-10 21:10 - 2016-12-20 20:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-01-10 21:10 - 2016-12-20 20:26 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2017-01-10 21:10 - 2016-12-20 20:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-01-10 21:10 - 2016-12-20 20:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-01-10 21:10 - 2016-12-20 20:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-01-10 21:10 - 2016-12-20 20:24 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-01-10 21:10 - 2016-12-20 20:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-01-10 21:10 - 2016-12-20 20:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-01-10 21:10 - 2016-12-20 20:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-01-10 21:10 - 2016-12-20 20:22 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-01-10 21:10 - 2016-12-13 21:41 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-01-10 21:10 - 2016-12-13 21:41 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-01-10 21:10 - 2016-12-13 21:34 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-01-10 21:10 - 2016-12-13 21:33 - 02169184 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-01-10 21:10 - 2016-12-13 21:33 - 01669984 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-01-10 21:10 - 2016-12-13 21:33 - 01400160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-01-10 21:10 - 2016-12-13 21:33 - 01356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-01-10 21:10 - 2016-12-13 21:33 - 01054048 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2017-01-10 21:10 - 2016-12-13 21:33 - 00992096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2017-01-10 21:10 - 2016-12-13 21:33 - 00822624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-01-10 21:10 - 2016-12-13 21:33 - 00813408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-01-10 21:10 - 2016-12-13 21:33 - 00779616 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2017-01-10 21:10 - 2016-12-13 21:33 - 00752992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-01-10 21:10 - 2016-12-13 21:33 - 00704352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-01-10 21:10 - 2016-12-13 21:33 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-01-10 21:10 - 2016-12-13 21:33 - 00571744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-01-10 21:10 - 2016-12-13 21:33 - 00513376 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2017-01-10 21:10 - 2016-12-13 21:33 - 00406368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-01-10 21:10 - 2016-12-13 21:33 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2017-01-10 21:10 - 2016-12-13 21:33 - 00190816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVDllSurrogate.exe
2017-01-10 21:10 - 2016-12-13 21:26 - 01469792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-01-10 21:10 - 2016-12-13 21:23 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-01-10 21:10 - 2016-12-13 21:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2017-01-10 21:10 - 2016-12-13 21:19 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-01-10 21:10 - 2016-12-13 21:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-01-10 21:10 - 2016-12-13 21:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-01-10 21:10 - 2016-12-13 21:17 - 00319288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-01-10 21:10 - 2016-12-13 21:14 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-01-10 21:10 - 2016-12-13 21:14 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2017-01-10 21:10 - 2016-12-13 21:14 - 00089416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-01-10 21:10 - 2016-12-13 21:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-01-10 21:10 - 2016-12-13 21:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-01-10 21:10 - 2016-12-13 21:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-01-10 21:10 - 2016-12-13 21:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2017-01-10 21:10 - 2016-12-13 21:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2017-01-10 21:10 - 2016-12-13 20:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-01-10 21:10 - 2016-12-13 20:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-01-10 21:10 - 2016-12-13 20:46 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-01-10 21:10 - 2016-12-13 20:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-01-10 21:10 - 2016-12-13 20:43 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-01-10 21:10 - 2016-12-13 20:42 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-01-10 21:10 - 2016-12-13 20:42 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-01-10 21:10 - 2016-12-13 20:42 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-10 21:10 - 2016-12-13 20:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-01-10 21:10 - 2016-12-13 20:41 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-01-10 21:10 - 2016-12-13 20:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-01-10 21:10 - 2016-12-13 20:40 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2017-01-10 21:10 - 2016-12-13 20:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-01-10 21:10 - 2016-12-13 20:40 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-01-10 21:10 - 2016-12-13 20:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-10 21:10 - 2016-12-13 20:39 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-01-10 21:10 - 2016-12-13 20:39 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-01-10 21:10 - 2016-12-13 20:39 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-01-10 21:10 - 2016-12-13 20:38 - 17188864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-01-10 21:10 - 2016-12-13 20:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-01-10 21:10 - 2016-12-13 20:38 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-01-10 21:10 - 2016-12-13 20:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
2017-01-10 21:10 - 2016-12-13 20:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-01-10 21:10 - 2016-12-13 20:36 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-01-10 21:10 - 2016-12-13 20:36 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-01-10 21:10 - 2016-12-13 20:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-01-10 21:10 - 2016-12-13 20:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-01-10 21:10 - 2016-12-13 20:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-01-10 21:10 - 2016-12-13 20:35 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-01-10 21:10 - 2016-12-13 20:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2017-01-10 21:10 - 2016-12-13 20:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2017-01-10 21:10 - 2016-12-13 20:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-01-10 21:10 - 2016-12-13 20:26 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-01-10 21:10 - 2016-12-13 20:26 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-01-10 21:10 - 2016-12-13 20:25 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2017-01-10 21:10 - 2016-12-13 20:24 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2017-01-10 21:10 - 2016-12-13 20:24 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-01-10 21:10 - 2016-12-13 20:23 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-01-10 21:10 - 2016-12-13 20:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-01-10 21:10 - 2016-12-13 20:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-01-10 21:10 - 2016-12-13 20:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2017-01-10 21:10 - 2016-12-13 20:22 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-01-10 21:10 - 2016-12-13 20:22 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-01-10 21:10 - 2016-12-13 20:22 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-01-10 21:10 - 2016-12-13 20:22 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-01-10 21:10 - 2016-12-13 20:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-01-10 21:10 - 2016-11-02 04:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-01-10 21:10 - 2016-11-02 03:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-01-10 21:10 - 2016-11-02 02:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-01-10 21:10 - 2016-11-02 02:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-01-10 21:10 - 2016-11-02 02:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-01-10 21:10 - 2016-08-01 20:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-01-08 14:03 - 2017-01-08 14:03 - 00001149 ____N C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2017-01-08 14:03 - 2017-01-08 14:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2017-01-08 14:03 - 2017-01-08 14:03 - 00000000 ____D C:\Program Files\Oracle
2017-01-08 14:03 - 2016-12-20 16:32 - 00959720 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxDrv.sys
2017-01-08 14:03 - 2016-12-20 16:30 - 00149304 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxUSBMon.sys
2017-01-08 11:24 - 2017-01-08 11:24 - 00001822 ____N C:\Users\Public\Desktop\iTunes.lnk
2017-01-08 11:24 - 2017-01-08 11:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-01-08 11:24 - 2017-01-08 11:24 - 00000000 ____D C:\Program Files\iTunes
2017-01-08 11:24 - 2017-01-08 11:24 - 00000000 ____D C:\Program Files\iPod
2017-01-04 13:57 - 2017-01-04 14:08 - 00250882 _____ C:\Users\Aaron\Documents\AaronWest.CoverLetter.pdf
2017-01-04 12:58 - 2017-01-04 12:58 - 00249277 _____ C:\Users\Aaron\Documents\CoverLetter.AaronWest.pdf
2017-01-03 21:25 - 2017-01-03 21:25 - 00046400 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-01-03 15:04 - 2017-01-03 15:04 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_LifeCamTrueColor_01011.Wdf
2017-01-03 15:04 - 2017-01-03 15:04 - 00000000 ____D C:\WINDOWS\SysWOW64\LifeCamTrueColor
2017-01-03 15:04 - 2017-01-03 15:04 - 00000000 ____D C:\WINDOWS\system32\LifeCamTrueColor

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-02 21:42 - 2016-09-30 18:17 - 00000000 ____D C:\Users\Aaron
2017-02-02 21:40 - 2016-09-30 18:22 - 00039513 _____ C:\WINDOWS\diagwrn.xml
2017-02-02 21:40 - 2016-09-30 18:22 - 00026457 _____ C:\WINDOWS\diagerr.xml
2017-02-02 21:36 - 2015-08-04 22:08 - 01873452 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-02 21:35 - 2016-09-30 18:16 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-02 21:32 - 2016-11-30 11:06 - 00000000 ____D C:\ProgramData\boost_interprocess
2017-02-02 21:32 - 2014-12-09 22:08 - 00000000 ____D C:\Users\Aaron\AppData\Roaming\Spotify
2017-02-02 21:31 - 2016-11-25 23:12 - 00000000 ____D C:\Users\Aaron\AppData\LocalLow\Mozilla
2017-02-02 21:31 - 2014-12-09 22:12 - 00000000 ____D C:\Users\Aaron\AppData\Local\Spotify
2017-02-02 21:30 - 2016-09-30 18:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-02 21:30 - 2016-07-15 22:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-02-02 21:20 - 2016-09-30 18:16 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-02 20:49 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-02 20:41 - 2016-02-13 05:22 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-02-02 20:23 - 2014-12-05 09:03 - 00000000 ____D C:\Users\Aaron\AppData\Local\ElevatedDiagnostics
2017-02-02 20:22 - 2015-03-05 08:24 - 00000000 ____D C:\Users\Aaron\AppData\Local\Adobe
2017-02-02 20:12 - 2016-06-11 10:31 - 00000000 ____D C:\Users\Aaron\AppData\Local\NVIDIA Corporation
2017-02-02 20:07 - 2016-03-06 19:17 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-02-02 19:53 - 2015-08-05 00:33 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-02-02 19:51 - 2016-10-31 09:40 - 00003884 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-02 19:51 - 2016-10-31 09:40 - 00001485 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-02-02 19:51 - 2016-09-30 18:16 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-02 19:51 - 2016-09-30 18:16 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-02 19:51 - 2016-09-30 18:16 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-02 19:51 - 2016-07-16 03:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-02 19:51 - 2016-06-11 10:31 - 00000000 ____D C:\Users\Aaron\AppData\Local\NVIDIA
2017-02-02 19:50 - 2016-10-31 09:40 - 00003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-02 19:50 - 2016-10-31 09:40 - 00003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-02 19:50 - 2016-10-31 09:40 - 00003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-02 19:50 - 2016-10-31 09:40 - 00003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-02 19:50 - 2016-10-31 09:40 - 00003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-02 19:45 - 2016-03-06 23:24 - 00000000 ____D C:\ProgramData\MFAData
2017-02-02 19:37 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\registration
2017-02-02 18:56 - 2016-07-15 22:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-02-02 18:52 - 2013-08-22 07:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-02-02 18:36 - 2016-07-16 03:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-02 18:11 - 2015-04-20 20:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-02 18:01 - 2016-12-07 10:05 - 00000000 ___RD C:\Users\Aaron\Dropbox
2017-02-02 17:48 - 2016-09-30 18:19 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2017-02-02 17:48 - 2016-09-30 18:19 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2017-02-02 17:33 - 2015-04-20 20:22 - 00001052 _____ C:\Users\Public\Desktop\Моzillа Firеfох.lnk
2017-02-02 14:12 - 2016-12-07 10:02 - 00000920 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2017-02-02 14:12 - 2016-12-07 10:02 - 00000916 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2017-02-02 14:12 - 2016-09-30 18:17 - 00000000 ____D C:\Users\Guest
2017-02-02 14:10 - 2014-12-11 23:00 - 00000000 ____D C:\Users\Aaron\Desktop\Writing
2017-02-02 14:10 - 2014-12-05 09:52 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-01 18:52 - 2016-09-30 18:22 - 00003404 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-02-01 18:52 - 2016-09-30 18:22 - 00003180 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-02-01 18:51 - 2016-12-07 10:02 - 00003494 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2017-02-01 18:51 - 2016-12-07 10:02 - 00003270 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2017-02-01 18:45 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-01 17:05 - 2016-03-06 22:07 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-01 15:34 - 2014-12-25 15:31 - 00000000 ____D C:\Users\Aaron\AppData\Roaming\vlc
2017-02-01 15:20 - 2014-12-06 03:14 - 00000000 ____D C:\Users\Aaron\AppData\Roaming\uTorrent
2017-02-01 14:45 - 2016-09-30 18:22 - 00002938 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-844885531-4042678230-2856532195-1001
2017-02-01 14:45 - 2016-09-30 18:22 - 00002338 _____ C:\WINDOWS\System32\Tasks\Tajfe
2017-02-01 14:44 - 2016-12-15 13:41 - 00002830 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-02-01 14:44 - 2016-09-30 18:22 - 00002824 _____ C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-Bronco-Aaron
2017-02-01 14:43 - 2016-09-30 18:22 - 00003798 _____ C:\WINDOWS\System32\Tasks\Java Platform SE Auto Updater
2017-02-01 14:42 - 2014-12-06 10:49 - 00000000 ____D C:\Users\Aaron\AppData\Local\Battle.net
2017-02-01 14:27 - 2015-02-27 23:19 - 00000000 ____D C:\Users\Aaron\AppData\Local\Steam
2017-02-01 08:07 - 2016-09-30 18:22 - 00003668 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task
2017-01-30 00:11 - 2016-11-16 17:51 - 00000000 ____D C:\WINDOWS\Minidump
2017-01-25 19:19 - 2016-07-16 03:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-23 14:27 - 2016-12-07 10:02 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-01-20 18:16 - 2015-08-04 22:31 - 00002399 _____ C:\Users\Aaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-20 18:16 - 2015-08-04 22:31 - 00000000 ___RD C:\Users\Aaron\OneDrive
2017-01-20 10:39 - 2016-10-31 09:40 - 01872320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2017-01-20 10:39 - 2016-10-31 09:40 - 01755072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2017-01-20 10:39 - 2016-10-31 09:40 - 01464768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2017-01-20 10:39 - 2016-10-31 09:40 - 01317312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2017-01-20 10:39 - 2016-10-31 09:40 - 00120256 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2017-01-20 10:39 - 2016-06-11 10:31 - 00046016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2017-01-20 06:07 - 2016-10-31 09:40 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-01-18 01:37 - 2016-04-14 19:27 - 00001009 ____N C:\Users\Public\Desktop\AVG Protection.lnk
2017-01-14 02:46 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\rescache
2017-01-12 10:14 - 2014-12-04 21:13 - 00000000 ____D C:\Users\Aaron\AppData\Local\Packages
2017-01-11 08:26 - 2016-09-30 18:17 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-01-11 08:26 - 2014-12-05 21:12 - 00000000 __SHD C:\Users\Aaron\IntelGraphicsProfiles
2017-01-11 08:25 - 2016-07-16 03:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-11 08:25 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-01-11 08:25 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-11 08:25 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-01-11 08:25 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-01-11 08:25 - 2016-07-16 03:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-01-10 22:40 - 2014-12-06 02:15 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-10 22:39 - 2014-12-06 02:14 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-01-09 16:43 - 2016-03-06 19:18 - 00053008 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\TURegOpt.exe
2017-01-09 05:33 - 2016-03-07 20:40 - 00000000 ____D C:\Users\Aaron\VirtualBox VMs
2017-01-09 05:33 - 2016-03-07 20:39 - 00000000 ____D C:\Users\Aaron\.VirtualBox
2017-01-08 18:03 - 2016-07-28 15:25 - 00000000 ____D C:\Users\Aaron\Desktop\rando
2017-01-08 11:24 - 2016-06-21 14:33 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-01-07 15:52 - 2016-10-31 10:04 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-01-07 00:18 - 2016-10-31 10:07 - 00000000 ____D C:\Program Files (x86)\Overwatch

==================== Files in the root of some directories =======

2015-03-21 17:48 - 2015-03-21 18:16 - 184702896 _____ () C:\Users\Aaron\AppData\Local\ACCCx2_9_1_474.zip.aamdownload
2015-03-21 17:48 - 2015-03-21 18:16 - 0002216 _____ () C:\Users\Aaron\AppData\Local\ACCCx2_9_1_474.zip.aamdownload.aamd
2015-06-09 21:36 - 2015-06-09 21:38 - 182572124 _____ () C:\Users\Aaron\AppData\Local\ACCCx3_0_1_88.zip.aamdownload
2015-06-09 21:36 - 2015-06-09 21:38 - 0002194 _____ () C:\Users\Aaron\AppData\Local\ACCCx3_0_1_88.zip.aamdownload.aamd
2016-09-06 17:45 - 2016-09-06 17:45 - 0002100 _____ () C:\Users\Aaron\AppData\Local\recently-used.xbel

Some files in TEMP:
====================
2017-02-02 19:51 - 2017-01-20 10:39 - 5003712 _____ (NVIDIA Corporation) C:\Users\Aaron\AppData\Local\Temp\NVI2_29.DLL
2016-10-31 09:40 - 2016-09-29 20:25 - 0950328 _____ (NVIDIA Corporation) C:\Users\Aaron\AppData\Local\Temp\NvTelemetry.dll
2016-10-31 09:40 - 2016-09-29 20:25 - 0198200 _____ (NVIDIA Corporation) C:\Users\Aaron\AppData\Local\Temp\NvTelemetryAPI32.dll
2016-10-31 09:40 - 2016-09-29 20:25 - 0242232 _____ (NVIDIA Corporation) C:\Users\Aaron\AppData\Local\Temp\NvTelemetryAPI64.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-29 11:17

==================== End of FRST.txt ============================

 

[Aaron1015]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-01-2017
Ran by Aaron (02-02-2017 21:56:15)
Running from C:\Users\Aaron\Desktop
Windows 10 Pro Version 1607 (X64) (2016-10-01 02:23:01)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Aaron (S-1-5-21-844885531-4042678230-2856532195-1001 - Administrator - Enabled) => C:\Users\Aaron
Administrator (S-1-5-21-844885531-4042678230-2856532195-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-844885531-4042678230-2856532195-503 - Limited - Disabled)
Guest (S-1-5-21-844885531-4042678230-2856532195-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-844885531-4042678230-2856532195-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Internet Security Business Edition (Disabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security Business Edition (Disabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
FW: AVG Internet Security Business Edition (Disabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-844885531-4042678230-2856532195-1001\...\uTorrent) (Version: 3.4.9.43085 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.273 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.2.0.129 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.205 - Adobe Systems Incorporated)
Adobe InDesign CC 2014 (HKLM-x32\...\{CCDCB9C4-72BA-1014-A3F8-D123F2F18BC2}) (Version: 10.2.0.069 - Adobe Systems Incorporated)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
Amazon Kindle (HKU\S-1-5-21-844885531-4042678230-2856532195-1001\...\Amazon Kindle) (Version: 1.17.1.44183 - Amazon)
Ansel (Version: 375.70 - NVIDIA Corporation) Hidden
Apowersoft Free Audio Recorder V3.0.7 (HKLM-x32\...\{E35F91E4-C68C-43E8-BE90-35CDEE4E5730}_is1) (Version: 3.0.7 - APOWERSOFT LIMITED)
Apowersoft Phone Manager version 2.7.4 (HKLM-x32\...\{4A00E3C4-2D0F-4AE7-9F2A-74870BE09EF8}_is1) (Version: 2.7.4 - APOWERSOFT LIMITED)
Apple Application Support (32-bit) (HKLM-x32\...\{D079CAAD-0C31-47A2-9AF5-A82F9CD9B221}) (Version: 5.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{64E6007B-1DA9-42CD-BBE4-D5FA67A7C71D}) (Version: 5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Audio Record Wizard (HKLM-x32\...\Audio Record Wizard) (Version: 6.8 - NowSmart)
AVG (Version: 16.141.7998 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4756 - AVG Technologies) Hidden
AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 16.72.2.55508 - AVG Technologies)
AVG PC TuneUp (x32 Version: 16.72.3 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.141.7998 - AVG Technologies)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BioShock (HKLM-x32\...\Steam App 7670) (Version: - 2K Boston)
BioShock Remastered (HKLM\...\Steam App 409710) (Version: - 2K Boston)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
calibre 64bit (HKLM\...\{DD07C096-6D5C-4DC7-9604-C5B51C6B96D8}) (Version: 2.73.0 - Kovid Goyal)
Dolphin (HKLM-x32\...\Dolphin) (Version: 4.0.2 - Dolphin Development Team)
Dropbox (HKLM-x32\...\Dropbox) (Version: 18.4.32 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
FastStone Photo Resizer 3.5 (HKLM-x32\...\FastStone Photo Resizer) (Version: 3.5 - FastStone Soft.)
FMW 1 (Version: 1.143.3 - AVG Technologies) Hidden
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Graphic Converter for Windows (HKLM-x32\...\{A1AD345F-61F7-48E5-B721-3E1835C0DF92}_is1) (Version: - 321soft.com)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.15.281 - SurfRight B.V.)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
iTunes (HKLM\...\{81C96689-EA5B-4B7D-A04F-16326EC51BC2}) (Version: 12.5.4.42 - Apple Inc.)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.15 - Oracle Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation)
Kentucky Route Zero (HKLM-x32\...\GOGPACKKENTUCKYROUTEZERO_is1) (Version: 2.1.0.3 - GOG.com)
Life Is Strange™ (HKLM\...\Steam App 319630) (Version: - DONTNOD Entertainment)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Mask My IP (HKLM-x32\...\MaskMyIP) (Version: 2.5.0.8 - )
Microsoft OneDrive (HKU\S-1-5-21-844885531-4042678230-2856532195-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Word 2010 (HKLM\...\Office14.WORD) (Version: 14.0.4763.1000 - Microsoft Corporation)
mIRC (HKLM-x32\...\mIRC) (Version: 7.44 - mIRC Co. Ltd.)
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
MyBeeSearchService version 1 (HKLM-x32\...\{376CA350-6C34-4F10-B8DC-586F8CA03009}_is1) (Version: 1 - )
NETGEAR WNA3100 wireless USB 2.0 adapter (HKLM-x32\...\{C2425F91-1F7B-4037-9A05-9F290184798D}) (Version: 1.01.206 - NETGEAR)
Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.11 - Google)
NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version: - )
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 375.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 375.70 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.3.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.3.0.95 - NVIDIA Corporation)
NVIDIA Graphics Driver 375.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 375.70 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.3.5.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Oracle VM VirtualBox 5.1.12 (HKLM\...\{C212962C-71C4-4D9F-B8E0-D2CD00C8B8FE}) (Version: 5.1.12 - Oracle Corporation)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
PhoneRescue 1.7.7 (HKLM-x32\...\{2FAFFE02-4D6B-4C0A-906B-1B33DAF0DD14}}_is1) (Version: 1.7.7 - iMobie Inc.)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.1 - Power Software Ltd)
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.23.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 3.0.23.0 - Renesas Electronics Corporation) Hidden
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
Spotify (HKU\S-1-5-21-844885531-4042678230-2856532195-1001\...\Spotify) (Version: 1.0.45.186.g3b5036d6 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SurfEasy VPN 3.8.523 (HKLM-x32\...\SurfEasy VPN) (Version: 3.8.523 - SurfEasy Inc)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.17-3 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17364 - Microsoft Corporation)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
Worms Armageddon (HKLM-x32\...\Steam App 217200) (Version: - Team17 Digital Ltd)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.72.101 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-844885531-4042678230-2856532195-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {009D4BD3-75E6-4403-9265-96FA327B5A3C} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {15C54852-D289-4516-B0E4-A8671638394C} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {1A37E909-D94B-4F1C-ABB1-2DDB6B65B5F8} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-05-20] (Oracle Corporation)
Task: {264427CE-D5EA-48C8-A9FE-90AF970B5155} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe [2017-01-09] (AVG Technologies CZ, s.r.o.)
Task: {30A6AA23-5067-4771-B265-2D1C1578CC4B} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {3377E9A0-7CB8-427D-A734-63CB8933F025} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-12-07] (Dropbox, Inc.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {5452D05B-6BF4-4DB3-A49B-772E3EDFDA74} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {60F103EA-C97C-4455-ACC0-521B96E411EC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {61D2794F-8DD5-43F6-940C-253266F9AF63} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {62C139B0-47FE-4ABA-913C-E5D26B53ED28} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-20] (NVIDIA Corporation)
Task: {67B3DA40-13B3-463F-8844-B4DA30CE8C20} - System32\Tasks\AdobeAAMUpdater-1.0-Bronco-Aaron => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-07-22] (Adobe Systems Incorporated)
Task: {682861C3-A584-4554-B087-46E3D05C0446} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-01-20] (NVIDIA Corporation)
Task: {6D28DA20-3772-429A-84A2-BB47A90600A5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-06] (Google Inc.)
Task: {6DEB4541-24FC-4B7F-8A65-97B7F9C25479} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe
Task: {707938E5-A5E8-46C4-A1B2-D3E7A917DDBD} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-20] (NVIDIA Corporation)
Task: {78029CDD-8C29-43E7-A97D-BA9FE82B1E47} - System32\Tasks\Tajfe => C:\PROGRA~1\GROOVE~1\Tudlirm.bat <==== ATTENTION
Task: {7C19A724-3DB9-43F3-BF06-D3AF131931E5} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {849EB756-4D08-4B53-97E5-5110F2507403} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {8B240C4A-A908-447E-A36F-B3D8B029E2D2} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {9ECB67CD-FC56-4DCA-B612-1472AD581792} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {9FF8ADA4-8BBA-41C7-8A94-A622CA73C897} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-01-20] (NVIDIA Corporation)
Task: {A36CCC36-7539-4939-91BA-1E56B2AE3768} - System32\Tasks\Mojseaf => C:\PROGRA~1\GROOVE~2\Inemo.bat <==== ATTENTION
Task: {A59811B1-947C-4B64-9889-8BE5CEC2473B} - System32\Tasks\AVG Driver Updater Scan => C:\Program Files (x86)\AVG Driver Updater\AVG Driver Updater.exe [2016-08-10] (AVG Netherlands B.V)
Task: {A93CF928-0C07-4662-9DB0-340547B1E200} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {B2016099-06AF-49AD-B9AA-BF5D83E0843C} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-12-07] (Dropbox, Inc.)
Task: {B2C3CA47-D4AB-4B1B-B46B-FCC94483FEF1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {B608BEA0-D05C-495D-9D43-0FF4121C4F63} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {C24AFC0B-7B0F-4137-B343-6ACDEDA10E3C} - System32\Tasks\{B7D35EB4-BB77-4A1A-8C61-7ACCE9AB0872} => pcalua.exe -a "C:\Program Files (x86)\Bome's SendSX\unins000.exe"
Task: {CB82FDF0-D99C-4AEA-9B2E-7A82A462F0BA} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-20] (NVIDIA Corporation)
Task: {D53A6C25-B580-4947-8AAF-FCF85A12BF19} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-01-20] (NVIDIA Corporation)
Task: {D5975B9B-01B8-428A-AA93-9BDC6F99C96D} - \WPD\SqmUpload_S-1-5-21-844885531-4042678230-2856532195-1001 -> No File <==== ATTENTION
Task: {DC618EBE-D54D-4FDE-841B-9FB21BB87DA3} - System32\Tasks\AVG Driver Updater Startup => C:\Program Files (x86)\AVG Driver Updater\AVG Driver Updater.exe [2016-08-10] (AVG Netherlands B.V)
Task: {E33EF181-94EC-4A7A-AEBE-3EB659D8950D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {EAFEC4FA-F2FE-4455-B8E8-FDEAE92F95A2} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-20] (NVIDIA Corporation)
Task: {F0478DD1-A36B-4020-9432-D40A8629F6B1} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-01-10] (Microsoft Corporation)
Task: {F4505635-47AC-4900-A35E-D7E24BD69AD6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-06] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\AVG Driver Updater Scan.job => C:\Program Files (x86)\AVG Driver Updater\AVG Driver Updater.exe
Task: C:\WINDOWS\Tasks\AVG Driver Updater Startup.job => C:\Program Files (x86)\AVG Driver Updater\AVG Driver Updater.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Public\Desktop\Моzillа Firеfох.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) <===== Cyrillic

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 03:42 - 2016-07-16 03:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-13 14:00 - 2016-12-09 02:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-10-31 09:40 - 2017-01-20 10:39 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-31 09:40 - 2017-01-20 10:39 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-09-28 06:50 - 2016-09-28 06:50 - 01663880 _____ () C:\Program Files (x86)\SurfEasy VPN\client\SurfEasyService.exe
2017-02-01 15:46 - 2017-01-29 03:36 - 00015360 _____ () C:\WINDOWS\src_srv\winsrcsrv.exe
2017-02-01 17:05 - 2017-01-20 07:47 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-02-01 17:05 - 2017-01-20 07:47 - 02829776 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2016-09-30 18:16 - 2016-10-25 12:17 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-12-13 14:00 - 2016-12-09 02:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2015-07-22 00:02 - 2015-07-22 00:02 - 00803488 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2017-02-02 17:28 - 2017-02-02 17:28 - 00154480 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2016-09-30 19:13 - 2016-09-30 19:13 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-10 21:10 - 2016-12-20 23:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-10 21:10 - 2016-12-20 22:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-10 21:10 - 2016-12-20 22:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-10 21:10 - 2016-12-20 22:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-10 21:10 - 2016-12-20 22:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-10 21:10 - 2016-12-20 22:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-10 21:10 - 2016-12-20 22:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2014-12-04 21:49 - 2010-08-26 17:47 - 04577760 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
2015-07-22 00:02 - 2015-07-22 00:02 - 31535264 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2016-10-31 09:40 - 2017-01-20 10:39 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-10-31 09:40 - 2017-01-20 10:39 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-31 09:40 - 2017-01-20 10:39 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2014-12-04 21:49 - 2010-02-03 11:31 - 00282624 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvcLib.dll
2015-07-22 14:32 - 2015-07-22 14:32 - 36732592 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2017-01-05 12:30 - 2017-01-05 12:30 - 48920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
2016-10-31 09:40 - 2017-01-20 05:36 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-10-31 09:40 - 2017-01-20 05:36 - 00254008 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-10-31 09:40 - 2017-01-20 05:36 - 02808888 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-10-31 09:40 - 2017-01-20 05:36 - 00384568 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-10-31 09:40 - 2017-01-20 05:36 - 00537656 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-10-31 09:40 - 2017-01-20 05:36 - 00468024 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-10-31 09:40 - 2017-01-20 05:36 - 01066552 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2017-02-02 19:51 - 2017-01-20 05:36 - 01014840 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSDKAPINode.node

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-844885531-4042678230-2856532195-1001\Software\Classes\regfile: regedit.exe "%1" <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 05:25 - 2017-02-02 17:33 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-844885531-4042678230-2856532195-1001\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-844885531-4042678230-2856532195-501\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.1 - 205.171.2.25
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: avgfws => 2
MSCONFIG\Services: avgsvc => 2
MSCONFIG\Services: avgwd => 2
HKLM\...\StartupApproved\StartupFolder: => "NETGEAR WNA3100 Smart Wizard.lnk"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "NvBackend"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "BCSSync"
HKLM\...\StartupApproved\Run: => "liverpudlian"
HKLM\...\StartupApproved\Run: => "liverpudlianliverpudlian"
HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
HKLM\...\StartupApproved\Run: => "ZAM"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run32: => "AVG_UI"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "PWRISOVM.EXE"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "RUSB3MON"
HKLM\...\StartupApproved\Run32: => "dply_en_015020259"
HKLM\...\StartupApproved\Run32: => "ospd_us_037010259"
HKLM\...\StartupApproved\Run32: => "sun13"
HKLM\...\StartupApproved\Run32: => "AvgUi"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "exorcise"
HKLM\...\StartupApproved\Run32: => "exorciseexorcise"
HKU\S-1-5-21-844885531-4042678230-2856532195-1001\...\StartupApproved\StartupFolder: => "Storm Alerts.lnk"
HKU\S-1-5-21-844885531-4042678230-2856532195-1001\...\StartupApproved\StartupFolder: => "glittered.lnk"
HKU\S-1-5-21-844885531-4042678230-2856532195-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-844885531-4042678230-2856532195-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_45B9DB4CF259327B5D31697391F8B178"
HKU\S-1-5-21-844885531-4042678230-2856532195-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-844885531-4042678230-2856532195-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-844885531-4042678230-2856532195-1001\...\StartupApproved\Run: => "dbahal"
HKU\S-1-5-21-844885531-4042678230-2856532195-1001\...\StartupApproved\Run: => "Windi"
HKU\S-1-5-21-844885531-4042678230-2856532195-1001\...\StartupApproved\Run: => "Prt"
HKU\S-1-5-21-844885531-4042678230-2856532195-1001\...\StartupApproved\Run: => "AceStream"
HKU\S-1-5-21-844885531-4042678230-2856532195-1001\...\StartupApproved\Run: => "maid"
HKU\S-1-5-21-844885531-4042678230-2856532195-1001\...\StartupApproved\Run: => "maidmaid"
HKU\S-1-5-21-844885531-4042678230-2856532195-1001\...\StartupApproved\Run: => "unrequested"
HKU\S-1-5-21-844885531-4042678230-2856532195-1001\...\StartupApproved\Run: => "unrequestedunrequested"
HKU\S-1-5-21-844885531-4042678230-2856532195-1001\...\StartupApproved\Run: => "shiah"
HKU\S-1-5-21-844885531-4042678230-2856532195-1001\...\StartupApproved\Run: => "mabey"
HKU\S-1-5-21-844885531-4042678230-2856532195-501\...\StartupApproved\Run: => "OneDriveSetup"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{932BE7A8-B69A-4499-AC72-180065EF828A}] => C:\Program Files (x86)\Apowersoft\Apowersoft Phone Manager\iOS Recorder.exe
FirewallRules: [{3C5A0AF3-310B-45D1-A96D-EB8A3207672D}] => C:\Program Files (x86)\Apowersoft\Apowersoft Phone Manager\iOS Recorder.exe
FirewallRules: [{22DF9C11-3CC9-4540-8810-370B8142456C}] => C:\Program Files (x86)\Apowersoft\Apowersoft Phone Manager\iOS Recorder.exe
FirewallRules: [{2CB15179-A388-4CFD-A4C0-6DBC174AA407}] => C:\Program Files (x86)\Apowersoft\Apowersoft Phone Manager\iOS Recorder.exe
FirewallRules: [{9F73E2D1-90D5-4DB3-AE0D-981F8A9DAFC2}] => C:\Program Files (x86)\Apowersoft\Apowersoft Phone Manager\ApowersoftAndroidDaemon.exe
FirewallRules: [{2BB86FB1-9EAC-4B7D-9124-8E7143F1BD22}] => C:\Program Files (x86)\Apowersoft\Apowersoft Phone Manager\ApowersoftAndroidDaemon.exe
FirewallRules: [{EEF6A533-DFE5-4EB6-B1D2-1B8926180268}] => C:\Program Files (x86)\Apowersoft\Apowersoft Phone Manager\Apowersoft Phone Manager.exe
FirewallRules: [{9733E703-3E15-467F-BC47-A2DB63D2EE48}] => C:\Program Files (x86)\Apowersoft\Apowersoft Phone Manager\Apowersoft Phone Manager.exe
FirewallRules: [{CBF52DEF-3E07-4ADE-8AA9-AD2B5CDFE69A}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D7D27FCE-79C3-43EC-B3A4-AE1DFA6B6C0B}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3CC11EF3-4920-491B-8BE2-B64170EC700A}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9BC0E3AC-C2ED-41FE-99B1-197ADF3433A8}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{303FFC56-FBE4-49E9-9AB6-5C9B43716CF8}] => LPort=35722
FirewallRules: [{8436E7B2-AD65-462F-96A3-C24E7B9030A0}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A0D9EEA2-9E89-47DE-95EE-2F4AFDB248E7}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{EB1C55AB-A0BD-4416-B8F6-FFF49FC7A293}C:\users\aaron\appdata\roaming\spotify\spotify.exe] => C:\users\aaron\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{F715064F-237D-41F4-B471-BD4D3C1CD267}C:\users\aaron\appdata\roaming\spotify\spotify.exe] => C:\users\aaron\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{47715355-150F-45EF-99FA-3E6D4B860E9B}C:\users\aaron\appdata\roaming\spotify\spotify.exe] => C:\users\aaron\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{DF4A00EE-2577-4568-ABB6-7B5BAB9A262C}C:\users\aaron\appdata\roaming\spotify\spotify.exe] => C:\users\aaron\appdata\roaming\spotify\spotify.exe
FirewallRules: [{97739468-97F3-42F6-952C-E54FE7255BDE}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C5210843-12C4-43C9-92E7-C414D98E2191}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{864D1F5F-9A01-4D51-939E-1512D838DC6B}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{1DD33674-6341-44A7-8B17-5BF1E9BF4018}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{17FE410A-7721-4878-9F73-99FB9739712A}] => C:\Program Files (x86)\Steam\steamapps\common\Bioshock\Builds\Release\Bioshock.exe
FirewallRules: [{124388F7-BB1B-439F-A124-CC6DF2DBB3CA}] => C:\Program Files (x86)\Steam\steamapps\common\Bioshock\Builds\Release\Bioshock.exe
FirewallRules: [{F658280A-7B9E-4BA0-B9CA-590E9B883A9B}] => C:\Users\Aaron\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{80BE048A-D316-4B97-B3E0-0F813327AF44}] => C:\Users\Aaron\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{13E67045-9541-413F-AA3E-14BBC76E3E88}] => C:\Program Files (x86)\Steam\steamapps\common\Worms Armageddon\WA.exe
FirewallRules: [{5048D6E6-362A-4D31-B353-1ED0A960BF09}] => C:\Program Files (x86)\Steam\steamapps\common\Worms Armageddon\WA.exe
FirewallRules: [{8ED6D7B5-A748-46DE-B740-FFB675ABF5E4}] => %ProgramFiles% (x86)\Image-Line\FL Studio 12\FL64.exe
FirewallRules: [{FC7055E6-218B-44CD-8ECD-6BAF13199FA2}] => %ProgramFiles% (x86)\Image-Line\FL Studio 12\FL.exe
FirewallRules: [{234E81D5-DE9F-48C0-A03D-48A464B3D6D8}] => C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{AFAA9EC6-F045-4BED-9DF4-FCF6AAEBFC4E}] => C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{746F988B-519E-4789-9C30-FACB874B6715}] => C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [TCP Query User{D72AC60B-EEEF-4A56-896E-9C0202351585}C:\program files (x86)\mirc\mirc.exe] => C:\program files (x86)\mirc\mirc.exe
FirewallRules: [UDP Query User{6D9F135A-9698-4B6A-86E2-B0AF23626D5F}C:\program files (x86)\mirc\mirc.exe] => C:\program files (x86)\mirc\mirc.exe
FirewallRules: [{3E010269-BD6D-41EC-86B6-532D38E23A7E}] => C:\Program Files (x86)\Apowersoft\Apowersoft Free Audio Recorder\Apowersoft Free Audio Recorder.exe
FirewallRules: [{B7D6467B-7F1E-46B2-823C-3446F8681BE5}] => C:\Program Files (x86)\Apowersoft\Apowersoft Free Audio Recorder\Apowersoft Free Audio Recorder.exe
FirewallRules: [{86F6FB3A-C0A7-4092-A4AE-BA5030A6D8CD}] => C:\Users\Aaron\AppData\Roaming\ACEStream\engine\ace_engine.exe
FirewallRules: [{71583D3F-D866-487D-B499-7EC71DC2F998}] => C:\Users\Aaron\AppData\Roaming\ACEStream\engine\ace_engine.exe
FirewallRules: [TCP Query User{738498F0-0CC9-4107-91BA-14446D11EA77}C:\program files (x86)\overwatch\overwatch.exe] => C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{7915A897-0C28-42F6-9229-B4957C0890D5}C:\program files (x86)\overwatch\overwatch.exe] => C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{DE736B1C-78E8-4E26-9B01-D266BB32A5FC}] => C:\Program Files (x86)\Steam\steamapps\common\BioShock Remastered\Build\Final\Bioshock.exe
FirewallRules: [{AD42B1BD-D447-404E-BED9-DCAA12A8F11F}] => C:\Program Files (x86)\Steam\steamapps\common\BioShock Remastered\Build\Final\Bioshock.exe
FirewallRules: [{321B926B-9166-4B8B-9AA5-784CC6271FEA}] => C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{31C18474-2D54-471D-9CA7-E41930274836}] => C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{BB054455-F07A-4043-A31B-2A0AC8DC8AA7}] => C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{22035FF9-B2B1-4A2E-BC1B-3C57CA50E800}] => C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{06DBC068-5CE7-41C8-852C-760546FDC4DD}] => C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{8D8E1C5F-E031-4BE6-9FE7-E97C39C7FF45}] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{14DE5D46-9CD1-4507-BBAB-E144F4E59256}] => C:\Program Files (x86)\Steam\steamapps\common\BioShock Remastered\Build\Final\BioshockHD.exe
FirewallRules: [{2966EF78-C388-4E64-8D45-5D299ECE4E0D}] => C:\Program Files (x86)\Steam\steamapps\common\BioShock Remastered\Build\Final\BioshockHD.exe
FirewallRules: [{07E1A9CE-0DB5-48EB-989F-C8159DCBE849}] => C:\Program Files (x86)\Regulations\maj.exe
FirewallRules: [{B708980D-9642-47A0-80AD-7D6FEB273481}] => C:\Program Files (x86)\Polly\maj.exe
FirewallRules: [{35D8B4AD-67F5-411F-8D09-8CC0486D97EC}] => C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{14A6787D-EBDC-4159-BFF2-7BA9A41CCA76}] => C:\WINDOWS\system32\rundll32.exe
FirewallRules: [TCP Query User{A5DE357E-7BC2-4879-9D77-9E43636AD04B}C:\users\aaron\desktop\chrome\application\new_chrome.exe] => C:\users\aaron\desktop\chrome\application\new_chrome.exe
FirewallRules: [UDP Query User{4AEB3093-15B6-40BA-98B2-18C30EE30384}C:\users\aaron\desktop\chrome\application\new_chrome.exe] => C:\users\aaron\desktop\chrome\application\new_chrome.exe
FirewallRules: [{683C8F0E-B58E-4A0E-86EA-7D1333D18BDF}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{FE12FCB4-0F40-4506-A5A7-41A2FEC6419A}] => C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{CE100C4F-B91F-4F08-B098-798A4B8AF709}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{B13D4DDE-1DF5-4731-A410-B65955D1FBE3}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{49E72E1C-0BDB-45F0-BB3A-9ED108BF042E}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

==================== Restore Points =========================

01-02-2017 18:53:01 Removed AVG Driver Updater
02-02-2017 09:21:36 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/02/2017 09:34:06 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Bronco)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147023169 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (02/02/2017 09:34:06 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Bronco)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (02/02/2017 09:29:57 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1533) (User: NT AUTHORITY)
Description: Windows cannot delete the profile directory C:\Users\TEMP. This error may be caused by files in this directory being used by another program.

DETAIL - The directory is not empty.

Error: (02/02/2017 08:45:23 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Bronco)
Description: Package Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe+MicrosoftEdge was terminated because it took too long to suspend.

Error: (02/02/2017 08:44:26 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Bronco)
Description: Package Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe+MicrosoftEdge#{5aacce6f-5bf6-418b-ac1f-47b1a7aebe2c} was terminated because it took too long to suspend.

Error: (02/02/2017 08:44:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.14393.82, time stamp: 0x57a55786
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x23fc
Faulting application start time: 0x01d27dd7f5707eb4
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report Id: 50148da6-f51f-491d-9527-055cc920be64
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge

Error: (02/02/2017 08:41:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.415, time stamp: 0x5881b7a1
Faulting module name: ntdll.dll, version: 10.0.14393.479, time stamp: 0x5825887f
Exception code: 0xc0000005
Fault offset: 0x0000000000035793
Faulting process id: 0xbcc
Faulting application start time: 0x01d27dd7b33361a0
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 36bbb863-32f1-4212-bbbb-07f7841e01f0
Faulting package full name:
Faulting package-relative application ID:

Error: (02/02/2017 08:41:03 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: Bronco)
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Error: (02/02/2017 08:41:03 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: Bronco)
Description: Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on.

Error: (02/02/2017 08:41:03 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: Bronco)
Description: Windows cannot load the locally stored profile. Possible causes of this error include insufficient security rights or a corrupt local profile.

DETAIL - The process cannot access the file because it is being used by another process.


System errors:
=============
Error: (02/02/2017 09:39:42 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/02/2017 09:38:54 PM) (Source: DCOM) (EventID: 10010) (User: Bronco)
Description: The server {005A3A96-BAC4-4B0A-94EA-C0CE100EA736} did not register with DCOM within the required timeout.

Error: (02/02/2017 09:33:55 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

Error: (02/02/2017 09:30:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/02/2017 09:29:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/02/2017 08:44:46 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

Error: (02/02/2017 08:43:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Malwarebytes Service service terminated unexpectedly. It has done this 1 time(s).

Error: (02/02/2017 08:42:43 PM) (Source: DCOM) (EventID: 10016) (User: Bronco)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9E175B6D-F52A-11D8-B9A5-505054503030}
and APPID
{9E175B9C-F52A-11D8-B9A5-505054503030}
to the user Bronco\Aaron SID (S-1-5-21-844885531-4042678230-2856532195-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe SID (S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194). This security permission can be modified using the Component Services administrative tool.

Error: (02/02/2017 08:42:13 PM) (Source: DCOM) (EventID: 10016) (User: Bronco)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{260EB9DE-5CBE-4BFF-A99A-3710AF55BF1E}
and APPID
{260EB9DE-5CBE-4BFF-A99A-3710AF55BF1E}
to the user Bronco\Aaron SID (S-1-5-21-844885531-4042678230-2856532195-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.14393.693_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool.

Error: (02/02/2017 08:41:23 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================
Date: 2017-02-02 21:55:13.105
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-02 21:55:13.064
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-02 21:30:29.108
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-02 21:30:29.105
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-02 21:30:29.092
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\msvcp140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-02 21:30:28.967
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\msvcp140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-02 21:30:28.943
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-02 21:30:28.908
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-02 21:30:28.741
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Windows\WinSxS\amd64_avg.vc140.crt_f92d94485545da78_14.0.24210.0_none_69fa0197d9b096ae\vcruntime140.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-02-02 21:03:05.075
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU G3258 @ 3.20GHz
Percentage of memory in use: 16%
Total physical RAM: 24461.97 MB
Available physical RAM: 20531.34 MB
Total Virtual: 25997.97 MB
Available Virtual: 21870.68 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:222.17 GB) (Free:89.19 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 223.6 GB) (Disk ID: ED1F1945)

Partition: GPT.

==================== End of Addition.txt ============================

 

[TwinHeadedEagle]

Hello,

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

​

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finishes FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

 

[Aaron1015]

Hi,
Thanks for your help. Last night at about 10 p.m. (PST) I ran FRST as an admin and clicked "fix" once, with the fixlist.txt file saved on the desktop next to it. This morning it's still running! Is that a normal amount of time for this or should I restart and try again?

 

[TwinHeadedEagle]

Reboot your computer and then try again.

 

[Aaron1015]

I've rebooted a few times and restarted the fix, but it didn't finish any of those times (when I try to exit the program there's no response, I have to end task in task manager to get FRST to close). I reran a scan and have attached it here (apparently it uploaded successfully this time).

 

[TwinHeadedEagle]

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

​

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finishes FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

 

[Aaron1015]

OK, the FRST fix ran successfully this time. Here's the fixlog file:

 

[TwinHeadedEagle]

How is your PC behaving now?

 

[Aaron1015]

Seems like it's way better now. No problems with restart, no slow processing. I ran a ZAM scan and it came up with one "suspicious" threat, which was a fake shortcut that it repaired. I think it's good now. Thank you, champion! Holler at me with any final suggestions or scans I should do if you think it's necessary.

 

[Aaron1015]

I just ran a scan with Malware Bytes and it picked up a couple things. Not sure if any of this matters/is related or not, but FYI in case it does. (screenshot of scan results attached)

 

[TwinHeadedEagle]

Yes, you can remove these remnants.


Since there are no more problems, we can declare this PC clean

Now, we can proceed with post-cleanup procedures. Let's remove my tools and create a new, non infected restore point concurrently deleting old ones.


Step 1. - Creation of system restore point and tools removal.


Download DelFix by Xplode and save it to your desktop.

• Run the tool by right click on the
  
  icon and Run as administrator option.
• Make sure that these ones are checked:
  • Remove disinfection tools
  • Purge system restore
  • Reset system settings
• Push Run and wait until the tool completes his work.
• All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt). I don't need it for review.

Tool deletes old system restore points and creates a fresh system restore point after cleaning.


Step 2. - Tips and tricks to keep your computer clean, safe and in a good shape.


Security tips - highly recommended reading:

• Simple and easy ways to keep your computer safe and secure on the Internet

Maintenance tips:

• Optimize Windows for better performance

Additional software that I personally use and install on all my clients devices:

• Zemana AntiMalware (paid version highly recommended) - to work as a supplement for your antivirus but with excellent remediation and protection
• Zemana AntiLogger - keep everything you type on keyboard out of sight of bad guys trying to steal your credantials
• Malwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.
• McShield - to prevent infections spread by removable media.
• Unchecky - to prevent from installing additional foistware, implemented in legitimate installations.
• uBlock - to surf the web without annoying ads!
• Qualys BrowserCheck - cloud service that scans your browsers and plugins to see if they’re all up-to-date.

My help is free for everybody.
If you're happy with the help provided and/or wish to show your appreciaton, please consider a donation:
Thank you!​

Stay safe,
TwinHeadedEagle