Recent Posts

Pages: 1 2 [3] 4 5 ... 10
21
Analysis and Malware Removal / Re: i couldnt submit the rgsa log with 32 bit system
« Last post by Corrine on December 07, 2016, 04:46:12 PM »
Seeing the state of your computer, I have doubts as to whether it can be recovered.  However, I'd like you to start with a combination Malwarebytes threat/rootkit scan.  Note that the scan may take some time to complete.

Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-2.X.X.XXXX.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
    • Right-click Malwarebytes and choose "Run as administrator" and from the Dashboard please "Check for Updates" by clicking the Update Now... link
    • On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits' and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
    • Click on the Scan tab, then click on Scan Now >>.
    • A Threat Scan will begin.
    • With some infections, you may see this message box.
      • 'Could not load DDA driver'
    • Click 'Yes' to this message, to allow the driver to load after a restart.
    • Allow the computer to restart. Continue with the rest of these instructions.
    • When the scan is complete, click Apply Actions.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    • Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button.  Paste the results on your next reply.
22
Meet & Greet! / Re: Welcome New Members!
« Last post by Corrine on December 07, 2016, 03:52:13 PM »
Welcome, maajin-kisho!
23
Analysis and Malware Removal / i couldnt submit the rgsa log with 32 bit system
« Last post by maajin-kisho on December 07, 2016, 03:21:37 PM »
i couldnt install any antivirus softwares and if i try to do it shows error messages . it shuts down the internet facility if i try to install avg antivirus .it all started when i downloaded a game content . avast shows error message.i tried to do system restore but even in safe mode it doesnt help.i submitted the two logs but i cant find rgsa insatller for 32 bit i searched many sites for it .pls help me out of this problem guys  :(

Edited by Corrine to paste logs:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-12-2016
Ran by person personXC (administrator) on PERSONPERSONXC (07-12-2016 22:21:22)
Running from C:\Users\person personXC\Downloads
Loaded Profiles: person personXC (Available Profiles: person personXC)
Platform: Microsoft Windows 7 Ultimate  (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(HP) C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
(CANON INC.) C:\Windows\System32\CNAB4RPK.EXE
(Mediatek Inc.) C:\Program Files\MediatekWiFi\Common\RaRegistry.exe
(Nalpeiron Ltd.) C:\Windows\System32\nlssrv32.exe
(Realtek) C:\Program Files\REALTEK\USB Wireless LAN Utility\RtlService.exe
(Realtek Semiconductor Corp.) C:\Program Files\REALTEK\USB Wireless LAN Utility\RtWLan.exe
() C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
() C:\Windows\runSW.exe
(Realtek) C:\Windows\SwUSB.exe
() C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe
() C:\Users\person personXC\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe
(zdengine) C:\Program Files\OtherSearch\zdengine.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Program Files\HP\StatusAlerts\bin\HPStatusAlerts.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
() C:\Program Files\021483EBJP\021483EBJ.exe
() C:\Program Files\BestCleaner\C0QU1RVUSD.exe
() C:\Program Files\98XJ32Y6P7\98XJ32Y6P.exe
() C:\Users\person personXC\AppData\Local\Temp\NICZPQ02J\NICZPQ02J.exe
(Mediatek Inc.) C:\Program Files\MediatekWiFi\Common\RaUI.exe
(Groom-A-Zebu (tm)  ) C:\Windows\vgagfx.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Groom-A-Zebu (tm)  ) C:\Windows\vgagfx.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [StatusAlerts] => C:\Program Files\HP\StatusAlerts\bin\HPStatusAlerts.exe [330040 2014-02-12] (Hewlett-Packard Company)
HKLM\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [418952 2016-02-10] (Power Software Ltd)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [8897712 2016-12-07] (AVAST Software)
HKLM\...\RunOnce: [OMEWPRODUCT_PNDJM] => C:\Program Files\BestCleaner\QQR30X.exe [517632 2016-12-07] (QTZN) <===== ATTENTION
HKU\S-1-5-21-2235621811-843909008-2094985877-1000\...\Run: [{75B33843-4F88-4C68-BF09-1555AF0AC01C}] => powershell.exe -noprofile -windowstyle hidden -executionpolicy bypass iex ([Text.Encoding]::ASCII.GetString([Convert]::FromBase64String((gp 'HKCU:\Software\Classes\uohybDR').QaCihWFQKJiSLp)));
HKU\S-1-5-21-2235621811-843909008-2094985877-1000\...\Run: [Chromium] => c:\users\person personxc\appdata\local\chromium\application\chrome.exe [1068544 2016-03-18] (The Chromium Authors)
HKU\S-1-5-21-2235621811-843909008-2094985877-1000\...\Run: [6ZAWARUKKH] => C:\Program Files\021483EBJP\021483EBJ.exe [369664 2016-12-07] ()
HKU\S-1-5-21-2235621811-843909008-2094985877-1000\...\Run: [8769T322LU] => C:\Program Files\BestCleaner\C0QU1RVUSD.exe [369664 2016-12-07] () <===== ATTENTION
HKU\S-1-5-21-2235621811-843909008-2094985877-1000\...\Run: [WBWDHBNVUX] => C:\Program Files\98XJ32Y6P7\98XJ32Y6P.exe [369664 2016-12-07] ()
HKU\S-1-5-21-2235621811-843909008-2094985877-1000\...\Run: [I11IYRGXCC] => "C:\Program Files\PublicHotspot\FPHTC84UY8.exe"
HKU\S-1-5-21-2235621811-843909008-2094985877-1000\...\Run: [44ZG7NG01V] => C:\Users\person personXC\AppData\Local\Temp\NICZPQ02J\NICZPQ02J.exe [369664 2016-12-07] () <===== ATTENTION
ShellExecuteHooks:  - {9E2BC898-AB3F-11E6-A910-64006A5CFC23} - C:\Users\person personXC\AppData\Roaming\Weberck\Roruwardgricuther.dll No File [ ]
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-12-07] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Canon LBP2900 Status Window.lnk [2016-12-07]
ShortcutTarget: Canon LBP2900 Status Window.lnk -> C:\Windows\System32\spool\drivers\w32x86\3\CNAB4LAK.EXE (CANON INC.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Mediatek Wireless Utility.lnk [2016-12-07]
ShortcutTarget: Mediatek Wireless Utility.lnk -> C:\Program Files\MediatekWiFi\Common\RaUI.exe (Mediatek Inc.)
Startup: C:\Users\person personXC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2016-11-06]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (No File)
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicy\User: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-2235621811-843909008-2094985877-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9 01 C:\Windows\system32\zdengine.dll [301711 2016-12-07] (zdengine)
Winsock: Catalog9 02 C:\Windows\system32\zdengine.dll [301711 2016-12-07] (zdengine)
Winsock: Catalog9 03 C:\Windows\system32\zdengine.dll [301711 2016-12-07] (zdengine)
Winsock: Catalog9 04 C:\Windows\system32\zdengine.dll [301711 2016-12-07] (zdengine)
Winsock: Catalog9 23 C:\Windows\system32\zdengine.dll [301711 2016-12-07] (zdengine)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{9CAF07AF-C439-4152-9524-338559D4D6C3}: [NameServer] 8.8.8.8 4.2.2.3
ManualProxies: 0file://C:\Windows\System32\Drivers\iexplore.pac

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://in.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_45&param1=1&param2=f%3D1%26b%3DIE%26cc%3Din%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0CtDyB0C0DtC0FyB0FtD0F0ByE0E0FtDtN0D0Tzu0StCyByBtAtN1L2XzutAtFtByEtFtByBtFyDyDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBzz0AyD0D0ByC0BtGtBtDyCtDtGyCyDyD0EtGtD0AyD0FtGyByCtBtAtA0D0EyB0D0E0ByE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBzzzytByDtA0DtDtGtAyC0BtBtGyEtDyB0EtG0A0AyC0DtGyE0C0F0C0D0D0EtBtBtDzytC2QtN0A0LzuyE%26cr%3D1888047861%26a%3Dwbf_fs_16_45%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
HKU\S-1-5-21-2235621811-843909008-2094985877-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://in.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_45&param1=1&param2=f%3D1%26b%3DIE%26cc%3Din%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0CtDyB0C0DtC0FyB0FtD0F0ByE0E0FtDtN0D0Tzu0StCyByBtAtN1L2XzutAtFtByEtFtByBtFyDyDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBzz0AyD0D0ByC0BtGtBtDyCtDtGyCyDyD0EtGtD0AyD0FtGyByCtBtAtA0D0EyB0D0E0ByE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBzzzytByDtA0DtDtGtAyC0BtBtGyEtDyB0EtG0A0AyC0DtGyE0C0F0C0D0D0EtBtBtDzytC2QtN0A0LzuyE%26cr%3D1888047861%26a%3Dwbf_fs_16_45%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate
HKU\S-1-5-21-2235621811-843909008-2094985877-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-in/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://in.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_45&param1=1&param2=f%3D4%26b%3DIE%26cc%3Din%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0CtDyB0C0DtC0FyB0FtD0F0ByE0E0FtDtN0D0Tzu0StCyByBtAtN1L2XzutAtFtByEtFtByBtFyDyDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBzz0AyD0D0ByC0BtGtBtDyCtDtGyCyDyD0EtGtD0AyD0FtGyByCtBtAtA0D0EyB0D0E0ByE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBzzzytByDtA0DtDtGtAyC0BtBtGyEtDyB0EtG0A0AyC0DtGyE0C0F0C0D0D0EtBtBtDzytC2QtN0A0LzuyE%26cr%3D1888047861%26a%3Dwbf_fs_16_45%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://in.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_45&param1=1&param2=f%3D4%26b%3DIE%26cc%3Din%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0CtDyB0C0DtC0FyB0FtD0F0ByE0E0FtDtN0D0Tzu0StCyByBtAtN1L2XzutAtFtByEtFtByBtFyDyDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBzz0AyD0D0ByC0BtGtBtDyCtDtGyCyDyD0EtGtD0AyD0FtGyByCtBtAtA0D0EyB0D0E0ByE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBzzzytByDtA0DtDtGtAyC0BtBtGyEtDyB0EtG0A0AyC0DtGyE0C0F0C0D0D0EtBtBtDzytC2QtN0A0LzuyE%26cr%3D1888047861%26a%3Dwbf_fs_16_45%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2235621811-843909008-2094985877-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://in.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_45&param1=1&param2=f%3D4%26b%3DIE%26cc%3Din%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0CtDyB0C0DtC0FyB0FtD0F0ByE0E0FtDtN0D0Tzu0StCyByBtAtN1L2XzutAtFtByEtFtByBtFyDyDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBzz0AyD0D0ByC0BtGtBtDyCtDtGyCyDyD0EtGtD0AyD0FtGyByCtBtAtA0D0EyB0D0E0ByE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBzzzytByDtA0DtDtGtAyC0BtBtGyEtDyB0EtG0A0AyC0DtGyE0C0F0C0D0D0EtBtBtDzytC2QtN0A0LzuyE%26cr%3D1888047861%26a%3Dwbf_fs_16_45%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2235621811-843909008-2094985877-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://in.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_45&param1=1&param2=f%3D4%26b%3DIE%26cc%3Din%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0CtDyB0C0DtC0FyB0FtD0F0ByE0E0FtDtN0D0Tzu0StCyByBtAtN1L2XzutAtFtByEtFtByBtFyDyDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StBzz0AyD0D0ByC0BtGtBtDyCtDtGyCyDyD0EtGtD0AyD0FtGyByCtBtAtA0D0EyB0D0E0ByE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StBzzzytByDtA0DtDtGtAyC0BtBtGyEtDyB0EtG0A0AyC0DtGyE0C0F0C0D0D0EtBtBtDzytC2QtN0A0LzuyE%26cr%3D1888047861%26a%3Dwbf_fs_16_45%26os_ver%3D6.1%26os%3DWindows%2B7%2BUltimate&p={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll => No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2016-07-18] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-12-07] (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2016-07-18] (Oracle Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-12-07]
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2016-07-18] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2016-07-18] (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-12-07] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-12-07] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-10-16] (VideoLAN)

Chrome:
=======
CHR DefaultProfile: ChromeDefaultData
CHR HomePage: ChromeDefaultData -> hxxp://www.trotux.com/?z=77ac20f26eb1e49be5f88c0g8z1begeg1e1e0m2w9c&from=icb&uid=ST1000DM003-1SB102_Z9A3M0V9XXXXZ9A3M0V9&type=hp
CHR StartupUrls: ChromeDefaultData -> "hxxp://www.trotux.com/?z=77ac20f26eb1e49be5f88c0g8z1begeg1e1e0m2w9c&from=icb&uid=ST1000DM003-1SB102_Z9A3M0V9XXXXZ9A3M0V9&type=hp"
CHR DefaultSearchURL: ChromeDefaultData -> hxxp://www.trotux.com/search/?q={searchTerms}&z=77ac20f26eb1e49be5f88c0g8z1begeg1e1e0m2w9c&from=icb&uid=ST1000DM003-1SB102_Z9A3M0V9XXXXZ9A3M0V9&type=sp
CHR DefaultSearchKeyword: ChromeDefaultData -> trotux
CHR Profile: C:\Users\person personXC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2016-12-07] <==== ATTENTION
CHR Extension: (Google Slides) - C:\Users\person personXC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-07]
CHR Extension: (Google Docs) - C:\Users\person personXC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-07]
CHR Extension: (Google Drive) - C:\Users\person personXC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-07]
CHR Extension: (YouTube) - C:\Users\person personXC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-07]
CHR Extension: (Google Sheets) - C:\Users\person personXC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-12-07]
CHR Extension: (Google Docs Offline) - C:\Users\person personXC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-07]
CHR Extension: (Avast Online Security) - C:\Users\person personXC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-12-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\person personXC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-07]
CHR Extension: (IndiaShopps) - C:\Users\person personXC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pgoackgjjkpbkjoomkklkofbhpkbeboc [2016-12-07]
CHR Extension: (Search Manager) - C:\Users\person personXC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pilplloabdedfmialnfchjomjmpjcoej [2016-12-07]
CHR Extension: (Gmail) - C:\Users\person personXC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-07]
CHR Extension: (Chrome Media Router) - C:\Users\person personXC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-07]
CHR Profile: C:\Users\person personXC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2 [2016-12-07] <==== ATTENTION
CHR Extension: (Google Slides) - C:\Users\person personXC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-08]
CHR Extension: (Google Docs) - C:\Users\person personXC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-08]
CHR Extension: (Google Drive) - C:\Users\person personXC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-08]
CHR Extension: (YouTube) - C:\Users\person personXC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-08]
CHR Extension: (Google Sheets) - C:\Users\person personXC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-08]
CHR Extension: (Google Docs Offline) - C:\Users\person personXC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-08]
CHR Extension: (Pinterest Save Button) - C:\Users\person personXC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2016-11-12]
CHR Extension: (Bleaner) - C:\Users\person personXC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi [2016-11-08]
CHR Extension: (Chrono Download Manager) - C:\Users\person personXC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\mciiogijehkdemklbdcbfkefimifhecn [2016-11-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\person personXC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-08]
CHR Extension: (Gmail) - C:\Users\person personXC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-08]
CHR Extension: (Chrome Media Router) - C:\Users\person personXC\AppData\Local\Google\Chrome\User Data\ChromeDefaultData2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-08]
CHR HKLM\...\Chrome\Extension: [akhdblbjebmbllhinponghfmaekhlhob] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [cckdoammdligdedbakcgnmegjljgipjb] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [clmghkfhfkcfhpccgbafbailibgogkbi] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [eoepodkgpakekgncgnfnijcippobokhp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gccplojjfpdbeidicabkegekmcplafee] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [hkdmihdclhhoghpojiifklmegjnjkdlh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ikdlehiegikpggplngbmpdgnidekfmjn] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pgoackgjjkpbkjoomkklkofbhpkbeboc] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2235621811-843909008-2094985877-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [akhdblbjebmbllhinponghfmaekhlhob] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2235621811-843909008-2094985877-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cckdoammdligdedbakcgnmegjljgipjb] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2235621811-843909008-2094985877-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [clmghkfhfkcfhpccgbafbailibgogkbi] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2235621811-843909008-2094985877-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [eoepodkgpakekgncgnfnijcippobokhp] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2235621811-843909008-2094985877-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gccplojjfpdbeidicabkegekmcplafee] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2235621811-843909008-2094985877-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hkdmihdclhhoghpojiifklmegjnjkdlh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2235621811-843909008-2094985877-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ikdlehiegikpggplngbmpdgnidekfmjn] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2235621811-843909008-2094985877-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pgoackgjjkpbkjoomkklkofbhpkbeboc] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2235621811-843909008-2094985877-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

"9bb24450f61319aa" => service could not be unlocked. <===== ATTENTION

S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2016-11-06] (Adobe Systems) [File not signed]
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-12-07] (AVAST Software)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [279024 2014-03-11] (Intel Corporation)
S2 fhelper; C:\Windows\fhelper.exe [10240 2016-08-27] (Microsoft) [File not signed]
R2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [176128 2013-08-22] (HP) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [250352 2014-03-11] (Intel Corporation)
R2 MediatekRegistryWriter; C:\Program Files\MediatekWiFi\Common\RaRegistry.exe [405136 2014-12-04] (Mediatek Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [45056 2013-11-14] (Hewlett-Packard) [File not signed]
R2 nlsX86cc; C:\Windows\system32\nlssrv32.exe [66560 2012-02-01] (Nalpeiron Ltd.) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [55808 2013-11-14] (Hewlett-Packard) [File not signed]
R2 RealtekWlanU; C:\Program Files\REALTEK\USB Wireless LAN Utility\RtlService.exe [36864 2010-04-16] (Realtek) [File not signed]
S2 RTLDHCPService; C:\Program Files\REALTEK\USB Wireless LAN Utility\RTLDHCP.exe [261848 2013-11-12] (Realtek)
R2 rtop; C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [254280 2016-11-09] ()
R2 RunSwUSB; C:\Windows\runSW.exe [48856 2013-10-18] ()
S4 syshost32; C:\Windows\Installer\{305EC057-C59E-C843-3984-EE1D16A1EB35}\syshost.exe [136192 2016-12-02] () [File not signed]
U3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
R2 WMPNetworkAcSvc; C:\Users\person personXC\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe [5091840 2016-11-10] () [File not signed] <==== ATTENTION
R2 Wogationshafersh; C:\Program Files\Stensy\ghoseringCln.dll [275456 2016-12-07] () [File not signed]
R2 zdengine; C:\Program Files\OtherSearch\zdengine.exe [1660135 2016-12-07] (zdengine) [File not signed] <==== ATTENTION

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34008 2016-12-07] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-12-07] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [91680 2016-12-07] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [91232 2016-12-07] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [60424 2016-12-07] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [816304 2016-12-07] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [438296 2016-12-07] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [118152 2016-12-07] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [222056 2016-12-07] (AVAST Software)
R1 da45b717e86531c4a63baffd34809595; C:\Windows\system32\drivers\da45b717e86531c4a63baffd34809595.sys [73376 2016-11-12] (6JTJ4Y) <==== ATTENTION
S3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [24064 2009-07-14] () [File not signed]
S3 HpSAMD; C:\Windows\system32\DRIVERS\HpSAMD.sys [67152 2009-07-14] () [File not signed]
R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [513024 2009-07-14] () [File not signed]
R0 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [13904 2009-07-14] () [File not signed]
R3 i8042prt; C:\Windows\System32\DRIVERS\i8042prt.sys [80896 2009-07-14] () [File not signed]
S3 iaStorV; C:\Windows\system32\DRIVERS\iaStorV.sys [332352 2009-07-14] () [File not signed]
R3 igfx; C:\Windows\System32\DRIVERS\igdkmd32.sys [2929152 2014-03-07] () [File not signed]
S3 iirsp; C:\Windows\system32\DRIVERS\iirsp.sys [41040 2009-07-14] () [File not signed]
S3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [364504 2014-03-07] () [File not signed]
S3 intelide; C:\Windows\system32\DRIVERS\intelide.sys [15424 2009-07-14] () [File not signed]
R3 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [53760 2009-07-14] () [File not signed]
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [58880 2009-07-14] () [File not signed]
S3 IPMIDRV; C:\Windows\system32\DRIVERS\IPMIDrv.sys [65536 2009-07-14] () [File not signed]
S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [101888 2009-07-14] () [File not signed]
S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [13824 2009-07-14] () [File not signed]
S3 isapnp; C:\Windows\system32\DRIVERS\isapnp.sys [46656 2009-07-14] () [File not signed]
S3 iScsiPrt; C:\Windows\system32\DRIVERS\msiscsi.sys [186960 2009-07-14] () [File not signed]
R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [800240 2014-03-06] () [File not signed]
R3 kbdclass; C:\Windows\System32\DRIVERS\kbdclass.sys [42576 2009-07-14] () [File not signed]
S3 kbdhid; C:\Windows\System32\DRIVERS\kbdhid.sys [28160 2009-07-14] () [File not signed]
R0 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [67664 2009-07-14] () [File not signed]
R0 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [133200 2009-07-14] () [File not signed]
R2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [48128 2009-07-14] () [File not signed]
S3 LSI_FC; C:\Windows\system32\DRIVERS\lsi_fc.sys [95824 2009-07-14] () [File not signed]
S3 LSI_SAS; C:\Windows\system32\DRIVERS\lsi_sas.sys [89168 2009-07-14] () [File not signed]
S3 LSI_SAS2; C:\Windows\system32\DRIVERS\lsi_sas2.sys [54864 2009-07-14] () [File not signed]
S3 LSI_SCSI; C:\Windows\system32\DRIVERS\lsi_scsi.sys [96848 2009-07-14] () [File not signed]
R2 luafv; C:\Windows\system32\drivers\luafv.sys [86528 2009-07-14] () [File not signed]
S3 megasas; C:\Windows\system32\DRIVERS\megasas.sys [30800 2009-07-14] () [File not signed]
S3 MegaSR; C:\Windows\system32\DRIVERS\MegaSR.sys [235584 2009-07-14] () [File not signed]
S3 Modem; C:\Windows\System32\drivers\modem.sys [31744 2009-07-14] () [File not signed]
R3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [23552 2009-07-14] () [File not signed]
R3 mouclass; C:\Windows\System32\DRIVERS\mouclass.sys [41552 2009-07-14] () [File not signed]
S3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [26112 2009-07-14] () [File not signed]
R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [78416 2009-07-14] () [File not signed]
S3 mpio; C:\Windows\system32\DRIVERS\mpio.sys [130624 2009-07-14] () [File not signed]
R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [60416 2009-07-14] () [File not signed]
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [115712 2009-07-14] () [File not signed]
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [123392 2009-07-14] () [File not signed]
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [221184 2009-07-14] () [File not signed]
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [95744 2009-07-14] () [File not signed]
R0 msahci; C:\Windows\System32\DRIVERS\msahci.sys [27712 2009-07-14] () [File not signed]
S3 msdsm; C:\Windows\system32\DRIVERS\msdsm.sys [115792 2009-07-14] () [File not signed]
R1 Msfs; C:\Windows\system32\Drivers\Msfs.sys [22528 2009-07-14] ()
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [4096 2009-07-14] () [File not signed]
R0 msisadrv; C:\Windows\System32\DRIVERS\msisadrv.sys [13888 2009-07-14] () [File not signed]
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [8320 2009-07-14] () [File not signed]
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [5888 2009-07-14] () [File not signed]
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [5504 2009-07-14] () [File not signed]
S3 MsRPC; C:\Windows\system32\Drivers\MsRPC.sys [162896 2009-07-14] () [File not signed]
R1 mssmbios; C:\Windows\System32\DRIVERS\mssmbios.sys [28240 2009-07-14] () [File not signed]
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [6144 2009-07-14] () [File not signed]
S3 MTConfig; C:\Windows\system32\DRIVERS\MTConfig.sys [12288 2009-07-14] () [File not signed]
R0 Mup; C:\Windows\System32\Drivers\mup.sys [49728 2009-07-14] () [File not signed]
R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [267264 2009-07-14] () [File not signed]
R0 NDIS; C:\Windows\System32\drivers\ndis.sys [710720 2009-07-14] () [File not signed]
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [27136 2009-07-14] () [File not signed]
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [20992 2009-07-14] () [File not signed]
R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [45568 2009-07-14] () [File not signed]
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [118784 2009-07-14] () [File not signed]
R3 NDProxy; C:\Windows\system32\Drivers\NDProxy.sys [48128 2009-07-14] () [File not signed]
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [36352 2009-07-14] () [File not signed]
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [187904 2009-07-14] () [File not signed]
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [1731416 2015-11-19] (MediaTek Inc.)
S3 nfrd960; C:\Windows\system32\DRIVERS\nfrd960.sys [44624 2009-07-14] () [File not signed]
R1 Npfs; C:\Windows\system32\Drivers\Npfs.sys [35328 2009-07-14] () [File not signed]
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [16896 2009-07-14] () [File not signed]
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1210432 2009-07-14] ()
R1 Null; C:\Windows\system32\Drivers\Null.sys [4608 2009-07-14] () [File not signed]
S3 nvraid; C:\Windows\system32\DRIVERS\nvraid.sys [117312 2009-07-14] () [File not signed]
S3 nvstor; C:\Windows\system32\DRIVERS\nvstor.sys [142416 2009-07-14] () [File not signed]
S3 nv_agp; C:\Windows\system32\DRIVERS\nv_agp.sys [105024 2009-07-14] () [File not signed]
S3 ohci1394; C:\Windows\system32\DRIVERS\ohci1394.sys [62464 2009-07-14] () [File not signed]
R3 Parport; C:\Windows\System32\DRIVERS\parport.sys [79360 2009-07-14] () [File not signed]
R0 partmgr; C:\Windows\System32\drivers\partmgr.sys [56912 2009-07-14] () [File not signed]
R2 Parvdm; C:\Windows\System32\DRIVERS\parvdm.sys [8704 2009-07-14] () [File not signed]
R0 pci; C:\Windows\System32\DRIVERS\pci.sys [153680 2009-07-14] () [File not signed]
S3 pciide; C:\Windows\system32\DRIVERS\pciide.sys [12368 2009-07-14] () [File not signed]
S3 pcmcia; C:\Windows\system32\DRIVERS\pcmcia.sys [180288 2009-07-14] () [File not signed]
R0 pcw; C:\Windows\System32\drivers\pcw.sys [43088 2009-07-14] () [File not signed]
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [586752 2009-07-14] () [File not signed]
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [73728 2009-07-14] () [File not signed]
S3 Processor; C:\Windows\system32\DRIVERS\processr.sys [52224 2009-07-14] () [File not signed]
R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [104448 2009-07-14] () [File not signed]
S3 ql2300; C:\Windows\system32\DRIVERS\ql2300.sys [1383488 2009-07-14] () [File not signed]
S3 ql40xx; C:\Windows\system32\DRIVERS\ql40xx.sys [106064 2009-07-14] () [File not signed]
R3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [31744 2009-07-14] () [File not signed]
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [11776 2009-07-14] () [File not signed]
R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [49152 2009-07-14] () [File not signed]
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [78848 2009-07-14] () [File not signed]
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [77824 2009-07-14] () [File not signed]
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [75264 2009-07-14] () [File not signed]
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [241664 2009-07-14] () [File not signed]
R3 rdpbus; C:\Windows\System32\DRIVERS\rdpbus.sys [18944 2009-07-14] () [File not signed]
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [6656 2009-07-14] () [File not signed]
S3 RDPDR; C:\Windows\System32\drivers\rdpdr.sys [133120 2009-07-14] () [File not signed]
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [6656 2009-07-14] () [File not signed]
R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [7168 2009-07-14] () [File not signed]
S3 RDPWD; C:\Windows\system32\Drivers\RDPWD.sys [177152 2009-07-14] () [File not signed]
R0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [173648 2009-07-14] () [File not signed]
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [60928 2009-07-14] () [File not signed]
R3 RTL8167; C:\Windows\System32\DRIVERS\Rt86win7.sys [697560 2014-03-17] () [File not signed]
S3 s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [5632 2009-07-14] () [File not signed]
S3 sbp2port; C:\Windows\system32\DRIVERS\sbp2port.sys [85568 2009-07-14] () [File not signed]
R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [123952 2016-02-10] () [File not signed]
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [26624 2009-07-14] () [File not signed]
R2 secdrv; C:\Windows\system32\Drivers\secdrv.sys [20480 2009-07-14] () [File not signed]
R3 Serenum; C:\Windows\System32\DRIVERS\serenum.sys [17920 2009-07-14] () [File not signed]
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [83456 2009-07-14] () [File not signed]
S3 sermouse; C:\Windows\system32\DRIVERS\sermouse.sys [19968 2009-07-14] () [File not signed]
S3 sffdisk; C:\Windows\system32\DRIVERS\sffdisk.sys [11264 2009-07-14] () [File not signed]
S3 sffp_mmc; C:\Windows\system32\DRIVERS\sffp_mmc.sys [12288 2009-07-14] () [File not signed]
S3 sffp_sd; C:\Windows\system32\DRIVERS\sffp_sd.sys [12800 2009-07-14] () [File not signed]
S3 sfloppy; C:\Windows\system32\DRIVERS\sfloppy.sys [13824 2009-07-14] () [File not signed]
S3 sisagp; C:\Windows\system32\DRIVERS\sisagp.sys [52304 2009-07-14] () [File not signed]
S3 SiSRaid2; C:\Windows\system32\DRIVERS\SiSRaid2.sys [40016 2009-07-14] () [File not signed]
S3 SiSRaid4; C:\Windows\system32\DRIVERS\sisraid4.sys [77888 2009-07-14] () [File not signed]
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [71168 2009-07-14] () [File not signed]
R0 spldr; C:\Windows\system32\Drivers\spldr.sys [17472 2009-07-14] () [File not signed]
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [309760 2009-07-14] () [File not signed]
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [306688 2009-07-14] () [File not signed]
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [113664 2009-07-14] () [File not signed]
S3 stexstor; C:\Windows\system32\DRIVERS\stexstor.sys [21072 2009-07-14] () [File not signed]
R0 storflt; C:\Windows\System32\DRIVERS\vmstorfl.sys [40896 2009-07-14] () [File not signed]
S3 storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [28224 2009-07-14] () [File not signed]
R3 swenum; C:\Windows\System32\DRIVERS\swenum.sys [12240 2009-07-14] () [File not signed]
R0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1285712 2009-07-14] () [File not signed]
S3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1285712 2009-07-14] () [File not signed]
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [34816 2009-07-14] () [File not signed]
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [17920 2009-07-14] () [File not signed]
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [24064 2009-07-14] () [File not signed]
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [74240 2009-07-14] () [File not signed]
R1 TermDD; C:\Windows\System32\DRIVERS\termdd.sys [51776 2009-07-14] () [File not signed]
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [30208 2009-07-14] () [File not signed]
S3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [108544 2009-07-14] () [File not signed]
S3 uagp35; C:\Windows\system32\DRIVERS\uagp35.sys [55888 2009-07-14] () [File not signed]
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [246784 2009-07-14] () [File not signed]
S3 uliagpkx; C:\Windows\system32\DRIVERS\uliagpkx.sys [57424 2009-07-14] () [File not signed]
R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [39936 2009-07-14] () [File not signed]
S3 UmPass; C:\Windows\system32\DRIVERS\umpass.sys [8192 2009-07-14] () [File not signed]
S3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [75264 2009-07-14] () [File not signed]
S3 usbcir; C:\Windows\system32\DRIVERS\usbcir.sys [86016 2009-07-14] () [File not signed]
R3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [41472 2009-07-14] () [File not signed]
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [258560 2009-07-14] () [File not signed]
S3 usbohci; C:\Windows\system32\DRIVERS\usbohci.sys [20480 2009-07-14] () [File not signed]
S3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [19968 2009-07-14] () [File not signed]
S3 usbscan; C:\Windows\System32\DRIVERS\usbscan.sys [35840 2009-07-14] () [File not signed]
S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [74752 2009-07-14] () [File not signed]
S3 usbuhci; C:\Windows\system32\DRIVERS\usbuhci.sys [24064 2009-07-14] () [File not signed]
R0 vdrvroot; C:\Windows\System32\DRIVERS\vdrvroot.sys [32832 2009-07-14] () [File not signed]
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [26112 2009-07-14] () [File not signed]
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [25088 2009-07-14] () [File not signed]
S3 vhdmp; C:\Windows\system32\DRIVERS\vhdmp.sys [159824 2009-07-14] () [File not signed]
S3 viaagp; C:\Windows\system32\DRIVERS\viaagp.sys [53328 2009-07-14] () [File not signed]
S3 ViaC7; C:\Windows\system32\DRIVERS\viac7.sys [52736 2009-07-14] () [File not signed]
S3 viaide; C:\Windows\system32\DRIVERS\viaide.sys [16976 2009-07-14] () [File not signed]
S3 vmbus; C:\Windows\system32\DRIVERS\vmbus.sys [175824 2009-07-14] () [File not signed]
S3 VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [17920 2009-07-14] () [File not signed]
R0 volmgr; C:\Windows\System32\DRIVERS\volmgr.sys [53312 2009-07-14] () [File not signed]
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [297040 2009-07-14] () [File not signed]
R0 volsnap; C:\Windows\System32\DRIVERS\volsnap.sys [245328 2009-07-14] () [File not signed]
S3 vsmraid; C:\Windows\system32\DRIVERS\vsmraid.sys [141904 2009-07-14] () [File not signed]
S3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [19968 2009-07-14] () [File not signed]
R1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [48128 2009-07-14] () [File not signed]
S3 WacomPen; C:\Windows\system32\DRIVERS\wacompen.sys [21632 2009-07-14] () [File not signed]
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [63488 2009-07-14] () [File not signed]
R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [63488 2009-07-14] () [File not signed]
S3 Wd; C:\Windows\system32\DRIVERS\wd.sys [19024 2009-07-14] () [File not signed]
R0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [445008 2009-07-14] () [File not signed]
R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [9728 2009-07-14] () [File not signed]
S3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [19008 2009-07-14] () [File not signed]
S3 WmiAcpi; C:\Windows\system32\DRIVERS\wmiacpi.sys [11264 2009-07-14] () [File not signed]
R1 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [16384 2009-07-14] () [File not signed]
R3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [92672 2009-07-14] () [File not signed]
S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [132224 2009-07-14] () [File not signed]
U5 9bb24450f61319aa; C:\Windows\System32\Drivers\9bb24450f61319aa.sys [112128 2016-12-02] () <===== ATTENTION Necurs Rootkit?

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-07 22:21 - 2016-12-07 22:21 - 00042020 _____ C:\Users\person personXC\Downloads\FRST.txt
2016-12-07 22:21 - 2016-12-07 22:21 - 00000000 ____D C:\FRST
2016-12-07 22:20 - 2016-12-07 22:20 - 01761792 _____ (Farbar) C:\Users\person personXC\Downloads\FRST.exe
2016-12-07 21:24 - 2016-12-07 21:24 - 00000000 ____D C:\Users\person personXC\AppData\Roaming\AVAST Software
2016-12-07 21:22 - 2016-12-07 21:22 - 00002075 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-12-07 21:22 - 2016-12-07 21:22 - 00001190 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-12-07 21:22 - 2016-12-07 21:22 - 00001190 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-12-07 21:22 - 2016-12-07 21:22 - 00000488 _____ C:\Windows\Tasks\SafeZone scheduled Autoupdate 1481125954.job
2016-12-07 21:22 - 2016-12-07 21:22 - 00000350 ____H C:\Windows\Tasks\avast! Emergency Update.job
2016-12-07 21:22 - 2016-12-07 21:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-12-07 21:22 - 2016-12-07 21:21 - 00091680 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-12-07 21:21 - 2016-12-07 21:24 - 00000000 ____D C:\Users\person personXC\AppData\Local\ElevatedDiagnostics
2016-12-07 21:21 - 2016-12-07 21:21 - 00816304 ____C C:\Windows\system32\Drivers\aswSnx.sys
2016-12-07 21:21 - 2016-12-07 21:21 - 00438296 ____C C:\Windows\system32\Drivers\aswSP.sys
2016-12-07 21:21 - 2016-12-07 21:21 - 00319248 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-12-07 21:21 - 2016-12-07 21:21 - 00222056 ____C C:\Windows\system32\Drivers\aswVmm.sys
2016-12-07 21:21 - 2016-12-07 21:21 - 00118152 ____C C:\Windows\system32\Drivers\aswStm.sys
2016-12-07 21:21 - 2016-12-07 21:21 - 00091232 ____C C:\Windows\system32\Drivers\aswRdr2.sys
2016-12-07 21:21 - 2016-12-07 21:21 - 00060424 ____C C:\Windows\system32\Drivers\aswRvrt.sys
2016-12-07 21:21 - 2016-12-07 21:21 - 00053208 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-12-07 21:21 - 2016-12-07 21:21 - 00035096 ____C C:\Windows\system32\Drivers\aswKbd.sys
2016-12-07 21:21 - 2016-12-07 21:21 - 00034008 ____C C:\Windows\system32\Drivers\aswHwid.sys
2016-12-07 21:21 - 2016-12-07 21:21 - 00000000 ____D C:\Program Files\AVAST Software
2016-12-07 21:16 - 2016-12-07 21:16 - 00002213 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-07 21:16 - 2016-12-07 21:16 - 00002201 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-07 21:15 - 2016-12-07 22:21 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-12-07 21:15 - 2016-12-07 22:21 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-12-07 20:41 - 2016-12-07 21:19 - 00202128 _____ C:\Windows\ntbtlog.txt
2016-12-07 20:32 - 2016-12-07 20:32 - 00438296 _____ (AVAST Software) C:\Windows\system32\Drivers\zbyxaaoe.sys
2016-12-07 20:04 - 2016-12-07 20:30 - 00000726 _____ C:\Users\person personXC\Desktop\SASI ANNA BIO DATA.txt
2016-12-07 19:45 - 2016-12-07 19:45 - 00000000 _____ C:\Users\person personXC\Desktop\New Text Document (2).txt
2016-12-07 19:23 - 2016-12-07 20:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Printer Uninstaller
2016-12-07 19:23 - 2016-12-07 20:46 - 00000000 ____D C:\Program Files\Canon
2016-12-07 19:23 - 2012-10-10 00:00 - 00192512 _____ (CANON INC.) C:\Windows\system32\CNAB4EMU.DLL
2016-12-07 19:23 - 2012-10-10 00:00 - 00163840 _____ (CANON INC.) C:\Windows\system32\CNAB4SMK.DLL
2016-12-07 19:23 - 2012-10-10 00:00 - 00113856 _____ (CANON INC.) C:\Windows\system32\CNAB4RPK.EXE
2016-12-07 19:23 - 2012-10-10 00:00 - 00106496 _____ (CANON INC.) C:\Windows\system32\CNAB4LMK.DLL
2016-12-07 19:23 - 2012-10-10 00:00 - 00057344 _____ (CANON INC.) C:\Windows\system32\CNAB4PTU.DLL
2016-12-07 19:22 - 2016-12-07 19:22 - 09616960 _____ C:\Users\person personXC\Downloads\LBP2900_R150_V330_W32_uk_EN_2.exe
2016-12-07 19:22 - 2016-12-07 19:22 - 00000000 ____D C:\Users\person personXC\Downloads\LBP2900_R150_V330_W32_uk_EN_2
2016-12-07 19:15 - 2016-12-07 19:15 - 00449640 _____ (AVAST Software) C:\Windows\system32\Drivers\nxpryoay.sys
2016-12-07 19:07 - 2016-12-07 19:07 - 00000000 _____ C:\Users\person personXC\Desktop\lenin.txt
2016-12-07 19:01 - 2016-12-07 19:01 - 00009696 _____ C:\Windows\system32\zdengineOff.ini
2016-12-07 18:32 - 2016-12-07 18:35 - 174664800 _____ C:\Users\person personXC\Downloads\weekly.exe
2016-12-07 15:14 - 2016-12-07 15:14 - 00000000 __RSH C:\MSDOS.SYS
2016-12-07 15:14 - 2016-12-07 15:14 - 00000000 __RSH C:\IO.SYS
2016-12-07 15:13 - 2016-12-07 15:13 - 00005352 __RSH C:\Users\person personXC\ntuser.pol
2016-12-07 15:13 - 2016-08-27 16:37 - 00010240 _____ (Microsoft) C:\Windows\plotpix.exe
2016-12-07 15:13 - 2016-08-27 16:37 - 00010240 _____ (Microsoft) C:\Windows\fhelper.exe
2016-12-07 15:13 - 2016-08-25 15:06 - 00018460 _____ C:\Windows\default.cfg
2016-12-07 15:13 - 2016-07-07 18:04 - 00001568 _____ C:\Windows\bgpss.txt
2016-12-07 15:13 - 2016-04-20 12:55 - 00007331 _____ C:\Windows\loadermaster.exe
2016-12-07 15:13 - 2016-04-20 12:55 - 00007331 _____ C:\Windows\gruber.exe
2016-12-07 15:13 - 2015-04-25 14:48 - 00295424 _____ (Groom-A-Zebu (tm) ) C:\Windows\vgagfx.exe
2016-12-07 15:13 - 2015-04-25 14:48 - 00295424 _____ (Groom-A-Zebu (tm) ) C:\Windows\system32\mndhsj.exe
2016-12-07 15:13 - 2015-04-25 14:48 - 00053248 _____ C:\Windows\zlib.dll
2016-12-07 15:13 - 2013-01-06 18:13 - 00000074 _____ C:\Windows\system32\tcpipset.sys
2016-12-07 15:13 - 2013-01-06 18:13 - 00000074 _____ C:\Windows\system32\Drivers\iexplore.pac
2016-12-07 15:13 - 2013-01-06 18:13 - 00000074 _____ C:\Windows\system32\Drivers\dhcpnga.sys
2016-12-07 15:13 - 2012-07-09 20:32 - 00279552 _____ (Eric Lawrence) C:\Windows\FiddlerCore4.dll
2016-12-07 15:13 - 2007-10-28 19:25 - 00007168 _____ (www.commandline.co.uk) C:\Windows\slp.exe
2016-12-07 15:13 - 2007-10-28 19:25 - 00007168 _____ (www.commandline.co.uk) C:\Windows\hrewnf.exe
2016-12-07 15:12 - 2016-04-29 12:59 - 00004206 _____ C:\Windows\gdwslk
2016-12-07 15:12 - 2016-04-29 12:58 - 00004116 _____ C:\Windows\jhndsn
2016-12-07 15:12 - 2016-04-20 13:46 - 00003353 _____ C:\Windows\mdkfpoud.bat
2016-12-07 15:12 - 2016-04-16 16:47 - 00000038 _____ C:\Windows\nitakihg.bat
2016-12-07 14:51 - 2016-12-07 14:51 - 00000000 ____D C:\Users\person personXC\AppData\Roaming\AVG
2016-12-07 14:50 - 2016-12-07 14:50 - 00000000 ____D C:\Users\person personXC\AppData\Roaming\TuneUp Software
2016-12-07 14:49 - 2016-12-07 18:29 - 00000000 ____D C:\ProgramData\MFAData
2016-12-07 14:49 - 2016-12-07 14:49 - 00000000 ____D C:\Users\person personXC\AppData\Local\MFAData
2016-12-07 14:38 - 2016-12-07 21:30 - 00000000 ____D C:\Users\person personXC\AppData\Local\AvgSetupLog
2016-12-07 14:38 - 2016-12-07 18:29 - 00000000 ____D C:\Users\person personXC\AppData\Local\Avg
2016-12-07 14:38 - 2016-12-07 14:38 - 03312896 _____ (AVG Technologies CZ, s.r.o.) C:\Users\person personXC\Downloads\AVG_Protection_Free_1606.exe
2016-12-07 14:26 - 2016-12-07 14:26 - 00449640 _____ (AVAST Software) C:\Windows\system32\Drivers\tncjttpx.sys
2016-12-07 14:26 - 2016-12-07 14:26 - 00449640 _____ (AVAST Software) C:\Windows\system32\Drivers\oetsjamd.sys
2016-12-07 14:24 - 2016-12-07 20:46 - 00000000 ____D C:\ProgramData\Avira
2016-12-07 14:23 - 2016-12-07 22:19 - 00000000 ____D C:\Program Files\BestCleaner
2016-12-07 14:23 - 2016-12-07 21:06 - 00000000 ____D C:\Users\person personXC\AppData\Roaming\WMPNetworkAcSvc
2016-12-07 14:23 - 2016-12-07 20:46 - 00000000 ____D C:\Program Files\PublicHotspot
2016-12-07 14:23 - 2016-12-07 20:46 - 00000000 ____D C:\Program Files\98XJ32Y6P7
2016-12-07 14:23 - 2016-12-07 20:46 - 00000000 ____D C:\Program Files\021483EBJP
2016-12-07 14:23 - 2016-12-07 14:23 - 00001100 _____ C:\Users\person personXC\Desktop\Play WarThunder.lnk
2016-12-07 14:23 - 2016-12-07 14:23 - 00000000 ____D C:\Users\Public\Thunder Network
2016-12-07 14:23 - 2016-12-07 14:23 - 00000000 ____D C:\ProgramData\Thunder Network
2016-12-07 14:22 - 2016-12-07 22:19 - 00000000 ____D C:\Users\person personXC\AppData\Local\Grerbersynitusy
2016-12-07 14:22 - 2016-12-07 21:31 - 00000000 ____D C:\Users\person personXC\AppData\Roaming\Weberck
2016-12-07 14:22 - 2016-12-07 20:46 - 00000000 ____D C:\Program Files\Stensy
2016-12-07 14:22 - 2016-12-07 19:01 - 00301711 _____ (zdengine) C:\Windows\system32\zdengine.dll
2016-12-07 14:22 - 2016-12-07 19:01 - 00000002 _____ C:\END
2016-12-07 14:22 - 2016-12-07 11:51 - 04609144 _____ (I-Corporation) C:\Users\person personXC\Desktop\Reimage_Pc_Repair_2016_Crack_License_Key_Full_Do.exe
2016-12-07 14:21 - 2016-12-07 14:21 - 02396631 _____ C:\Users\person personXC\Downloads\Reimage_Pc_Repair_2016_Crack_License_Key_Full_Do.zip
2016-12-07 13:54 - 2016-12-07 14:08 - 00000150 _____ C:\Windows\Reimage.ini
2016-12-07 13:54 - 2016-12-07 13:54 - 00604928 _____ (Reimage) C:\Users\person personXC\Downloads\ReimageRepair.exe
2016-12-07 13:53 - 2016-12-07 13:53 - 00449640 _____ (AVAST Software) C:\Windows\system32\Drivers\xllggnzl.sys
2016-12-07 13:50 - 2016-12-07 13:50 - 00449640 _____ (AVAST Software) C:\Windows\system32\Drivers\mlbwwdie.sys
2016-12-07 13:49 - 2016-12-07 13:49 - 00449640 _____ (AVAST Software) C:\Windows\system32\Drivers\xvhrzqon.sys
2016-12-07 13:49 - 2016-12-07 13:49 - 00449640 _____ (AVAST Software) C:\Windows\system32\Drivers\tzvxyvgf.sys
2016-12-07 13:49 - 2016-12-07 13:49 - 00449640 _____ (AVAST Software) C:\Windows\system32\Drivers\sdbhiwsm.sys
2016-12-07 13:49 - 2016-12-07 13:49 - 00449640 _____ (AVAST Software) C:\Windows\system32\Drivers\mvlcphsy.sys
2016-12-07 13:37 - 2016-12-07 13:44 - 00000000 ____D C:\Users\person personXC\Downloads\Avast! Pro Antivirus & Internet Security & Premier 2016 11.2.2729 + License Key [SadeemPC]
2016-12-07 13:29 - 2016-12-07 13:29 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2016-12-07 11:58 - 2016-12-07 20:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mediatek Wireless
2016-12-07 11:58 - 2016-12-07 11:58 - 00000000 ____D C:\ProgramData\Mediatek Driver
2016-12-07 11:58 - 2015-11-19 16:06 - 01731416 _____ (MediaTek Inc.) C:\Windows\system32\Drivers\netr28u.sys
2016-12-07 11:58 - 2015-11-19 16:06 - 00250016 _____ (Mediatek Inc.) C:\Windows\system32\RaCoInst.dll
2016-12-07 11:58 - 2015-11-19 15:57 - 00080524 _____ C:\Windows\system32\Drivers\FW_7610.bin
2016-12-07 11:58 - 2015-11-19 15:57 - 00079216 _____ C:\Windows\system32\Drivers\FW_7662.bin
2016-12-07 11:58 - 2015-11-19 15:57 - 00047032 _____ C:\Windows\system32\Drivers\FW_7601.bin
2016-12-07 11:58 - 2015-11-19 15:57 - 00020626 _____ C:\Windows\system32\Drivers\Patch_7662.bin
2016-12-07 11:58 - 2015-11-19 15:57 - 00016389 _____ C:\Windows\system32\RaCoInst.dat
2016-12-07 11:58 - 2015-11-19 15:57 - 00008192 _____ C:\Windows\system32\Drivers\FW_2870.bin
2016-12-07 11:58 - 2015-11-19 15:57 - 00004096 _____ C:\Windows\system32\Drivers\FW_3573.bin
2016-12-07 11:58 - 2011-09-08 05:51 - 00237568 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Windows\system32\ssleay32.dll
2016-12-07 11:58 - 2011-09-08 05:50 - 01100288 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Windows\system32\libeay32.dll
2016-12-07 11:57 - 2016-12-07 20:46 - 00000000 ____D C:\Windows\system32\RaLanguages
2016-12-07 11:57 - 2016-12-07 14:23 - 00000000 ____D C:\Program Files\MediatekWiFi
2016-12-07 11:57 - 2012-08-01 16:47 - 00795648 _____ (Ralink Technology, Corp.) C:\Windows\system32\RAIHV.dll
2016-12-07 11:57 - 2012-01-10 11:29 - 00117760 _____ (Ralink Technology, Corp.) C:\Windows\system32\RAEXTUI.dll
2016-12-07 11:57 - 2011-05-04 13:56 - 01608768 _____ (Ralink Technology, Corp.) C:\Windows\system32\RaCertMgr.dll
2016-12-07 11:57 - 2010-06-29 10:34 - 00480608 _____ C:\Windows\system32\DiagFunc.dll
2016-12-07 11:57 - 2010-01-27 11:54 - 00000451 _____ C:\Windows\system32\DiagFunc.ini
2016-12-07 11:55 - 2016-12-07 20:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REALTEK USB Wireless LAN Utility
2016-12-07 11:05 - 2016-12-07 11:55 - 00002098 _____ C:\Users\Public\Desktop\REALTEK USB Wireless LAN Utility.lnk
2016-12-07 11:04 - 2016-12-07 14:23 - 00000000 ____D C:\Program Files\REALTEK
2016-12-07 11:04 - 2014-02-25 16:52 - 02576088 _____ (Realtek Semiconductor Corporation ) C:\Windows\system32\Drivers\rtwlanu.sys
2016-12-07 11:04 - 2013-12-05 14:39 - 00454360 _____ (Realtek) C:\Windows\SwUSB.exe
2016-12-07 11:04 - 2013-10-18 16:42 - 00048856 _____ () C:\Windows\runSW.exe
2016-12-07 11:04 - 2012-02-14 19:37 - 00535040 _____ (Realtek Semiconductor Corp. ) C:\Windows\system32\Rtlihvs.dll
2016-12-07 11:04 - 2010-12-01 09:31 - 00451072 _____ C:\Windows\system32\ISSRemoveSP.exe
2016-12-07 11:04 - 2009-03-31 14:31 - 00380928 _____ (Realtek) C:\Windows\RtlUI2.exe
2016-12-07 11:04 - 2009-01-05 20:31 - 00000901 _____ C:\Windows\RtlUI2.exe.manifest
2016-12-07 11:04 - 2007-04-26 14:05 - 00100000 _____ C:\Windows\system32\EAPPkt9x.VXD
2016-12-07 11:04 - 2001-09-26 11:03 - 00012981 _____ C:\Windows\system32\REALPKT.VXD
2016-12-07 11:03 - 2016-12-07 14:23 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2016-12-05 14:29 - 2016-12-07 20:46 - 00000000 ____D C:\Users\person personXC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\A² Studios' ICC CWC 2015 Patch
2016-12-05 12:34 - 2016-12-06 02:09 - 00000000 ____D C:\Windows\system32\oaa
2016-12-05 12:32 - 2016-12-05 12:32 - 00000000 ____D C:\Users\person personXC\AppData\Local\Buyhatke
2016-12-05 12:30 - 2016-12-07 14:23 - 00000000 ____D C:\Program Files\wanttoxiamen
2016-12-05 12:30 - 2016-12-07 14:23 - 00000000 ____D C:\Program Files\Jidd
2016-12-05 12:30 - 2016-12-06 02:09 - 00000000 ____D C:\Users\person personXC\AppData\Local\00FF3A5E-1480941020-11E6-A206-0B62DF5A4600
2016-12-05 12:30 - 2016-12-05 12:30 - 00000000 ____D C:\Users\person personXC\AppData\LocalLow\Company
2016-12-05 12:30 - 2016-12-05 12:30 - 00000000 ____D C:\Users\person personXC\AppData\Local\Tempfolder
2016-12-05 12:30 - 2016-12-05 12:30 - 00000000 ____D C:\uninst
2016-12-05 12:25 - 2016-12-07 14:23 - 00000000 ____D C:\Program Files\gamesdesktop
2016-12-05 12:23 - 2016-12-06 02:09 - 00000000 ____D C:\Users\person personXC\AppData\Roaming\AppTrailers
2016-12-05 12:23 - 2016-12-05 12:34 - 00000000 ____D C:\ProgramData\HitmanPro
2016-12-05 12:23 - 2016-12-05 12:23 - 00000000 ____D C:\Users\person personXC\AppData\Local\AppTrailers
2016-12-05 12:22 - 2016-12-07 20:46 - 00000000 ____D C:\Program Files\sunnyday
2016-12-05 12:22 - 2016-12-07 14:23 - 00000000 ____D C:\Program Files\I6YPV2GID3
2016-12-05 12:02 - 2016-12-07 21:31 - 00000000 ____D C:\Program Files\MoneyFriend
2016-12-05 12:02 - 2016-12-07 21:30 - 00000000 ____D C:\ProgramData\Avg
2016-12-05 12:02 - 2016-12-05 12:03 - 00000000 ____D C:\Users\person personXC\AppData\Local\app
2016-12-05 12:02 - 2016-12-05 12:02 - 00000000 ____D C:\Users\person personXC\AppData\Local\tuto_monetize_120161203
2016-12-05 12:01 - 2016-12-07 14:23 - 00000000 ____D C:\Program Files\DPower
2016-12-05 12:01 - 2016-12-07 14:23 - 00000000 ____D C:\Program Files\CleanBrowser
2016-12-05 12:01 - 2016-12-07 14:23 - 00000000 ____D C:\Program Files\Analerpy
2016-12-05 12:01 - 2016-12-05 12:29 - 00000000 ____D C:\Users\person personXC\AppData\Local\Fobiingarerterk
2016-12-05 12:01 - 2016-12-05 12:06 - 00000000 ____D C:\Users\person personXC\AppData\Roaming\Reezientaromry
2016-12-05 12:01 - 2016-12-05 12:01 - 00000000 ____D C:\Users\person personXC\AppData\Roaming\Links2
2016-12-05 12:00 - 2016-12-07 21:29 - 00000000 ____D C:\Program Files\OtherSearch
2016-12-05 12:00 - 2016-12-07 14:23 - 00000000 ____D C:\Program Files\00FF3A5E-1480919407-11E6-A206-0B62DF5A4600
2016-12-05 12:00 - 2016-12-05 12:00 - 00000000 ____D C:\Users\person personXC\AppData\Local\UCBrowser
2016-12-05 11:59 - 2016-12-05 11:59 - 00000000 ____D C:\Users\person personXC\AppData\Roaming\Note-UP
2016-12-05 11:56 - 2016-12-07 14:23 - 00000000 ____D C:\Program Files\Maoha
2016-12-05 11:56 - 2016-12-06 02:09 - 00000000 ____D C:\Users\person personXC\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk
2016-12-05 11:56 - 2016-12-05 11:56 - 00000000 ____D C:\Users\person personXC\AppData\Roaming\Softlink
2016-12-05 11:56 - 2016-12-05 11:56 - 00000000 ____D C:\Users\person personXC\AppData\Roaming\KuaiZip
2016-12-04 13:24 - 2016-12-04 13:24 - 00000000 ____D C:\Users\person personXC\Documents\IAmAlive
2016-12-04 13:21 - 2016-12-07 20:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I Am Alive
2016-12-04 13:21 - 2016-12-04 13:21 - 00000591 _____ C:\Users\Public\Desktop\I Am Alive.lnk
2016-12-04 11:02 - 2016-12-04 11:02 - 00000000 ____D C:\Users\person personXC\AppData\Roaming\Watchmen - The End Is Nigh (Part 1)
2016-12-04 10:19 - 2016-12-07 20:46 - 00000000 ____D C:\Users\person personXC\AppData\Roaming\Adobe
2016-12-04 10:16 - 2016-12-04 10:17 - 00000000 ____D C:\Users\person personXC\Downloads\Forrest Gump (1994) [1080p]
2016-12-04 10:10 - 2016-12-05 12:05 - 00000000 ____D C:\Users\person personXC\Desktop\project files
2016-12-02 11:38 - 2016-12-02 11:38 - 00000000 ____D C:\Users\person personXC\Documents\My Games
2016-12-02 11:38 - 2016-12-02 11:38 - 00000000 ____D C:\Users\person personXC\AppData\Local\SKIDROW
2016-12-02 11:34 - 2016-12-07 20:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2016-12-02 11:34 - 2016-12-07 14:23 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-12-02 11:34 - 2016-12-07 14:23 - 00000000 ____D C:\Program Files\AGEIA Technologies
2016-12-02 11:34 - 2016-12-06 18:17 - 00000869 _____ C:\Users\person personXC\Desktop\The Cursed Crusade.lnk
2016-12-02 11:34 - 2016-12-02 11:34 - 00000000 ____D C:\Users\person personXC\AppData\Roaming\The Cursed Crusade
2016-12-02 10:10 - 2016-12-02 10:10 - 00112128 _____ C:\Windows\system32\Drivers\9bb24450f61319aa.sys
2016-12-01 11:00 - 2016-12-05 14:10 - 00000000 ____D C:\Users\person personXC\Documents\EA SPORTS(TM) Cricket 07
2016-11-29 21:12 - 2016-11-29 21:16 - 00000000 ____D C:\AADHAR NUMBERS FAMILY
2016-11-29 21:12 - 2016-11-29 21:12 - 00000000 ____D C:\New folder (2)
2016-11-24 21:46 - 2016-12-07 21:26 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2016-11-24 18:44 - 2016-11-24 18:45 - 00000000 ____D C:\Users\person personXC\recovered app
2016-11-22 23:59 - 2016-12-07 20:46 - 00000000 ____D C:\Users\person personXC\AppData\Roaming\Adobe-BackupByIllustratorCS6Portable
2016-11-22 23:59 - 2016-12-07 20:46 - 00000000 ____D C:\ProgramData\Adobe-BackupByIllustratorCS6Portable
2016-11-22 23:59 - 2016-12-06 02:09 - 00000000 ____D C:\ProgramData\Adobe
2016-11-22 23:59 - 2016-11-30 10:01 - 00000000 ____D C:\Users\person personXC\AppData\Local\Adobe
2016-11-22 23:57 - 2016-11-22 23:59 - 00000000 ____T C:\Windows\system32\mfs65FA.tmp
2016-11-22 17:56 - 2016-11-22 17:56 - 00000000 ____T C:\Windows\system32\mfsE617.tmp
2016-11-22 17:55 - 2016-11-22 17:56 - 00000000 ____T C:\Windows\system32\mfsA56.tmp
2016-11-22 17:53 - 2016-11-22 17:53 - 00000000 ____T C:\Windows\system32\mfs841.tmp
2016-11-22 17:47 - 2016-11-22 17:48 - 00000000 ____T C:\Windows\system32\mfsBD2C.tmp
2016-11-22 17:44 - 2016-11-22 17:44 - 00000000 ____T C:\Windows\system32\mfs8C1B.tmp
2016-11-22 17:43 - 2016-11-22 17:44 - 00000000 ____T C:\Windows\system32\mfs55BE.tmp
2016-11-22 17:42 - 2016-11-22 17:43 - 00000000 ____T C:\Windows\system32\mfs57FD.tmp
2016-11-22 17:40 - 2016-11-22 17:41 - 00000000 ____T C:\Windows\system32\mfs5857.tmp
2016-11-22 17:40 - 2016-11-22 17:40 - 00000000 ____T C:\Windows\system32\mfs508.tmp
2016-11-22 17:38 - 2016-11-22 17:38 - 00000000 ____T C:\Windows\system32\mfs5D62.tmp
2016-11-22 17:35 - 2016-11-22 17:36 - 00000000 ____T C:\Windows\system32\mfs5DD.tmp
2016-11-22 17:31 - 2016-11-22 17:31 - 00000000 ____T C:\Windows\system32\mfsE204.tmp
2016-11-22 17:30 - 2016-11-22 17:31 - 00000000 ____T C:\Windows\system32\mfsA34D.tmp
2016-11-22 17:26 - 2016-11-22 17:26 - 00000000 ____T C:\Windows\system32\mfsCC2E.tmp
2016-11-22 17:25 - 2016-11-22 17:26 - 00000000 ____T C:\Windows\system32\mfsB1D9.tmp
2016-11-22 17:23 - 2016-11-22 17:24 - 00000000 ____T C:\Windows\system32\mfsB234.tmp
2016-11-22 17:20 - 2016-11-22 17:21 - 00000000 ____T C:\Windows\system32\mfs473F.tmp
2016-11-22 17:20 - 2016-11-22 17:20 - 00000000 ____T C:\Windows\system32\mfsE60A.tmp
2016-11-22 17:14 - 2016-11-22 17:15 - 00000000 ____T C:\Windows\system32\mfsD2B7.tmp
2016-11-22 17:14 - 2016-11-22 17:14 - 00000000 ____T C:\Windows\system32\mfs526F.tmp
2016-11-22 17:13 - 2016-11-22 17:13 - 00000000 ____T C:\Windows\system32\mfs50F6.tmp
2016-11-22 17:10 - 2016-11-22 17:13 - 00000000 ____T C:\Windows\system32\mfs5547.tmp
2016-11-22 17:09 - 2016-11-22 17:10 - 00000000 ____T C:\Windows\system32\mfs257E.tmp
2016-11-22 17:09 - 2016-11-22 17:09 - 00000000 ____T C:\Windows\system32\mfsB4FF.tmp
2016-11-22 17:05 - 2016-11-22 17:05 - 00000000 ____T C:\Windows\system32\mfs8F6.tmp
2016-11-22 17:04 - 2016-11-22 17:05 - 00000000 ____T C:\Windows\system32\mfs839F.tmp
2016-11-22 16:57 - 2016-11-22 16:57 - 00000000 ____T C:\Windows\system32\mfsA36B.tmp
2016-11-22 16:57 - 2016-11-22 16:57 - 00000000 ____T C:\Windows\system32\mfs7873.tmp
2016-11-22 16:56 - 2016-12-06 11:39 - 00000000 ____D C:\Users\person personXC\Desktop\MIR ROM stocks
2016-11-22 16:56 - 2016-11-22 16:56 - 00000000 ____T C:\Windows\system32\mfsC4DB.tmp
2016-11-22 16:56 - 2016-11-22 16:56 - 00000000 ____T C:\Windows\system32\mfsA9AB.tmp
2016-11-22 00:11 - 2016-11-22 00:12 - 00000000 ____T C:\Windows\system32\mfsECD0.tmp
2016-11-22 00:10 - 2016-11-22 00:11 - 00000000 ____T C:\Windows\system32\mfs9BC1.tmp
2016-11-22 00:09 - 2016-11-22 00:10 - 00000000 ____T C:\Windows\system32\mfsD1DC.tmp
2016-11-22 00:07 - 2016-11-22 00:07 - 00000000 ____T C:\Windows\system32\mfsDDBC.tmp
2016-11-22 00:06 - 2016-11-22 00:06 - 00000000 ____T C:\Windows\system32\mfsEAA5.tmp
2016-11-22 00:02 - 2016-11-22 00:03 - 00000000 ____T C:\Windows\system32\mfs4B76.tmp
2016-11-20 21:05 - 2015-07-07 23:46 - 00004608 ____R C:\Windows\system32\ColorEfexPro4FC64.dll
2016-11-20 21:05 - 2015-07-07 23:46 - 00003584 ____R C:\Windows\system32\ColorEfexPro4FC32.dll
2016-11-20 21:01 - 2016-12-07 14:23 - 00000000 ____D C:\Program Files\Nik Software
2016-11-20 21:01 - 2016-11-20 21:01 - 00000000 ____D C:\ProgramData\Nik Software
2016-11-20 20:58 - 2016-11-20 20:58 - 00000000 ____D C:\Users\person personXC\AppData\Local\Nik Software
2016-11-18 14:39 - 2016-11-18 14:39 - 00002174 _____ C:\Users\Public\Desktop\Sniper Ghost Warrior.lnk
2016-11-18 14:39 - 2016-11-18 14:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\City Interactive
2016-11-18 11:44 - 2016-11-18 11:44 - 00000000 ____D C:\Users\person personXC\Documents\NBGI
2016-11-18 11:44 - 2016-11-18 11:44 - 00000000 ____D C:\Users\person personXC\AppData\Local\NBGI
2016-11-18 01:00 - 2016-11-18 01:00 - 00000000 ____T C:\Windows\system32\mfs9A.tmp
2016-11-18 00:59 - 2016-11-18 00:59 - 00000000 ____T C:\Windows\system32\mfs3934.tmp
2016-11-18 00:58 - 2016-11-18 00:58 - 00000000 ____T C:\Windows\system32\mfs2B3E.tmp
2016-11-18 00:56 - 2016-11-18 00:57 - 00000000 ____T C:\Windows\system32\mfsFEBE.tmp
2016-11-18 00:56 - 2016-11-18 00:57 - 00000000 ____T C:\Windows\system32\mfsE227.tmp
2016-11-18 00:56 - 2016-11-18 00:57 - 00000000 ____T C:\Windows\system32\mfsDCB9.tmp
2016-11-18 00:56 - 2016-11-18 00:57 - 00000000 ____T C:\Windows\system32\mfs1C1F.tmp
2016-11-18 00:56 - 2016-11-18 00:56 - 00000000 ____T C:\Windows\system32\mfs59B3.tmp
2016-11-18 00:54 - 2016-11-18 00:55 - 00000000 ____T C:\Windows\system32\mfsF7F1.tmp
2016-11-18 00:54 - 2016-11-18 00:55 - 00000000 ____T C:\Windows\system32\mfsED26.tmp
2016-11-18 00:52 - 2016-11-18 00:52 - 00000000 ____T C:\Windows\system32\mfs9D11.tmp
2016-11-18 00:50 - 2016-11-18 00:51 - 00000000 ____T C:\Windows\system32\mfs9ABE.tmp
2016-11-18 00:49 - 2016-11-18 00:49 - 00000000 ____T C:\Windows\system32\mfs1374.tmp
2016-11-17 21:49 - 2016-12-07 14:23 - 00000000 ____D C:\Program Files\City Interactive
2016-11-16 17:44 - 2016-11-16 17:44 - 00000337 _____ C:\Users\person personXC\Desktop\New Text Document.txt
2016-11-15 19:12 - 2016-11-15 19:12 - 00149528 _____ C:\Windows\Minidump\111516-11528-01.dmp
2016-11-15 19:11 - 2016-11-15 19:12 - 239427765 _____ C:\Windows\MEMORY.DMP
2016-11-15 19:11 - 2016-11-15 19:12 - 00000000 ____D C:\Windows\Minidump
2016-11-15 19:11 - 2016-11-15 19:11 - 00149528 _____ C:\Windows\Minidump\111516-13369-01.dmp
2016-11-15 19:10 - 2016-11-15 19:15 - 00000000 ____D C:\Users\person personXC\Documents\Rockstar Games
2016-11-15 19:10 - 2016-11-15 19:10 - 00000000 ___HD C:\Windows\msdownld.tmp
2016-11-15 19:10 - 2016-11-15 19:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Max Payne 3
2016-11-15 18:52 - 2016-11-15 18:52 - 00000000 ____D C:\Windows\system32\directx
2016-11-15 17:44 - 2016-11-15 17:44 - 00000000 ____T C:\Windows\system32\mfsE55.tmp
2016-11-15 17:31 - 2016-11-15 17:31 - 00000000 ____D C:\Users\person personXC\AppData\Roaming\PowerISO
2016-11-15 17:30 - 2016-12-07 14:23 - 00000000 ____D C:\Program Files\PowerISO
2016-11-15 17:30 - 2016-11-15 17:30 - 00000965 _____ C:\Users\Public\Desktop\PowerISO.lnk
2016-11-15 17:30 - 2016-11-15 17:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2016-11-14 20:29 - 2016-12-07 14:23 - 00000000 ____D C:\Program Files\EaseUS
2016-11-13 22:41 - 2016-11-13 22:41 - 00000000 ____T C:\Windows\system32\mfsA3E3.tmp
2016-11-13 19:19 - 2016-11-18 15:30 - 00000000 ____D C:\Users\person personXC\Downloads\Doctor Strange 2016 HD-TS x264 AC3-CPG
2016-11-13 15:01 - 2016-12-06 17:09 - 00000000 ____D C:\Users\person personXC\Downloads\New folder
2016-11-13 14:32 - 2016-11-13 14:37 - 00000000 ____D C:\Users\person personXC\Downloads\Sully.2016.HC.HDRip.XViD.AC3-ETRG
2016-11-12 10:54 - 2016-12-07 21:06 - 00000000 ____D C:\Program Files\Common Files\AV
2016-11-12 10:53 - 2016-11-12 10:53 - 00000000 ____T C:\Windows\system32\mfsE10C.tmp
2016-11-12 10:44 - 2016-11-12 10:44 - 00322583 _____ C:\Users\person personXC\Documents\Removal Instructions.mht
2016-11-12 10:39 - 2016-12-07 14:23 - 00000000 ____D C:\Program Files\GUMEE54.tmp
2016-11-12 10:39 - 2016-11-12 10:46 - 07065600 _____ C:\Program Files\GUTEE55.tmp
2016-11-12 10:04 - 2016-11-12 10:04 - 00000000 ____D C:\Users\person personXC\AppData\Local\CEF
2016-11-12 09:58 - 2016-11-12 09:58 - 00921280 _____ (Microsoft Corporation) C:\Windows\ucrtbase.dll
2016-11-12 09:45 - 2016-12-07 21:21 - 00000000 ____D C:\ProgramData\AVAST Software
2016-11-12 09:18 - 2016-12-07 20:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Socia2Sear Browser Enhancer
2016-11-12 09:11 - 2016-12-07 20:46 - 00000000 ____D C:\Program Files\65026913bd800e8a7e2a6c670203c74c
2016-11-12 09:11 - 2016-11-24 13:04 - 00000000 ____D C:\Windows\system32\SSL
2016-11-12 02:23 - 2016-11-12 02:23 - 00073376 _____ C:\Windows\system32\Drivers\da45b717e86531c4a63baffd34809595.sys
2016-11-11 21:38 - 2016-12-07 20:46 - 00000000 ____D C:\Users\person personXC\Desktop\behance files
2016-11-10 21:29 - 2016-12-06 18:17 - 00001041 _____ C:\Users\person personXC\Desktop\PhotoshopCS6Portable - Shortcut.lnk
2016-11-10 21:28 - 2016-12-06 18:17 - 00001073 _____ C:\Users\person personXC\Desktop\IllustratorCS6Portable - Shortcut (2).lnk
2016-11-10 15:12 - 2016-12-06 19:39 - 00000132 _____ C:\Users\person personXC\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-11-10 13:29 - 2016-11-10 13:30 - 00000000 ____D C:\Users\person personXC\Downloads\John Wick 2014.1080p.BluRay.5.1 x264 . NVEE
2016-11-10 13:23 - 2016-11-10 13:23 - 00000045 _____ C:\Users\person personXC\AppData\Roaming\WB.CFG
2016-11-09 22:06 - 2016-12-06 22:02 - 00000000 ____D C:\Users\person personXC\Desktop\templ
2016-11-09 10:31 - 2016-11-12 10:28 - 00000000 ____D C:\Users\person personXC\AppData\Roaming\Microsoft\Windows\Start Menu\ByteFence
2016-11-09 09:50 - 2016-11-09 09:51 - 00000000 ____D C:\Users\person personXC\AppData\Local\chromium
2016-11-09 09:39 - 2016-11-09 09:39 - 00000000 ____D C:\ProgramData\ByteFence
2016-11-09 09:29 - 2016-12-07 15:13 - 00005660 __RSH C:\ProgramData\ntuser.pol
2016-11-09 09:29 - 2016-12-07 14:23 - 00000000 ____D C:\Program Files\ByteFence
2016-11-09 09:29 - 2016-11-12 19:29 - 00000000 ____D C:\Users\person personXC\AppData\Local\Cafepero
2016-11-09 09:29 - 2016-11-09 09:51 - 00000000 ____D C:\Users\person personXC\AppData\Local\{105A2606-34F2-4ABE-596A-6F567D0293CE}
2016-11-09 09:29 - 2016-11-09 09:29 - 00001496 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk
2016-11-08 15:28 - 2016-12-05 13:41 - 00000000 ___SD C:\Users\person personXC\AppData\LocalLow\Temp
2016-11-08 15:24 - 2016-10-26 17:29 - 00407720 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-11-08 15:22 - 2016-12-07 22:19 - 00000000 ____D C:\Users\person personXC\AppData\Roaming\BitTorrent
2016-11-08 15:14 - 2016-12-07 21:16 - 00000000 ____D C:\Program Files\Google
2016-11-08 15:14 - 2016-11-08 15:29 - 00000000 ____D C:\Users\person personXC\AppData\Local\Google
2016-11-08 15:14 - 2016-11-08 15:14 - 00000000 ____D C:\Users\person personXC\AppData\Local\Deployment
2016-11-08 15:14 - 2016-11-08 15:14 - 00000000 ____D C:\Users\person personXC\AppData\Local\Apps\2.0
2016-11-07 12:00 - 2016-11-07 12:00 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-11-07 10:52 - 2016-11-07 10:52 - 00015334 _____ C:\Windows\system32\results.xml
2016-11-07 10:52 - 2016-11-07 10:52 - 00000451 _____ C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2016-11-07 10:52 - 2016-11-07 10:52 - 00000244 _____ C:\Windows\system32\{86F549EB-A66B-4D6C-958D-CDDD66410751}.bat
2016-11-07 10:52 - 2016-11-07 10:52 - 00000000 __SHD C:\Users\person personXC\IntelGraphicsProfiles
2016-11-07 10:50 - 2016-12-07 14:23 - 00000000 ____D C:\Program Files\Intel
2016-11-07 10:50 - 2016-11-07 10:50 - 00000874 _____ C:\Users\Public\Desktop\Intel(R) HD Graphics Control Panel.lnk
2016-11-07 10:50 - 2016-11-07 10:50 - 00000000 ____D C:\Program Files\Common Files\Intel
2016-11-07 10:50 - 2014-03-07 08:59 - 00060416 _____ (Khronos Group) C:\Windows\system32\OpenCL.DLL
2016-11-07 10:49 - 2014-03-11 18:07 - 04341232 _____ (Intel Corporation) C:\Windows\system32\Gfxv4_0.exe
2016-11-07 10:49 - 2014-03-11 18:07 - 04337648 _____ (Intel Corporation) C:\Windows\system32\Gfxv2_0.exe
2016-11-07 10:49 - 2014-03-11 18:07 - 00894448 _____ (Intel Corporation) C:\Windows\system32\GfxUIEx.exe
2016-11-07 10:49 - 2014-03-11 18:07 - 00543728 _____ (Intel Corporation) C:\Windows\system32\DPTopologyAppv2_0.exe
2016-11-07 10:49 - 2014-03-11 18:07 - 00398832 _____ (Intel Corporation) C:\Windows\system32\igfxEM.exe
2016-11-07 10:49 - 2014-03-11 18:07 - 00397808 _____ (Intel Corporation) C:\Windows\system32\igfxTray.exe
2016-11-07 10:49 - 2014-03-11 18:07 - 00279024 _____ (Intel Corporation) C:\Windows\system32\IntelCpHeciSvc.exe
2016-11-07 10:49 - 2014-03-11 18:07 - 00250352 _____ (Intel Corporation) C:\Windows\system32\igfxCUIService.exe
2016-11-07 10:49 - 2014-03-11 18:07 - 00205296 _____ (Intel Corporation) C:\Windows\system32\igfxHK.exe
2016-11-07 10:49 - 2014-03-11 18:07 - 00159216 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe
2016-11-07 10:49 - 2014-03-11 18:06 - 00544240 _____ (Intel Corporation) C:\Windows\system32\DPTopologyApp.exe
2016-11-07 10:49 - 2014-03-11 18:06 - 00393712 _____ (Intel Corporation) C:\Windows\system32\CustomModeApp.exe
2016-11-07 10:49 - 2014-03-11 18:06 - 00393200 _____ (Intel Corporation) C:\Windows\system32\CustomModeAppv2_0.exe
2016-11-07 10:49 - 2014-03-07 09:26 - 00364504 _____ C:\Windows\system32\Drivers\IntcDAud.sys
2016-11-07 10:49 - 2014-03-07 09:26 - 00153600 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v3496.dll
2016-11-07 10:49 - 2014-03-07 09:22 - 00055692 _____ C:\Windows\system32\iglhxs32.vp
2016-11-07 10:49 - 2014-03-07 09:21 - 26996776 _____ (Intel Corporation) C:\Windows\system32\igd10iumd32.dll
2016-11-07 10:49 - 2014-03-07 09:21 - 25710824 _____ (Intel Corporation) C:\Windows\system32\igdumdim32.dll
2016-11-07 10:49 - 2014-03-07 09:21 - 03608032 _____ (Intel Corporation) C:\Windows\system32\igdusc32.dll
2016-11-07 10:49 - 2014-03-07 09:21 - 01132960 _____ (Intel Corporation) C:\Windows\system32\iglhsip32.dll
2016-11-07 10:49 - 2014-03-07 09:21 - 00342944 _____ C:\Windows\system32\igdmd32.dll
2016-11-07 10:49 - 2014-03-07 09:21 - 00183800 _____ (Intel Corporation) C:\Windows\system32\iglhcp32.dll
2016-11-07 10:49 - 2014-03-07 09:21 - 00158032 _____ (Intel Corporation) C:\Windows\system32\igfxcmrt32.dll
2016-11-07 10:49 - 2014-03-07 09:21 - 00072072 _____ C:\Windows\system32\igfxexps.dll
2016-11-07 10:49 - 2014-03-07 09:15 - 06448128 _____ (Intel Corporation) C:\Windows\system32\ig75icd32.dll
2016-11-07 10:49 - 2014-03-07 09:14 - 02929152 _____ C:\Windows\system32\Drivers\igdkmd32.sys
2016-11-07 10:49 - 2014-03-07 09:14 - 00734208 _____ (Intel Corporation) C:\Windows\system32\MetroIntelGenericUIFramework.dll
2016-11-07 10:49 - 2014-03-07 09:14 - 00605696 _____ (Intel Corporation) C:\Windows\system32\igfxDH.dll
2016-11-07 10:49 - 2014-03-07 09:14 - 00329728 _____ (Intel Corporation) C:\Windows\system32\igfxOSP.dll
2016-11-07 10:49 - 2014-03-07 09:14 - 00241152 _____ (Intel Corporation) C:\Windows\system32\igfxDI.dll
2016-11-07 10:49 - 2014-03-07 09:14 - 00235520 _____ C:\Windows\system32\igfxCPL.cpl
2016-11-07 10:49 - 2014-03-07 09:14 - 00186638 _____ C:\Windows\system32\resTHA.cui
2016-11-07 10:49 - 2014-03-07 09:14 - 00183296 _____ C:\Windows\system32\igdde32.dll
2016-11-07 10:49 - 2014-03-07 09:14 - 00179511 _____ C:\Windows\system32\resELL.cui
2016-11-07 10:49 - 2014-03-07 09:14 - 00176128 _____ (Intel Corporation) C:\Windows\system32\igfxDTCM.dll
2016-11-07 10:49 - 2014-03-07 09:14 - 00175392 _____ C:\Windows\system32\resRUS.cui
2016-11-07 10:49 - 2014-03-07 09:14 - 00161268 _____ C:\Windows\system32\resARA.cui
2016-11-07 10:49 - 2014-03-07 09:14 - 00160719 _____ C:\Windows\system32\resHEB.cui
2016-11-07 10:49 - 2014-03-07 09:14 - 00160698 _____ C:\Windows\system32\resJPN.cui
2016-11-07 10:49 - 2014-03-07 09:14 - 00156105 _____ C:\Windows\system32\resFRA.cui
2016-11-07 10:49 - 2014-03-07 09:14 - 00156088 _____ C:\Windows\system32\resHUN.cui
2016-11-07 10:49 - 2014-03-07 09:14 - 00154381 _____ C:\Windows\system32\resKOR.cui
2016-11-07 10:49 - 2014-03-07 09:14 - 00154314 _____ C:\Windows\system32\resITA.cui
2016-11-07 10:49 - 2014-03-07 09:14 - 00154287 _____ C:\Windows\system32\resDEU.cui
2016-11-07 10:49 - 2014-03-07 09:14 - 00154148 _____ C:\Windows\system32\resROM.cui
2016-11-07 10:49 - 2014-03-07 09:14 - 00154037 _____ C:\Windows\system32\resESN.cui
2016-11-07 10:49 - 2014-03-07 09:14 - 00153601 _____ C:\Windows\system32\resPLK.cui
2016-11-07 10:49 - 2014-03-07 09:14 - 00153459 _____ C:\Windows\system32\resSKY.cui
2016-11-07 10:49 - 2014-03-07 09:14 - 00153260 _____ C:\Windows\system32\resNLD.cui
2016-11-07 10:49 - 2014-03-07 09:14 - 00152700 _____ C:\Windows\system32\resPTB.cui
2016-11-07 10:49 - 2014-03-07 09:14 - 00152545 _____ C:\Windows\system32\resTRK.cui
2016-11-07 10:49 - 2014-03-07 09:14 - 00152536 _____ C:\Windows\system32\resCSY.cui
2016-11-07 10:49 - 2014-03-07 09:14 - 00152411 _____ C:\Windows\system32\resPTG.cui
2016-11-07 10:49 - 2014-03-07 09:14 - 00151989 _____ C:\Windows\system32\resFIN.cui
2016-11-07 10:49 - 2014-03-07 09:14 - 00151552 _____ C:\Windows\system32\resHRV.cui
2016-11-07 10:49 - 2014-03-07 09:14 - 00151097 _____ C:\Windows\system32\resSVE.cui
2016-11-07 10:49 - 2014-03-07 09:14 - 00150924 _____ C:\Windows\system32\resSLV.cui
2016-11-07 10:49 - 2014-03-07 09:14 - 00150001 _____ C:\Windows\system32\resNOR.cui
2016-11-07 10:49 - 2014-03-07 09:14 - 00149488 _____ C:\Windows\system32\resDAN.cui
2016-11-07 10:49 - 2014-03-07 09:14 - 00148173 _____ C:\Windows\system32\resENU.cui
2016-11-07 10:49 - 2014-03-07 09:14 - 00146403 _____ C:\Windows\system32\resCHT.cui
2016-11-07 10:49 - 2014-03-07 09:14 - 00145574 _____ C:\Windows\system32\resCHS.cui
2016-11-07 10:49 - 2014-03-07 09:14 - 00142848 _____ C:\Windows\system32\igdail32.dll
2016-11-07 10:49 - 2014-03-07 09:14 - 00123392 _____ (Intel Corporation) C:\Windows\system32\igfxLHM.dll
2016-11-07 10:49 - 2014-03-07 09:14 - 00069632 _____ ( ) C:\Windows\system32\igfxDHLibv2_0.dll
2016-11-07 10:49 - 2014-03-07 09:14 - 00062464 _____ C:\Windows\system32\igfxCUIServicePS.dll
2016-11-07 10:49 - 2014-03-07 09:14 - 00057344 _____ ( ) C:\Windows\system32\igfxDHLib.dll
2016-11-07 10:49 - 2014-03-07 09:14 - 00010752 _____ ( ) C:\Windows\system32\igfxDILib.dll
2016-11-07 10:49 - 2014-03-07 09:14 - 00010240 _____ ( ) C:\Windows\system32\igfxEMLibv2_0.dll
2016-11-07 10:49 - 2014-03-07 09:14 - 00010240 _____ ( ) C:\Windows\system32\igfxEMLib.dll
2016-11-07 10:49 - 2014-03-07 09:14 - 00010240 _____ ( ) C:\Windows\system32\igfxDILibv2_0.dll
2016-11-07 10:49 - 2014-03-07 09:14 - 00005120 _____ ( ) C:\Windows\system32\igfxLHMLibv2_0.dll
2016-11-07 10:49 - 2014-03-07 09:14 - 00005120 _____ ( ) C:\Windows\system32\igfxLHMLib.dll
2016-11-07 10:49 - 2014-03-07 09:14 - 00000895 _____ C:\Windows\system32\Gfxv2_0.exe.config
2016-11-07 10:49 - 2014-03-07 09:14 - 00000895 _____ C:\Windows\system32\DPTopologyAppv2_0.exe.config
2016-11-07 10:49 - 2014-03-07 09:14 - 00000895 _____ C:\Windows\system32\CustomModeAppv2_0.exe.config
2016-11-07 10:49 - 2014-03-07 09:14 - 00000889 _____ C:\Windows\system32\Gfxv4_0.exe.config
2016-11-07 10:49 - 2014-03-07 09:14 - 00000889 _____ C:\Windows\system32\DPTopologyApp.exe.config
2016-11-07 10:49 - 2014-03-07 09:14 - 00000889 _____ C:\Windows\system32\CustomModeApp.exe.config
2016-11-07 10:49 - 2014-03-07 09:08 - 18028544 _____ (Intel Corporation) C:\Windows\system32\igdfcl32.dll
2016-11-07 10:49 - 2014-03-07 09:08 - 01555456 _____ (Intel Corporation) C:\Windows\system32\igdrcl32.dll
2016-11-07 10:49 - 2014-03-07 09:08 - 00291840 _____ (Intel Corporation) C:\Windows\system32\igdbcl32.dll
2016-11-07 10:49 - 2014-03-07 09:08 - 00265216 _____ (Intel Corporation) C:\Windows\system32\IntelOpenCL32.dll
2016-11-07 10:49 - 2014-03-07 08:59 - 02108679 _____ C:\Windows\system32\iglhxa32.cpa
2016-11-07 10:49 - 2014-03-07 08:59 - 01753088 _____ (Intel Corporation) C:\Windows\system32\igfxcmjit32.dll
2016-11-07 10:49 - 2014-03-07 08:59 - 00155136 _____ (Intel Corporation) C:\Windows\system32\igfx11cmrt32.dll
2016-11-07 10:49 - 2014-03-07 08:59 - 00094208 _____ C:\Windows\system32\IccLibDll.dll
2016-11-07 10:49 - 2014-03-07 08:59 - 00060416 _____ (Khronos Group) C:\Windows\system32\Intel_OpenCL_ICD32.dll
2016-11-07 10:49 - 2014-03-07 08:59 - 00044474 _____ C:\Windows\system32\iglhxg32.vp
2016-11-07 10:49 - 2014-03-07 08:59 - 00044235 _____ C:\Windows\system32\iglhxo32.vp
2016-11-07 10:49 - 2014-03-07 08:59 - 00044053 _____ C:\Windows\system32\iglhxo32_dev.vp
2016-11-07 10:49 - 2014-03-07 08:59 - 00043760 _____ C:\Windows\system32\iglhxg32_dev.vp
2016-11-07 10:49 - 2014-03-07 08:59 - 00043270 _____ C:\Windows\system32\iglhxc32.vp
2016-11-07 10:49 - 2014-03-07 08:59 - 00042654 _____ C:\Windows\system32\iglhxc32_dev.vp
2016-11-07 10:49 - 2014-03-07 08:59 - 00001125 _____ C:\Windows\system32\iglhxa32.vp
2016-11-07 10:48 - 2016-11-07 10:50 - 00000000 ____D C:\Intel
2016-11-07 10:47 - 2016-12-07 14:24 - 00000000 ____D C:\Program Files\WinRAR
2016-11-07 10:47 - 2016-11-07 10:47 - 00000000 ____D C:\Users\person personXC\AppData\Roaming\WinRAR
2016-11-07 10:47 - 2016-11-07 10:47 - 00000000 ____D C:\Users\person personXC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-11-07 10:47 - 2016-11-07 10:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-07 22:19 - 2009-07-14 08:07 - 00000000 ____D C:\Windows\tracing
2016-12-07 21:31 - 2016-07-18 13:21 - 00713888 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-07 21:31 - 2009-07-14 10:04 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-07 21:31 - 2009-07-14 10:04 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-07 21:31 - 2009-07-14 08:07 - 00000000 ____D C:\Windows\inf
2016-12-07 21:26 - 2009-07-14 10:23 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-07 21:06 - 2016-07-18 13:15 - 00000000 ____D C:\Users\person personXC
2016-12-07 21:06 - 2009-07-14 08:07 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-12-07 21:06 - 2009-07-14 08:07 - 00000000 ____D C:\Windows\registration
2016-12-07 21:06 - 2009-07-14 08:07 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-12-07 20:46 - 2016-11-06 12:42 - 00000000 ____D C:\Users\person personXC\AppData\Roaming\vlc
2016-12-07 20:46 - 2016-07-18 13:40 - 00000000 ____D C:\Program Files\Common Files\Adobe-BackupByIllustratorCS6Portable
2016-12-07 20:46 - 2009-07-14 08:07 - 00000000 ____D C:\Windows\AppCompat
2016-12-07 20:26 - 2016-07-18 13:15 - 00001413 _____ C:\Users\person personXC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-12-07 15:06 - 2016-07-18 13:40 - 00000000 ____D C:\Program Files\Adobe
2016-12-07 14:23 - 2016-08-02 15:55 - 00000000 ____D C:\Program Files\HP
2016-12-07 14:23 - 2016-07-18 13:50 - 00000000 ___RD C:\Program Files\Skype
2016-12-07 14:23 - 2016-07-18 13:49 - 00000000 ____D C:\Program Files\Java
2016-12-07 14:23 - 2016-07-18 13:25 - 00000000 ____D C:\Program Files\Microsoft Works
2016-12-07 14:23 - 2016-07-18 13:24 - 00000000 ____D C:\Program Files\Microsoft Visual Studio
2016-12-07 14:23 - 2016-07-18 13:23 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 8
2016-12-07 14:23 - 2016-07-18 13:23 - 00000000 ____D C:\Program Files\Microsoft Office
2016-12-07 14:23 - 2016-07-18 13:21 - 00000000 ____D C:\Program Files\VideoLAN
2016-12-07 14:23 - 2009-07-14 13:20 - 00000000 ____D C:\Program Files\Windows Journal
2016-12-07 14:23 - 2009-07-14 10:22 - 00000000 ____D C:\Program Files\Windows Sidebar
2016-12-07 14:23 - 2009-07-14 10:22 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-12-07 14:23 - 2009-07-14 10:22 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-12-07 14:23 - 2009-07-14 10:22 - 00000000 ____D C:\Program Files\Windows Defender
2016-12-07 14:23 - 2009-07-14 10:22 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-12-07 14:23 - 2009-07-14 10:22 - 00000000 ____D C:\Program Files\MSBuild
2016-12-07 14:23 - 2009-07-14 10:22 - 00000000 ____D C:\Program Files\Microsoft Games
2016-12-07 14:23 - 2009-07-14 10:22 - 00000000 ____D C:\Program Files\DVD Maker
2016-12-07 14:23 - 2009-07-14 08:07 - 00000000 ____D C:\Program Files\Windows NT
2016-12-07 11:55 - 2009-07-14 08:07 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-12-06 12:09 - 2016-11-06 12:32 - 00000000 ____D C:\New folder
2016-12-06 02:09 - 2009-07-14 13:18 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-12-05 12:42 - 2016-07-18 13:16 - 00119072 _____ C:\Users\person personXC\AppData\Local\GDIPFONTCACHEV1.DAT
2016-12-02 20:56 - 2009-07-14 08:07 - 00000000 ____D C:\Windows\system32\NDF
2016-11-29 21:10 - 2009-07-14 10:23 - 00032560 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-11-23 13:05 - 2009-07-14 10:03 - 00452760 _____ C:\Windows\system32\FNTCACHE.DAT
2016-11-07 12:00 - 2016-07-25 10:24 - 00000000 ____D C:\Muthuraj

==================== Files in the root of some directories =======

2016-11-12 10:39 - 2016-11-12 10:46 - 7065600 _____ () C:\Program Files\GUTEE55.tmp
2016-11-10 15:12 - 2016-12-06 19:39 - 0000132 _____ () C:\Users\person personXC\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-11-10 13:23 - 2016-11-10 13:23 - 0000045 _____ () C:\Users\person personXC\AppData\Roaming\WB.CFG

Files to move or delete:
====================
C:\Program Files\BestCleaner\QQR30X.exe
C:\Program Files\BestCleaner\C0QU1RVUSD.exe
C:\Users\person personXC\AppData\Local\Temp\NICZPQ02J\NICZPQ02J.exe


Some files in TEMP:
====================
C:\Users\person personXC\AppData\Local\Temp\6yicn3_x.dll
C:\Users\person personXC\AppData\Local\Temp\AutoTime51495.exe
C:\Users\person personXC\AppData\Local\Temp\cdo2319155262.dll
C:\Users\person personXC\AppData\Local\Temp\cdo370346625.dll
C:\Users\person personXC\AppData\Local\Temp\EN4T8J8IPY.exe
C:\Users\person personXC\AppData\Local\Temp\global_installer (1).exe
C:\Users\person personXC\AppData\Local\Temp\global_installer.exe
C:\Users\person personXC\AppData\Local\Temp\jg3.6.0.exe
C:\Users\person personXC\AppData\Local\Temp\MMIns.exe
C:\Users\person personXC\AppData\Local\Temp\ose00000.exe
C:\Users\person personXC\AppData\Local\Temp\ReimagePackage.exe
C:\Users\person personXC\AppData\Local\Temp\setupos_4435.exe
C:\Users\person personXC\AppData\Local\Temp\sqlite3.exe
C:\Users\person personXC\AppData\Local\Temp\T8L34NPC3E.exe
C:\Users\person personXC\AppData\Local\Temp\trotux.exe
C:\Users\person personXC\AppData\Local\Temp\X48NZFQGYMIB.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys
[2009-07-14 04:41] - [2009-07-14 06:49] - 0245328 ____A () D41D8CD98F00B204E9800998ECF8427E

C:\Windows\system32\Drivers\volsnap.sys => no Company Name <===== ATTENTION


LastRegBack: 2016-12-04 09:44

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-12-2016
Ran by person personXC (07-12-2016 22:21:40)
Running from C:\Users\person personXC\Downloads
Microsoft Windows 7 Ultimate  (X86) (2016-07-18 07:45:04)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2235621811-843909008-2094985877-500 - Administrator - Disabled)
Guest (S-1-5-21-2235621811-843909008-2094985877-501 - Limited - Disabled)
person personXC (S-1-5-21-2235621811-843909008-2094985877-1000 - Administrator - Enabled) => C:\Users\person personXC

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 16.1.1 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe InDesign CS2 (HKLM\...\Adobe InDesign CS2 - {7F4C8163-F259-49A0-A018-2857A90578BC}) (Version: 004.000.000 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM\...\Avast) (Version: 12.1.2272 - AVAST Software)
Canon LBP2900 (HKLM\...\Canon LBP2900) (Version:  - )
Chromium (HKLM\...\{A4CF4C0F-F44F-9D8F-45CF-ED0F954F3E8F}) (Version:  - )
Color Efex Pro 4 (HKLM\...\Color Efex Pro 4) (Version: 4.0.0.2 - Nik Software, Inc.)
Dark Souls Prepare to Die Edition (HKLM\...\GFWL_{4E4D0FA1-F880-4CCB-999A-501000008200}) (Version: 1.0.0000.130 - NAMCO BANDAI Games Europe S.A.S.)
Dark Souls Prepare to Die Edition (Version: 1.0.0000.130 - NAMCO BANDAI Games Europe S.A.S.) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 55.0.2883.75 - Google Inc.)
Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden
HP LaserJet Pro M201-M202 (HKLM\...\{e71f6d30-080d-43ef-87e0-1ac4d7f8adfa}) (Version: 12.0.14101.145 - Hewlett-Packard)
HP Update (HKLM\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.002.004 - Hewlett-Packard)
HPDXP (Version: 3.0.26.14 - HP) Hidden
HPLJDXPHelper (Version: 120.063.006 - HP) Hidden
HPLJProM201M202 (HKLM\...\{F2C371CB-0B8B-4135-82AA-DA2147635412}) (Version: 1.00.0000 - Hewlett-Packard)
HPLJUTCore (Version: 012.000.0001 - HP) Hidden
HPLJUTM201_202 (Version: 012.000.0001 - HP) Hidden
hppLaserJetService (Version: 009.033.00906 - Hewlett-Packard) Hidden
hppM201-M202LaserJetService (Version: 001.034.00685 - Hewlett-Packard) Hidden
hpStatusAlerts (Version: 100.040.00218 - Hewlett Packard) Hidden
hpStatusAlertsM201-M202 (Version: 120.046.00127 - Hewlett-Packard) Hidden
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
LJDXPHelperUI (Version: 120.063.006 - HP) Hidden
Mediatek RT2870 Wireless LAN Card (HKLM\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.39.173 - MediatekWiFi)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{CA8A885F-E95B-3FC6-BB91-F4D9377C7686}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
NVIDIA PhysX (HKLM\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
PowerISO (HKLM\...\PowerISO) (Version: 6.5 - Power Software Ltd)
REALTEK Wireless LAN Driver and Utility (HKLM\...\{9C049509-055C-4CFF-A116-1D12312225EB}) (Version: 1.00.0239 - REALTEK Semiconductor Corp.)
SafeZone Stable 1.48.2066.114 (Version: 1.48.2066.114 - Avast Software) Hidden
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Sniper Ghost Warrior (HKLM\...\Sniper Ghost Warrior_is1) (Version:  - )
The Cursed Crusade (HKLM\...\The Cursed Crusade_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
VLC media player 2.0.4 (HKLM\...\VLC media player) (Version: 2.0.4 - VideoLAN)
Watchmen - The End Is Nigh (Part 1) (HKLM\...\Watchmen - The End Is Nigh (Part 1)_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)
WinRAR 5.31 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2235621811-843909008-2094985877-1000_Classes\CLSID\{53B5243F-8302-4DAD-BE8F-1D0665E8225E}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO3.dll (Hewlett-Packard Company)
CustomCLSID: HKU\S-1-5-21-2235621811-843909008-2094985877-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {4D2688F8-815A-4A63-BD68-D5E63F457575} - System32\Tasks\WinDriver => C:\Windows\slp.exe [2007-10-28] (www.commandline.co.uk)
Task: {8826BDEE-B598-44C5-B355-5931E6973A0A} - System32\Tasks\Quvity Renew => C:\Program Files\Stensy\msack.exe [2016-12-07] (Glarysoft Ltd)
Task: {9B5B613A-FF71-43DC-B454-49ECBD71B924} - System32\Tasks\updengine => C:\Program Files\OtherSearch\updengine.exe [2016-12-07] () <==== ATTENTION
Task: {AC1956CF-E5B8-45C7-BEEF-1943A4599AC6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-12-07] (Google Inc.)
Task: {E0D30200-4855-462A-A911-E79620230003} - System32\Tasks\HPLJCustParticipation => C:\Program Files\HP\HPLJUT\HPLJUTSCH.exe [2014-01-07] (Hewlett Packard)
Task: {E9AD2B34-B129-4E3A-A420-A7266C036A20} - System32\Tasks\0ff3af65a8ccffe8a64f5460b72f789a => Rundll32.exe "C:\Program Files\sunnyday\ino3az.dll",e62dc6c6547f46bda862da2d05af6862 <==== ATTENTION
Task: {EB9DE427-DDF4-4FA9-822B-D41F265FB195} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-12-07] (Google Inc.)
Task: {F78CC564-2F12-4C9F-9C36-6E9166F52D00} - System32\Tasks\WinVDA => C:\Windows\slp.exe [2007-10-28] (www.commandline.co.uk)
Task: {F8BEB95A-ACFF-4664-AD83-3403016E84A5} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-11-12] (AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SafeZone scheduled Autoupdate 1481125954.job => C:\Program Files\AVAST Software\SZBrowser\launcher.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\person personXC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\360c22b137d62ce9\user0 - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=ChromeDefaultData

==================== Loaded Modules (Whitelisted) ==============

2009-07-14 04:41 - 2009-07-14 06:45 - 00038912 _____ () C:\Windows\system32\CSRSRV.dll
2009-07-14 04:41 - 2009-07-14 06:46 - 00033280 _____ () C:\Windows\system32\pcwum.dll
2009-07-14 04:41 - 2009-07-14 06:46 - 00033280 _____ () c:\windows\system32\pcwum.DLL
2009-07-14 04:41 - 2009-07-14 06:46 - 00033280 _____ () C:\Windows\System32\pcwum.dll
2009-07-14 04:41 - 2009-07-14 06:46 - 00033280 _____ () c:\windows\system32\pcwum.dll
2016-12-07 11:55 - 2013-02-27 17:17 - 00221184 _____ () C:\Program Files\REALTEK\USB Wireless LAN Utility\EnumDevLib.dll
2016-11-09 09:39 - 2016-11-09 09:39 - 00254280 _____ () C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe
2016-12-07 11:04 - 2013-10-18 16:42 - 00048856 _____ () C:\Windows\runSW.exe
2016-11-09 09:39 - 2016-11-09 09:39 - 00565064 _____ () C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe
2016-12-07 14:23 - 2016-11-10 12:49 - 05091840 _____ () C:\Users\person personXC\AppData\Roaming\WMPNetworkAcSvc\WMPNetworkAcSvc.exe
2016-12-07 14:23 - 2016-03-06 13:10 - 00083456 _____ () C:\Users\person personXC\AppData\Roaming\WMPNetworkAcSvc\Interface.dll
2016-12-07 14:22 - 2016-12-07 14:22 - 00275456 _____ () c:\program files\stensy\ghoseringcln.dll
2016-12-07 21:21 - 2016-12-07 21:21 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-12-07 21:21 - 2016-12-07 21:21 - 00146232 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-12-07 21:21 - 2016-12-07 21:21 - 00479288 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-12-07 14:23 - 2016-12-07 14:23 - 00369664 _____ () C:\Program Files\021483EBJP\021483EBJ.exe
2016-12-07 14:23 - 2016-12-07 14:23 - 00369664 _____ () C:\Program Files\BestCleaner\C0QU1RVUSD.exe
2016-12-07 14:23 - 2016-12-07 14:23 - 00369664 _____ () C:\Program Files\98XJ32Y6P7\98XJ32Y6P.exe
2016-12-07 15:15 - 2016-12-07 15:15 - 00369664 _____ () C:\Users\person personXC\AppData\Local\Temp\NICZPQ02J\NICZPQ02J.exe
2016-12-07 11:58 - 2015-03-14 04:44 - 01216144 _____ () C:\Program Files\MediatekWiFi\Common\RaWLAPI.dll
2016-12-07 15:13 - 2015-04-25 14:48 - 00053248 _____ () C:\Windows\zlib.dll
2016-12-07 21:16 - 2016-12-01 06:59 - 01834600 _____ () C:\Program Files\Google\Chrome\Application\55.0.2883.75\libglesv2.dll
2016-12-07 21:16 - 2016-12-01 06:59 - 00091240 _____ () C:\Program Files\Google\Chrome\Application\55.0.2883.75\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences

AlternateDataStreams: C:\Windows\system32\drivers:ucdrv-x86.sys [68562]
AlternateDataStreams: C:\Windows\system32\drivers:x86 [1156450]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\zdengine => ""="service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 07:34 - 2016-12-07 21:26 - 00002386 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       union.baidu2019.com
127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       union.baidu2019.com0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com

There are 13 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2235621811-843909008-2094985877-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\person personXC\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 4.2.2.3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{3E31EFB8-4D68-43BE-A938-E2184EE1C1DE}] => C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{FB9AECD5-C1C9-45C7-B2D3-BBDD0A6BB0FA}] => C:\Program Files\HP\HP LaserJet Pro M201-M202\bin\EWSProxy.exe
FirewallRules: [{CF5F1004-0833-47D7-8BEC-6B1C673099BE}] => C:\Program Files\HP\HP LaserJet Pro M201-M202\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{407F5D8B-CB17-483F-BD06-016F267986CF}C:\program files\black_box\max payne 3\maxpayne3.exe] => C:\program files\black_box\max payne 3\maxpayne3.exe
FirewallRules: [UDP Query User{2A3C4F2C-EB17-43AA-8EFA-C223040027A5}C:\program files\black_box\max payne 3\maxpayne3.exe] => C:\program files\black_box\max payne 3\maxpayne3.exe
FirewallRules: [TCP Query User{B0C1E876-0498-4539-A8EA-47779B13A391}G:\cursed crusade\the cursed crusade\tcc.exe] => G:\cursed crusade\the cursed crusade\tcc.exe
FirewallRules: [UDP Query User{FE1E28B6-6219-4D3D-B907-0D5726F10F87}G:\cursed crusade\the cursed crusade\tcc.exe] => G:\cursed crusade\the cursed crusade\tcc.exe
FirewallRules: [{28933965-F1EE-43C4-82FC-05695D1B6F68}] => C:\Program Files\MediatekWiFi\Common\RaUI.exe
FirewallRules: [{2A9383F3-BC6C-471D-B1C6-42031DBC3AB6}] => LPort=53
FirewallRules: [{10880DD8-BF96-497C-B361-18161953E22F}] => C:\PROGRA~1\REALTEK\USBWIR~1\RtWlan.exe
FirewallRules: [{99F2E7C7-D932-4274-A58D-30BC63AF58AA}] => LPort=1542
FirewallRules: [{4025E4C0-0AE0-4C69-8E42-196EA57F8335}] => LPort=1542
FirewallRules: [{269B0B2D-AFD5-46DD-A903-59A1CCD2A5D6}] => LPort=53
FirewallRules: [{B1BE4578-D42F-4F63-A499-3B2D9B109B8E}] => C:\PROGRA~1\REALTEK\USBWIR~1\Rtldhcp.exe
FirewallRules: [{B47EB994-06D8-4475-894A-354789D3DA2B}] => C:\Program Files\REALTEK\USB Wireless LAN Utility\RTLDHCP.exe
FirewallRules: [{F2DE34E3-3925-4682-A9A5-F26F9E5D455A}] => C:\Program Files\REALTEK\USB Wireless LAN Utility\RTLDHCP.exe
FirewallRules: [{D6464292-9A74-4973-A39F-37CCD0F5AF5F}] => C:\Program Files\REALTEK\USB Wireless LAN Utility\RTLDHCP.exe
FirewallRules: [{C4290B37-9641-4080-A9FA-8FCDDD1263D9}] => C:\Program Files\REALTEK\USB Wireless LAN Utility\RTLDHCP.exe
FirewallRules: [{33960A69-5C82-40BD-A4C5-F0E270FE29F2}] => C:\Program Files\REALTEK\USB Wireless LAN Utility\RTLDHCP.exe
FirewallRules: [{DBC2CCE5-1CAB-4C68-BB16-AF35BD95FB45}] => C:\Program Files\REALTEK\USB Wireless LAN Utility\RTLDHCP.exe
FirewallRules: [{45624853-757E-457A-9EB4-DB4AD1C58207}] => C:\Program Files\Reimage\Reimage Repair\ReimageRepair.exe
FirewallRules: [{7A51D32E-1154-48FC-A6F1-070F8E32F543}] => C:\Program Files\Reimage\Reimage Repair\ReimageRepair.exe
FirewallRules: [{EB0D1B1B-1C85-4B8F-BF9A-5B7613A7F266}] => C:\Program Files\Reimage\Reimage Repair\ReimageRepair.exe
FirewallRules: [{1ABE6EAF-7DD3-455A-B815-E4F94C92B959}] => C:\Program Files\Reimage\Reimage Repair\ReimageRepair.exe
FirewallRules: [{DB44A393-C145-4F6C-943A-401B0B995C1E}] => C:\Users\person personXC\AppData\Local\Temp\is-K9K4J.tmp\download\MiniThunderPlatform.exe
FirewallRules: [{17F83EC8-E10B-463E-8CAB-7FF10A9CEA0E}] => C:\Program Files\AVG\Av\avgmfapx.exe
FirewallRules: [{09284D85-6D4D-4633-AA93-03E27AEE4CC7}] => C:\Program Files\AVG\Av\avgmfapx.exe
FirewallRules: [{9AF45B87-AB1A-4F79-B6AA-7F5658A80804}] => C:\Windows\System32\CNAB4RPK.EXE
FirewallRules: [{97946785-E288-4658-B528-4170429D920E}] => C:\Windows\System32\CNAB4RPK.EXE
FirewallRules: [{0C02E94B-0E71-41EF-8FF0-9114108AD186}] => C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: aswStm
Description: aswStm
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswStm
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: avast! HardwareID
Description: avast! HardwareID
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswHwid
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/07/2016 09:26:49 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Users\person personXC\AppData\Local\chromium\Application\chrome.exe".
Dependent Assembly 51.0.2683.0,language="&#x2a;",type="win32",version="51.0.2683.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/07/2016 09:11:11 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={FB8D275E-1765-48FE-8247-B99CB77589A3}: The user personpersonXC\person personXC dialed a connection named Broadband Connection which has failed. The error code returned on failure is 0.

Error: (12/07/2016 09:11:07 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={AAFB3741-0A6F-42D4-883F-D6F2ED7BCF82}: The user personpersonXC\person personXC dialed a connection named Broadband Connection which has failed. The error code returned on failure is 691.

Error: (12/07/2016 09:11:03 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={271DDB38-E3D6-4E31-8C4C-B8CF31D10F34}: The user personpersonXC\person personXC dialed a connection named Broadband Connection which has failed. The error code returned on failure is 0.

Error: (12/07/2016 09:11:01 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={D4CDB249-FC4A-46A1-B47A-DE7E37131C06}: The user personpersonXC\person personXC dialed a connection named Broadband Connection which has failed. The error code returned on failure is 691.

Error: (12/07/2016 09:11:01 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={B8E7CE85-4048-439D-8C46-58B1987C5326}: The user personpersonXC\person personXC dialed a connection named Broadband Connection which has failed. The error code returned on failure is 691.

Error: (12/07/2016 09:10:59 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={05DEFC0A-DD28-4AE6-8619-B06B4BF5A292}: The user personpersonXC\person personXC dialed a connection named Broadband Connection which has failed. The error code returned on failure is 691.

Error: (12/07/2016 09:10:55 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={C543A6D8-444D-47FE-95B8-61C8159122AE}: The user personpersonXC\person personXC dialed a connection named Broadband Connection which has failed. The error code returned on failure is 0.

Error: (12/07/2016 09:10:27 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Users\person personXC\AppData\Local\chromium\Application\chrome.exe".
Dependent Assembly 51.0.2683.0,language="&#x2a;",type="win32",version="51.0.2683.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (12/07/2016 09:07:37 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: The COM+ Event System could not remove the EventSystem.EventSubscription object {F55E4282-CE4F-4785-B5C8-29D60709F8AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}.
Object name: SENS Logon Subscription
Object description:
The HRESULT was 80070005.


System errors:
=============
Error: (12/07/2016 09:28:49 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Avast Antivirus service depends on the aswMonFlt service which failed to start because of the following error:
A device attached to the system is not functioning.

Error: (12/07/2016 09:28:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The aswMonFlt service failed to start due to the following error:
A device attached to the system is not functioning.

Error: (12/07/2016 09:28:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The File Helper service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (12/07/2016 09:28:43 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the File Helper service to connect.

Error: (12/07/2016 09:28:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Avast Antivirus service depends on the aswMonFlt service which failed to start because of the following error:
A device attached to the system is not functioning.

Error: (12/07/2016 09:28:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The aswMonFlt service failed to start due to the following error:
A device attached to the system is not functioning.

Error: (12/07/2016 09:27:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The File Helper service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (12/07/2016 09:27:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the File Helper service to connect.

Error: (12/07/2016 09:26:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The File Helper service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (12/07/2016 09:26:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the File Helper service to connect.


CodeIntegrity:
===================================
  Date: 2016-11-12 10:07:53.526
  Description: N/A

  Date: 2016-11-12 10:07:53.370
  Description: N/A

  Date: 2016-11-12 09:58:50.293
  Description: N/A

  Date: 2016-11-12 09:58:50.157
  Description: N/A


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-4170 CPU @ 3.70GHz
Percentage of memory in use: 50%
Total physical RAM: 3408.95 MB
Available physical RAM: 1696.82 MB
Total Virtual: 6816.17 MB
Available Virtual: 4955.23 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.58 GB) (Free:420.51 GB) NTFS
Drive d: (DESIGNS FILES) (Fixed) (Total:19.53 GB) (Free:7.99 GB) NTFS
Drive e: (MOVIES) (Fixed) (Total:97.66 GB) (Free:25.17 GB) NTFS
Drive g: (GAMES) (Fixed) (Total:348.4 GB) (Free:285.43 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 000E0CEA)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=19.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=446.1 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================
24
LandzDown Lounge / Re: 5 letters Game
« Last post by Pete! on December 07, 2016, 01:06:17 PM »
batty - Bakers are taking the yeast.

hoots
25
LandzDown Lounge / Re: 2 Word Game
« Last post by Pete! on December 07, 2016, 01:00:30 PM »
Spirit Rover

26
LandzDown Lounge / Re: The Last Two words become the First Two Words
« Last post by Pete! on December 07, 2016, 12:58:32 PM »
The typhoon evacuation warnings only inspired the islanders to get out the heavy duty surfboards.
27
Excellent news, a simple switch of extension certainly beats troubleshooting for days  8)
28
Security Alerts & Briefings / Re: Pale Moon Version 27.0.0 Released with Security Updates
« Last post by Lost. on December 07, 2016, 03:32:29 AM »
Thanks for the Link to the Linux forum.

Yes it appears to have been ad blocker ABL . I am using Ublock Origin now and things are back to normal.
29
LandzDown Lounge / Re: The Last Two words become the First Two Words
« Last post by JDBush61 on December 07, 2016, 01:55:25 AM »
Anvils, collapsed barn, a pile of old horseshoes, and a wad of chewing tobacco are all that's left of my blacksmith business after the typhoon.
30
LandzDown Lounge / Re: 2 Word Game
« Last post by JDBush61 on December 06, 2016, 11:16:37 PM »
team spirit

(Go Cal!)

Pages: 1 2 [3] 4 5 ... 10