View Full Version : laptop continues to crash apps and go not responding. not sure whats wrong

2017-05-30, 06:49
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-05-2017
Ran by eric (administrator) on ERICANTON (29-05-2017 21:44:18)
Running from C:\Users\eric\Desktop
Loaded Profiles: eric (Available Profiles: eric)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\vsserv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\\NAT.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\SCM\MSIService.exe
(MSI) C:\Program Files (x86)\MSI\SUPER CHARGER\ChargeService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\updatesrv.exe
(Qualcomm Atheros) C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\\NAT.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(MSI) C:\Program Files (x86)\SCM\SCM.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
(Spotify Ltd) C:\Users\eric\AppData\Roaming\Spotify\SpotifyWebHelper.exe
() C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\Dragon Gaming Center\Dragon Gaming Center.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\bdagent.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\bdwtxcr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2017\downloader.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13675736 2014-09-11] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320360 2014-06-25] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [405504 2014-09-01] (MSI)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-28] (Nico Mak Computing)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM-x32\...\Run: [Sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2013-08-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [SUPER CHARGER] => C:\Program Files (x86)\MSI\SUPER CHARGER\SUPER CHARGER.exe [1047536 2014-02-21] (MSI)
HKU\S-1-5-21-1887440591-2253008068-428354483-1001\...\Run: [SteelSeries Engine] => C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe [87040 2014-06-26] (SteelSeries ApS)
HKU\S-1-5-21-1887440591-2253008068-428354483-1001\...\Run: [Spotify Web Helper] => C:\Users\eric\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1525360 2016-05-01] (Spotify Ltd)
HKU\S-1-5-21-1887440591-2253008068-428354483-1001\...\Run: [Spotify] => C:\Users\eric\AppData\Roaming\Spotify\Spotify.exe [6890608 2016-05-01] (Spotify Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2014-09-12]
ShortcutTarget: Killer Network Manager.lnk -> C:\Windows\Installer\{5B62C353-75A3-463F-A52E-CC005846F3CE}\NetworkManager.exe_130C27D738F34C89BDDF21BCFD74B56D.exe (Flexera Software LLC)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer]
Tcpip\..\Interfaces\{5f02267d-81ba-4f21-946d-441a49b2770b}: [DhcpNameServer]
Tcpip\..\Interfaces\{d6602c9f-800a-42c2-8fdb-e5ca4188c920}: [DhcpNameServer]

Internet Explorer:
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1887440591-2253008068-428354483-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-1887440591-2253008068-428354483-1001 -> DefaultScope {F31B8A1C-22D7-4ED2-9D65-65B90AFE218E} URL =
SearchScopes: HKU\S-1-5-21-1887440591-2253008068-428354483-1001 -> {F31B8A1C-22D7-4ED2-9D65-65B90AFE218E} URL =
BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2017\pmbxie.dll [2017-05-08] (Bitdefender)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2017\Antispam32\pmbxie.dll [2017-05-08] (Bitdefender)
Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2017\pmbxie.dll [2017-05-08] (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2017\Antispam32\pmbxie.dll [2017-05-08] (Bitdefender)

FF HKLM\...\Firefox\Extensions: [bdwteffv20@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\antispam32\bdwteff
FF Extension: (Bitdefender Wallet) - C:\Program Files\Bitdefender\Bitdefender 2017\antispam32\bdwteff [2017-05-19]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext [2016-12-13] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [bdwteffv19@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\\antispam32\bdwteff => not found
FF HKLM-x32\...\Firefox\Extensions: [bdwteffv20@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\antispam32\bdwteff
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2017\bdtbext
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-04-29] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-04-29] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-01-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-04-12] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-04-12] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)

CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\eric\AppData\Local\Google\Chrome\User Data\Default [2017-05-29]
CHR Extension: (Bitdefender Wallet) - C:\Users\eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\gannpgaobkkhmpomoijebaigcapoeebl [2017-05-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-28]
CHR Extension: (Chrome Media Router) - C:\Users\eric\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-28]
CHR HKLM-x32\...\Chrome\Extension: [gannpgaobkkhmpomoijebaigcapoeebl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 DevMgmtService; C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe [100448 2017-02-17] (Bitdefender)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-06-14] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-06-25] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2016-11-01] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-04-29] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-04-29] (Intel Corporation)
R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2014-09-01] (Micro-Star International Co., Ltd.) [File not signed]
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\SUPER CHARGER\ChargeService.exe [162800 2014-02-21] (MSI)
R2 NAT; C:\Program Files (x86)\Norton Anti-Theft\Engine\\NAT.exe [232424 2013-10-11] (Symantec Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [464440 2017-04-12] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-14] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-14] (NVIDIA Corporation)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [1230824 2017-02-22] (Bitdefender)
R2 Qualcomm Atheros Killer Service V2; C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe [360448 2014-08-18] (Qualcomm Atheros) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [266328 2016-12-04] (Synaptics Incorporated)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2017\updatesrv.exe [218416 2017-05-08] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2017\vsserv.exe [1442896 2017-05-29] (Bitdefender)
R2 vsservp; C:\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe [524872 2016-08-25] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avc3; C:\WINDOWS\System32\DRIVERS\avc3.sys [1612648 2017-05-29] (BitDefender)
R3 avckf; C:\WINDOWS\System32\DRIVERS\avckf.sys [879600 2017-05-29] (BitDefender)
S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [23672 2016-03-14] (Bitdefender)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [128400 2016-06-24] (BitDefender LLC)
R1 BDVEDISK; C:\WINDOWS\system32\DRIVERS\bdvedisk.sys [87912 2015-12-04] (BitDefender)
R1 BfLwf; C:\WINDOWS\system32\DRIVERS\bwcW8x64.sys [97968 2014-08-13] (Qualcomm Atheros, Inc.)
R1 ccSet_NAT; C:\WINDOWS\system32\drivers\NATx64\010A000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
R0 gzflt; C:\WINDOWS\System32\DRIVERS\gzflt.sys [182944 2016-10-29] (BitDefender LLC)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [231168 2017-01-13] (Intel Corporation)
R0 ignis; C:\WINDOWS\system32\DRIVERS\ignis.sys [305120 2017-03-29] (Bitdefender)
R3 KillerEth; C:\WINDOWS\System32\drivers\e2xw10x64.sys [145920 2017-03-18] (Qualcomm Atheros, Inc.)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [118272 2014-04-29] (Intel Corporation)
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3485696 2017-03-18] (Intel Corporation)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\SUPER CHARGER\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvmiwu.inf_amd64_39a7e4df14c81942\nvlddmkm.sys [14841784 2017-04-17] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-13] (NVIDIA Corporation)
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [506584 2014-09-11] (Realsil Semiconductor Corporation)
S3 SAlphamBth; C:\WINDOWS\System32\drivers\SAlphabt64.sys [31232 2014-05-16] (SteelSeries Corporation) [File not signed]
S3 SAlphamHid; C:\WINDOWS\System32\drivers\SAlpham64.sys [39168 2014-05-27] (SteelSeries Corporation)
R3 SAlphaPS2; C:\WINDOWS\System32\drivers\SAlphaPS264.sys [27520 2014-05-16] (SteelSeries Corporation)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [29936 2014-09-11] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [44216 2015-09-08] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
R0 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [520032 2016-06-22] (BitDefender S.R.L.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R3 WINIO; C:\Program Files (x86)\MSI\Dragon Gaming Center\winio64.sys [15160 2010-06-07] ()
R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-07-10] (Intel Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-29 21:44 - 2017-05-29 21:46 - 00019533 _____ C:\Users\eric\Desktop\FRST.txt
2017-05-29 21:37 - 2017-05-29 21:38 - 00667628 _____ C:\WINDOWS\Minidump\052917-29281-01.dmp
2017-05-29 21:37 - 2017-05-29 21:37 - 789383031 _____ C:\WINDOWS\MEMORY.DMP
2017-05-29 21:37 - 2017-05-29 21:37 - 00000000 ____D C:\WINDOWS\Minidump
2017-05-29 21:35 - 2017-05-29 21:44 - 00000000 ____D C:\FRST
2017-05-29 21:35 - 2017-05-29 21:35 - 02429952 _____ (Farbar) C:\Users\eric\Desktop\FRST64.exe
2017-05-29 21:34 - 2017-05-29 21:34 - 05198336 _____ (AVAST Software) C:\Users\eric\Desktop\aswMBR.exe
2017-05-29 19:53 - 2017-05-29 19:53 - 00000000 ____D C:\Users\eric\AppData\Roaming\Macromedia
2017-05-28 19:49 - 2017-05-28 19:50 - 00000000 ____D C:\Users\eric\Documents\Overwatch
2017-05-28 19:25 - 2017-05-28 19:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overwatch
2017-05-28 19:12 - 2017-05-28 19:25 - 00000888 _____ C:\Users\Public\Desktop\Overwatch.lnk
2017-05-28 18:09 - 2017-05-28 19:49 - 00000000 ____D C:\Program Files (x86)\Overwatch
2017-05-28 17:58 - 2017-05-28 17:58 - 03233264 _____ (Blizzard Entertainment) C:\Users\eric\Downloads\Battle.net-Setup.exe
2017-05-25 20:52 - 2017-05-25 20:52 - 00000000 ____D C:\Users\eric\AppData\Local\DBG
2017-05-25 20:51 - 2017-05-25 20:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodi
2017-05-25 20:49 - 2017-05-25 20:50 - 83883525 _____ (XBMC-Foundation) C:\Users\eric\Downloads\kodi-17.3-Krypton.exe
2017-05-21 20:32 - 2017-05-21 20:32 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2017-05-21 20:31 - 2017-05-21 20:31 - 00001262 _____ C:\Users\eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update and Privacy Settings.lnk
2017-05-21 20:30 - 2017-05-21 20:30 - 00000020 ___SH C:\Users\eric\ntuser.ini
2017-05-21 00:40 - 2017-05-21 00:40 - 00000000 ____D C:\Windows.old
2017-05-21 00:39 - 2017-05-21 00:39 - 23681024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 21353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 20505600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 20374424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 19335168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 11870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 08320920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-05-21 00:39 - 2017-05-21 00:39 - 08244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 06759512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 06292992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 05477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 04848440 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-05-21 00:39 - 2017-05-21 00:39 - 04730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 04469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-05-21 00:39 - 2017-05-21 00:39 - 04446208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 03672064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-05-21 00:39 - 2017-05-21 00:39 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 03655680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 03116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 02957824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-05-21 00:39 - 2017-05-21 00:39 - 02859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 02651648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 02635336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 02444192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-05-21 00:39 - 2017-05-21 00:39 - 02443776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 02435584 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 02399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 02330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 02298880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 02259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 02158544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 02085280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 02077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-05-21 00:39 - 2017-05-21 00:39 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-05-21 00:39 - 2017-05-21 00:39 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-05-21 00:39 - 2017-05-21 00:39 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 01852776 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 01839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 01803264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 01760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 01657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 01628160 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 01611776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 01605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 01604312 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 01600512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 01583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 01557288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 01518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 01506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 01463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 01433600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 01411128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 01356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 01325456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 01320352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 01295872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 01291776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 01285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 01269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-05-21 00:39 - 2017-05-21 00:39 - 01257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 01242624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 01147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-05-21 00:39 - 2017-05-21 00:39 - 01103872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 01085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 01075712 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 01051648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 01027584 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 01024416 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-05-21 00:39 - 2017-05-21 00:39 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00980992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2017-05-21 00:39 - 2017-05-21 00:39 - 00974848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaserver.exe
2017-05-21 00:39 - 2017-05-21 00:39 - 00970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-05-21 00:39 - 2017-05-21 00:39 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-05-21 00:39 - 2017-05-21 00:39 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00775824 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-05-21 00:39 - 2017-05-21 00:39 - 00750080 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00741784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaserver.exe
2017-05-21 00:39 - 2017-05-21 00:39 - 00722944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-05-21 00:39 - 2017-05-21 00:39 - 00716440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-05-21 00:39 - 2017-05-21 00:39 - 00708712 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-05-21 00:39 - 2017-05-21 00:39 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00673112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00651680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-05-21 00:39 - 2017-05-21 00:39 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00626520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-05-21 00:39 - 2017-05-21 00:39 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00605936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00599576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-05-21 00:39 - 2017-05-21 00:39 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-05-21 00:39 - 2017-05-21 00:39 - 00543640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-05-21 00:39 - 2017-05-21 00:39 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00523296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-05-21 00:39 - 2017-05-21 00:39 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-05-21 00:39 - 2017-05-21 00:39 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-05-21 00:39 - 2017-05-21 00:39 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-05-21 00:39 - 2017-05-21 00:39 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00409504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-05-21 00:39 - 2017-05-21 00:39 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00388000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-05-21 00:39 - 2017-05-21 00:39 - 00387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-05-21 00:39 - 2017-05-21 00:39 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-05-21 00:39 - 2017-05-21 00:39 - 00364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsDocumentTargetPrint.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-05-21 00:39 - 2017-05-21 00:39 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00311192 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsDocumentTargetPrint.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Preview.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-05-21 00:39 - 2017-05-21 00:39 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.ps.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00207264 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00142240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-05-21 00:39 - 2017-05-21 00:39 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2017-05-21 00:39 - 2017-05-21 00:39 - 00105456 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00095584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2017-05-21 00:39 - 2017-05-21 00:39 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2017-05-21 00:39 - 2017-05-21 00:39 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvps.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-05-21 00:39 - 2017-05-21 00:39 - 00032004 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-05-21 00:39 - 2017-05-21 00:39 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-05-21 00:39 - 2017-05-21 00:39 - 00027040 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2017-05-21 00:39 - 2017-05-21 00:39 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-05-21 00:36 - 2017-05-21 00:36 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2017-05-21 00:36 - 2017-05-20 22:43 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2017-05-21 00:34 - 2017-05-21 00:34 - 00000000 ____D C:\Program Files\Reference Assemblies
2017-05-21 00:34 - 2017-05-21 00:34 - 00000000 ____D C:\Program Files\MSBuild
2017-05-21 00:34 - 2017-05-21 00:34 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-05-21 00:34 - 2017-05-21 00:34 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-05-21 00:33 - 2017-02-10 13:26 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-05-21 00:33 - 2017-02-10 13:26 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-05-21 00:33 - 2017-02-10 13:26 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-05-21 00:33 - 2017-02-10 13:21 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2017-05-21 00:33 - 2017-02-10 13:21 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-05-21 00:33 - 2017-02-10 13:21 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2017-05-20 23:08 - 2017-05-20 23:08 - 00000000 _SHDL C:\Users\Default\My Documents
2017-05-20 23:05 - 2017-05-20 23:07 - 00007623 _____ C:\WINDOWS\diagwrn.xml
2017-05-20 23:05 - 2017-05-20 23:07 - 00007623 _____ C:\WINDOWS\diagerr.xml
2017-05-20 22:59 - 2017-05-29 21:37 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-05-20 22:59 - 2017-05-28 18:13 - 00004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F19CE4D9-ABE9-4FF3-A8F8-91CF7C71C69E}
2017-05-20 22:59 - 2017-05-21 20:35 - 00003276 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-05-20 22:59 - 2017-05-20 23:00 - 00002810 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1887440591-2253008068-428354483-1001
2017-05-20 22:59 - 2017-05-20 22:59 - 00003344 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-05-20 22:59 - 2017-05-20 22:59 - 00003120 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-05-20 22:59 - 2017-05-20 22:59 - 00003042 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2017-05-20 22:59 - 2017-05-20 22:59 - 00002764 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-05-20 22:59 - 2017-05-20 22:59 - 00002680 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon
2017-05-20 22:59 - 2017-05-20 22:59 - 00002668 _____ C:\WINDOWS\System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864
2017-05-20 22:59 - 2017-05-20 22:59 - 00002388 _____ C:\WINDOWS\System32\Tasks\Bitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C
2017-05-20 22:59 - 2017-05-20 22:59 - 00002378 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1887440591-2253008068-428354483-500
2017-05-20 22:59 - 2017-05-20 22:59 - 00002364 _____ C:\WINDOWS\System32\Tasks\Bitdefender Update Product Data_A17FD818A96743FAB28AC221BEB4B2C8
2017-05-20 22:59 - 2017-05-20 22:59 - 00002360 _____ C:\WINDOWS\System32\Tasks\MSI_Dragon Gaming Center
2017-05-20 22:59 - 2017-05-20 22:59 - 00002048 _____ C:\WINDOWS\System32\Tasks\Synaptics TouchPad Enhancements
2017-05-20 22:59 - 2017-05-20 22:59 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD
2017-05-20 22:59 - 2017-05-20 22:59 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Anti-Theft
2017-05-20 22:59 - 2017-05-20 22:59 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2017-05-20 22:59 - 2014-09-12 11:24 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1250545291-1594571460-862123941-500
2017-05-20 22:59 - 2014-04-29 14:16 - 00003594 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-378197635-2459492535-1786435534-500
2017-05-20 22:57 - 2017-05-29 21:44 - 00935170 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-05-20 22:56 - 2017-05-20 22:56 - 00000000 ____D C:\ProgramData\USOShared
2017-05-20 22:52 - 2017-05-20 22:52 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-05-20 22:49 - 2017-05-20 22:53 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-05-20 22:47 - 2017-05-28 19:49 - 00000000 ____D C:\Users\eric
2017-05-20 22:47 - 2017-05-20 22:47 - 00000000 _SHDL C:\Users\eric\My Documents
2017-05-20 22:47 - 2017-05-20 22:47 - 00000000 _SHDL C:\Users\eric\Documents\My Videos
2017-05-20 22:47 - 2017-05-20 22:47 - 00000000 _SHDL C:\Users\eric\Documents\My Pictures
2017-05-20 22:47 - 2017-05-20 22:47 - 00000000 _SHDL C:\Users\eric\Documents\My Music
2017-05-20 22:46 - 2017-05-29 21:39 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-05-20 22:46 - 2017-05-29 21:37 - 00000000 ____D C:\ProgramData\NVIDIA
2017-05-20 22:46 - 2017-05-20 22:49 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-05-20 22:46 - 2017-05-20 22:49 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-05-20 22:46 - 2017-05-20 22:49 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-05-20 22:46 - 2017-05-20 22:46 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2017-05-20 22:46 - 2017-05-20 22:46 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2017-05-20 22:46 - 2017-05-20 22:46 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-05-20 22:46 - 2017-05-20 22:46 - 00000000 ____D C:\Program Files\Realtek
2017-05-20 22:46 - 2017-05-20 22:46 - 00000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2017-05-20 22:46 - 2017-04-12 14:43 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-05-20 22:46 - 2017-04-12 14:35 - 06438968 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-05-20 22:46 - 2017-04-12 14:35 - 02481208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-05-20 22:46 - 2017-04-12 14:35 - 01764408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-05-20 22:46 - 2017-04-12 14:35 - 00548288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-05-20 22:46 - 2017-04-12 14:35 - 00392128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-05-20 22:46 - 2017-04-12 14:35 - 00083512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-05-20 22:46 - 2017-04-12 14:35 - 00071224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-05-20 22:46 - 2017-04-12 07:13 - 07915337 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-05-20 22:46 - 2017-03-18 14:56 - 02233344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-05-20 22:46 - 2016-11-01 23:05 - 00103952 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2017-05-20 22:46 - 2016-11-01 23:05 - 00099848 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2017-05-20 22:45 - 2017-05-20 22:49 - 00000000 ____D C:\Program Files\Intel
2017-05-20 22:45 - 2017-05-20 22:45 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2017-05-20 22:45 - 2017-05-20 22:45 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2017-05-20 22:45 - 2017-05-20 22:45 - 00000000 ____D C:\Program Files\Synaptics
2017-05-20 22:43 - 2017-05-29 19:49 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-05-20 22:43 - 2017-05-28 19:46 - 00217000 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-05-20 20:46 - 2017-05-21 20:30 - 00000000 ___DC C:\WINDOWS\Panther
2017-05-20 20:41 - 2017-05-20 20:41 - 00000000 ____D C:\Users\eric\AppData\Local\UNP
2017-05-08 19:32 - 2017-05-20 22:53 - 00000000 ____D C:\WINDOWS\system32\UNP
2017-05-08 19:32 - 2017-05-08 19:33 - 00000000 ____D C:\Program Files\UNP
2017-05-08 19:30 - 2017-05-08 19:30 - 00041704 _____ C:\ProgramData\dm.update.1494293425.bdinstall.bin

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-29 21:40 - 2017-01-09 09:13 - 00000000 ____D C:\Program Files\Bitdefender Agent
2017-05-29 21:40 - 2015-01-02 15:59 - 00000000 __SHD C:\Users\eric\IntelGraphicsProfiles
2017-05-29 21:31 - 2015-01-04 14:45 - 00000000 ____D C:\Users\eric\AppData\Roaming\Kodi
2017-05-29 20:52 - 2017-01-09 09:24 - 01612648 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avc3.sys
2017-05-29 20:52 - 2017-01-09 09:24 - 00879600 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avckf.sys
2017-05-29 20:26 - 2015-01-02 16:15 - 00000000 ____D C:\Users\eric\AppData\Local\Battle.net
2017-05-29 20:02 - 2015-01-03 09:23 - 00000000 ____D C:\Program Files (x86)\Steam
2017-05-29 20:01 - 2015-01-02 16:15 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-05-29 20:00 - 2017-03-18 15:03 - 00000000 ___RD C:\WINDOWS\Offline Web Pages
2017-05-29 19:59 - 2017-03-18 15:03 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2017-05-29 19:57 - 2017-03-18 15:03 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-05-29 19:57 - 2017-03-18 15:01 - 00000000 ____D C:\WINDOWS\INF
2017-05-29 19:47 - 2017-03-18 15:03 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-05-28 21:26 - 2015-01-05 21:16 - 00000000 ____D C:\Users\eric\AppData\Local\CrashDumps
2017-05-28 19:47 - 2017-03-18 05:40 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-05-28 19:45 - 2017-03-18 05:40 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-05-28 19:45 - 2015-01-05 21:12 - 00025923 _____ C:\bdlog.txt
2017-05-28 18:04 - 2015-01-02 19:23 - 00000000 ____D C:\Program Files (x86)\Diablo III
2017-05-28 18:02 - 2017-03-18 15:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-05-28 18:02 - 2017-03-18 15:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-05-28 17:58 - 2015-01-02 16:15 - 00000000 ____D C:\Users\eric\AppData\Roaming\Battle.net
2017-05-28 17:58 - 2015-01-02 16:13 - 00000000 ____D C:\ProgramData\Battle.net
2017-05-25 20:57 - 2017-03-18 14:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-05-25 20:52 - 2014-09-12 10:14 - 00000000 ____D C:\ProgramData\Package Cache
2017-05-25 20:51 - 2015-01-11 16:10 - 00000000 ____D C:\Program Files (x86)\Kodi
2017-05-22 19:23 - 2015-01-05 20:53 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-05-22 19:21 - 2015-01-05 20:53 - 132223576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-05-22 19:20 - 2017-03-18 15:03 - 00000000 ____D C:\WINDOWS\appcompat
2017-05-21 20:47 - 2015-01-02 15:59 - 00000000 ____D C:\Users\eric\AppData\Local\Packages
2017-05-21 20:35 - 2016-04-24 08:16 - 00002411 _____ C:\Users\eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-05-21 20:35 - 2015-01-02 16:04 - 00000000 ___RD C:\Users\eric\OneDrive
2017-05-21 20:31 - 2016-04-24 08:59 - 00000000 ____D C:\Users\eric\AppData\Local\MicrosoftEdge
2017-05-21 20:30 - 2017-03-18 15:03 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-05-21 20:30 - 2016-02-13 07:20 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-05-21 00:43 - 2017-03-18 15:03 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-05-21 00:40 - 2017-03-18 15:06 - 00000000 ____D C:\WINDOWS\Setup
2017-05-21 00:40 - 2017-03-18 15:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-05-21 00:40 - 2017-03-18 15:03 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-05-21 00:40 - 2017-03-18 15:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-05-21 00:40 - 2017-03-18 15:03 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-05-21 00:40 - 2017-03-18 15:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-05-21 00:40 - 2017-03-18 15:03 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-05-21 00:40 - 2017-03-18 15:03 - 00000000 ____D C:\WINDOWS\Provisioning
2017-05-21 00:40 - 2017-03-18 15:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-05-21 00:40 - 2017-03-18 15:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-05-21 00:40 - 2017-03-18 05:40 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-05-20 23:07 - 2017-03-18 15:03 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-05-20 23:07 - 2017-03-18 15:03 - 00000000 ____D C:\WINDOWS\rescache
2017-05-20 23:05 - 2017-03-18 15:03 - 00000000 ____D C:\WINDOWS\Registration
2017-05-20 23:05 - 2017-03-18 15:03 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-05-20 23:05 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-05-20 23:00 - 2017-03-18 20:31 - 00000000 ____D C:\WINDOWS\HoloShell
2017-05-20 22:59 - 2017-03-18 15:03 - 00000000 __RHD C:\Users\Public\Libraries
2017-05-20 22:59 - 2016-04-23 09:59 - 00022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-05-20 22:57 - 2015-01-02 16:06 - 00002282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-20 22:57 - 2014-09-12 10:08 - 00898608 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2017-05-20 22:56 - 2017-03-18 15:03 - 00000000 ____D C:\ProgramData\USOPrivate
2017-05-20 22:53 - 2017-02-25 10:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-05-20 22:53 - 2017-01-09 09:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2017
2017-05-20 22:53 - 2016-02-06 19:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DiabloSport
2017-05-20 22:53 - 2015-11-20 13:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-05-20 22:53 - 2015-01-03 09:35 - 00000000 ____D C:\Users\eric\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-05-20 22:53 - 2015-01-03 09:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2017-05-20 22:53 - 2015-01-03 00:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Anti-Theft
2017-05-20 22:53 - 2015-01-02 19:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
2017-05-20 22:53 - 2015-01-02 16:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2017-05-20 22:53 - 2014-09-12 11:18 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 10
2017-05-20 22:53 - 2014-09-12 11:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BurnRecovery
2017-05-20 22:53 - 2014-09-12 10:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit
2017-05-20 22:53 - 2014-09-12 10:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI
2017-05-20 22:53 - 2014-09-12 10:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
2017-05-20 22:53 - 2014-09-12 10:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-05-20 22:53 - 2014-09-12 10:07 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2017-05-20 22:53 - 2014-04-29 12:50 - 00000000 ____D C:\WINDOWS\th
2017-05-20 22:53 - 2014-04-29 12:50 - 00000000 ____D C:\WINDOWS\nl
2017-05-20 22:53 - 2014-04-29 12:50 - 00000000 ____D C:\WINDOWS\ko
2017-05-20 22:53 - 2014-04-29 12:50 - 00000000 ____D C:\WINDOWS\ja
2017-05-20 22:53 - 2014-04-29 12:50 - 00000000 ____D C:\WINDOWS\en
2017-05-20 22:53 - 2014-04-29 12:50 - 00000000 ____D C:\WINDOWS\de
2017-05-20 22:53 - 2014-04-29 12:50 - 00000000 ____D C:\WINDOWS\ar
2017-05-20 22:53 - 2014-04-29 12:49 - 00000000 ____D C:\WINDOWS\fr
2017-05-20 22:53 - 2014-04-29 12:49 - 00000000 ____D C:\WINDOWS\es
2017-05-20 22:50 - 2017-03-18 15:03 - 00000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2017-05-20 22:50 - 2017-03-18 15:03 - 00000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2017-05-20 22:50 - 2017-03-18 15:03 - 00000000 ____D C:\WINDOWS\SysWOW64\et-EE
2017-05-20 22:50 - 2017-03-18 15:03 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2017-05-20 22:50 - 2017-03-18 15:03 - 00000000 ____D C:\WINDOWS\system32\spool
2017-05-20 22:50 - 2017-03-18 15:03 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-05-20 22:50 - 2017-03-18 15:03 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2017-05-20 22:50 - 2017-03-18 15:03 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2017-05-20 22:50 - 2017-03-18 15:03 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2017-05-20 22:50 - 2017-03-18 15:03 - 00000000 ____D C:\WINDOWS\system32\et-EE
2017-05-20 22:50 - 2017-03-18 15:03 - 00000000 ____D C:\WINDOWS\system32\en-GB
2017-05-20 22:50 - 2014-09-12 10:29 - 00000000 __SHD C:\WINDOWS\SysWOW64\AI_RecycleBin
2017-05-20 22:50 - 2014-09-12 10:14 - 00000000 ___HD C:\WINDOWS\system32\WLANProfiles
2017-05-20 22:50 - 2014-09-12 10:14 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2017-05-20 22:50 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2017-05-20 22:50 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2017-05-20 22:49 - 2017-03-18 15:03 - 00000000 ____D C:\WINDOWS\InputMethod
2017-05-20 22:49 - 2017-03-18 15:03 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-05-20 22:49 - 2014-09-12 11:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
2017-05-20 22:49 - 2014-09-12 10:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Qualcomm Atheros
2017-05-20 22:47 - 2017-03-18 05:40 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-05-20 22:46 - 2017-03-18 15:03 - 00000000 ____D C:\WINDOWS\Help
2017-05-20 22:46 - 2014-09-12 10:09 - 00000000 ____D C:\Temp
2017-05-20 22:20 - 2017-03-18 21:20 - 00000000 ___HD C:\$WINDOWS.~BT
2017-05-19 20:12 - 2015-01-02 16:06 - 00002270 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-05-07 22:44 - 2015-11-20 13:05 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-05-07 22:44 - 2015-11-20 13:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

==================== Files in the root of some directories =======

2016-05-12 21:22 - 2016-05-12 21:22 - 0251218 _____ () C:\ProgramData\1463109720.bdinstall.bin
2017-01-09 09:13 - 2017-01-09 09:13 - 0048068 _____ () C:\ProgramData\agent.1483974806.bdinstall.bin
2017-03-21 22:36 - 2017-03-21 22:36 - 0029970 _____ () C:\ProgramData\agent.update.1490157399.bdinstall.bin
2017-01-09 09:27 - 2017-01-09 09:27 - 0391854 _____ () C:\ProgramData\cl.1483975297.bdinstall.bin
2017-01-09 09:27 - 2017-01-09 09:27 - 0055874 _____ () C:\ProgramData\dm.1483975652.bdinstall.bin
2017-05-08 19:30 - 2017-05-08 19:30 - 0041704 _____ () C:\ProgramData\dm.update.1494293425.bdinstall.bin

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-05-20 22:43

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-05-2017
Ran by eric (29-05-2017 21:46:27)
Running from C:\Users\eric\Desktop
Windows 10 Home Version 1703 (X64) (2017-05-21 05:08:45)
Boot Mode: Normal

==================== Accounts: =============================

Administrator (S-1-5-21-1887440591-2253008068-428354483-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1887440591-2253008068-428354483-503 - Limited - Disabled)
eric (S-1-5-21-1887440591-2253008068-428354483-1001 - Administrator - Enabled) => C:\Users\eric
Guest (S-1-5-21-1887440591-2253008068-428354483-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1887440591-2253008068-428354483-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus (Enabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Antispyware (Enabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {078AF241-05A3-0EFF-40E0-3E0D69EA140A}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20069 - Adobe Systems Incorporated)
Ansel (Version: 381.78 - NVIDIA Corporation) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: - Apple Inc.)
Battery Calibration (HKLM-x32\...\{619FA785-489B-4D22-911F-82D6EDF5BDB0}) (Version: 1.0.1405.0701 - Micro-Star International Co., Ltd.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: - Bitdefender)
Bitdefender Device Management (HKLM\...\Bitdefender Device Management) (Version: - Bitdefender)
Bitdefender Total Security 2017 (HKLM\...\Bitdefender) (Version: - Bitdefender)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: - Apple Inc.)
Boot Configure (HKLM-x32\...\{AB72B3BB-A389-4F62-86EE-C08326B4BE60}) (Version: 20.014.05233 - Micro-Star International Co., Ltd.)
BurnRecovery (HKLM-x32\...\{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}) (Version: 4.0.1408.201 - )
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5509.52 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Diablosport USB Drivers 2.4 (HKLM\...\{2677AAE2-D8F8-40AE-9149-67618ED43EFD}_is1) (Version: - DiabloSport, Inc.)
Dragon Gaming Center (HKLM-x32\...\InstallShield_{965B16C7-0778-4C45-B7D1-83A59E6FBBCB}) (Version: 1.0.1408.2901 - Micro-Star International Co., Ltd.)
Dragon Gaming Center (x32 Version: 1.0.1408.2901 - Micro-Star International Co., Ltd.) Hidden
DSDownloader (HKLM-x32\...\DSDownloader_is1) (Version: - DiabloSport, Inc.)
File Association Helper (HKLM\...\{C168639F-5810-4EC8-B1E8-0251AA8A771C}) (Version: - WinZip Computing International, LLC)
Fotogalerie (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Galeria de Fotos (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
GalerÃ*a de fotos (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Update Helper (x32 Version: - Google Inc.) Hidden
Google Update Helper (x32 Version: - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
Intel(R) Wireless Bluetooth(R)(patch version 17.1.1431.1) (HKLM\...\{302600C1-6BDF-4FD1-1407-148929CC1385}) (Version: 17.1.1407.0480 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{7a06df8f-4c5a-4207-aa9e-019406e3a46d}) (Version: 17.1.0 - Intel Corporation)
iTunes (HKLM\...\{9D0D2A8B-7E7B-4D88-8D50-24286ED6A5EB}) (Version: - Apple Inc.)
KB9X Radio Switch Driver (HKLM\...\5AADE1068CF70DD983F763B20CF2CAAB72883915) (Version: - ENE TECHNOLOGY INC.)
Kodi (HKU\S-1-5-21-1887440591-2253008068-428354483-1001\...\Kodi) (Version: - XBMC-Foundation)
MAGIX MX Suite (HKLM-x32\...\MAGIX_{43136332-880B-458A-966C-900C18752B66}) (Version: - MAGIX AG)
MAGIX MX Suite (Version: - MAGIX AG) Hidden
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1887440591-2253008068-428354483-1001\...\OneDriveSetup.exe) (Version: 17.3.6816.0313 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
MSI Remind Manager (HKLM-x32\...\InstallShield_{3E23F267-3E35-40F9-B6BF-BC034D214717}) (Version: 1.0.1408.1401 - Micro-Star International Co., Ltd.)
MSI Remind Manager (x32 Version: 1.0.1408.1401 - Micro-Star International Co., Ltd.) Hidden
MSI Social Media Collection (HKLM-x32\...\{7ADEC426-BE95-48EF-84D4-086BD0F4D331}) (Version: 1.14.2251 - Micro-Star International Co., Ltd.)
Norton Anti-Theft (HKLM-x32\...\NAT) (Version: - Symantec Corporation)
NVIDIA 3D Vision Driver 381.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 381.78 - NVIDIA Corporation)
NVIDIA GeForce Experience (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: - NVIDIA Corporation)
NVIDIA Graphics Driver 381.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 381.78 - NVIDIA Corporation)
NVIDIA HD Audio Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
Qualcomm Atheros Bandwidth Control Filter Driver (Version: - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer E220x Drivers (Version: - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer Performance Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: - Qualcomm Atheros)
Qualcomm Atheros Network Manager (Version: - Qualcomm Atheros) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21258 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - Realtek Semiconductor Corp.)
SCM (HKLM\...\{F5D84549-523F-438F-8ACC-0944E30EF78C}) (Version: 13.014.09014 - Application)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
Sound Blaster Cinema (HKLM-x32\...\{8801CA65-921A-4CCC-9D63-879D1D0BAA97}) (Version: 1.00.05 - Creative Technology Limited)
Spotify (HKU\S-1-5-21-1887440591-2253008068-428354483-1001\...\Spotify) (Version: - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
SteelSeries Engine (HKLM\...\SteelSeries Engine) (Version: 2.8.450.22786 - SteelSeries)
SUPER CHARGER (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.2.024 - MSI)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: - Synaptics Incorporated)
Vulkan Run Time Libraries (HKLM\...\VulkanRT1.0.42.1) (Version: - LunarG, Inc.)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: - Microsoft Corporation)
Windows Driver Package - DiabloSport, LLC (usbser) Ports (11/04/2014 6.3.9600.0) (HKLM\...\FF8FAFD61328CF76ACA738F188A918F5764B96AD) (Version: 11/04/2014 6.3.9600.0 - DiabloSport, LLC)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation)
XSplit Gamecaster (HKLM-x32\...\{4B72B9B7-9B87-4792-B9E3-713E6454B25F}) (Version: 1.8.1406.0912 - SplitmediaLabs)
フォト ギャラリー (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
معرض الصور (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
사진 갤러리 (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
影像中心 (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
照片库 (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0559D50F-E494-4BE0-9461-62C39423DC3A} - System32\Tasks\Bitdefender AgentTask_AD394AE64E874073B10A89FEEC305A3C => C:\Program Files\Bitdefender\Bitdefender 2017\bdagent.exe [2017-05-08] (Bitdefender)
Task: {0917F5AA-E148-4509-A47B-12310405FE37} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {13364073-9F3C-4E97-9284-51F29D7AA502} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {1C0E554B-46B6-4811-B5FD-B0E147522AAD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {227D079B-C41E-43F6-BAD8-C3CD6B55E248} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {26AA3AF5-66E0-4A13-9C47-CC7CEFF59E7B} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => %SystemRoot%\System32\AutoWorkplace.exe
Task: {4792FFE1-D7A5-4CE6-95FE-306E0909BB0D} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {4A702A8B-B929-4288-93D2-81562B05CE6F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {4D4EE953-B7BF-4139-8FEA-65F242AD7F18} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {4DAEF5CE-FE3F-4520-A9B5-F51112EB429A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {5059FE9C-CAFB-42BA-87E5-D95734219035} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {5162C16A-3DFF-4A32-89AE-BA00A627A073} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2017-02-02] (Bitdefender)
Task: {51AD7411-24EA-4DE3-A83C-72DC0D595F01} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {551A224F-5BCB-42D6-912C-E541515C8C9F} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {5B052BF6-076A-4FB7-B7E5-62CC035DBD5C} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {5C3A177C-5FBC-4D83-9917-B5D41A27A00B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {5EC298AD-A7AA-4EFF-A18A-D79EFB43FD77} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {7794864C-AAAE-4B43-8A1C-847DC59BB6B6} - \WPD\SqmUpload_S-1-5-21-1887440591-2253008068-428354483-1001 -> No File <==== ATTENTION
Task: {79C2AE3E-8B7E-4C24-B6ED-907F9B9F29BD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {961892D7-7BD2-4853-A613-A7F4FE3C964C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {A5E7A1F3-BA4D-4E63-8D1F-E6E6EEEAC0DD} - System32\Tasks\MSI_Dragon Gaming Center => C:\Program Files (x86)\MSI\Dragon Gaming Center\mDispatch.exe [2014-01-23] (TODO: <公司名稱>)
Task: {A8BE7D68-1BE1-4A7D-91B7-775091DBCA57} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2016-12-04] (Synaptics Incorporated)
Task: {ABF88646-061F-43E7-97D6-96B60926DB0B} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {C349AFDE-6905-4FB4-996A-1FEA212BCCD0} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {CBC43BED-5A2A-4B73-BC42-633D68882B73} - System32\Tasks\Bitdefender Update Product Data_A17FD818A96743FAB28AC221BEB4B2C8 => C:\Program Files\Bitdefender\Bitdefender 2015\bdproductdata.exe
Task: {CD941FDB-E4C1-4EA4-8B9A-4DCCF6F58675} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {DF7D37D9-90CE-47FF-A3F7-2F705FFDA5B3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {EFB1CA18-8445-47B4-93E6-D93BA69462DD} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2017-05-22] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-05-08 19:33 - 2017-05-08 19:33 - 00111832 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\bdmetrics.dll
2017-02-16 20:17 - 2017-02-16 20:17 - 01008448 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\otengines_02451_002\ashttpbr.mdl
2017-02-16 20:17 - 2017-02-16 20:17 - 00541952 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\otengines_02451_002\ashttpdsp.mdl
2017-02-16 20:17 - 2017-02-16 20:18 - 03243920 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\otengines_02451_002\ashttpph.mdl
2017-02-16 20:17 - 2017-02-16 20:18 - 01544568 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\otengines_02451_002\ashttprbl.mdl
2016-02-15 21:01 - 2016-02-15 21:01 - 00031256 _____ () C:\WINDOWS\System32\us008lm.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-03-18 14:58 - 2017-03-18 14:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2016-11-01 23:05 - 2016-11-01 23:05 - 00401896 _____ () C:\WINDOWS\system32\igfxTray.exe
2017-03-18 14:59 - 2017-03-18 20:31 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2014-09-12 10:26 - 2012-11-01 12:23 - 00089600 _____ () C:\Windows\SYSTEM32\CmdRtr64.DLL
2014-09-12 10:26 - 2012-11-01 12:21 - 00325120 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2014-06-26 12:39 - 2014-06-26 12:39 - 00504832 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SSEngineLib.dll
2014-06-26 12:39 - 2014-06-26 12:39 - 09315328 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SSEngineWinGui.dll
2014-06-26 12:39 - 2014-06-26 12:39 - 00015872 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\Localization.dll
2014-06-26 12:39 - 2014-06-26 12:39 - 00011264 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\ISSPlugin.dll
2014-06-26 12:39 - 2014-06-26 12:39 - 00011264 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\Utilities.dll
2014-06-26 12:39 - 2014-06-26 12:39 - 00115200 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DriverCommunication.dll
2014-05-16 09:57 - 2014-05-16 09:57 - 00047616 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesDrivers\x2api.dll
2014-06-26 12:39 - 2014-06-26 12:39 - 00034304 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DBUtils.dll
2014-05-16 09:57 - 2014-05-16 09:57 - 01102336 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\System.Data.SQLite.dll
2014-06-26 12:39 - 2014-06-26 12:39 - 00189440 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\MousePlugin.dll
2014-06-26 12:39 - 2014-06-26 12:39 - 00030720 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\D3MousePlugin.dll
2014-06-26 12:39 - 2014-06-26 12:39 - 00031744 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\KKMousePlugin.dll
2014-06-26 12:39 - 2014-06-26 12:39 - 00030720 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SRawPlugin.dll
2014-06-26 12:39 - 2014-06-26 12:39 - 00159744 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\MLGSenseiPlugin.dll
2014-06-26 12:39 - 2014-06-26 12:39 - 00020992 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\WoWGoldPlugin.dll
2014-06-26 12:39 - 2014-06-26 12:39 - 00030720 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\GW2MousePlugin.dll
2014-06-26 12:39 - 2014-06-26 12:39 - 00029696 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\CSGOMousePlugin.dll
2014-06-26 12:39 - 2014-06-26 12:39 - 00030208 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DOTA2MousePlugin.dll
2014-06-26 12:39 - 2014-06-26 12:39 - 00023040 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\WoWWirelessPlugin.dll
2014-06-26 12:39 - 2014-06-26 12:39 - 00030720 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\CODMousePlugin.dll
2014-06-26 12:39 - 2014-06-26 12:39 - 00030208 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\WoTMousePlugin.dll
2014-08-18 12:40 - 2014-08-18 12:40 - 00330240 _____ () C:\Program Files\Qualcomm Atheros\Network Manager\NetworkManager.exe
2014-01-22 11:44 - 2014-01-22 11:44 - 00075912 _____ () C:\Program Files (x86)\MSI\Dragon Gaming Center\WinIo64.dll
2017-05-29 20:53 - 2017-05-29 20:53 - 00023328 _____ () C:\Program Files\Bitdefender\Bitdefender 2017\lang\en-US\bdsystray.txtui
2017-05-19 20:12 - 2017-05-09 03:13 - 03767640 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libglesv2.dll
2017-05-19 20:12 - 2017-05-09 03:13 - 00100696 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libegl.dll
2015-06-03 21:27 - 2016-06-14 19:14 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2014-04-29 17:23 - 2014-04-29 17:23 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-08-12 18:38 - 2016-08-12 18:38 - 00042720 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\win32api.pyd
2016-08-12 18:38 - 2016-08-12 18:38 - 00060640 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\pywintypes27.dll
2016-08-12 18:38 - 2016-08-12 18:38 - 00126688 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\pythoncom27.dll
2016-08-12 18:38 - 2016-08-12 18:38 - 00023264 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\_multiprocessing.pyd
2016-08-12 18:38 - 2016-08-12 18:38 - 00045792 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\_ctypes.pyd
2016-08-12 18:38 - 2016-08-12 18:38 - 00026848 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\win32service.pyd
2016-08-12 18:38 - 2016-08-12 18:38 - 00023776 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\servicemanager.pyd
2016-08-12 18:38 - 2016-08-12 18:38 - 00030432 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\_socket.pyd
2016-08-12 18:38 - 2016-08-12 18:38 - 00444128 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\_ssl.pyd
2016-08-12 18:38 - 2016-08-12 18:38 - 00287968 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\_hashlib.pyd
2016-08-12 18:38 - 2016-08-12 18:38 - 00018144 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\select.pyd
2016-08-12 18:38 - 2016-08-12 18:38 - 00021216 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\win32pipe.pyd
2016-08-12 18:38 - 2016-08-12 18:38 - 00045792 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\win32file.pyd
2016-08-12 18:38 - 2016-08-12 18:38 - 00018656 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\win32event.pyd
2016-08-12 18:38 - 2016-08-12 18:38 - 00371424 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\_bsddb.pyd
2016-08-12 18:38 - 2016-08-12 18:38 - 00025312 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\win32process.pyd
2016-08-12 18:38 - 2016-08-12 18:38 - 00021216 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\win32ts.pyd
2016-08-12 18:38 - 2016-08-12 18:38 - 00019680 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\win32profile.pyd
2016-08-12 18:38 - 2016-08-12 18:38 - 00043744 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\win32security.pyd
2016-08-12 18:38 - 2016-08-12 18:38 - 00025824 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\win32inet.pyd
2016-08-12 18:38 - 2016-08-12 18:38 - 00190688 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\unicodedata.pyd
2016-08-12 18:38 - 2016-08-12 18:38 - 00023264 _____ () C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\EnvironmentID.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\eric\Desktop\aswMBR.exe:BDU [0]
AlternateDataStreams: C:\Users\eric\Desktop\FRST64.exe:BDU [0]
AlternateDataStreams: C:\Users\eric\Downloads\Battle.net-Setup.exe:BDU [0]
AlternateDataStreams: C:\Users\eric\Downloads\Diablosport_USB_Driver_Installer_2.4 (1).exe:BDU [0]
AlternateDataStreams: C:\Users\eric\Downloads\Diablosport_USB_Driver_Installer_2.4.exe:BDU [0]
AlternateDataStreams: C:\Users\eric\Downloads\kodi-14.0-Helix (1).exe:BDU [0]
AlternateDataStreams: C:\Users\eric\Downloads\kodi-17.3-Krypton.exe:BDU [0]
AlternateDataStreams: C:\Users\eric\Downloads\SpotifySetup.exe:BDU [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 07:25 - 2017-05-29 21:39 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1887440591-2253008068-428354483-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\System32\oobe\info\Wallpaper\backgroundDefault.jpg
DNS Servers:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKU\S-1-5-21-1887440591-2253008068-428354483-1001\...\StartupApproved\Run: => "Spotify"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{05F40D80-8A10-402D-AB7C-96A863817D00}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{189448C0-4EC7-41C9-BCFA-4FEB034795EE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{7CE5A826-8D1B-456E-84E4-CC3A9F9FF66B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{66F4C0CE-8AAC-4F28-B024-14EED436EAA4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{BA5E0FDB-F008-4923-BFDD-C23A19F83491}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{5987AD0F-1A61-41E5-A5EF-14C79247AC5D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{8ACC5AA0-6CD5-477D-BB16-2BFAE5AC54DF}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [UDP Query User{A81D1A42-E5AA-4B47-B9A3-9D2447E03414}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [TCP Query User{9469372E-36AE-4F73-A25D-8C354B7C9806}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{3CD6D94B-F225-4533-AEA1-0F78D2A0EFCB}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Allow) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [TCP Query User{83EFAE15-6754-423B-80F4-18FBF4103BC0}C:\program files (x86)\symantec\norton online backup\nobuclient.exe] => (Allow) C:\program files (x86)\symantec\norton online backup\nobuclient.exe
FirewallRules: [{E1F455B7-F1E6-4D7C-869B-E945601DBE59}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{D65E08BB-BD99-48E7-9425-5062671D689F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{0246322A-9F98-49BC-8BB9-0403AAC85DF4}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{B4786CED-5856-49B0-AF93-EE0297178011}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{8A672660-3EB7-4910-ABDD-F7478A59A288}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{ED1E22CD-4574-4B51-8E96-AA0DD0A6684E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{186DC601-5420-4534-819C-D6E847B854AD}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{DC1FA75B-ED2F-4624-A149-9DFE2B6C2596}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{5EB9DFCD-0D9E-487A-820F-6FCEA97212FD}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{8AAEFEBA-2513-4B87-9869-1A26ED766AAE}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{E3B04D97-C4B1-4982-A9CD-3398AA24FE63}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{408A843C-567A-4DD7-A7BB-C42C612679EA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3634\Agent.exe
FirewallRules: [{E1E453DA-1734-497A-93E2-F000BC4EC7E5}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{9078179C-BAC7-4B46-9AFF-D1711C4B9099}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{5929E1AD-9EA7-4726-A97E-8639C1767132}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{09465E05-946C-4A78-BFF7-C8CD897D593C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{B3943564-1EFC-43DF-9809-8F57C23CF4FE}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{6CE0FF85-5F02-4553-8A14-75A9F366A987}] => (Allow) LPort=1900
FirewallRules: [{57349266-7595-41CF-88DF-368C3B7A10E5}] => (Allow) LPort=2869
FirewallRules: [{D0F43222-0FF3-4638-AD30-3C84651658F7}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [TCP Query User{15819797-7858-43AE-8F3E-0A659A6DF284}C:\users\eric\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\eric\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{C705B78C-6512-48BE-B6C7-BB74589060AB}C:\users\eric\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\eric\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{A6648728-C038-4FB2-8925-6EA8680C162C}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{7300A28B-0C33-4FF0-937D-23B12BC79206}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [TCP Query User{432441D6-6E4A-4271-B4B0-B231DEB41C7F}C:\users\eric\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\eric\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{60FAB706-ED7E-4469-92F8-7161ED692C91}C:\users\eric\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\eric\appdata\roaming\spotify\spotify.exe
FirewallRules: [{94E261CB-EF5B-44DF-BB1E-B41F762B8D4F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4BE90515-4848-4E99-9CFD-1645BF4393EB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DDAEEDD3-AEC3-4314-8FFD-BB6D7D16720B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F4A6333F-CE4E-4B0D-9C84-3B4E7A88B8ED}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

==================== Restore Points =========================

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
Error: (05/29/2017 09:34:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program kodi.exe version stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2480

Start Time: 01d2d8f52a50a1bf

Termination Time: 2

Application Path: C:\Program Files (x86)\Kodi\kodi.exe

Report Id: c5092a35-a367-4239-9a34-ef59b4358d0e

Faulting package full name:

Faulting package-relative application ID:

Error: (05/29/2017 07:41:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: KillerService.exe, version:, time stamp: 0x53f22c94
Faulting module name: KillerService.exe, version:, time stamp: 0x53f22c94
Exception code: 0xc0000417
Fault offset: 0x000000000002e8ac
Faulting process id: 0xf20
Faulting application start time: 0x01d2d81d525a0b0f
Faulting application path: C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
Faulting module path: C:\Program Files\Qualcomm Atheros\Network Manager\KillerService.exe
Report Id: f4b7d006-25b0-45d9-a21b-a412960ceaaa
Faulting package full name:
Faulting package-relative application ID:

Error: (05/28/2017 10:09:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1078

Error: (05/28/2017 10:09:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1078

Error: (05/28/2017 10:09:44 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/28/2017 09:25:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Kodi.exe, version:, time stamp: 0x5925f940
Faulting module name: ucrtbase.dll, version: 10.0.15063.0, time stamp: 0xe880f7dc
Exception code: 0xc0000409
Fault offset: 0x000a543b
Faulting process id: 0x2d40
Faulting application start time: 0x01d2d82b310922ef
Faulting application path: C:\Program Files (x86)\Kodi\Kodi.exe
Faulting module path: C:\WINDOWS\System32\ucrtbase.dll
Report Id: 9b5782dd-0480-40b3-a6bc-43c4339edb38
Faulting package full name:
Faulting package-relative application ID:

Error: (05/28/2017 08:11:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1109

Error: (05/28/2017 08:11:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1109

Error: (05/28/2017 08:11:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/28/2017 07:44:47 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\diablosport\drivers\dpinst\DPInst_MultiLin_ia64.exe".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="" could not be found.
Please use sxstrace.exe for detailed diagnosis.

System errors:
Error: (05/29/2017 09:39:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/29/2017 09:39:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/29/2017 09:38:38 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff6fb7dbedd18, 0x0000000000000000, 0xfffff802c21278be, 0x0000000000000002). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: b19273d8-993b-4c66-a336-a915d6d837b3.

Error: (05/29/2017 09:37:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error:
The request is not supported.

Error: (05/29/2017 09:37:44 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:10:00 PM on ‎5/‎29/‎2017 was unexpected.

Error: (05/29/2017 08:09:45 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/29/2017 08:05:30 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/29/2017 08:03:19 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/29/2017 08:01:53 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/29/2017 08:00:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Date: 2017-05-29 21:37:58.584
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-05-29 20:12:56.693
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bitdefender\Bitdefender 2017\active virus control\Avc3_00122_019\avcuf64.dll that did not meet the Microsoft signing level requirements.

Date: 2017-05-29 20:12:56.653
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bitdefender\Bitdefender 2017\active virus control\Avc3_00122_019\avcuf64.dll that did not meet the Microsoft signing level requirements.

Date: 2017-05-29 20:05:23.353
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bitdefender\Bitdefender 2017\active virus control\Avc3_00122_019\avcuf64.dll that did not meet the Microsoft signing level requirements.

Date: 2017-05-29 20:03:45.615
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bitdefender\Bitdefender 2017\active virus control\Avc3_00122_019\avcuf64.dll that did not meet the Microsoft signing level requirements.

Date: 2017-05-29 19:53:36.721
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bitdefender\Bitdefender 2017\active virus control\Avc3_00122_019\avcuf64.dll that did not meet the Microsoft signing level requirements.

Date: 2017-05-29 19:53:36.519
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bitdefender\Bitdefender 2017\active virus control\Avc3_00122_019\avcuf64.dll that did not meet the Microsoft signing level requirements.

Date: 2017-05-29 19:50:24.076
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-05-28 19:48:41.338
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Bitdefender\Bitdefender 2017\vsservp.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bitdefender\Bitdefender 2017\dbghelp.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-05-28 19:44:38.083
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bitdefender\Bitdefender 2017\active virus control\Avc3_00122_019\avcuf64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4710MQ CPU @ 2.50GHz
Percentage of memory in use: 32%
Total physical RAM: 8110.67 MB
Available physical RAM: 5449.19 MB
Total Virtual: 9390.67 MB
Available Virtual: 6634.16 MB

==================== Drives ================================

Drive c: (OS_Install) (Fixed) (Total:568.24 GB) (Free:496.74 GB) NTFS
Drive d: (Data) (Fixed) (Total:346.08 GB) (Free:345.87 GB) NTFS

==================== MBR & Partition Table ==================

Disk: 0 (Size: 931.5 GB) (Disk ID: FC06443C)

Partition: GPT.

==================== End of Addition.txt ============================

was unable to get an aswMBR log to post.

2017-05-30, 14:54
Please attempt to temporarily disable your antivirus, info can be found here

Start FRST (Please double-click on FRST/FRST64) with Administrator privileges

Right click on the text below and select Copy. beginning with Start:: and finishing with End::

SearchScopes: HKU\S-1-5-21-1887440591-2253008068-428354483-1001 -> DefaultScope {F31B8A1C-22D7-4ED2-9D65-65B90AFE218E} URL =
SearchScopes: HKU\S-1-5-21-1887440591-2253008068-428354483-1001 -> {F31B8A1C-22D7-4ED2-9D65-65B90AFE218E} URL = FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files\Bitdefender\Bitdefender 2015\\antispam32\bdwteff => not found
Task: {0917F5AA-E148-4509-A47B-12310405FE37} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {26AA3AF5-66E0-4A13-9C47-CC7CEFF59E7B} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {4792FFE1-D7A5-4CE6-95FE-306E0909BB0D} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {4A702A8B-B929-4288-93D2-81562B05CE6F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {4DAEF5CE-FE3F-4520-A9B5-F51112EB429A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {5059FE9C-CAFB-42BA-87E5-D95734219035} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {51AD7411-24EA-4DE3-A83C-72DC0D595F01} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {5EC298AD-A7AA-4EFF-A18A-D79EFB43FD77} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {7794864C-AAAE-4B43-8A1C-847DC59BB6B6} - \WPD\SqmUpload_S-1-5-21-1887440591-2253008068-428354483-1001 -> No File <==== ATTENTION
Task: {79C2AE3E-8B7E-4C24-B6ED-907F9B9F29BD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {961892D7-7BD2-4853-A613-A7F4FE3C964C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {C349AFDE-6905-4FB4-996A-1FEA212BCCD0} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {CD941FDB-E4C1-4EA4-8B9A-4DCCF6F58675} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {DF7D37D9-90CE-47FF-A3F7-2F705FFDA5B3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\eric\Desktop\aswMBR.exe:BDU [0]
AlternateDataStreams: C:\Users\eric\Desktop\FRST64.exe:BDU [0]
AlternateDataStreams: C:\Users\eric\Downloads\Battle.net-Setup.exe:BDU [0]
AlternateDataStreams: C:\Users\eric\Downloads\Diablosport_USB_Driver_Installer_2.4 (1).exe:BDU [0]
AlternateDataStreams: C:\Users\eric\Downloads\Diablosport_USB_Driver_Installer_2.4.exe:BDU [0]
AlternateDataStreams: C:\Users\eric\Downloads\kodi-14.0-Helix (1).exe:BDU [0]
AlternateDataStreams: C:\Users\eric\Downloads\kodi-17.3-Krypton.exe:BDU [0]
AlternateDataStreams: C:\Users\eric\Downloads\SpotifySetup.exe:BDU [0]

Press the Fix button.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


http://i.imgur.com/BY4dvz9.png AdwCleaner

Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/dl/125/) and save the file to your Desktop.
In order to use AdwCleaner, you have to agree the Eula:
Right-click AdwCleaner.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Follow the prompts.
Click http://i.imgur.com/A49sxPr.png Scan.
Upon completion, click http://i.imgur.com/6cyn5v5.png Logfile. A log (AdwCleaner[S1].txt) will open. Briefly check the log for anything you know to be legitimate.
Return to AdwCleaner. Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab.
Click http://i.imgur.com/MqHawIb.png Clean.
Follow the prompts and allow your computer to reboot.
After the reboot, a log (AdwCleaner[C1].txt) will open. Copy the contents of the log and paste in your next reply.

[b]-- File and folder backups are made for items removed using this programme. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[C1].txt.

Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/)
or from here http://downloads.malwarebytes.org/file/jrt
to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

please post

2017-05-31, 06:37
# AdwCleaner v6.047 - Logfile created 30/05/2017 at 21:28:20
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-05-30.2 [Server]
# Operating System : Windows 10 Home (X64)
# Username : eric - ERICANTON
# Running from : C:\Users\eric\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C168639F-5810-4EC8-B1E8-0251AA8A771C}

***** [ Web browsers ] *****


:: "Tracing" keys deleted
:: Winsock settings cleared


C:\AdwCleaner\AdwCleaner[C0].txt - [859 Bytes] - [30/05/2017 21:28:20]
C:\AdwCleaner\AdwCleaner[S0].txt - [1212 Bytes] - [30/05/2017 21:27:58]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1004 Bytes] ##########

Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Home x64
Ran by eric (Administrator) on 2017-05-30 at 21:31:22.40

File System: 2

Successfully deleted: C:\ProgramData\1463109720.bdinstall.bin (File)
Successfully deleted: C:\Users\eric\Documents\add-in express (Folder)

Registry: 0

Scan was completed on 2017-05-30 at 21:34:57.74
End of JRT log

Fix result of Farbar Recovery Scan Tool (x64) Version: 28-05-2017
Ran by eric (30-05-2017 21:21:44) Run:2
Running from C:\Users\eric\Desktop
Loaded Profiles: eric (Available Profiles: eric)
Boot Mode: Normal

fixlist content:

SearchScopes: HKU\S-1-5-21-1887440591-2253008068-428354483-1001 -> DefaultScope {F31B8A1C-22D7-4ED2-9D65-65B90AFE218E} URL =
SearchScopes: HKU\S-1-5-21-1887440591-2253008068-428354483-1001 -> {F31B8A1C-22D7-4ED2-9D65-65B90AFE218E} URL = FF HKLM-x32\...\Firefox\Extensions: [bdwteffv19@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\\antispam32\bdwteff => not found
Task: {0917F5AA-E148-4509-A47B-12310405FE37} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {26AA3AF5-66E0-4A13-9C47-CC7CEFF59E7B} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {4792FFE1-D7A5-4CE6-95FE-306E0909BB0D} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {4A702A8B-B929-4288-93D2-81562B05CE6F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {4DAEF5CE-FE3F-4520-A9B5-F51112EB429A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {5059FE9C-CAFB-42BA-87E5-D95734219035} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {51AD7411-24EA-4DE3-A83C-72DC0D595F01} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {5EC298AD-A7AA-4EFF-A18A-D79EFB43FD77} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {7794864C-AAAE-4B43-8A1C-847DC59BB6B6} - \WPD\SqmUpload_S-1-5-21-1887440591-2253008068-428354483-1001 -> No File <==== ATTENTION
Task: {79C2AE3E-8B7E-4C24-B6ED-907F9B9F29BD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {961892D7-7BD2-4853-A613-A7F4FE3C964C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {C349AFDE-6905-4FB4-996A-1FEA212BCCD0} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {CD941FDB-E4C1-4EA4-8B9A-4DCCF6F58675} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {DF7D37D9-90CE-47FF-A3F7-2F705FFDA5B3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\eric\Desktop\aswMBR.exe:BDU [0]
AlternateDataStreams: C:\Users\eric\Desktop\FRST64.exe:BDU [0]
AlternateDataStreams: C:\Users\eric\Downloads\Battle.net-Setup.exe:BDU [0]
AlternateDataStreams: C:\Users\eric\Downloads\Diablosport_USB_Driver_Installer_2.4 (1).exe:BDU [0]
AlternateDataStreams: C:\Users\eric\Downloads\Diablosport_USB_Driver_Installer_2.4.exe:BDU [0]
AlternateDataStreams: C:\Users\eric\Downloads\kodi-14.0-Helix (1).exe:BDU [0]
AlternateDataStreams: C:\Users\eric\Downloads\kodi-17.3-Krypton.exe:BDU [0]
AlternateDataStreams: C:\Users\eric\Downloads\SpotifySetup.exe:BDU [0]


EndProcesses: => Error: No automatic fix found for this entry.
Restore point was successfully created.
HKU\S-1-5-21-1887440591-2253008068-428354483-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-1887440591-2253008068-428354483-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F31B8A1C-22D7-4ED2-9D65-65B90AFE218E} => key removed successfully
HKCR\CLSID\{F31B8A1C-22D7-4ED2-9D65-65B90AFE218E} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0917F5AA-E148-4509-A47B-12310405FE37} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0917F5AA-E148-4509-A47B-12310405FE37} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{26AA3AF5-66E0-4A13-9C47-CC7CEFF59E7B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{26AA3AF5-66E0-4A13-9C47-CC7CEFF59E7B} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4792FFE1-D7A5-4CE6-95FE-306E0909BB0D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4792FFE1-D7A5-4CE6-95FE-306E0909BB0D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4A702A8B-B929-4288-93D2-81562B05CE6F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4A702A8B-B929-4288-93D2-81562B05CE6F} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4DAEF5CE-FE3F-4520-A9B5-F51112EB429A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4DAEF5CE-FE3F-4520-A9B5-F51112EB429A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5059FE9C-CAFB-42BA-87E5-D95734219035} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5059FE9C-CAFB-42BA-87E5-D95734219035} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{51AD7411-24EA-4DE3-A83C-72DC0D595F01} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{51AD7411-24EA-4DE3-A83C-72DC0D595F01} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5EC298AD-A7AA-4EFF-A18A-D79EFB43FD77} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5EC298AD-A7AA-4EFF-A18A-D79EFB43FD77} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7794864C-AAAE-4B43-8A1C-847DC59BB6B6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7794864C-AAAE-4B43-8A1C-847DC59BB6B6} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-1887440591-2253008068-428354483-1001 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{79C2AE3E-8B7E-4C24-B6ED-907F9B9F29BD} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79C2AE3E-8B7E-4C24-B6ED-907F9B9F29BD} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{961892D7-7BD2-4853-A613-A7F4FE3C964C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{961892D7-7BD2-4853-A613-A7F4FE3C964C} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C349AFDE-6905-4FB4-996A-1FEA212BCCD0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C349AFDE-6905-4FB4-996A-1FEA212BCCD0} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CD941FDB-E4C1-4EA4-8B9A-4DCCF6F58675} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD941FDB-E4C1-4EA4-8B9A-4DCCF6F58675} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DF7D37D9-90CE-47FF-A3F7-2F705FFDA5B3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DF7D37D9-90CE-47FF-A3F7-2F705FFDA5B3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully
C:\Users\eric\Desktop\aswMBR.exe => ":BDU" ADS removed successfully.
C:\Users\eric\Desktop\FRST64.exe => ":BDU" ADS removed successfully.
C:\Users\eric\Downloads\Battle.net-Setup.exe => ":BDU" ADS removed successfully.
C:\Users\eric\Downloads\Diablosport_USB_Driver_Installer_2.4 (1).exe => ":BDU" ADS removed successfully.
C:\Users\eric\Downloads\Diablosport_USB_Driver_Installer_2.4.exe => ":BDU" ADS removed successfully.
C:\Users\eric\Downloads\kodi-14.0-Helix (1).exe => ":BDU" ADS removed successfully.
C:\Users\eric\Downloads\kodi-17.3-Krypton.exe => ":BDU" ADS removed successfully.
C:\Users\eric\Downloads\SpotifySetup.exe => ":BDU" ADS removed successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 10510336 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 25466890 B
Java, Flash, Steam htmlcache => 492 B
Windows/system/drivers => 25796 B
Edge => 42480256 B
Chrome => 75765721 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 8230 B
NetworkService => 84982 B
eric => 157282462 B

RecycleBin => 6259 B
EmptyTemp: => 297.2 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 21:22:10 ====

2017-05-31, 12:42
Good work, thank you for the logs

Please download the Malwarebytes Anti-Malware (https://downloads.malwarebytes.org/file/mbam) setup file to your Desktop.

OR from this location Here (https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/)

Open mbam-setup.x.x.xxxx.exe (x represents the version #) and follow the prompts to install the programme.
Windows Vista, Windows 7 , 8, 8.1 and 10 : Right click and select "Run as Administrator"

On the Dashboard click on Update Now

Go to the Setting Tab

Under Setting go to Detection and Protection

Under PUP and PUM make sure both are set to show Treat Detections as Malware

Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked

Then on the Dashboard click on Scan

Make sure to select THREAT SCAN

Then click on Scan

Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards.

When the scan is finished on the bottom right click on SAVE RESULTS then select Copy to Clipboard
If threats are detected, click Remove Selected. If you are prompted to reboot, click Yes.

Please paste the log back into this thread for review

Exit Malwarebytes


Download Emsisoft Emergency Kit (http://www.emsisoft.com/en/software/eek/download/) and save it to your desktop.
Double-click icon then click Install
A Window should open highlighting Start Emergency Kit Scanner
Right click on the icon and select Run as administrator
Click 1. Update now!
Once the update is completed select Settings under Scan
Uncheck Join the Emsisoft Anti-Malware Network
Click Scan at the top
Click On scan completion
Click Quarantine detected objects, then click OK
Click Malware Scan
Once completed click View Report
Save the file to your Desktop using the default file name
Copy and paste the report in your reply


post these 2 logs when finished

Please tell me what the computer is doing now.

2017-06-02, 04:34
Emsisoft Emergency Kit - Version 2017.4
Last update: 2017-06-01 6:56:12 PM
User account: ERICANTON\eric
Computer name: ERICANTON
OS version: Windows 10x64

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Direct disk access: Off

Scan start: 2017-06-01 6:58:42 PM

Scanned 79238
Found 0

Scan end: 2017-06-01 7:02:19 PM
Scan time: 0:03:37


-Log Details-
Scan Date: 6/1/17
Scan Time: 6:38 PM
Log File:
Administrator: Yes

-Software Information-
Components Version: 1.0.139
Update Package Version: 1.0.2068
License: Trial

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: ERICANTON\eric

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 383560
Threats Detected: 3
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 6 min, 22 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled

computer seems to be doing much better now and does not crash any of the applications. thank you so much for your help

2017-06-02, 13:20
computer seems to be doing much better now and does not crash any of the applications. thank you so much for your help
It's good news to me and your welcome

I think your good to go.


Please download DelFix (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/9-delfix) or from Here (http://www.bleepingcomputer.com/download/delfix/) and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:
Activate UAC
Remove disinfection tools
Click the Run button.
-- This will remove the specialized tools we used to disinfect your system.
Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).


Answers to common security questions - Best Practices (http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/) by quietman7, MVP
How Malware Spreads - How did I get infected? (http://www.bleepingcomputer.com/forums/t/287710/how-malware-spreads-how-did-i-get-infected/) by quietman7, MVP
Simple and easy ways to keep your computer safe and secure on the Internet (http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/) by Lawrence Abrams, MVP
How to Prevent Malware (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) by miekiemoes, MVP
How to backup and restore your data using Cobian Backup (http://www.bleepingcomputer.com/tutorials/backup-and-restore-data-with-cobian-backup/) by YourHighness
Slow Computer/browser? It May Not Be Malware (http://www.bleepingcomputer.com/forums/t/87058/slow-computerbrowser-check-here-first;-it-may-not-be-malware/) by quietman7, MVP

AdBlock (https://adblockplus.org/en/firefox) is a browser add-on that blocks annoying banners, pop-ups and video ads.
http://i.imgur.com/E8I37RF.pngCryptoPrevent (https://www.foolishit.com/) places policy restrictions on loading points for ransomware (eg. CryptoWall), helping prevent the execution of malware.
http://i.imgur.com/EG85Vjt.png Malwarebytes Anti-Exploit (https://www.malwarebytes.org/antiexploit/) (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
http://i.imgur.com/6YRrgUC.png Malwarebytes Anti-Malware Premium (https://www.malwarebytes.org/) (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
http://i.imgur.com/jv4nhMJ.png NoScript (http://noscript.net/) is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
http://i.imgur.com/3O8r9Uq.png (http://www.sandboxie.com/) Sandboxie (http://www.sandboxie.com/) isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
http://i.imgur.com/DgW1XL2.png Secunia PSI (http://secunia.com/vulnerability_scanning/personal/) will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
http://i.imgur.com/j1OLIec.png SpywareBlaster (https://www.brightfort.com/spywareblaster.html) is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
http://i.imgur.com/sHjS79L.png Unchecky (http://unchecky.com/) automatically removes checkmarks for bunlded software in programme installers; helping you avoid adware and PUPs.

2017-06-15, 01:10
Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif

Since this issue appears resolved ... this Topic is closed.