C gone bonkers; no stable free space

goldendye

Banned
Messages
17
C has gone completely bonkers. It has lost all it's free capacity (which was 1.5 Gb) and went all the way down to 0 kb. There's nothing I can do about it and nothing will change it. Disk clean shows 132 mb of temporary files but won't remove it. I manually removed 100 mb of files but it was ineffective- there's still just 500 kb free space only. My desktop has gone black. With every refresh C capacity changes. It goes from 500 kb, to 3 mb, to 1.7 mb, to 30 mb, back to 700 kb, and again up to 11 mb etc. with every refresh coming immediately after the previous refresh. It's crazy and it won't go up.

Tempfile cleaner doesn't find anything to clean
Antivirus hasn't found a virus
Disk Clean won't clean the 132 mb it claims to be temporary files (it should be way more)
Shutting down the computer for long periods has done nothing
Manually deleting files from C won't add to its free capacity

I really don't understand. :shock:
 

My Computer

System One

  • OS
    8.1
Update: After one of the reboots, which took longer than usual, C now has 1 Gb but the space has already begun fluctuating, sometimes losing 200 mb in a couple of seconds, and then adding another 100, but overall it's going down.
 

My Computer

System One

  • OS
    8.1
Try uncleaner it finds things others don't Google it I am on phone can't post link. Have you got any files for win10 upgrade it may have downloaded as that can be a few gig failing that you may have a backup or something running check startup items
 

My Computer

System One

  • OS
    win 8 pro
Try uncleaner it finds things others don't Google it I am on phone can't post link. Have you got any files for win10 upgrade it may have downloaded as that can be a few gig failing that you may have a backup or something running check startup items

Thank you Samuria,

Here's a link for anyone who needs it. Interesting software, nice design, and found an additional 100 mb after I used Ccleaner. It seems that Ccleaner fixed the registry and now it's relevantly stable, with 1.5 Gb back again. But it's still fluctuating in what seems to me to be incredible numbers i.e. 200 mb, and I don't get why that's happening!?
 

My Computer

System One

  • OS
    8.1
Run first two scans PCHF System Scans post results

Code:
[COLOR=#000000][B]
[U][SIZE=5]AdwCleaner:
[/SIZE][/U]
[/B][/COLOR]
# AdwCleaner v6.020 - Logfile created 15/09/2016 at 17:41:35
# Updated on 14/09/2016 by ToolsLib
# Database : 2016-09-14.2 [Server]
# Operating System : Windows 8.1  (X86)
# Username : john - SNTODAY
# Running from : C:\Users\john\Desktop\adwcleaner_6.020.exe
# Mode: Scan
# Support : [URL]https://toolslib.net/forum[/URL]






***** [ Services ] *****


No malicious services found.




***** [ Folders ] *****


No malicious folders found.




***** [ Files ] *****


No malicious files found.




***** [ DLL ] *****


No malicious DLLs found.




***** [ WMI ] *****


No malicious keys found.




***** [ Shortcuts ] *****


No infected shortcut found.




***** [ Scheduled Tasks ] *****


No malicious task found.




***** [ Registry ] *****


No malicious registry entries found.




***** [ Web browsers ] *****


No malicious Firefox based browser items found.
No malicious Chromium based browser items found.


*************************


C:\AdwCleaner\AdwCleaner[C0].txt - [952 Bytes] - [08/09/2016 23:41:51]
C:\AdwCleaner\AdwCleaner[S0].txt - [1120 Bytes] - [08/09/2016 23:40:53]
C:\AdwCleaner\AdwCleaner[S1].txt - [1114 Bytes] - [15/09/2016 17:41:35]


########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1187 Bytes] ##########
[B]

[U][SIZE=5]MINITOOLBOX


[/SIZE][/U][/B]MiniToolBox by Farbar  Version: 17-06-2016Ran by john (administrator) on 15-09-2016 at 17:49:08
Running from "C:\Users\john\Desktop"
Microsoft Windows 8.1  (X86)
Model: T100TAS Manufacturer: ASUSTeK COMPUTER INC.
Boot Mode: Normal
***************************************************************************


========================= Flush DNS: ===================================


Windows IP Configuration


Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ============================== 


Proxy is not enabled.
No Proxy Server is set.


"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
127.0.0.1       localhost 
========================= IP Configuration: ================================


Broadcom 802.11abgn Wireless SDIO Adapter = Wi-Fi (Connected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
TeamViewer VPN Adapter = Local Area Connection (Media disconnected)




# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4


reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="other_1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Lenovo Easyplus Hotspot
" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 6" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled




popd
# End of IPv4 configuration






Windows IP Configuration


   Host Name . . . . . . . . . . . . : SNToday
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Mixed
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No


Ethernet adapter Local Area Connection:


   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : TeamViewer VPN Adapter
   Physical Address. . . . . . . . . : 00-FF-83-6D-15-BD
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes


Wireless LAN adapter Lenovo Easyplus Hotspot
:


   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Hosted Network Virtual Adapter
   Physical Address. . . . . . . . . : 78-24-AF-71-31-61
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes


Ethernet adapter Bluetooth Network Connection:


   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 78-24-AF-71-31-62
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes


Wireless LAN adapter Local Area Connection* 3:


   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #2
   Physical Address. . . . . . . . . : 7A-24-AF-71-31-61
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes


Wireless LAN adapter Wi-Fi:


   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Broadcom 802.11abgn Wireless SDIO Adapter
   Physical Address. . . . . . . . . : 78-24-AF-71-31-61
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::dcbb:bf7a:2b3e:8f37%6(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.103(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, September 15, 2016 5:30:31 PM
   Lease Expires . . . . . . . . . . : Sunday, September 18, 2016 5:30:30 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 125314223
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-75-09-D7-9C-EB-E8-13-F9-98
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled


Tunnel adapter Teredo Tunneling Pseudo-Interface:


   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:24ad:9c70:b080:b5c5(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::24ad:9c70:b080:b5c5%10(Preferred) 
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 335544320
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-75-09-D7-9C-EB-E8-13-F9-98
   NetBIOS over Tcpip. . . . . . . . : Disabled


Tunnel adapter isatap.{ED5A8691-112E-4B41-AD16-64AE84004562}:


   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  192.168.1.1


Name:    google.com
Addresses:  2a00:1450:4001:81d::200e
      172.217.22.110




Pinging google.com [172.217.21.206] with 32 bytes of data:
Reply from 172.217.21.206: bytes=32 time=167ms TTL=49
Reply from 172.217.21.206: bytes=32 time=113ms TTL=49


Ping statistics for 172.217.21.206:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 113ms, Maximum = 167ms, Average = 140ms
Server:  UnKnown
Address:  192.168.1.1


Name:    yahoo.com
Addresses:  2001:4998:c:a06::2:4008
      2001:4998:44:204::a7
      2001:4998:58:c02::a9
      98.138.253.109
      98.139.183.24
      206.190.36.45




Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=271ms TTL=45
Reply from 206.190.36.45: bytes=32 time=271ms TTL=45


Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 271ms, Maximum = 271ms, Average = 271ms


Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128


Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 16...00 ff 83 6d 15 bd ......TeamViewer VPN Adapter
 11...78 24 af 71 31 61 ......Microsoft Hosted Network Virtual Adapter
  8...78 24 af 71 31 62 ......Bluetooth Device (Personal Area Network)
  7...7a 24 af 71 31 61 ......Microsoft Wi-Fi Direct Virtual Adapter #2
  6...78 24 af 71 31 61 ......Broadcom 802.11abgn Wireless SDIO Adapter
  1...........................Software Loopback Interface 1
 10...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
===========================================================================


IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.103     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.103    281
    192.168.1.103  255.255.255.255         On-link     192.168.1.103    281
    192.168.1.255  255.255.255.255         On-link     192.168.1.103    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.103    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.103    281
===========================================================================
Persistent Routes:
  None


IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 10    306 ::/0                     On-link
  1    306 ::1/128                  On-link
 10    306 2001::/32                On-link
 10    306 2001:0:9d38:90d7:24ad:9c70:b080:b5c5/128
                                    On-link
  6    281 fe80::/64                On-link
 10    306 fe80::/64                On-link
 10    306 fe80::24ad:9c70:b080:b5c5/128
                                    On-link
  6    281 fe80::dcbb:bf7a:2b3e:8f37/128
                                    On-link
  1    306 ff00::/8                 On-link
  6    281 ff00::/8                 On-link
 10    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================


Catalog5 01 C:\WINDOWS\system32\napinsp.dll [53760] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\pnrpnsp.dll [68096] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\pnrpnsp.dll [68096] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\system32\NLAapi.dll [65536] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\system32\winrnr.dll [21504] (Microsoft Corporation)
Catalog5 07 C:\WINDOWS\system32\wshbth.dll [51200] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 16 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 17 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 18 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 19 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 20 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 21 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 22 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 23 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 24 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 25 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 26 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 27 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 28 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 29 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 30 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 31 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 32 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 33 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 34 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 35 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 36 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 37 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 38 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 39 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 40 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 41 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 42 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 43 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 44 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 45 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 46 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 47 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 48 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 49 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 50 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 51 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 52 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 53 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 54 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 55 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)


========================= Event log errors: ===============================


Application errors:
==================
Error: (09/15/2016 05:37:00 PM) (Source: Application Error) (User: )
Description: Faulting application name: chrome.exe, version: 52.0.2743.116, time stamp: 0x57a128a8
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0xd64
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Faulting package full name: chrome.exe4
Faulting package-relative application ID: chrome.exe5


Error: (09/15/2016 05:32:43 PM) (Source: DptfPolicyLpmService) (User: )
Description: DptfPolicyLpmServiceServiceMainThread:  App specific mode was turned off, but timer was not running.


Error: (09/15/2016 05:22:53 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\WINDOWS\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x8004231f).


Error: (09/15/2016 03:11:23 PM) (Source: System Restore) (User: )
Description: The scheduled restore point could not be created.  Additional information: (0x80070070).


Error: (09/15/2016 03:11:23 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\WINDOWS\system32\srtasks.exe ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070070).


Error: (09/15/2016 02:49:51 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Volume/disk not connected or not found.
Error context: CreateFileW(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1,0xc0000000,0x00000003,...).




Operation:
   Processing PostFinalCommitSnapshots


Context:
   Execution Context: System Provider


Error: (09/15/2016 02:35:28 PM) (Source: DptfPolicyLpmService) (User: )
Description: DptfPolicyLpmServiceServiceMainThread:  App specific mode was turned off, but timer was not running.


Error: (09/15/2016 02:35:28 PM) (Source: DptfPolicyLpmService) (User: )
Description: DptfPolicyLpmServiceServiceMainThread:  GetForegroundApplicationIndex() failed.


Error: (09/15/2016 02:34:04 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\WINDOWS\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_9dfef83fe2e442e4\TiWorker.exe -Embedding; Description = Windows Modules Installer; Error = 0x8004231f).


Error: (09/15/2016 02:33:50 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\WINDOWS\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x8004231f).




System errors:
=============
Error: (09/15/2016 05:23:00 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Windows Malicious Software Removal Tool for Windows 8, 8.1 and 10 - September 2016 (KB890830).


Error: (09/15/2016 05:22:53 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Microsoft Visio 2016 (KB3115494) 32-Bit Edition.


Error: (09/15/2016 03:10:49 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Microsoft Office 2016 (KB3115495) 32-Bit Edition.


Error: (09/15/2016 03:10:44 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Windows 8.1 (KB2965142).


Error: (09/15/2016 03:10:44 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 8.1 (KB3177186).


Error: (09/15/2016 03:10:44 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 8.1 (KB3178539).


Error: (09/15/2016 02:49:51 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.


Error: (09/15/2016 02:35:09 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable


Error: (09/15/2016 02:34:17 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Microsoft Office 2016 (KB3115495) 32-Bit Edition.


Error: (09/15/2016 02:34:17 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Windows 8.1 (KB2965142).




Microsoft Office Sessions:
=========================
Error: (09/15/2016 05:37:00 PM) (Source: Application Error)(User: )
Description: chrome.exe52.0.2743.11657a128a8unknown0.0.0.000000000c000000500000000d6401d20f5170d1eb88C:\Program Files\Google\Chrome\Application\chrome.exeunknown491dbe13-7b45-11e6-9746-7824af713162


Error: (09/15/2016 05:32:43 PM) (Source: DptfPolicyLpmService)(User: )
Description: DptfPolicyLpmServiceServiceMainThread:  App specific mode was turned off, but timer was not running.


Error: (09/15/2016 05:22:53 PM) (Source: System Restore)(User: )
Description: C:\WINDOWS\system32\svchost.exe -k netsvcsWindows Update0x8004231f


Error: (09/15/2016 03:11:23 PM) (Source: System Restore)(User: )
Description: 0x80070070


Error: (09/15/2016 03:11:23 PM) (Source: System Restore)(User: )
Description: C:\WINDOWS\system32\srtasks.exe ExecuteScheduledSPPCreationScheduled Checkpoint0x80070070


Error: (09/15/2016 02:49:51 PM) (Source: VSS)(User: )
Description: CreateFileW(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1,0xc0000000,0x00000003,...)


Operation:
   Processing PostFinalCommitSnapshots


Context:
   Execution Context: System Provider


Error: (09/15/2016 02:35:28 PM) (Source: DptfPolicyLpmService)(User: )
Description: DptfPolicyLpmServiceServiceMainThread:  App specific mode was turned off, but timer was not running.


Error: (09/15/2016 02:35:28 PM) (Source: DptfPolicyLpmService)(User: )
Description: DptfPolicyLpmServiceServiceMainThread:  GetForegroundApplicationIndex() failed.


Error: (09/15/2016 02:34:04 PM) (Source: System Restore)(User: )
Description: C:\WINDOWS\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_9dfef83fe2e442e4\TiWorker.exe -EmbeddingWindows Modules Installer0x8004231f


Error: (09/15/2016 02:33:50 PM) (Source: System Restore)(User: )
Description: C:\WINDOWS\system32\svchost.exe -k netsvcsWindows Update0x8004231f




CodeIntegrity Errors:
===================================
  Date: 2016-09-15 17:30:10.237
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


  Date: 2016-09-15 17:26:57.021
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


  Date: 2016-09-15 14:34:45.690
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


  Date: 2016-09-13 10:18:04.440
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


  Date: 2016-09-10 14:03:59.221
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


  Date: 2016-09-09 01:35:54.942
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


  Date: 2016-09-08 23:42:48.471
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


  Date: 2016-09-08 23:27:44.659
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


  Date: 2016-09-08 16:23:02.143
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


  Date: 2016-09-02 20:41:04.221
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.




=========================== Installed Programs ============================


Adobe Acrobat XI Pro (HKLM\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.00 - Adobe Systems)
Anki (HKLM\...\Anki) (Version:  - )
ANY-maze (HKLM\...\ANY-maze) (Version:  - Stoelting Co.)
ASUS Live Update (HKLM\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.4.3 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.3 - ASUS)
ASUS Smart Gesture (HKLM\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.16 - ASUS)
ATK Package (HKLM\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0033 - ASUS)
Avast Free Antivirus (HKLM\...\Avast) (Version: 12.3.2280 - AVAST Software)
Blio (HKLM\...\{7DBB61C8-34AD-4D60-BEE1-7F694B9A587A}) (Version: 3.1.9534 - K-NFB Reading Technology, Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.93.99.187.1 - Broadcom Corporation)
calibre (HKLM\...\{263E62B9-CB1E-4864-A8A7-37DEAC651484}) (Version: 2.63.0 - Kovid Goyal)
Canon MF210 Series (HKLM\...\{14824AB4-17F5-4909-80AB-A7E24743A47C}) (Version: 4.5.0.0 - CANON INC.)
Citavi 5 (HKLM\...\{7EB278FB-0C3C-445E-8665-4A6CDD9B794E}) (Version: 5.0.0.11 - Swiss Academic Software)
Cyberoam General Authentication Client 2.1.2.7 (HKLM\...\{043251F4-DA3F-44E6-A903-0A9B9FB375B9}}_is1) (Version:  - Cyberoam Technologies Pvt. Ltd.)
Dropbox (HKLM\...\Dropbox) (Version: 9.4.49 - Dropbox, Inc.)
Dropbox Update Helper (HKLM\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.45.1 - Dropbox, Inc.) Hidden
ePub Converter v2.7.109.352 (HKLM\...\ePub Converter v2.7.109.3522.7.109.352) (Version: 2.7.109.352 - Friends in War)
EthoVision XT 11 (HKLM\...\{6F1198E3-A40C-4C59-B2FC-9A430B36D9AD}) (Version: 11.0.928 - Noldus Information Technology bv)
Everything 1.3.4.686 (x86) (HKLM\...\Everything) (Version:  - )
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 8.0.0.624 - Foxit Software Inc.)
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
GoldenDict (HKLM\...\GoldenDict) (Version:  - )
Google Chrome (HKLM\...\{FD78FCBB-B20E-370E-BA1C-FE6886D4214F}) (Version: 52.0.2743.116 - Google, Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.31.5 - Google Inc.) Hidden
GraphPad Prism 6 (Trial) (HKLM\...\{E2D64D20-54B1-11E1-72AE-0169BBF12CD6}) (Version: 6.07 - GraphPad Software)
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3417 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Internet Download Manager (HKLM\...\Internet Download Manager) (Version:  - Tonec Inc.)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version:  - )
MATLAB R2014a (HKLM\...\Matlab R2014a) (Version: 8.3 - The MathWorks, Inc.)
Metric Collection SDK 35 (HKLM\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0006.00 - Lenovo Group Limited) Hidden
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x86) - 12.0.20617 (HKLM\...\{1f407217-9aec-4146-8504-e64ac959c534}) (Version: 12.0.20617.1 - Microsoft Corporation)
Noldus HardwareInterface Iobox 3.0.12 (HKLM\...\{515A24CA-6F55-44F6-94F1-F39BA91DA19E}) (Version: 3.0.12 - Noldus Information Technology bv)
Noldus HardwareInterface MiniIobox 3.0.16 (HKLM\...\{705C9773-3987-45C8-B326-BB8D911A571B}) (Version: 3.0.16 - Noldus Information Technology bv)
Noldus MainConcept Codec Package 8.5 (HKLM\...\{5DA40F7A-56E2-4F77-B37C-5C8092BA249B}) (Version: 8.5.30 - Noldus Information Technology bv)
Noldus MainConcept Encoder Package 7.5 (HKLM\...\{6DF93DFB-24DA-48F9-8C73-E3A35F79107E}) (Version: 7.5.4 - Noldus Information Technology bv)
Noldus MediaLooks A/V Filters 3.2 (HKLM\...\{505F9AC2-C8AD-4E17-98AE-B5CF4D1F2D21}) (Version: 3.2.00 - Noldus Information Technology bv)
Noldus RBRMInterface (HKLM\...\{EDB651A9-DB41-49D3-97BB-021C1F290839}) (Version: 1.0.8 - Noldus Information Technology bv)
Noldus Resizer Filter 12.0.2 (HKLM\...\{53C62640-01F0-4A8D-9FD9-47D2EEB08945}) (Version: 12.0.2 - Noldus Information Technology bv)
OpenControl - Tracking Only v1.2 (HKLM\...\OpenControl-TrackingOnly_is1) (Version:  - Paulo Aguiar [EMAIL="paguiar@ibmc.up.pt"]paguiar@ibmc.up.pt[/EMAIL])
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9.140.248 - Google, Inc.)
qBittorrent 3.3.5 (HKLM\...\qBittorrent) (Version: 3.3.5 - The qBittorrent project)
Realtek I2S Audio (HKLM\...\{89A448AA-3301-46AA-AFC3-34F2D7C670E8}) (Version: 6.2.9600.4087 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
SafeZone Stable 1.51.2220.53 (HKLM\...\SafeZone 1.51.2220.53) (Version: 1.51.2220.53 - Avast Software) Hidden
Sandboxie 5.12 (32-bit) (HKLM\...\Sandboxie) (Version: 5.12 - Sandboxie Holdings, LLC)
Sentinel Runtime (HKLM\...\{2A414CBE-CDF3-48C6-A91B-D3D4522F8EB5}) (Version: 6.60.1.36770 - SafeNet Inc.)
SHAREit (HKLM\...\SHAREit_is1) (Version: 3.3.0.1103 - Lenovo)
Smart Diary Suite 4 (HKLM\...\{4E0B21EE-F414-412A-B916-19CBDEA5EF64}_is1) (Version:  - Programming Sunrise)
Smart v3.0.05 (HKLM\...\{13782DCB-22E7-4F72-8BF9-4B059D8599EA}_is1) (Version: 3.0.5.2902 - Panlab Harvard Apparatus)
SugarSync (HKLM\...\SugarSync) (Version: 3.7.2.7.144324 - SugarSync, Inc.)
TeamViewer 11 (HKLM\...\TeamViewer) (Version: 11.0.64630 - TeamViewer)
Telegram Desktop version 0.10.1 (HKCU\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 0.10.1 - Telegram Messenger LLP)
Temp File Cleaner (HKLM\...\Temp File Cleaner) (Version: 4.4.0 - Addpcs, LLC)
Todoist (HKCU\...\{B1B3C79A-FFD9-4B28-A456-62B6E55E2A5C}_is1) (Version: 2.7.6.0 - Doist Ltd.)
UnCleaner (HKLM\...\UnCleaner) (Version: 1.7 - Josh Cell Softwares Corporation)
Update for Skype for Business 2016 (KB3118288) 32-Bit Edition (HKLM\...\{90160000-0011-0000-0000-0000000FF1CE}_Office16.PROPLUS_{736AF69B-309B-4C1E-A1E7-202FF8CCA0CD}) (Version:  - Microsoft)
Update for Skype for Business 2016 (KB3118288) 32-Bit Edition (HKLM\...\{90160000-012B-0409-0000-0000000FF1CE}_Office16.PROPLUS_{736AF69B-309B-4C1E-A1E7-202FF8CCA0CD}) (Version:  - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WebStorage (HKLM\...\WebStorage) (Version: 2.1.2.301 - ASUS Cloud Corporation)
WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version:  - )
Windows 10 Upgrade Assistant (HKLM\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17332 - Microsoft Corporation)
Windows Driver Package - ASUS (AsusHID) Mouse  (03/17/2014 3.0.0.27) (HKLM\...\A2E56402A9DA7D645E15F917A8AD8C50FDC80753) (Version: 03/17/2014 3.0.0.27 - ASUS)
WinFlash (HKLM\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
WinRAR 5.31 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
Xilisoft PDF to EPUB Converter (HKLM\...\Xilisoft PDF to EPUB Converter) (Version: 1.0.1.0927 - Xilisoft)
Xvid Video Codec (HKLM\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)


========================= Devices: ================================




========================= Memory info: ===================================


Percentage of memory in use: 69%
Total physical RAM: 1933.14 MB
Available physical RAM: 587.88 MB
Total Virtual: 2260.77 MB
Available Virtual: 587.09 MB


========================= Partitions: =====================================


1 Drive c: (OS) (Fixed) (Total:20.9 GB) (Free:0.31 GB) NTFS
2 Drive d: () (Removable) (Total:28.97 GB) (Free:3.9 GB) FAT32
3 Drive e: (Data1) (Fixed) (Total:465.76 GB) (Free:195.17 GB) NTFS


========================= Users: ========================================


User accounts for \\SNTODAY


Administrator            Guest                    john                     


========================= Minidump Files ==================================


No minidump file found


========================= Restore Points ==================================




**** End of log ****

[U][B][SIZE=5][COLOR=#000000]Wireless test tool

[/COLOR][/SIZE][/B][/U]

Windows IP Configuration


   Host Name . . . . . . . . . . . . : SNToday
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Mixed
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No


Ethernet adapter Local Area Connection:


   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : TeamViewer VPN Adapter
   Physical Address. . . . . . . . . : 00-FF-83-6D-15-BD
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes


Wireless LAN adapter Lenovo Easyplus Hotspot
:


   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Hosted Network Virtual Adapter
   Physical Address. . . . . . . . . : 78-24-AF-71-31-61
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes


Ethernet adapter Bluetooth Network Connection:


   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : 78-24-AF-71-31-62
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes


Wireless LAN adapter Local Area Connection* 3:


   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #2
   Physical Address. . . . . . . . . : 7A-24-AF-71-31-61
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes


Wireless LAN adapter Wi-Fi:


   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Broadcom 802.11abgn Wireless SDIO Adapter
   Physical Address. . . . . . . . . : 78-24-AF-71-31-61
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::dcbb:bf7a:2b3e:8f37%6(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.103(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, September 15, 2016 5:30:31 PM
   Lease Expires . . . . . . . . . . : Sunday, September 18, 2016 5:30:30 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 125314223
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-75-09-D7-9C-EB-E8-13-F9-98
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled


Tunnel adapter Teredo Tunneling Pseudo-Interface:


   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:24ad:9c70:b080:b5c5(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::24ad:9c70:b080:b5c5%10(Preferred) 
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 335544320
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-75-09-D7-9C-EB-E8-13-F9-98
   NetBIOS over Tcpip. . . . . . . . : Disabled


Tunnel adapter isatap.{ED5A8691-112E-4B41-AD16-64AE84004562}:


   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Interface name : Wi-Fi 
There are 5 networks currently visible. 


SSID 1 : ali
    Network type            : Infrastructure
    Authentication          : WPA2-Personal
    Encryption              : CCMP 
    BSSID 1                 : 64:70:02:aa:5b:9b
         Signal             : 18%  
         Radio type         : 802.11g
         Channel            : 4 
         Basic rates (Mbps) : 1 2 5.5 11
         Other rates (Mbps) : 6 9 12 18 24 36 48 54


SSID 2 : kami123
    Network type            : Infrastructure
    Authentication          : Open
    Encryption              : None 
    BSSID 1                 : e4:8d:8c:f9:83:cd
         Signal             : 6%  
         Radio type         : 802.11n
         Channel            : 52 
         Basic rates (Mbps) : 6
         Other rates (Mbps) : 9 12 18 24 36 48 54


SSID 3 : zzz
    Network type            : Infrastructure
    Authentication          : WPA2-Personal
    Encryption              : CCMP 
    BSSID 1                 : c4:6e:1f:3c:dd:d3
         Signal             : 16%  
         Radio type         : 802.11n
         Channel            : 11 
         Basic rates (Mbps) : 1 2 5.5 11
         Other rates (Mbps) : 6 9 12 18 24 36 48 54


SSID 4 : Ahfad
    Network type            : Infrastructure
    Authentication          : WPA2-Personal
    Encryption              : CCMP 
    BSSID 1                 : e8:94:f6:5b:17:d2
         Signal             : 76%  
         Radio type         : 802.11n
         Channel            : 1 
         Basic rates (Mbps) : 1 2 5.5 11
         Other rates (Mbps) : 6 9 12 18 24 36 48 54


SSID 5 : Mahdi
    Network type            : Infrastructure
    Authentication          : WPA2-Personal
    Encryption              : CCMP 
    BSSID 1                 : b0:b2:dc:4d:3b:38
         Signal             : 10%  
         Radio type         : 802.11n
         Channel            : 6 
         Basic rates (Mbps) : 1 2 5.5 11
         Other rates (Mbps) : 6 9 12 18 24 36 48 54




Profiles on interface Wi-Fi:


Group policy profiles (read only)
---------------------------------
    <None>


User profiles
-------------
    All User Profile     : Modares 2
    All User Profile     : AndroidAP
    All User Profile     : BZLp-aG9zc2VpbiBhcWE
    All User Profile     : Ahfad
    All User Profile     : Tmu Dorm
    All User Profile     : TMU
    All User Profile     : BZLp-aG9zc2VpbiBhcWE 2
    All User Profile     : hassan
    All User Profile     : EjrpN-dGhlIExlbm92byBCbGFjaw==
    All User Profile     : Modares
    All User Profile     : Modaress
    All User Profile     : d2B66Z29sZGVuZHll
    All User Profile     : hossein aqa




Pinging 194.119.131.66 with 32 bytes of data:
Reply from 194.119.131.66: bytes=32 time=151ms TTL=49
Reply from 194.119.131.66: bytes=32 time=134ms TTL=49
Reply from 194.119.131.66: bytes=32 time=135ms TTL=49
Reply from 194.119.131.66: bytes=32 time=135ms TTL=49


Ping statistics for 194.119.131.66:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 134ms, Maximum = 151ms, Average = 138ms
Ping request could not find host plus.net. Please check the name and try again.


Tracing route to cns1.uk.vianw.net [194.119.131.66]
over a maximum of 30 hops:


  1     1 ms     1 ms     1 ms  192.168.1.1 
  2    45 ms    42 ms    42 ms  5.53.63.255 
  3    43 ms    46 ms    43 ms  10.201.145.1 
  4    49 ms    55 ms    69 ms  172.19.4.17 
  5    53 ms    45 ms    45 ms  172.19.4.2 
  6    51 ms    47 ms    44 ms  10.201.176.153 
  7    46 ms    45 ms    45 ms  10.10.53.190 
  8   118 ms   113 ms   113 ms  85.132.90.201 
  9     *        *        *     Request timed out.
 10     *      119 ms   122 ms  mskn08.transtelecom.net [188.43.3.246] 
 11     *        *        *     Request timed out.
 12     *      138 ms   136 ms  195.66.224.66 
 13   134 ms   134 ms   158 ms  tengige0-1-1-0-t6-ar14.router.uk.clara.net [195.157.3.110] 
 14   132 ms   155 ms     *     cns1.uk.vianw.net [194.119.131.66] 
 15   131 ms   130 ms   137 ms  cns1.uk.vianw.net [194.119.131.66] 


Trace complete.
These Windows services are started:


   Adobe Acrobat Update Service
   Application Experience
   Application Information
   ASLDR Service
   ASUS HID Access Service
   Asus WebStorage Windows Service
   ATKGFNEX Service
   Background Intelligent Transfer Service
   Background Tasks Infrastructure Service
   Base Filtering Engine
   BitLocker Drive Encryption Service
   Bluetooth Support Service
   Certificate Propagation
   COM+ Event System
   Credential Manager
   Cryptographic Services
   DCOM Server Process Launcher
   Device Association Service
   DHCP Client
   Diagnostic Policy Service
   Diagnostic Service Host
   Diagnostic System Host
   Diagnostics Tracking Service
   Distributed Link Tracking Client
   DNS Client
   Foxit Reader Service
   Function Discovery Provider Host
   Function Discovery Resource Publication
   Group Policy Client
   HomeGroup Provider
   Human Interface Device Service
   Intel(R) Capability Licensing Service Interface
   Intel(R) Dynamic Application Loader Host Interface
   Intel(R) Dynamic Platform & Thermal Framework Critical Service Application
   Intel(R) Dynamic Platform & Thermal Framework Low Power Mode Service Application
   Intel(R) Dynamic Platform & Thermal Framework Processor Participant Service Application
   IP Helper
   IPsec Policy Agent
   Local Session Manager
   Microsoft Account Sign-in Assistant
   Microsoft Software Shadow Copy Provider
   Network Connected Devices Auto-Setup
   Network Connection Broker
   Network Connections
   Network List Service
   Network Location Awareness
   Network Store Interface Service
   Plug and Play
   Power
   Print Spooler
   Program Compatibility Assistant Service
   Remote Procedure Call (RPC)
   RPC Endpoint Mapper
   Sandboxie Service
   Security Accounts Manager
   Security Center
   Sensor Monitoring Service
   Sentinel LDK License Manager
   Server
   Service KMSELDI
   Shell Hardware Detection
   SSDP Discovery
   Superfetch
   System Event Notification Service
   System Events Broker
   Task Scheduler
   TCP/IP NetBIOS Helper
   TeamViewer 11
   Themes
   Time Broker
   Touch Keyboard and Handwriting Panel Service
   User Profile Service
   Windows Audio
   Windows Audio Endpoint Builder
   Windows Connection Manager
   Windows Driver Foundation - User-mode Driver Framework
   Windows Event Log
   Windows Firewall
   Windows Font Cache Service
   Windows Image Acquisition (WIA)
   Windows Management Instrumentation
   Windows Modules Installer
   Windows Search
   Windows Time
   Windows Update
   WinHTTP Web Proxy Auto-Discovery Service
   WLAN AutoConfig
   Workstation


The command completed successfully.




Microsoft Windows [Version 6.3.9600]


Image Name                     PID Session Name        Session#    Mem Usage
========================= ======== ================ =========== ============
System Idle Process              0 Services                   0          8 K
System                           4 Services                   0      3,080 K
smss.exe                       336 Services                   0        708 K
csrss.exe                      540 Services                   0      3,236 K
wininit.exe                    592 Services                   0      2,876 K
csrss.exe                      608 Console                    1     32,536 K
winlogon.exe                   652 Console                    1      4,836 K
services.exe                   720 Services                   0      4,952 K
lsass.exe                      728 Services                   0      9,520 K
svchost.exe                    804 Services                   0      8,096 K
svchost.exe                    848 Services                   0      6,392 K
dwm.exe                        952 Console                    1     20,180 K
svchost.exe                   1004 Services                   0     16,440 K
svchost.exe                   1048 Services                   0     41,836 K
svchost.exe                   1092 Services                   0     11,080 K
svchost.exe                   1156 Services                   0     19,804 K
SbieSvc.exe                   1232 Services                   0      3,184 K
WUDFHost.exe                  1356 Services                   0      4,936 K
svchost.exe                   1528 Services                   0      9,996 K
AsLdrSrv.exe                  1584 Services                   0      2,904 K
wlanext.exe                   1600 Services                   0      3,668 K
conhost.exe                   1624 Services                   0      2,104 K
GFNEXSrv.exe                  1648 Services                   0      1,752 K
spoolsv.exe                   1808 Services                   0      6,336 K
svchost.exe                   1868 Services                   0      7,696 K
svchost.exe                   1892 Services                   0     13,092 K
armsvc.exe                    2024 Services                   0      2,788 K
AsHidSrv.exe                  2044 Services                   0      2,464 K
AsusWSWinService.exe           272 Services                   0     11,536 K
svchost.exe                    764 Services                   0      9,140 K
DptfParticipantProcessorS      884 Services                   0      2,540 K
DptfPolicyCriticalService     1000 Services                   0      2,540 K
DptfPolicyLpmService.exe      1220 Services                   0      2,564 K
dasHost.exe                   1340 Services                   0      6,204 K
FoxitConnectedPDFService.     1516 Services                   0      8,520 K
hasplms.exe                   2288 Services                   0      9,792 K
HeciServer.exe                2308 Services                   0      3,592 K
Service_KMS.exe               2352 Services                   0     18,244 K
svchost.exe                   2404 Services                   0      4,276 K
TeamViewer_Service.exe        2424 Services                   0      8,144 K
svchost.exe                   3592 Services                   0      3,536 K
WUDFHost.exe                  3792 Services                   0      4,128 K
HControl.exe                  4556 Console                    1      5,156 K
taskhostex.exe                4604 Console                    1      8,404 K
explorer.exe                  4848 Console                    1    127,708 K
DMedia.exe                    5036 Console                    1      4,064 K
ATKOSD2.exe                   5044 Console                    1      5,336 K
TabTip.exe                    5444 Console                    1      7,368 K
SearchIndexer.exe             5464 Services                   0     18,596 K
SkyDrive.exe                  5660 Console                    1     12,180 K
AsusTPLoader.exe              6040 Console                    1      2,048 K
igfxsrvc.exe                  6108 Console                    1      5,732 K
WmiPrvSE.exe                  2868 Services                   0      9,928 K
AsusTPCenter.exe              1828 Console                    1        540 K
jhi_service.exe               3784 Services                   0      3,536 K
igfxtray.exe                  1292 Console                    1      5,208 K
AsusTPHelper.exe              3100 Console                    1        200 K
hkcmd.exe                     3000 Console                    1      4,940 K
igfxpers.exe                  2544 Console                    1      5,124 K
DptfPolicyLpmServiceHelpe     3980 Console                    1      2,144 K
RtkNGUI.exe                   3252 Console                    1      6,292 K
avastui.exe                   3460 Console                    1     26,816 K
Acrotray.exe                  4812 Console                    1      5,056 K
ONENOTEM.EXE                  2328 Console                    1        828 K
unsecapp.exe                  3604 Console                    1      4,536 K
SettingSyncHost.exe           2752 Console                    1      2,236 K
IEMonitor.exe                 3932 Console                    1      5,016 K
taskhost.exe                  2948 Console                    1      4,280 K
ctfmon.exe                    5472 Console                    1      3,452 K
WINWORD.EXE                   5856 Console                    1     70,772 K
chrome.exe                    1916 Console                    1    107,808 K
chrome.exe                    2592 Console                    1      4,028 K
chrome.exe                    1560 Console                    1     26,952 K
chrome.exe                    1240 Console                    1     61,100 K
chrome.exe                    4936 Console                    1     64,424 K
chrome.exe                    2904 Console                    1     56,632 K
chrome.exe                    4240 Console                    1     51,996 K
chrome.exe                    1724 Console                    1     63,624 K
chrome.exe                    5944 Console                    1     55,084 K
chrome.exe                    3184 Console                    1     55,496 K
chrome.exe                    1216 Console                    1     53,660 K
chrome.exe                    4136 Console                    1    115,136 K
svchost.exe                   3944 Services                   0      3,720 K
notepad.exe                   6128 Console                    1      7,228 K
TrustedInstaller.exe          2956 Services                   0      3,928 K
TiWorker.exe                  4304 Services                   0     29,604 K
wireless.exe                  3824 Console                    1      7,864 K
cmd.exe                       2208 Console                    1      2,128 K
conhost.exe                   4552 Console                    1      4,212 K
tasklist.exe                  3300 Console                    1      4,664 K


   MTU  MediaSenseState   Bytes In  Bytes Out  Interface
------  ---------------  ---------  ---------  -------------
4294967295                1          0      18844  Loopback Pseudo-Interface 1
  1500                1   16808047    1795945  Wi-Fi
  1500                5          0          0  Local Area Connection
  1500                5          0          0  Bluetooth Network Connection
  1500                5          0          0  Local Area Connection* 3
  1500                5          0          0  Lenovo Easyplus Hotspot




Querying active state...


TCP Global Parameters
----------------------------------------------
Receive-Side Scaling State          : enabled 
Chimney Offload State               : disabled 
NetDMA State                        : disabled 
Direct Cache Access (DCA)           : disabled 
Receive Window Auto-Tuning Level    : normal 
Add-On Congestion Control Provider  : none 
ECN Capability                      : disabled 
RFC 1323 Timestamps                 : disabled 
Initial RTO                         : 3000 
Receive Segment Coalescing State    : disabled 
Non Sack Rtt Resiliency             : disabled 
Max SYN Retransmissions             : 2 


===========================================================================
Interface List
 16...00 ff 83 6d 15 bd ......TeamViewer VPN Adapter
 11...78 24 af 71 31 61 ......Microsoft Hosted Network Virtual Adapter
  8...78 24 af 71 31 62 ......Bluetooth Device (Personal Area Network)
  7...7a 24 af 71 31 61 ......Microsoft Wi-Fi Direct Virtual Adapter #2
  6...78 24 af 71 31 61 ......Broadcom 802.11abgn Wireless SDIO Adapter
  1...........................Software Loopback Interface 1
 10...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
===========================================================================


IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.103     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.103    281
    192.168.1.103  255.255.255.255         On-link     192.168.1.103    281
    192.168.1.255  255.255.255.255         On-link     192.168.1.103    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.103    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.103    281
===========================================================================
Persistent Routes:
  None


IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 10    306 ::/0                     On-link
  1    306 ::1/128                  On-link
 10    306 2001::/32                On-link
 10    306 2001:0:9d38:90d7:24ad:9c70:b080:b5c5/128
                                    On-link
  6    281 fe80::/64                On-link
 10    306 fe80::/64                On-link
 10    306 fe80::24ad:9c70:b080:b5c5/128
                                    On-link
  6    281 fe80::dcbb:bf7a:2b3e:8f37/128
                                    On-link
  1    306 ff00::/8                 On-link
  6    281 ff00::/8                 On-link
 10    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
    
Local Area Connection:
Node IpAddress: [0.0.0.0] Scope Id: []


    No Connections
    
Bluetooth Network Connection:
Node IpAddress: [0.0.0.0] Scope Id: []


    No Connections
    
Wi-Fi:
Node IpAddress: [192.168.1.103] Scope Id: []


    No Connections
    
Lenovo Easyplus Hotspot
:
Node IpAddress: [0.0.0.0] Scope Id: []


    No Connections
    
Local Area Connection* 3:
Node IpAddress: [0.0.0.0] Scope Id: []


    No Connections


Active Connections


  Proto  Local Address          Foreign Address        State
  TCP    0.0.0.0:135            SNToday:0              LISTENING
  RpcSs
 [svchost.exe]
  TCP    0.0.0.0:445            SNToday:0              LISTENING
 Can not obtain ownership information
  TCP    0.0.0.0:1947           SNToday:0              LISTENING
 [hasplms.exe]
  TCP    0.0.0.0:5357           SNToday:0              LISTENING
 Can not obtain ownership information
  TCP    0.0.0.0:38068          SNToday:0              LISTENING
 Can not obtain ownership information
  TCP    0.0.0.0:49408          SNToday:0              LISTENING
 [wininit.exe]
  TCP    0.0.0.0:49409          SNToday:0              LISTENING
  EventLog
 [svchost.exe]
  TCP    0.0.0.0:49410          SNToday:0              LISTENING
  Schedule
 [svchost.exe]
  TCP    0.0.0.0:49411          SNToday:0              LISTENING
 [spoolsv.exe]
  TCP    0.0.0.0:49418          SNToday:0              LISTENING
 [lsass.exe]
  TCP    0.0.0.0:49428          SNToday:0              LISTENING
 Can not obtain ownership information
  TCP    127.0.0.1:1001         SNToday:0              LISTENING
 Can not obtain ownership information
  TCP    127.0.0.1:5939         SNToday:0              LISTENING
 [TeamViewer_Service.exe]
  TCP    127.0.0.1:44430        SNToday:0              LISTENING
 [FoxitConnectedPDFService.exe]
  TCP    127.0.0.1:49153        SNToday:0              LISTENING
 [Explorer.EXE]
  TCP    127.0.0.1:49153        SNToday:49795          ESTABLISHED
 [Explorer.EXE]
  TCP    127.0.0.1:49795        SNToday:49153          ESTABLISHED
 [chrome.exe]
  TCP    192.168.1.103:139      SNToday:0              LISTENING
 Can not obtain ownership information
  TCP    192.168.1.103:49154    111.221.29.154:https   ESTABLISHED
 [Explorer.EXE]
  TCP    192.168.1.103:49771    173.194.76.188:5228    ESTABLISHED
 [chrome.exe]
  TCP    192.168.1.103:49780    fra16s12-in-f14:https  ESTABLISHED
 [chrome.exe]
  TCP    192.168.1.103:49781    adobe:https            ESTABLISHED
 [chrome.exe]
  TCP    192.168.1.103:49783    fra07s32-in-f14:https  ESTABLISHED
 [chrome.exe]
  TCP    192.168.1.103:49876    184.172.52.99:http     ESTABLISHED
 [chrome.exe]
  TCP    192.168.1.103:49882    fra16s12-in-f14:https  ESTABLISHED
 [chrome.exe]
  TCP    192.168.1.103:49883    fra07s29-in-f14:https  ESTABLISHED
 [chrome.exe]
  TCP    192.168.1.103:49884    191.238.177.236:https  ESTABLISHED
 [WINWORD.EXE]
  TCP    [::]:135               SNToday:0              LISTENING
  RpcSs
 [svchost.exe]
  TCP    [::]:445               SNToday:0              LISTENING
 Can not obtain ownership information
  TCP    [::]:1947              SNToday:0              LISTENING
 [hasplms.exe]
  TCP    [::]:5357              SNToday:0              LISTENING
 Can not obtain ownership information
  TCP    [::]:38068             SNToday:0              LISTENING
 Can not obtain ownership information
  TCP    [::]:49408             SNToday:0              LISTENING
 [wininit.exe]
  TCP    [::]:49409             SNToday:0              LISTENING
  EventLog
 [svchost.exe]
  TCP    [::]:49410             SNToday:0              LISTENING
  Schedule
 [svchost.exe]
  TCP    [::]:49411             SNToday:0              LISTENING
 [spoolsv.exe]
  TCP    [::]:49418             SNToday:0              LISTENING
 [lsass.exe]
  TCP    [::]:49428             SNToday:0              LISTENING
 Can not obtain ownership information
  TCP    [::1]:49460            SNToday:0              LISTENING
 [jhi_service.exe]
  UDP    0.0.0.0:123            *:*                    
  W32Time
 [svchost.exe]
  UDP    0.0.0.0:1947           *:*                    
 [hasplms.exe]
  UDP    0.0.0.0:3702           *:*                    
  FDResPub
 [svchost.exe]
  UDP    0.0.0.0:3702           *:*                    
  EventSystem
 [svchost.exe]
  UDP    0.0.0.0:3702           *:*                    
  EventSystem
 [svchost.exe]
  UDP    0.0.0.0:3702           *:*                    
  FDResPub
 [svchost.exe]
  UDP    0.0.0.0:3702           *:*                    
 [dashost.exe]
  UDP    0.0.0.0:3702           *:*                    
 [dashost.exe]
  UDP    0.0.0.0:5353           *:*                    
 [chrome.exe]
  UDP    0.0.0.0:5353           *:*                    
 [chrome.exe]
  UDP    0.0.0.0:5353           *:*                    
 [chrome.exe]
  UDP    0.0.0.0:5355           *:*                    
  Dnscache
 [svchost.exe]
  UDP    0.0.0.0:49415          *:*                    
 [hasplms.exe]
  UDP    0.0.0.0:54019          *:*                    
  FDResPub
 [svchost.exe]
  UDP    0.0.0.0:54021          *:*                    
  EventSystem
 [svchost.exe]
  UDP    0.0.0.0:54023          *:*                    
 [TeamViewer_Service.exe]
  UDP    0.0.0.0:54025          *:*                    
 [dashost.exe]
  UDP    127.0.0.1:1900         *:*                    
  SSDPSRV
 [svchost.exe]
  UDP    127.0.0.1:54018        *:*                    
  SSDPSRV
 [svchost.exe]
  UDP    192.168.1.103:137      *:*                    
 Can not obtain ownership information
  UDP    192.168.1.103:138      *:*                    
 Can not obtain ownership information
  UDP    192.168.1.103:1900     *:*                    
  SSDPSRV
 [svchost.exe]
  UDP    192.168.1.103:5353     *:*                    
 [TeamViewer_Service.exe]
  UDP    192.168.1.103:54017    *:*                    
  SSDPSRV
 [svchost.exe]
  UDP    [::]:123               *:*                    
  W32Time
 [svchost.exe]
  UDP    [::]:1947              *:*                    
 [hasplms.exe]
  UDP    [::]:3702              *:*                    
  FDResPub
 [svchost.exe]
  UDP    [::]:3702              *:*                    
 [dashost.exe]
  UDP    [::]:3702              *:*                    
  FDResPub
 [svchost.exe]
  UDP    [::]:3702              *:*                    
  EventSystem
 [svchost.exe]
  UDP    [::]:3702              *:*                    
 [dashost.exe]
  UDP    [::]:3702              *:*                    
  EventSystem
 [svchost.exe]
  UDP    [::]:5353              *:*                    
 [chrome.exe]
  UDP    [::]:5353              *:*                    
 [chrome.exe]
  UDP    [::]:5355              *:*                    
  Dnscache
 [svchost.exe]
  UDP    [::]:54020             *:*                    
  FDResPub
 [svchost.exe]
  UDP    [::]:54022             *:*                    
  EventSystem
 [svchost.exe]
  UDP    [::]:54024             *:*                    
 [TeamViewer_Service.exe]
  UDP    [::]:54026             *:*                    
 [dashost.exe]
  UDP    [::1]:1900             *:*                    
  SSDPSRV
 [svchost.exe]
  UDP    [::1]:5353             *:*                    
 [TeamViewer_Service.exe]
  UDP    [::1]:54016            *:*                    
  SSDPSRV
 [svchost.exe]
  UDP    [fe80::24ad:9c70:b080:b5c5%10]:546  *:*                    
  Dhcp
 [svchost.exe]
  UDP    [fe80::dcbb:bf7a:2b3e:8f37%6]:546  *:*                    
  Dhcp
 [svchost.exe]
  UDP    [fe80::dcbb:bf7a:2b3e:8f37%6]:1900  *:*                    
  SSDPSRV
 [svchost.exe]
  UDP    [fe80::dcbb:bf7a:2b3e:8f37%6]:54015  *:*                    
  SSDPSRV
 [svchost.exe]
Server:  UnKnown
Address:  192.168.1.1


Name:    portal.plus.net
Addresses:  212.159.9.2
      212.159.8.2
Aliases:  [URL="http://www.plus.net"]Plusnet | Phone and Broadband Deals - Fast, Cheap & Reliable[/URL]




HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    ASUSPRP    REG_SZ    "C:\Program Files\ASUS\APRP\APRP.EXE"
    WebStorage    REG_SZ    C:\Program Files\ASUS\WebStorage\2.1.2.301\ASUSWSLoader.exe
    IgfxTray    REG_SZ    "C:\Windows\system32\igfxtray.exe"
    HotKeysCmds    REG_SZ    "C:\Windows\system32\hkcmd.exe"
    Persistence    REG_SZ    "C:\Windows\system32\igfxpers.exe"
    DptfPolicyLpmServiceHelper    REG_SZ    C:\Windows\system32\DptfPolicyLpmServiceHelper.exe
    RtkNGUI    REG_SZ    "C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe" /s
    Everything    REG_SZ    "C:\Program Files\Everything\Everything.exe" -startup
    AvastUI.exe    REG_SZ    "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
    Dropbox    REG_SZ    "C:\Program Files\Dropbox\Client\Dropbox.exe" /systemstartup
    AdobeAAMUpdater-1.0    REG_SZ    "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    Adobe ARM    REG_SZ    "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    (Default)    REG_SZ    
    Acrobat Assistant 8.0    REG_SZ    "D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"






HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    IDMan    REG_SZ    C:\Program Files\Internet Download Manager\IDMan.exe /onboot
    SugarSync    REG_SZ    "C:\Program Files\SugarSync\SugarSync.exe" -startInTray -usedelay=true
    SandboxieControl    REG_SZ    "C:\Program Files\Sandboxie\SbieCtrl.exe"
    GoogleChromeAutoLaunch_D08D85DCFC7DC1C74F7FE73786AFDD07    REG_SZ    "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5

[SIZE=5][U][B]Addition (from FRST)
[/B][/U][/SIZE]Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-09-2016
Ran by john (15-09-2016 17:57:19)
Running from C:\Users\john\Desktop
Microsoft Windows 8.1 (Update) (X86) (2016-07-07 10:31:07)
Boot Mode: Normal
==========================================================




==================== Accounts: =============================


Administrator (S-1-5-21-1211984804-1430602019-1276967695-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-1211984804-1430602019-1276967695-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-1211984804-1430602019-1276967695-1003 - Limited - Enabled)
john (S-1-5-21-1211984804-1430602019-1276967695-1001 - Administrator - Enabled) => C:\Users\john


==================== Security Center ========================


(If an entry is included in the fixlist, it will be removed.)


AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}


==================== Installed Programs ======================


(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)


Adobe Acrobat XI Pro (HKLM\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.00 - Adobe Systems)
Anki (HKLM\...\Anki) (Version:  - )
ANY-maze (HKLM\...\ANY-maze) (Version:  - Stoelting Co.)
ASUS Live Update (HKLM\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.4.3 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.3 - ASUS)
ASUS Smart Gesture (HKLM\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.16 - ASUS)
ATK Package (HKLM\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0033 - ASUS)
Avast Free Antivirus (HKLM\...\Avast) (Version: 12.3.2280 - AVAST Software)
Blio (HKLM\...\{7DBB61C8-34AD-4D60-BEE1-7F694B9A587A}) (Version: 3.1.9534 - K-NFB Reading Technology, Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.93.99.187.1 - Broadcom Corporation)
calibre (HKLM\...\{263E62B9-CB1E-4864-A8A7-37DEAC651484}) (Version: 2.63.0 - Kovid Goyal)
Canon MF210 Series (HKLM\...\{14824AB4-17F5-4909-80AB-A7E24743A47C}) (Version: 4.5.0.0 - CANON INC.)
Citavi 5 (HKLM\...\{7EB278FB-0C3C-445E-8665-4A6CDD9B794E}) (Version: 5.0.0.11 - Swiss Academic Software)
Cyberoam General Authentication Client 2.1.2.7 (HKLM\...\{043251F4-DA3F-44E6-A903-0A9B9FB375B9}}_is1) (Version:  - Cyberoam Technologies Pvt. Ltd.)
Dropbox (HKLM\...\Dropbox) (Version: 9.4.49 - Dropbox, Inc.)
Dropbox Update Helper (Version: 1.3.45.1 - Dropbox, Inc.) Hidden
ePub Converter v2.7.109.352 (HKLM\...\ePub Converter v2.7.109.3522.7.109.352) (Version: 2.7.109.352 - Friends in War)
EthoVision XT 11 (HKLM\...\{6F1198E3-A40C-4C59-B2FC-9A430B36D9AD}) (Version: 11.0.928 - Noldus Information Technology bv)
Everything 1.3.4.686 (x86) (HKLM\...\Everything) (Version:  - )
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 8.0.0.624 - Foxit Software Inc.)
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
GoldenDict (HKLM\...\GoldenDict) (Version:  - )
Google Chrome (HKLM\...\{FD78FCBB-B20E-370E-BA1C-FE6886D4214F}) (Version: 52.0.2743.116 - Google, Inc.)
Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
GraphPad Prism 6 (Trial) (HKLM\...\{E2D64D20-54B1-11E1-72AE-0169BBF12CD6}) (Version: 6.07 - GraphPad Software)
Herramientas de corrección de Microsoft Office 2016: español (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3417 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Internet Download Manager (HKLM\...\Internet Download Manager) (Version:  - Tonec Inc.)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version:  - )
MATLAB R2014a (HKLM\...\Matlab R2014a) (Version: 8.3 - The MathWorks, Inc.)
Metric Collection SDK 35 (Version: 1.2.0006.00 - Lenovo Group Limited) Hidden
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x86) - 12.0.20617 (HKLM\...\{1f407217-9aec-4146-8504-e64ac959c534}) (Version: 12.0.20617.1 - Microsoft Corporation)
Noldus HardwareInterface Iobox 3.0.12 (HKLM\...\{515A24CA-6F55-44F6-94F1-F39BA91DA19E}) (Version: 3.0.12 - Noldus Information Technology bv)
Noldus HardwareInterface MiniIobox 3.0.16 (HKLM\...\{705C9773-3987-45C8-B326-BB8D911A571B}) (Version: 3.0.16 - Noldus Information Technology bv)
Noldus MainConcept Codec Package 8.5 (HKLM\...\{5DA40F7A-56E2-4F77-B37C-5C8092BA249B}) (Version: 8.5.30 - Noldus Information Technology bv)
Noldus MainConcept Encoder Package 7.5 (HKLM\...\{6DF93DFB-24DA-48F9-8C73-E3A35F79107E}) (Version: 7.5.4 - Noldus Information Technology bv)
Noldus MediaLooks A/V Filters 3.2 (HKLM\...\{505F9AC2-C8AD-4E17-98AE-B5CF4D1F2D21}) (Version: 3.2.00 - Noldus Information Technology bv)
Noldus RBRMInterface (HKLM\...\{EDB651A9-DB41-49D3-97BB-021C1F290839}) (Version: 1.0.8 - Noldus Information Technology bv)
Noldus Resizer Filter 12.0.2 (HKLM\...\{53C62640-01F0-4A8D-9FD9-47D2EEB08945}) (Version: 12.0.2 - Noldus Information Technology bv)
OpenControl - Tracking Only v1.2 (HKLM\...\OpenControl-TrackingOnly_is1) (Version:  - Paulo Aguiar [EMAIL="paguiar@ibmc.up.pt"]paguiar@ibmc.up.pt[/EMAIL])
Outils de vérification linguistique 2016 de Microsoft Office - Français (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9.140.248 - Google, Inc.)
qBittorrent 3.3.5 (HKLM\...\qBittorrent) (Version: 3.3.5 - The qBittorrent project)
Realtek I2S Audio (HKLM\...\{89A448AA-3301-46AA-AFC3-34F2D7C670E8}) (Version: 6.2.9600.4087 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
SafeZone Stable 1.51.2220.53 (Version: 1.51.2220.53 - Avast Software) Hidden
Sandboxie 5.12 (32-bit) (HKLM\...\Sandboxie) (Version: 5.12 - Sandboxie Holdings, LLC)
Sentinel Runtime (HKLM\...\{2A414CBE-CDF3-48C6-A91B-D3D4522F8EB5}) (Version: 6.60.1.36770 - SafeNet Inc.)
SHAREit (HKLM\...\SHAREit_is1) (Version: 3.3.0.1103 - Lenovo)
Smart Diary Suite 4 (HKLM\...\{4E0B21EE-F414-412A-B916-19CBDEA5EF64}_is1) (Version:  - Programming Sunrise)
Smart v3.0.05 (HKLM\...\{13782DCB-22E7-4F72-8BF9-4B059D8599EA}_is1) (Version: 3.0.5.2902 - Panlab Harvard Apparatus)
SugarSync (HKLM\...\SugarSync) (Version: 3.7.2.7.144324 - SugarSync, Inc.)
TeamViewer 11 (HKLM\...\TeamViewer) (Version: 11.0.64630 - TeamViewer)
Telegram Desktop version 0.10.1 (HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 0.10.1 - Telegram Messenger LLP)
Temp File Cleaner (HKLM\...\Temp File Cleaner) (Version: 4.4.0 - Addpcs, LLC)
Todoist (HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\{B1B3C79A-FFD9-4B28-A456-62B6E55E2A5C}_is1) (Version: 2.7.6.0 - Doist Ltd.)
UnCleaner (HKLM\...\UnCleaner) (Version: 1.7 - Josh Cell Softwares Corporation)
Update for Skype for Business 2016 (KB3118288) 32-Bit Edition (HKLM\...\{90160000-0011-0000-0000-0000000FF1CE}_Office16.PROPLUS_{736AF69B-309B-4C1E-A1E7-202FF8CCA0CD}) (Version:  - Microsoft)
Update for Skype for Business 2016 (KB3118288) 32-Bit Edition (HKLM\...\{90160000-012B-0409-0000-0000000FF1CE}_Office16.PROPLUS_{736AF69B-309B-4C1E-A1E7-202FF8CCA0CD}) (Version:  - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WebStorage (HKLM\...\WebStorage) (Version: 2.1.2.301 - ASUS Cloud Corporation)
WinDirStat 1.1.2 (HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\WinDirStat) (Version:  - )
Windows 10 Upgrade Assistant (HKLM\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17332 - Microsoft Corporation)
Windows Driver Package - ASUS (AsusHID) Mouse  (03/17/2014 3.0.0.27) (HKLM\...\A2E56402A9DA7D645E15F917A8AD8C50FDC80753) (Version: 03/17/2014 3.0.0.27 - ASUS)
WinFlash (HKLM\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
WinRAR 5.31 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
Xilisoft PDF to EPUB Converter (HKLM\...\Xilisoft PDF to EPUB Converter) (Version: 1.0.1.0927 - Xilisoft)
Xvid Video Codec (HKLM\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)


==================== Custom CLSID (Whitelisted): ==========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)




==================== Scheduled Tasks (Whitelisted) =============


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


Task: {004EEE38-C96B-4042-864E-DDE62D721259} - System32\Tasks\Update Checker => C:\Program Files\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {0990F565-119A-4A2C-B762-78C82CA95154} - System32\Tasks\MATLAB R2014a Startup Accelerator => e:\Program Files\MATLAB\R2014a\bin\win32\MATLABStartupAccelerator.exe [2014-01-29] ()
Task: {2D23BF59-B5E6-4294-832C-1AE7252389B9} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2014-01-14] (ASUSTek Computer Inc.)
Task: {313B6B8F-EC4D-4EEB-B0A9-C0E2998D5847} - \ASUS Patch for Touch Panel -> No File <==== ATTENTION
Task: {5318C8C0-7823-4B2F-B271-D2CFCE3D45F6} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 35 => C:\Program Files\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe
Task: {57876349-58E1-4042-BE9F-F9DF9B7A125A} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-07-15] (Dropbox, Inc.)
Task: {6E795BEF-3F18-4D59-B526-8A7E1193B411} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-09-01] (AVAST Software)
Task: {6F8BE5F2-4AB8-407A-BB58-8C3C6FF9E49E} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)
Task: {81593B05-5E9A-444A-BB06-7A36B65B2C91} - System32\Tasks\ASUS Live Update1 => C:\Program Files\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {83F42300-30C3-4F23-98AB-96AA04A9F01C} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPLauncher.exe [2014-04-09] (AsusTek)
Task: {8687639D-93DD-494F-AE76-1922D6B6A23C} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-07-10] (AVAST Software)
Task: {C1C9D87E-22F6-4B23-8929-DE23B74A1DA3} - System32\Tasks\SafeZone scheduled Autoupdate 1472832695 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-08-09] (Avast Software)
Task: {D6EFF91B-908E-4AE1-BAC6-79B0610F168D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-07-10] (Google Inc.)
Task: {E3555FF8-B04C-4D2C-ADC0-C52D617756F9} - System32\Tasks\ASUS Live Update2 => C:\Program Files\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {F0FED4FB-582A-4548-B6CE-63C1258D7D8A} - System32\Tasks\AutoPico Daily Restart => d:\Program Files\KMSpico\AutoPico.exe [2015-09-27] (@ByELDI)
Task: {F2179854-30CB-4504-900A-3B886F9401C6} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-07-15] (Dropbox, Inc.)
Task: {F69F135A-1B72-4262-860F-D31950AFAD91} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-07-10] (Google Inc.)
Task: {FAB49829-3EE7-4234-BE84-277862F2A57C} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\MATLAB R2014a Startup Accelerator.job => e:\Program Files\MATLAB\R2014a\bin\win32\MATLABStartupAccelerator.exe


==================== Shortcuts =============================


(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Freelancy Time Tracker.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=olkajbcicgbkoefeclmjjbdhidnnmgkh
ShortcutWithArgument: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gliffy Diagrams.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=bhmicilclplefnflapjmnngmkkkkpfad
ShortcutWithArgument: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Keep - notes and lists.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
ShortcutWithArgument: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Pocket.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=mjcnijlhddpbdemagnpefmlkjdagkogk


==================== Loaded Modules (Whitelisted) ==============


2016-07-15 15:21 - 2016-08-06 11:43 - 00019216 _____ () C:\WINDOWS\system32\spool\PRTPROCS\W32X86\TeamViewer_PrintProcessor.dll
2016-07-10 03:19 - 2016-07-10 03:19 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-09-01 22:15 - 2016-09-01 22:15 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-09-01 22:15 - 2016-09-01 22:15 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-08-09 14:36 - 2016-08-03 04:54 - 01771336 _____ () C:\Program Files\Google\Chrome\Application\52.0.2743.116\libglesv2.dll
2016-08-09 14:36 - 2016-08-03 04:53 - 00094024 _____ () C:\Program Files\Google\Chrome\Application\52.0.2743.116\libegl.dll


==================== Alternate Data Streams (Whitelisted) =========


(If an entry is included in the fixlist, only the ADS will be removed.)




==================== Safe Mode (Whitelisted) ===================


(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"


==================== Association (Whitelisted) ===============


(If an entry is included in the fixlist, the registry item will be restored to default or removed.)




==================== Internet Explorer trusted/restricted ===============


(If an entry is included in the fixlist, it will be removed from the registry.)




==================== Hosts content: ===============================


(If needed Hosts: directive could be included in the fixlist to reset Hosts.)


2013-08-22 10:43 - 2016-09-09 00:04 - 00000753 ____A C:\WINDOWS\system32\Drivers\etc\hosts


 
127.0.0.1       localhost 


==================== Other Areas ============================


(Currently there is no automatic fix for this section.)


HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\asus\wallpapers\asus.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.


==================== MSCONFIG/TASK MANAGER disabled items ==


(Currently there is no automatic fix for this section.)


HKLM\...\StartupApproved\StartupFolder: => "Cyberoam General Authentication Client.lnk"
HKLM\...\StartupApproved\Run: => "WebStorage"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Everything"
HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_D08D85DCFC7DC1C74F7FE73786AFDD07"
HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\StartupApproved\Run: => "IDMan"
HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\StartupApproved\Run: => "SandboxieControl"
HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\StartupApproved\Run: => "SugarSync"


==================== FirewallRules (Whitelisted) ===============


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{9D61E6CB-5763-41DC-8C3F-B008269381A2}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe
FirewallRules: [{BEFB68FE-2829-4C43-9389-4E28E4352F11}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe
FirewallRules: [{1AFD70A4-6761-42EB-A1CE-0037C60A97AB}] => (Allow) C:\WINDOWS\system32\hasplms.exe
FirewallRules: [{8122C688-943D-4E78-8DA2-81026A22E387}] => (Allow) D:\Program Files\SHAREit\SHAREit.exe
FirewallRules: [{03D00B97-38FA-4CC9-AB46-137760E3C979}] => (Allow) D:\Program Files\SHAREit\SHAREit.exe
FirewallRules: [{39CACE31-6E80-4BFD-9E17-C33167368718}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{E796579A-3C8D-4EDC-AC62-61A8CCD9B560}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{795B5D8D-CFEB-44A7-AA6C-B6A8E9FE4933}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{A8235268-B96A-46A5-BA60-A788E3C30341}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{C6293449-82E5-4ED1-BCCD-3C290B968B91}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{2CA38FD0-9E62-4844-AF73-F25513492427}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{B2CF45F7-7CD5-4F0F-B437-7F125D088AA8}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{145D4365-FDAD-4C2A-8F39-BE9EC439C178}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E6B57682-B80E-471B-999B-C9F4F6006BEA}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{709C1F62-6910-44AF-9E5A-045C27239C6C}] => (Allow) C:\Program Files\Internet Download Manager\IDMan.exe
FirewallRules: [{C0EB0285-0D4B-499C-9367-BA1D1D3ADC5E}] => (Allow) C:\Program Files\Internet Download Manager\IDMan.exe
FirewallRules: [{E3CF7D3E-49DB-4099-908B-065F0DBBD1F8}] => (Allow) C:\Program Files\Internet Download Manager\IDMan.exe
FirewallRules: [{E2136944-8C09-4054-BBE4-087976BABF17}] => (Allow) C:\Program Files\Internet Download Manager\IDMan.exe
FirewallRules: [TCP Query User{DED73CCC-54EB-4DEA-94B1-BC0CE89C5CE6}C:\users\john\desktop\shortcuts\fg759p.exe] => (Allow) C:\users\john\desktop\shortcuts\fg759p.exe
FirewallRules: [UDP Query User{2BD954D6-D8B6-4D6C-980A-0E4F566067F4}C:\users\john\desktop\shortcuts\fg759p.exe] => (Allow) C:\users\john\desktop\shortcuts\fg759p.exe
FirewallRules: [{B6947C46-921D-4403-9484-3CC8BCC11180}] => (Allow) C:\Program Files\Dropbox\Client\Dropbox.exe
FirewallRules: [{5A23F26C-C55E-441B-BA66-C3E34E196AB6}] => (Allow) LPort=1688
FirewallRules: [{449AE8C3-1263-4C07-B028-0E0FD91066A2}] => (Allow) D:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{10FBAC06-9F86-476B-B9BC-D46E6E705000}] => (Allow) D:\Program Files\KMSpico\Service_KMS.exe


==================== Restore Points =========================




==================== Faulty Device Manager Devices =============




==================== Event log errors: =========================


Application errors:
==================
Error: (09/15/2016 05:37:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 52.0.2743.116, time stamp: 0x57a128a8
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0xd64
Faulting application start time: 0x01d20f5170d1eb88
Faulting application path: C:\Program Files\Google\Chrome\Application\chrome.exe
Faulting module path: unknown
Report Id: 491dbe13-7b45-11e6-9746-7824af713162
Faulting package full name: 
Faulting package-relative application ID:


Error: (09/15/2016 05:32:43 PM) (Source: DptfPolicyLpmService) (EventID: 1) (User: )
Description: Event-ID 1


Error: (09/15/2016 05:22:53 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\WINDOWS\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x8004231f).


Error: (09/15/2016 03:11:23 PM) (Source: System Restore) (EventID: 8211) (User: )
Description: The scheduled restore point could not be created.  Additional information: (0x80070070).


Error: (09/15/2016 03:11:23 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\WINDOWS\system32\srtasks.exe ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070070).


Error: (09/15/2016 02:49:51 PM) (Source: VSS) (EventID: 12305) (User: )
Description: Volume Shadow Copy Service error: Volume/disk not connected or not found.
Error context: CreateFileW(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1,0xc0000000,0x00000003,...).




Operation:
   Processing PostFinalCommitSnapshots


Context:
   Execution Context: System Provider


Error: (09/15/2016 02:35:28 PM) (Source: DptfPolicyLpmService) (EventID: 1) (User: )
Description: Event-ID 1


Error: (09/15/2016 02:35:28 PM) (Source: DptfPolicyLpmService) (EventID: 1) (User: )
Description: Event-ID 1


Error: (09/15/2016 02:34:04 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\WINDOWS\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_9dfef83fe2e442e4\TiWorker.exe -Embedding; Description = Windows Modules Installer; Error = 0x8004231f).


Error: (09/15/2016 02:33:50 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\WINDOWS\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x8004231f).




System errors:
=============
Error: (09/15/2016 05:23:00 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Windows Malicious Software Removal Tool for Windows 8, 8.1 and 10 - September 2016 (KB890830).


Error: (09/15/2016 05:22:53 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Microsoft Visio 2016 (KB3115494) 32-Bit Edition.


Error: (09/15/2016 03:10:49 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Microsoft Office 2016 (KB3115495) 32-Bit Edition.


Error: (09/15/2016 03:10:44 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Windows 8.1 (KB2965142).


Error: (09/15/2016 03:10:44 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 8.1 (KB3177186).


Error: (09/15/2016 03:10:44 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 8.1 (KB3178539).


Error: (09/15/2016 02:49:51 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.


Error: (09/15/2016 02:35:09 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Error: (09/15/2016 02:34:17 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Microsoft Office 2016 (KB3115495) 32-Bit Edition.


Error: (09/15/2016 02:34:17 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Windows 8.1 (KB2965142).




CodeIntegrity:
===================================
  Date: 2016-09-15 17:30:10.237
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


  Date: 2016-09-15 17:26:57.021
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


  Date: 2016-09-15 14:34:45.690
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


  Date: 2016-09-13 10:18:04.440
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


  Date: 2016-09-10 14:03:59.221
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


  Date: 2016-09-09 01:35:54.942
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


  Date: 2016-09-08 23:42:48.471
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


  Date: 2016-09-08 23:27:44.659
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


  Date: 2016-09-08 16:23:02.143
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


  Date: 2016-09-02 20:41:04.221
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.




==================== Memory info =========================== 


Processor: Intel(R) Atom(TM) CPU Z3775 @ 1.46GHz
Percentage of memory in use: 65%
Total physical RAM: 1933.14 MB
Available physical RAM: 663.49 MB
Total Virtual: 2260.77 MB
Available Virtual: 652.31 MB


==================== Drives ================================


Drive c: (OS) (Fixed) (Total:20.9 GB) (Free:0.46 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: () (Removable) (Total:28.97 GB) (Free:3.9 GB) FAT32
Drive e: (Data1) (Fixed) (Total:465.76 GB) (Free:195.17 GB) NTFS


==================== MBR & Partition Table ==================


========================================================
Disk: 0 (Size: 29.1 GB) (Disk ID: 6836FA22)


Partition: GPT.


========================================================
Disk: 1 (Size: 29 GB) (Disk ID: 00000000)


Partition: GPT.


========================================================
Disk: 2 (Size: 465.8 GB) (Disk ID: 233EF10A)


Partition: GPT.


==================== End of Addition.txt ============================

[SIZE=5][B][U]FRST
[/U][/B][/SIZE]Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2016
Ran by john (administrator) on SNTODAY (15-09-2016 17:56:11)
Running from C:\Users\john\Desktop
Loaded Profiles: john (Available Profiles: john & Administrator & Guest)
Platform: Microsoft Windows 8.1 (Update) (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: [URL="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/"]FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials[/URL]


==================== Processes (Whitelisted) =================


(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe
(ASUS Cloud Corporation) C:\Program Files\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Foxit Software Inc.) C:\Program Files\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(@ByELDI) D:\Program Files\KMSpico\Service_KMS.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPLoader.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPCenter.exe
(Intel Corporation) C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPHelper.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Adobe Systems Inc.) D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe
(Microsoft Corporation) D:\Program Files\Microsoft Office\Office16\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe
(Microsoft Corporation) D:\Program Files\Microsoft Office\Office16\WINWORD.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_9dfef83fe2e442e4\TiWorker.exe




==================== Registry (Whitelisted) ===========================


(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


HKLM\...\Run: [ASUSPRP] => C:\Program Files\ASUS\APRP\APRP.EXE [1080992 2014-04-11] (ASUSTek Computer Inc.)
HKLM\...\Run: [WebStorage] => C:\Program Files\ASUS\WebStorage\2.1.2.301\ASUSWSLoader.exe [63296 2014-02-25] ()
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe [81360 2014-01-22] (Intel Corporation)
HKLM\...\Run: [RtkNGUI] => C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe [2912256 2014-01-17] (Realtek Semiconductor)
HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [1048576 2014-08-06] ()
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9107616 2016-09-12] (AVAST Software)
HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [25197248 2016-08-31] (Dropbox, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Acrobat Assistant 8.0] => D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3477640 2012-09-23] (Adobe Systems Inc.)
HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [3961968 2016-07-15] (Tonec Inc.)
HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\Run: [SugarSync] => C:\Program Files\SugarSync\SugarSync.exe [18918368 2016-05-19] (SugarSync, Inc.)
HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [644240 2016-06-15] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\Run: [GoogleChromeAutoLaunch_D08D85DCFC7DC1C74F7FE73786AFDD07] => C:\Program Files\Google\Chrome\Application\chrome.exe [961352 2016-08-03] (Google Inc.)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [ !SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files\SugarSync\SugarSyncShellExt.dll [2016-05-19] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [ !SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files\SugarSync\SugarSyncShellExt.dll [2016-05-19] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [ !SugarSyncSharedSyncing] -> {F7395C2E-A5D8-4a32-9536-5C6A9F1DC450} => C:\Program Files\SugarSync\SugarSyncShellExt.dll [2016-05-19] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [ !SugarSyncSynced] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files\SugarSync\SugarSyncShellExt.dll [2016-05-19] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_BN] -> {CC5FC992-B0AA-47CD-9DC2-83445083CBB9} => C:\Program Files\Common Files\AWS\2.1.2.301\ASUSWSShellExt.dll [2013-06-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_ON] -> {618A47A2-528B-4D9A-AFC8-97D3233511E3} => C:\Program Files\Common Files\AWS\2.1.2.301\ASUSWSShellExt.dll [2013-06-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_UN] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files\Common Files\AWS\2.1.2.301\ASUSWSShellExt.dll [2013-06-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-09-01] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Cyberoam General Authentication Client.lnk [2016-07-27]
ShortcutTarget: Cyberoam General Authentication Client.lnk -> C:\Program Files\Cyberoam\Cyberoam General Authentication Client\CyberoamClient.exe ()
Startup: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-09-15]
ShortcutTarget: Send to OneNote.lnk -> D:\Program Files\Microsoft Office\Office16\ONENOTEM.EXE (Microsoft Corporation)


==================== Internet (Whitelisted) ====================


(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{DC3F7DB0-A95E-4F15-8348-BED0679CEF24}: [DhcpNameServer] 40.51.1.13
Tcpip\..\Interfaces\{ED5A8691-112E-4B41-AD16-64AE84004562}: [DhcpNameServer] 192.168.1.1


Internet Explorer:
==================
HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com/?pc=ASJB
HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
SearchScopes: HKU\S-1-5-21-1211984804-1430602019-1276967695-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2016-07-05] (Internet Download Manager, Tonec Inc.)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-09-01] (AVAST Software)
BHO: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1211984804-1430602019-1276967695-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - D:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-06-14] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - D:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-06-14] (Microsoft Corporation)


FireFox:
========
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-06-07] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-06-07] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-06-07] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-06-07] (Foxit Corporation)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2015-08-27] (Google, Inc.)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll [2013-07-13] (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll [2013-07-13] (Intel Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> D:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: Adobe Acrobat -> D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-09-01]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-09-01]
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2016-07-27] [not signed]
FF HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\john\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\john\AppData\Roaming\IDM\idmmzcc5 [2016-09-15] [not signed]
FF HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2016-06-08]


Chrome: 
=======
CHR DefaultSearchKeyword: Default -> cal
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\john\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-09]
CHR Extension: (Google Docs) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-09]
CHR Extension: (Task Timer) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomfjmibjhhfdenfkpaodhnlhkolngif [2016-09-09]
CHR Extension: (Google Drive) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-09]
CHR Extension: (Gliffy Diagrams) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmicilclplefnflapjmnngmkkkkpfad [2016-09-09]
CHR Extension: (YouTube) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-09]
CHR Extension: (Calendar and Countdown) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\caplfhpahpkhhckglldpmdmjclabckhc [2016-09-09]
CHR Extension: (OneTab) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2016-09-09]
CHR Extension: (High Contrast) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcfdncoelnlbldjfhinnjlhdjlikmph [2016-09-09]
CHR Extension: (Adobe Acrobat) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2016-09-09]
CHR Extension: (Google Calendar) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2016-09-09]
CHR Extension: (Avast SafePrice) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-09-10]
CHR Extension: (Morphine) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbnpehpbojenlldmfcopeajkichnnjpo [2016-09-09]
CHR Extension: (Google Sheets) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-09]
CHR Extension: (Notepad) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffbhefmlcoihbjcmibbfkocmnaiacinp [2016-09-09]
CHR Extension: (Google Docs Offline) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-09]
CHR Extension: (AdBlock) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-09-09]
CHR Extension: (Google Calendar (by Google)) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2016-09-09]
CHR Extension: (Avast Online Security) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-09-09]
CHR Extension: (Super Simple Highlighter) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlhjgianpocpoppaiihmlpgcoehlhio [2016-09-09]
CHR Extension: (Checker Plus for Google Calendar™) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkhggnncdpfibdhinjiegagmopldibha [2016-09-12]
CHR Extension: (Google Keep - notes and lists) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2016-09-13]
CHR Extension: (Apps Launcher) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijmgkhchjindcjamnckoiahagecjnkdc [2016-09-14]
CHR Extension: (Spreed - speed read the web) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipikiaejjblmdopojhpejjmbedhlibno [2016-09-09]
CHR Extension: (Simple Notepad) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfjclcfpbfhdmikhohhjacgdmndneckj [2016-09-09]
CHR Extension: (BugMeNot Lite) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\lackfehpdclhclidcbbfcemcpolgdgnb [2016-09-09]
CHR Extension: (Progress Bar Timer) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmnlbapfmmoaehepmgbkgfcgpddlhbko [2016-09-09]
CHR Extension: (Pocket) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2016-09-10]
CHR Extension: (Prioritab) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\napbejkndjhcciibiglkimmgdlfjcbnp [2016-09-09]
CHR Extension: (IDM Integration Module) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-09-09]
CHR Extension: (Save to Pocket) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2016-09-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-09]
CHR Extension: (Citavi Picker) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgndokldibnndfnjnagojmheejlengn [2016-09-09]
CHR Extension: (Readability) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\oknpjjbmpnndlpmnhmekjpocelpnlfdi [2016-09-09]
CHR Extension: (Freelancy Time Tracker) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\olkajbcicgbkoefeclmjjbdhidnnmgkh [2016-09-09]
CHR Extension: (Browsec VPN - Privacy and Security Online) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\omghfjlpggmjjaagoclmmobgdodcjboh [2016-09-09]
CHR Extension: (SiteBlock) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfglnpdpgmecffbejlfgpnebopinlclj [2016-09-09]
CHR Extension: (Gmail) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-09]
CHR Extension: (Chrome Media Router) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-09]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2016-06-09]
CHR HKLM\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn] - hxxps://clients2.google.com/service/update2/crx


==================== Services (Whitelisted) ========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


R2 AsHidService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe [103224 2013-09-09] (ASUSTek Computer Inc.)
R2 ASLDRService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe [115512 2014-02-18] (ASUSTek Computer Inc.)
R2 Asus WebStorage Windows Service; C:\Program Files\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe [71680 2014-02-25] (ASUS Cloud Corporation) [File not signed]
R2 ATKGFNEXSrv; C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2011-11-22] (ASUS)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-01] (AVAST Software)
S2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [1677016 2014-08-07] (Broadcom Corporation.)
S3 cphs; C:\WINDOWS\system32\IntelCpHeciSvc.exe [277304 2014-02-11] (Intel Corporation)
S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-07-15] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-07-15] (Dropbox, Inc.)
R2 DptfParticipantProcessorService; C:\WINDOWS\system32\DptfParticipantProcessorService.exe [83920 2014-01-22] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\WINDOWS\system32\DptfPolicyCriticalService.exe [96720 2014-01-22] (Intel Corporation)
R2 DptfPolicyLpmService; C:\WINDOWS\system32\DptfPolicyLpmService.exe [90576 2014-01-22] (Intel Corporation)
R2 FoxitReaderService; C:\Program Files\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1647808 2016-06-21] (Foxit Software Inc.)
R2 hasplms; C:\WINDOWS\system32\hasplms.exe [4609928 2013-08-01] (SafeNet Inc.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [586752 2013-07-02] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [637912 2013-07-02] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe [168216 2014-01-15] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files\Common Files\LENOVO\easyplussdk\bin\EPHotspot.exe [509424 2015-06-08] (Lenovo)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [154256 2016-06-15] (Sandboxie Holdings, LLC)
R2 Service KMSELDI; d:\Program Files\KMSpico\Service_KMS.exe [739520 2015-09-27] (@ByELDI) [File not signed]
S3 ShareItSvc; D:\Program Files\SHAREit\Shareit.Service.exe [31704 2016-03-31] (SHAREit Technologies Co.Ltd)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [7248144 2016-08-09] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [284520 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22224 2015-07-07] (Microsoft Corporation)


===================== Drivers (Whitelisted) ==========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


R2 aksfridge; C:\WINDOWS\system32\drivers\aksfridge.sys [376200 2013-08-01] (SafeNet Inc.)
R2 ASMMAP; C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys [13880 2009-07-03] (ASUS)
R3 AsusHID; C:\WINDOWS\System32\drivers\AsusHID.sys [68888 2014-04-09] (ASUS Corporation)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [34008 2016-09-01] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [35096 2016-09-01] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [92256 2016-09-01] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [91232 2016-09-01] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [60424 2016-09-01] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [735488 2016-09-13] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [434144 2016-09-01] (AVAST Software)
S2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [118664 2016-09-01] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [224616 2016-09-01] (AVAST Software)
R1 ATKWMIACPIIO; C:\Program Files\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi.sys [17720 2013-07-03] (ASUSTek Computer Inc.)
S3 AX88772; C:\WINDOWS\system32\DRIVERS\ax88772.sys [97896 2013-07-18] (ASIX Electronics Corp.)
R3 BCMSDH43XX; C:\WINDOWS\system32\DRIVERS\bcmdhd63.sys [304344 2014-08-07] (Broadcom Corp)
R3 BthMini; C:\WINDOWS\System32\Drivers\BTHMINI.sys [23552 2014-10-29] (Microsoft Corporation)
S3 btwampfl; C:\WINDOWS\system32\DRIVERS\btwampfl.sys [144600 2014-08-07] (Broadcom Corporation.)
R3 BtwSerialBus; C:\WINDOWS\system32\DRIVERS\BtwSerialBus.sys [130776 2014-08-07] (Broadcom Corporation.)
R3 camera; C:\WINDOWS\system32\DRIVERS\camera.sys [345088 2013-12-02] (Intel Corporation)
R3 CM3218x; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [188416 2014-05-31] (Microsoft Corporation)
R3 CPLMACPI; C:\WINDOWS\system32\DRIVERS\CPLMACPI.sys [16488 2013-09-06] (Capella Microsystems, Inc.)
R3 DptfDevDBPT; C:\WINDOWS\system32\DRIVERS\DptfDevPower.sys [25552 2014-01-22] (Intel Corporation)
R3 DptfDevDisplay; C:\WINDOWS\system32\DRIVERS\DptfDevDisplay.sys [28112 2014-01-22] (Intel Corporation)
R3 DptfDevGen; C:\WINDOWS\system32\DRIVERS\DptfDevGen.sys [36304 2014-01-22] (Intel Corporation)
R3 DptfDevProc; C:\WINDOWS\system32\DRIVERS\DptfDevProc.sys [80848 2014-01-22] (Intel Corporation)
R3 DptfManager; C:\WINDOWS\system32\DRIVERS\DptfManager.sys [181712 2014-01-22] (Intel Corporation)
R3 GPIO; C:\WINDOWS\System32\drivers\iaiogpioe.sys [23552 2013-12-30] (Intel Corporation)
R3 GpioVirtual; C:\WINDOWS\System32\drivers\iaiogpiovirtual.sys [16896 2013-12-30] (Intel Corporation)
R2 hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [608648 2013-08-01] (SafeNet Inc.)
R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsHIDSwitch.sys [17720 2013-10-08] (ASUS)
S1 hwinterface; C:\WINDOWS\System32\Drivers\hwinterface.sys [3026 2016-08-07] (Logix4u) [File not signed]
R3 iaioi2c; C:\WINDOWS\System32\drivers\iaioi2ce.sys [58368 2013-11-15] (Intel Corporation)
R3 iaiouart; C:\WINDOWS\System32\drivers\iaiouart.sys [87552 2013-12-30] (Intel Corporation)
S0 iaStorA; C:\WINDOWS\System32\drivers\iaStorA.sys [489832 2013-12-16] (Intel Corporation)
R2 inpout32; C:\WINDOWS\System32\Drivers\inpout32.sys [11936 2016-08-05] (Highresolution Enterprises [[URL="http://www.highrez.co.uk]"]www.highrez.co.uk][/URL])
S3 intaud_WaveExtensible; C:\WINDOWS\system32\drivers\intelaud.sys [32664 2014-01-23] (Intel Corporation)
R3 IntelSST; C:\WINDOWS\system32\drivers\isstrtc.sys [254464 2013-12-30] (Intel(R) Corporation)
R3 INVN_MotionApps; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [188416 2014-05-31] (Microsoft Corporation)
R3 iwdbus; C:\WINDOWS\System32\drivers\iwdbus.sys [23448 2014-01-23] (Intel Corporation)
R0 MBI; C:\WINDOWS\System32\drivers\MBI.sys [21456 2013-12-30] (Intel Corporation)
R3 MT9M114; C:\WINDOWS\System32\drivers\MT9M114.sys [38912 2013-12-02] (Intel Corporation)
S3 NETwNs32; C:\WINDOWS\system32\DRIVERS\Netwsn00.sys [10372096 2013-06-18] (Intel Corporation)
R3 PMIC; C:\WINDOWS\System32\drivers\PMIC.sys [48128 2013-12-30] (Intel Corporation)
R3 rtii2sac; C:\WINDOWS\system32\DRIVERS\rtii2sac.sys [169176 2014-03-14] (Realtek Semiconductor Corp.)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [177296 2016-06-15] (Sandboxie Holdings, LLC)
R3 SensorsServiceDriver; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [188416 2014-05-31] (Microsoft Corporation)
R3 teamviewervpn; C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys [25088 2016-07-05] (TeamViewer GmbH)
R3 TXEI; C:\WINDOWS\System32\drivers\TXEI.sys [75792 2014-02-26] (Intel Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [38928 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [233304 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [84824 2015-07-07] (Microsoft Corporation)
U0 msahci; no ImagePath


==================== NetSvcs (Whitelisted) ===================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)




==================== One Month Created files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2016-09-15 17:56 - 2016-09-15 17:56 - 00031615 _____ C:\Users\john\Desktop\FRST.txt
2016-09-15 17:55 - 2016-09-15 17:55 - 01748992 _____ (Farbar) C:\Users\john\Desktop\FRST.exe
2016-09-15 17:55 - 2016-09-15 17:55 - 00000000 ____D C:\Users\john\Desktop\FRST-OlderVersion
2016-09-15 17:51 - 2016-09-15 17:53 - 00031686 _____ C:\Users\john\Desktop\reg.txt
2016-09-15 17:51 - 2016-09-08 23:48 - 00278831 _____ C:\Users\john\Desktop\wireless.exe
2016-09-15 17:49 - 2016-09-15 17:49 - 00035851 _____ C:\Users\john\Desktop\MTB.txt
2016-09-15 17:36 - 2016-09-15 17:36 - 03861056 _____ C:\Users\john\Desktop\adwcleaner_6.020.exe
2016-09-15 15:01 - 2014-04-14 07:07 - 00865280 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2016-09-15 14:29 - 2014-08-16 07:46 - 01205976 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2016-09-15 14:29 - 2014-08-16 05:13 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2016-09-15 14:29 - 2014-08-16 05:01 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll
2016-09-15 14:29 - 2014-08-16 04:51 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcsvDevice.dll
2016-09-15 14:29 - 2014-08-16 04:45 - 00586752 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2016-09-15 14:29 - 2014-08-16 04:44 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2016-09-15 14:29 - 2014-08-16 04:43 - 05902848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-09-15 14:29 - 2014-08-16 04:43 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2016-09-15 14:29 - 2014-08-16 04:41 - 03985408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2016-09-15 14:29 - 2014-08-16 04:35 - 00877056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2016-09-15 14:29 - 2014-07-24 15:12 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2016-09-15 14:03 - 2014-05-19 10:03 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvcfg.exe
2016-09-15 14:03 - 2014-05-19 09:53 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe
2016-09-15 13:33 - 2016-08-13 12:15 - 05761880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-09-15 13:33 - 2016-08-13 12:14 - 01471544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-09-15 13:33 - 2016-08-13 12:14 - 01395664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-09-15 13:33 - 2016-08-13 12:14 - 01284576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-09-15 13:33 - 2016-08-13 12:14 - 01271152 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-09-15 13:33 - 2016-08-13 12:14 - 01173016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-09-15 13:33 - 2016-08-13 02:49 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2016-09-15 13:33 - 2014-04-11 12:55 - 00419928 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2016-09-15 12:42 - 2014-04-18 18:13 - 00031064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll
2016-09-15 12:42 - 2014-04-18 13:21 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\energyprov.dll
2016-09-15 12:42 - 2014-04-14 12:31 - 00285144 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-09-15 12:42 - 2014-04-11 08:53 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2016-09-15 12:42 - 2014-04-11 07:57 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2016-09-15 12:42 - 2014-04-09 10:14 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll
2016-09-15 12:42 - 2014-04-06 19:53 - 00098584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2016-09-15 12:42 - 2014-04-06 19:52 - 00178184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2016-09-15 12:42 - 2014-04-06 19:48 - 00271192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2016-09-15 12:42 - 2014-04-06 19:46 - 01209616 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2016-09-15 12:42 - 2014-04-06 19:46 - 01159520 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2016-09-15 12:42 - 2014-04-06 19:46 - 00707048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-09-15 12:42 - 2014-04-06 19:46 - 00669856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2016-09-15 12:42 - 2014-04-06 19:46 - 00518544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2016-09-15 12:42 - 2014-04-06 16:36 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\srclient.dll
2016-09-15 12:42 - 2014-04-06 16:30 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2016-09-15 12:42 - 2014-04-06 16:17 - 00264704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2016-09-15 12:42 - 2014-04-06 16:10 - 00245248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe
2016-09-15 12:42 - 2014-04-06 15:28 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2016-09-15 12:42 - 2014-04-06 15:07 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-09-15 12:42 - 2014-04-06 15:06 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-09-15 12:42 - 2014-04-06 14:29 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2016-09-15 12:42 - 2014-04-03 08:33 - 00230808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2016-09-15 12:42 - 2014-04-03 06:53 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\tlscsp.dll
2016-09-15 12:42 - 2014-03-27 09:18 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2016-09-15 12:42 - 2014-03-27 08:49 - 00313344 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2016-09-15 12:42 - 2014-03-27 07:52 - 00244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2016-09-15 12:42 - 2014-03-27 07:33 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll
2016-09-15 12:42 - 2014-03-19 11:47 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll
2016-09-15 12:42 - 2014-03-19 11:39 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2016-09-15 12:42 - 2014-03-19 09:30 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-09-15 12:42 - 2014-03-19 09:21 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2016-09-15 12:42 - 2014-03-19 09:17 - 01309184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2016-09-15 12:42 - 2014-03-18 11:52 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2016-09-15 12:42 - 2014-03-17 08:41 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2016-09-15 12:42 - 2014-03-17 07:15 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2016-09-15 12:41 - 2014-07-15 21:37 - 02257584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2016-09-15 12:41 - 2014-07-15 12:33 - 02344448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2016-09-15 12:41 - 2014-07-15 12:25 - 02045440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll
2016-09-15 12:41 - 2014-05-01 15:30 - 00046512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wpcfltr.sys
2016-09-15 12:17 - 2016-08-21 03:21 - 01118720 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-09-15 12:17 - 2016-08-21 03:20 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-09-15 12:17 - 2016-08-14 22:44 - 01403320 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-09-15 12:17 - 2016-08-14 21:52 - 03475968 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-09-15 12:15 - 2014-05-13 09:51 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\BulkOperationHost.exe
2016-09-15 12:15 - 2014-05-13 08:13 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2016-09-15 12:15 - 2014-05-03 09:27 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-09-15 12:15 - 2014-05-03 09:16 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncobjapi.dll
2016-09-15 12:15 - 2014-05-03 09:07 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedynos.dll
2016-09-15 12:15 - 2014-05-03 09:07 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedyn.dll
2016-09-15 12:15 - 2014-04-30 10:02 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwififlt.sys
2016-09-15 12:15 - 2014-04-30 09:59 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2016-09-15 12:15 - 2014-04-30 09:18 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
2016-09-15 12:15 - 2014-04-30 08:16 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2016-09-15 12:15 - 2014-04-30 08:16 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2016-09-15 12:15 - 2014-04-30 08:16 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll
2016-09-15 12:15 - 2014-04-30 08:15 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll
2016-09-15 12:15 - 2014-04-30 07:45 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2016-09-15 12:15 - 2014-04-14 12:38 - 01797896 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2016-09-15 12:15 - 2014-04-14 09:48 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d8thk.dll
2016-09-15 11:49 - 2014-08-23 10:02 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2016-09-15 11:49 - 2014-08-23 08:32 - 00612352 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2016-09-15 11:47 - 2016-09-15 11:47 - 00914104 _____ C:\Users\john\Desktop\The Art of Forgetting.pdf
2016-09-15 11:41 - 2016-09-15 14:25 - 00010033 _____ C:\Users\john\Desktop\Book of all to do.xlsx
2016-09-15 11:37 - 2014-07-12 08:13 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2016-09-15 11:36 - 2016-08-21 03:35 - 05273600 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll
2016-09-15 11:36 - 2016-08-21 02:57 - 05268480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-09-15 11:31 - 2016-09-01 07:38 - 20312064 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-09-15 11:31 - 2016-09-01 07:16 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-09-15 11:31 - 2016-09-01 06:54 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-09-15 11:31 - 2016-09-01 06:09 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-09-15 11:31 - 2016-09-01 06:00 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-09-15 11:31 - 2016-09-01 05:57 - 13808128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-09-15 11:31 - 2016-09-01 05:54 - 04607488 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-09-15 11:31 - 2016-09-01 05:13 - 02445824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-09-15 11:31 - 2016-09-01 05:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-09-15 11:31 - 2016-09-01 05:08 - 01316352 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-09-15 11:31 - 2016-08-26 09:14 - 02286592 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-09-15 11:31 - 2016-08-26 08:30 - 01049600 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-09-15 11:22 - 2016-08-10 03:17 - 00611576 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2016-09-15 11:20 - 2016-09-09 02:21 - 00332632 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-09-15 11:20 - 2016-08-22 20:39 - 00136872 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2016-09-15 11:20 - 2016-08-22 20:39 - 00077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2016-09-15 11:20 - 2016-08-21 04:31 - 00153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-09-15 11:20 - 2016-08-21 04:30 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-09-15 11:20 - 2016-08-21 04:29 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-09-14 10:36 - 2016-09-14 11:49 - 00001614 _____ C:\Users\john\Downloads\dcopycopy.m
2016-09-11 22:43 - 2016-09-11 22:43 - 00000000 _____ C:\WINDOWS\system32\last.dump
2016-09-10 23:15 - 2016-09-03 22:18 - 00143995 _____ C:\Users\john\Downloads\d - Copy - Copy.mat
2016-09-10 23:15 - 2016-09-03 22:18 - 00143995 _____ C:\Users\john\Downloads\d - Copy - Copy (3).mat
2016-09-10 23:15 - 2016-09-03 22:18 - 00143995 _____ C:\Users\john\Downloads\d - Copy - Copy (2).mat
2016-09-10 14:02 - 2016-09-10 14:02 - 00000000 ____D C:\Users\Guest\AppData\Local\VirtualStore
2016-09-09 12:48 - 2016-09-09 12:48 - 00000000 ____D C:\ProgramData\IDM
2016-09-09 00:40 - 2016-09-09 00:01 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
2016-09-09 00:01 - 2016-09-09 00:33 - 00000000 ____D C:\zoek_backup
2016-09-08 23:54 - 2016-09-15 17:56 - 00000000 ____D C:\FRST
2016-09-08 23:38 - 2016-09-08 23:38 - 00000000 ____D C:\ProgramData\Blio
2016-09-08 23:37 - 2016-09-08 23:37 - 00001706 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Blio eBooks.lnk
2016-09-08 23:37 - 2016-09-08 23:37 - 00000000 ____D C:\Users\john\AppData\Roaming\Blio
2016-09-08 23:37 - 2016-09-08 23:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-NFB Reading Technology
2016-09-08 23:36 - 2016-09-15 17:41 - 00000000 ____D C:\AdwCleaner
2016-09-08 23:34 - 2016-09-08 23:34 - 00892416 _____ (Farbar) C:\Users\john\Desktop\MiniToolBox.exe
2016-09-08 19:31 - 2016-09-08 19:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\UnCleaner
2016-09-08 19:31 - 2016-09-08 19:31 - 00000000 ____D C:\Program Files\UnCleaner
2016-09-08 16:42 - 2016-09-08 16:43 - 01584719 _____ C:\Users\john\Downloads\butterfly-wallpaper.jpeg
2016-09-08 16:14 - 2016-09-08 16:14 - 00773572 _____ (Soft98.iR) C:\Users\john\Downloads\Unconfirmed 993990.crdownload
2016-09-05 15:51 - 2016-09-05 16:03 - 00000000 ____D C:\Users\john\Desktop\New folder
2016-09-05 11:33 - 2016-09-15 17:33 - 00000560 _____ C:\WINDOWS\Tasks\MATLAB R2014a Startup Accelerator.job
2016-09-05 11:33 - 2016-09-05 11:33 - 00000906 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MATLAB R2014a.lnk
2016-09-05 11:33 - 2016-09-05 11:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MATLAB
2016-09-05 11:33 - 2016-09-05 11:33 - 00000000 ____D C:\ProgramData\MathWorks
2016-09-05 10:47 - 2016-09-11 16:25 - 00000000 ____D C:\Users\john\AppData\Roaming\Psiphon3
2016-09-04 00:04 - 2016-09-04 00:10 - 00000000 ____D C:\Users\john\Downloads\Video
2016-09-03 22:21 - 2016-09-03 22:18 - 00143995 _____ C:\Users\john\Downloads\d2.mat
2016-09-03 22:21 - 2016-09-03 22:18 - 00143995 _____ C:\Users\john\Downloads\d - Copy.mat
2016-09-03 22:18 - 2016-09-03 22:18 - 00143995 _____ C:\Users\john\Downloads\d.mat
2016-09-03 02:25 - 2016-09-03 02:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-09-02 21:42 - 2016-09-02 21:43 - 00148586 _____ C:\Users\john\Documents\Picasa.pdf
2016-09-02 21:41 - 2016-09-13 22:18 - 00000000 ____D C:\Users\john\Downloads\Telegram Desktop
2016-09-02 20:41 - 2016-09-02 20:41 - 00001142 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-09-02 15:09 - 2016-09-14 14:18 - 00000000 ____D C:\Users\john\Downloads\Compressed
2016-09-01 22:58 - 2016-09-01 22:58 - 01623442 _____ C:\Users\john\Documents\fatemehID.pdf
2016-09-01 22:16 - 2016-09-01 22:15 - 00319760 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2016-09-01 22:15 - 2016-09-01 22:15 - 00053208 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2016-08-29 23:32 - 2016-08-29 23:32 - 00000000 ____D C:\Users\john\AppData\Roaming\Canon
2016-08-29 23:05 - 2016-08-29 23:05 - 00000000 ___HD C:\WINDOWS\system32\CanonMF Uninstaller Information
2016-08-29 23:05 - 2016-08-29 23:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon
2016-08-29 23:05 - 2014-03-04 10:50 - 00338944 _____ (CANON INC.) C:\WINDOWS\system32\CNCC210.DLL
2016-08-29 23:05 - 2014-03-04 10:50 - 00138240 _____ (CANON INC.) C:\WINDOWS\system32\CNCE210.DLL
2016-08-29 23:05 - 2014-03-04 10:50 - 00112640 _____ (CANON INC.) C:\WINDOWS\system32\CNCL210.DLL
2016-08-29 23:05 - 2014-03-04 10:50 - 00112128 _____ (CANON INC.) C:\WINDOWS\system32\CNCLSD48b.DLL
2016-08-29 23:05 - 2014-03-04 10:50 - 00100352 _____ (CANON INC.) C:\WINDOWS\system32\CNCLSI48b.DLL
2016-08-29 23:05 - 2014-03-04 10:50 - 00090624 _____ (CANON INC.) C:\WINDOWS\system32\CNCLST48b.DLL
2016-08-29 23:05 - 2014-03-04 10:50 - 00082432 _____ (CANON INC.) C:\WINDOWS\system32\CNCI210.DLL
2016-08-29 23:05 - 2014-03-04 10:50 - 00073728 _____ (CANON INC.) C:\WINDOWS\system32\CNCLSC48b.DLL
2016-08-29 23:05 - 2014-03-04 10:50 - 00066560 _____ (CANON INC.) C:\WINDOWS\system32\CNCLSU48b.DLL
2016-08-29 23:05 - 2014-02-03 19:19 - 00000431 _____ C:\WINDOWS\system32\CNCMFP48.INI
2016-08-29 23:04 - 2016-08-29 23:04 - 00000000 ____D C:\Program Files\Canon
2016-08-29 22:16 - 2016-08-29 22:16 - 00000341 _____ C:\Users\john\Desktop\fg.ini
2016-08-29 19:36 - 2016-08-29 19:36 - 00000948 _____ C:\Users\john\Desktop\Folders - Shortcut.lnk
2016-08-29 19:31 - 2016-08-29 19:31 - 00000980 _____ C:\Users\john\Desktop\fg759p - Shortcut.lnk
2016-08-29 19:30 - 2016-09-15 17:36 - 00000000 ___RD C:\Users\john\Desktop\Shortcuts
2016-08-29 11:26 - 2016-08-29 11:26 - 00000000 ____D C:\Users\john\AppData\Local\Chromium
2016-08-29 11:11 - 2016-08-29 11:11 - 00000000 ____D C:\Users\john\AppData\Local\IsolatedStorage
2016-08-29 11:09 - 2016-09-15 02:01 - 00000000 ____D C:\Users\john\Documents\Blio
2016-08-29 10:59 - 2016-08-29 10:59 - 00000000 ____D C:\Users\Public\Blio
2016-08-29 10:52 - 2016-08-29 10:52 - 00000000 ____D C:\Users\john\Documents\My Digital Editions
2016-08-22 11:43 - 2016-08-22 23:18 - 00000006 _____ C:\Users\john\AppData\Roaming\SmartDiarySuite.dic-sds
2016-08-22 11:42 - 2016-08-22 11:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Diary Suite 4
2016-08-21 20:06 - 2016-08-21 20:06 - 00000000 ____D C:\Users\john\AppData\Local\Doist_Ltd
2016-08-21 20:05 - 2016-08-21 20:05 - 00000000 ____D C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Todoist
2016-08-21 20:05 - 2016-08-21 20:05 - 00000000 ____D C:\Users\john\AppData\Local\Todoist
2016-08-20 13:31 - 2016-08-20 13:31 - 00012362 ____H C:\Users\john\Desktop\~WRL0005.tmp
2016-08-20 12:14 - 2016-08-20 12:14 - 00001041 _____ C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Temp File Cleaner.lnk
2016-08-20 12:14 - 2016-08-20 12:14 - 00000000 ____D C:\Users\john\AppData\Roaming\addpcs
2016-08-20 12:14 - 2016-08-20 12:14 - 00000000 ____D C:\Program Files\Temp File Cleaner
2016-08-18 16:49 - 2016-08-18 16:49 - 00000728 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anki.lnk
2016-08-18 16:49 - 2016-08-18 16:49 - 00000716 _____ C:\Users\Guest\Desktop\Anki.lnk
2016-08-18 16:49 - 2016-08-18 16:49 - 00000716 _____ C:\Users\Administrator\Desktop\Anki.lnk
2016-08-18 16:49 - 2016-08-18 16:49 - 00000000 ____D C:\Program Files\Anki
2016-08-17 10:53 - 2016-09-05 11:37 - 00000000 ____D C:\Users\john\AppData\Local\MathWorks
2016-08-17 10:53 - 2016-08-17 10:53 - 00000000 ____D C:\Users\john\AppData\Roaming\Subversion
2016-08-17 10:47 - 2016-08-17 10:47 - 00000000 ____D C:\Users\john\AppData\Roaming\MathWorks
2016-08-17 08:52 - 2016-08-17 08:52 - 00000000 ____D C:\Users\john\AppData\Local\VS Revo Group
2016-08-17 08:52 - 2016-08-17 08:52 - 00000000 ____D C:\ProgramData\VS Revo Group
2016-08-17 08:52 - 2016-08-17 08:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2016-08-17 08:52 - 2009-12-30 10:21 - 00027192 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys
2016-08-16 20:37 - 2004-09-06 09:05 - 00645120 _____ C:\WINDOWS\system32\config.gms


==================== One Month Modified files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2016-09-15 17:56 - 2013-08-22 12:35 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-09-15 17:54 - 2016-07-15 15:49 - 00000908 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-09-15 17:37 - 2014-04-11 07:13 - 00799478 _____ C:\WINDOWS\system32\prfh0816.dat
2016-09-15 17:37 - 2014-04-11 07:13 - 00164812 _____ C:\WINDOWS\system32\prfc0816.dat
2016-09-15 17:37 - 2014-03-18 12:31 - 01816356 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-09-15 17:37 - 2013-08-22 10:51 - 00000000 ____D C:\WINDOWS\inf
2016-09-15 17:36 - 2016-07-15 15:30 - 00000000 ____D C:\Users\john\AppData\Roaming\IDM
2016-09-15 17:34 - 2016-02-07 03:01 - 00000000 ____D C:\Users\john\Documents\Anki
2016-09-15 17:33 - 2016-02-07 03:15 - 00000000 ___RD C:\Users\john\Dropbox
2016-09-15 17:32 - 2016-07-15 15:49 - 00000904 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-09-15 17:32 - 2016-07-10 02:11 - 00000906 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-15 17:32 - 2016-02-07 02:51 - 00000000 __RDO C:\Users\john\OneDrive
2016-09-15 17:30 - 2013-08-22 11:53 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-09-15 17:29 - 2013-08-22 10:43 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-09-15 17:27 - 2013-08-22 11:52 - 00362144 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-09-15 17:24 - 2013-08-22 12:47 - 00000000 ____D C:\WINDOWS\MediaViewer
2016-09-15 17:24 - 2013-08-22 12:47 - 00000000 ____D C:\WINDOWS\FileManager
2016-09-15 17:24 - 2013-08-22 12:47 - 00000000 ____D C:\WINDOWS\Camera
2016-09-15 17:24 - 2013-08-22 10:51 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-09-15 17:23 - 2016-07-10 04:06 - 00000000 ____C C:\WINDOWS\system32\MRT.exe
2016-09-15 17:22 - 2016-07-10 02:11 - 00000910 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-15 15:11 - 2013-08-22 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-09-15 14:50 - 2013-08-22 12:47 - 00000000 ___RD C:\WINDOWS\ToastData
2016-09-15 14:32 - 2016-08-06 10:57 - 00000000 ____D C:\Users\john\AppData\Roaming\GoldenDict
2016-09-15 14:32 - 2016-07-10 02:13 - 00000000 ____D C:\Users\john\AppData\Roaming\Everything
2016-09-15 11:46 - 2016-07-10 02:34 - 00000000 ____D C:\ProgramData\Foxit Software
2016-09-14 14:21 - 2016-07-15 15:30 - 00000000 ____D C:\Users\john\AppData\Roaming\DMCache
2016-09-14 12:04 - 2016-07-15 15:19 - 00000000 ____D C:\Users\john\AppData\Roaming\Telegram Desktop
2016-09-14 10:09 - 2016-04-17 06:25 - 00000000 ____D C:\Users\john\Documents\MATLAB
2016-09-13 22:16 - 2016-07-10 03:20 - 00735488 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2016-09-13 22:14 - 2016-07-16 21:12 - 00000000 ____D C:\Users\john\AppData\Roaming\vlc
2016-09-13 10:33 - 2016-02-18 20:33 - 00000000 ____D C:\Users\john\Documents\OneNote Notebooks
2016-09-09 00:33 - 2016-08-07 19:02 - 00000000 ____D C:\Users\Guest\AppData\Local\Google
2016-09-08 19:32 - 2016-07-17 12:13 - 00000000 ____D C:\WINDOWS\Downloaded Installations
2016-09-08 19:32 - 2013-08-22 12:47 - 00000000 ____D C:\WINDOWS\system32\MsDtc
2016-09-08 16:29 - 2016-07-15 15:20 - 00000000 ____D C:\Users\john\AppData\Roaming\TeamViewer
2016-09-07 05:41 - 2016-07-10 10:45 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-09-07 05:41 - 2016-07-10 10:45 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-09-04 17:56 - 2016-02-07 02:22 - 00000000 ____D C:\Users\john\AppData\Local\Packages
2016-09-03 02:25 - 2016-07-15 15:49 - 00000000 ____D C:\Program Files\Dropbox
2016-09-02 20:15 - 2014-04-11 06:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2016-09-02 20:15 - 2014-04-11 06:40 - 00000000 ____D C:\Program Files\ASUS
2016-09-01 22:15 - 2016-07-10 03:20 - 00434144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2016-09-01 22:15 - 2016-07-10 03:20 - 00224616 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2016-09-01 22:15 - 2016-07-10 03:20 - 00118664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2016-09-01 22:15 - 2016-07-10 03:20 - 00092256 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2016-09-01 22:15 - 2016-07-10 03:20 - 00091232 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2016-09-01 22:15 - 2016-07-10 03:20 - 00060424 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2016-09-01 22:15 - 2016-07-10 03:20 - 00035096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2016-09-01 22:15 - 2016-07-10 03:20 - 00034008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2016-08-29 23:15 - 2013-08-22 12:47 - 00000000 __RSD C:\WINDOWS\Media
2016-08-29 11:13 - 2013-08-22 12:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-08-27 11:16 - 2016-02-08 13:43 - 00000000 ____D C:\Users\john\Documents\Custom Office Templates
2016-08-27 08:27 - 2016-07-15 15:18 - 00000000 ____D C:\Users\john\AppData\Roaming\qBittorrent
2016-08-24 11:40 - 2016-07-15 15:20 - 00000000 ____D C:\Program Files\TeamViewer
2016-08-24 03:19 - 2016-07-10 04:06 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-22 20:55 - 2016-08-08 17:05 - 00002849 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-08-22 13:36 - 2016-07-07 14:55 - 00000000 ____D C:\Users\john
2016-08-21 19:45 - 2016-07-10 03:08 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.1
2016-08-18 16:04 - 2016-07-15 15:20 - 00000943 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk


==================== Files in the root of some directories =======


2016-08-22 11:43 - 2016-08-22 23:18 - 0000006 _____ () C:\Users\john\AppData\Roaming\SmartDiarySuite.dic-sds
2016-08-07 10:54 - 2016-08-07 10:54 - 0004933 _____ () C:\ProgramData\pqoxeahx.aem
2014-04-11 06:40 - 2012-07-30 10:33 - 0000217 _____ () C:\ProgramData\SetStretch.cmd
2014-04-11 06:40 - 2009-07-22 14:34 - 0024576 _____ () C:\ProgramData\SetStretch.exe


Some zero byte size files/folders:
==========================
C:\Windows\System32\MRT.exe


==================== Bamital & volsnap =================


(There is no automatic fix for files that do not pass verification.)


C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed




LastRegBack: 2016-09-15 14:48


==================== End of FRST.txt ============================
 
Last edited by a moderator:

My Computer

System One

  • OS
    8.1
Run first two scans PCHF System Scans post results

Code:
[SIZE=5][U][B]Addition (from FRST)
[/B][/U][/SIZE]Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-09-2016
Ran by john (15-09-2016 17:57:19)
Running from C:\Users\john\Desktop
Microsoft Windows 8.1 (Update) (X86) (2016-07-07 10:31:07)
Boot Mode: Normal
==========================================================




==================== Accounts: =============================


Administrator (S-1-5-21-1211984804-1430602019-1276967695-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-1211984804-1430602019-1276967695-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-1211984804-1430602019-1276967695-1003 - Limited - Enabled)
john (S-1-5-21-1211984804-1430602019-1276967695-1001 - Administrator - Enabled) => C:\Users\john


==================== Security Center ========================


(If an entry is included in the fixlist, it will be removed.)


AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}


==================== Installed Programs ======================


(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)


Adobe Acrobat XI Pro (HKLM\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.00 - Adobe Systems)
Anki (HKLM\...\Anki) (Version:  - )
ANY-maze (HKLM\...\ANY-maze) (Version:  - Stoelting Co.)
ASUS Live Update (HKLM\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.4.3 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.3 - ASUS)
ASUS Smart Gesture (HKLM\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.16 - ASUS)
ATK Package (HKLM\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0033 - ASUS)
Avast Free Antivirus (HKLM\...\Avast) (Version: 12.3.2280 - AVAST Software)
Blio (HKLM\...\{7DBB61C8-34AD-4D60-BEE1-7F694B9A587A}) (Version: 3.1.9534 - K-NFB Reading Technology, Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.93.99.187.1 - Broadcom Corporation)
calibre (HKLM\...\{263E62B9-CB1E-4864-A8A7-37DEAC651484}) (Version: 2.63.0 - Kovid Goyal)
Canon MF210 Series (HKLM\...\{14824AB4-17F5-4909-80AB-A7E24743A47C}) (Version: 4.5.0.0 - CANON INC.)
Citavi 5 (HKLM\...\{7EB278FB-0C3C-445E-8665-4A6CDD9B794E}) (Version: 5.0.0.11 - Swiss Academic Software)
Cyberoam General Authentication Client 2.1.2.7 (HKLM\...\{043251F4-DA3F-44E6-A903-0A9B9FB375B9}}_is1) (Version:  - Cyberoam Technologies Pvt. Ltd.)
Dropbox (HKLM\...\Dropbox) (Version: 9.4.49 - Dropbox, Inc.)
Dropbox Update Helper (Version: 1.3.45.1 - Dropbox, Inc.) Hidden
ePub Converter v2.7.109.352 (HKLM\...\ePub Converter v2.7.109.3522.7.109.352) (Version: 2.7.109.352 - Friends in War)
EthoVision XT 11 (HKLM\...\{6F1198E3-A40C-4C59-B2FC-9A430B36D9AD}) (Version: 11.0.928 - Noldus Information Technology bv)
Everything 1.3.4.686 (x86) (HKLM\...\Everything) (Version:  - )
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 8.0.0.624 - Foxit Software Inc.)
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
GoldenDict (HKLM\...\GoldenDict) (Version:  - )
Google Chrome (HKLM\...\{FD78FCBB-B20E-370E-BA1C-FE6886D4214F}) (Version: 52.0.2743.116 - Google, Inc.)
Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
GraphPad Prism 6 (Trial) (HKLM\...\{E2D64D20-54B1-11E1-72AE-0169BBF12CD6}) (Version: 6.07 - GraphPad Software)
Herramientas de corrección de Microsoft Office 2016: español (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3417 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Internet Download Manager (HKLM\...\Internet Download Manager) (Version:  - Tonec Inc.)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version:  - )
MATLAB R2014a (HKLM\...\Matlab R2014a) (Version: 8.3 - The MathWorks, Inc.)
Metric Collection SDK 35 (Version: 1.2.0006.00 - Lenovo Group Limited) Hidden
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x86) - 12.0.20617 (HKLM\...\{1f407217-9aec-4146-8504-e64ac959c534}) (Version: 12.0.20617.1 - Microsoft Corporation)
Noldus HardwareInterface Iobox 3.0.12 (HKLM\...\{515A24CA-6F55-44F6-94F1-F39BA91DA19E}) (Version: 3.0.12 - Noldus Information Technology bv)
Noldus HardwareInterface MiniIobox 3.0.16 (HKLM\...\{705C9773-3987-45C8-B326-BB8D911A571B}) (Version: 3.0.16 - Noldus Information Technology bv)
Noldus MainConcept Codec Package 8.5 (HKLM\...\{5DA40F7A-56E2-4F77-B37C-5C8092BA249B}) (Version: 8.5.30 - Noldus Information Technology bv)
Noldus MainConcept Encoder Package 7.5 (HKLM\...\{6DF93DFB-24DA-48F9-8C73-E3A35F79107E}) (Version: 7.5.4 - Noldus Information Technology bv)
Noldus MediaLooks A/V Filters 3.2 (HKLM\...\{505F9AC2-C8AD-4E17-98AE-B5CF4D1F2D21}) (Version: 3.2.00 - Noldus Information Technology bv)
Noldus RBRMInterface (HKLM\...\{EDB651A9-DB41-49D3-97BB-021C1F290839}) (Version: 1.0.8 - Noldus Information Technology bv)
Noldus Resizer Filter 12.0.2 (HKLM\...\{53C62640-01F0-4A8D-9FD9-47D2EEB08945}) (Version: 12.0.2 - Noldus Information Technology bv)
OpenControl - Tracking Only v1.2 (HKLM\...\OpenControl-TrackingOnly_is1) (Version:  - Paulo Aguiar [EMAIL="paguiar@ibmc.up.pt"]paguiar@ibmc.up.pt[/EMAIL])
Outils de vérification linguistique 2016 de Microsoft Office - Français (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9.140.248 - Google, Inc.)
qBittorrent 3.3.5 (HKLM\...\qBittorrent) (Version: 3.3.5 - The qBittorrent project)
Realtek I2S Audio (HKLM\...\{89A448AA-3301-46AA-AFC3-34F2D7C670E8}) (Version: 6.2.9600.4087 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
SafeZone Stable 1.51.2220.53 (Version: 1.51.2220.53 - Avast Software) Hidden
Sandboxie 5.12 (32-bit) (HKLM\...\Sandboxie) (Version: 5.12 - Sandboxie Holdings, LLC)
Sentinel Runtime (HKLM\...\{2A414CBE-CDF3-48C6-A91B-D3D4522F8EB5}) (Version: 6.60.1.36770 - SafeNet Inc.)
SHAREit (HKLM\...\SHAREit_is1) (Version: 3.3.0.1103 - Lenovo)
Smart Diary Suite 4 (HKLM\...\{4E0B21EE-F414-412A-B916-19CBDEA5EF64}_is1) (Version:  - Programming Sunrise)
Smart v3.0.05 (HKLM\...\{13782DCB-22E7-4F72-8BF9-4B059D8599EA}_is1) (Version: 3.0.5.2902 - Panlab Harvard Apparatus)
SugarSync (HKLM\...\SugarSync) (Version: 3.7.2.7.144324 - SugarSync, Inc.)
TeamViewer 11 (HKLM\...\TeamViewer) (Version: 11.0.64630 - TeamViewer)
Telegram Desktop version 0.10.1 (HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 0.10.1 - Telegram Messenger LLP)
Temp File Cleaner (HKLM\...\Temp File Cleaner) (Version: 4.4.0 - Addpcs, LLC)
Todoist (HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\{B1B3C79A-FFD9-4B28-A456-62B6E55E2A5C}_is1) (Version: 2.7.6.0 - Doist Ltd.)
UnCleaner (HKLM\...\UnCleaner) (Version: 1.7 - Josh Cell Softwares Corporation)
Update for Skype for Business 2016 (KB3118288) 32-Bit Edition (HKLM\...\{90160000-0011-0000-0000-0000000FF1CE}_Office16.PROPLUS_{736AF69B-309B-4C1E-A1E7-202FF8CCA0CD}) (Version:  - Microsoft)
Update for Skype for Business 2016 (KB3118288) 32-Bit Edition (HKLM\...\{90160000-012B-0409-0000-0000000FF1CE}_Office16.PROPLUS_{736AF69B-309B-4C1E-A1E7-202FF8CCA0CD}) (Version:  - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WebStorage (HKLM\...\WebStorage) (Version: 2.1.2.301 - ASUS Cloud Corporation)
WinDirStat 1.1.2 (HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\WinDirStat) (Version:  - )
Windows 10 Upgrade Assistant (HKLM\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17332 - Microsoft Corporation)
Windows Driver Package - ASUS (AsusHID) Mouse  (03/17/2014 3.0.0.27) (HKLM\...\A2E56402A9DA7D645E15F917A8AD8C50FDC80753) (Version: 03/17/2014 3.0.0.27 - ASUS)
WinFlash (HKLM\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
WinRAR 5.31 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
Xilisoft PDF to EPUB Converter (HKLM\...\Xilisoft PDF to EPUB Converter) (Version: 1.0.1.0927 - Xilisoft)
Xvid Video Codec (HKLM\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)


==================== Custom CLSID (Whitelisted): ==========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)




==================== Scheduled Tasks (Whitelisted) =============


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


Task: {004EEE38-C96B-4042-864E-DDE62D721259} - System32\Tasks\Update Checker => C:\Program Files\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {0990F565-119A-4A2C-B762-78C82CA95154} - System32\Tasks\MATLAB R2014a Startup Accelerator => e:\Program Files\MATLAB\R2014a\bin\win32\MATLABStartupAccelerator.exe [2014-01-29] ()
Task: {2D23BF59-B5E6-4294-832C-1AE7252389B9} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2014-01-14] (ASUSTek Computer Inc.)
Task: {313B6B8F-EC4D-4EEB-B0A9-C0E2998D5847} - \ASUS Patch for Touch Panel -> No File <==== ATTENTION
Task: {5318C8C0-7823-4B2F-B271-D2CFCE3D45F6} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 35 => C:\Program Files\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe
Task: {57876349-58E1-4042-BE9F-F9DF9B7A125A} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-07-15] (Dropbox, Inc.)
Task: {6E795BEF-3F18-4D59-B526-8A7E1193B411} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-09-01] (AVAST Software)
Task: {6F8BE5F2-4AB8-407A-BB58-8C3C6FF9E49E} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)
Task: {81593B05-5E9A-444A-BB06-7A36B65B2C91} - System32\Tasks\ASUS Live Update1 => C:\Program Files\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {83F42300-30C3-4F23-98AB-96AA04A9F01C} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPLauncher.exe [2014-04-09] (AsusTek)
Task: {8687639D-93DD-494F-AE76-1922D6B6A23C} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-07-10] (AVAST Software)
Task: {C1C9D87E-22F6-4B23-8929-DE23B74A1DA3} - System32\Tasks\SafeZone scheduled Autoupdate 1472832695 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-08-09] (Avast Software)
Task: {D6EFF91B-908E-4AE1-BAC6-79B0610F168D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-07-10] (Google Inc.)
Task: {E3555FF8-B04C-4D2C-ADC0-C52D617756F9} - System32\Tasks\ASUS Live Update2 => C:\Program Files\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {F0FED4FB-582A-4548-B6CE-63C1258D7D8A} - System32\Tasks\AutoPico Daily Restart => d:\Program Files\KMSpico\AutoPico.exe [2015-09-27] (@ByELDI)
Task: {F2179854-30CB-4504-900A-3B886F9401C6} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-07-15] (Dropbox, Inc.)
Task: {F69F135A-1B72-4262-860F-D31950AFAD91} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-07-10] (Google Inc.)
Task: {FAB49829-3EE7-4234-BE84-277862F2A57C} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\MATLAB R2014a Startup Accelerator.job => e:\Program Files\MATLAB\R2014a\bin\win32\MATLABStartupAccelerator.exe


==================== Shortcuts =============================


(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Freelancy Time Tracker.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=olkajbcicgbkoefeclmjjbdhidnnmgkh
ShortcutWithArgument: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gliffy Diagrams.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=bhmicilclplefnflapjmnngmkkkkpfad
ShortcutWithArgument: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Keep - notes and lists.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
ShortcutWithArgument: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Pocket.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=mjcnijlhddpbdemagnpefmlkjdagkogk


==================== Loaded Modules (Whitelisted) ==============


2016-07-15 15:21 - 2016-08-06 11:43 - 00019216 _____ () C:\WINDOWS\system32\spool\PRTPROCS\W32X86\TeamViewer_PrintProcessor.dll
2016-07-10 03:19 - 2016-07-10 03:19 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-09-01 22:15 - 2016-09-01 22:15 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-09-01 22:15 - 2016-09-01 22:15 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-08-09 14:36 - 2016-08-03 04:54 - 01771336 _____ () C:\Program Files\Google\Chrome\Application\52.0.2743.116\libglesv2.dll
2016-08-09 14:36 - 2016-08-03 04:53 - 00094024 _____ () C:\Program Files\Google\Chrome\Application\52.0.2743.116\libegl.dll


==================== Alternate Data Streams (Whitelisted) =========


(If an entry is included in the fixlist, only the ADS will be removed.)




==================== Safe Mode (Whitelisted) ===================


(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"


==================== Association (Whitelisted) ===============


(If an entry is included in the fixlist, the registry item will be restored to default or removed.)




==================== Internet Explorer trusted/restricted ===============


(If an entry is included in the fixlist, it will be removed from the registry.)




==================== Hosts content: ===============================


(If needed Hosts: directive could be included in the fixlist to reset Hosts.)


2013-08-22 10:43 - 2016-09-09 00:04 - 00000753 ____A C:\WINDOWS\system32\Drivers\etc\hosts


 
127.0.0.1       localhost 


==================== Other Areas ============================


(Currently there is no automatic fix for this section.)


HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\asus\wallpapers\asus.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.


==================== MSCONFIG/TASK MANAGER disabled items ==


(Currently there is no automatic fix for this section.)


HKLM\...\StartupApproved\StartupFolder: => "Cyberoam General Authentication Client.lnk"
HKLM\...\StartupApproved\Run: => "WebStorage"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Everything"
HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_D08D85DCFC7DC1C74F7FE73786AFDD07"
HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\StartupApproved\Run: => "IDMan"
HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\StartupApproved\Run: => "SandboxieControl"
HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\StartupApproved\Run: => "SugarSync"


==================== FirewallRules (Whitelisted) ===============


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{9D61E6CB-5763-41DC-8C3F-B008269381A2}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe
FirewallRules: [{BEFB68FE-2829-4C43-9389-4E28E4352F11}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe
FirewallRules: [{1AFD70A4-6761-42EB-A1CE-0037C60A97AB}] => (Allow) C:\WINDOWS\system32\hasplms.exe
FirewallRules: [{8122C688-943D-4E78-8DA2-81026A22E387}] => (Allow) D:\Program Files\SHAREit\SHAREit.exe
FirewallRules: [{03D00B97-38FA-4CC9-AB46-137760E3C979}] => (Allow) D:\Program Files\SHAREit\SHAREit.exe
FirewallRules: [{39CACE31-6E80-4BFD-9E17-C33167368718}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{E796579A-3C8D-4EDC-AC62-61A8CCD9B560}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{795B5D8D-CFEB-44A7-AA6C-B6A8E9FE4933}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{A8235268-B96A-46A5-BA60-A788E3C30341}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{C6293449-82E5-4ED1-BCCD-3C290B968B91}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{2CA38FD0-9E62-4844-AF73-F25513492427}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{B2CF45F7-7CD5-4F0F-B437-7F125D088AA8}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{145D4365-FDAD-4C2A-8F39-BE9EC439C178}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E6B57682-B80E-471B-999B-C9F4F6006BEA}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{709C1F62-6910-44AF-9E5A-045C27239C6C}] => (Allow) C:\Program Files\Internet Download Manager\IDMan.exe
FirewallRules: [{C0EB0285-0D4B-499C-9367-BA1D1D3ADC5E}] => (Allow) C:\Program Files\Internet Download Manager\IDMan.exe
FirewallRules: [{E3CF7D3E-49DB-4099-908B-065F0DBBD1F8}] => (Allow) C:\Program Files\Internet Download Manager\IDMan.exe
FirewallRules: [{E2136944-8C09-4054-BBE4-087976BABF17}] => (Allow) C:\Program Files\Internet Download Manager\IDMan.exe
FirewallRules: [TCP Query User{DED73CCC-54EB-4DEA-94B1-BC0CE89C5CE6}C:\users\john\desktop\shortcuts\fg759p.exe] => (Allow) C:\users\john\desktop\shortcuts\fg759p.exe
FirewallRules: [UDP Query User{2BD954D6-D8B6-4D6C-980A-0E4F566067F4}C:\users\john\desktop\shortcuts\fg759p.exe] => (Allow) C:\users\john\desktop\shortcuts\fg759p.exe
FirewallRules: [{B6947C46-921D-4403-9484-3CC8BCC11180}] => (Allow) C:\Program Files\Dropbox\Client\Dropbox.exe
FirewallRules: [{5A23F26C-C55E-441B-BA66-C3E34E196AB6}] => (Allow) LPort=1688
FirewallRules: [{449AE8C3-1263-4C07-B028-0E0FD91066A2}] => (Allow) D:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{10FBAC06-9F86-476B-B9BC-D46E6E705000}] => (Allow) D:\Program Files\KMSpico\Service_KMS.exe


==================== Restore Points =========================




==================== Faulty Device Manager Devices =============




==================== Event log errors: =========================


Application errors:
==================
Error: (09/15/2016 05:37:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 52.0.2743.116, time stamp: 0x57a128a8
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0xd64
Faulting application start time: 0x01d20f5170d1eb88
Faulting application path: C:\Program Files\Google\Chrome\Application\chrome.exe
Faulting module path: unknown
Report Id: 491dbe13-7b45-11e6-9746-7824af713162
Faulting package full name: 
Faulting package-relative application ID:


Error: (09/15/2016 05:32:43 PM) (Source: DptfPolicyLpmService) (EventID: 1) (User: )
Description: Event-ID 1


Error: (09/15/2016 05:22:53 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\WINDOWS\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x8004231f).


Error: (09/15/2016 03:11:23 PM) (Source: System Restore) (EventID: 8211) (User: )
Description: The scheduled restore point could not be created.  Additional information: (0x80070070).


Error: (09/15/2016 03:11:23 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\WINDOWS\system32\srtasks.exe ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070070).


Error: (09/15/2016 02:49:51 PM) (Source: VSS) (EventID: 12305) (User: )
Description: Volume Shadow Copy Service error: Volume/disk not connected or not found.
Error context: CreateFileW(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1,0xc0000000,0x00000003,...).




Operation:
   Processing PostFinalCommitSnapshots


Context:
   Execution Context: System Provider


Error: (09/15/2016 02:35:28 PM) (Source: DptfPolicyLpmService) (EventID: 1) (User: )
Description: Event-ID 1


Error: (09/15/2016 02:35:28 PM) (Source: DptfPolicyLpmService) (EventID: 1) (User: )
Description: Event-ID 1


Error: (09/15/2016 02:34:04 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\WINDOWS\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_9dfef83fe2e442e4\TiWorker.exe -Embedding; Description = Windows Modules Installer; Error = 0x8004231f).


Error: (09/15/2016 02:33:50 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\WINDOWS\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x8004231f).




System errors:
=============
Error: (09/15/2016 05:23:00 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Windows Malicious Software Removal Tool for Windows 8, 8.1 and 10 - September 2016 (KB890830).


Error: (09/15/2016 05:22:53 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Microsoft Visio 2016 (KB3115494) 32-Bit Edition.


Error: (09/15/2016 03:10:49 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Microsoft Office 2016 (KB3115495) 32-Bit Edition.


Error: (09/15/2016 03:10:44 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Windows 8.1 (KB2965142).


Error: (09/15/2016 03:10:44 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 8.1 (KB3177186).


Error: (09/15/2016 03:10:44 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 8.1 (KB3178539).


Error: (09/15/2016 02:49:51 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.


Error: (09/15/2016 02:35:09 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Error: (09/15/2016 02:34:17 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Microsoft Office 2016 (KB3115495) 32-Bit Edition.


Error: (09/15/2016 02:34:17 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Windows 8.1 (KB2965142).




CodeIntegrity:
===================================
  Date: 2016-09-15 17:30:10.237
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


  Date: 2016-09-15 17:26:57.021
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


  Date: 2016-09-15 14:34:45.690
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


  Date: 2016-09-13 10:18:04.440
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


  Date: 2016-09-10 14:03:59.221
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


  Date: 2016-09-09 01:35:54.942
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


  Date: 2016-09-08 23:42:48.471
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


  Date: 2016-09-08 23:27:44.659
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


  Date: 2016-09-08 16:23:02.143
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


  Date: 2016-09-02 20:41:04.221
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.




==================== Memory info =========================== 


Processor: Intel(R) Atom(TM) CPU Z3775 @ 1.46GHz
Percentage of memory in use: 65%
Total physical RAM: 1933.14 MB
Available physical RAM: 663.49 MB
Total Virtual: 2260.77 MB
Available Virtual: 652.31 MB


==================== Drives ================================


Drive c: (OS) (Fixed) (Total:20.9 GB) (Free:0.46 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: () (Removable) (Total:28.97 GB) (Free:3.9 GB) FAT32
Drive e: (Data1) (Fixed) (Total:465.76 GB) (Free:195.17 GB) NTFS


==================== MBR & Partition Table ==================


========================================================
Disk: 0 (Size: 29.1 GB) (Disk ID: 6836FA22)


Partition: GPT.


========================================================
Disk: 1 (Size: 29 GB) (Disk ID: 00000000)


Partition: GPT.


========================================================
Disk: 2 (Size: 465.8 GB) (Disk ID: 233EF10A)


Partition: GPT.


==================== End of Addition.txt ============================

[SIZE=5][B][U]FRST
[/U][/B][/SIZE]Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2016
Ran by john (administrator) on SNTODAY (15-09-2016 17:56:11)
Running from C:\Users\john\Desktop
Loaded Profiles: john (Available Profiles: john & Administrator & Guest)
Platform: Microsoft Windows 8.1 (Update) (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: [URL="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/"]FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials[/URL]


==================== Processes (Whitelisted) =================


(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe
(ASUS Cloud Corporation) C:\Program Files\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Foxit Software Inc.) C:\Program Files\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(@ByELDI) D:\Program Files\KMSpico\Service_KMS.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPLoader.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPCenter.exe
(Intel Corporation) C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPHelper.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Adobe Systems Inc.) D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe
(Microsoft Corporation) D:\Program Files\Microsoft Office\Office16\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe
(Microsoft Corporation) D:\Program Files\Microsoft Office\Office16\WINWORD.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_9dfef83fe2e442e4\TiWorker.exe




==================== Registry (Whitelisted) ===========================


(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


HKLM\...\Run: [ASUSPRP] => C:\Program Files\ASUS\APRP\APRP.EXE [1080992 2014-04-11] (ASUSTek Computer Inc.)
HKLM\...\Run: [WebStorage] => C:\Program Files\ASUS\WebStorage\2.1.2.301\ASUSWSLoader.exe [63296 2014-02-25] ()
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe [81360 2014-01-22] (Intel Corporation)
HKLM\...\Run: [RtkNGUI] => C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe [2912256 2014-01-17] (Realtek Semiconductor)
HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [1048576 2014-08-06] ()
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9107616 2016-09-12] (AVAST Software)
HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [25197248 2016-08-31] (Dropbox, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Acrobat Assistant 8.0] => D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3477640 2012-09-23] (Adobe Systems Inc.)
HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [3961968 2016-07-15] (Tonec Inc.)
HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\Run: [SugarSync] => C:\Program Files\SugarSync\SugarSync.exe [18918368 2016-05-19] (SugarSync, Inc.)
HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [644240 2016-06-15] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\Run: [GoogleChromeAutoLaunch_D08D85DCFC7DC1C74F7FE73786AFDD07] => C:\Program Files\Google\Chrome\Application\chrome.exe [961352 2016-08-03] (Google Inc.)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [ !SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files\SugarSync\SugarSyncShellExt.dll [2016-05-19] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [ !SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files\SugarSync\SugarSyncShellExt.dll [2016-05-19] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [ !SugarSyncSharedSyncing] -> {F7395C2E-A5D8-4a32-9536-5C6A9F1DC450} => C:\Program Files\SugarSync\SugarSyncShellExt.dll [2016-05-19] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [ !SugarSyncSynced] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files\SugarSync\SugarSyncShellExt.dll [2016-05-19] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_BN] -> {CC5FC992-B0AA-47CD-9DC2-83445083CBB9} => C:\Program Files\Common Files\AWS\2.1.2.301\ASUSWSShellExt.dll [2013-06-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_ON] -> {618A47A2-528B-4D9A-AFC8-97D3233511E3} => C:\Program Files\Common Files\AWS\2.1.2.301\ASUSWSShellExt.dll [2013-06-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_UN] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files\Common Files\AWS\2.1.2.301\ASUSWSShellExt.dll [2013-06-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-09-01] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Cyberoam General Authentication Client.lnk [2016-07-27]
ShortcutTarget: Cyberoam General Authentication Client.lnk -> C:\Program Files\Cyberoam\Cyberoam General Authentication Client\CyberoamClient.exe ()
Startup: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-09-15]
ShortcutTarget: Send to OneNote.lnk -> D:\Program Files\Microsoft Office\Office16\ONENOTEM.EXE (Microsoft Corporation)


==================== Internet (Whitelisted) ====================


(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{DC3F7DB0-A95E-4F15-8348-BED0679CEF24}: [DhcpNameServer] 40.51.1.13
Tcpip\..\Interfaces\{ED5A8691-112E-4B41-AD16-64AE84004562}: [DhcpNameServer] 192.168.1.1


Internet Explorer:
==================
HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com/?pc=ASJB
HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
SearchScopes: HKU\S-1-5-21-1211984804-1430602019-1276967695-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2016-07-05] (Internet Download Manager, Tonec Inc.)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-09-01] (AVAST Software)
BHO: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1211984804-1430602019-1276967695-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - D:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-06-14] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - D:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-06-14] (Microsoft Corporation)


FireFox:
========
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-06-07] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-06-07] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-06-07] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-06-07] (Foxit Corporation)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2015-08-27] (Google, Inc.)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll [2013-07-13] (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll [2013-07-13] (Intel Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> D:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: Adobe Acrobat -> D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-09-01]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-09-01]
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2016-07-27] [not signed]
FF HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\john\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\john\AppData\Roaming\IDM\idmmzcc5 [2016-09-15] [not signed]
FF HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2016-06-08]


Chrome: 
=======
CHR DefaultSearchKeyword: Default -> cal
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\john\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-09]
CHR Extension: (Google Docs) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-09]
CHR Extension: (Task Timer) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomfjmibjhhfdenfkpaodhnlhkolngif [2016-09-09]
CHR Extension: (Google Drive) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-09]
CHR Extension: (Gliffy Diagrams) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmicilclplefnflapjmnngmkkkkpfad [2016-09-09]
CHR Extension: (YouTube) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-09]
CHR Extension: (Calendar and Countdown) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\caplfhpahpkhhckglldpmdmjclabckhc [2016-09-09]
CHR Extension: (OneTab) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2016-09-09]
CHR Extension: (High Contrast) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcfdncoelnlbldjfhinnjlhdjlikmph [2016-09-09]
CHR Extension: (Adobe Acrobat) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2016-09-09]
CHR Extension: (Google Calendar) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2016-09-09]
CHR Extension: (Avast SafePrice) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-09-10]
CHR Extension: (Morphine) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbnpehpbojenlldmfcopeajkichnnjpo [2016-09-09]
CHR Extension: (Google Sheets) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-09]
CHR Extension: (Notepad) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffbhefmlcoihbjcmibbfkocmnaiacinp [2016-09-09]
CHR Extension: (Google Docs Offline) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-09]
CHR Extension: (AdBlock) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-09-09]
CHR Extension: (Google Calendar (by Google)) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2016-09-09]
CHR Extension: (Avast Online Security) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-09-09]
CHR Extension: (Super Simple Highlighter) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlhjgianpocpoppaiihmlpgcoehlhio [2016-09-09]
CHR Extension: (Checker Plus for Google Calendar™) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkhggnncdpfibdhinjiegagmopldibha [2016-09-12]
CHR Extension: (Google Keep - notes and lists) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2016-09-13]
CHR Extension: (Apps Launcher) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijmgkhchjindcjamnckoiahagecjnkdc [2016-09-14]
CHR Extension: (Spreed - speed read the web) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipikiaejjblmdopojhpejjmbedhlibno [2016-09-09]
CHR Extension: (Simple Notepad) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfjclcfpbfhdmikhohhjacgdmndneckj [2016-09-09]
CHR Extension: (BugMeNot Lite) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\lackfehpdclhclidcbbfcemcpolgdgnb [2016-09-09]
CHR Extension: (Progress Bar Timer) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmnlbapfmmoaehepmgbkgfcgpddlhbko [2016-09-09]
CHR Extension: (Pocket) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2016-09-10]
CHR Extension: (Prioritab) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\napbejkndjhcciibiglkimmgdlfjcbnp [2016-09-09]
CHR Extension: (IDM Integration Module) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-09-09]
CHR Extension: (Save to Pocket) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2016-09-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-09]
CHR Extension: (Citavi Picker) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgndokldibnndfnjnagojmheejlengn [2016-09-09]
CHR Extension: (Readability) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\oknpjjbmpnndlpmnhmekjpocelpnlfdi [2016-09-09]
CHR Extension: (Freelancy Time Tracker) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\olkajbcicgbkoefeclmjjbdhidnnmgkh [2016-09-09]
CHR Extension: (Browsec VPN - Privacy and Security Online) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\omghfjlpggmjjaagoclmmobgdodcjboh [2016-09-09]
CHR Extension: (SiteBlock) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfglnpdpgmecffbejlfgpnebopinlclj [2016-09-09]
CHR Extension: (Gmail) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-09]
CHR Extension: (Chrome Media Router) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-09]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2016-06-09]
CHR HKLM\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn] - hxxps://clients2.google.com/service/update2/crx


==================== Services (Whitelisted) ========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


R2 AsHidService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe [103224 2013-09-09] (ASUSTek Computer Inc.)
R2 ASLDRService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe [115512 2014-02-18] (ASUSTek Computer Inc.)
R2 Asus WebStorage Windows Service; C:\Program Files\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe [71680 2014-02-25] (ASUS Cloud Corporation) [File not signed]
R2 ATKGFNEXSrv; C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2011-11-22] (ASUS)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-01] (AVAST Software)
S2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [1677016 2014-08-07] (Broadcom Corporation.)
S3 cphs; C:\WINDOWS\system32\IntelCpHeciSvc.exe [277304 2014-02-11] (Intel Corporation)
S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-07-15] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-07-15] (Dropbox, Inc.)
R2 DptfParticipantProcessorService; C:\WINDOWS\system32\DptfParticipantProcessorService.exe [83920 2014-01-22] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\WINDOWS\system32\DptfPolicyCriticalService.exe [96720 2014-01-22] (Intel Corporation)
R2 DptfPolicyLpmService; C:\WINDOWS\system32\DptfPolicyLpmService.exe [90576 2014-01-22] (Intel Corporation)
R2 FoxitReaderService; C:\Program Files\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1647808 2016-06-21] (Foxit Software Inc.)
R2 hasplms; C:\WINDOWS\system32\hasplms.exe [4609928 2013-08-01] (SafeNet Inc.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [586752 2013-07-02] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [637912 2013-07-02] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe [168216 2014-01-15] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files\Common Files\LENOVO\easyplussdk\bin\EPHotspot.exe [509424 2015-06-08] (Lenovo)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [154256 2016-06-15] (Sandboxie Holdings, LLC)
R2 Service KMSELDI; d:\Program Files\KMSpico\Service_KMS.exe [739520 2015-09-27] (@ByELDI) [File not signed]
S3 ShareItSvc; D:\Program Files\SHAREit\Shareit.Service.exe [31704 2016-03-31] (SHAREit Technologies Co.Ltd)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [7248144 2016-08-09] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [284520 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22224 2015-07-07] (Microsoft Corporation)


===================== Drivers (Whitelisted) ==========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


R2 aksfridge; C:\WINDOWS\system32\drivers\aksfridge.sys [376200 2013-08-01] (SafeNet Inc.)
R2 ASMMAP; C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys [13880 2009-07-03] (ASUS)
R3 AsusHID; C:\WINDOWS\System32\drivers\AsusHID.sys [68888 2014-04-09] (ASUS Corporation)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [34008 2016-09-01] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [35096 2016-09-01] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [92256 2016-09-01] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [91232 2016-09-01] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [60424 2016-09-01] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [735488 2016-09-13] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [434144 2016-09-01] (AVAST Software)
S2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [118664 2016-09-01] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [224616 2016-09-01] (AVAST Software)
R1 ATKWMIACPIIO; C:\Program Files\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi.sys [17720 2013-07-03] (ASUSTek Computer Inc.)
S3 AX88772; C:\WINDOWS\system32\DRIVERS\ax88772.sys [97896 2013-07-18] (ASIX Electronics Corp.)
R3 BCMSDH43XX; C:\WINDOWS\system32\DRIVERS\bcmdhd63.sys [304344 2014-08-07] (Broadcom Corp)
R3 BthMini; C:\WINDOWS\System32\Drivers\BTHMINI.sys [23552 2014-10-29] (Microsoft Corporation)
S3 btwampfl; C:\WINDOWS\system32\DRIVERS\btwampfl.sys [144600 2014-08-07] (Broadcom Corporation.)
R3 BtwSerialBus; C:\WINDOWS\system32\DRIVERS\BtwSerialBus.sys [130776 2014-08-07] (Broadcom Corporation.)
R3 camera; C:\WINDOWS\system32\DRIVERS\camera.sys [345088 2013-12-02] (Intel Corporation)
R3 CM3218x; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [188416 2014-05-31] (Microsoft Corporation)
R3 CPLMACPI; C:\WINDOWS\system32\DRIVERS\CPLMACPI.sys [16488 2013-09-06] (Capella Microsystems, Inc.)
R3 DptfDevDBPT; C:\WINDOWS\system32\DRIVERS\DptfDevPower.sys [25552 2014-01-22] (Intel Corporation)
R3 DptfDevDisplay; C:\WINDOWS\system32\DRIVERS\DptfDevDisplay.sys [28112 2014-01-22] (Intel Corporation)
R3 DptfDevGen; C:\WINDOWS\system32\DRIVERS\DptfDevGen.sys [36304 2014-01-22] (Intel Corporation)
R3 DptfDevProc; C:\WINDOWS\system32\DRIVERS\DptfDevProc.sys [80848 2014-01-22] (Intel Corporation)
R3 DptfManager; C:\WINDOWS\system32\DRIVERS\DptfManager.sys [181712 2014-01-22] (Intel Corporation)
R3 GPIO; C:\WINDOWS\System32\drivers\iaiogpioe.sys [23552 2013-12-30] (Intel Corporation)
R3 GpioVirtual; C:\WINDOWS\System32\drivers\iaiogpiovirtual.sys [16896 2013-12-30] (Intel Corporation)
R2 hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [608648 2013-08-01] (SafeNet Inc.)
R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsHIDSwitch.sys [17720 2013-10-08] (ASUS)
S1 hwinterface; C:\WINDOWS\System32\Drivers\hwinterface.sys [3026 2016-08-07] (Logix4u) [File not signed]
R3 iaioi2c; C:\WINDOWS\System32\drivers\iaioi2ce.sys [58368 2013-11-15] (Intel Corporation)
R3 iaiouart; C:\WINDOWS\System32\drivers\iaiouart.sys [87552 2013-12-30] (Intel Corporation)
S0 iaStorA; C:\WINDOWS\System32\drivers\iaStorA.sys [489832 2013-12-16] (Intel Corporation)
R2 inpout32; C:\WINDOWS\System32\Drivers\inpout32.sys [11936 2016-08-05] (Highresolution Enterprises [[URL="http://www.highrez.co.uk]"]www.highrez.co.uk][/URL])
S3 intaud_WaveExtensible; C:\WINDOWS\system32\drivers\intelaud.sys [32664 2014-01-23] (Intel Corporation)
R3 IntelSST; C:\WINDOWS\system32\drivers\isstrtc.sys [254464 2013-12-30] (Intel(R) Corporation)
R3 INVN_MotionApps; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [188416 2014-05-31] (Microsoft Corporation)
R3 iwdbus; C:\WINDOWS\System32\drivers\iwdbus.sys [23448 2014-01-23] (Intel Corporation)
R0 MBI; C:\WINDOWS\System32\drivers\MBI.sys [21456 2013-12-30] (Intel Corporation)
R3 MT9M114; C:\WINDOWS\System32\drivers\MT9M114.sys [38912 2013-12-02] (Intel Corporation)
S3 NETwNs32; C:\WINDOWS\system32\DRIVERS\Netwsn00.sys [10372096 2013-06-18] (Intel Corporation)
R3 PMIC; C:\WINDOWS\System32\drivers\PMIC.sys [48128 2013-12-30] (Intel Corporation)
R3 rtii2sac; C:\WINDOWS\system32\DRIVERS\rtii2sac.sys [169176 2014-03-14] (Realtek Semiconductor Corp.)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [177296 2016-06-15] (Sandboxie Holdings, LLC)
R3 SensorsServiceDriver; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [188416 2014-05-31] (Microsoft Corporation)
R3 teamviewervpn; C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys [25088 2016-07-05] (TeamViewer GmbH)
R3 TXEI; C:\WINDOWS\System32\drivers\TXEI.sys [75792 2014-02-26] (Intel Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [38928 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [233304 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [84824 2015-07-07] (Microsoft Corporation)
U0 msahci; no ImagePath


==================== NetSvcs (Whitelisted) ===================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)




==================== One Month Created files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2016-09-15 17:56 - 2016-09-15 17:56 - 00031615 _____ C:\Users\john\Desktop\FRST.txt
2016-09-15 17:55 - 2016-09-15 17:55 - 01748992 _____ (Farbar) C:\Users\john\Desktop\FRST.exe
2016-09-15 17:55 - 2016-09-15 17:55 - 00000000 ____D C:\Users\john\Desktop\FRST-OlderVersion
2016-09-15 17:51 - 2016-09-15 17:53 - 00031686 _____ C:\Users\john\Desktop\reg.txt
2016-09-15 17:51 - 2016-09-08 23:48 - 00278831 _____ C:\Users\john\Desktop\wireless.exe
2016-09-15 17:49 - 2016-09-15 17:49 - 00035851 _____ C:\Users\john\Desktop\MTB.txt
2016-09-15 17:36 - 2016-09-15 17:36 - 03861056 _____ C:\Users\john\Desktop\adwcleaner_6.020.exe
2016-09-15 15:01 - 2014-04-14 07:07 - 00865280 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2016-09-15 14:29 - 2014-08-16 07:46 - 01205976 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2016-09-15 14:29 - 2014-08-16 05:13 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2016-09-15 14:29 - 2014-08-16 05:01 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll
2016-09-15 14:29 - 2014-08-16 04:51 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcsvDevice.dll
2016-09-15 14:29 - 2014-08-16 04:45 - 00586752 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2016-09-15 14:29 - 2014-08-16 04:44 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2016-09-15 14:29 - 2014-08-16 04:43 - 05902848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-09-15 14:29 - 2014-08-16 04:43 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2016-09-15 14:29 - 2014-08-16 04:41 - 03985408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2016-09-15 14:29 - 2014-08-16 04:35 - 00877056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2016-09-15 14:29 - 2014-07-24 15:12 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2016-09-15 14:03 - 2014-05-19 10:03 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvcfg.exe
2016-09-15 14:03 - 2014-05-19 09:53 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe
2016-09-15 13:33 - 2016-08-13 12:15 - 05761880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-09-15 13:33 - 2016-08-13 12:14 - 01471544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-09-15 13:33 - 2016-08-13 12:14 - 01395664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-09-15 13:33 - 2016-08-13 12:14 - 01284576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-09-15 13:33 - 2016-08-13 12:14 - 01271152 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-09-15 13:33 - 2016-08-13 12:14 - 01173016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-09-15 13:33 - 2016-08-13 02:49 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2016-09-15 13:33 - 2014-04-11 12:55 - 00419928 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2016-09-15 12:42 - 2014-04-18 18:13 - 00031064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll
2016-09-15 12:42 - 2014-04-18 13:21 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\energyprov.dll
2016-09-15 12:42 - 2014-04-14 12:31 - 00285144 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-09-15 12:42 - 2014-04-11 08:53 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2016-09-15 12:42 - 2014-04-11 07:57 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2016-09-15 12:42 - 2014-04-09 10:14 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll
2016-09-15 12:42 - 2014-04-06 19:53 - 00098584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2016-09-15 12:42 - 2014-04-06 19:52 - 00178184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2016-09-15 12:42 - 2014-04-06 19:48 - 00271192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2016-09-15 12:42 - 2014-04-06 19:46 - 01209616 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2016-09-15 12:42 - 2014-04-06 19:46 - 01159520 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2016-09-15 12:42 - 2014-04-06 19:46 - 00707048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-09-15 12:42 - 2014-04-06 19:46 - 00669856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2016-09-15 12:42 - 2014-04-06 19:46 - 00518544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2016-09-15 12:42 - 2014-04-06 16:36 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\srclient.dll
2016-09-15 12:42 - 2014-04-06 16:30 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2016-09-15 12:42 - 2014-04-06 16:17 - 00264704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2016-09-15 12:42 - 2014-04-06 16:10 - 00245248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe
2016-09-15 12:42 - 2014-04-06 15:28 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2016-09-15 12:42 - 2014-04-06 15:07 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-09-15 12:42 - 2014-04-06 15:06 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-09-15 12:42 - 2014-04-06 14:29 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2016-09-15 12:42 - 2014-04-03 08:33 - 00230808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2016-09-15 12:42 - 2014-04-03 06:53 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\tlscsp.dll
2016-09-15 12:42 - 2014-03-27 09:18 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2016-09-15 12:42 - 2014-03-27 08:49 - 00313344 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2016-09-15 12:42 - 2014-03-27 07:52 - 00244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2016-09-15 12:42 - 2014-03-27 07:33 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll
2016-09-15 12:42 - 2014-03-19 11:47 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll
2016-09-15 12:42 - 2014-03-19 11:39 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2016-09-15 12:42 - 2014-03-19 09:30 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-09-15 12:42 - 2014-03-19 09:21 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2016-09-15 12:42 - 2014-03-19 09:17 - 01309184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2016-09-15 12:42 - 2014-03-18 11:52 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2016-09-15 12:42 - 2014-03-17 08:41 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2016-09-15 12:42 - 2014-03-17 07:15 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2016-09-15 12:41 - 2014-07-15 21:37 - 02257584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2016-09-15 12:41 - 2014-07-15 12:33 - 02344448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2016-09-15 12:41 - 2014-07-15 12:25 - 02045440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll
2016-09-15 12:41 - 2014-05-01 15:30 - 00046512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wpcfltr.sys
2016-09-15 12:17 - 2016-08-21 03:21 - 01118720 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-09-15 12:17 - 2016-08-21 03:20 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-09-15 12:17 - 2016-08-14 22:44 - 01403320 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-09-15 12:17 - 2016-08-14 21:52 - 03475968 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-09-15 12:15 - 2014-05-13 09:51 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\BulkOperationHost.exe
2016-09-15 12:15 - 2014-05-13 08:13 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2016-09-15 12:15 - 2014-05-03 09:27 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-09-15 12:15 - 2014-05-03 09:16 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncobjapi.dll
2016-09-15 12:15 - 2014-05-03 09:07 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedynos.dll
2016-09-15 12:15 - 2014-05-03 09:07 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedyn.dll
2016-09-15 12:15 - 2014-04-30 10:02 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwififlt.sys
2016-09-15 12:15 - 2014-04-30 09:59 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2016-09-15 12:15 - 2014-04-30 09:18 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
2016-09-15 12:15 - 2014-04-30 08:16 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2016-09-15 12:15 - 2014-04-30 08:16 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2016-09-15 12:15 - 2014-04-30 08:16 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll
2016-09-15 12:15 - 2014-04-30 08:15 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll
2016-09-15 12:15 - 2014-04-30 07:45 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2016-09-15 12:15 - 2014-04-14 12:38 - 01797896 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2016-09-15 12:15 - 2014-04-14 09:48 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d8thk.dll
2016-09-15 11:49 - 2014-08-23 10:02 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2016-09-15 11:49 - 2014-08-23 08:32 - 00612352 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2016-09-15 11:47 - 2016-09-15 11:47 - 00914104 _____ C:\Users\john\Desktop\The Art of Forgetting.pdf
2016-09-15 11:41 - 2016-09-15 14:25 - 00010033 _____ C:\Users\john\Desktop\Book of all to do.xlsx
2016-09-15 11:37 - 2014-07-12 08:13 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2016-09-15 11:36 - 2016-08-21 03:35 - 05273600 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll
2016-09-15 11:36 - 2016-08-21 02:57 - 05268480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-09-15 11:31 - 2016-09-01 07:38 - 20312064 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-09-15 11:31 - 2016-09-01 07:16 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-09-15 11:31 - 2016-09-01 06:54 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-09-15 11:31 - 2016-09-01 06:09 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-09-15 11:31 - 2016-09-01 06:00 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-09-15 11:31 - 2016-09-01 05:57 - 13808128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-09-15 11:31 - 2016-09-01 05:54 - 04607488 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-09-15 11:31 - 2016-09-01 05:13 - 02445824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-09-15 11:31 - 2016-09-01 05:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-09-15 11:31 - 2016-09-01 05:08 - 01316352 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-09-15 11:31 - 2016-08-26 09:14 - 02286592 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-09-15 11:31 - 2016-08-26 08:30 - 01049600 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-09-15 11:22 - 2016-08-10 03:17 - 00611576 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2016-09-15 11:20 - 2016-09-09 02:21 - 00332632 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-09-15 11:20 - 2016-08-22 20:39 - 00136872 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2016-09-15 11:20 - 2016-08-22 20:39 - 00077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2016-09-15 11:20 - 2016-08-21 04:31 - 00153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-09-15 11:20 - 2016-08-21 04:30 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-09-15 11:20 - 2016-08-21 04:29 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-09-14 10:36 - 2016-09-14 11:49 - 00001614 _____ C:\Users\john\Downloads\dcopycopy.m
2016-09-11 22:43 - 2016-09-11 22:43 - 00000000 _____ C:\WINDOWS\system32\last.dump
2016-09-10 23:15 - 2016-09-03 22:18 - 00143995 _____ C:\Users\john\Downloads\d - Copy - Copy.mat
2016-09-10 23:15 - 2016-09-03 22:18 - 00143995 _____ C:\Users\john\Downloads\d - Copy - Copy (3).mat
2016-09-10 23:15 - 2016-09-03 22:18 - 00143995 _____ C:\Users\john\Downloads\d - Copy - Copy (2).mat
2016-09-10 14:02 - 2016-09-10 14:02 - 00000000 ____D C:\Users\Guest\AppData\Local\VirtualStore
2016-09-09 12:48 - 2016-09-09 12:48 - 00000000 ____D C:\ProgramData\IDM
2016-09-09 00:40 - 2016-09-09 00:01 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
2016-09-09 00:01 - 2016-09-09 00:33 - 00000000 ____D C:\zoek_backup
2016-09-08 23:54 - 2016-09-15 17:56 - 00000000 ____D C:\FRST
2016-09-08 23:38 - 2016-09-08 23:38 - 00000000 ____D C:\ProgramData\Blio
2016-09-08 23:37 - 2016-09-08 23:37 - 00001706 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Blio eBooks.lnk
2016-09-08 23:37 - 2016-09-08 23:37 - 00000000 ____D C:\Users\john\AppData\Roaming\Blio
2016-09-08 23:37 - 2016-09-08 23:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-NFB Reading Technology
2016-09-08 23:36 - 2016-09-15 17:41 - 00000000 ____D C:\AdwCleaner
2016-09-08 23:34 - 2016-09-08 23:34 - 00892416 _____ (Farbar) C:\Users\john\Desktop\MiniToolBox.exe
2016-09-08 19:31 - 2016-09-08 19:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\UnCleaner
2016-09-08 19:31 - 2016-09-08 19:31 - 00000000 ____D C:\Program Files\UnCleaner
2016-09-08 16:42 - 2016-09-08 16:43 - 01584719 _____ C:\Users\john\Downloads\butterfly-wallpaper.jpeg
2016-09-08 16:14 - 2016-09-08 16:14 - 00773572 _____ (Soft98.iR) C:\Users\john\Downloads\Unconfirmed 993990.crdownload
2016-09-05 15:51 - 2016-09-05 16:03 - 00000000 ____D C:\Users\john\Desktop\New folder
2016-09-05 11:33 - 2016-09-15 17:33 - 00000560 _____ C:\WINDOWS\Tasks\MATLAB R2014a Startup Accelerator.job
2016-09-05 11:33 - 2016-09-05 11:33 - 00000906 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MATLAB R2014a.lnk
2016-09-05 11:33 - 2016-09-05 11:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MATLAB
2016-09-05 11:33 - 2016-09-05 11:33 - 00000000 ____D C:\ProgramData\MathWorks
2016-09-05 10:47 - 2016-09-11 16:25 - 00000000 ____D C:\Users\john\AppData\Roaming\Psiphon3
2016-09-04 00:04 - 2016-09-04 00:10 - 00000000 ____D C:\Users\john\Downloads\Video
2016-09-03 22:21 - 2016-09-03 22:18 - 00143995 _____ C:\Users\john\Downloads\d2.mat
2016-09-03 22:21 - 2016-09-03 22:18 - 00143995 _____ C:\Users\john\Downloads\d - Copy.mat
2016-09-03 22:18 - 2016-09-03 22:18 - 00143995 _____ C:\Users\john\Downloads\d.mat
2016-09-03 02:25 - 2016-09-03 02:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-09-02 21:42 - 2016-09-02 21:43 - 00148586 _____ C:\Users\john\Documents\Picasa.pdf
2016-09-02 21:41 - 2016-09-13 22:18 - 00000000 ____D C:\Users\john\Downloads\Telegram Desktop
2016-09-02 20:41 - 2016-09-02 20:41 - 00001142 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-09-02 15:09 - 2016-09-14 14:18 - 00000000 ____D C:\Users\john\Downloads\Compressed
2016-09-01 22:58 - 2016-09-01 22:58 - 01623442 _____ C:\Users\john\Documents\fatemehID.pdf
2016-09-01 22:16 - 2016-09-01 22:15 - 00319760 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2016-09-01 22:15 - 2016-09-01 22:15 - 00053208 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2016-08-29 23:32 - 2016-08-29 23:32 - 00000000 ____D C:\Users\john\AppData\Roaming\Canon
2016-08-29 23:05 - 2016-08-29 23:05 - 00000000 ___HD C:\WINDOWS\system32\CanonMF Uninstaller Information
2016-08-29 23:05 - 2016-08-29 23:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon
2016-08-29 23:05 - 2014-03-04 10:50 - 00338944 _____ (CANON INC.) C:\WINDOWS\system32\CNCC210.DLL
2016-08-29 23:05 - 2014-03-04 10:50 - 00138240 _____ (CANON INC.) C:\WINDOWS\system32\CNCE210.DLL
2016-08-29 23:05 - 2014-03-04 10:50 - 00112640 _____ (CANON INC.) C:\WINDOWS\system32\CNCL210.DLL
2016-08-29 23:05 - 2014-03-04 10:50 - 00112128 _____ (CANON INC.) C:\WINDOWS\system32\CNCLSD48b.DLL
2016-08-29 23:05 - 2014-03-04 10:50 - 00100352 _____ (CANON INC.) C:\WINDOWS\system32\CNCLSI48b.DLL
2016-08-29 23:05 - 2014-03-04 10:50 - 00090624 _____ (CANON INC.) C:\WINDOWS\system32\CNCLST48b.DLL
2016-08-29 23:05 - 2014-03-04 10:50 - 00082432 _____ (CANON INC.) C:\WINDOWS\system32\CNCI210.DLL
2016-08-29 23:05 - 2014-03-04 10:50 - 00073728 _____ (CANON INC.) C:\WINDOWS\system32\CNCLSC48b.DLL
2016-08-29 23:05 - 2014-03-04 10:50 - 00066560 _____ (CANON INC.) C:\WINDOWS\system32\CNCLSU48b.DLL
2016-08-29 23:05 - 2014-02-03 19:19 - 00000431 _____ C:\WINDOWS\system32\CNCMFP48.INI
2016-08-29 23:04 - 2016-08-29 23:04 - 00000000 ____D C:\Program Files\Canon
2016-08-29 22:16 - 2016-08-29 22:16 - 00000341 _____ C:\Users\john\Desktop\fg.ini
2016-08-29 19:36 - 2016-08-29 19:36 - 00000948 _____ C:\Users\john\Desktop\Folders - Shortcut.lnk
2016-08-29 19:31 - 2016-08-29 19:31 - 00000980 _____ C:\Users\john\Desktop\fg759p - Shortcut.lnk
2016-08-29 19:30 - 2016-09-15 17:36 - 00000000 ___RD C:\Users\john\Desktop\Shortcuts
2016-08-29 11:26 - 2016-08-29 11:26 - 00000000 ____D C:\Users\john\AppData\Local\Chromium
2016-08-29 11:11 - 2016-08-29 11:11 - 00000000 ____D C:\Users\john\AppData\Local\IsolatedStorage
2016-08-29 11:09 - 2016-09-15 02:01 - 00000000 ____D C:\Users\john\Documents\Blio
2016-08-29 10:59 - 2016-08-29 10:59 - 00000000 ____D C:\Users\Public\Blio
2016-08-29 10:52 - 2016-08-29 10:52 - 00000000 ____D C:\Users\john\Documents\My Digital Editions
2016-08-22 11:43 - 2016-08-22 23:18 - 00000006 _____ C:\Users\john\AppData\Roaming\SmartDiarySuite.dic-sds
2016-08-22 11:42 - 2016-08-22 11:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Diary Suite 4
2016-08-21 20:06 - 2016-08-21 20:06 - 00000000 ____D C:\Users\john\AppData\Local\Doist_Ltd
2016-08-21 20:05 - 2016-08-21 20:05 - 00000000 ____D C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Todoist
2016-08-21 20:05 - 2016-08-21 20:05 - 00000000 ____D C:\Users\john\AppData\Local\Todoist
2016-08-20 13:31 - 2016-08-20 13:31 - 00012362 ____H C:\Users\john\Desktop\~WRL0005.tmp
2016-08-20 12:14 - 2016-08-20 12:14 - 00001041 _____ C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Temp File Cleaner.lnk
2016-08-20 12:14 - 2016-08-20 12:14 - 00000000 ____D C:\Users\john\AppData\Roaming\addpcs
2016-08-20 12:14 - 2016-08-20 12:14 - 00000000 ____D C:\Program Files\Temp File Cleaner
2016-08-18 16:49 - 2016-08-18 16:49 - 00000728 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anki.lnk
2016-08-18 16:49 - 2016-08-18 16:49 - 00000716 _____ C:\Users\Guest\Desktop\Anki.lnk
2016-08-18 16:49 - 2016-08-18 16:49 - 00000716 _____ C:\Users\Administrator\Desktop\Anki.lnk
2016-08-18 16:49 - 2016-08-18 16:49 - 00000000 ____D C:\Program Files\Anki
2016-08-17 10:53 - 2016-09-05 11:37 - 00000000 ____D C:\Users\john\AppData\Local\MathWorks
2016-08-17 10:53 - 2016-08-17 10:53 - 00000000 ____D C:\Users\john\AppData\Roaming\Subversion
2016-08-17 10:47 - 2016-08-17 10:47 - 00000000 ____D C:\Users\john\AppData\Roaming\MathWorks
2016-08-17 08:52 - 2016-08-17 08:52 - 00000000 ____D C:\Users\john\AppData\Local\VS Revo Group
2016-08-17 08:52 - 2016-08-17 08:52 - 00000000 ____D C:\ProgramData\VS Revo Group
2016-08-17 08:52 - 2016-08-17 08:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2016-08-17 08:52 - 2009-12-30 10:21 - 00027192 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys
2016-08-16 20:37 - 2004-09-06 09:05 - 00645120 _____ C:\WINDOWS\system32\config.gms


==================== One Month Modified files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2016-09-15 17:56 - 2013-08-22 12:35 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-09-15 17:54 - 2016-07-15 15:49 - 00000908 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-09-15 17:37 - 2014-04-11 07:13 - 00799478 _____ C:\WINDOWS\system32\prfh0816.dat
2016-09-15 17:37 - 2014-04-11 07:13 - 00164812 _____ C:\WINDOWS\system32\prfc0816.dat
2016-09-15 17:37 - 2014-03-18 12:31 - 01816356 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-09-15 17:37 - 2013-08-22 10:51 - 00000000 ____D C:\WINDOWS\inf
2016-09-15 17:36 - 2016-07-15 15:30 - 00000000 ____D C:\Users\john\AppData\Roaming\IDM
2016-09-15 17:34 - 2016-02-07 03:01 - 00000000 ____D C:\Users\john\Documents\Anki
2016-09-15 17:33 - 2016-02-07 03:15 - 00000000 ___RD C:\Users\john\Dropbox
2016-09-15 17:32 - 2016-07-15 15:49 - 00000904 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-09-15 17:32 - 2016-07-10 02:11 - 00000906 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-15 17:32 - 2016-02-07 02:51 - 00000000 __RDO C:\Users\john\OneDrive
2016-09-15 17:30 - 2013-08-22 11:53 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-09-15 17:29 - 2013-08-22 10:43 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-09-15 17:27 - 2013-08-22 11:52 - 00362144 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-09-15 17:24 - 2013-08-22 12:47 - 00000000 ____D C:\WINDOWS\MediaViewer
2016-09-15 17:24 - 2013-08-22 12:47 - 00000000 ____D C:\WINDOWS\FileManager
2016-09-15 17:24 - 2013-08-22 12:47 - 00000000 ____D C:\WINDOWS\Camera
2016-09-15 17:24 - 2013-08-22 10:51 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-09-15 17:23 - 2016-07-10 04:06 - 00000000 ____C C:\WINDOWS\system32\MRT.exe
2016-09-15 17:22 - 2016-07-10 02:11 - 00000910 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-15 15:11 - 2013-08-22 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-09-15 14:50 - 2013-08-22 12:47 - 00000000 ___RD C:\WINDOWS\ToastData
2016-09-15 14:32 - 2016-08-06 10:57 - 00000000 ____D C:\Users\john\AppData\Roaming\GoldenDict
2016-09-15 14:32 - 2016-07-10 02:13 - 00000000 ____D C:\Users\john\AppData\Roaming\Everything
2016-09-15 11:46 - 2016-07-10 02:34 - 00000000 ____D C:\ProgramData\Foxit Software
2016-09-14 14:21 - 2016-07-15 15:30 - 00000000 ____D C:\Users\john\AppData\Roaming\DMCache
2016-09-14 12:04 - 2016-07-15 15:19 - 00000000 ____D C:\Users\john\AppData\Roaming\Telegram Desktop
2016-09-14 10:09 - 2016-04-17 06:25 - 00000000 ____D C:\Users\john\Documents\MATLAB
2016-09-13 22:16 - 2016-07-10 03:20 - 00735488 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2016-09-13 22:14 - 2016-07-16 21:12 - 00000000 ____D C:\Users\john\AppData\Roaming\vlc
2016-09-13 10:33 - 2016-02-18 20:33 - 00000000 ____D C:\Users\john\Documents\OneNote Notebooks
2016-09-09 00:33 - 2016-08-07 19:02 - 00000000 ____D C:\Users\Guest\AppData\Local\Google
2016-09-08 19:32 - 2016-07-17 12:13 - 00000000 ____D C:\WINDOWS\Downloaded Installations
2016-09-08 19:32 - 2013-08-22 12:47 - 00000000 ____D C:\WINDOWS\system32\MsDtc
2016-09-08 16:29 - 2016-07-15 15:20 - 00000000 ____D C:\Users\john\AppData\Roaming\TeamViewer
2016-09-07 05:41 - 2016-07-10 10:45 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-09-07 05:41 - 2016-07-10 10:45 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-09-04 17:56 - 2016-02-07 02:22 - 00000000 ____D C:\Users\john\AppData\Local\Packages
2016-09-03 02:25 - 2016-07-15 15:49 - 00000000 ____D C:\Program Files\Dropbox
2016-09-02 20:15 - 2014-04-11 06:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2016-09-02 20:15 - 2014-04-11 06:40 - 00000000 ____D C:\Program Files\ASUS
2016-09-01 22:15 - 2016-07-10 03:20 - 00434144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2016-09-01 22:15 - 2016-07-10 03:20 - 00224616 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2016-09-01 22:15 - 2016-07-10 03:20 - 00118664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2016-09-01 22:15 - 2016-07-10 03:20 - 00092256 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2016-09-01 22:15 - 2016-07-10 03:20 - 00091232 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2016-09-01 22:15 - 2016-07-10 03:20 - 00060424 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2016-09-01 22:15 - 2016-07-10 03:20 - 00035096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2016-09-01 22:15 - 2016-07-10 03:20 - 00034008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2016-08-29 23:15 - 2013-08-22 12:47 - 00000000 __RSD C:\WINDOWS\Media
2016-08-29 11:13 - 2013-08-22 12:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-08-27 11:16 - 2016-02-08 13:43 - 00000000 ____D C:\Users\john\Documents\Custom Office Templates
2016-08-27 08:27 - 2016-07-15 15:18 - 00000000 ____D C:\Users\john\AppData\Roaming\qBittorrent
2016-08-24 11:40 - 2016-07-15 15:20 - 00000000 ____D C:\Program Files\TeamViewer
2016-08-24 03:19 - 2016-07-10 04:06 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-22 20:55 - 2016-08-08 17:05 - 00002849 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-08-22 13:36 - 2016-07-07 14:55 - 00000000 ____D C:\Users\john
2016-08-21 19:45 - 2016-07-10 03:08 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.1
2016-08-18 16:04 - 2016-07-15 15:20 - 00000943 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk


==================== Files in the root of some directories =======


2016-08-22 11:43 - 2016-08-22 23:18 - 0000006 _____ () C:\Users\john\AppData\Roaming\SmartDiarySuite.dic-sds
2016-08-07 10:54 - 2016-08-07 10:54 - 0004933 _____ () C:\ProgramData\pqoxeahx.aem
2014-04-11 06:40 - 2012-07-30 10:33 - 0000217 _____ () C:\ProgramData\SetStretch.cmd
2014-04-11 06:40 - 2009-07-22 14:34 - 0024576 _____ () C:\ProgramData\SetStretch.exe


Some zero byte size files/folders:
==========================
C:\Windows\System32\MRT.exe


==================== Bamital & volsnap =================


(There is no automatic fix for files that do not pass verification.)


C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed




LastRegBack: 2016-09-15 14:48


==================== End of FRST.txt ============================
 
Last edited by a moderator:

My Computer

System One

  • OS
    8.1
Run first two scans PCHF System Scans post results

Code:
[SIZE=5][U][B]Addition (from FRST)
[/B][/U][/SIZE]Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-09-2016
Ran by john (15-09-2016 17:57:19)
Running from C:\Users\john\Desktop
Microsoft Windows 8.1 (Update) (X86) (2016-07-07 10:31:07)
Boot Mode: Normal
==========================================================




==================== Accounts: =============================


Administrator (S-1-5-21-1211984804-1430602019-1276967695-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-1211984804-1430602019-1276967695-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-1211984804-1430602019-1276967695-1003 - Limited - Enabled)
john (S-1-5-21-1211984804-1430602019-1276967695-1001 - Administrator - Enabled) => C:\Users\john


==================== Security Center ========================


(If an entry is included in the fixlist, it will be removed.)


AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avast Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}


==================== Installed Programs ======================


(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)


Adobe Acrobat XI Pro (HKLM\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.00 - Adobe Systems)
Anki (HKLM\...\Anki) (Version:  - )
ANY-maze (HKLM\...\ANY-maze) (Version:  - Stoelting Co.)
ASUS Live Update (HKLM\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.4.3 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.3 - ASUS)
ASUS Smart Gesture (HKLM\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.16 - ASUS)
ATK Package (HKLM\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0033 - ASUS)
Avast Free Antivirus (HKLM\...\Avast) (Version: 12.3.2280 - AVAST Software)
Blio (HKLM\...\{7DBB61C8-34AD-4D60-BEE1-7F694B9A587A}) (Version: 3.1.9534 - K-NFB Reading Technology, Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.93.99.187.1 - Broadcom Corporation)
calibre (HKLM\...\{263E62B9-CB1E-4864-A8A7-37DEAC651484}) (Version: 2.63.0 - Kovid Goyal)
Canon MF210 Series (HKLM\...\{14824AB4-17F5-4909-80AB-A7E24743A47C}) (Version: 4.5.0.0 - CANON INC.)
Citavi 5 (HKLM\...\{7EB278FB-0C3C-445E-8665-4A6CDD9B794E}) (Version: 5.0.0.11 - Swiss Academic Software)
Cyberoam General Authentication Client 2.1.2.7 (HKLM\...\{043251F4-DA3F-44E6-A903-0A9B9FB375B9}}_is1) (Version:  - Cyberoam Technologies Pvt. Ltd.)
Dropbox (HKLM\...\Dropbox) (Version: 9.4.49 - Dropbox, Inc.)
Dropbox Update Helper (Version: 1.3.45.1 - Dropbox, Inc.) Hidden
ePub Converter v2.7.109.352 (HKLM\...\ePub Converter v2.7.109.3522.7.109.352) (Version: 2.7.109.352 - Friends in War)
EthoVision XT 11 (HKLM\...\{6F1198E3-A40C-4C59-B2FC-9A430B36D9AD}) (Version: 11.0.928 - Noldus Information Technology bv)
Everything 1.3.4.686 (x86) (HKLM\...\Everything) (Version:  - )
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 8.0.0.624 - Foxit Software Inc.)
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
GoldenDict (HKLM\...\GoldenDict) (Version:  - )
Google Chrome (HKLM\...\{FD78FCBB-B20E-370E-BA1C-FE6886D4214F}) (Version: 52.0.2743.116 - Google, Inc.)
Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
GraphPad Prism 6 (Trial) (HKLM\...\{E2D64D20-54B1-11E1-72AE-0169BBF12CD6}) (Version: 6.07 - GraphPad Software)
Herramientas de corrección de Microsoft Office 2016: español (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3417 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Internet Download Manager (HKLM\...\Internet Download Manager) (Version:  - Tonec Inc.)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version:  - )
MATLAB R2014a (HKLM\...\Matlab R2014a) (Version: 8.3 - The MathWorks, Inc.)
Metric Collection SDK 35 (Version: 1.2.0006.00 - Lenovo Group Limited) Hidden
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x86) - 12.0.20617 (HKLM\...\{1f407217-9aec-4146-8504-e64ac959c534}) (Version: 12.0.20617.1 - Microsoft Corporation)
Noldus HardwareInterface Iobox 3.0.12 (HKLM\...\{515A24CA-6F55-44F6-94F1-F39BA91DA19E}) (Version: 3.0.12 - Noldus Information Technology bv)
Noldus HardwareInterface MiniIobox 3.0.16 (HKLM\...\{705C9773-3987-45C8-B326-BB8D911A571B}) (Version: 3.0.16 - Noldus Information Technology bv)
Noldus MainConcept Codec Package 8.5 (HKLM\...\{5DA40F7A-56E2-4F77-B37C-5C8092BA249B}) (Version: 8.5.30 - Noldus Information Technology bv)
Noldus MainConcept Encoder Package 7.5 (HKLM\...\{6DF93DFB-24DA-48F9-8C73-E3A35F79107E}) (Version: 7.5.4 - Noldus Information Technology bv)
Noldus MediaLooks A/V Filters 3.2 (HKLM\...\{505F9AC2-C8AD-4E17-98AE-B5CF4D1F2D21}) (Version: 3.2.00 - Noldus Information Technology bv)
Noldus RBRMInterface (HKLM\...\{EDB651A9-DB41-49D3-97BB-021C1F290839}) (Version: 1.0.8 - Noldus Information Technology bv)
Noldus Resizer Filter 12.0.2 (HKLM\...\{53C62640-01F0-4A8D-9FD9-47D2EEB08945}) (Version: 12.0.2 - Noldus Information Technology bv)
OpenControl - Tracking Only v1.2 (HKLM\...\OpenControl-TrackingOnly_is1) (Version:  - Paulo Aguiar [EMAIL="paguiar@ibmc.up.pt"]paguiar@ibmc.up.pt[/EMAIL])
Outils de vérification linguistique 2016 de Microsoft Office - Français (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9.140.248 - Google, Inc.)
qBittorrent 3.3.5 (HKLM\...\qBittorrent) (Version: 3.3.5 - The qBittorrent project)
Realtek I2S Audio (HKLM\...\{89A448AA-3301-46AA-AFC3-34F2D7C670E8}) (Version: 6.2.9600.4087 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
SafeZone Stable 1.51.2220.53 (Version: 1.51.2220.53 - Avast Software) Hidden
Sandboxie 5.12 (32-bit) (HKLM\...\Sandboxie) (Version: 5.12 - Sandboxie Holdings, LLC)
Sentinel Runtime (HKLM\...\{2A414CBE-CDF3-48C6-A91B-D3D4522F8EB5}) (Version: 6.60.1.36770 - SafeNet Inc.)
SHAREit (HKLM\...\SHAREit_is1) (Version: 3.3.0.1103 - Lenovo)
Smart Diary Suite 4 (HKLM\...\{4E0B21EE-F414-412A-B916-19CBDEA5EF64}_is1) (Version:  - Programming Sunrise)
Smart v3.0.05 (HKLM\...\{13782DCB-22E7-4F72-8BF9-4B059D8599EA}_is1) (Version: 3.0.5.2902 - Panlab Harvard Apparatus)
SugarSync (HKLM\...\SugarSync) (Version: 3.7.2.7.144324 - SugarSync, Inc.)
TeamViewer 11 (HKLM\...\TeamViewer) (Version: 11.0.64630 - TeamViewer)
Telegram Desktop version 0.10.1 (HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 0.10.1 - Telegram Messenger LLP)
Temp File Cleaner (HKLM\...\Temp File Cleaner) (Version: 4.4.0 - Addpcs, LLC)
Todoist (HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\{B1B3C79A-FFD9-4B28-A456-62B6E55E2A5C}_is1) (Version: 2.7.6.0 - Doist Ltd.)
UnCleaner (HKLM\...\UnCleaner) (Version: 1.7 - Josh Cell Softwares Corporation)
Update for Skype for Business 2016 (KB3118288) 32-Bit Edition (HKLM\...\{90160000-0011-0000-0000-0000000FF1CE}_Office16.PROPLUS_{736AF69B-309B-4C1E-A1E7-202FF8CCA0CD}) (Version:  - Microsoft)
Update for Skype for Business 2016 (KB3118288) 32-Bit Edition (HKLM\...\{90160000-012B-0409-0000-0000000FF1CE}_Office16.PROPLUS_{736AF69B-309B-4C1E-A1E7-202FF8CCA0CD}) (Version:  - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WebStorage (HKLM\...\WebStorage) (Version: 2.1.2.301 - ASUS Cloud Corporation)
WinDirStat 1.1.2 (HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\WinDirStat) (Version:  - )
Windows 10 Upgrade Assistant (HKLM\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17332 - Microsoft Corporation)
Windows Driver Package - ASUS (AsusHID) Mouse  (03/17/2014 3.0.0.27) (HKLM\...\A2E56402A9DA7D645E15F917A8AD8C50FDC80753) (Version: 03/17/2014 3.0.0.27 - ASUS)
WinFlash (HKLM\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
WinRAR 5.31 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
Xilisoft PDF to EPUB Converter (HKLM\...\Xilisoft PDF to EPUB Converter) (Version: 1.0.1.0927 - Xilisoft)
Xvid Video Codec (HKLM\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)


==================== Custom CLSID (Whitelisted): ==========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)




==================== Scheduled Tasks (Whitelisted) =============


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


Task: {004EEE38-C96B-4042-864E-DDE62D721259} - System32\Tasks\Update Checker => C:\Program Files\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {0990F565-119A-4A2C-B762-78C82CA95154} - System32\Tasks\MATLAB R2014a Startup Accelerator => e:\Program Files\MATLAB\R2014a\bin\win32\MATLABStartupAccelerator.exe [2014-01-29] ()
Task: {2D23BF59-B5E6-4294-832C-1AE7252389B9} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2014-01-14] (ASUSTek Computer Inc.)
Task: {313B6B8F-EC4D-4EEB-B0A9-C0E2998D5847} - \ASUS Patch for Touch Panel -> No File <==== ATTENTION
Task: {5318C8C0-7823-4B2F-B271-D2CFCE3D45F6} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 35 => C:\Program Files\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe
Task: {57876349-58E1-4042-BE9F-F9DF9B7A125A} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-07-15] (Dropbox, Inc.)
Task: {6E795BEF-3F18-4D59-B526-8A7E1193B411} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-09-01] (AVAST Software)
Task: {6F8BE5F2-4AB8-407A-BB58-8C3C6FF9E49E} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)
Task: {81593B05-5E9A-444A-BB06-7A36B65B2C91} - System32\Tasks\ASUS Live Update1 => C:\Program Files\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {83F42300-30C3-4F23-98AB-96AA04A9F01C} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPLauncher.exe [2014-04-09] (AsusTek)
Task: {8687639D-93DD-494F-AE76-1922D6B6A23C} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-07-10] (AVAST Software)
Task: {C1C9D87E-22F6-4B23-8929-DE23B74A1DA3} - System32\Tasks\SafeZone scheduled Autoupdate 1472832695 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-08-09] (Avast Software)
Task: {D6EFF91B-908E-4AE1-BAC6-79B0610F168D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-07-10] (Google Inc.)
Task: {E3555FF8-B04C-4D2C-ADC0-C52D617756F9} - System32\Tasks\ASUS Live Update2 => C:\Program Files\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {F0FED4FB-582A-4548-B6CE-63C1258D7D8A} - System32\Tasks\AutoPico Daily Restart => d:\Program Files\KMSpico\AutoPico.exe [2015-09-27] (@ByELDI)
Task: {F2179854-30CB-4504-900A-3B886F9401C6} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-07-15] (Dropbox, Inc.)
Task: {F69F135A-1B72-4262-860F-D31950AFAD91} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-07-10] (Google Inc.)
Task: {FAB49829-3EE7-4234-BE84-277862F2A57C} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\MATLAB R2014a Startup Accelerator.job => e:\Program Files\MATLAB\R2014a\bin\win32\MATLABStartupAccelerator.exe


==================== Shortcuts =============================


(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Freelancy Time Tracker.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=olkajbcicgbkoefeclmjjbdhidnnmgkh
ShortcutWithArgument: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gliffy Diagrams.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=bhmicilclplefnflapjmnngmkkkkpfad
ShortcutWithArgument: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Keep - notes and lists.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
ShortcutWithArgument: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Pocket.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=mjcnijlhddpbdemagnpefmlkjdagkogk


==================== Loaded Modules (Whitelisted) ==============


2016-07-15 15:21 - 2016-08-06 11:43 - 00019216 _____ () C:\WINDOWS\system32\spool\PRTPROCS\W32X86\TeamViewer_PrintProcessor.dll
2016-07-10 03:19 - 2016-07-10 03:19 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2016-09-01 22:15 - 2016-09-01 22:15 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-09-01 22:15 - 2016-09-01 22:15 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-08-09 14:36 - 2016-08-03 04:54 - 01771336 _____ () C:\Program Files\Google\Chrome\Application\52.0.2743.116\libglesv2.dll
2016-08-09 14:36 - 2016-08-03 04:53 - 00094024 _____ () C:\Program Files\Google\Chrome\Application\52.0.2743.116\libegl.dll


==================== Alternate Data Streams (Whitelisted) =========


(If an entry is included in the fixlist, only the ADS will be removed.)




==================== Safe Mode (Whitelisted) ===================


(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"


==================== Association (Whitelisted) ===============


(If an entry is included in the fixlist, the registry item will be restored to default or removed.)




==================== Internet Explorer trusted/restricted ===============


(If an entry is included in the fixlist, it will be removed from the registry.)




==================== Hosts content: ===============================


(If needed Hosts: directive could be included in the fixlist to reset Hosts.)


2013-08-22 10:43 - 2016-09-09 00:04 - 00000753 ____A C:\WINDOWS\system32\Drivers\etc\hosts


 
127.0.0.1       localhost 


==================== Other Areas ============================


(Currently there is no automatic fix for this section.)


HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\asus\wallpapers\asus.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.


==================== MSCONFIG/TASK MANAGER disabled items ==


(Currently there is no automatic fix for this section.)


HKLM\...\StartupApproved\StartupFolder: => "Cyberoam General Authentication Client.lnk"
HKLM\...\StartupApproved\Run: => "WebStorage"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Everything"
HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_D08D85DCFC7DC1C74F7FE73786AFDD07"
HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\StartupApproved\Run: => "IDMan"
HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\StartupApproved\Run: => "SandboxieControl"
HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\StartupApproved\Run: => "SugarSync"


==================== FirewallRules (Whitelisted) ===============


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{9D61E6CB-5763-41DC-8C3F-B008269381A2}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe
FirewallRules: [{BEFB68FE-2829-4C43-9389-4E28E4352F11}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe
FirewallRules: [{1AFD70A4-6761-42EB-A1CE-0037C60A97AB}] => (Allow) C:\WINDOWS\system32\hasplms.exe
FirewallRules: [{8122C688-943D-4E78-8DA2-81026A22E387}] => (Allow) D:\Program Files\SHAREit\SHAREit.exe
FirewallRules: [{03D00B97-38FA-4CC9-AB46-137760E3C979}] => (Allow) D:\Program Files\SHAREit\SHAREit.exe
FirewallRules: [{39CACE31-6E80-4BFD-9E17-C33167368718}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{E796579A-3C8D-4EDC-AC62-61A8CCD9B560}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{795B5D8D-CFEB-44A7-AA6C-B6A8E9FE4933}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{A8235268-B96A-46A5-BA60-A788E3C30341}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{C6293449-82E5-4ED1-BCCD-3C290B968B91}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{2CA38FD0-9E62-4844-AF73-F25513492427}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{B2CF45F7-7CD5-4F0F-B437-7F125D088AA8}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{145D4365-FDAD-4C2A-8F39-BE9EC439C178}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E6B57682-B80E-471B-999B-C9F4F6006BEA}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{709C1F62-6910-44AF-9E5A-045C27239C6C}] => (Allow) C:\Program Files\Internet Download Manager\IDMan.exe
FirewallRules: [{C0EB0285-0D4B-499C-9367-BA1D1D3ADC5E}] => (Allow) C:\Program Files\Internet Download Manager\IDMan.exe
FirewallRules: [{E3CF7D3E-49DB-4099-908B-065F0DBBD1F8}] => (Allow) C:\Program Files\Internet Download Manager\IDMan.exe
FirewallRules: [{E2136944-8C09-4054-BBE4-087976BABF17}] => (Allow) C:\Program Files\Internet Download Manager\IDMan.exe
FirewallRules: [TCP Query User{DED73CCC-54EB-4DEA-94B1-BC0CE89C5CE6}C:\users\john\desktop\shortcuts\fg759p.exe] => (Allow) C:\users\john\desktop\shortcuts\fg759p.exe
FirewallRules: [UDP Query User{2BD954D6-D8B6-4D6C-980A-0E4F566067F4}C:\users\john\desktop\shortcuts\fg759p.exe] => (Allow) C:\users\john\desktop\shortcuts\fg759p.exe
FirewallRules: [{B6947C46-921D-4403-9484-3CC8BCC11180}] => (Allow) C:\Program Files\Dropbox\Client\Dropbox.exe
FirewallRules: [{5A23F26C-C55E-441B-BA66-C3E34E196AB6}] => (Allow) LPort=1688
FirewallRules: [{449AE8C3-1263-4C07-B028-0E0FD91066A2}] => (Allow) D:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{10FBAC06-9F86-476B-B9BC-D46E6E705000}] => (Allow) D:\Program Files\KMSpico\Service_KMS.exe


==================== Restore Points =========================




==================== Faulty Device Manager Devices =============




==================== Event log errors: =========================


Application errors:
==================
Error: (09/15/2016 05:37:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 52.0.2743.116, time stamp: 0x57a128a8
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0xd64
Faulting application start time: 0x01d20f5170d1eb88
Faulting application path: C:\Program Files\Google\Chrome\Application\chrome.exe
Faulting module path: unknown
Report Id: 491dbe13-7b45-11e6-9746-7824af713162
Faulting package full name: 
Faulting package-relative application ID:


Error: (09/15/2016 05:32:43 PM) (Source: DptfPolicyLpmService) (EventID: 1) (User: )
Description: Event-ID 1


Error: (09/15/2016 05:22:53 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\WINDOWS\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x8004231f).


Error: (09/15/2016 03:11:23 PM) (Source: System Restore) (EventID: 8211) (User: )
Description: The scheduled restore point could not be created.  Additional information: (0x80070070).


Error: (09/15/2016 03:11:23 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\WINDOWS\system32\srtasks.exe ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070070).


Error: (09/15/2016 02:49:51 PM) (Source: VSS) (EventID: 12305) (User: )
Description: Volume Shadow Copy Service error: Volume/disk not connected or not found.
Error context: CreateFileW(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1,0xc0000000,0x00000003,...).




Operation:
   Processing PostFinalCommitSnapshots


Context:
   Execution Context: System Provider


Error: (09/15/2016 02:35:28 PM) (Source: DptfPolicyLpmService) (EventID: 1) (User: )
Description: Event-ID 1


Error: (09/15/2016 02:35:28 PM) (Source: DptfPolicyLpmService) (EventID: 1) (User: )
Description: Event-ID 1


Error: (09/15/2016 02:34:04 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\WINDOWS\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_9dfef83fe2e442e4\TiWorker.exe -Embedding; Description = Windows Modules Installer; Error = 0x8004231f).


Error: (09/15/2016 02:33:50 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\WINDOWS\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x8004231f).




System errors:
=============
Error: (09/15/2016 05:23:00 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Windows Malicious Software Removal Tool for Windows 8, 8.1 and 10 - September 2016 (KB890830).


Error: (09/15/2016 05:22:53 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Microsoft Visio 2016 (KB3115494) 32-Bit Edition.


Error: (09/15/2016 03:10:49 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Microsoft Office 2016 (KB3115495) 32-Bit Edition.


Error: (09/15/2016 03:10:44 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Windows 8.1 (KB2965142).


Error: (09/15/2016 03:10:44 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 8.1 (KB3177186).


Error: (09/15/2016 03:10:44 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 8.1 (KB3178539).


Error: (09/15/2016 02:49:51 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.


Error: (09/15/2016 02:35:09 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Error: (09/15/2016 02:34:17 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Microsoft Office 2016 (KB3115495) 32-Bit Edition.


Error: (09/15/2016 02:34:17 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Windows 8.1 (KB2965142).




CodeIntegrity:
===================================
  Date: 2016-09-15 17:30:10.237
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


  Date: 2016-09-15 17:26:57.021
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


  Date: 2016-09-15 14:34:45.690
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


  Date: 2016-09-13 10:18:04.440
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


  Date: 2016-09-10 14:03:59.221
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


  Date: 2016-09-09 01:35:54.942
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


  Date: 2016-09-08 23:42:48.471
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


  Date: 2016-09-08 23:27:44.659
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


  Date: 2016-09-08 16:23:02.143
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


  Date: 2016-09-02 20:41:04.221
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.




==================== Memory info =========================== 


Processor: Intel(R) Atom(TM) CPU Z3775 @ 1.46GHz
Percentage of memory in use: 65%
Total physical RAM: 1933.14 MB
Available physical RAM: 663.49 MB
Total Virtual: 2260.77 MB
Available Virtual: 652.31 MB


==================== Drives ================================


Drive c: (OS) (Fixed) (Total:20.9 GB) (Free:0.46 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: () (Removable) (Total:28.97 GB) (Free:3.9 GB) FAT32
Drive e: (Data1) (Fixed) (Total:465.76 GB) (Free:195.17 GB) NTFS


==================== MBR & Partition Table ==================


========================================================
Disk: 0 (Size: 29.1 GB) (Disk ID: 6836FA22)


Partition: GPT.


========================================================
Disk: 1 (Size: 29 GB) (Disk ID: 00000000)


Partition: GPT.


========================================================
Disk: 2 (Size: 465.8 GB) (Disk ID: 233EF10A)


Partition: GPT.


==================== End of Addition.txt ============================

[SIZE=5][B][U]FRST
[/U][/B][/SIZE]Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2016
Ran by john (administrator) on SNTODAY (15-09-2016 17:56:11)
Running from C:\Users\john\Desktop
Loaded Profiles: john (Available Profiles: john & Administrator & Guest)
Platform: Microsoft Windows 8.1 (Update) (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: [URL="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/"]FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials[/URL]


==================== Processes (Whitelisted) =================


(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe
(ASUS Cloud Corporation) C:\Program Files\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe
(Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
(Foxit Software Inc.) C:\Program Files\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(@ByELDI) D:\Program Files\KMSpico\Service_KMS.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPLoader.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPCenter.exe
(Intel Corporation) C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPHelper.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Adobe Systems Inc.) D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe
(Microsoft Corporation) D:\Program Files\Microsoft Office\Office16\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe
(Microsoft Corporation) D:\Program Files\Microsoft Office\Office16\WINWORD.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_9dfef83fe2e442e4\TiWorker.exe




==================== Registry (Whitelisted) ===========================


(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


HKLM\...\Run: [ASUSPRP] => C:\Program Files\ASUS\APRP\APRP.EXE [1080992 2014-04-11] (ASUSTek Computer Inc.)
HKLM\...\Run: [WebStorage] => C:\Program Files\ASUS\WebStorage\2.1.2.301\ASUSWSLoader.exe [63296 2014-02-25] ()
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe [81360 2014-01-22] (Intel Corporation)
HKLM\...\Run: [RtkNGUI] => C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe [2912256 2014-01-17] (Realtek Semiconductor)
HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [1048576 2014-08-06] ()
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9107616 2016-09-12] (AVAST Software)
HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [25197248 2016-08-31] (Dropbox, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Acrobat Assistant 8.0] => D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3477640 2012-09-23] (Adobe Systems Inc.)
HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [3961968 2016-07-15] (Tonec Inc.)
HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\Run: [SugarSync] => C:\Program Files\SugarSync\SugarSync.exe [18918368 2016-05-19] (SugarSync, Inc.)
HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [644240 2016-06-15] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\Run: [GoogleChromeAutoLaunch_D08D85DCFC7DC1C74F7FE73786AFDD07] => C:\Program Files\Google\Chrome\Application\chrome.exe [961352 2016-08-03] (Google Inc.)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2015-08-14] (Tonec Inc.)
ShellIconOverlayIdentifiers: [ !SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files\SugarSync\SugarSyncShellExt.dll [2016-05-19] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [ !SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files\SugarSync\SugarSyncShellExt.dll [2016-05-19] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [ !SugarSyncSharedSyncing] -> {F7395C2E-A5D8-4a32-9536-5C6A9F1DC450} => C:\Program Files\SugarSync\SugarSyncShellExt.dll [2016-05-19] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [ !SugarSyncSynced] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files\SugarSync\SugarSyncShellExt.dll [2016-05-19] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_BN] -> {CC5FC992-B0AA-47CD-9DC2-83445083CBB9} => C:\Program Files\Common Files\AWS\2.1.2.301\ASUSWSShellExt.dll [2013-06-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_ON] -> {618A47A2-528B-4D9A-AFC8-97D3233511E3} => C:\Program Files\Common Files\AWS\2.1.2.301\ASUSWSShellExt.dll [2013-06-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_UN] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files\Common Files\AWS\2.1.2.301\ASUSWSShellExt.dll [2013-06-26] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-09-01] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Cyberoam General Authentication Client.lnk [2016-07-27]
ShortcutTarget: Cyberoam General Authentication Client.lnk -> C:\Program Files\Cyberoam\Cyberoam General Authentication Client\CyberoamClient.exe ()
Startup: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-09-15]
ShortcutTarget: Send to OneNote.lnk -> D:\Program Files\Microsoft Office\Office16\ONENOTEM.EXE (Microsoft Corporation)


==================== Internet (Whitelisted) ====================


(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{DC3F7DB0-A95E-4F15-8348-BED0679CEF24}: [DhcpNameServer] 40.51.1.13
Tcpip\..\Interfaces\{ED5A8691-112E-4B41-AD16-64AE84004562}: [DhcpNameServer] 192.168.1.1


Internet Explorer:
==================
HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com/?pc=ASJB
HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
SearchScopes: HKU\S-1-5-21-1211984804-1430602019-1276967695-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2016-07-05] (Internet Download Manager, Tonec Inc.)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-09-01] (AVAST Software)
BHO: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1211984804-1430602019-1276967695-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - D:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-06-14] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - D:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-06-14] (Microsoft Corporation)


FireFox:
========
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-06-07] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-06-07] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-06-07] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-06-07] (Foxit Corporation)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2015-08-27] (Google, Inc.)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll [2013-07-13] (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll [2013-07-13] (Intel Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> D:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: Adobe Acrobat -> D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-09-01]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-09-01]
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2016-07-27] [not signed]
FF HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\john\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\john\AppData\Roaming\IDM\idmmzcc5 [2016-09-15] [not signed]
FF HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2016-06-08]


Chrome: 
=======
CHR DefaultSearchKeyword: Default -> cal
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\john\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-09]
CHR Extension: (Google Docs) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-09]
CHR Extension: (Task Timer) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomfjmibjhhfdenfkpaodhnlhkolngif [2016-09-09]
CHR Extension: (Google Drive) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-09]
CHR Extension: (Gliffy Diagrams) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmicilclplefnflapjmnngmkkkkpfad [2016-09-09]
CHR Extension: (YouTube) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-09]
CHR Extension: (Calendar and Countdown) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\caplfhpahpkhhckglldpmdmjclabckhc [2016-09-09]
CHR Extension: (OneTab) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2016-09-09]
CHR Extension: (High Contrast) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcfdncoelnlbldjfhinnjlhdjlikmph [2016-09-09]
CHR Extension: (Adobe Acrobat) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2016-09-09]
CHR Extension: (Google Calendar) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2016-09-09]
CHR Extension: (Avast SafePrice) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-09-10]
CHR Extension: (Morphine) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbnpehpbojenlldmfcopeajkichnnjpo [2016-09-09]
CHR Extension: (Google Sheets) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-09]
CHR Extension: (Notepad) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffbhefmlcoihbjcmibbfkocmnaiacinp [2016-09-09]
CHR Extension: (Google Docs Offline) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-09]
CHR Extension: (AdBlock) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-09-09]
CHR Extension: (Google Calendar (by Google)) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2016-09-09]
CHR Extension: (Avast Online Security) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-09-09]
CHR Extension: (Super Simple Highlighter) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlhjgianpocpoppaiihmlpgcoehlhio [2016-09-09]
CHR Extension: (Checker Plus for Google Calendar™) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkhggnncdpfibdhinjiegagmopldibha [2016-09-12]
CHR Extension: (Google Keep - notes and lists) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2016-09-13]
CHR Extension: (Apps Launcher) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijmgkhchjindcjamnckoiahagecjnkdc [2016-09-14]
CHR Extension: (Spreed - speed read the web) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipikiaejjblmdopojhpejjmbedhlibno [2016-09-09]
CHR Extension: (Simple Notepad) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfjclcfpbfhdmikhohhjacgdmndneckj [2016-09-09]
CHR Extension: (BugMeNot Lite) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\lackfehpdclhclidcbbfcemcpolgdgnb [2016-09-09]
CHR Extension: (Progress Bar Timer) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmnlbapfmmoaehepmgbkgfcgpddlhbko [2016-09-09]
CHR Extension: (Pocket) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2016-09-10]
CHR Extension: (Prioritab) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\napbejkndjhcciibiglkimmgdlfjcbnp [2016-09-09]
CHR Extension: (IDM Integration Module) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-09-09]
CHR Extension: (Save to Pocket) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2016-09-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-09]
CHR Extension: (Citavi Picker) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgndokldibnndfnjnagojmheejlengn [2016-09-09]
CHR Extension: (Readability) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\oknpjjbmpnndlpmnhmekjpocelpnlfdi [2016-09-09]
CHR Extension: (Freelancy Time Tracker) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\olkajbcicgbkoefeclmjjbdhidnnmgkh [2016-09-09]
CHR Extension: (Browsec VPN - Privacy and Security Online) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\omghfjlpggmjjaagoclmmobgdodcjboh [2016-09-09]
CHR Extension: (SiteBlock) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfglnpdpgmecffbejlfgpnebopinlclj [2016-09-09]
CHR Extension: (Gmail) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-09]
CHR Extension: (Chrome Media Router) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-09]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2016-06-09]
CHR HKLM\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn] - hxxps://clients2.google.com/service/update2/crx


==================== Services (Whitelisted) ========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


R2 AsHidService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe [103224 2013-09-09] (ASUSTek Computer Inc.)
R2 ASLDRService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe [115512 2014-02-18] (ASUSTek Computer Inc.)
R2 Asus WebStorage Windows Service; C:\Program Files\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe [71680 2014-02-25] (ASUS Cloud Corporation) [File not signed]
R2 ATKGFNEXSrv; C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2011-11-22] (ASUS)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-01] (AVAST Software)
S2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [1677016 2014-08-07] (Broadcom Corporation.)
S3 cphs; C:\WINDOWS\system32\IntelCpHeciSvc.exe [277304 2014-02-11] (Intel Corporation)
S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-07-15] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-07-15] (Dropbox, Inc.)
R2 DptfParticipantProcessorService; C:\WINDOWS\system32\DptfParticipantProcessorService.exe [83920 2014-01-22] (Intel Corporation)
R2 DptfPolicyCriticalService; C:\WINDOWS\system32\DptfPolicyCriticalService.exe [96720 2014-01-22] (Intel Corporation)
R2 DptfPolicyLpmService; C:\WINDOWS\system32\DptfPolicyLpmService.exe [90576 2014-01-22] (Intel Corporation)
R2 FoxitReaderService; C:\Program Files\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1647808 2016-06-21] (Foxit Software Inc.)
R2 hasplms; C:\WINDOWS\system32\hasplms.exe [4609928 2013-08-01] (SafeNet Inc.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [586752 2013-07-02] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [637912 2013-07-02] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe [168216 2014-01-15] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files\Common Files\LENOVO\easyplussdk\bin\EPHotspot.exe [509424 2015-06-08] (Lenovo)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [154256 2016-06-15] (Sandboxie Holdings, LLC)
R2 Service KMSELDI; d:\Program Files\KMSpico\Service_KMS.exe [739520 2015-09-27] (@ByELDI) [File not signed]
S3 ShareItSvc; D:\Program Files\SHAREit\Shareit.Service.exe [31704 2016-03-31] (SHAREit Technologies Co.Ltd)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [7248144 2016-08-09] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [284520 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22224 2015-07-07] (Microsoft Corporation)


===================== Drivers (Whitelisted) ==========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


R2 aksfridge; C:\WINDOWS\system32\drivers\aksfridge.sys [376200 2013-08-01] (SafeNet Inc.)
R2 ASMMAP; C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys [13880 2009-07-03] (ASUS)
R3 AsusHID; C:\WINDOWS\System32\drivers\AsusHID.sys [68888 2014-04-09] (ASUS Corporation)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [34008 2016-09-01] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [35096 2016-09-01] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [92256 2016-09-01] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [91232 2016-09-01] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [60424 2016-09-01] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [735488 2016-09-13] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [434144 2016-09-01] (AVAST Software)
S2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [118664 2016-09-01] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [224616 2016-09-01] (AVAST Software)
R1 ATKWMIACPIIO; C:\Program Files\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi.sys [17720 2013-07-03] (ASUSTek Computer Inc.)
S3 AX88772; C:\WINDOWS\system32\DRIVERS\ax88772.sys [97896 2013-07-18] (ASIX Electronics Corp.)
R3 BCMSDH43XX; C:\WINDOWS\system32\DRIVERS\bcmdhd63.sys [304344 2014-08-07] (Broadcom Corp)
R3 BthMini; C:\WINDOWS\System32\Drivers\BTHMINI.sys [23552 2014-10-29] (Microsoft Corporation)
S3 btwampfl; C:\WINDOWS\system32\DRIVERS\btwampfl.sys [144600 2014-08-07] (Broadcom Corporation.)
R3 BtwSerialBus; C:\WINDOWS\system32\DRIVERS\BtwSerialBus.sys [130776 2014-08-07] (Broadcom Corporation.)
R3 camera; C:\WINDOWS\system32\DRIVERS\camera.sys [345088 2013-12-02] (Intel Corporation)
R3 CM3218x; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [188416 2014-05-31] (Microsoft Corporation)
R3 CPLMACPI; C:\WINDOWS\system32\DRIVERS\CPLMACPI.sys [16488 2013-09-06] (Capella Microsystems, Inc.)
R3 DptfDevDBPT; C:\WINDOWS\system32\DRIVERS\DptfDevPower.sys [25552 2014-01-22] (Intel Corporation)
R3 DptfDevDisplay; C:\WINDOWS\system32\DRIVERS\DptfDevDisplay.sys [28112 2014-01-22] (Intel Corporation)
R3 DptfDevGen; C:\WINDOWS\system32\DRIVERS\DptfDevGen.sys [36304 2014-01-22] (Intel Corporation)
R3 DptfDevProc; C:\WINDOWS\system32\DRIVERS\DptfDevProc.sys [80848 2014-01-22] (Intel Corporation)
R3 DptfManager; C:\WINDOWS\system32\DRIVERS\DptfManager.sys [181712 2014-01-22] (Intel Corporation)
R3 GPIO; C:\WINDOWS\System32\drivers\iaiogpioe.sys [23552 2013-12-30] (Intel Corporation)
R3 GpioVirtual; C:\WINDOWS\System32\drivers\iaiogpiovirtual.sys [16896 2013-12-30] (Intel Corporation)
R2 hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [608648 2013-08-01] (SafeNet Inc.)
R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsHIDSwitch.sys [17720 2013-10-08] (ASUS)
S1 hwinterface; C:\WINDOWS\System32\Drivers\hwinterface.sys [3026 2016-08-07] (Logix4u) [File not signed]
R3 iaioi2c; C:\WINDOWS\System32\drivers\iaioi2ce.sys [58368 2013-11-15] (Intel Corporation)
R3 iaiouart; C:\WINDOWS\System32\drivers\iaiouart.sys [87552 2013-12-30] (Intel Corporation)
S0 iaStorA; C:\WINDOWS\System32\drivers\iaStorA.sys [489832 2013-12-16] (Intel Corporation)
R2 inpout32; C:\WINDOWS\System32\Drivers\inpout32.sys [11936 2016-08-05] (Highresolution Enterprises [[URL="http://www.highrez.co.uk]"]www.highrez.co.uk][/URL])
S3 intaud_WaveExtensible; C:\WINDOWS\system32\drivers\intelaud.sys [32664 2014-01-23] (Intel Corporation)
R3 IntelSST; C:\WINDOWS\system32\drivers\isstrtc.sys [254464 2013-12-30] (Intel(R) Corporation)
R3 INVN_MotionApps; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [188416 2014-05-31] (Microsoft Corporation)
R3 iwdbus; C:\WINDOWS\System32\drivers\iwdbus.sys [23448 2014-01-23] (Intel Corporation)
R0 MBI; C:\WINDOWS\System32\drivers\MBI.sys [21456 2013-12-30] (Intel Corporation)
R3 MT9M114; C:\WINDOWS\System32\drivers\MT9M114.sys [38912 2013-12-02] (Intel Corporation)
S3 NETwNs32; C:\WINDOWS\system32\DRIVERS\Netwsn00.sys [10372096 2013-06-18] (Intel Corporation)
R3 PMIC; C:\WINDOWS\System32\drivers\PMIC.sys [48128 2013-12-30] (Intel Corporation)
R3 rtii2sac; C:\WINDOWS\system32\DRIVERS\rtii2sac.sys [169176 2014-03-14] (Realtek Semiconductor Corp.)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [177296 2016-06-15] (Sandboxie Holdings, LLC)
R3 SensorsServiceDriver; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [188416 2014-05-31] (Microsoft Corporation)
R3 teamviewervpn; C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys [25088 2016-07-05] (TeamViewer GmbH)
R3 TXEI; C:\WINDOWS\System32\drivers\TXEI.sys [75792 2014-02-26] (Intel Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [38928 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [233304 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [84824 2015-07-07] (Microsoft Corporation)
U0 msahci; no ImagePath


==================== NetSvcs (Whitelisted) ===================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)




==================== One Month Created files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2016-09-15 17:56 - 2016-09-15 17:56 - 00031615 _____ C:\Users\john\Desktop\FRST.txt
2016-09-15 17:55 - 2016-09-15 17:55 - 01748992 _____ (Farbar) C:\Users\john\Desktop\FRST.exe
2016-09-15 17:55 - 2016-09-15 17:55 - 00000000 ____D C:\Users\john\Desktop\FRST-OlderVersion
2016-09-15 17:51 - 2016-09-15 17:53 - 00031686 _____ C:\Users\john\Desktop\reg.txt
2016-09-15 17:51 - 2016-09-08 23:48 - 00278831 _____ C:\Users\john\Desktop\wireless.exe
2016-09-15 17:49 - 2016-09-15 17:49 - 00035851 _____ C:\Users\john\Desktop\MTB.txt
2016-09-15 17:36 - 2016-09-15 17:36 - 03861056 _____ C:\Users\john\Desktop\adwcleaner_6.020.exe
2016-09-15 15:01 - 2014-04-14 07:07 - 00865280 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2016-09-15 14:29 - 2014-08-16 07:46 - 01205976 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2016-09-15 14:29 - 2014-08-16 05:13 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2016-09-15 14:29 - 2014-08-16 05:01 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll
2016-09-15 14:29 - 2014-08-16 04:51 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcsvDevice.dll
2016-09-15 14:29 - 2014-08-16 04:45 - 00586752 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2016-09-15 14:29 - 2014-08-16 04:44 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2016-09-15 14:29 - 2014-08-16 04:43 - 05902848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-09-15 14:29 - 2014-08-16 04:43 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2016-09-15 14:29 - 2014-08-16 04:41 - 03985408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2016-09-15 14:29 - 2014-08-16 04:35 - 00877056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2016-09-15 14:29 - 2014-07-24 15:12 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2016-09-15 14:03 - 2014-05-19 10:03 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvcfg.exe
2016-09-15 14:03 - 2014-05-19 09:53 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe
2016-09-15 13:33 - 2016-08-13 12:15 - 05761880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-09-15 13:33 - 2016-08-13 12:14 - 01471544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-09-15 13:33 - 2016-08-13 12:14 - 01395664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-09-15 13:33 - 2016-08-13 12:14 - 01284576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-09-15 13:33 - 2016-08-13 12:14 - 01271152 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-09-15 13:33 - 2016-08-13 12:14 - 01173016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-09-15 13:33 - 2016-08-13 02:49 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2016-09-15 13:33 - 2014-04-11 12:55 - 00419928 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2016-09-15 12:42 - 2014-04-18 18:13 - 00031064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll
2016-09-15 12:42 - 2014-04-18 13:21 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\energyprov.dll
2016-09-15 12:42 - 2014-04-14 12:31 - 00285144 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-09-15 12:42 - 2014-04-11 08:53 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2016-09-15 12:42 - 2014-04-11 07:57 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2016-09-15 12:42 - 2014-04-09 10:14 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll
2016-09-15 12:42 - 2014-04-06 19:53 - 00098584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2016-09-15 12:42 - 2014-04-06 19:52 - 00178184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2016-09-15 12:42 - 2014-04-06 19:48 - 00271192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2016-09-15 12:42 - 2014-04-06 19:46 - 01209616 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2016-09-15 12:42 - 2014-04-06 19:46 - 01159520 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2016-09-15 12:42 - 2014-04-06 19:46 - 00707048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-09-15 12:42 - 2014-04-06 19:46 - 00669856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2016-09-15 12:42 - 2014-04-06 19:46 - 00518544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2016-09-15 12:42 - 2014-04-06 16:36 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\srclient.dll
2016-09-15 12:42 - 2014-04-06 16:30 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2016-09-15 12:42 - 2014-04-06 16:17 - 00264704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2016-09-15 12:42 - 2014-04-06 16:10 - 00245248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe
2016-09-15 12:42 - 2014-04-06 15:28 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2016-09-15 12:42 - 2014-04-06 15:07 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-09-15 12:42 - 2014-04-06 15:06 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-09-15 12:42 - 2014-04-06 14:29 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2016-09-15 12:42 - 2014-04-03 08:33 - 00230808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2016-09-15 12:42 - 2014-04-03 06:53 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\tlscsp.dll
2016-09-15 12:42 - 2014-03-27 09:18 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2016-09-15 12:42 - 2014-03-27 08:49 - 00313344 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2016-09-15 12:42 - 2014-03-27 07:52 - 00244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2016-09-15 12:42 - 2014-03-27 07:33 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll
2016-09-15 12:42 - 2014-03-19 11:47 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll
2016-09-15 12:42 - 2014-03-19 11:39 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2016-09-15 12:42 - 2014-03-19 09:30 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-09-15 12:42 - 2014-03-19 09:21 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2016-09-15 12:42 - 2014-03-19 09:17 - 01309184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2016-09-15 12:42 - 2014-03-18 11:52 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2016-09-15 12:42 - 2014-03-17 08:41 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2016-09-15 12:42 - 2014-03-17 07:15 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2016-09-15 12:41 - 2014-07-15 21:37 - 02257584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2016-09-15 12:41 - 2014-07-15 12:33 - 02344448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2016-09-15 12:41 - 2014-07-15 12:25 - 02045440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll
2016-09-15 12:41 - 2014-05-01 15:30 - 00046512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wpcfltr.sys
2016-09-15 12:17 - 2016-08-21 03:21 - 01118720 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-09-15 12:17 - 2016-08-21 03:20 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-09-15 12:17 - 2016-08-14 22:44 - 01403320 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-09-15 12:17 - 2016-08-14 21:52 - 03475968 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-09-15 12:15 - 2014-05-13 09:51 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\BulkOperationHost.exe
2016-09-15 12:15 - 2014-05-13 08:13 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2016-09-15 12:15 - 2014-05-03 09:27 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-09-15 12:15 - 2014-05-03 09:16 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncobjapi.dll
2016-09-15 12:15 - 2014-05-03 09:07 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedynos.dll
2016-09-15 12:15 - 2014-05-03 09:07 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedyn.dll
2016-09-15 12:15 - 2014-04-30 10:02 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwififlt.sys
2016-09-15 12:15 - 2014-04-30 09:59 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2016-09-15 12:15 - 2014-04-30 09:18 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
2016-09-15 12:15 - 2014-04-30 08:16 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2016-09-15 12:15 - 2014-04-30 08:16 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2016-09-15 12:15 - 2014-04-30 08:16 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll
2016-09-15 12:15 - 2014-04-30 08:15 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll
2016-09-15 12:15 - 2014-04-30 07:45 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2016-09-15 12:15 - 2014-04-14 12:38 - 01797896 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2016-09-15 12:15 - 2014-04-14 09:48 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d8thk.dll
2016-09-15 11:49 - 2014-08-23 10:02 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2016-09-15 11:49 - 2014-08-23 08:32 - 00612352 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2016-09-15 11:47 - 2016-09-15 11:47 - 00914104 _____ C:\Users\john\Desktop\The Art of Forgetting.pdf
2016-09-15 11:41 - 2016-09-15 14:25 - 00010033 _____ C:\Users\john\Desktop\Book of all to do.xlsx
2016-09-15 11:37 - 2014-07-12 08:13 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2016-09-15 11:36 - 2016-08-21 03:35 - 05273600 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll
2016-09-15 11:36 - 2016-08-21 02:57 - 05268480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-09-15 11:31 - 2016-09-01 07:38 - 20312064 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-09-15 11:31 - 2016-09-01 07:16 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-09-15 11:31 - 2016-09-01 06:54 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-09-15 11:31 - 2016-09-01 06:09 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-09-15 11:31 - 2016-09-01 06:00 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-09-15 11:31 - 2016-09-01 05:57 - 13808128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-09-15 11:31 - 2016-09-01 05:54 - 04607488 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-09-15 11:31 - 2016-09-01 05:13 - 02445824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-09-15 11:31 - 2016-09-01 05:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-09-15 11:31 - 2016-09-01 05:08 - 01316352 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-09-15 11:31 - 2016-08-26 09:14 - 02286592 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-09-15 11:31 - 2016-08-26 08:30 - 01049600 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-09-15 11:22 - 2016-08-10 03:17 - 00611576 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2016-09-15 11:20 - 2016-09-09 02:21 - 00332632 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-09-15 11:20 - 2016-08-22 20:39 - 00136872 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2016-09-15 11:20 - 2016-08-22 20:39 - 00077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2016-09-15 11:20 - 2016-08-21 04:31 - 00153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-09-15 11:20 - 2016-08-21 04:30 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-09-15 11:20 - 2016-08-21 04:29 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-09-14 10:36 - 2016-09-14 11:49 - 00001614 _____ C:\Users\john\Downloads\dcopycopy.m
2016-09-11 22:43 - 2016-09-11 22:43 - 00000000 _____ C:\WINDOWS\system32\last.dump
2016-09-10 23:15 - 2016-09-03 22:18 - 00143995 _____ C:\Users\john\Downloads\d - Copy - Copy.mat
2016-09-10 23:15 - 2016-09-03 22:18 - 00143995 _____ C:\Users\john\Downloads\d - Copy - Copy (3).mat
2016-09-10 23:15 - 2016-09-03 22:18 - 00143995 _____ C:\Users\john\Downloads\d - Copy - Copy (2).mat
2016-09-10 14:02 - 2016-09-10 14:02 - 00000000 ____D C:\Users\Guest\AppData\Local\VirtualStore
2016-09-09 12:48 - 2016-09-09 12:48 - 00000000 ____D C:\ProgramData\IDM
2016-09-09 00:40 - 2016-09-09 00:01 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
2016-09-09 00:01 - 2016-09-09 00:33 - 00000000 ____D C:\zoek_backup
2016-09-08 23:54 - 2016-09-15 17:56 - 00000000 ____D C:\FRST
2016-09-08 23:38 - 2016-09-08 23:38 - 00000000 ____D C:\ProgramData\Blio
2016-09-08 23:37 - 2016-09-08 23:37 - 00001706 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Blio eBooks.lnk
2016-09-08 23:37 - 2016-09-08 23:37 - 00000000 ____D C:\Users\john\AppData\Roaming\Blio
2016-09-08 23:37 - 2016-09-08 23:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-NFB Reading Technology
2016-09-08 23:36 - 2016-09-15 17:41 - 00000000 ____D C:\AdwCleaner
2016-09-08 23:34 - 2016-09-08 23:34 - 00892416 _____ (Farbar) C:\Users\john\Desktop\MiniToolBox.exe
2016-09-08 19:31 - 2016-09-08 19:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\UnCleaner
2016-09-08 19:31 - 2016-09-08 19:31 - 00000000 ____D C:\Program Files\UnCleaner
2016-09-08 16:42 - 2016-09-08 16:43 - 01584719 _____ C:\Users\john\Downloads\butterfly-wallpaper.jpeg
2016-09-08 16:14 - 2016-09-08 16:14 - 00773572 _____ (Soft98.iR) C:\Users\john\Downloads\Unconfirmed 993990.crdownload
2016-09-05 15:51 - 2016-09-05 16:03 - 00000000 ____D C:\Users\john\Desktop\New folder
2016-09-05 11:33 - 2016-09-15 17:33 - 00000560 _____ C:\WINDOWS\Tasks\MATLAB R2014a Startup Accelerator.job
2016-09-05 11:33 - 2016-09-05 11:33 - 00000906 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MATLAB R2014a.lnk
2016-09-05 11:33 - 2016-09-05 11:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MATLAB
2016-09-05 11:33 - 2016-09-05 11:33 - 00000000 ____D C:\ProgramData\MathWorks
2016-09-05 10:47 - 2016-09-11 16:25 - 00000000 ____D C:\Users\john\AppData\Roaming\Psiphon3
2016-09-04 00:04 - 2016-09-04 00:10 - 00000000 ____D C:\Users\john\Downloads\Video
2016-09-03 22:21 - 2016-09-03 22:18 - 00143995 _____ C:\Users\john\Downloads\d2.mat
2016-09-03 22:21 - 2016-09-03 22:18 - 00143995 _____ C:\Users\john\Downloads\d - Copy.mat
2016-09-03 22:18 - 2016-09-03 22:18 - 00143995 _____ C:\Users\john\Downloads\d.mat
2016-09-03 02:25 - 2016-09-03 02:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-09-02 21:42 - 2016-09-02 21:43 - 00148586 _____ C:\Users\john\Documents\Picasa.pdf
2016-09-02 21:41 - 2016-09-13 22:18 - 00000000 ____D C:\Users\john\Downloads\Telegram Desktop
2016-09-02 20:41 - 2016-09-02 20:41 - 00001142 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-09-02 15:09 - 2016-09-14 14:18 - 00000000 ____D C:\Users\john\Downloads\Compressed
2016-09-01 22:58 - 2016-09-01 22:58 - 01623442 _____ C:\Users\john\Documents\fatemehID.pdf
2016-09-01 22:16 - 2016-09-01 22:15 - 00319760 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2016-09-01 22:15 - 2016-09-01 22:15 - 00053208 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2016-08-29 23:32 - 2016-08-29 23:32 - 00000000 ____D C:\Users\john\AppData\Roaming\Canon
2016-08-29 23:05 - 2016-08-29 23:05 - 00000000 ___HD C:\WINDOWS\system32\CanonMF Uninstaller Information
2016-08-29 23:05 - 2016-08-29 23:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon
2016-08-29 23:05 - 2014-03-04 10:50 - 00338944 _____ (CANON INC.) C:\WINDOWS\system32\CNCC210.DLL
2016-08-29 23:05 - 2014-03-04 10:50 - 00138240 _____ (CANON INC.) C:\WINDOWS\system32\CNCE210.DLL
2016-08-29 23:05 - 2014-03-04 10:50 - 00112640 _____ (CANON INC.) C:\WINDOWS\system32\CNCL210.DLL
2016-08-29 23:05 - 2014-03-04 10:50 - 00112128 _____ (CANON INC.) C:\WINDOWS\system32\CNCLSD48b.DLL
2016-08-29 23:05 - 2014-03-04 10:50 - 00100352 _____ (CANON INC.) C:\WINDOWS\system32\CNCLSI48b.DLL
2016-08-29 23:05 - 2014-03-04 10:50 - 00090624 _____ (CANON INC.) C:\WINDOWS\system32\CNCLST48b.DLL
2016-08-29 23:05 - 2014-03-04 10:50 - 00082432 _____ (CANON INC.) C:\WINDOWS\system32\CNCI210.DLL
2016-08-29 23:05 - 2014-03-04 10:50 - 00073728 _____ (CANON INC.) C:\WINDOWS\system32\CNCLSC48b.DLL
2016-08-29 23:05 - 2014-03-04 10:50 - 00066560 _____ (CANON INC.) C:\WINDOWS\system32\CNCLSU48b.DLL
2016-08-29 23:05 - 2014-02-03 19:19 - 00000431 _____ C:\WINDOWS\system32\CNCMFP48.INI
2016-08-29 23:04 - 2016-08-29 23:04 - 00000000 ____D C:\Program Files\Canon
2016-08-29 22:16 - 2016-08-29 22:16 - 00000341 _____ C:\Users\john\Desktop\fg.ini
2016-08-29 19:36 - 2016-08-29 19:36 - 00000948 _____ C:\Users\john\Desktop\Folders - Shortcut.lnk
2016-08-29 19:31 - 2016-08-29 19:31 - 00000980 _____ C:\Users\john\Desktop\fg759p - Shortcut.lnk
2016-08-29 19:30 - 2016-09-15 17:36 - 00000000 ___RD C:\Users\john\Desktop\Shortcuts
2016-08-29 11:26 - 2016-08-29 11:26 - 00000000 ____D C:\Users\john\AppData\Local\Chromium
2016-08-29 11:11 - 2016-08-29 11:11 - 00000000 ____D C:\Users\john\AppData\Local\IsolatedStorage
2016-08-29 11:09 - 2016-09-15 02:01 - 00000000 ____D C:\Users\john\Documents\Blio
2016-08-29 10:59 - 2016-08-29 10:59 - 00000000 ____D C:\Users\Public\Blio
2016-08-29 10:52 - 2016-08-29 10:52 - 00000000 ____D C:\Users\john\Documents\My Digital Editions
2016-08-22 11:43 - 2016-08-22 23:18 - 00000006 _____ C:\Users\john\AppData\Roaming\SmartDiarySuite.dic-sds
2016-08-22 11:42 - 2016-08-22 11:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Diary Suite 4
2016-08-21 20:06 - 2016-08-21 20:06 - 00000000 ____D C:\Users\john\AppData\Local\Doist_Ltd
2016-08-21 20:05 - 2016-08-21 20:05 - 00000000 ____D C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Todoist
2016-08-21 20:05 - 2016-08-21 20:05 - 00000000 ____D C:\Users\john\AppData\Local\Todoist
2016-08-20 13:31 - 2016-08-20 13:31 - 00012362 ____H C:\Users\john\Desktop\~WRL0005.tmp
2016-08-20 12:14 - 2016-08-20 12:14 - 00001041 _____ C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Temp File Cleaner.lnk
2016-08-20 12:14 - 2016-08-20 12:14 - 00000000 ____D C:\Users\john\AppData\Roaming\addpcs
2016-08-20 12:14 - 2016-08-20 12:14 - 00000000 ____D C:\Program Files\Temp File Cleaner
2016-08-18 16:49 - 2016-08-18 16:49 - 00000728 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anki.lnk
2016-08-18 16:49 - 2016-08-18 16:49 - 00000716 _____ C:\Users\Guest\Desktop\Anki.lnk
2016-08-18 16:49 - 2016-08-18 16:49 - 00000716 _____ C:\Users\Administrator\Desktop\Anki.lnk
2016-08-18 16:49 - 2016-08-18 16:49 - 00000000 ____D C:\Program Files\Anki
2016-08-17 10:53 - 2016-09-05 11:37 - 00000000 ____D C:\Users\john\AppData\Local\MathWorks
2016-08-17 10:53 - 2016-08-17 10:53 - 00000000 ____D C:\Users\john\AppData\Roaming\Subversion
2016-08-17 10:47 - 2016-08-17 10:47 - 00000000 ____D C:\Users\john\AppData\Roaming\MathWorks
2016-08-17 08:52 - 2016-08-17 08:52 - 00000000 ____D C:\Users\john\AppData\Local\VS Revo Group
2016-08-17 08:52 - 2016-08-17 08:52 - 00000000 ____D C:\ProgramData\VS Revo Group
2016-08-17 08:52 - 2016-08-17 08:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2016-08-17 08:52 - 2009-12-30 10:21 - 00027192 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys
2016-08-16 20:37 - 2004-09-06 09:05 - 00645120 _____ C:\WINDOWS\system32\config.gms


==================== One Month Modified files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2016-09-15 17:56 - 2013-08-22 12:35 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-09-15 17:54 - 2016-07-15 15:49 - 00000908 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-09-15 17:37 - 2014-04-11 07:13 - 00799478 _____ C:\WINDOWS\system32\prfh0816.dat
2016-09-15 17:37 - 2014-04-11 07:13 - 00164812 _____ C:\WINDOWS\system32\prfc0816.dat
2016-09-15 17:37 - 2014-03-18 12:31 - 01816356 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-09-15 17:37 - 2013-08-22 10:51 - 00000000 ____D C:\WINDOWS\inf
2016-09-15 17:36 - 2016-07-15 15:30 - 00000000 ____D C:\Users\john\AppData\Roaming\IDM
2016-09-15 17:34 - 2016-02-07 03:01 - 00000000 ____D C:\Users\john\Documents\Anki
2016-09-15 17:33 - 2016-02-07 03:15 - 00000000 ___RD C:\Users\john\Dropbox
2016-09-15 17:32 - 2016-07-15 15:49 - 00000904 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-09-15 17:32 - 2016-07-10 02:11 - 00000906 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-15 17:32 - 2016-02-07 02:51 - 00000000 __RDO C:\Users\john\OneDrive
2016-09-15 17:30 - 2013-08-22 11:53 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-09-15 17:29 - 2013-08-22 10:43 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-09-15 17:27 - 2013-08-22 11:52 - 00362144 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-09-15 17:24 - 2013-08-22 12:47 - 00000000 ____D C:\WINDOWS\MediaViewer
2016-09-15 17:24 - 2013-08-22 12:47 - 00000000 ____D C:\WINDOWS\FileManager
2016-09-15 17:24 - 2013-08-22 12:47 - 00000000 ____D C:\WINDOWS\Camera
2016-09-15 17:24 - 2013-08-22 10:51 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-09-15 17:23 - 2016-07-10 04:06 - 00000000 ____C C:\WINDOWS\system32\MRT.exe
2016-09-15 17:22 - 2016-07-10 02:11 - 00000910 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-15 15:11 - 2013-08-22 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-09-15 14:50 - 2013-08-22 12:47 - 00000000 ___RD C:\WINDOWS\ToastData
2016-09-15 14:32 - 2016-08-06 10:57 - 00000000 ____D C:\Users\john\AppData\Roaming\GoldenDict
2016-09-15 14:32 - 2016-07-10 02:13 - 00000000 ____D C:\Users\john\AppData\Roaming\Everything
2016-09-15 11:46 - 2016-07-10 02:34 - 00000000 ____D C:\ProgramData\Foxit Software
2016-09-14 14:21 - 2016-07-15 15:30 - 00000000 ____D C:\Users\john\AppData\Roaming\DMCache
2016-09-14 12:04 - 2016-07-15 15:19 - 00000000 ____D C:\Users\john\AppData\Roaming\Telegram Desktop
2016-09-14 10:09 - 2016-04-17 06:25 - 00000000 ____D C:\Users\john\Documents\MATLAB
2016-09-13 22:16 - 2016-07-10 03:20 - 00735488 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2016-09-13 22:14 - 2016-07-16 21:12 - 00000000 ____D C:\Users\john\AppData\Roaming\vlc
2016-09-13 10:33 - 2016-02-18 20:33 - 00000000 ____D C:\Users\john\Documents\OneNote Notebooks
2016-09-09 00:33 - 2016-08-07 19:02 - 00000000 ____D C:\Users\Guest\AppData\Local\Google
2016-09-08 19:32 - 2016-07-17 12:13 - 00000000 ____D C:\WINDOWS\Downloaded Installations
2016-09-08 19:32 - 2013-08-22 12:47 - 00000000 ____D C:\WINDOWS\system32\MsDtc
2016-09-08 16:29 - 2016-07-15 15:20 - 00000000 ____D C:\Users\john\AppData\Roaming\TeamViewer
2016-09-07 05:41 - 2016-07-10 10:45 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-09-07 05:41 - 2016-07-10 10:45 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-09-04 17:56 - 2016-02-07 02:22 - 00000000 ____D C:\Users\john\AppData\Local\Packages
2016-09-03 02:25 - 2016-07-15 15:49 - 00000000 ____D C:\Program Files\Dropbox
2016-09-02 20:15 - 2014-04-11 06:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2016-09-02 20:15 - 2014-04-11 06:40 - 00000000 ____D C:\Program Files\ASUS
2016-09-01 22:15 - 2016-07-10 03:20 - 00434144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2016-09-01 22:15 - 2016-07-10 03:20 - 00224616 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2016-09-01 22:15 - 2016-07-10 03:20 - 00118664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2016-09-01 22:15 - 2016-07-10 03:20 - 00092256 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2016-09-01 22:15 - 2016-07-10 03:20 - 00091232 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2016-09-01 22:15 - 2016-07-10 03:20 - 00060424 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2016-09-01 22:15 - 2016-07-10 03:20 - 00035096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2016-09-01 22:15 - 2016-07-10 03:20 - 00034008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2016-08-29 23:15 - 2013-08-22 12:47 - 00000000 __RSD C:\WINDOWS\Media
2016-08-29 11:13 - 2013-08-22 12:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-08-27 11:16 - 2016-02-08 13:43 - 00000000 ____D C:\Users\john\Documents\Custom Office Templates
2016-08-27 08:27 - 2016-07-15 15:18 - 00000000 ____D C:\Users\john\AppData\Roaming\qBittorrent
2016-08-24 11:40 - 2016-07-15 15:20 - 00000000 ____D C:\Program Files\TeamViewer
2016-08-24 03:19 - 2016-07-10 04:06 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-22 20:55 - 2016-08-08 17:05 - 00002849 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-08-22 13:36 - 2016-07-07 14:55 - 00000000 ____D C:\Users\john
2016-08-21 19:45 - 2016-07-10 03:08 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.1
2016-08-18 16:04 - 2016-07-15 15:20 - 00000943 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk


==================== Files in the root of some directories =======


2016-08-22 11:43 - 2016-08-22 23:18 - 0000006 _____ () C:\Users\john\AppData\Roaming\SmartDiarySuite.dic-sds
2016-08-07 10:54 - 2016-08-07 10:54 - 0004933 _____ () C:\ProgramData\pqoxeahx.aem
2014-04-11 06:40 - 2012-07-30 10:33 - 0000217 _____ () C:\ProgramData\SetStretch.cmd
2014-04-11 06:40 - 2009-07-22 14:34 - 0024576 _____ () C:\ProgramData\SetStretch.exe


Some zero byte size files/folders:
==========================
C:\Windows\System32\MRT.exe


==================== Bamital & volsnap =================


(There is no automatic fix for files that do not pass verification.)


C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed




LastRegBack: 2016-09-15 14:48


==================== End of FRST.txt ============================
 
Last edited by a moderator:

My Computer

System One

  • OS
    8.1
How much space is system restore taking there seems to be a task that keeps saving it that can take up gigs? Is window's genuine as there is a pirate activator running which is only used for window's or office.
 

My Computer

System One

  • OS
    win 8 pro
Code:
[B][SIZE=5][U]ZOEK

[/U][/SIZE][/B]

Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by john on Thu 09/15/2016 at 18:05:07.86.
Microsoft Windows 8.1 6.3.9600  x86
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\john\Desktop\zoek.exe [Scan all users] [Script inserted] 


==== Older Logs ======================


C:\zoek-results2016-09-08-211402.log    9739 bytes


==== System Restore Info ======================


9/15/2016 6:06:07 PM Zoek.exe System Restore Point Created Successfully.


==== Reset Hosts File ======================


# Copyright (c) 1993-2006 Microsoft Corp. 
# 
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows. 
# 
# This file contains the mappings of IP addresses to host names. Each 
# entry should be kept on an individual line. The IP address should 
# be placed in the first column followed by the corresponding host name. 
# The IP address and the host name should be separated by at least one 
# space. 
# 
# Additionally, comments (such as these) may be inserted on individual 
# lines or following the machine name denoted by a '#' symbol. 
# 
# For example: 
# 
#      102.54.94.97     rhino.acme.com          # source server 
#       38.25.63.10     x.acme.com              # x client host 
 
127.0.0.1       localhost 


==== Empty Folders Check ======================


C:\PROGRA~2\IDM deleted successfully
C:\Users\Guest\AppData\Local\Google deleted successfully
C:\Users\Guest\AppData\Local\VirtualStore deleted successfully


==== Deleting CLSID Registry Keys ======================




==== Deleting CLSID Registry Values ======================




==== Deleting Services ======================




==== Batch Command(s) Run By Tool======================




==== Deleting Files \ Folders ======================


C:\Users\Guest\AppData\Local\Temporary Internet Files deleted


==== Firefox Extensions Registry ======================


[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"web2pdfextension@web2pdf.adobedotcom"="D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn" [07/27/2016 07:40 PM]


==== Chromium Look ======================


HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
efaidnbmnnnibpcajpcglclefindmkaj - D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx[09/23/2012 08:43 PM]
eofcbnmajmjmplflapaojjnihcjkigck - No path found[]
gomekmidlodglbbmalcneegieacbdmki - No path found[]
ngpampappnmepgilojfohadhhmbhlaek - C:\Program Files\Internet Download Manager\IDMGCExt.crx[06/09/2016 09:18 PM]
ohgndokldibnndfnjnagojmheejlengn - No path found[]


C&C - john\AppData\Local\Google\Chrome\User Data\Default\Extensions\caplfhpahpkhhckglldpmdmjclabckhc
OneTab - john\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall
Avast SafePrice - john\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Morphine - john\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbnpehpbojenlldmfcopeajkichnnjpo
Notepad - john\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffbhefmlcoihbjcmibbfkocmnaiacinp
Avast Online Security - john\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Checker Plus for Google Calendar™ - john\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkhggnncdpfibdhinjiegagmopldibha
Spreed - speed read the web - john\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipikiaejjblmdopojhpejjmbedhlibno
Simple Notepad - john\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfjclcfpbfhdmikhohhjacgdmndneckj
Progress Bar Timer - john\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmnlbapfmmoaehepmgbkgfcgpddlhbko
Prioritab - john\AppData\Local\Google\Chrome\User Data\Default\Extensions\napbejkndjhcciibiglkimmgdlfjcbnp
IDM Integration Module - john\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek
Save to Pocket - john\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj
Citavi Picker - john\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgndokldibnndfnjnagojmheejlengn
Readability - john\AppData\Local\Google\Chrome\User Data\Default\Extensions\oknpjjbmpnndlpmnhmekjpocelpnlfdi
latest - john\AppData\Local\Google\Chrome\User Data\Default\Extensions\olkajbcicgbkoefeclmjjbdhidnnmgkh
Browsec - john\AppData\Local\Google\Chrome\User Data\Default\Extensions\omghfjlpggmjjaagoclmmobgdodcjboh
SiteBlock - john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfglnpdpgmecffbejlfgpnebopinlclj
Chrome Media Router - john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm


==== Chromium Fix ======================


C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_toolbar.yahoo.com_0.localstorage deleted successfully
C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_toolbar.yahoo.com_0.localstorage-journal deleted successfully
C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully
C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully
C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully
C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully


==== Set IE to Default ======================


Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://asus13.msn.com/?pc=ASJB"


New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://asus13.msn.com/?pc=ASJB"


==== All HKCU SearchScopes ======================


HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASJB"


==== Reset Google Chrome ======================


C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully


==== Reset IE Proxy ======================


Value(s) before fix:
"ProxyEnable"=dword:00000000


Value(s) after fix:
"ProxyEnable"=dword:00000000


==== Empty IE Cache ======================


C:\Users\Guest\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\john\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\john\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Guest\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\john\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\john\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully


==== Empty FireFox Cache ======================


No FireFox Profiles found


==== Empty Chrome Cache ======================


C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully


==== Empty All Flash Cache ======================


Flash Cache Emptied Successfully


==== Empty All Java Cache ======================


No Java Cache Found


==== C:\zoek_backup content ======================


C:\zoek_backup (files=95 folders=48 23527592 bytes)


==== Empty Temp Folders ======================


C:\Users\Administrator\AppData\Local\Temp emptied successfully
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Guest\AppData\Local\Temp emptied successfully
C:\Users\john\AppData\Local\Temp will be emptied at reboot
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot


==== After Reboot ======================


==== Empty Temp Folders ======================


C:\WINDOWS\Temp successfully emptied
C:\Users\john\AppData\Local\Temp successfully emptied


==== Empty Recycle Bin ======================


C:\$RECYCLE.BIN successfully emptied


==== EOF on Thu 09/15/2016 at 19:09:48.12 ======================
 
Last edited by a moderator:

My Computer

System One

  • OS
    8.1
How much space is system restore taking there seems to be a task that keeps saving it that can take up gigs? Is window's genuine as there is a pirate activator running which is only used for window's or office.

It's genuine. Exactly, something starts taking space the minute I turn on the PC and it decreases my capacity so much that even if I'm doing absolutely nothing on my computer I will have to reboot because theres only a few hundred Kb left.
 

My Computer

System One

  • OS
    8.1
How much space is system restore taking there seems to be a task that keeps saving it that can take up gigs? Is window's genuine as there is a pirate activator running which is only used for window's or office.

It's genuine. System restore point is disabled so it's taking no space.

Exactly, something begins to fill my space as soon as I turn on the computer. Even if I'm doing absolutely nothing on my computer (I've left it on) it takes up all the space and leaves just 600 kb or less. So I have to reboot it after a couple of hours.
 

My Computer

System One

  • OS
    8.1
It's been 3 hours and a half and eScan Av still hasn't finished scanning a 32 Gb drive. I don't think this is normal. Also, my space has shrunk to 28 mb and I think that's whats keeping eScan from working.
 

My Computer

System One

  • OS
    8.1
System restore is running as a task and failing due to lack of space

Error: (09/15/2016 05:22:53 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\WINDOWS\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x8004231f).


Error: (09/15/2016 03:11:23 PM) (Source: System Restore) (User: )
Description: The scheduled restore point could not be created. Additional information: (0x80070070)

You have 2 cracks running to get around activation of office or windows there is no other reason to have these running

KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - )
Service_KMS.exe 2352 Services 0 18,244 K

Everything could be filling its index on the disk
Everything REG_SZ "C:\Program Files\Everything\Everything.exe" -startup

Avast is running a backup every day as a task that can do it remove

backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-07-10] (AVAST Software)

Torrent can take up a lot of room
qBittorrent 3.3.5 (HKLM\...\qBittorrent) (Version: 3.3.5 - The qBittorrent project)
 

My Computer

System One

  • OS
    win 8 pro
"...Everything could be filling its index on the disk; Everything REG_SZ "C:\Program Files\Everything\Everything.exe" -startup.." This has got to go! Everything, like Windows Index, creates massive directories. Get rid of this, delete all the created directories [unless uninstall does it for you]. Download, install, use FileSeek free or pro version.
 
Last edited:

My Computer

System One

  • OS
    Windows 7 Pro 64bit [MS blue-disk set]
    Computer type
    PC/Desktop
    System Manufacturer/Model
    2 Acers & 1 Antec[?]
    CPU
    i7 in 2 Acers, i5 in desktop
    Motherboard
    Desktop w/Gigabyte
    Memory
    Two w/16GB, 1 w/8GB
    Graphics Card(s)
    Laptops GameWorthy; Desktop maybe GameWorthy
    Monitor(s) Displays
    flatscreens; 2 are BluRay worthy
    Screen Resolution
    1368x768; 1600x900
    Hard Drives
    1TB internals; 2 ext usb WD 1TB HDs
    PSU
    what's PSU?
    Cooling
    Regular plus external fans
    Keyboard
    desktio w/PS2
    Mouse
    desktop w/PS2
    Internet Speed
    DSL middle level [160?]
    Browser
    from Netscape 0.9 to FF 36
    Antivirus
    well-balanced, well-configured mult-layered defense is best
    Other Info
    From MS-DOS 3.3, MS-DOS 6.22, from Windows 3.1 to WFW 3.11 to Windows 95-98SE, now to Windows 7 Pro.
    Security for now: Windows 7 Firewall, Emsisoft AM, MSE [scan-only], SpywareBlaster, Ruiware/BillP combine
"...Avast is running a backup every day as a task that can do it remove; backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-07-10] (AVAST Software)..." What kind of backup routine is Avast using?What kind of backup files are being created? Where are the backups being stored? A question: pretend Windows is completely broken - no load/no startup; how do you access the Avast-created backup files and restore?
[I amended my comments.]
 
Last edited:

My Computer

System One

  • OS
    Windows 7 Pro 64bit [MS blue-disk set]
    Computer type
    PC/Desktop
    System Manufacturer/Model
    2 Acers & 1 Antec[?]
    CPU
    i7 in 2 Acers, i5 in desktop
    Motherboard
    Desktop w/Gigabyte
    Memory
    Two w/16GB, 1 w/8GB
    Graphics Card(s)
    Laptops GameWorthy; Desktop maybe GameWorthy
    Monitor(s) Displays
    flatscreens; 2 are BluRay worthy
    Screen Resolution
    1368x768; 1600x900
    Hard Drives
    1TB internals; 2 ext usb WD 1TB HDs
    PSU
    what's PSU?
    Cooling
    Regular plus external fans
    Keyboard
    desktio w/PS2
    Mouse
    desktop w/PS2
    Internet Speed
    DSL middle level [160?]
    Browser
    from Netscape 0.9 to FF 36
    Antivirus
    well-balanced, well-configured mult-layered defense is best
    Other Info
    From MS-DOS 3.3, MS-DOS 6.22, from Windows 3.1 to WFW 3.11 to Windows 95-98SE, now to Windows 7 Pro.
    Security for now: Windows 7 Firewall, Emsisoft AM, MSE [scan-only], SpywareBlaster, Ruiware/BillP combine
Back
Top