Windows 8 and 8.1 Forums


C gone bonkers; no stable free space

  1. #1

    C gone bonkers; no stable free space


    C has gone completely bonkers. It has lost all it's free capacity (which was 1.5 Gb) and went all the way down to 0 kb. There's nothing I can do about it and nothing will change it. Disk clean shows 132 mb of temporary files but won't remove it. I manually removed 100 mb of files but it was ineffective- there's still just 500 kb free space only. My desktop has gone black. With every refresh C capacity changes. It goes from 500 kb, to 3 mb, to 1.7 mb, to 30 mb, back to 700 kb, and again up to 11 mb etc. with every refresh coming immediately after the previous refresh. It's crazy and it won't go up.

    Tempfile cleaner doesn't find anything to clean
    Antivirus hasn't found a virus
    Disk Clean won't clean the 132 mb it claims to be temporary files (it should be way more)
    Shutting down the computer for long periods has done nothing
    Manually deleting files from C won't add to its free capacity

    I really don't understand.

      My System SpecsSystem Spec

  2. #2


    Update: After one of the reboots, which took longer than usual, C now has 1 Gb but the space has already begun fluctuating, sometimes losing 200 mb in a couple of seconds, and then adding another 100, but overall it's going down.
      My System SpecsSystem Spec

  3. #3


    Try uncleaner it finds things others don't Google it I am on phone can't post link. Have you got any files for win10 upgrade it may have downloaded as that can be a few gig failing that you may have a backup or something running check startup items
      My System SpecsSystem Spec

  4. #4


    Quote Originally Posted by samuria View Post
    Try uncleaner it finds things others don't Google it I am on phone can't post link. Have you got any files for win10 upgrade it may have downloaded as that can be a few gig failing that you may have a backup or something running check startup items
    Thank you Samuria,

    Here's a link for anyone who needs it. Interesting software, nice design, and found an additional 100 mb after I used Ccleaner. It seems that Ccleaner fixed the registry and now it's relevantly stable, with 1.5 Gb back again. But it's still fluctuating in what seems to me to be incredible numbers i.e. 200 mb, and I don't get why that's happening!?
      My System SpecsSystem Spec

  5. #5


    Run first two scans PCHF System Scans post results
      My System SpecsSystem Spec

  6. #6


    Quote Originally Posted by samuria View Post
    Run first two scans PCHF System Scans post results
    Code:
    
    AdwCleaner:
    
    
    # AdwCleaner v6.020 - Logfile created 15/09/2016 at 17:41:35
    # Updated on 14/09/2016 by ToolsLib
    # Database : 2016-09-14.2 [Server]
    # Operating System : Windows 8.1  (X86)
    # Username : john - SNTODAY
    # Running from : C:\Users\john\Desktop\adwcleaner_6.020.exe
    # Mode: Scan
    # Support : https://toolslib.net/forum
    
    
    
    
    
    
    ***** [ Services ] *****
    
    
    No malicious services found.
    
    
    
    
    ***** [ Folders ] *****
    
    
    No malicious folders found.
    
    
    
    
    ***** [ Files ] *****
    
    
    No malicious files found.
    
    
    
    
    ***** [ DLL ] *****
    
    
    No malicious DLLs found.
    
    
    
    
    ***** [ WMI ] *****
    
    
    No malicious keys found.
    
    
    
    
    ***** [ Shortcuts ] *****
    
    
    No infected shortcut found.
    
    
    
    
    ***** [ Scheduled Tasks ] *****
    
    
    No malicious task found.
    
    
    
    
    ***** [ Registry ] *****
    
    
    No malicious registry entries found.
    
    
    
    
    ***** [ Web browsers ] *****
    
    
    No malicious Firefox based browser items found.
    No malicious Chromium based browser items found.
    
    
    *************************
    
    
    C:\AdwCleaner\AdwCleaner[C0].txt - [952 Bytes] - [08/09/2016 23:41:51]
    C:\AdwCleaner\AdwCleaner[S0].txt - [1120 Bytes] - [08/09/2016 23:40:53]
    C:\AdwCleaner\AdwCleaner[S1].txt - [1114 Bytes] - [15/09/2016 17:41:35]
    
    
    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1187 Bytes] ##########
    
    
    MINITOOLBOX
    
    
    MiniToolBox by Farbar  Version: 17-06-2016Ran by john (administrator) on 15-09-2016 at 17:49:08
    Running from "C:\Users\john\Desktop"
    Microsoft Windows 8.1  (X86)
    Model: T100TAS Manufacturer: ASUSTeK COMPUTER INC.
    Boot Mode: Normal
    ***************************************************************************
    
    
    ========================= Flush DNS: ===================================
    
    
    Windows IP Configuration
    
    
    Successfully flushed the DNS Resolver Cache.
    
    
    ========================= IE Proxy Settings: ============================== 
    
    
    Proxy is not enabled.
    No Proxy Server is set.
    
    
    "Reset IE Proxy Settings": IE Proxy Settings were reset.
    ========================= Hosts content: =================================
    127.0.0.1       localhost 
    ========================= IP Configuration: ================================
    
    
    Broadcom 802.11abgn Wireless SDIO Adapter = Wi-Fi (Connected)
    Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
    TeamViewer VPN Adapter = Local Area Connection (Media disconnected)
    
    
    
    
    # ----------------------------------
    # IPv4 Configuration
    # ----------------------------------
    pushd interface ipv4
    
    
    reset
    set global icmpredirects=enabled
    set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
    set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
    set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
    set interface interface="Local Area Connection* 3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
    set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
    set interface interface="other_1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
    set interface interface="Lenovo Easyplus Hotspot
    " forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
    set interface interface="Local Area Connection* 6" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
    
    
    
    
    popd
    # End of IPv4 configuration
    
    
    
    
    
    
    Windows IP Configuration
    
    
       Host Name . . . . . . . . . . . . : SNToday
       Primary Dns Suffix  . . . . . . . : 
       Node Type . . . . . . . . . . . . : Mixed
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
    
    
    Ethernet adapter Local Area Connection:
    
    
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : 
       Description . . . . . . . . . . . : TeamViewer VPN Adapter
       Physical Address. . . . . . . . . : 00-FF-83-6D-15-BD
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
    
    
    Wireless LAN adapter Lenovo Easyplus Hotspot
    :
    
    
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : 
       Description . . . . . . . . . . . : Microsoft Hosted Network Virtual Adapter
       Physical Address. . . . . . . . . : 78-24-AF-71-31-61
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
    
    
    Ethernet adapter Bluetooth Network Connection:
    
    
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : 
       Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
       Physical Address. . . . . . . . . : 78-24-AF-71-31-62
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
    
    
    Wireless LAN adapter Local Area Connection* 3:
    
    
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : 
       Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #2
       Physical Address. . . . . . . . . : 7A-24-AF-71-31-61
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
    
    
    Wireless LAN adapter Wi-Fi:
    
    
       Connection-specific DNS Suffix  . : 
       Description . . . . . . . . . . . : Broadcom 802.11abgn Wireless SDIO Adapter
       Physical Address. . . . . . . . . : 78-24-AF-71-31-61
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::dcbb:bf7a:2b3e:8f37%6(Preferred) 
       IPv4 Address. . . . . . . . . . . : 192.168.1.103(Preferred) 
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Lease Obtained. . . . . . . . . . : Thursday, September 15, 2016 5:30:31 PM
       Lease Expires . . . . . . . . . . : Sunday, September 18, 2016 5:30:30 PM
       Default Gateway . . . . . . . . . : 192.168.1.1
       DHCP Server . . . . . . . . . . . : 192.168.1.1
       DHCPv6 IAID . . . . . . . . . . . : 125314223
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-75-09-D7-9C-EB-E8-13-F9-98
       DNS Servers . . . . . . . . . . . : 192.168.1.1
       NetBIOS over Tcpip. . . . . . . . : Enabled
    
    
    Tunnel adapter Teredo Tunneling Pseudo-Interface:
    
    
       Connection-specific DNS Suffix  . : 
       Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:24ad:9c70:b080:b5c5(Preferred) 
       Link-local IPv6 Address . . . . . : fe80::24ad:9c70:b080:b5c5%10(Preferred) 
       Default Gateway . . . . . . . . . : ::
       DHCPv6 IAID . . . . . . . . . . . : 335544320
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-75-09-D7-9C-EB-E8-13-F9-98
       NetBIOS over Tcpip. . . . . . . . : Disabled
    
    
    Tunnel adapter isatap.{ED5A8691-112E-4B41-AD16-64AE84004562}:
    
    
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : 
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
    Server:  UnKnown
    Address:  192.168.1.1
    
    
    Name:    google.com
    Addresses:  2a00:1450:4001:81d::200e
          172.217.22.110
    
    
    
    
    Pinging google.com [172.217.21.206] with 32 bytes of data:
    Reply from 172.217.21.206: bytes=32 time=167ms TTL=49
    Reply from 172.217.21.206: bytes=32 time=113ms TTL=49
    
    
    Ping statistics for 172.217.21.206:
        Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 113ms, Maximum = 167ms, Average = 140ms
    Server:  UnKnown
    Address:  192.168.1.1
    
    
    Name:    yahoo.com
    Addresses:  2001:4998:c:a06::2:4008
          2001:4998:44:204::a7
          2001:4998:58:c02::a9
          98.138.253.109
          98.139.183.24
          206.190.36.45
    
    
    
    
    Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
    Reply from 206.190.36.45: bytes=32 time=271ms TTL=45
    Reply from 206.190.36.45: bytes=32 time=271ms TTL=45
    
    
    Ping statistics for 206.190.36.45:
        Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 271ms, Maximum = 271ms, Average = 271ms
    
    
    Pinging 127.0.0.1 with 32 bytes of data:
    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
    
    
    Ping statistics for 127.0.0.1:
        Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 0ms, Maximum = 0ms, Average = 0ms
    ===========================================================================
    Interface List
     16...00 ff 83 6d 15 bd ......TeamViewer VPN Adapter
     11...78 24 af 71 31 61 ......Microsoft Hosted Network Virtual Adapter
      8...78 24 af 71 31 62 ......Bluetooth Device (Personal Area Network)
      7...7a 24 af 71 31 61 ......Microsoft Wi-Fi Direct Virtual Adapter #2
      6...78 24 af 71 31 61 ......Broadcom 802.11abgn Wireless SDIO Adapter
      1...........................Software Loopback Interface 1
     10...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
     14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
    ===========================================================================
    
    
    IPv4 Route Table
    ===========================================================================
    Active Routes:
    Network Destination        Netmask          Gateway       Interface  Metric
              0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.103     25
            127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
            127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
      127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
          192.168.1.0    255.255.255.0         On-link     192.168.1.103    281
        192.168.1.103  255.255.255.255         On-link     192.168.1.103    281
        192.168.1.255  255.255.255.255         On-link     192.168.1.103    281
            224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
            224.0.0.0        240.0.0.0         On-link     192.168.1.103    281
      255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      255.255.255.255  255.255.255.255         On-link     192.168.1.103    281
    ===========================================================================
    Persistent Routes:
      None
    
    
    IPv6 Route Table
    ===========================================================================
    Active Routes:
     If Metric Network Destination      Gateway
     10    306 ::/0                     On-link
      1    306 ::1/128                  On-link
     10    306 2001::/32                On-link
     10    306 2001:0:9d38:90d7:24ad:9c70:b080:b5c5/128
                                        On-link
      6    281 fe80::/64                On-link
     10    306 fe80::/64                On-link
     10    306 fe80::24ad:9c70:b080:b5c5/128
                                        On-link
      6    281 fe80::dcbb:bf7a:2b3e:8f37/128
                                        On-link
      1    306 ff00::/8                 On-link
      6    281 ff00::/8                 On-link
     10    306 ff00::/8                 On-link
    ===========================================================================
    Persistent Routes:
      None
    ========================= Winsock entries =====================================
    
    
    Catalog5 01 C:\WINDOWS\system32\napinsp.dll [53760] (Microsoft Corporation)
    Catalog5 02 C:\WINDOWS\system32\pnrpnsp.dll [68096] (Microsoft Corporation)
    Catalog5 03 C:\WINDOWS\system32\pnrpnsp.dll [68096] (Microsoft Corporation)
    Catalog5 04 C:\WINDOWS\system32\NLAapi.dll [65536] (Microsoft Corporation)
    Catalog5 05 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
    Catalog5 06 C:\WINDOWS\system32\winrnr.dll [21504] (Microsoft Corporation)
    Catalog5 07 C:\WINDOWS\system32\wshbth.dll [51200] (Microsoft Corporation)
    Catalog9 01 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
    Catalog9 02 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
    Catalog9 03 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
    Catalog9 04 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
    Catalog9 05 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
    Catalog9 06 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
    Catalog9 07 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
    Catalog9 08 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
    Catalog9 09 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
    Catalog9 10 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
    Catalog9 11 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
    Catalog9 12 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
    Catalog9 13 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
    Catalog9 14 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
    Catalog9 15 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
    Catalog9 16 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
    Catalog9 17 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
    Catalog9 18 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
    Catalog9 19 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
    Catalog9 20 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
    Catalog9 21 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
    Catalog9 22 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
    Catalog9 23 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
    Catalog9 24 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
    Catalog9 25 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
    Catalog9 26 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
    Catalog9 27 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
    Catalog9 28 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
    Catalog9 29 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
    Catalog9 30 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
    Catalog9 31 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
    Catalog9 32 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
    Catalog9 33 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
    Catalog9 34 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
    Catalog9 35 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
    Catalog9 36 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
    Catalog9 37 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
    Catalog9 38 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
    Catalog9 39 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
    Catalog9 40 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
    Catalog9 41 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
    Catalog9 42 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
    Catalog9 43 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
    Catalog9 44 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
    Catalog9 45 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
    Catalog9 46 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
    Catalog9 47 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
    Catalog9 48 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
    Catalog9 49 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
    Catalog9 50 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
    Catalog9 51 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
    Catalog9 52 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
    Catalog9 53 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
    Catalog9 54 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
    Catalog9 55 C:\WINDOWS\system32\mswsock.dll [286208] (Microsoft Corporation)
    
    
    ========================= Event log errors: ===============================
    
    
    Application errors:
    ==================
    Error: (09/15/2016 05:37:00 PM) (Source: Application Error) (User: )
    Description: Faulting application name: chrome.exe, version: 52.0.2743.116, time stamp: 0x57a128a8
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x00000000
    Faulting process id: 0xd64
    Faulting application start time: 0xchrome.exe0
    Faulting application path: chrome.exe1
    Faulting module path: chrome.exe2
    Report Id: chrome.exe3
    Faulting package full name: chrome.exe4
    Faulting package-relative application ID: chrome.exe5
    
    
    Error: (09/15/2016 05:32:43 PM) (Source: DptfPolicyLpmService) (User: )
    Description: DptfPolicyLpmServiceServiceMainThread:  App specific mode was turned off, but timer was not running.
    
    
    Error: (09/15/2016 05:22:53 PM) (Source: System Restore) (User: )
    Description: Failed to create restore point (Process = C:\WINDOWS\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x8004231f).
    
    
    Error: (09/15/2016 03:11:23 PM) (Source: System Restore) (User: )
    Description: The scheduled restore point could not be created.  Additional information: (0x80070070).
    
    
    Error: (09/15/2016 03:11:23 PM) (Source: System Restore) (User: )
    Description: Failed to create restore point (Process = C:\WINDOWS\system32\srtasks.exe ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070070).
    
    
    Error: (09/15/2016 02:49:51 PM) (Source: VSS) (User: )
    Description: Volume Shadow Copy Service error: Volume/disk not connected or not found.
    Error context: CreateFileW(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1,0xc0000000,0x00000003,...).
    
    
    
    
    Operation:
       Processing PostFinalCommitSnapshots
    
    
    Context:
       Execution Context: System Provider
    
    
    Error: (09/15/2016 02:35:28 PM) (Source: DptfPolicyLpmService) (User: )
    Description: DptfPolicyLpmServiceServiceMainThread:  App specific mode was turned off, but timer was not running.
    
    
    Error: (09/15/2016 02:35:28 PM) (Source: DptfPolicyLpmService) (User: )
    Description: DptfPolicyLpmServiceServiceMainThread:  GetForegroundApplicationIndex() failed.
    
    
    Error: (09/15/2016 02:34:04 PM) (Source: System Restore) (User: )
    Description: Failed to create restore point (Process = C:\WINDOWS\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_9dfef83fe2e442e4\TiWorker.exe -Embedding; Description = Windows Modules Installer; Error = 0x8004231f).
    
    
    Error: (09/15/2016 02:33:50 PM) (Source: System Restore) (User: )
    Description: Failed to create restore point (Process = C:\WINDOWS\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x8004231f).
    
    
    
    
    System errors:
    =============
    Error: (09/15/2016 05:23:00 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Windows Malicious Software Removal Tool for Windows 8, 8.1 and 10 - September 2016 (KB890830).
    
    
    Error: (09/15/2016 05:22:53 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Microsoft Visio 2016 (KB3115494) 32-Bit Edition.
    
    
    Error: (09/15/2016 03:10:49 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Microsoft Office 2016 (KB3115495) 32-Bit Edition.
    
    
    Error: (09/15/2016 03:10:44 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Windows 8.1 (KB2965142).
    
    
    Error: (09/15/2016 03:10:44 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 8.1 (KB3177186).
    
    
    Error: (09/15/2016 03:10:44 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 8.1 (KB3178539).
    
    
    Error: (09/15/2016 02:49:51 PM) (Source: volsnap) (User: )
    Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    
    
    Error: (09/15/2016 02:35:09 PM) (Source: DCOM) (User: NT AUTHORITY)
    Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
    
    
    Error: (09/15/2016 02:34:17 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Microsoft Office 2016 (KB3115495) 32-Bit Edition.
    
    
    Error: (09/15/2016 02:34:17 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Windows 8.1 (KB2965142).
    
    
    
    
    Microsoft Office Sessions:
    =========================
    Error: (09/15/2016 05:37:00 PM) (Source: Application Error)(User: )
    Description: chrome.exe52.0.2743.11657a128a8unknown0.0.0.000000000c000000500000000d6401d20f5170d1eb88C:\Program Files\Google\Chrome\Application\chrome.exeunknown491dbe13-7b45-11e6-9746-7824af713162
    
    
    Error: (09/15/2016 05:32:43 PM) (Source: DptfPolicyLpmService)(User: )
    Description: DptfPolicyLpmServiceServiceMainThread:  App specific mode was turned off, but timer was not running.
    
    
    Error: (09/15/2016 05:22:53 PM) (Source: System Restore)(User: )
    Description: C:\WINDOWS\system32\svchost.exe -k netsvcsWindows Update0x8004231f
    
    
    Error: (09/15/2016 03:11:23 PM) (Source: System Restore)(User: )
    Description: 0x80070070
    
    
    Error: (09/15/2016 03:11:23 PM) (Source: System Restore)(User: )
    Description: C:\WINDOWS\system32\srtasks.exe ExecuteScheduledSPPCreationScheduled Checkpoint0x80070070
    
    
    Error: (09/15/2016 02:49:51 PM) (Source: VSS)(User: )
    Description: CreateFileW(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1,0xc0000000,0x00000003,...)
    
    
    Operation:
       Processing PostFinalCommitSnapshots
    
    
    Context:
       Execution Context: System Provider
    
    
    Error: (09/15/2016 02:35:28 PM) (Source: DptfPolicyLpmService)(User: )
    Description: DptfPolicyLpmServiceServiceMainThread:  App specific mode was turned off, but timer was not running.
    
    
    Error: (09/15/2016 02:35:28 PM) (Source: DptfPolicyLpmService)(User: )
    Description: DptfPolicyLpmServiceServiceMainThread:  GetForegroundApplicationIndex() failed.
    
    
    Error: (09/15/2016 02:34:04 PM) (Source: System Restore)(User: )
    Description: C:\WINDOWS\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_9dfef83fe2e442e4\TiWorker.exe -EmbeddingWindows Modules Installer0x8004231f
    
    
    Error: (09/15/2016 02:33:50 PM) (Source: System Restore)(User: )
    Description: C:\WINDOWS\system32\svchost.exe -k netsvcsWindows Update0x8004231f
    
    
    
    
    CodeIntegrity Errors:
    ===================================
      Date: 2016-09-15 17:30:10.237
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    
    
      Date: 2016-09-15 17:26:57.021
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    
    
      Date: 2016-09-15 14:34:45.690
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    
    
      Date: 2016-09-13 10:18:04.440
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    
    
      Date: 2016-09-10 14:03:59.221
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    
    
      Date: 2016-09-09 01:35:54.942
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    
    
      Date: 2016-09-08 23:42:48.471
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    
    
      Date: 2016-09-08 23:27:44.659
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    
    
      Date: 2016-09-08 16:23:02.143
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    
    
      Date: 2016-09-02 20:41:04.221
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    
    
    
    
    =========================== Installed Programs ============================
    
    
    Adobe Acrobat XI Pro (HKLM\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.00 - Adobe Systems)
    Anki (HKLM\...\Anki) (Version:  - )
    ANY-maze (HKLM\...\ANY-maze) (Version:  - Stoelting Co.)
    ASUS Live Update (HKLM\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.4.3 - ASUS)
    ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.3 - ASUS)
    ASUS Smart Gesture (HKLM\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.16 - ASUS)
    ATK Package (HKLM\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0033 - ASUS)
    Avast Free Antivirus (HKLM\...\Avast) (Version: 12.3.2280 - AVAST Software)
    Blio (HKLM\...\{7DBB61C8-34AD-4D60-BEE1-7F694B9A587A}) (Version: 3.1.9534 - K-NFB Reading Technology, Inc.)
    Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.93.99.187.1 - Broadcom Corporation)
    calibre (HKLM\...\{263E62B9-CB1E-4864-A8A7-37DEAC651484}) (Version: 2.63.0 - Kovid Goyal)
    Canon MF210 Series (HKLM\...\{14824AB4-17F5-4909-80AB-A7E24743A47C}) (Version: 4.5.0.0 - CANON INC.)
    Citavi 5 (HKLM\...\{7EB278FB-0C3C-445E-8665-4A6CDD9B794E}) (Version: 5.0.0.11 - Swiss Academic Software)
    Cyberoam General Authentication Client 2.1.2.7 (HKLM\...\{043251F4-DA3F-44E6-A903-0A9B9FB375B9}}_is1) (Version:  - Cyberoam Technologies Pvt. Ltd.)
    Dropbox (HKLM\...\Dropbox) (Version: 9.4.49 - Dropbox, Inc.)
    Dropbox Update Helper (HKLM\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.45.1 - Dropbox, Inc.) Hidden
    ePub Converter v2.7.109.352 (HKLM\...\ePub Converter v2.7.109.3522.7.109.352) (Version: 2.7.109.352 - Friends in War)
    EthoVision XT 11 (HKLM\...\{6F1198E3-A40C-4C59-B2FC-9A430B36D9AD}) (Version: 11.0.928 - Noldus Information Technology bv)
    Everything 1.3.4.686 (x86) (HKLM\...\Everything) (Version:  - )
    Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 8.0.0.624 - Foxit Software Inc.)
    GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
    GoldenDict (HKLM\...\GoldenDict) (Version:  - )
    Google Chrome (HKLM\...\{FD78FCBB-B20E-370E-BA1C-FE6886D4214F}) (Version: 52.0.2743.116 - Google, Inc.)
    Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.31.5 - Google Inc.) Hidden
    GraphPad Prism 6 (Trial) (HKLM\...\{E2D64D20-54B1-11E1-72AE-0169BBF12CD6}) (Version: 6.07 - GraphPad Software)
    Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
    Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3417 - Intel Corporation)
    Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
    Internet Download Manager (HKLM\...\Internet Download Manager) (Version:  - Tonec Inc.)
    KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version:  - )
    MATLAB R2014a (HKLM\...\Matlab R2014a) (Version: 8.3 - The MathWorks, Inc.)
    Metric Collection SDK 35 (HKLM\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0006.00 - Lenovo Group Limited) Hidden
    Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Preview Redistributable (x86) - 12.0.20617 (HKLM\...\{1f407217-9aec-4146-8504-e64ac959c534}) (Version: 12.0.20617.1 - Microsoft Corporation)
    Noldus HardwareInterface Iobox 3.0.12 (HKLM\...\{515A24CA-6F55-44F6-94F1-F39BA91DA19E}) (Version: 3.0.12 - Noldus Information Technology bv)
    Noldus HardwareInterface MiniIobox 3.0.16 (HKLM\...\{705C9773-3987-45C8-B326-BB8D911A571B}) (Version: 3.0.16 - Noldus Information Technology bv)
    Noldus MainConcept Codec Package 8.5 (HKLM\...\{5DA40F7A-56E2-4F77-B37C-5C8092BA249B}) (Version: 8.5.30 - Noldus Information Technology bv)
    Noldus MainConcept Encoder Package 7.5 (HKLM\...\{6DF93DFB-24DA-48F9-8C73-E3A35F79107E}) (Version: 7.5.4 - Noldus Information Technology bv)
    Noldus MediaLooks A/V Filters 3.2 (HKLM\...\{505F9AC2-C8AD-4E17-98AE-B5CF4D1F2D21}) (Version: 3.2.00 - Noldus Information Technology bv)
    Noldus RBRMInterface (HKLM\...\{EDB651A9-DB41-49D3-97BB-021C1F290839}) (Version: 1.0.8 - Noldus Information Technology bv)
    Noldus Resizer Filter 12.0.2 (HKLM\...\{53C62640-01F0-4A8D-9FD9-47D2EEB08945}) (Version: 12.0.2 - Noldus Information Technology bv)
    OpenControl - Tracking Only v1.2 (HKLM\...\OpenControl-TrackingOnly_is1) (Version:  - Paulo Aguiar paguiar@ibmc.up.pt)
    Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
    Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9.140.248 - Google, Inc.)
    qBittorrent 3.3.5 (HKLM\...\qBittorrent) (Version: 3.3.5 - The qBittorrent project)
    Realtek I2S Audio (HKLM\...\{89A448AA-3301-46AA-AFC3-34F2D7C670E8}) (Version: 6.2.9600.4087 - Realtek Semiconductor Corp.)
    Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
    Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
    SafeZone Stable 1.51.2220.53 (HKLM\...\SafeZone 1.51.2220.53) (Version: 1.51.2220.53 - Avast Software) Hidden
    Sandboxie 5.12 (32-bit) (HKLM\...\Sandboxie) (Version: 5.12 - Sandboxie Holdings, LLC)
    Sentinel Runtime (HKLM\...\{2A414CBE-CDF3-48C6-A91B-D3D4522F8EB5}) (Version: 6.60.1.36770 - SafeNet Inc.)
    SHAREit (HKLM\...\SHAREit_is1) (Version: 3.3.0.1103 - Lenovo)
    Smart Diary Suite 4 (HKLM\...\{4E0B21EE-F414-412A-B916-19CBDEA5EF64}_is1) (Version:  - Programming Sunrise)
    Smart v3.0.05 (HKLM\...\{13782DCB-22E7-4F72-8BF9-4B059D8599EA}_is1) (Version: 3.0.5.2902 - Panlab Harvard Apparatus)
    SugarSync (HKLM\...\SugarSync) (Version: 3.7.2.7.144324 - SugarSync, Inc.)
    TeamViewer 11 (HKLM\...\TeamViewer) (Version: 11.0.64630 - TeamViewer)
    Telegram Desktop version 0.10.1 (HKCU\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 0.10.1 - Telegram Messenger LLP)
    Temp File Cleaner (HKLM\...\Temp File Cleaner) (Version: 4.4.0 - Addpcs, LLC)
    Todoist (HKCU\...\{B1B3C79A-FFD9-4B28-A456-62B6E55E2A5C}_is1) (Version: 2.7.6.0 - Doist Ltd.)
    UnCleaner (HKLM\...\UnCleaner) (Version: 1.7 - Josh Cell Softwares Corporation)
    Update for Skype for Business 2016 (KB3118288) 32-Bit Edition (HKLM\...\{90160000-0011-0000-0000-0000000FF1CE}_Office16.PROPLUS_{736AF69B-309B-4C1E-A1E7-202FF8CCA0CD}) (Version:  - Microsoft)
    Update for Skype for Business 2016 (KB3118288) 32-Bit Edition (HKLM\...\{90160000-012B-0409-0000-0000000FF1CE}_Office16.PROPLUS_{736AF69B-309B-4C1E-A1E7-202FF8CCA0CD}) (Version:  - Microsoft)
    VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
    WebStorage (HKLM\...\WebStorage) (Version: 2.1.2.301 - ASUS Cloud Corporation)
    WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version:  - )
    Windows 10 Upgrade Assistant (HKLM\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17332 - Microsoft Corporation)
    Windows Driver Package - ASUS (AsusHID) Mouse  (03/17/2014 3.0.0.27) (HKLM\...\A2E56402A9DA7D645E15F917A8AD8C50FDC80753) (Version: 03/17/2014 3.0.0.27 - ASUS)
    WinFlash (HKLM\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
    WinRAR 5.31 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
    Xilisoft PDF to EPUB Converter (HKLM\...\Xilisoft PDF to EPUB Converter) (Version: 1.0.1.0927 - Xilisoft)
    Xvid Video Codec (HKLM\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
    
    
    ========================= Devices: ================================
    
    
    
    
    ========================= Memory info: ===================================
    
    
    Percentage of memory in use: 69%
    Total physical RAM: 1933.14 MB
    Available physical RAM: 587.88 MB
    Total Virtual: 2260.77 MB
    Available Virtual: 587.09 MB
    
    
    ========================= Partitions: =====================================
    
    
    1 Drive c: (OS) (Fixed) (Total:20.9 GB) (Free:0.31 GB) NTFS
    2 Drive d: () (Removable) (Total:28.97 GB) (Free:3.9 GB) FAT32
    3 Drive e: (Data1) (Fixed) (Total:465.76 GB) (Free:195.17 GB) NTFS
    
    
    ========================= Users: ========================================
    
    
    User accounts for \\SNTODAY
    
    
    Administrator            Guest                    john                     
    
    
    ========================= Minidump Files ==================================
    
    
    No minidump file found
    
    
    ========================= Restore Points ==================================
    
    
    
    
    **** End of log ****
    
    Wireless test tool
    
    
    
    Windows IP Configuration
    
    
       Host Name . . . . . . . . . . . . : SNToday
       Primary Dns Suffix  . . . . . . . : 
       Node Type . . . . . . . . . . . . : Mixed
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
    
    
    Ethernet adapter Local Area Connection:
    
    
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : 
       Description . . . . . . . . . . . : TeamViewer VPN Adapter
       Physical Address. . . . . . . . . : 00-FF-83-6D-15-BD
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
    
    
    Wireless LAN adapter Lenovo Easyplus Hotspot
    :
    
    
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : 
       Description . . . . . . . . . . . : Microsoft Hosted Network Virtual Adapter
       Physical Address. . . . . . . . . : 78-24-AF-71-31-61
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
    
    
    Ethernet adapter Bluetooth Network Connection:
    
    
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : 
       Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
       Physical Address. . . . . . . . . : 78-24-AF-71-31-62
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
    
    
    Wireless LAN adapter Local Area Connection* 3:
    
    
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : 
       Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #2
       Physical Address. . . . . . . . . : 7A-24-AF-71-31-61
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
    
    
    Wireless LAN adapter Wi-Fi:
    
    
       Connection-specific DNS Suffix  . : 
       Description . . . . . . . . . . . : Broadcom 802.11abgn Wireless SDIO Adapter
       Physical Address. . . . . . . . . : 78-24-AF-71-31-61
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::dcbb:bf7a:2b3e:8f37%6(Preferred) 
       IPv4 Address. . . . . . . . . . . : 192.168.1.103(Preferred) 
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Lease Obtained. . . . . . . . . . : Thursday, September 15, 2016 5:30:31 PM
       Lease Expires . . . . . . . . . . : Sunday, September 18, 2016 5:30:30 PM
       Default Gateway . . . . . . . . . : 192.168.1.1
       DHCP Server . . . . . . . . . . . : 192.168.1.1
       DHCPv6 IAID . . . . . . . . . . . : 125314223
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-75-09-D7-9C-EB-E8-13-F9-98
       DNS Servers . . . . . . . . . . . : 192.168.1.1
       NetBIOS over Tcpip. . . . . . . . : Enabled
    
    
    Tunnel adapter Teredo Tunneling Pseudo-Interface:
    
    
       Connection-specific DNS Suffix  . : 
       Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:24ad:9c70:b080:b5c5(Preferred) 
       Link-local IPv6 Address . . . . . : fe80::24ad:9c70:b080:b5c5%10(Preferred) 
       Default Gateway . . . . . . . . . : ::
       DHCPv6 IAID . . . . . . . . . . . : 335544320
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-75-09-D7-9C-EB-E8-13-F9-98
       NetBIOS over Tcpip. . . . . . . . : Disabled
    
    
    Tunnel adapter isatap.{ED5A8691-112E-4B41-AD16-64AE84004562}:
    
    
       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : 
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
     
    Interface name : Wi-Fi 
    There are 5 networks currently visible. 
    
    
    SSID 1 : ali
        Network type            : Infrastructure
        Authentication          : WPA2-Personal
        Encryption              : CCMP 
        BSSID 1                 : 64:70:02:aa:5b:9b
             Signal             : 18%  
             Radio type         : 802.11g
             Channel            : 4 
             Basic rates (Mbps) : 1 2 5.5 11
             Other rates (Mbps) : 6 9 12 18 24 36 48 54
    
    
    SSID 2 : kami123
        Network type            : Infrastructure
        Authentication          : Open
        Encryption              : None 
        BSSID 1                 : e4:8d:8c:f9:83:cd
             Signal             : 6%  
             Radio type         : 802.11n
             Channel            : 52 
             Basic rates (Mbps) : 6
             Other rates (Mbps) : 9 12 18 24 36 48 54
    
    
    SSID 3 : zzz
        Network type            : Infrastructure
        Authentication          : WPA2-Personal
        Encryption              : CCMP 
        BSSID 1                 : c4:6e:1f:3c:dd:d3
             Signal             : 16%  
             Radio type         : 802.11n
             Channel            : 11 
             Basic rates (Mbps) : 1 2 5.5 11
             Other rates (Mbps) : 6 9 12 18 24 36 48 54
    
    
    SSID 4 : Ahfad
        Network type            : Infrastructure
        Authentication          : WPA2-Personal
        Encryption              : CCMP 
        BSSID 1                 : e8:94:f6:5b:17:d2
             Signal             : 76%  
             Radio type         : 802.11n
             Channel            : 1 
             Basic rates (Mbps) : 1 2 5.5 11
             Other rates (Mbps) : 6 9 12 18 24 36 48 54
    
    
    SSID 5 : Mahdi
        Network type            : Infrastructure
        Authentication          : WPA2-Personal
        Encryption              : CCMP 
        BSSID 1                 : b0:b2:dc:4d:3b:38
             Signal             : 10%  
             Radio type         : 802.11n
             Channel            : 6 
             Basic rates (Mbps) : 1 2 5.5 11
             Other rates (Mbps) : 6 9 12 18 24 36 48 54
    
    
    
    
    Profiles on interface Wi-Fi:
    
    
    Group policy profiles (read only)
    ---------------------------------
        <None>
    
    
    User profiles
    -------------
        All User Profile     : Modares 2
        All User Profile     : AndroidAP
        All User Profile     : BZLp-aG9zc2VpbiBhcWE
        All User Profile     : Ahfad
        All User Profile     : Tmu Dorm
        All User Profile     : TMU
        All User Profile     : BZLp-aG9zc2VpbiBhcWE 2
        All User Profile     : hassan
        All User Profile     : EjrpN-dGhlIExlbm92byBCbGFjaw==
        All User Profile     : Modares
        All User Profile     : Modaress
        All User Profile     : d2B66Z29sZGVuZHll
        All User Profile     : hossein aqa
    
    
    
    
    Pinging 194.119.131.66 with 32 bytes of data:
    Reply from 194.119.131.66: bytes=32 time=151ms TTL=49
    Reply from 194.119.131.66: bytes=32 time=134ms TTL=49
    Reply from 194.119.131.66: bytes=32 time=135ms TTL=49
    Reply from 194.119.131.66: bytes=32 time=135ms TTL=49
    
    
    Ping statistics for 194.119.131.66:
        Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 134ms, Maximum = 151ms, Average = 138ms
    Ping request could not find host plus.net. Please check the name and try again.
    
    
    Tracing route to cns1.uk.vianw.net [194.119.131.66]
    over a maximum of 30 hops:
    
    
      1     1 ms     1 ms     1 ms  192.168.1.1 
      2    45 ms    42 ms    42 ms  5.53.63.255 
      3    43 ms    46 ms    43 ms  10.201.145.1 
      4    49 ms    55 ms    69 ms  172.19.4.17 
      5    53 ms    45 ms    45 ms  172.19.4.2 
      6    51 ms    47 ms    44 ms  10.201.176.153 
      7    46 ms    45 ms    45 ms  10.10.53.190 
      8   118 ms   113 ms   113 ms  85.132.90.201 
      9     *        *        *     Request timed out.
     10     *      119 ms   122 ms  mskn08.transtelecom.net [188.43.3.246] 
     11     *        *        *     Request timed out.
     12     *      138 ms   136 ms  195.66.224.66 
     13   134 ms   134 ms   158 ms  tengige0-1-1-0-t6-ar14.router.uk.clara.net [195.157.3.110] 
     14   132 ms   155 ms     *     cns1.uk.vianw.net [194.119.131.66] 
     15   131 ms   130 ms   137 ms  cns1.uk.vianw.net [194.119.131.66] 
    
    
    Trace complete.
    These Windows services are started:
    
    
       Adobe Acrobat Update Service
       Application Experience
       Application Information
       ASLDR Service
       ASUS HID Access Service
       Asus WebStorage Windows Service
       ATKGFNEX Service
       Background Intelligent Transfer Service
       Background Tasks Infrastructure Service
       Base Filtering Engine
       BitLocker Drive Encryption Service
       Bluetooth Support Service
       Certificate Propagation
       COM+ Event System
       Credential Manager
       Cryptographic Services
       DCOM Server Process Launcher
       Device Association Service
       DHCP Client
       Diagnostic Policy Service
       Diagnostic Service Host
       Diagnostic System Host
       Diagnostics Tracking Service
       Distributed Link Tracking Client
       DNS Client
       Foxit Reader Service
       Function Discovery Provider Host
       Function Discovery Resource Publication
       Group Policy Client
       HomeGroup Provider
       Human Interface Device Service
       Intel(R) Capability Licensing Service Interface
       Intel(R) Dynamic Application Loader Host Interface
       Intel(R) Dynamic Platform & Thermal Framework Critical Service Application
       Intel(R) Dynamic Platform & Thermal Framework Low Power Mode Service Application
       Intel(R) Dynamic Platform & Thermal Framework Processor Participant Service Application
       IP Helper
       IPsec Policy Agent
       Local Session Manager
       Microsoft Account Sign-in Assistant
       Microsoft Software Shadow Copy Provider
       Network Connected Devices Auto-Setup
       Network Connection Broker
       Network Connections
       Network List Service
       Network Location Awareness
       Network Store Interface Service
       Plug and Play
       Power
       Print Spooler
       Program Compatibility Assistant Service
       Remote Procedure Call (RPC)
       RPC Endpoint Mapper
       Sandboxie Service
       Security Accounts Manager
       Security Center
       Sensor Monitoring Service
       Sentinel LDK License Manager
       Server
       Service KMSELDI
       Shell Hardware Detection
       SSDP Discovery
       Superfetch
       System Event Notification Service
       System Events Broker
       Task Scheduler
       TCP/IP NetBIOS Helper
       TeamViewer 11
       Themes
       Time Broker
       Touch Keyboard and Handwriting Panel Service
       User Profile Service
       Windows Audio
       Windows Audio Endpoint Builder
       Windows Connection Manager
       Windows Driver Foundation - User-mode Driver Framework
       Windows Event Log
       Windows Firewall
       Windows Font Cache Service
       Windows Image Acquisition (WIA)
       Windows Management Instrumentation
       Windows Modules Installer
       Windows Search
       Windows Time
       Windows Update
       WinHTTP Web Proxy Auto-Discovery Service
       WLAN AutoConfig
       Workstation
    
    
    The command completed successfully.
    
    
    
    
    Microsoft Windows [Version 6.3.9600]
    
    
    Image Name                     PID Session Name        Session#    Mem Usage
    ========================= ======== ================ =========== ============
    System Idle Process              0 Services                   0          8 K
    System                           4 Services                   0      3,080 K
    smss.exe                       336 Services                   0        708 K
    csrss.exe                      540 Services                   0      3,236 K
    wininit.exe                    592 Services                   0      2,876 K
    csrss.exe                      608 Console                    1     32,536 K
    winlogon.exe                   652 Console                    1      4,836 K
    services.exe                   720 Services                   0      4,952 K
    lsass.exe                      728 Services                   0      9,520 K
    svchost.exe                    804 Services                   0      8,096 K
    svchost.exe                    848 Services                   0      6,392 K
    dwm.exe                        952 Console                    1     20,180 K
    svchost.exe                   1004 Services                   0     16,440 K
    svchost.exe                   1048 Services                   0     41,836 K
    svchost.exe                   1092 Services                   0     11,080 K
    svchost.exe                   1156 Services                   0     19,804 K
    SbieSvc.exe                   1232 Services                   0      3,184 K
    WUDFHost.exe                  1356 Services                   0      4,936 K
    svchost.exe                   1528 Services                   0      9,996 K
    AsLdrSrv.exe                  1584 Services                   0      2,904 K
    wlanext.exe                   1600 Services                   0      3,668 K
    conhost.exe                   1624 Services                   0      2,104 K
    GFNEXSrv.exe                  1648 Services                   0      1,752 K
    spoolsv.exe                   1808 Services                   0      6,336 K
    svchost.exe                   1868 Services                   0      7,696 K
    svchost.exe                   1892 Services                   0     13,092 K
    armsvc.exe                    2024 Services                   0      2,788 K
    AsHidSrv.exe                  2044 Services                   0      2,464 K
    AsusWSWinService.exe           272 Services                   0     11,536 K
    svchost.exe                    764 Services                   0      9,140 K
    DptfParticipantProcessorS      884 Services                   0      2,540 K
    DptfPolicyCriticalService     1000 Services                   0      2,540 K
    DptfPolicyLpmService.exe      1220 Services                   0      2,564 K
    dasHost.exe                   1340 Services                   0      6,204 K
    FoxitConnectedPDFService.     1516 Services                   0      8,520 K
    hasplms.exe                   2288 Services                   0      9,792 K
    HeciServer.exe                2308 Services                   0      3,592 K
    Service_KMS.exe               2352 Services                   0     18,244 K
    svchost.exe                   2404 Services                   0      4,276 K
    TeamViewer_Service.exe        2424 Services                   0      8,144 K
    svchost.exe                   3592 Services                   0      3,536 K
    WUDFHost.exe                  3792 Services                   0      4,128 K
    HControl.exe                  4556 Console                    1      5,156 K
    taskhostex.exe                4604 Console                    1      8,404 K
    explorer.exe                  4848 Console                    1    127,708 K
    DMedia.exe                    5036 Console                    1      4,064 K
    ATKOSD2.exe                   5044 Console                    1      5,336 K
    TabTip.exe                    5444 Console                    1      7,368 K
    SearchIndexer.exe             5464 Services                   0     18,596 K
    SkyDrive.exe                  5660 Console                    1     12,180 K
    AsusTPLoader.exe              6040 Console                    1      2,048 K
    igfxsrvc.exe                  6108 Console                    1      5,732 K
    WmiPrvSE.exe                  2868 Services                   0      9,928 K
    AsusTPCenter.exe              1828 Console                    1        540 K
    jhi_service.exe               3784 Services                   0      3,536 K
    igfxtray.exe                  1292 Console                    1      5,208 K
    AsusTPHelper.exe              3100 Console                    1        200 K
    hkcmd.exe                     3000 Console                    1      4,940 K
    igfxpers.exe                  2544 Console                    1      5,124 K
    DptfPolicyLpmServiceHelpe     3980 Console                    1      2,144 K
    RtkNGUI.exe                   3252 Console                    1      6,292 K
    avastui.exe                   3460 Console                    1     26,816 K
    Acrotray.exe                  4812 Console                    1      5,056 K
    ONENOTEM.EXE                  2328 Console                    1        828 K
    unsecapp.exe                  3604 Console                    1      4,536 K
    SettingSyncHost.exe           2752 Console                    1      2,236 K
    IEMonitor.exe                 3932 Console                    1      5,016 K
    taskhost.exe                  2948 Console                    1      4,280 K
    ctfmon.exe                    5472 Console                    1      3,452 K
    WINWORD.EXE                   5856 Console                    1     70,772 K
    chrome.exe                    1916 Console                    1    107,808 K
    chrome.exe                    2592 Console                    1      4,028 K
    chrome.exe                    1560 Console                    1     26,952 K
    chrome.exe                    1240 Console                    1     61,100 K
    chrome.exe                    4936 Console                    1     64,424 K
    chrome.exe                    2904 Console                    1     56,632 K
    chrome.exe                    4240 Console                    1     51,996 K
    chrome.exe                    1724 Console                    1     63,624 K
    chrome.exe                    5944 Console                    1     55,084 K
    chrome.exe                    3184 Console                    1     55,496 K
    chrome.exe                    1216 Console                    1     53,660 K
    chrome.exe                    4136 Console                    1    115,136 K
    svchost.exe                   3944 Services                   0      3,720 K
    notepad.exe                   6128 Console                    1      7,228 K
    TrustedInstaller.exe          2956 Services                   0      3,928 K
    TiWorker.exe                  4304 Services                   0     29,604 K
    wireless.exe                  3824 Console                    1      7,864 K
    cmd.exe                       2208 Console                    1      2,128 K
    conhost.exe                   4552 Console                    1      4,212 K
    tasklist.exe                  3300 Console                    1      4,664 K
    
    
       MTU  MediaSenseState   Bytes In  Bytes Out  Interface
    ------  ---------------  ---------  ---------  -------------
    4294967295                1          0      18844  Loopback Pseudo-Interface 1
      1500                1   16808047    1795945  Wi-Fi
      1500                5          0          0  Local Area Connection
      1500                5          0          0  Bluetooth Network Connection
      1500                5          0          0  Local Area Connection* 3
      1500                5          0          0  Lenovo Easyplus Hotspot
    
    
    
    
    Querying active state...
    
    
    TCP Global Parameters
    ----------------------------------------------
    Receive-Side Scaling State          : enabled 
    Chimney Offload State               : disabled 
    NetDMA State                        : disabled 
    Direct Cache Access (DCA)           : disabled 
    Receive Window Auto-Tuning Level    : normal 
    Add-On Congestion Control Provider  : none 
    ECN Capability                      : disabled 
    RFC 1323 Timestamps                 : disabled 
    Initial RTO                         : 3000 
    Receive Segment Coalescing State    : disabled 
    Non Sack Rtt Resiliency             : disabled 
    Max SYN Retransmissions             : 2 
    
    
    ===========================================================================
    Interface List
     16...00 ff 83 6d 15 bd ......TeamViewer VPN Adapter
     11...78 24 af 71 31 61 ......Microsoft Hosted Network Virtual Adapter
      8...78 24 af 71 31 62 ......Bluetooth Device (Personal Area Network)
      7...7a 24 af 71 31 61 ......Microsoft Wi-Fi Direct Virtual Adapter #2
      6...78 24 af 71 31 61 ......Broadcom 802.11abgn Wireless SDIO Adapter
      1...........................Software Loopback Interface 1
     10...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
     14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
    ===========================================================================
    
    
    IPv4 Route Table
    ===========================================================================
    Active Routes:
    Network Destination        Netmask          Gateway       Interface  Metric
              0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.103     25
            127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
            127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
      127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
          192.168.1.0    255.255.255.0         On-link     192.168.1.103    281
        192.168.1.103  255.255.255.255         On-link     192.168.1.103    281
        192.168.1.255  255.255.255.255         On-link     192.168.1.103    281
            224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
            224.0.0.0        240.0.0.0         On-link     192.168.1.103    281
      255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      255.255.255.255  255.255.255.255         On-link     192.168.1.103    281
    ===========================================================================
    Persistent Routes:
      None
    
    
    IPv6 Route Table
    ===========================================================================
    Active Routes:
     If Metric Network Destination      Gateway
     10    306 ::/0                     On-link
      1    306 ::1/128                  On-link
     10    306 2001::/32                On-link
     10    306 2001:0:9d38:90d7:24ad:9c70:b080:b5c5/128
                                        On-link
      6    281 fe80::/64                On-link
     10    306 fe80::/64                On-link
     10    306 fe80::24ad:9c70:b080:b5c5/128
                                        On-link
      6    281 fe80::dcbb:bf7a:2b3e:8f37/128
                                        On-link
      1    306 ff00::/8                 On-link
      6    281 ff00::/8                 On-link
     10    306 ff00::/8                 On-link
    ===========================================================================
    Persistent Routes:
      None
        
    Local Area Connection:
    Node IpAddress: [0.0.0.0] Scope Id: []
    
    
        No Connections
        
    Bluetooth Network Connection:
    Node IpAddress: [0.0.0.0] Scope Id: []
    
    
        No Connections
        
    Wi-Fi:
    Node IpAddress: [192.168.1.103] Scope Id: []
    
    
        No Connections
        
    Lenovo Easyplus Hotspot
    :
    Node IpAddress: [0.0.0.0] Scope Id: []
    
    
        No Connections
        
    Local Area Connection* 3:
    Node IpAddress: [0.0.0.0] Scope Id: []
    
    
        No Connections
    
    
    Active Connections
    
    
      Proto  Local Address          Foreign Address        State
      TCP    0.0.0.0:135            SNToday:0              LISTENING
      RpcSs
     [svchost.exe]
      TCP    0.0.0.0:445            SNToday:0              LISTENING
     Can not obtain ownership information
      TCP    0.0.0.0:1947           SNToday:0              LISTENING
     [hasplms.exe]
      TCP    0.0.0.0:5357           SNToday:0              LISTENING
     Can not obtain ownership information
      TCP    0.0.0.0:38068          SNToday:0              LISTENING
     Can not obtain ownership information
      TCP    0.0.0.0:49408          SNToday:0              LISTENING
     [wininit.exe]
      TCP    0.0.0.0:49409          SNToday:0              LISTENING
      EventLog
     [svchost.exe]
      TCP    0.0.0.0:49410          SNToday:0              LISTENING
      Schedule
     [svchost.exe]
      TCP    0.0.0.0:49411          SNToday:0              LISTENING
     [spoolsv.exe]
      TCP    0.0.0.0:49418          SNToday:0              LISTENING
     [lsass.exe]
      TCP    0.0.0.0:49428          SNToday:0              LISTENING
     Can not obtain ownership information
      TCP    127.0.0.1:1001         SNToday:0              LISTENING
     Can not obtain ownership information
      TCP    127.0.0.1:5939         SNToday:0              LISTENING
     [TeamViewer_Service.exe]
      TCP    127.0.0.1:44430        SNToday:0              LISTENING
     [FoxitConnectedPDFService.exe]
      TCP    127.0.0.1:49153        SNToday:0              LISTENING
     [Explorer.EXE]
      TCP    127.0.0.1:49153        SNToday:49795          ESTABLISHED
     [Explorer.EXE]
      TCP    127.0.0.1:49795        SNToday:49153          ESTABLISHED
     [chrome.exe]
      TCP    192.168.1.103:139      SNToday:0              LISTENING
     Can not obtain ownership information
      TCP    192.168.1.103:49154    111.221.29.154:https   ESTABLISHED
     [Explorer.EXE]
      TCP    192.168.1.103:49771    173.194.76.188:5228    ESTABLISHED
     [chrome.exe]
      TCP    192.168.1.103:49780    fra16s12-in-f14:https  ESTABLISHED
     [chrome.exe]
      TCP    192.168.1.103:49781    adobe:https            ESTABLISHED
     [chrome.exe]
      TCP    192.168.1.103:49783    fra07s32-in-f14:https  ESTABLISHED
     [chrome.exe]
      TCP    192.168.1.103:49876    184.172.52.99:http     ESTABLISHED
     [chrome.exe]
      TCP    192.168.1.103:49882    fra16s12-in-f14:https  ESTABLISHED
     [chrome.exe]
      TCP    192.168.1.103:49883    fra07s29-in-f14:https  ESTABLISHED
     [chrome.exe]
      TCP    192.168.1.103:49884    191.238.177.236:https  ESTABLISHED
     [WINWORD.EXE]
      TCP    [::]:135               SNToday:0              LISTENING
      RpcSs
     [svchost.exe]
      TCP    [::]:445               SNToday:0              LISTENING
     Can not obtain ownership information
      TCP    [::]:1947              SNToday:0              LISTENING
     [hasplms.exe]
      TCP    [::]:5357              SNToday:0              LISTENING
     Can not obtain ownership information
      TCP    [::]:38068             SNToday:0              LISTENING
     Can not obtain ownership information
      TCP    [::]:49408             SNToday:0              LISTENING
     [wininit.exe]
      TCP    [::]:49409             SNToday:0              LISTENING
      EventLog
     [svchost.exe]
      TCP    [::]:49410             SNToday:0              LISTENING
      Schedule
     [svchost.exe]
      TCP    [::]:49411             SNToday:0              LISTENING
     [spoolsv.exe]
      TCP    [::]:49418             SNToday:0              LISTENING
     [lsass.exe]
      TCP    [::]:49428             SNToday:0              LISTENING
     Can not obtain ownership information
      TCP    [::1]:49460            SNToday:0              LISTENING
     [jhi_service.exe]
      UDP    0.0.0.0:123            *:*                    
      W32Time
     [svchost.exe]
      UDP    0.0.0.0:1947           *:*                    
     [hasplms.exe]
      UDP    0.0.0.0:3702           *:*                    
      FDResPub
     [svchost.exe]
      UDP    0.0.0.0:3702           *:*                    
      EventSystem
     [svchost.exe]
      UDP    0.0.0.0:3702           *:*                    
      EventSystem
     [svchost.exe]
      UDP    0.0.0.0:3702           *:*                    
      FDResPub
     [svchost.exe]
      UDP    0.0.0.0:3702           *:*                    
     [dashost.exe]
      UDP    0.0.0.0:3702           *:*                    
     [dashost.exe]
      UDP    0.0.0.0:5353           *:*                    
     [chrome.exe]
      UDP    0.0.0.0:5353           *:*                    
     [chrome.exe]
      UDP    0.0.0.0:5353           *:*                    
     [chrome.exe]
      UDP    0.0.0.0:5355           *:*                    
      Dnscache
     [svchost.exe]
      UDP    0.0.0.0:49415          *:*                    
     [hasplms.exe]
      UDP    0.0.0.0:54019          *:*                    
      FDResPub
     [svchost.exe]
      UDP    0.0.0.0:54021          *:*                    
      EventSystem
     [svchost.exe]
      UDP    0.0.0.0:54023          *:*                    
     [TeamViewer_Service.exe]
      UDP    0.0.0.0:54025          *:*                    
     [dashost.exe]
      UDP    127.0.0.1:1900         *:*                    
      SSDPSRV
     [svchost.exe]
      UDP    127.0.0.1:54018        *:*                    
      SSDPSRV
     [svchost.exe]
      UDP    192.168.1.103:137      *:*                    
     Can not obtain ownership information
      UDP    192.168.1.103:138      *:*                    
     Can not obtain ownership information
      UDP    192.168.1.103:1900     *:*                    
      SSDPSRV
     [svchost.exe]
      UDP    192.168.1.103:5353     *:*                    
     [TeamViewer_Service.exe]
      UDP    192.168.1.103:54017    *:*                    
      SSDPSRV
     [svchost.exe]
      UDP    [::]:123               *:*                    
      W32Time
     [svchost.exe]
      UDP    [::]:1947              *:*                    
     [hasplms.exe]
      UDP    [::]:3702              *:*                    
      FDResPub
     [svchost.exe]
      UDP    [::]:3702              *:*                    
     [dashost.exe]
      UDP    [::]:3702              *:*                    
      FDResPub
     [svchost.exe]
      UDP    [::]:3702              *:*                    
      EventSystem
     [svchost.exe]
      UDP    [::]:3702              *:*                    
     [dashost.exe]
      UDP    [::]:3702              *:*                    
      EventSystem
     [svchost.exe]
      UDP    [::]:5353              *:*                    
     [chrome.exe]
      UDP    [::]:5353              *:*                    
     [chrome.exe]
      UDP    [::]:5355              *:*                    
      Dnscache
     [svchost.exe]
      UDP    [::]:54020             *:*                    
      FDResPub
     [svchost.exe]
      UDP    [::]:54022             *:*                    
      EventSystem
     [svchost.exe]
      UDP    [::]:54024             *:*                    
     [TeamViewer_Service.exe]
      UDP    [::]:54026             *:*                    
     [dashost.exe]
      UDP    [::1]:1900             *:*                    
      SSDPSRV
     [svchost.exe]
      UDP    [::1]:5353             *:*                    
     [TeamViewer_Service.exe]
      UDP    [::1]:54016            *:*                    
      SSDPSRV
     [svchost.exe]
      UDP    [fe80::24ad:9c70:b080:b5c5%10]:546  *:*                    
      Dhcp
     [svchost.exe]
      UDP    [fe80::dcbb:bf7a:2b3e:8f37%6]:546  *:*                    
      Dhcp
     [svchost.exe]
      UDP    [fe80::dcbb:bf7a:2b3e:8f37%6]:1900  *:*                    
      SSDPSRV
     [svchost.exe]
      UDP    [fe80::dcbb:bf7a:2b3e:8f37%6]:54015  *:*                    
      SSDPSRV
     [svchost.exe]
    Server:  UnKnown
    Address:  192.168.1.1
    
    
    Name:    portal.plus.net
    Addresses:  212.159.9.2
          212.159.8.2
    Aliases:  Plusnet | Phone and Broadband Deals - Fast, Cheap & Reliable
    
    
    
    
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
        ASUSPRP    REG_SZ    "C:\Program Files\ASUS\APRP\APRP.EXE"
        WebStorage    REG_SZ    C:\Program Files\ASUS\WebStorage\2.1.2.301\ASUSWSLoader.exe
        IgfxTray    REG_SZ    "C:\Windows\system32\igfxtray.exe"
        HotKeysCmds    REG_SZ    "C:\Windows\system32\hkcmd.exe"
        Persistence    REG_SZ    "C:\Windows\system32\igfxpers.exe"
        DptfPolicyLpmServiceHelper    REG_SZ    C:\Windows\system32\DptfPolicyLpmServiceHelper.exe
        RtkNGUI    REG_SZ    "C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe" /s
        Everything    REG_SZ    "C:\Program Files\Everything\Everything.exe" -startup
        AvastUI.exe    REG_SZ    "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
        Dropbox    REG_SZ    "C:\Program Files\Dropbox\Client\Dropbox.exe" /systemstartup
        AdobeAAMUpdater-1.0    REG_SZ    "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
        Adobe ARM    REG_SZ    "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
        (Default)    REG_SZ    
        Acrobat Assistant 8.0    REG_SZ    "D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
    
    
    
    
    
    
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
        IDMan    REG_SZ    C:\Program Files\Internet Download Manager\IDMan.exe /onboot
        SugarSync    REG_SZ    "C:\Program Files\SugarSync\SugarSync.exe" -startInTray -usedelay=true
        SandboxieControl    REG_SZ    "C:\Program Files\Sandboxie\SbieCtrl.exe"
        GoogleChromeAutoLaunch_D08D85DCFC7DC1C74F7FE73786AFDD07    REG_SZ    "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
    
    Addition (from FRST)
    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-09-2016
    Ran by john (15-09-2016 17:57:19)
    Running from C:\Users\john\Desktop
    Microsoft Windows 8.1 (Update) (X86) (2016-07-07 10:31:07)
    Boot Mode: Normal
    ==========================================================
    
    
    
    
    ==================== Accounts: =============================
    
    
    Administrator (S-1-5-21-1211984804-1430602019-1276967695-500 - Administrator - Disabled) => C:\Users\Administrator
    Guest (S-1-5-21-1211984804-1430602019-1276967695-501 - Limited - Enabled) => C:\Users\Guest
    HomeGroupUser$ (S-1-5-21-1211984804-1430602019-1276967695-1003 - Limited - Enabled)
    john (S-1-5-21-1211984804-1430602019-1276967695-1001 - Administrator - Enabled) => C:\Users\john
    
    
    ==================== Security Center ========================
    
    
    (If an entry is included in the fixlist, it will be removed.)
    
    
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: Avast Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Avast Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    
    
    ==================== Installed Programs ======================
    
    
    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
    
    
    Adobe Acrobat XI Pro (HKLM\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.00 - Adobe Systems)
    Anki (HKLM\...\Anki) (Version:  - )
    ANY-maze (HKLM\...\ANY-maze) (Version:  - Stoelting Co.)
    ASUS Live Update (HKLM\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.4.3 - ASUS)
    ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.3 - ASUS)
    ASUS Smart Gesture (HKLM\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.16 - ASUS)
    ATK Package (HKLM\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0033 - ASUS)
    Avast Free Antivirus (HKLM\...\Avast) (Version: 12.3.2280 - AVAST Software)
    Blio (HKLM\...\{7DBB61C8-34AD-4D60-BEE1-7F694B9A587A}) (Version: 3.1.9534 - K-NFB Reading Technology, Inc.)
    Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.93.99.187.1 - Broadcom Corporation)
    calibre (HKLM\...\{263E62B9-CB1E-4864-A8A7-37DEAC651484}) (Version: 2.63.0 - Kovid Goyal)
    Canon MF210 Series (HKLM\...\{14824AB4-17F5-4909-80AB-A7E24743A47C}) (Version: 4.5.0.0 - CANON INC.)
    Citavi 5 (HKLM\...\{7EB278FB-0C3C-445E-8665-4A6CDD9B794E}) (Version: 5.0.0.11 - Swiss Academic Software)
    Cyberoam General Authentication Client 2.1.2.7 (HKLM\...\{043251F4-DA3F-44E6-A903-0A9B9FB375B9}}_is1) (Version:  - Cyberoam Technologies Pvt. Ltd.)
    Dropbox (HKLM\...\Dropbox) (Version: 9.4.49 - Dropbox, Inc.)
    Dropbox Update Helper (Version: 1.3.45.1 - Dropbox, Inc.) Hidden
    ePub Converter v2.7.109.352 (HKLM\...\ePub Converter v2.7.109.3522.7.109.352) (Version: 2.7.109.352 - Friends in War)
    EthoVision XT 11 (HKLM\...\{6F1198E3-A40C-4C59-B2FC-9A430B36D9AD}) (Version: 11.0.928 - Noldus Information Technology bv)
    Everything 1.3.4.686 (x86) (HKLM\...\Everything) (Version:  - )
    Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 8.0.0.624 - Foxit Software Inc.)
    GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
    GoldenDict (HKLM\...\GoldenDict) (Version:  - )
    Google Chrome (HKLM\...\{FD78FCBB-B20E-370E-BA1C-FE6886D4214F}) (Version: 52.0.2743.116 - Google, Inc.)
    Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
    GraphPad Prism 6 (Trial) (HKLM\...\{E2D64D20-54B1-11E1-72AE-0169BBF12CD6}) (Version: 6.07 - GraphPad Software)
    Herramientas de corrección de Microsoft Office 2016: español (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
    Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3417 - Intel Corporation)
    Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
    Internet Download Manager (HKLM\...\Internet Download Manager) (Version:  - Tonec Inc.)
    KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version:  - )
    MATLAB R2014a (HKLM\...\Matlab R2014a) (Version: 8.3 - The MathWorks, Inc.)
    Metric Collection SDK 35 (Version: 1.2.0006.00 - Lenovo Group Limited) Hidden
    Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Preview Redistributable (x86) - 12.0.20617 (HKLM\...\{1f407217-9aec-4146-8504-e64ac959c534}) (Version: 12.0.20617.1 - Microsoft Corporation)
    Noldus HardwareInterface Iobox 3.0.12 (HKLM\...\{515A24CA-6F55-44F6-94F1-F39BA91DA19E}) (Version: 3.0.12 - Noldus Information Technology bv)
    Noldus HardwareInterface MiniIobox 3.0.16 (HKLM\...\{705C9773-3987-45C8-B326-BB8D911A571B}) (Version: 3.0.16 - Noldus Information Technology bv)
    Noldus MainConcept Codec Package 8.5 (HKLM\...\{5DA40F7A-56E2-4F77-B37C-5C8092BA249B}) (Version: 8.5.30 - Noldus Information Technology bv)
    Noldus MainConcept Encoder Package 7.5 (HKLM\...\{6DF93DFB-24DA-48F9-8C73-E3A35F79107E}) (Version: 7.5.4 - Noldus Information Technology bv)
    Noldus MediaLooks A/V Filters 3.2 (HKLM\...\{505F9AC2-C8AD-4E17-98AE-B5CF4D1F2D21}) (Version: 3.2.00 - Noldus Information Technology bv)
    Noldus RBRMInterface (HKLM\...\{EDB651A9-DB41-49D3-97BB-021C1F290839}) (Version: 1.0.8 - Noldus Information Technology bv)
    Noldus Resizer Filter 12.0.2 (HKLM\...\{53C62640-01F0-4A8D-9FD9-47D2EEB08945}) (Version: 12.0.2 - Noldus Information Technology bv)
    OpenControl - Tracking Only v1.2 (HKLM\...\OpenControl-TrackingOnly_is1) (Version:  - Paulo Aguiar paguiar@ibmc.up.pt)
    Outils de vérification linguistique 2016 de Microsoft Office - Français (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
    Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9.140.248 - Google, Inc.)
    qBittorrent 3.3.5 (HKLM\...\qBittorrent) (Version: 3.3.5 - The qBittorrent project)
    Realtek I2S Audio (HKLM\...\{89A448AA-3301-46AA-AFC3-34F2D7C670E8}) (Version: 6.2.9600.4087 - Realtek Semiconductor Corp.)
    Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
    Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
    SafeZone Stable 1.51.2220.53 (Version: 1.51.2220.53 - Avast Software) Hidden
    Sandboxie 5.12 (32-bit) (HKLM\...\Sandboxie) (Version: 5.12 - Sandboxie Holdings, LLC)
    Sentinel Runtime (HKLM\...\{2A414CBE-CDF3-48C6-A91B-D3D4522F8EB5}) (Version: 6.60.1.36770 - SafeNet Inc.)
    SHAREit (HKLM\...\SHAREit_is1) (Version: 3.3.0.1103 - Lenovo)
    Smart Diary Suite 4 (HKLM\...\{4E0B21EE-F414-412A-B916-19CBDEA5EF64}_is1) (Version:  - Programming Sunrise)
    Smart v3.0.05 (HKLM\...\{13782DCB-22E7-4F72-8BF9-4B059D8599EA}_is1) (Version: 3.0.5.2902 - Panlab Harvard Apparatus)
    SugarSync (HKLM\...\SugarSync) (Version: 3.7.2.7.144324 - SugarSync, Inc.)
    TeamViewer 11 (HKLM\...\TeamViewer) (Version: 11.0.64630 - TeamViewer)
    Telegram Desktop version 0.10.1 (HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 0.10.1 - Telegram Messenger LLP)
    Temp File Cleaner (HKLM\...\Temp File Cleaner) (Version: 4.4.0 - Addpcs, LLC)
    Todoist (HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\{B1B3C79A-FFD9-4B28-A456-62B6E55E2A5C}_is1) (Version: 2.7.6.0 - Doist Ltd.)
    UnCleaner (HKLM\...\UnCleaner) (Version: 1.7 - Josh Cell Softwares Corporation)
    Update for Skype for Business 2016 (KB3118288) 32-Bit Edition (HKLM\...\{90160000-0011-0000-0000-0000000FF1CE}_Office16.PROPLUS_{736AF69B-309B-4C1E-A1E7-202FF8CCA0CD}) (Version:  - Microsoft)
    Update for Skype for Business 2016 (KB3118288) 32-Bit Edition (HKLM\...\{90160000-012B-0409-0000-0000000FF1CE}_Office16.PROPLUS_{736AF69B-309B-4C1E-A1E7-202FF8CCA0CD}) (Version:  - Microsoft)
    VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
    WebStorage (HKLM\...\WebStorage) (Version: 2.1.2.301 - ASUS Cloud Corporation)
    WinDirStat 1.1.2 (HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\WinDirStat) (Version:  - )
    Windows 10 Upgrade Assistant (HKLM\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17332 - Microsoft Corporation)
    Windows Driver Package - ASUS (AsusHID) Mouse  (03/17/2014 3.0.0.27) (HKLM\...\A2E56402A9DA7D645E15F917A8AD8C50FDC80753) (Version: 03/17/2014 3.0.0.27 - ASUS)
    WinFlash (HKLM\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
    WinRAR 5.31 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
    Xilisoft PDF to EPUB Converter (HKLM\...\Xilisoft PDF to EPUB Converter) (Version: 1.0.1.0927 - Xilisoft)
    Xvid Video Codec (HKLM\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
    
    
    ==================== Custom CLSID (Whitelisted): ==========================
    
    
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    
    
    
    
    ==================== Scheduled Tasks (Whitelisted) =============
    
    
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    
    
    Task: {004EEE38-C96B-4042-864E-DDE62D721259} - System32\Tasks\Update Checker => C:\Program Files\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
    Task: {0990F565-119A-4A2C-B762-78C82CA95154} - System32\Tasks\MATLAB R2014a Startup Accelerator => e:\Program Files\MATLAB\R2014a\bin\win32\MATLABStartupAccelerator.exe [2014-01-29] ()
    Task: {2D23BF59-B5E6-4294-832C-1AE7252389B9} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2014-01-14] (ASUSTek Computer Inc.)
    Task: {313B6B8F-EC4D-4EEB-B0A9-C0E2998D5847} - \ASUS Patch for Touch Panel -> No File <==== ATTENTION
    Task: {5318C8C0-7823-4B2F-B271-D2CFCE3D45F6} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 35 => C:\Program Files\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe
    Task: {57876349-58E1-4042-BE9F-F9DF9B7A125A} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-07-15] (Dropbox, Inc.)
    Task: {6E795BEF-3F18-4D59-B526-8A7E1193B411} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-09-01] (AVAST Software)
    Task: {6F8BE5F2-4AB8-407A-BB58-8C3C6FF9E49E} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)
    Task: {81593B05-5E9A-444A-BB06-7A36B65B2C91} - System32\Tasks\ASUS Live Update1 => C:\Program Files\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
    Task: {83F42300-30C3-4F23-98AB-96AA04A9F01C} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPLauncher.exe [2014-04-09] (AsusTek)
    Task: {8687639D-93DD-494F-AE76-1922D6B6A23C} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-07-10] (AVAST Software)
    Task: {C1C9D87E-22F6-4B23-8929-DE23B74A1DA3} - System32\Tasks\SafeZone scheduled Autoupdate 1472832695 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-08-09] (Avast Software)
    Task: {D6EFF91B-908E-4AE1-BAC6-79B0610F168D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-07-10] (Google Inc.)
    Task: {E3555FF8-B04C-4D2C-ADC0-C52D617756F9} - System32\Tasks\ASUS Live Update2 => C:\Program Files\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
    Task: {F0FED4FB-582A-4548-B6CE-63C1258D7D8A} - System32\Tasks\AutoPico Daily Restart => d:\Program Files\KMSpico\AutoPico.exe [2015-09-27] (@ByELDI)
    Task: {F2179854-30CB-4504-900A-3B886F9401C6} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-07-15] (Dropbox, Inc.)
    Task: {F69F135A-1B72-4262-860F-D31950AFAD91} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-07-10] (Google Inc.)
    Task: {FAB49829-3EE7-4234-BE84-277862F2A57C} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
    
    
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
    
    
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\MATLAB R2014a Startup Accelerator.job => e:\Program Files\MATLAB\R2014a\bin\win32\MATLABStartupAccelerator.exe
    
    
    ==================== Shortcuts =============================
    
    
    (The entries could be listed to be restored or removed.)
    
    
    ShortcutWithArgument: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Freelancy Time Tracker.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=olkajbcicgbkoefeclmjjbdhidnnmgkh
    ShortcutWithArgument: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gliffy Diagrams.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=bhmicilclplefnflapjmnngmkkkkpfad
    ShortcutWithArgument: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Keep - notes and lists.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
    ShortcutWithArgument: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Pocket.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=mjcnijlhddpbdemagnpefmlkjdagkogk
    
    
    ==================== Loaded Modules (Whitelisted) ==============
    
    
    2016-07-15 15:21 - 2016-08-06 11:43 - 00019216 _____ () C:\WINDOWS\system32\spool\PRTPROCS\W32X86\TeamViewer_PrintProcessor.dll
    2016-07-10 03:19 - 2016-07-10 03:19 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2016-09-01 22:15 - 2016-09-01 22:15 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2016-09-01 22:15 - 2016-09-01 22:15 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
    2016-08-09 14:36 - 2016-08-03 04:54 - 01771336 _____ () C:\Program Files\Google\Chrome\Application\52.0.2743.116\libglesv2.dll
    2016-08-09 14:36 - 2016-08-03 04:53 - 00094024 _____ () C:\Program Files\Google\Chrome\Application\52.0.2743.116\libegl.dll
    
    
    ==================== Alternate Data Streams (Whitelisted) =========
    
    
    (If an entry is included in the fixlist, only the ADS will be removed.)
    
    
    
    
    ==================== Safe Mode (Whitelisted) ===================
    
    
    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
    
    
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
    
    
    ==================== Association (Whitelisted) ===============
    
    
    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)
    
    
    
    
    ==================== Internet Explorer trusted/restricted ===============
    
    
    (If an entry is included in the fixlist, it will be removed from the registry.)
    
    
    
    
    ==================== Hosts content: ===============================
    
    
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
    
    
    2013-08-22 10:43 - 2016-09-09 00:04 - 00000753 ____A C:\WINDOWS\system32\Drivers\etc\hosts
    
    
     
    127.0.0.1       localhost 
    
    
    ==================== Other Areas ============================
    
    
    (Currently there is no automatic fix for this section.)
    
    
    HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\asus\wallpapers\asus.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.
    
    
    ==================== MSCONFIG/TASK MANAGER disabled items ==
    
    
    (Currently there is no automatic fix for this section.)
    
    
    HKLM\...\StartupApproved\StartupFolder: => "Cyberoam General Authentication Client.lnk"
    HKLM\...\StartupApproved\Run: => "WebStorage"
    HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
    HKLM\...\StartupApproved\Run: => "Everything"
    HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_D08D85DCFC7DC1C74F7FE73786AFDD07"
    HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\StartupApproved\Run: => "IDMan"
    HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\StartupApproved\Run: => "SandboxieControl"
    HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\StartupApproved\Run: => "SugarSync"
    
    
    ==================== FirewallRules (Whitelisted) ===============
    
    
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    
    
    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [{9D61E6CB-5763-41DC-8C3F-B008269381A2}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe
    FirewallRules: [{BEFB68FE-2829-4C43-9389-4E28E4352F11}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe
    FirewallRules: [{1AFD70A4-6761-42EB-A1CE-0037C60A97AB}] => (Allow) C:\WINDOWS\system32\hasplms.exe
    FirewallRules: [{8122C688-943D-4E78-8DA2-81026A22E387}] => (Allow) D:\Program Files\SHAREit\SHAREit.exe
    FirewallRules: [{03D00B97-38FA-4CC9-AB46-137760E3C979}] => (Allow) D:\Program Files\SHAREit\SHAREit.exe
    FirewallRules: [{39CACE31-6E80-4BFD-9E17-C33167368718}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
    FirewallRules: [{E796579A-3C8D-4EDC-AC62-61A8CCD9B560}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
    FirewallRules: [{795B5D8D-CFEB-44A7-AA6C-B6A8E9FE4933}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{A8235268-B96A-46A5-BA60-A788E3C30341}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{C6293449-82E5-4ED1-BCCD-3C290B968B91}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
    FirewallRules: [{2CA38FD0-9E62-4844-AF73-F25513492427}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
    FirewallRules: [{B2CF45F7-7CD5-4F0F-B437-7F125D088AA8}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
    FirewallRules: [{145D4365-FDAD-4C2A-8F39-BE9EC439C178}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{E6B57682-B80E-471B-999B-C9F4F6006BEA}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{709C1F62-6910-44AF-9E5A-045C27239C6C}] => (Allow) C:\Program Files\Internet Download Manager\IDMan.exe
    FirewallRules: [{C0EB0285-0D4B-499C-9367-BA1D1D3ADC5E}] => (Allow) C:\Program Files\Internet Download Manager\IDMan.exe
    FirewallRules: [{E3CF7D3E-49DB-4099-908B-065F0DBBD1F8}] => (Allow) C:\Program Files\Internet Download Manager\IDMan.exe
    FirewallRules: [{E2136944-8C09-4054-BBE4-087976BABF17}] => (Allow) C:\Program Files\Internet Download Manager\IDMan.exe
    FirewallRules: [TCP Query User{DED73CCC-54EB-4DEA-94B1-BC0CE89C5CE6}C:\users\john\desktop\shortcuts\fg759p.exe] => (Allow) C:\users\john\desktop\shortcuts\fg759p.exe
    FirewallRules: [UDP Query User{2BD954D6-D8B6-4D6C-980A-0E4F566067F4}C:\users\john\desktop\shortcuts\fg759p.exe] => (Allow) C:\users\john\desktop\shortcuts\fg759p.exe
    FirewallRules: [{B6947C46-921D-4403-9484-3CC8BCC11180}] => (Allow) C:\Program Files\Dropbox\Client\Dropbox.exe
    FirewallRules: [{5A23F26C-C55E-441B-BA66-C3E34E196AB6}] => (Allow) LPort=1688
    FirewallRules: [{449AE8C3-1263-4C07-B028-0E0FD91066A2}] => (Allow) D:\Program Files\KMSpico\Service_KMS.exe
    FirewallRules: [{10FBAC06-9F86-476B-B9BC-D46E6E705000}] => (Allow) D:\Program Files\KMSpico\Service_KMS.exe
    
    
    ==================== Restore Points =========================
    
    
    
    
    ==================== Faulty Device Manager Devices =============
    
    
    
    
    ==================== Event log errors: =========================
    
    
    Application errors:
    ==================
    Error: (09/15/2016 05:37:00 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: chrome.exe, version: 52.0.2743.116, time stamp: 0x57a128a8
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x00000000
    Faulting process id: 0xd64
    Faulting application start time: 0x01d20f5170d1eb88
    Faulting application path: C:\Program Files\Google\Chrome\Application\chrome.exe
    Faulting module path: unknown
    Report Id: 491dbe13-7b45-11e6-9746-7824af713162
    Faulting package full name: 
    Faulting package-relative application ID:
    
    
    Error: (09/15/2016 05:32:43 PM) (Source: DptfPolicyLpmService) (EventID: 1) (User: )
    Description: Event-ID 1
    
    
    Error: (09/15/2016 05:22:53 PM) (Source: System Restore) (EventID: 8193) (User: )
    Description: Failed to create restore point (Process = C:\WINDOWS\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x8004231f).
    
    
    Error: (09/15/2016 03:11:23 PM) (Source: System Restore) (EventID: 8211) (User: )
    Description: The scheduled restore point could not be created.  Additional information: (0x80070070).
    
    
    Error: (09/15/2016 03:11:23 PM) (Source: System Restore) (EventID: 8193) (User: )
    Description: Failed to create restore point (Process = C:\WINDOWS\system32\srtasks.exe ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070070).
    
    
    Error: (09/15/2016 02:49:51 PM) (Source: VSS) (EventID: 12305) (User: )
    Description: Volume Shadow Copy Service error: Volume/disk not connected or not found.
    Error context: CreateFileW(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1,0xc0000000,0x00000003,...).
    
    
    
    
    Operation:
       Processing PostFinalCommitSnapshots
    
    
    Context:
       Execution Context: System Provider
    
    
    Error: (09/15/2016 02:35:28 PM) (Source: DptfPolicyLpmService) (EventID: 1) (User: )
    Description: Event-ID 1
    
    
    Error: (09/15/2016 02:35:28 PM) (Source: DptfPolicyLpmService) (EventID: 1) (User: )
    Description: Event-ID 1
    
    
    Error: (09/15/2016 02:34:04 PM) (Source: System Restore) (EventID: 8193) (User: )
    Description: Failed to create restore point (Process = C:\WINDOWS\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_9dfef83fe2e442e4\TiWorker.exe -Embedding; Description = Windows Modules Installer; Error = 0x8004231f).
    
    
    Error: (09/15/2016 02:33:50 PM) (Source: System Restore) (EventID: 8193) (User: )
    Description: Failed to create restore point (Process = C:\WINDOWS\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x8004231f).
    
    
    
    
    System errors:
    =============
    Error: (09/15/2016 05:23:00 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Windows Malicious Software Removal Tool for Windows 8, 8.1 and 10 - September 2016 (KB890830).
    
    
    Error: (09/15/2016 05:22:53 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Microsoft Visio 2016 (KB3115494) 32-Bit Edition.
    
    
    Error: (09/15/2016 03:10:49 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Microsoft Office 2016 (KB3115495) 32-Bit Edition.
    
    
    Error: (09/15/2016 03:10:44 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Windows 8.1 (KB2965142).
    
    
    Error: (09/15/2016 03:10:44 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 8.1 (KB3177186).
    
    
    Error: (09/15/2016 03:10:44 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 8.1 (KB3178539).
    
    
    Error: (09/15/2016 02:49:51 PM) (Source: volsnap) (EventID: 36) (User: )
    Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    
    
    Error: (09/15/2016 02:35:09 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
     and APPID 
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
     to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    
    
    Error: (09/15/2016 02:34:17 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Microsoft Office 2016 (KB3115495) 32-Bit Edition.
    
    
    Error: (09/15/2016 02:34:17 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Windows 8.1 (KB2965142).
    
    
    
    
    CodeIntegrity:
    ===================================
      Date: 2016-09-15 17:30:10.237
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    
    
      Date: 2016-09-15 17:26:57.021
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    
    
      Date: 2016-09-15 14:34:45.690
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    
    
      Date: 2016-09-13 10:18:04.440
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    
    
      Date: 2016-09-10 14:03:59.221
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    
    
      Date: 2016-09-09 01:35:54.942
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    
    
      Date: 2016-09-08 23:42:48.471
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    
    
      Date: 2016-09-08 23:27:44.659
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    
    
      Date: 2016-09-08 16:23:02.143
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    
    
      Date: 2016-09-02 20:41:04.221
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    
    
    
    
    ==================== Memory info =========================== 
    
    
    Processor: Intel(R) Atom(TM) CPU Z3775 @ 1.46GHz
    Percentage of memory in use: 65%
    Total physical RAM: 1933.14 MB
    Available physical RAM: 663.49 MB
    Total Virtual: 2260.77 MB
    Available Virtual: 652.31 MB
    
    
    ==================== Drives ================================
    
    
    Drive c: (OS) (Fixed) (Total:20.9 GB) (Free:0.46 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive d: () (Removable) (Total:28.97 GB) (Free:3.9 GB) FAT32
    Drive e: (Data1) (Fixed) (Total:465.76 GB) (Free:195.17 GB) NTFS
    
    
    ==================== MBR & Partition Table ==================
    
    
    ========================================================
    Disk: 0 (Size: 29.1 GB) (Disk ID: 6836FA22)
    
    
    Partition: GPT.
    
    
    ========================================================
    Disk: 1 (Size: 29 GB) (Disk ID: 00000000)
    
    
    Partition: GPT.
    
    
    ========================================================
    Disk: 2 (Size: 465.8 GB) (Disk ID: 233EF10A)
    
    
    Partition: GPT.
    
    
    ==================== End of Addition.txt ============================
    
    FRST
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2016
    Ran by john (administrator) on SNTODAY (15-09-2016 17:56:11)
    Running from C:\Users\john\Desktop
    Loaded Profiles: john (Available Profiles: john & Administrator & Guest)
    Platform: Microsoft Windows 8.1 (Update) (X86) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
    
    
    ==================== Processes (Whitelisted) =================
    
    
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
    
    
    (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
    (ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (ASUS) C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    (ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe
    (ASUS Cloud Corporation) C:\Program Files\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe
    (Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
    (Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
    (Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
    (Foxit Software Inc.) C:\Program Files\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
    (SafeNet Inc.) C:\Windows\System32\hasplms.exe
    (Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
    (@ByELDI) D:\Program Files\KMSpico\Service_KMS.exe
    (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
    (ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe
    (ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe
    (ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPLoader.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPCenter.exe
    (Intel Corporation) C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPHelper.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Adobe Systems Inc.) D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe
    (Microsoft Corporation) D:\Program Files\Microsoft Office\Office16\ONENOTEM.EXE
    (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe
    (Microsoft Corporation) D:\Program Files\Microsoft Office\Office16\WINWORD.EXE
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_9dfef83fe2e442e4\TiWorker.exe
    
    
    
    
    ==================== Registry (Whitelisted) ===========================
    
    
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
    
    
    HKLM\...\Run: [ASUSPRP] => C:\Program Files\ASUS\APRP\APRP.EXE [1080992 2014-04-11] (ASUSTek Computer Inc.)
    HKLM\...\Run: [WebStorage] => C:\Program Files\ASUS\WebStorage\2.1.2.301\ASUSWSLoader.exe [63296 2014-02-25] ()
    HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe [81360 2014-01-22] (Intel Corporation)
    HKLM\...\Run: [RtkNGUI] => C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe [2912256 2014-01-17] (Realtek Semiconductor)
    HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [1048576 2014-08-06] ()
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9107616 2016-09-12] (AVAST Software)
    HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [25197248 2016-08-31] (Dropbox, Inc.)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
    HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
    HKLM\...\Run: [] => [X]
    HKLM\...\Run: [Acrobat Assistant 8.0] => D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3477640 2012-09-23] (Adobe Systems Inc.)
    HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [3961968 2016-07-15] (Tonec Inc.)
    HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\Run: [SugarSync] => C:\Program Files\SugarSync\SugarSync.exe [18918368 2016-05-19] (SugarSync, Inc.)
    HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [644240 2016-06-15] (Sandboxie Holdings, LLC)
    HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\Run: [GoogleChromeAutoLaunch_D08D85DCFC7DC1C74F7FE73786AFDD07] => C:\Program Files\Google\Chrome\Application\chrome.exe [961352 2016-08-03] (Google Inc.)
    HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
    ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2015-08-14] (Tonec Inc.)
    ShellIconOverlayIdentifiers: [ !SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files\SugarSync\SugarSyncShellExt.dll [2016-05-19] (SugarSync, Inc.)
    ShellIconOverlayIdentifiers: [ !SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files\SugarSync\SugarSyncShellExt.dll [2016-05-19] (SugarSync, Inc.)
    ShellIconOverlayIdentifiers: [ !SugarSyncSharedSyncing] -> {F7395C2E-A5D8-4a32-9536-5C6A9F1DC450} => C:\Program Files\SugarSync\SugarSyncShellExt.dll [2016-05-19] (SugarSync, Inc.)
    ShellIconOverlayIdentifiers: [ !SugarSyncSynced] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files\SugarSync\SugarSyncShellExt.dll [2016-05-19] (SugarSync, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_BN] -> {CC5FC992-B0AA-47CD-9DC2-83445083CBB9} => C:\Program Files\Common Files\AWS\2.1.2.301\ASUSWSShellExt.dll [2013-06-26] (ASUS Cloud Corporation.)
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_ON] -> {618A47A2-528B-4D9A-AFC8-97D3233511E3} => C:\Program Files\Common Files\AWS\2.1.2.301\ASUSWSShellExt.dll [2013-06-26] (ASUS Cloud Corporation.)
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_UN] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files\Common Files\AWS\2.1.2.301\ASUSWSShellExt.dll [2013-06-26] (ASUS Cloud Corporation.)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-09-01] (AVAST Software)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Cyberoam General Authentication Client.lnk [2016-07-27]
    ShortcutTarget: Cyberoam General Authentication Client.lnk -> C:\Program Files\Cyberoam\Cyberoam General Authentication Client\CyberoamClient.exe ()
    Startup: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-09-15]
    ShortcutTarget: Send to OneNote.lnk -> D:\Program Files\Microsoft Office\Office16\ONENOTEM.EXE (Microsoft Corporation)
    
    
    ==================== Internet (Whitelisted) ====================
    
    
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
    
    
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{DC3F7DB0-A95E-4F15-8348-BED0679CEF24}: [DhcpNameServer] 40.51.1.13
    Tcpip\..\Interfaces\{ED5A8691-112E-4B41-AD16-64AE84004562}: [DhcpNameServer] 192.168.1.1
    
    
    Internet Explorer:
    ==================
    HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com/?pc=ASJB
    HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
    SearchScopes: HKU\S-1-5-21-1211984804-1430602019-1276967695-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
    BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2016-07-05] (Internet Download Manager, Tonec Inc.)
    BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
    BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-09-01] (AVAST Software)
    BHO: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
    BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
    Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
    Toolbar: HKU\S-1-5-21-1211984804-1430602019-1276967695-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
    Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - D:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-06-14] (Microsoft Corporation)
    Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - D:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-06-14] (Microsoft Corporation)
    
    
    FireFox:
    ========
    FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-06-07] (Foxit Corporation)
    FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-06-07] (Foxit Corporation)
    FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-06-07] (Foxit Corporation)
    FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-06-07] (Foxit Corporation)
    FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2015-08-27] (Google, Inc.)
    FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll [2013-07-13] (Intel Corporation)
    FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll [2013-07-13] (Intel Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> D:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
    FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
    FF Plugin: Adobe Acrobat -> D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
    FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-09-01]
    FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
    FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-09-01]
    FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
    FF Extension: (Adobe Acrobat - Create PDF) - D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2016-07-27] [not signed]
    FF HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\john\AppData\Roaming\IDM\idmmzcc5
    FF Extension: (IDM CC) - C:\Users\john\AppData\Roaming\IDM\idmmzcc5 [2016-09-15] [not signed]
    FF HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
    FF Extension: (IDM integration) - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2016-06-08]
    
    
    Chrome: 
    =======
    CHR DefaultSearchKeyword: Default -> cal
    CHR Session Restore: Default -> is enabled.
    CHR Profile: C:\Users\john\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-09]
    CHR Extension: (Google Docs) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-09]
    CHR Extension: (Task Timer) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomfjmibjhhfdenfkpaodhnlhkolngif [2016-09-09]
    CHR Extension: (Google Drive) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-09]
    CHR Extension: (Gliffy Diagrams) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmicilclplefnflapjmnngmkkkkpfad [2016-09-09]
    CHR Extension: (YouTube) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-09]
    CHR Extension: (Calendar and Countdown) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\caplfhpahpkhhckglldpmdmjclabckhc [2016-09-09]
    CHR Extension: (OneTab) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2016-09-09]
    CHR Extension: (High Contrast) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcfdncoelnlbldjfhinnjlhdjlikmph [2016-09-09]
    CHR Extension: (Adobe Acrobat) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2016-09-09]
    CHR Extension: (Google Calendar) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2016-09-09]
    CHR Extension: (Avast SafePrice) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-09-10]
    CHR Extension: (Morphine) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbnpehpbojenlldmfcopeajkichnnjpo [2016-09-09]
    CHR Extension: (Google Sheets) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-09]
    CHR Extension: (Notepad) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffbhefmlcoihbjcmibbfkocmnaiacinp [2016-09-09]
    CHR Extension: (Google Docs Offline) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-09]
    CHR Extension: (AdBlock) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-09-09]
    CHR Extension: (Google Calendar (by Google)) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2016-09-09]
    CHR Extension: (Avast Online Security) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-09-09]
    CHR Extension: (Super Simple Highlighter) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlhjgianpocpoppaiihmlpgcoehlhio [2016-09-09]
    CHR Extension: (Checker Plus for Google Calendar™) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkhggnncdpfibdhinjiegagmopldibha [2016-09-12]
    CHR Extension: (Google Keep - notes and lists) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2016-09-13]
    CHR Extension: (Apps Launcher) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijmgkhchjindcjamnckoiahagecjnkdc [2016-09-14]
    CHR Extension: (Spreed - speed read the web) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipikiaejjblmdopojhpejjmbedhlibno [2016-09-09]
    CHR Extension: (Simple Notepad) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfjclcfpbfhdmikhohhjacgdmndneckj [2016-09-09]
    CHR Extension: (BugMeNot Lite) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\lackfehpdclhclidcbbfcemcpolgdgnb [2016-09-09]
    CHR Extension: (Progress Bar Timer) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmnlbapfmmoaehepmgbkgfcgpddlhbko [2016-09-09]
    CHR Extension: (Pocket) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2016-09-10]
    CHR Extension: (Prioritab) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\napbejkndjhcciibiglkimmgdlfjcbnp [2016-09-09]
    CHR Extension: (IDM Integration Module) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-09-09]
    CHR Extension: (Save to Pocket) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2016-09-09]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-09]
    CHR Extension: (Citavi Picker) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgndokldibnndfnjnagojmheejlengn [2016-09-09]
    CHR Extension: (Readability) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\oknpjjbmpnndlpmnhmekjpocelpnlfdi [2016-09-09]
    CHR Extension: (Freelancy Time Tracker) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\olkajbcicgbkoefeclmjjbdhidnnmgkh [2016-09-09]
    CHR Extension: (Browsec VPN - Privacy and Security Online) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\omghfjlpggmjjaagoclmmobgdodcjboh [2016-09-09]
    CHR Extension: (SiteBlock) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfglnpdpgmecffbejlfgpnebopinlclj [2016-09-09]
    CHR Extension: (Gmail) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-09]
    CHR Extension: (Chrome Media Router) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-09]
    CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]
    CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2016-06-09]
    CHR HKLM\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn] - hxxps://clients2.google.com/service/update2/crx
    
    
    ==================== Services (Whitelisted) ========================
    
    
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    
    
    R2 AsHidService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe [103224 2013-09-09] (ASUSTek Computer Inc.)
    R2 ASLDRService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe [115512 2014-02-18] (ASUSTek Computer Inc.)
    R2 Asus WebStorage Windows Service; C:\Program Files\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe [71680 2014-02-25] (ASUS Cloud Corporation) [File not signed]
    R2 ATKGFNEXSrv; C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2011-11-22] (ASUS)
    S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-01] (AVAST Software)
    S2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [1677016 2014-08-07] (Broadcom Corporation.)
    S3 cphs; C:\WINDOWS\system32\IntelCpHeciSvc.exe [277304 2014-02-11] (Intel Corporation)
    S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-07-15] (Dropbox, Inc.)
    S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-07-15] (Dropbox, Inc.)
    R2 DptfParticipantProcessorService; C:\WINDOWS\system32\DptfParticipantProcessorService.exe [83920 2014-01-22] (Intel Corporation)
    R2 DptfPolicyCriticalService; C:\WINDOWS\system32\DptfPolicyCriticalService.exe [96720 2014-01-22] (Intel Corporation)
    R2 DptfPolicyLpmService; C:\WINDOWS\system32\DptfPolicyLpmService.exe [90576 2014-01-22] (Intel Corporation)
    R2 FoxitReaderService; C:\Program Files\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1647808 2016-06-21] (Foxit Software Inc.)
    R2 hasplms; C:\WINDOWS\system32\hasplms.exe [4609928 2013-08-01] (SafeNet Inc.)
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [586752 2013-07-02] (Intel(R) Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [637912 2013-07-02] (Intel(R) Corporation)
    R2 jhi_service; C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe [168216 2014-01-15] (Intel Corporation)
    S3 Lenovo EasyPlus Hotspot; C:\Program Files\Common Files\LENOVO\easyplussdk\bin\EPHotspot.exe [509424 2015-06-08] (Lenovo)
    R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [154256 2016-06-15] (Sandboxie Holdings, LLC)
    R2 Service KMSELDI; d:\Program Files\KMSpico\Service_KMS.exe [739520 2015-09-27] (@ByELDI) [File not signed]
    S3 ShareItSvc; D:\Program Files\SHAREit\Shareit.Service.exe [31704 2016-03-31] (SHAREit Technologies Co.Ltd)
    R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [7248144 2016-08-09] (TeamViewer GmbH)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [284520 2015-07-07] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22224 2015-07-07] (Microsoft Corporation)
    
    
    ===================== Drivers (Whitelisted) ==========================
    
    
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    
    
    R2 aksfridge; C:\WINDOWS\system32\drivers\aksfridge.sys [376200 2013-08-01] (SafeNet Inc.)
    R2 ASMMAP; C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys [13880 2009-07-03] (ASUS)
    R3 AsusHID; C:\WINDOWS\System32\drivers\AsusHID.sys [68888 2014-04-09] (ASUS Corporation)
    S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [34008 2016-09-01] (AVAST Software)
    R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [35096 2016-09-01] (AVAST Software)
    R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [92256 2016-09-01] (AVAST Software)
    R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [91232 2016-09-01] (AVAST Software)
    R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [60424 2016-09-01] (AVAST Software)
    R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [735488 2016-09-13] (AVAST Software)
    R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [434144 2016-09-01] (AVAST Software)
    S2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [118664 2016-09-01] (AVAST Software)
    R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [224616 2016-09-01] (AVAST Software)
    R1 ATKWMIACPIIO; C:\Program Files\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi.sys [17720 2013-07-03] (ASUSTek Computer Inc.)
    S3 AX88772; C:\WINDOWS\system32\DRIVERS\ax88772.sys [97896 2013-07-18] (ASIX Electronics Corp.)
    R3 BCMSDH43XX; C:\WINDOWS\system32\DRIVERS\bcmdhd63.sys [304344 2014-08-07] (Broadcom Corp)
    R3 BthMini; C:\WINDOWS\System32\Drivers\BTHMINI.sys [23552 2014-10-29] (Microsoft Corporation)
    S3 btwampfl; C:\WINDOWS\system32\DRIVERS\btwampfl.sys [144600 2014-08-07] (Broadcom Corporation.)
    R3 BtwSerialBus; C:\WINDOWS\system32\DRIVERS\BtwSerialBus.sys [130776 2014-08-07] (Broadcom Corporation.)
    R3 camera; C:\WINDOWS\system32\DRIVERS\camera.sys [345088 2013-12-02] (Intel Corporation)
    R3 CM3218x; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [188416 2014-05-31] (Microsoft Corporation)
    R3 CPLMACPI; C:\WINDOWS\system32\DRIVERS\CPLMACPI.sys [16488 2013-09-06] (Capella Microsystems, Inc.)
    R3 DptfDevDBPT; C:\WINDOWS\system32\DRIVERS\DptfDevPower.sys [25552 2014-01-22] (Intel Corporation)
    R3 DptfDevDisplay; C:\WINDOWS\system32\DRIVERS\DptfDevDisplay.sys [28112 2014-01-22] (Intel Corporation)
    R3 DptfDevGen; C:\WINDOWS\system32\DRIVERS\DptfDevGen.sys [36304 2014-01-22] (Intel Corporation)
    R3 DptfDevProc; C:\WINDOWS\system32\DRIVERS\DptfDevProc.sys [80848 2014-01-22] (Intel Corporation)
    R3 DptfManager; C:\WINDOWS\system32\DRIVERS\DptfManager.sys [181712 2014-01-22] (Intel Corporation)
    R3 GPIO; C:\WINDOWS\System32\drivers\iaiogpioe.sys [23552 2013-12-30] (Intel Corporation)
    R3 GpioVirtual; C:\WINDOWS\System32\drivers\iaiogpiovirtual.sys [16896 2013-12-30] (Intel Corporation)
    R2 hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [608648 2013-08-01] (SafeNet Inc.)
    R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsHIDSwitch.sys [17720 2013-10-08] (ASUS)
    S1 hwinterface; C:\WINDOWS\System32\Drivers\hwinterface.sys [3026 2016-08-07] (Logix4u) [File not signed]
    R3 iaioi2c; C:\WINDOWS\System32\drivers\iaioi2ce.sys [58368 2013-11-15] (Intel Corporation)
    R3 iaiouart; C:\WINDOWS\System32\drivers\iaiouart.sys [87552 2013-12-30] (Intel Corporation)
    S0 iaStorA; C:\WINDOWS\System32\drivers\iaStorA.sys [489832 2013-12-16] (Intel Corporation)
    R2 inpout32; C:\WINDOWS\System32\Drivers\inpout32.sys [11936 2016-08-05] (Highresolution Enterprises [www.highrez.co.uk])
    S3 intaud_WaveExtensible; C:\WINDOWS\system32\drivers\intelaud.sys [32664 2014-01-23] (Intel Corporation)
    R3 IntelSST; C:\WINDOWS\system32\drivers\isstrtc.sys [254464 2013-12-30] (Intel(R) Corporation)
    R3 INVN_MotionApps; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [188416 2014-05-31] (Microsoft Corporation)
    R3 iwdbus; C:\WINDOWS\System32\drivers\iwdbus.sys [23448 2014-01-23] (Intel Corporation)
    R0 MBI; C:\WINDOWS\System32\drivers\MBI.sys [21456 2013-12-30] (Intel Corporation)
    R3 MT9M114; C:\WINDOWS\System32\drivers\MT9M114.sys [38912 2013-12-02] (Intel Corporation)
    S3 NETwNs32; C:\WINDOWS\system32\DRIVERS\Netwsn00.sys [10372096 2013-06-18] (Intel Corporation)
    R3 PMIC; C:\WINDOWS\System32\drivers\PMIC.sys [48128 2013-12-30] (Intel Corporation)
    R3 rtii2sac; C:\WINDOWS\system32\DRIVERS\rtii2sac.sys [169176 2014-03-14] (Realtek Semiconductor Corp.)
    R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [177296 2016-06-15] (Sandboxie Holdings, LLC)
    R3 SensorsServiceDriver; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [188416 2014-05-31] (Microsoft Corporation)
    R3 teamviewervpn; C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys [25088 2016-07-05] (TeamViewer GmbH)
    R3 TXEI; C:\WINDOWS\System32\drivers\TXEI.sys [75792 2014-02-26] (Intel Corporation)
    S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [38928 2015-07-07] (Microsoft Corporation)
    S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [233304 2015-07-07] (Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [84824 2015-07-07] (Microsoft Corporation)
    U0 msahci; no ImagePath
    
    
    ==================== NetSvcs (Whitelisted) ===================
    
    
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    
    
    
    
    ==================== One Month Created files and folders ========
    
    
    (If an entry is included in the fixlist, the file/folder will be moved.)
    
    
    2016-09-15 17:56 - 2016-09-15 17:56 - 00031615 _____ C:\Users\john\Desktop\FRST.txt
    2016-09-15 17:55 - 2016-09-15 17:55 - 01748992 _____ (Farbar) C:\Users\john\Desktop\FRST.exe
    2016-09-15 17:55 - 2016-09-15 17:55 - 00000000 ____D C:\Users\john\Desktop\FRST-OlderVersion
    2016-09-15 17:51 - 2016-09-15 17:53 - 00031686 _____ C:\Users\john\Desktop\reg.txt
    2016-09-15 17:51 - 2016-09-08 23:48 - 00278831 _____ C:\Users\john\Desktop\wireless.exe
    2016-09-15 17:49 - 2016-09-15 17:49 - 00035851 _____ C:\Users\john\Desktop\MTB.txt
    2016-09-15 17:36 - 2016-09-15 17:36 - 03861056 _____ C:\Users\john\Desktop\adwcleaner_6.020.exe
    2016-09-15 15:01 - 2014-04-14 07:07 - 00865280 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
    2016-09-15 14:29 - 2014-08-16 07:46 - 01205976 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
    2016-09-15 14:29 - 2014-08-16 05:13 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
    2016-09-15 14:29 - 2014-08-16 05:01 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll
    2016-09-15 14:29 - 2014-08-16 04:51 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcsvDevice.dll
    2016-09-15 14:29 - 2014-08-16 04:45 - 00586752 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
    2016-09-15 14:29 - 2014-08-16 04:44 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
    2016-09-15 14:29 - 2014-08-16 04:43 - 05902848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
    2016-09-15 14:29 - 2014-08-16 04:43 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
    2016-09-15 14:29 - 2014-08-16 04:41 - 03985408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
    2016-09-15 14:29 - 2014-08-16 04:35 - 00877056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
    2016-09-15 14:29 - 2014-07-24 15:12 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
    2016-09-15 14:03 - 2014-05-19 10:03 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvcfg.exe
    2016-09-15 14:03 - 2014-05-19 09:53 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe
    2016-09-15 13:33 - 2016-08-13 12:15 - 05761880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2016-09-15 13:33 - 2016-08-13 12:14 - 01471544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2016-09-15 13:33 - 2016-08-13 12:14 - 01395664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2016-09-15 13:33 - 2016-08-13 12:14 - 01284576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
    2016-09-15 13:33 - 2016-08-13 12:14 - 01271152 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
    2016-09-15 13:33 - 2016-08-13 12:14 - 01173016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
    2016-09-15 13:33 - 2016-08-13 02:49 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
    2016-09-15 13:33 - 2014-04-11 12:55 - 00419928 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
    2016-09-15 12:42 - 2014-04-18 18:13 - 00031064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll
    2016-09-15 12:42 - 2014-04-18 13:21 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\energyprov.dll
    2016-09-15 12:42 - 2014-04-14 12:31 - 00285144 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
    2016-09-15 12:42 - 2014-04-11 08:53 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
    2016-09-15 12:42 - 2014-04-11 07:57 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
    2016-09-15 12:42 - 2014-04-09 10:14 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll
    2016-09-15 12:42 - 2014-04-06 19:53 - 00098584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
    2016-09-15 12:42 - 2014-04-06 19:52 - 00178184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
    2016-09-15 12:42 - 2014-04-06 19:48 - 00271192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
    2016-09-15 12:42 - 2014-04-06 19:46 - 01209616 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
    2016-09-15 12:42 - 2014-04-06 19:46 - 01159520 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
    2016-09-15 12:42 - 2014-04-06 19:46 - 00707048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
    2016-09-15 12:42 - 2014-04-06 19:46 - 00669856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
    2016-09-15 12:42 - 2014-04-06 19:46 - 00518544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
    2016-09-15 12:42 - 2014-04-06 16:36 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\srclient.dll
    2016-09-15 12:42 - 2014-04-06 16:30 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
    2016-09-15 12:42 - 2014-04-06 16:17 - 00264704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
    2016-09-15 12:42 - 2014-04-06 16:10 - 00245248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe
    2016-09-15 12:42 - 2014-04-06 15:28 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
    2016-09-15 12:42 - 2014-04-06 15:07 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
    2016-09-15 12:42 - 2014-04-06 15:06 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
    2016-09-15 12:42 - 2014-04-06 14:29 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
    2016-09-15 12:42 - 2014-04-03 08:33 - 00230808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
    2016-09-15 12:42 - 2014-04-03 06:53 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\tlscsp.dll
    2016-09-15 12:42 - 2014-03-27 09:18 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
    2016-09-15 12:42 - 2014-03-27 08:49 - 00313344 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
    2016-09-15 12:42 - 2014-03-27 07:52 - 00244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
    2016-09-15 12:42 - 2014-03-27 07:33 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll
    2016-09-15 12:42 - 2014-03-19 11:47 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll
    2016-09-15 12:42 - 2014-03-19 11:39 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
    2016-09-15 12:42 - 2014-03-19 09:30 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
    2016-09-15 12:42 - 2014-03-19 09:21 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
    2016-09-15 12:42 - 2014-03-19 09:17 - 01309184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
    2016-09-15 12:42 - 2014-03-18 11:52 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
    2016-09-15 12:42 - 2014-03-17 08:41 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
    2016-09-15 12:42 - 2014-03-17 07:15 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
    2016-09-15 12:41 - 2014-07-15 21:37 - 02257584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
    2016-09-15 12:41 - 2014-07-15 12:33 - 02344448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
    2016-09-15 12:41 - 2014-07-15 12:25 - 02045440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll
    2016-09-15 12:41 - 2014-05-01 15:30 - 00046512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wpcfltr.sys
    2016-09-15 12:17 - 2016-08-21 03:21 - 01118720 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2016-09-15 12:17 - 2016-08-21 03:20 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
    2016-09-15 12:17 - 2016-08-14 22:44 - 01403320 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
    2016-09-15 12:17 - 2016-08-14 21:52 - 03475968 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
    2016-09-15 12:15 - 2014-05-13 09:51 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\BulkOperationHost.exe
    2016-09-15 12:15 - 2014-05-13 08:13 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
    2016-09-15 12:15 - 2014-05-03 09:27 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
    2016-09-15 12:15 - 2014-05-03 09:16 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncobjapi.dll
    2016-09-15 12:15 - 2014-05-03 09:07 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedynos.dll
    2016-09-15 12:15 - 2014-05-03 09:07 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedyn.dll
    2016-09-15 12:15 - 2014-04-30 10:02 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwififlt.sys
    2016-09-15 12:15 - 2014-04-30 09:59 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
    2016-09-15 12:15 - 2014-04-30 09:18 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
    2016-09-15 12:15 - 2014-04-30 08:16 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
    2016-09-15 12:15 - 2014-04-30 08:16 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
    2016-09-15 12:15 - 2014-04-30 08:16 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll
    2016-09-15 12:15 - 2014-04-30 08:15 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll
    2016-09-15 12:15 - 2014-04-30 07:45 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
    2016-09-15 12:15 - 2014-04-14 12:38 - 01797896 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
    2016-09-15 12:15 - 2014-04-14 09:48 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d8thk.dll
    2016-09-15 11:49 - 2014-08-23 10:02 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
    2016-09-15 11:49 - 2014-08-23 08:32 - 00612352 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
    2016-09-15 11:47 - 2016-09-15 11:47 - 00914104 _____ C:\Users\john\Desktop\The Art of Forgetting.pdf
    2016-09-15 11:41 - 2016-09-15 14:25 - 00010033 _____ C:\Users\john\Desktop\Book of all to do.xlsx
    2016-09-15 11:37 - 2014-07-12 08:13 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
    2016-09-15 11:36 - 2016-08-21 03:35 - 05273600 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll
    2016-09-15 11:36 - 2016-08-21 02:57 - 05268480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
    2016-09-15 11:31 - 2016-09-01 07:38 - 20312064 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2016-09-15 11:31 - 2016-09-01 07:16 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2016-09-15 11:31 - 2016-09-01 06:54 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2016-09-15 11:31 - 2016-09-01 06:09 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
    2016-09-15 11:31 - 2016-09-01 06:00 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2016-09-15 11:31 - 2016-09-01 05:57 - 13808128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2016-09-15 11:31 - 2016-09-01 05:54 - 04607488 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2016-09-15 11:31 - 2016-09-01 05:13 - 02445824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2016-09-15 11:31 - 2016-09-01 05:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
    2016-09-15 11:31 - 2016-09-01 05:08 - 01316352 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2016-09-15 11:31 - 2016-08-26 09:14 - 02286592 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2016-09-15 11:31 - 2016-08-26 08:30 - 01049600 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
    2016-09-15 11:22 - 2016-08-10 03:17 - 00611576 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
    2016-09-15 11:20 - 2016-09-09 02:21 - 00332632 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
    2016-09-15 11:20 - 2016-08-22 20:39 - 00136872 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
    2016-09-15 11:20 - 2016-08-22 20:39 - 00077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
    2016-09-15 11:20 - 2016-08-21 04:31 - 00153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
    2016-09-15 11:20 - 2016-08-21 04:30 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
    2016-09-15 11:20 - 2016-08-21 04:29 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
    2016-09-14 10:36 - 2016-09-14 11:49 - 00001614 _____ C:\Users\john\Downloads\dcopycopy.m
    2016-09-11 22:43 - 2016-09-11 22:43 - 00000000 _____ C:\WINDOWS\system32\last.dump
    2016-09-10 23:15 - 2016-09-03 22:18 - 00143995 _____ C:\Users\john\Downloads\d - Copy - Copy.mat
    2016-09-10 23:15 - 2016-09-03 22:18 - 00143995 _____ C:\Users\john\Downloads\d - Copy - Copy (3).mat
    2016-09-10 23:15 - 2016-09-03 22:18 - 00143995 _____ C:\Users\john\Downloads\d - Copy - Copy (2).mat
    2016-09-10 14:02 - 2016-09-10 14:02 - 00000000 ____D C:\Users\Guest\AppData\Local\VirtualStore
    2016-09-09 12:48 - 2016-09-09 12:48 - 00000000 ____D C:\ProgramData\IDM
    2016-09-09 00:40 - 2016-09-09 00:01 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
    2016-09-09 00:01 - 2016-09-09 00:33 - 00000000 ____D C:\zoek_backup
    2016-09-08 23:54 - 2016-09-15 17:56 - 00000000 ____D C:\FRST
    2016-09-08 23:38 - 2016-09-08 23:38 - 00000000 ____D C:\ProgramData\Blio
    2016-09-08 23:37 - 2016-09-08 23:37 - 00001706 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Blio eBooks.lnk
    2016-09-08 23:37 - 2016-09-08 23:37 - 00000000 ____D C:\Users\john\AppData\Roaming\Blio
    2016-09-08 23:37 - 2016-09-08 23:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-NFB Reading Technology
    2016-09-08 23:36 - 2016-09-15 17:41 - 00000000 ____D C:\AdwCleaner
    2016-09-08 23:34 - 2016-09-08 23:34 - 00892416 _____ (Farbar) C:\Users\john\Desktop\MiniToolBox.exe
    2016-09-08 19:31 - 2016-09-08 19:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\UnCleaner
    2016-09-08 19:31 - 2016-09-08 19:31 - 00000000 ____D C:\Program Files\UnCleaner
    2016-09-08 16:42 - 2016-09-08 16:43 - 01584719 _____ C:\Users\john\Downloads\butterfly-wallpaper.jpeg
    2016-09-08 16:14 - 2016-09-08 16:14 - 00773572 _____ (Soft98.iR) C:\Users\john\Downloads\Unconfirmed 993990.crdownload
    2016-09-05 15:51 - 2016-09-05 16:03 - 00000000 ____D C:\Users\john\Desktop\New folder
    2016-09-05 11:33 - 2016-09-15 17:33 - 00000560 _____ C:\WINDOWS\Tasks\MATLAB R2014a Startup Accelerator.job
    2016-09-05 11:33 - 2016-09-05 11:33 - 00000906 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MATLAB R2014a.lnk
    2016-09-05 11:33 - 2016-09-05 11:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MATLAB
    2016-09-05 11:33 - 2016-09-05 11:33 - 00000000 ____D C:\ProgramData\MathWorks
    2016-09-05 10:47 - 2016-09-11 16:25 - 00000000 ____D C:\Users\john\AppData\Roaming\Psiphon3
    2016-09-04 00:04 - 2016-09-04 00:10 - 00000000 ____D C:\Users\john\Downloads\Video
    2016-09-03 22:21 - 2016-09-03 22:18 - 00143995 _____ C:\Users\john\Downloads\d2.mat
    2016-09-03 22:21 - 2016-09-03 22:18 - 00143995 _____ C:\Users\john\Downloads\d - Copy.mat
    2016-09-03 22:18 - 2016-09-03 22:18 - 00143995 _____ C:\Users\john\Downloads\d.mat
    2016-09-03 02:25 - 2016-09-03 02:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
    2016-09-02 21:42 - 2016-09-02 21:43 - 00148586 _____ C:\Users\john\Documents\Picasa.pdf
    2016-09-02 21:41 - 2016-09-13 22:18 - 00000000 ____D C:\Users\john\Downloads\Telegram Desktop
    2016-09-02 20:41 - 2016-09-02 20:41 - 00001142 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
    2016-09-02 15:09 - 2016-09-14 14:18 - 00000000 ____D C:\Users\john\Downloads\Compressed
    2016-09-01 22:58 - 2016-09-01 22:58 - 01623442 _____ C:\Users\john\Documents\fatemehID.pdf
    2016-09-01 22:16 - 2016-09-01 22:15 - 00319760 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
    2016-09-01 22:15 - 2016-09-01 22:15 - 00053208 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
    2016-08-29 23:32 - 2016-08-29 23:32 - 00000000 ____D C:\Users\john\AppData\Roaming\Canon
    2016-08-29 23:05 - 2016-08-29 23:05 - 00000000 ___HD C:\WINDOWS\system32\CanonMF Uninstaller Information
    2016-08-29 23:05 - 2016-08-29 23:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon
    2016-08-29 23:05 - 2014-03-04 10:50 - 00338944 _____ (CANON INC.) C:\WINDOWS\system32\CNCC210.DLL
    2016-08-29 23:05 - 2014-03-04 10:50 - 00138240 _____ (CANON INC.) C:\WINDOWS\system32\CNCE210.DLL
    2016-08-29 23:05 - 2014-03-04 10:50 - 00112640 _____ (CANON INC.) C:\WINDOWS\system32\CNCL210.DLL
    2016-08-29 23:05 - 2014-03-04 10:50 - 00112128 _____ (CANON INC.) C:\WINDOWS\system32\CNCLSD48b.DLL
    2016-08-29 23:05 - 2014-03-04 10:50 - 00100352 _____ (CANON INC.) C:\WINDOWS\system32\CNCLSI48b.DLL
    2016-08-29 23:05 - 2014-03-04 10:50 - 00090624 _____ (CANON INC.) C:\WINDOWS\system32\CNCLST48b.DLL
    2016-08-29 23:05 - 2014-03-04 10:50 - 00082432 _____ (CANON INC.) C:\WINDOWS\system32\CNCI210.DLL
    2016-08-29 23:05 - 2014-03-04 10:50 - 00073728 _____ (CANON INC.) C:\WINDOWS\system32\CNCLSC48b.DLL
    2016-08-29 23:05 - 2014-03-04 10:50 - 00066560 _____ (CANON INC.) C:\WINDOWS\system32\CNCLSU48b.DLL
    2016-08-29 23:05 - 2014-02-03 19:19 - 00000431 _____ C:\WINDOWS\system32\CNCMFP48.INI
    2016-08-29 23:04 - 2016-08-29 23:04 - 00000000 ____D C:\Program Files\Canon
    2016-08-29 22:16 - 2016-08-29 22:16 - 00000341 _____ C:\Users\john\Desktop\fg.ini
    2016-08-29 19:36 - 2016-08-29 19:36 - 00000948 _____ C:\Users\john\Desktop\Folders - Shortcut.lnk
    2016-08-29 19:31 - 2016-08-29 19:31 - 00000980 _____ C:\Users\john\Desktop\fg759p - Shortcut.lnk
    2016-08-29 19:30 - 2016-09-15 17:36 - 00000000 ___RD C:\Users\john\Desktop\Shortcuts
    2016-08-29 11:26 - 2016-08-29 11:26 - 00000000 ____D C:\Users\john\AppData\Local\Chromium
    2016-08-29 11:11 - 2016-08-29 11:11 - 00000000 ____D C:\Users\john\AppData\Local\IsolatedStorage
    2016-08-29 11:09 - 2016-09-15 02:01 - 00000000 ____D C:\Users\john\Documents\Blio
    2016-08-29 10:59 - 2016-08-29 10:59 - 00000000 ____D C:\Users\Public\Blio
    2016-08-29 10:52 - 2016-08-29 10:52 - 00000000 ____D C:\Users\john\Documents\My Digital Editions
    2016-08-22 11:43 - 2016-08-22 23:18 - 00000006 _____ C:\Users\john\AppData\Roaming\SmartDiarySuite.dic-sds
    2016-08-22 11:42 - 2016-08-22 11:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Diary Suite 4
    2016-08-21 20:06 - 2016-08-21 20:06 - 00000000 ____D C:\Users\john\AppData\Local\Doist_Ltd
    2016-08-21 20:05 - 2016-08-21 20:05 - 00000000 ____D C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Todoist
    2016-08-21 20:05 - 2016-08-21 20:05 - 00000000 ____D C:\Users\john\AppData\Local\Todoist
    2016-08-20 13:31 - 2016-08-20 13:31 - 00012362 ____H C:\Users\john\Desktop\~WRL0005.tmp
    2016-08-20 12:14 - 2016-08-20 12:14 - 00001041 _____ C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Temp File Cleaner.lnk
    2016-08-20 12:14 - 2016-08-20 12:14 - 00000000 ____D C:\Users\john\AppData\Roaming\addpcs
    2016-08-20 12:14 - 2016-08-20 12:14 - 00000000 ____D C:\Program Files\Temp File Cleaner
    2016-08-18 16:49 - 2016-08-18 16:49 - 00000728 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anki.lnk
    2016-08-18 16:49 - 2016-08-18 16:49 - 00000716 _____ C:\Users\Guest\Desktop\Anki.lnk
    2016-08-18 16:49 - 2016-08-18 16:49 - 00000716 _____ C:\Users\Administrator\Desktop\Anki.lnk
    2016-08-18 16:49 - 2016-08-18 16:49 - 00000000 ____D C:\Program Files\Anki
    2016-08-17 10:53 - 2016-09-05 11:37 - 00000000 ____D C:\Users\john\AppData\Local\MathWorks
    2016-08-17 10:53 - 2016-08-17 10:53 - 00000000 ____D C:\Users\john\AppData\Roaming\Subversion
    2016-08-17 10:47 - 2016-08-17 10:47 - 00000000 ____D C:\Users\john\AppData\Roaming\MathWorks
    2016-08-17 08:52 - 2016-08-17 08:52 - 00000000 ____D C:\Users\john\AppData\Local\VS Revo Group
    2016-08-17 08:52 - 2016-08-17 08:52 - 00000000 ____D C:\ProgramData\VS Revo Group
    2016-08-17 08:52 - 2016-08-17 08:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
    2016-08-17 08:52 - 2009-12-30 10:21 - 00027192 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys
    2016-08-16 20:37 - 2004-09-06 09:05 - 00645120 _____ C:\WINDOWS\system32\config.gms
    
    
    ==================== One Month Modified files and folders ========
    
    
    (If an entry is included in the fixlist, the file/folder will be moved.)
    
    
    2016-09-15 17:56 - 2013-08-22 12:35 - 00000000 ____D C:\WINDOWS\CbsTemp
    2016-09-15 17:54 - 2016-07-15 15:49 - 00000908 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
    2016-09-15 17:37 - 2014-04-11 07:13 - 00799478 _____ C:\WINDOWS\system32\prfh0816.dat
    2016-09-15 17:37 - 2014-04-11 07:13 - 00164812 _____ C:\WINDOWS\system32\prfc0816.dat
    2016-09-15 17:37 - 2014-03-18 12:31 - 01816356 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2016-09-15 17:37 - 2013-08-22 10:51 - 00000000 ____D C:\WINDOWS\inf
    2016-09-15 17:36 - 2016-07-15 15:30 - 00000000 ____D C:\Users\john\AppData\Roaming\IDM
    2016-09-15 17:34 - 2016-02-07 03:01 - 00000000 ____D C:\Users\john\Documents\Anki
    2016-09-15 17:33 - 2016-02-07 03:15 - 00000000 ___RD C:\Users\john\Dropbox
    2016-09-15 17:32 - 2016-07-15 15:49 - 00000904 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
    2016-09-15 17:32 - 2016-07-10 02:11 - 00000906 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2016-09-15 17:32 - 2016-02-07 02:51 - 00000000 __RDO C:\Users\john\OneDrive
    2016-09-15 17:30 - 2013-08-22 11:53 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2016-09-15 17:29 - 2013-08-22 10:43 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
    2016-09-15 17:27 - 2013-08-22 11:52 - 00362144 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2016-09-15 17:24 - 2013-08-22 12:47 - 00000000 ____D C:\WINDOWS\MediaViewer
    2016-09-15 17:24 - 2013-08-22 12:47 - 00000000 ____D C:\WINDOWS\FileManager
    2016-09-15 17:24 - 2013-08-22 12:47 - 00000000 ____D C:\WINDOWS\Camera
    2016-09-15 17:24 - 2013-08-22 10:51 - 00000000 ____D C:\WINDOWS\system32\oobe
    2016-09-15 17:23 - 2016-07-10 04:06 - 00000000 ____C C:\WINDOWS\system32\MRT.exe
    2016-09-15 17:22 - 2016-07-10 02:11 - 00000910 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2016-09-15 15:11 - 2013-08-22 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
    2016-09-15 14:50 - 2013-08-22 12:47 - 00000000 ___RD C:\WINDOWS\ToastData
    2016-09-15 14:32 - 2016-08-06 10:57 - 00000000 ____D C:\Users\john\AppData\Roaming\GoldenDict
    2016-09-15 14:32 - 2016-07-10 02:13 - 00000000 ____D C:\Users\john\AppData\Roaming\Everything
    2016-09-15 11:46 - 2016-07-10 02:34 - 00000000 ____D C:\ProgramData\Foxit Software
    2016-09-14 14:21 - 2016-07-15 15:30 - 00000000 ____D C:\Users\john\AppData\Roaming\DMCache
    2016-09-14 12:04 - 2016-07-15 15:19 - 00000000 ____D C:\Users\john\AppData\Roaming\Telegram Desktop
    2016-09-14 10:09 - 2016-04-17 06:25 - 00000000 ____D C:\Users\john\Documents\MATLAB
    2016-09-13 22:16 - 2016-07-10 03:20 - 00735488 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
    2016-09-13 22:14 - 2016-07-16 21:12 - 00000000 ____D C:\Users\john\AppData\Roaming\vlc
    2016-09-13 10:33 - 2016-02-18 20:33 - 00000000 ____D C:\Users\john\Documents\OneNote Notebooks
    2016-09-09 00:33 - 2016-08-07 19:02 - 00000000 ____D C:\Users\Guest\AppData\Local\Google
    2016-09-08 19:32 - 2016-07-17 12:13 - 00000000 ____D C:\WINDOWS\Downloaded Installations
    2016-09-08 19:32 - 2013-08-22 12:47 - 00000000 ____D C:\WINDOWS\system32\MsDtc
    2016-09-08 16:29 - 2016-07-15 15:20 - 00000000 ____D C:\Users\john\AppData\Roaming\TeamViewer
    2016-09-07 05:41 - 2016-07-10 10:45 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
    2016-09-07 05:41 - 2016-07-10 10:45 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
    2016-09-04 17:56 - 2016-02-07 02:22 - 00000000 ____D C:\Users\john\AppData\Local\Packages
    2016-09-03 02:25 - 2016-07-15 15:49 - 00000000 ____D C:\Program Files\Dropbox
    2016-09-02 20:15 - 2014-04-11 06:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
    2016-09-02 20:15 - 2014-04-11 06:40 - 00000000 ____D C:\Program Files\ASUS
    2016-09-01 22:15 - 2016-07-10 03:20 - 00434144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
    2016-09-01 22:15 - 2016-07-10 03:20 - 00224616 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
    2016-09-01 22:15 - 2016-07-10 03:20 - 00118664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
    2016-09-01 22:15 - 2016-07-10 03:20 - 00092256 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
    2016-09-01 22:15 - 2016-07-10 03:20 - 00091232 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
    2016-09-01 22:15 - 2016-07-10 03:20 - 00060424 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
    2016-09-01 22:15 - 2016-07-10 03:20 - 00035096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
    2016-09-01 22:15 - 2016-07-10 03:20 - 00034008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
    2016-08-29 23:15 - 2013-08-22 12:47 - 00000000 __RSD C:\WINDOWS\Media
    2016-08-29 11:13 - 2013-08-22 12:47 - 00000000 ____D C:\WINDOWS\system32\NDF
    2016-08-27 11:16 - 2016-02-08 13:43 - 00000000 ____D C:\Users\john\Documents\Custom Office Templates
    2016-08-27 08:27 - 2016-07-15 15:18 - 00000000 ____D C:\Users\john\AppData\Roaming\qBittorrent
    2016-08-24 11:40 - 2016-07-15 15:20 - 00000000 ____D C:\Program Files\TeamViewer
    2016-08-24 03:19 - 2016-07-10 04:06 - 00000000 ____D C:\WINDOWS\system32\MRT
    2016-08-22 20:55 - 2016-08-08 17:05 - 00002849 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
    2016-08-22 13:36 - 2016-07-07 14:55 - 00000000 ____D C:\Users\john
    2016-08-21 19:45 - 2016-07-10 03:08 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.1
    2016-08-18 16:04 - 2016-07-15 15:20 - 00000943 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
    
    
    ==================== Files in the root of some directories =======
    
    
    2016-08-22 11:43 - 2016-08-22 23:18 - 0000006 _____ () C:\Users\john\AppData\Roaming\SmartDiarySuite.dic-sds
    2016-08-07 10:54 - 2016-08-07 10:54 - 0004933 _____ () C:\ProgramData\pqoxeahx.aem
    2014-04-11 06:40 - 2012-07-30 10:33 - 0000217 _____ () C:\ProgramData\SetStretch.cmd
    2014-04-11 06:40 - 2009-07-22 14:34 - 0024576 _____ () C:\ProgramData\SetStretch.exe
    
    
    Some zero byte size files/folders:
    ==========================
    C:\Windows\System32\MRT.exe
    
    
    ==================== Bamital & volsnap =================
    
    
    (There is no automatic fix for files that do not pass verification.)
    
    
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
    
    
    
    
    LastRegBack: 2016-09-15 14:48
    
    
    ==================== End of FRST.txt ============================
    Last edited by Brink; 15 Sep 2016 at 22:16. Reason: code box
      My System SpecsSystem Spec

  7. #7


    Quote Originally Posted by samuria View Post
    Run first two scans PCHF System Scans post results
    Code:
    Addition (from FRST)
    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-09-2016
    Ran by john (15-09-2016 17:57:19)
    Running from C:\Users\john\Desktop
    Microsoft Windows 8.1 (Update) (X86) (2016-07-07 10:31:07)
    Boot Mode: Normal
    ==========================================================
    
    
    
    
    ==================== Accounts: =============================
    
    
    Administrator (S-1-5-21-1211984804-1430602019-1276967695-500 - Administrator - Disabled) => C:\Users\Administrator
    Guest (S-1-5-21-1211984804-1430602019-1276967695-501 - Limited - Enabled) => C:\Users\Guest
    HomeGroupUser$ (S-1-5-21-1211984804-1430602019-1276967695-1003 - Limited - Enabled)
    john (S-1-5-21-1211984804-1430602019-1276967695-1001 - Administrator - Enabled) => C:\Users\john
    
    
    ==================== Security Center ========================
    
    
    (If an entry is included in the fixlist, it will be removed.)
    
    
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: Avast Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Avast Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    
    
    ==================== Installed Programs ======================
    
    
    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
    
    
    Adobe Acrobat XI Pro (HKLM\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.00 - Adobe Systems)
    Anki (HKLM\...\Anki) (Version:  - )
    ANY-maze (HKLM\...\ANY-maze) (Version:  - Stoelting Co.)
    ASUS Live Update (HKLM\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.4.3 - ASUS)
    ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.3 - ASUS)
    ASUS Smart Gesture (HKLM\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.16 - ASUS)
    ATK Package (HKLM\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0033 - ASUS)
    Avast Free Antivirus (HKLM\...\Avast) (Version: 12.3.2280 - AVAST Software)
    Blio (HKLM\...\{7DBB61C8-34AD-4D60-BEE1-7F694B9A587A}) (Version: 3.1.9534 - K-NFB Reading Technology, Inc.)
    Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.93.99.187.1 - Broadcom Corporation)
    calibre (HKLM\...\{263E62B9-CB1E-4864-A8A7-37DEAC651484}) (Version: 2.63.0 - Kovid Goyal)
    Canon MF210 Series (HKLM\...\{14824AB4-17F5-4909-80AB-A7E24743A47C}) (Version: 4.5.0.0 - CANON INC.)
    Citavi 5 (HKLM\...\{7EB278FB-0C3C-445E-8665-4A6CDD9B794E}) (Version: 5.0.0.11 - Swiss Academic Software)
    Cyberoam General Authentication Client 2.1.2.7 (HKLM\...\{043251F4-DA3F-44E6-A903-0A9B9FB375B9}}_is1) (Version:  - Cyberoam Technologies Pvt. Ltd.)
    Dropbox (HKLM\...\Dropbox) (Version: 9.4.49 - Dropbox, Inc.)
    Dropbox Update Helper (Version: 1.3.45.1 - Dropbox, Inc.) Hidden
    ePub Converter v2.7.109.352 (HKLM\...\ePub Converter v2.7.109.3522.7.109.352) (Version: 2.7.109.352 - Friends in War)
    EthoVision XT 11 (HKLM\...\{6F1198E3-A40C-4C59-B2FC-9A430B36D9AD}) (Version: 11.0.928 - Noldus Information Technology bv)
    Everything 1.3.4.686 (x86) (HKLM\...\Everything) (Version:  - )
    Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 8.0.0.624 - Foxit Software Inc.)
    GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
    GoldenDict (HKLM\...\GoldenDict) (Version:  - )
    Google Chrome (HKLM\...\{FD78FCBB-B20E-370E-BA1C-FE6886D4214F}) (Version: 52.0.2743.116 - Google, Inc.)
    Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
    GraphPad Prism 6 (Trial) (HKLM\...\{E2D64D20-54B1-11E1-72AE-0169BBF12CD6}) (Version: 6.07 - GraphPad Software)
    Herramientas de corrección de Microsoft Office 2016: español (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
    Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3417 - Intel Corporation)
    Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
    Internet Download Manager (HKLM\...\Internet Download Manager) (Version:  - Tonec Inc.)
    KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version:  - )
    MATLAB R2014a (HKLM\...\Matlab R2014a) (Version: 8.3 - The MathWorks, Inc.)
    Metric Collection SDK 35 (Version: 1.2.0006.00 - Lenovo Group Limited) Hidden
    Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Preview Redistributable (x86) - 12.0.20617 (HKLM\...\{1f407217-9aec-4146-8504-e64ac959c534}) (Version: 12.0.20617.1 - Microsoft Corporation)
    Noldus HardwareInterface Iobox 3.0.12 (HKLM\...\{515A24CA-6F55-44F6-94F1-F39BA91DA19E}) (Version: 3.0.12 - Noldus Information Technology bv)
    Noldus HardwareInterface MiniIobox 3.0.16 (HKLM\...\{705C9773-3987-45C8-B326-BB8D911A571B}) (Version: 3.0.16 - Noldus Information Technology bv)
    Noldus MainConcept Codec Package 8.5 (HKLM\...\{5DA40F7A-56E2-4F77-B37C-5C8092BA249B}) (Version: 8.5.30 - Noldus Information Technology bv)
    Noldus MainConcept Encoder Package 7.5 (HKLM\...\{6DF93DFB-24DA-48F9-8C73-E3A35F79107E}) (Version: 7.5.4 - Noldus Information Technology bv)
    Noldus MediaLooks A/V Filters 3.2 (HKLM\...\{505F9AC2-C8AD-4E17-98AE-B5CF4D1F2D21}) (Version: 3.2.00 - Noldus Information Technology bv)
    Noldus RBRMInterface (HKLM\...\{EDB651A9-DB41-49D3-97BB-021C1F290839}) (Version: 1.0.8 - Noldus Information Technology bv)
    Noldus Resizer Filter 12.0.2 (HKLM\...\{53C62640-01F0-4A8D-9FD9-47D2EEB08945}) (Version: 12.0.2 - Noldus Information Technology bv)
    OpenControl - Tracking Only v1.2 (HKLM\...\OpenControl-TrackingOnly_is1) (Version:  - Paulo Aguiar paguiar@ibmc.up.pt)
    Outils de vérification linguistique 2016 de Microsoft Office - Français (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
    Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9.140.248 - Google, Inc.)
    qBittorrent 3.3.5 (HKLM\...\qBittorrent) (Version: 3.3.5 - The qBittorrent project)
    Realtek I2S Audio (HKLM\...\{89A448AA-3301-46AA-AFC3-34F2D7C670E8}) (Version: 6.2.9600.4087 - Realtek Semiconductor Corp.)
    Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
    Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
    SafeZone Stable 1.51.2220.53 (Version: 1.51.2220.53 - Avast Software) Hidden
    Sandboxie 5.12 (32-bit) (HKLM\...\Sandboxie) (Version: 5.12 - Sandboxie Holdings, LLC)
    Sentinel Runtime (HKLM\...\{2A414CBE-CDF3-48C6-A91B-D3D4522F8EB5}) (Version: 6.60.1.36770 - SafeNet Inc.)
    SHAREit (HKLM\...\SHAREit_is1) (Version: 3.3.0.1103 - Lenovo)
    Smart Diary Suite 4 (HKLM\...\{4E0B21EE-F414-412A-B916-19CBDEA5EF64}_is1) (Version:  - Programming Sunrise)
    Smart v3.0.05 (HKLM\...\{13782DCB-22E7-4F72-8BF9-4B059D8599EA}_is1) (Version: 3.0.5.2902 - Panlab Harvard Apparatus)
    SugarSync (HKLM\...\SugarSync) (Version: 3.7.2.7.144324 - SugarSync, Inc.)
    TeamViewer 11 (HKLM\...\TeamViewer) (Version: 11.0.64630 - TeamViewer)
    Telegram Desktop version 0.10.1 (HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 0.10.1 - Telegram Messenger LLP)
    Temp File Cleaner (HKLM\...\Temp File Cleaner) (Version: 4.4.0 - Addpcs, LLC)
    Todoist (HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\{B1B3C79A-FFD9-4B28-A456-62B6E55E2A5C}_is1) (Version: 2.7.6.0 - Doist Ltd.)
    UnCleaner (HKLM\...\UnCleaner) (Version: 1.7 - Josh Cell Softwares Corporation)
    Update for Skype for Business 2016 (KB3118288) 32-Bit Edition (HKLM\...\{90160000-0011-0000-0000-0000000FF1CE}_Office16.PROPLUS_{736AF69B-309B-4C1E-A1E7-202FF8CCA0CD}) (Version:  - Microsoft)
    Update for Skype for Business 2016 (KB3118288) 32-Bit Edition (HKLM\...\{90160000-012B-0409-0000-0000000FF1CE}_Office16.PROPLUS_{736AF69B-309B-4C1E-A1E7-202FF8CCA0CD}) (Version:  - Microsoft)
    VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
    WebStorage (HKLM\...\WebStorage) (Version: 2.1.2.301 - ASUS Cloud Corporation)
    WinDirStat 1.1.2 (HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\WinDirStat) (Version:  - )
    Windows 10 Upgrade Assistant (HKLM\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17332 - Microsoft Corporation)
    Windows Driver Package - ASUS (AsusHID) Mouse  (03/17/2014 3.0.0.27) (HKLM\...\A2E56402A9DA7D645E15F917A8AD8C50FDC80753) (Version: 03/17/2014 3.0.0.27 - ASUS)
    WinFlash (HKLM\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
    WinRAR 5.31 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
    Xilisoft PDF to EPUB Converter (HKLM\...\Xilisoft PDF to EPUB Converter) (Version: 1.0.1.0927 - Xilisoft)
    Xvid Video Codec (HKLM\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
    
    
    ==================== Custom CLSID (Whitelisted): ==========================
    
    
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    
    
    
    
    ==================== Scheduled Tasks (Whitelisted) =============
    
    
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    
    
    Task: {004EEE38-C96B-4042-864E-DDE62D721259} - System32\Tasks\Update Checker => C:\Program Files\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
    Task: {0990F565-119A-4A2C-B762-78C82CA95154} - System32\Tasks\MATLAB R2014a Startup Accelerator => e:\Program Files\MATLAB\R2014a\bin\win32\MATLABStartupAccelerator.exe [2014-01-29] ()
    Task: {2D23BF59-B5E6-4294-832C-1AE7252389B9} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2014-01-14] (ASUSTek Computer Inc.)
    Task: {313B6B8F-EC4D-4EEB-B0A9-C0E2998D5847} - \ASUS Patch for Touch Panel -> No File <==== ATTENTION
    Task: {5318C8C0-7823-4B2F-B271-D2CFCE3D45F6} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 35 => C:\Program Files\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe
    Task: {57876349-58E1-4042-BE9F-F9DF9B7A125A} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-07-15] (Dropbox, Inc.)
    Task: {6E795BEF-3F18-4D59-B526-8A7E1193B411} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-09-01] (AVAST Software)
    Task: {6F8BE5F2-4AB8-407A-BB58-8C3C6FF9E49E} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)
    Task: {81593B05-5E9A-444A-BB06-7A36B65B2C91} - System32\Tasks\ASUS Live Update1 => C:\Program Files\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
    Task: {83F42300-30C3-4F23-98AB-96AA04A9F01C} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPLauncher.exe [2014-04-09] (AsusTek)
    Task: {8687639D-93DD-494F-AE76-1922D6B6A23C} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-07-10] (AVAST Software)
    Task: {C1C9D87E-22F6-4B23-8929-DE23B74A1DA3} - System32\Tasks\SafeZone scheduled Autoupdate 1472832695 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-08-09] (Avast Software)
    Task: {D6EFF91B-908E-4AE1-BAC6-79B0610F168D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-07-10] (Google Inc.)
    Task: {E3555FF8-B04C-4D2C-ADC0-C52D617756F9} - System32\Tasks\ASUS Live Update2 => C:\Program Files\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
    Task: {F0FED4FB-582A-4548-B6CE-63C1258D7D8A} - System32\Tasks\AutoPico Daily Restart => d:\Program Files\KMSpico\AutoPico.exe [2015-09-27] (@ByELDI)
    Task: {F2179854-30CB-4504-900A-3B886F9401C6} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-07-15] (Dropbox, Inc.)
    Task: {F69F135A-1B72-4262-860F-D31950AFAD91} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-07-10] (Google Inc.)
    Task: {FAB49829-3EE7-4234-BE84-277862F2A57C} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
    
    
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
    
    
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\MATLAB R2014a Startup Accelerator.job => e:\Program Files\MATLAB\R2014a\bin\win32\MATLABStartupAccelerator.exe
    
    
    ==================== Shortcuts =============================
    
    
    (The entries could be listed to be restored or removed.)
    
    
    ShortcutWithArgument: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Freelancy Time Tracker.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=olkajbcicgbkoefeclmjjbdhidnnmgkh
    ShortcutWithArgument: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gliffy Diagrams.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=bhmicilclplefnflapjmnngmkkkkpfad
    ShortcutWithArgument: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Keep - notes and lists.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
    ShortcutWithArgument: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Pocket.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=mjcnijlhddpbdemagnpefmlkjdagkogk
    
    
    ==================== Loaded Modules (Whitelisted) ==============
    
    
    2016-07-15 15:21 - 2016-08-06 11:43 - 00019216 _____ () C:\WINDOWS\system32\spool\PRTPROCS\W32X86\TeamViewer_PrintProcessor.dll
    2016-07-10 03:19 - 2016-07-10 03:19 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2016-09-01 22:15 - 2016-09-01 22:15 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2016-09-01 22:15 - 2016-09-01 22:15 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
    2016-08-09 14:36 - 2016-08-03 04:54 - 01771336 _____ () C:\Program Files\Google\Chrome\Application\52.0.2743.116\libglesv2.dll
    2016-08-09 14:36 - 2016-08-03 04:53 - 00094024 _____ () C:\Program Files\Google\Chrome\Application\52.0.2743.116\libegl.dll
    
    
    ==================== Alternate Data Streams (Whitelisted) =========
    
    
    (If an entry is included in the fixlist, only the ADS will be removed.)
    
    
    
    
    ==================== Safe Mode (Whitelisted) ===================
    
    
    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
    
    
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
    
    
    ==================== Association (Whitelisted) ===============
    
    
    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)
    
    
    
    
    ==================== Internet Explorer trusted/restricted ===============
    
    
    (If an entry is included in the fixlist, it will be removed from the registry.)
    
    
    
    
    ==================== Hosts content: ===============================
    
    
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
    
    
    2013-08-22 10:43 - 2016-09-09 00:04 - 00000753 ____A C:\WINDOWS\system32\Drivers\etc\hosts
    
    
     
    127.0.0.1       localhost 
    
    
    ==================== Other Areas ============================
    
    
    (Currently there is no automatic fix for this section.)
    
    
    HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\asus\wallpapers\asus.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.
    
    
    ==================== MSCONFIG/TASK MANAGER disabled items ==
    
    
    (Currently there is no automatic fix for this section.)
    
    
    HKLM\...\StartupApproved\StartupFolder: => "Cyberoam General Authentication Client.lnk"
    HKLM\...\StartupApproved\Run: => "WebStorage"
    HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
    HKLM\...\StartupApproved\Run: => "Everything"
    HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_D08D85DCFC7DC1C74F7FE73786AFDD07"
    HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\StartupApproved\Run: => "IDMan"
    HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\StartupApproved\Run: => "SandboxieControl"
    HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\StartupApproved\Run: => "SugarSync"
    
    
    ==================== FirewallRules (Whitelisted) ===============
    
    
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    
    
    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [{9D61E6CB-5763-41DC-8C3F-B008269381A2}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe
    FirewallRules: [{BEFB68FE-2829-4C43-9389-4E28E4352F11}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe
    FirewallRules: [{1AFD70A4-6761-42EB-A1CE-0037C60A97AB}] => (Allow) C:\WINDOWS\system32\hasplms.exe
    FirewallRules: [{8122C688-943D-4E78-8DA2-81026A22E387}] => (Allow) D:\Program Files\SHAREit\SHAREit.exe
    FirewallRules: [{03D00B97-38FA-4CC9-AB46-137760E3C979}] => (Allow) D:\Program Files\SHAREit\SHAREit.exe
    FirewallRules: [{39CACE31-6E80-4BFD-9E17-C33167368718}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
    FirewallRules: [{E796579A-3C8D-4EDC-AC62-61A8CCD9B560}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
    FirewallRules: [{795B5D8D-CFEB-44A7-AA6C-B6A8E9FE4933}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{A8235268-B96A-46A5-BA60-A788E3C30341}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{C6293449-82E5-4ED1-BCCD-3C290B968B91}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
    FirewallRules: [{2CA38FD0-9E62-4844-AF73-F25513492427}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
    FirewallRules: [{B2CF45F7-7CD5-4F0F-B437-7F125D088AA8}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
    FirewallRules: [{145D4365-FDAD-4C2A-8F39-BE9EC439C178}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{E6B57682-B80E-471B-999B-C9F4F6006BEA}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{709C1F62-6910-44AF-9E5A-045C27239C6C}] => (Allow) C:\Program Files\Internet Download Manager\IDMan.exe
    FirewallRules: [{C0EB0285-0D4B-499C-9367-BA1D1D3ADC5E}] => (Allow) C:\Program Files\Internet Download Manager\IDMan.exe
    FirewallRules: [{E3CF7D3E-49DB-4099-908B-065F0DBBD1F8}] => (Allow) C:\Program Files\Internet Download Manager\IDMan.exe
    FirewallRules: [{E2136944-8C09-4054-BBE4-087976BABF17}] => (Allow) C:\Program Files\Internet Download Manager\IDMan.exe
    FirewallRules: [TCP Query User{DED73CCC-54EB-4DEA-94B1-BC0CE89C5CE6}C:\users\john\desktop\shortcuts\fg759p.exe] => (Allow) C:\users\john\desktop\shortcuts\fg759p.exe
    FirewallRules: [UDP Query User{2BD954D6-D8B6-4D6C-980A-0E4F566067F4}C:\users\john\desktop\shortcuts\fg759p.exe] => (Allow) C:\users\john\desktop\shortcuts\fg759p.exe
    FirewallRules: [{B6947C46-921D-4403-9484-3CC8BCC11180}] => (Allow) C:\Program Files\Dropbox\Client\Dropbox.exe
    FirewallRules: [{5A23F26C-C55E-441B-BA66-C3E34E196AB6}] => (Allow) LPort=1688
    FirewallRules: [{449AE8C3-1263-4C07-B028-0E0FD91066A2}] => (Allow) D:\Program Files\KMSpico\Service_KMS.exe
    FirewallRules: [{10FBAC06-9F86-476B-B9BC-D46E6E705000}] => (Allow) D:\Program Files\KMSpico\Service_KMS.exe
    
    
    ==================== Restore Points =========================
    
    
    
    
    ==================== Faulty Device Manager Devices =============
    
    
    
    
    ==================== Event log errors: =========================
    
    
    Application errors:
    ==================
    Error: (09/15/2016 05:37:00 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: chrome.exe, version: 52.0.2743.116, time stamp: 0x57a128a8
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x00000000
    Faulting process id: 0xd64
    Faulting application start time: 0x01d20f5170d1eb88
    Faulting application path: C:\Program Files\Google\Chrome\Application\chrome.exe
    Faulting module path: unknown
    Report Id: 491dbe13-7b45-11e6-9746-7824af713162
    Faulting package full name: 
    Faulting package-relative application ID:
    
    
    Error: (09/15/2016 05:32:43 PM) (Source: DptfPolicyLpmService) (EventID: 1) (User: )
    Description: Event-ID 1
    
    
    Error: (09/15/2016 05:22:53 PM) (Source: System Restore) (EventID: 8193) (User: )
    Description: Failed to create restore point (Process = C:\WINDOWS\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x8004231f).
    
    
    Error: (09/15/2016 03:11:23 PM) (Source: System Restore) (EventID: 8211) (User: )
    Description: The scheduled restore point could not be created.  Additional information: (0x80070070).
    
    
    Error: (09/15/2016 03:11:23 PM) (Source: System Restore) (EventID: 8193) (User: )
    Description: Failed to create restore point (Process = C:\WINDOWS\system32\srtasks.exe ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070070).
    
    
    Error: (09/15/2016 02:49:51 PM) (Source: VSS) (EventID: 12305) (User: )
    Description: Volume Shadow Copy Service error: Volume/disk not connected or not found.
    Error context: CreateFileW(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1,0xc0000000,0x00000003,...).
    
    
    
    
    Operation:
       Processing PostFinalCommitSnapshots
    
    
    Context:
       Execution Context: System Provider
    
    
    Error: (09/15/2016 02:35:28 PM) (Source: DptfPolicyLpmService) (EventID: 1) (User: )
    Description: Event-ID 1
    
    
    Error: (09/15/2016 02:35:28 PM) (Source: DptfPolicyLpmService) (EventID: 1) (User: )
    Description: Event-ID 1
    
    
    Error: (09/15/2016 02:34:04 PM) (Source: System Restore) (EventID: 8193) (User: )
    Description: Failed to create restore point (Process = C:\WINDOWS\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_9dfef83fe2e442e4\TiWorker.exe -Embedding; Description = Windows Modules Installer; Error = 0x8004231f).
    
    
    Error: (09/15/2016 02:33:50 PM) (Source: System Restore) (EventID: 8193) (User: )
    Description: Failed to create restore point (Process = C:\WINDOWS\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x8004231f).
    
    
    
    
    System errors:
    =============
    Error: (09/15/2016 05:23:00 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Windows Malicious Software Removal Tool for Windows 8, 8.1 and 10 - September 2016 (KB890830).
    
    
    Error: (09/15/2016 05:22:53 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Microsoft Visio 2016 (KB3115494) 32-Bit Edition.
    
    
    Error: (09/15/2016 03:10:49 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Microsoft Office 2016 (KB3115495) 32-Bit Edition.
    
    
    Error: (09/15/2016 03:10:44 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Windows 8.1 (KB2965142).
    
    
    Error: (09/15/2016 03:10:44 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 8.1 (KB3177186).
    
    
    Error: (09/15/2016 03:10:44 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 8.1 (KB3178539).
    
    
    Error: (09/15/2016 02:49:51 PM) (Source: volsnap) (EventID: 36) (User: )
    Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    
    
    Error: (09/15/2016 02:35:09 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
     and APPID 
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
     to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    
    
    Error: (09/15/2016 02:34:17 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Microsoft Office 2016 (KB3115495) 32-Bit Edition.
    
    
    Error: (09/15/2016 02:34:17 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Windows 8.1 (KB2965142).
    
    
    
    
    CodeIntegrity:
    ===================================
      Date: 2016-09-15 17:30:10.237
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    
    
      Date: 2016-09-15 17:26:57.021
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    
    
      Date: 2016-09-15 14:34:45.690
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    
    
      Date: 2016-09-13 10:18:04.440
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    
    
      Date: 2016-09-10 14:03:59.221
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    
    
      Date: 2016-09-09 01:35:54.942
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    
    
      Date: 2016-09-08 23:42:48.471
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    
    
      Date: 2016-09-08 23:27:44.659
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    
    
      Date: 2016-09-08 16:23:02.143
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    
    
      Date: 2016-09-02 20:41:04.221
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    
    
    
    
    ==================== Memory info =========================== 
    
    
    Processor: Intel(R) Atom(TM) CPU Z3775 @ 1.46GHz
    Percentage of memory in use: 65%
    Total physical RAM: 1933.14 MB
    Available physical RAM: 663.49 MB
    Total Virtual: 2260.77 MB
    Available Virtual: 652.31 MB
    
    
    ==================== Drives ================================
    
    
    Drive c: (OS) (Fixed) (Total:20.9 GB) (Free:0.46 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive d: () (Removable) (Total:28.97 GB) (Free:3.9 GB) FAT32
    Drive e: (Data1) (Fixed) (Total:465.76 GB) (Free:195.17 GB) NTFS
    
    
    ==================== MBR & Partition Table ==================
    
    
    ========================================================
    Disk: 0 (Size: 29.1 GB) (Disk ID: 6836FA22)
    
    
    Partition: GPT.
    
    
    ========================================================
    Disk: 1 (Size: 29 GB) (Disk ID: 00000000)
    
    
    Partition: GPT.
    
    
    ========================================================
    Disk: 2 (Size: 465.8 GB) (Disk ID: 233EF10A)
    
    
    Partition: GPT.
    
    
    ==================== End of Addition.txt ============================
    
    FRST
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2016
    Ran by john (administrator) on SNTODAY (15-09-2016 17:56:11)
    Running from C:\Users\john\Desktop
    Loaded Profiles: john (Available Profiles: john & Administrator & Guest)
    Platform: Microsoft Windows 8.1 (Update) (X86) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
    
    
    ==================== Processes (Whitelisted) =================
    
    
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
    
    
    (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
    (ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (ASUS) C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    (ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe
    (ASUS Cloud Corporation) C:\Program Files\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe
    (Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
    (Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
    (Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
    (Foxit Software Inc.) C:\Program Files\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
    (SafeNet Inc.) C:\Windows\System32\hasplms.exe
    (Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
    (@ByELDI) D:\Program Files\KMSpico\Service_KMS.exe
    (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
    (ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe
    (ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe
    (ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPLoader.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPCenter.exe
    (Intel Corporation) C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPHelper.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Adobe Systems Inc.) D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe
    (Microsoft Corporation) D:\Program Files\Microsoft Office\Office16\ONENOTEM.EXE
    (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe
    (Microsoft Corporation) D:\Program Files\Microsoft Office\Office16\WINWORD.EXE
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_9dfef83fe2e442e4\TiWorker.exe
    
    
    
    
    ==================== Registry (Whitelisted) ===========================
    
    
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
    
    
    HKLM\...\Run: [ASUSPRP] => C:\Program Files\ASUS\APRP\APRP.EXE [1080992 2014-04-11] (ASUSTek Computer Inc.)
    HKLM\...\Run: [WebStorage] => C:\Program Files\ASUS\WebStorage\2.1.2.301\ASUSWSLoader.exe [63296 2014-02-25] ()
    HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe [81360 2014-01-22] (Intel Corporation)
    HKLM\...\Run: [RtkNGUI] => C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe [2912256 2014-01-17] (Realtek Semiconductor)
    HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [1048576 2014-08-06] ()
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9107616 2016-09-12] (AVAST Software)
    HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [25197248 2016-08-31] (Dropbox, Inc.)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
    HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
    HKLM\...\Run: [] => [X]
    HKLM\...\Run: [Acrobat Assistant 8.0] => D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3477640 2012-09-23] (Adobe Systems Inc.)
    HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [3961968 2016-07-15] (Tonec Inc.)
    HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\Run: [SugarSync] => C:\Program Files\SugarSync\SugarSync.exe [18918368 2016-05-19] (SugarSync, Inc.)
    HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [644240 2016-06-15] (Sandboxie Holdings, LLC)
    HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\Run: [GoogleChromeAutoLaunch_D08D85DCFC7DC1C74F7FE73786AFDD07] => C:\Program Files\Google\Chrome\Application\chrome.exe [961352 2016-08-03] (Google Inc.)
    HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
    ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2015-08-14] (Tonec Inc.)
    ShellIconOverlayIdentifiers: [ !SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files\SugarSync\SugarSyncShellExt.dll [2016-05-19] (SugarSync, Inc.)
    ShellIconOverlayIdentifiers: [ !SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files\SugarSync\SugarSyncShellExt.dll [2016-05-19] (SugarSync, Inc.)
    ShellIconOverlayIdentifiers: [ !SugarSyncSharedSyncing] -> {F7395C2E-A5D8-4a32-9536-5C6A9F1DC450} => C:\Program Files\SugarSync\SugarSyncShellExt.dll [2016-05-19] (SugarSync, Inc.)
    ShellIconOverlayIdentifiers: [ !SugarSyncSynced] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files\SugarSync\SugarSyncShellExt.dll [2016-05-19] (SugarSync, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_BN] -> {CC5FC992-B0AA-47CD-9DC2-83445083CBB9} => C:\Program Files\Common Files\AWS\2.1.2.301\ASUSWSShellExt.dll [2013-06-26] (ASUS Cloud Corporation.)
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_ON] -> {618A47A2-528B-4D9A-AFC8-97D3233511E3} => C:\Program Files\Common Files\AWS\2.1.2.301\ASUSWSShellExt.dll [2013-06-26] (ASUS Cloud Corporation.)
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_UN] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files\Common Files\AWS\2.1.2.301\ASUSWSShellExt.dll [2013-06-26] (ASUS Cloud Corporation.)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-09-01] (AVAST Software)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Cyberoam General Authentication Client.lnk [2016-07-27]
    ShortcutTarget: Cyberoam General Authentication Client.lnk -> C:\Program Files\Cyberoam\Cyberoam General Authentication Client\CyberoamClient.exe ()
    Startup: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-09-15]
    ShortcutTarget: Send to OneNote.lnk -> D:\Program Files\Microsoft Office\Office16\ONENOTEM.EXE (Microsoft Corporation)
    
    
    ==================== Internet (Whitelisted) ====================
    
    
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
    
    
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{DC3F7DB0-A95E-4F15-8348-BED0679CEF24}: [DhcpNameServer] 40.51.1.13
    Tcpip\..\Interfaces\{ED5A8691-112E-4B41-AD16-64AE84004562}: [DhcpNameServer] 192.168.1.1
    
    
    Internet Explorer:
    ==================
    HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com/?pc=ASJB
    HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
    SearchScopes: HKU\S-1-5-21-1211984804-1430602019-1276967695-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
    BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2016-07-05] (Internet Download Manager, Tonec Inc.)
    BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
    BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-09-01] (AVAST Software)
    BHO: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
    BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
    Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
    Toolbar: HKU\S-1-5-21-1211984804-1430602019-1276967695-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
    Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - D:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-06-14] (Microsoft Corporation)
    Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - D:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-06-14] (Microsoft Corporation)
    
    
    FireFox:
    ========
    FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-06-07] (Foxit Corporation)
    FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-06-07] (Foxit Corporation)
    FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-06-07] (Foxit Corporation)
    FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-06-07] (Foxit Corporation)
    FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2015-08-27] (Google, Inc.)
    FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll [2013-07-13] (Intel Corporation)
    FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll [2013-07-13] (Intel Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> D:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
    FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
    FF Plugin: Adobe Acrobat -> D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
    FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-09-01]
    FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
    FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-09-01]
    FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
    FF Extension: (Adobe Acrobat - Create PDF) - D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2016-07-27] [not signed]
    FF HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\john\AppData\Roaming\IDM\idmmzcc5
    FF Extension: (IDM CC) - C:\Users\john\AppData\Roaming\IDM\idmmzcc5 [2016-09-15] [not signed]
    FF HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
    FF Extension: (IDM integration) - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2016-06-08]
    
    
    Chrome: 
    =======
    CHR DefaultSearchKeyword: Default -> cal
    CHR Session Restore: Default -> is enabled.
    CHR Profile: C:\Users\john\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-09]
    CHR Extension: (Google Docs) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-09]
    CHR Extension: (Task Timer) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomfjmibjhhfdenfkpaodhnlhkolngif [2016-09-09]
    CHR Extension: (Google Drive) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-09]
    CHR Extension: (Gliffy Diagrams) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmicilclplefnflapjmnngmkkkkpfad [2016-09-09]
    CHR Extension: (YouTube) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-09]
    CHR Extension: (Calendar and Countdown) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\caplfhpahpkhhckglldpmdmjclabckhc [2016-09-09]
    CHR Extension: (OneTab) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2016-09-09]
    CHR Extension: (High Contrast) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcfdncoelnlbldjfhinnjlhdjlikmph [2016-09-09]
    CHR Extension: (Adobe Acrobat) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2016-09-09]
    CHR Extension: (Google Calendar) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2016-09-09]
    CHR Extension: (Avast SafePrice) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-09-10]
    CHR Extension: (Morphine) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbnpehpbojenlldmfcopeajkichnnjpo [2016-09-09]
    CHR Extension: (Google Sheets) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-09]
    CHR Extension: (Notepad) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffbhefmlcoihbjcmibbfkocmnaiacinp [2016-09-09]
    CHR Extension: (Google Docs Offline) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-09]
    CHR Extension: (AdBlock) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-09-09]
    CHR Extension: (Google Calendar (by Google)) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2016-09-09]
    CHR Extension: (Avast Online Security) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-09-09]
    CHR Extension: (Super Simple Highlighter) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlhjgianpocpoppaiihmlpgcoehlhio [2016-09-09]
    CHR Extension: (Checker Plus for Google Calendar™) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkhggnncdpfibdhinjiegagmopldibha [2016-09-12]
    CHR Extension: (Google Keep - notes and lists) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2016-09-13]
    CHR Extension: (Apps Launcher) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijmgkhchjindcjamnckoiahagecjnkdc [2016-09-14]
    CHR Extension: (Spreed - speed read the web) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipikiaejjblmdopojhpejjmbedhlibno [2016-09-09]
    CHR Extension: (Simple Notepad) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfjclcfpbfhdmikhohhjacgdmndneckj [2016-09-09]
    CHR Extension: (BugMeNot Lite) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\lackfehpdclhclidcbbfcemcpolgdgnb [2016-09-09]
    CHR Extension: (Progress Bar Timer) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmnlbapfmmoaehepmgbkgfcgpddlhbko [2016-09-09]
    CHR Extension: (Pocket) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2016-09-10]
    CHR Extension: (Prioritab) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\napbejkndjhcciibiglkimmgdlfjcbnp [2016-09-09]
    CHR Extension: (IDM Integration Module) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-09-09]
    CHR Extension: (Save to Pocket) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2016-09-09]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-09]
    CHR Extension: (Citavi Picker) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgndokldibnndfnjnagojmheejlengn [2016-09-09]
    CHR Extension: (Readability) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\oknpjjbmpnndlpmnhmekjpocelpnlfdi [2016-09-09]
    CHR Extension: (Freelancy Time Tracker) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\olkajbcicgbkoefeclmjjbdhidnnmgkh [2016-09-09]
    CHR Extension: (Browsec VPN - Privacy and Security Online) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\omghfjlpggmjjaagoclmmobgdodcjboh [2016-09-09]
    CHR Extension: (SiteBlock) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfglnpdpgmecffbejlfgpnebopinlclj [2016-09-09]
    CHR Extension: (Gmail) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-09]
    CHR Extension: (Chrome Media Router) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-09]
    CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]
    CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2016-06-09]
    CHR HKLM\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn] - hxxps://clients2.google.com/service/update2/crx
    
    
    ==================== Services (Whitelisted) ========================
    
    
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    
    
    R2 AsHidService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe [103224 2013-09-09] (ASUSTek Computer Inc.)
    R2 ASLDRService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe [115512 2014-02-18] (ASUSTek Computer Inc.)
    R2 Asus WebStorage Windows Service; C:\Program Files\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe [71680 2014-02-25] (ASUS Cloud Corporation) [File not signed]
    R2 ATKGFNEXSrv; C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2011-11-22] (ASUS)
    S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-01] (AVAST Software)
    S2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [1677016 2014-08-07] (Broadcom Corporation.)
    S3 cphs; C:\WINDOWS\system32\IntelCpHeciSvc.exe [277304 2014-02-11] (Intel Corporation)
    S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-07-15] (Dropbox, Inc.)
    S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-07-15] (Dropbox, Inc.)
    R2 DptfParticipantProcessorService; C:\WINDOWS\system32\DptfParticipantProcessorService.exe [83920 2014-01-22] (Intel Corporation)
    R2 DptfPolicyCriticalService; C:\WINDOWS\system32\DptfPolicyCriticalService.exe [96720 2014-01-22] (Intel Corporation)
    R2 DptfPolicyLpmService; C:\WINDOWS\system32\DptfPolicyLpmService.exe [90576 2014-01-22] (Intel Corporation)
    R2 FoxitReaderService; C:\Program Files\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1647808 2016-06-21] (Foxit Software Inc.)
    R2 hasplms; C:\WINDOWS\system32\hasplms.exe [4609928 2013-08-01] (SafeNet Inc.)
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [586752 2013-07-02] (Intel(R) Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [637912 2013-07-02] (Intel(R) Corporation)
    R2 jhi_service; C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe [168216 2014-01-15] (Intel Corporation)
    S3 Lenovo EasyPlus Hotspot; C:\Program Files\Common Files\LENOVO\easyplussdk\bin\EPHotspot.exe [509424 2015-06-08] (Lenovo)
    R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [154256 2016-06-15] (Sandboxie Holdings, LLC)
    R2 Service KMSELDI; d:\Program Files\KMSpico\Service_KMS.exe [739520 2015-09-27] (@ByELDI) [File not signed]
    S3 ShareItSvc; D:\Program Files\SHAREit\Shareit.Service.exe [31704 2016-03-31] (SHAREit Technologies Co.Ltd)
    R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [7248144 2016-08-09] (TeamViewer GmbH)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [284520 2015-07-07] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22224 2015-07-07] (Microsoft Corporation)
    
    
    ===================== Drivers (Whitelisted) ==========================
    
    
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    
    
    R2 aksfridge; C:\WINDOWS\system32\drivers\aksfridge.sys [376200 2013-08-01] (SafeNet Inc.)
    R2 ASMMAP; C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys [13880 2009-07-03] (ASUS)
    R3 AsusHID; C:\WINDOWS\System32\drivers\AsusHID.sys [68888 2014-04-09] (ASUS Corporation)
    S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [34008 2016-09-01] (AVAST Software)
    R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [35096 2016-09-01] (AVAST Software)
    R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [92256 2016-09-01] (AVAST Software)
    R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [91232 2016-09-01] (AVAST Software)
    R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [60424 2016-09-01] (AVAST Software)
    R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [735488 2016-09-13] (AVAST Software)
    R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [434144 2016-09-01] (AVAST Software)
    S2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [118664 2016-09-01] (AVAST Software)
    R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [224616 2016-09-01] (AVAST Software)
    R1 ATKWMIACPIIO; C:\Program Files\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi.sys [17720 2013-07-03] (ASUSTek Computer Inc.)
    S3 AX88772; C:\WINDOWS\system32\DRIVERS\ax88772.sys [97896 2013-07-18] (ASIX Electronics Corp.)
    R3 BCMSDH43XX; C:\WINDOWS\system32\DRIVERS\bcmdhd63.sys [304344 2014-08-07] (Broadcom Corp)
    R3 BthMini; C:\WINDOWS\System32\Drivers\BTHMINI.sys [23552 2014-10-29] (Microsoft Corporation)
    S3 btwampfl; C:\WINDOWS\system32\DRIVERS\btwampfl.sys [144600 2014-08-07] (Broadcom Corporation.)
    R3 BtwSerialBus; C:\WINDOWS\system32\DRIVERS\BtwSerialBus.sys [130776 2014-08-07] (Broadcom Corporation.)
    R3 camera; C:\WINDOWS\system32\DRIVERS\camera.sys [345088 2013-12-02] (Intel Corporation)
    R3 CM3218x; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [188416 2014-05-31] (Microsoft Corporation)
    R3 CPLMACPI; C:\WINDOWS\system32\DRIVERS\CPLMACPI.sys [16488 2013-09-06] (Capella Microsystems, Inc.)
    R3 DptfDevDBPT; C:\WINDOWS\system32\DRIVERS\DptfDevPower.sys [25552 2014-01-22] (Intel Corporation)
    R3 DptfDevDisplay; C:\WINDOWS\system32\DRIVERS\DptfDevDisplay.sys [28112 2014-01-22] (Intel Corporation)
    R3 DptfDevGen; C:\WINDOWS\system32\DRIVERS\DptfDevGen.sys [36304 2014-01-22] (Intel Corporation)
    R3 DptfDevProc; C:\WINDOWS\system32\DRIVERS\DptfDevProc.sys [80848 2014-01-22] (Intel Corporation)
    R3 DptfManager; C:\WINDOWS\system32\DRIVERS\DptfManager.sys [181712 2014-01-22] (Intel Corporation)
    R3 GPIO; C:\WINDOWS\System32\drivers\iaiogpioe.sys [23552 2013-12-30] (Intel Corporation)
    R3 GpioVirtual; C:\WINDOWS\System32\drivers\iaiogpiovirtual.sys [16896 2013-12-30] (Intel Corporation)
    R2 hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [608648 2013-08-01] (SafeNet Inc.)
    R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsHIDSwitch.sys [17720 2013-10-08] (ASUS)
    S1 hwinterface; C:\WINDOWS\System32\Drivers\hwinterface.sys [3026 2016-08-07] (Logix4u) [File not signed]
    R3 iaioi2c; C:\WINDOWS\System32\drivers\iaioi2ce.sys [58368 2013-11-15] (Intel Corporation)
    R3 iaiouart; C:\WINDOWS\System32\drivers\iaiouart.sys [87552 2013-12-30] (Intel Corporation)
    S0 iaStorA; C:\WINDOWS\System32\drivers\iaStorA.sys [489832 2013-12-16] (Intel Corporation)
    R2 inpout32; C:\WINDOWS\System32\Drivers\inpout32.sys [11936 2016-08-05] (Highresolution Enterprises [www.highrez.co.uk])
    S3 intaud_WaveExtensible; C:\WINDOWS\system32\drivers\intelaud.sys [32664 2014-01-23] (Intel Corporation)
    R3 IntelSST; C:\WINDOWS\system32\drivers\isstrtc.sys [254464 2013-12-30] (Intel(R) Corporation)
    R3 INVN_MotionApps; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [188416 2014-05-31] (Microsoft Corporation)
    R3 iwdbus; C:\WINDOWS\System32\drivers\iwdbus.sys [23448 2014-01-23] (Intel Corporation)
    R0 MBI; C:\WINDOWS\System32\drivers\MBI.sys [21456 2013-12-30] (Intel Corporation)
    R3 MT9M114; C:\WINDOWS\System32\drivers\MT9M114.sys [38912 2013-12-02] (Intel Corporation)
    S3 NETwNs32; C:\WINDOWS\system32\DRIVERS\Netwsn00.sys [10372096 2013-06-18] (Intel Corporation)
    R3 PMIC; C:\WINDOWS\System32\drivers\PMIC.sys [48128 2013-12-30] (Intel Corporation)
    R3 rtii2sac; C:\WINDOWS\system32\DRIVERS\rtii2sac.sys [169176 2014-03-14] (Realtek Semiconductor Corp.)
    R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [177296 2016-06-15] (Sandboxie Holdings, LLC)
    R3 SensorsServiceDriver; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [188416 2014-05-31] (Microsoft Corporation)
    R3 teamviewervpn; C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys [25088 2016-07-05] (TeamViewer GmbH)
    R3 TXEI; C:\WINDOWS\System32\drivers\TXEI.sys [75792 2014-02-26] (Intel Corporation)
    S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [38928 2015-07-07] (Microsoft Corporation)
    S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [233304 2015-07-07] (Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [84824 2015-07-07] (Microsoft Corporation)
    U0 msahci; no ImagePath
    
    
    ==================== NetSvcs (Whitelisted) ===================
    
    
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    
    
    
    
    ==================== One Month Created files and folders ========
    
    
    (If an entry is included in the fixlist, the file/folder will be moved.)
    
    
    2016-09-15 17:56 - 2016-09-15 17:56 - 00031615 _____ C:\Users\john\Desktop\FRST.txt
    2016-09-15 17:55 - 2016-09-15 17:55 - 01748992 _____ (Farbar) C:\Users\john\Desktop\FRST.exe
    2016-09-15 17:55 - 2016-09-15 17:55 - 00000000 ____D C:\Users\john\Desktop\FRST-OlderVersion
    2016-09-15 17:51 - 2016-09-15 17:53 - 00031686 _____ C:\Users\john\Desktop\reg.txt
    2016-09-15 17:51 - 2016-09-08 23:48 - 00278831 _____ C:\Users\john\Desktop\wireless.exe
    2016-09-15 17:49 - 2016-09-15 17:49 - 00035851 _____ C:\Users\john\Desktop\MTB.txt
    2016-09-15 17:36 - 2016-09-15 17:36 - 03861056 _____ C:\Users\john\Desktop\adwcleaner_6.020.exe
    2016-09-15 15:01 - 2014-04-14 07:07 - 00865280 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
    2016-09-15 14:29 - 2014-08-16 07:46 - 01205976 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
    2016-09-15 14:29 - 2014-08-16 05:13 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
    2016-09-15 14:29 - 2014-08-16 05:01 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll
    2016-09-15 14:29 - 2014-08-16 04:51 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcsvDevice.dll
    2016-09-15 14:29 - 2014-08-16 04:45 - 00586752 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
    2016-09-15 14:29 - 2014-08-16 04:44 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
    2016-09-15 14:29 - 2014-08-16 04:43 - 05902848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
    2016-09-15 14:29 - 2014-08-16 04:43 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
    2016-09-15 14:29 - 2014-08-16 04:41 - 03985408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
    2016-09-15 14:29 - 2014-08-16 04:35 - 00877056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
    2016-09-15 14:29 - 2014-07-24 15:12 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
    2016-09-15 14:03 - 2014-05-19 10:03 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvcfg.exe
    2016-09-15 14:03 - 2014-05-19 09:53 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe
    2016-09-15 13:33 - 2016-08-13 12:15 - 05761880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2016-09-15 13:33 - 2016-08-13 12:14 - 01471544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2016-09-15 13:33 - 2016-08-13 12:14 - 01395664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2016-09-15 13:33 - 2016-08-13 12:14 - 01284576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
    2016-09-15 13:33 - 2016-08-13 12:14 - 01271152 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
    2016-09-15 13:33 - 2016-08-13 12:14 - 01173016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
    2016-09-15 13:33 - 2016-08-13 02:49 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
    2016-09-15 13:33 - 2014-04-11 12:55 - 00419928 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
    2016-09-15 12:42 - 2014-04-18 18:13 - 00031064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll
    2016-09-15 12:42 - 2014-04-18 13:21 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\energyprov.dll
    2016-09-15 12:42 - 2014-04-14 12:31 - 00285144 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
    2016-09-15 12:42 - 2014-04-11 08:53 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
    2016-09-15 12:42 - 2014-04-11 07:57 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
    2016-09-15 12:42 - 2014-04-09 10:14 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll
    2016-09-15 12:42 - 2014-04-06 19:53 - 00098584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
    2016-09-15 12:42 - 2014-04-06 19:52 - 00178184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
    2016-09-15 12:42 - 2014-04-06 19:48 - 00271192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
    2016-09-15 12:42 - 2014-04-06 19:46 - 01209616 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
    2016-09-15 12:42 - 2014-04-06 19:46 - 01159520 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
    2016-09-15 12:42 - 2014-04-06 19:46 - 00707048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
    2016-09-15 12:42 - 2014-04-06 19:46 - 00669856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
    2016-09-15 12:42 - 2014-04-06 19:46 - 00518544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
    2016-09-15 12:42 - 2014-04-06 16:36 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\srclient.dll
    2016-09-15 12:42 - 2014-04-06 16:30 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
    2016-09-15 12:42 - 2014-04-06 16:17 - 00264704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
    2016-09-15 12:42 - 2014-04-06 16:10 - 00245248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe
    2016-09-15 12:42 - 2014-04-06 15:28 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
    2016-09-15 12:42 - 2014-04-06 15:07 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
    2016-09-15 12:42 - 2014-04-06 15:06 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
    2016-09-15 12:42 - 2014-04-06 14:29 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
    2016-09-15 12:42 - 2014-04-03 08:33 - 00230808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
    2016-09-15 12:42 - 2014-04-03 06:53 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\tlscsp.dll
    2016-09-15 12:42 - 2014-03-27 09:18 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
    2016-09-15 12:42 - 2014-03-27 08:49 - 00313344 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
    2016-09-15 12:42 - 2014-03-27 07:52 - 00244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
    2016-09-15 12:42 - 2014-03-27 07:33 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll
    2016-09-15 12:42 - 2014-03-19 11:47 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll
    2016-09-15 12:42 - 2014-03-19 11:39 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
    2016-09-15 12:42 - 2014-03-19 09:30 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
    2016-09-15 12:42 - 2014-03-19 09:21 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
    2016-09-15 12:42 - 2014-03-19 09:17 - 01309184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
    2016-09-15 12:42 - 2014-03-18 11:52 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
    2016-09-15 12:42 - 2014-03-17 08:41 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
    2016-09-15 12:42 - 2014-03-17 07:15 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
    2016-09-15 12:41 - 2014-07-15 21:37 - 02257584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
    2016-09-15 12:41 - 2014-07-15 12:33 - 02344448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
    2016-09-15 12:41 - 2014-07-15 12:25 - 02045440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll
    2016-09-15 12:41 - 2014-05-01 15:30 - 00046512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wpcfltr.sys
    2016-09-15 12:17 - 2016-08-21 03:21 - 01118720 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2016-09-15 12:17 - 2016-08-21 03:20 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
    2016-09-15 12:17 - 2016-08-14 22:44 - 01403320 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
    2016-09-15 12:17 - 2016-08-14 21:52 - 03475968 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
    2016-09-15 12:15 - 2014-05-13 09:51 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\BulkOperationHost.exe
    2016-09-15 12:15 - 2014-05-13 08:13 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
    2016-09-15 12:15 - 2014-05-03 09:27 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
    2016-09-15 12:15 - 2014-05-03 09:16 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncobjapi.dll
    2016-09-15 12:15 - 2014-05-03 09:07 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedynos.dll
    2016-09-15 12:15 - 2014-05-03 09:07 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedyn.dll
    2016-09-15 12:15 - 2014-04-30 10:02 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwififlt.sys
    2016-09-15 12:15 - 2014-04-30 09:59 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
    2016-09-15 12:15 - 2014-04-30 09:18 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
    2016-09-15 12:15 - 2014-04-30 08:16 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
    2016-09-15 12:15 - 2014-04-30 08:16 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
    2016-09-15 12:15 - 2014-04-30 08:16 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll
    2016-09-15 12:15 - 2014-04-30 08:15 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll
    2016-09-15 12:15 - 2014-04-30 07:45 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
    2016-09-15 12:15 - 2014-04-14 12:38 - 01797896 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
    2016-09-15 12:15 - 2014-04-14 09:48 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d8thk.dll
    2016-09-15 11:49 - 2014-08-23 10:02 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
    2016-09-15 11:49 - 2014-08-23 08:32 - 00612352 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
    2016-09-15 11:47 - 2016-09-15 11:47 - 00914104 _____ C:\Users\john\Desktop\The Art of Forgetting.pdf
    2016-09-15 11:41 - 2016-09-15 14:25 - 00010033 _____ C:\Users\john\Desktop\Book of all to do.xlsx
    2016-09-15 11:37 - 2014-07-12 08:13 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
    2016-09-15 11:36 - 2016-08-21 03:35 - 05273600 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll
    2016-09-15 11:36 - 2016-08-21 02:57 - 05268480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
    2016-09-15 11:31 - 2016-09-01 07:38 - 20312064 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2016-09-15 11:31 - 2016-09-01 07:16 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2016-09-15 11:31 - 2016-09-01 06:54 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2016-09-15 11:31 - 2016-09-01 06:09 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
    2016-09-15 11:31 - 2016-09-01 06:00 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2016-09-15 11:31 - 2016-09-01 05:57 - 13808128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2016-09-15 11:31 - 2016-09-01 05:54 - 04607488 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2016-09-15 11:31 - 2016-09-01 05:13 - 02445824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2016-09-15 11:31 - 2016-09-01 05:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
    2016-09-15 11:31 - 2016-09-01 05:08 - 01316352 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2016-09-15 11:31 - 2016-08-26 09:14 - 02286592 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2016-09-15 11:31 - 2016-08-26 08:30 - 01049600 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
    2016-09-15 11:22 - 2016-08-10 03:17 - 00611576 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
    2016-09-15 11:20 - 2016-09-09 02:21 - 00332632 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
    2016-09-15 11:20 - 2016-08-22 20:39 - 00136872 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
    2016-09-15 11:20 - 2016-08-22 20:39 - 00077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
    2016-09-15 11:20 - 2016-08-21 04:31 - 00153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
    2016-09-15 11:20 - 2016-08-21 04:30 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
    2016-09-15 11:20 - 2016-08-21 04:29 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
    2016-09-14 10:36 - 2016-09-14 11:49 - 00001614 _____ C:\Users\john\Downloads\dcopycopy.m
    2016-09-11 22:43 - 2016-09-11 22:43 - 00000000 _____ C:\WINDOWS\system32\last.dump
    2016-09-10 23:15 - 2016-09-03 22:18 - 00143995 _____ C:\Users\john\Downloads\d - Copy - Copy.mat
    2016-09-10 23:15 - 2016-09-03 22:18 - 00143995 _____ C:\Users\john\Downloads\d - Copy - Copy (3).mat
    2016-09-10 23:15 - 2016-09-03 22:18 - 00143995 _____ C:\Users\john\Downloads\d - Copy - Copy (2).mat
    2016-09-10 14:02 - 2016-09-10 14:02 - 00000000 ____D C:\Users\Guest\AppData\Local\VirtualStore
    2016-09-09 12:48 - 2016-09-09 12:48 - 00000000 ____D C:\ProgramData\IDM
    2016-09-09 00:40 - 2016-09-09 00:01 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
    2016-09-09 00:01 - 2016-09-09 00:33 - 00000000 ____D C:\zoek_backup
    2016-09-08 23:54 - 2016-09-15 17:56 - 00000000 ____D C:\FRST
    2016-09-08 23:38 - 2016-09-08 23:38 - 00000000 ____D C:\ProgramData\Blio
    2016-09-08 23:37 - 2016-09-08 23:37 - 00001706 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Blio eBooks.lnk
    2016-09-08 23:37 - 2016-09-08 23:37 - 00000000 ____D C:\Users\john\AppData\Roaming\Blio
    2016-09-08 23:37 - 2016-09-08 23:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-NFB Reading Technology
    2016-09-08 23:36 - 2016-09-15 17:41 - 00000000 ____D C:\AdwCleaner
    2016-09-08 23:34 - 2016-09-08 23:34 - 00892416 _____ (Farbar) C:\Users\john\Desktop\MiniToolBox.exe
    2016-09-08 19:31 - 2016-09-08 19:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\UnCleaner
    2016-09-08 19:31 - 2016-09-08 19:31 - 00000000 ____D C:\Program Files\UnCleaner
    2016-09-08 16:42 - 2016-09-08 16:43 - 01584719 _____ C:\Users\john\Downloads\butterfly-wallpaper.jpeg
    2016-09-08 16:14 - 2016-09-08 16:14 - 00773572 _____ (Soft98.iR) C:\Users\john\Downloads\Unconfirmed 993990.crdownload
    2016-09-05 15:51 - 2016-09-05 16:03 - 00000000 ____D C:\Users\john\Desktop\New folder
    2016-09-05 11:33 - 2016-09-15 17:33 - 00000560 _____ C:\WINDOWS\Tasks\MATLAB R2014a Startup Accelerator.job
    2016-09-05 11:33 - 2016-09-05 11:33 - 00000906 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MATLAB R2014a.lnk
    2016-09-05 11:33 - 2016-09-05 11:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MATLAB
    2016-09-05 11:33 - 2016-09-05 11:33 - 00000000 ____D C:\ProgramData\MathWorks
    2016-09-05 10:47 - 2016-09-11 16:25 - 00000000 ____D C:\Users\john\AppData\Roaming\Psiphon3
    2016-09-04 00:04 - 2016-09-04 00:10 - 00000000 ____D C:\Users\john\Downloads\Video
    2016-09-03 22:21 - 2016-09-03 22:18 - 00143995 _____ C:\Users\john\Downloads\d2.mat
    2016-09-03 22:21 - 2016-09-03 22:18 - 00143995 _____ C:\Users\john\Downloads\d - Copy.mat
    2016-09-03 22:18 - 2016-09-03 22:18 - 00143995 _____ C:\Users\john\Downloads\d.mat
    2016-09-03 02:25 - 2016-09-03 02:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
    2016-09-02 21:42 - 2016-09-02 21:43 - 00148586 _____ C:\Users\john\Documents\Picasa.pdf
    2016-09-02 21:41 - 2016-09-13 22:18 - 00000000 ____D C:\Users\john\Downloads\Telegram Desktop
    2016-09-02 20:41 - 2016-09-02 20:41 - 00001142 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
    2016-09-02 15:09 - 2016-09-14 14:18 - 00000000 ____D C:\Users\john\Downloads\Compressed
    2016-09-01 22:58 - 2016-09-01 22:58 - 01623442 _____ C:\Users\john\Documents\fatemehID.pdf
    2016-09-01 22:16 - 2016-09-01 22:15 - 00319760 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
    2016-09-01 22:15 - 2016-09-01 22:15 - 00053208 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
    2016-08-29 23:32 - 2016-08-29 23:32 - 00000000 ____D C:\Users\john\AppData\Roaming\Canon
    2016-08-29 23:05 - 2016-08-29 23:05 - 00000000 ___HD C:\WINDOWS\system32\CanonMF Uninstaller Information
    2016-08-29 23:05 - 2016-08-29 23:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon
    2016-08-29 23:05 - 2014-03-04 10:50 - 00338944 _____ (CANON INC.) C:\WINDOWS\system32\CNCC210.DLL
    2016-08-29 23:05 - 2014-03-04 10:50 - 00138240 _____ (CANON INC.) C:\WINDOWS\system32\CNCE210.DLL
    2016-08-29 23:05 - 2014-03-04 10:50 - 00112640 _____ (CANON INC.) C:\WINDOWS\system32\CNCL210.DLL
    2016-08-29 23:05 - 2014-03-04 10:50 - 00112128 _____ (CANON INC.) C:\WINDOWS\system32\CNCLSD48b.DLL
    2016-08-29 23:05 - 2014-03-04 10:50 - 00100352 _____ (CANON INC.) C:\WINDOWS\system32\CNCLSI48b.DLL
    2016-08-29 23:05 - 2014-03-04 10:50 - 00090624 _____ (CANON INC.) C:\WINDOWS\system32\CNCLST48b.DLL
    2016-08-29 23:05 - 2014-03-04 10:50 - 00082432 _____ (CANON INC.) C:\WINDOWS\system32\CNCI210.DLL
    2016-08-29 23:05 - 2014-03-04 10:50 - 00073728 _____ (CANON INC.) C:\WINDOWS\system32\CNCLSC48b.DLL
    2016-08-29 23:05 - 2014-03-04 10:50 - 00066560 _____ (CANON INC.) C:\WINDOWS\system32\CNCLSU48b.DLL
    2016-08-29 23:05 - 2014-02-03 19:19 - 00000431 _____ C:\WINDOWS\system32\CNCMFP48.INI
    2016-08-29 23:04 - 2016-08-29 23:04 - 00000000 ____D C:\Program Files\Canon
    2016-08-29 22:16 - 2016-08-29 22:16 - 00000341 _____ C:\Users\john\Desktop\fg.ini
    2016-08-29 19:36 - 2016-08-29 19:36 - 00000948 _____ C:\Users\john\Desktop\Folders - Shortcut.lnk
    2016-08-29 19:31 - 2016-08-29 19:31 - 00000980 _____ C:\Users\john\Desktop\fg759p - Shortcut.lnk
    2016-08-29 19:30 - 2016-09-15 17:36 - 00000000 ___RD C:\Users\john\Desktop\Shortcuts
    2016-08-29 11:26 - 2016-08-29 11:26 - 00000000 ____D C:\Users\john\AppData\Local\Chromium
    2016-08-29 11:11 - 2016-08-29 11:11 - 00000000 ____D C:\Users\john\AppData\Local\IsolatedStorage
    2016-08-29 11:09 - 2016-09-15 02:01 - 00000000 ____D C:\Users\john\Documents\Blio
    2016-08-29 10:59 - 2016-08-29 10:59 - 00000000 ____D C:\Users\Public\Blio
    2016-08-29 10:52 - 2016-08-29 10:52 - 00000000 ____D C:\Users\john\Documents\My Digital Editions
    2016-08-22 11:43 - 2016-08-22 23:18 - 00000006 _____ C:\Users\john\AppData\Roaming\SmartDiarySuite.dic-sds
    2016-08-22 11:42 - 2016-08-22 11:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Diary Suite 4
    2016-08-21 20:06 - 2016-08-21 20:06 - 00000000 ____D C:\Users\john\AppData\Local\Doist_Ltd
    2016-08-21 20:05 - 2016-08-21 20:05 - 00000000 ____D C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Todoist
    2016-08-21 20:05 - 2016-08-21 20:05 - 00000000 ____D C:\Users\john\AppData\Local\Todoist
    2016-08-20 13:31 - 2016-08-20 13:31 - 00012362 ____H C:\Users\john\Desktop\~WRL0005.tmp
    2016-08-20 12:14 - 2016-08-20 12:14 - 00001041 _____ C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Temp File Cleaner.lnk
    2016-08-20 12:14 - 2016-08-20 12:14 - 00000000 ____D C:\Users\john\AppData\Roaming\addpcs
    2016-08-20 12:14 - 2016-08-20 12:14 - 00000000 ____D C:\Program Files\Temp File Cleaner
    2016-08-18 16:49 - 2016-08-18 16:49 - 00000728 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anki.lnk
    2016-08-18 16:49 - 2016-08-18 16:49 - 00000716 _____ C:\Users\Guest\Desktop\Anki.lnk
    2016-08-18 16:49 - 2016-08-18 16:49 - 00000716 _____ C:\Users\Administrator\Desktop\Anki.lnk
    2016-08-18 16:49 - 2016-08-18 16:49 - 00000000 ____D C:\Program Files\Anki
    2016-08-17 10:53 - 2016-09-05 11:37 - 00000000 ____D C:\Users\john\AppData\Local\MathWorks
    2016-08-17 10:53 - 2016-08-17 10:53 - 00000000 ____D C:\Users\john\AppData\Roaming\Subversion
    2016-08-17 10:47 - 2016-08-17 10:47 - 00000000 ____D C:\Users\john\AppData\Roaming\MathWorks
    2016-08-17 08:52 - 2016-08-17 08:52 - 00000000 ____D C:\Users\john\AppData\Local\VS Revo Group
    2016-08-17 08:52 - 2016-08-17 08:52 - 00000000 ____D C:\ProgramData\VS Revo Group
    2016-08-17 08:52 - 2016-08-17 08:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
    2016-08-17 08:52 - 2009-12-30 10:21 - 00027192 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys
    2016-08-16 20:37 - 2004-09-06 09:05 - 00645120 _____ C:\WINDOWS\system32\config.gms
    
    
    ==================== One Month Modified files and folders ========
    
    
    (If an entry is included in the fixlist, the file/folder will be moved.)
    
    
    2016-09-15 17:56 - 2013-08-22 12:35 - 00000000 ____D C:\WINDOWS\CbsTemp
    2016-09-15 17:54 - 2016-07-15 15:49 - 00000908 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
    2016-09-15 17:37 - 2014-04-11 07:13 - 00799478 _____ C:\WINDOWS\system32\prfh0816.dat
    2016-09-15 17:37 - 2014-04-11 07:13 - 00164812 _____ C:\WINDOWS\system32\prfc0816.dat
    2016-09-15 17:37 - 2014-03-18 12:31 - 01816356 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2016-09-15 17:37 - 2013-08-22 10:51 - 00000000 ____D C:\WINDOWS\inf
    2016-09-15 17:36 - 2016-07-15 15:30 - 00000000 ____D C:\Users\john\AppData\Roaming\IDM
    2016-09-15 17:34 - 2016-02-07 03:01 - 00000000 ____D C:\Users\john\Documents\Anki
    2016-09-15 17:33 - 2016-02-07 03:15 - 00000000 ___RD C:\Users\john\Dropbox
    2016-09-15 17:32 - 2016-07-15 15:49 - 00000904 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
    2016-09-15 17:32 - 2016-07-10 02:11 - 00000906 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2016-09-15 17:32 - 2016-02-07 02:51 - 00000000 __RDO C:\Users\john\OneDrive
    2016-09-15 17:30 - 2013-08-22 11:53 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2016-09-15 17:29 - 2013-08-22 10:43 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
    2016-09-15 17:27 - 2013-08-22 11:52 - 00362144 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2016-09-15 17:24 - 2013-08-22 12:47 - 00000000 ____D C:\WINDOWS\MediaViewer
    2016-09-15 17:24 - 2013-08-22 12:47 - 00000000 ____D C:\WINDOWS\FileManager
    2016-09-15 17:24 - 2013-08-22 12:47 - 00000000 ____D C:\WINDOWS\Camera
    2016-09-15 17:24 - 2013-08-22 10:51 - 00000000 ____D C:\WINDOWS\system32\oobe
    2016-09-15 17:23 - 2016-07-10 04:06 - 00000000 ____C C:\WINDOWS\system32\MRT.exe
    2016-09-15 17:22 - 2016-07-10 02:11 - 00000910 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2016-09-15 15:11 - 2013-08-22 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
    2016-09-15 14:50 - 2013-08-22 12:47 - 00000000 ___RD C:\WINDOWS\ToastData
    2016-09-15 14:32 - 2016-08-06 10:57 - 00000000 ____D C:\Users\john\AppData\Roaming\GoldenDict
    2016-09-15 14:32 - 2016-07-10 02:13 - 00000000 ____D C:\Users\john\AppData\Roaming\Everything
    2016-09-15 11:46 - 2016-07-10 02:34 - 00000000 ____D C:\ProgramData\Foxit Software
    2016-09-14 14:21 - 2016-07-15 15:30 - 00000000 ____D C:\Users\john\AppData\Roaming\DMCache
    2016-09-14 12:04 - 2016-07-15 15:19 - 00000000 ____D C:\Users\john\AppData\Roaming\Telegram Desktop
    2016-09-14 10:09 - 2016-04-17 06:25 - 00000000 ____D C:\Users\john\Documents\MATLAB
    2016-09-13 22:16 - 2016-07-10 03:20 - 00735488 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
    2016-09-13 22:14 - 2016-07-16 21:12 - 00000000 ____D C:\Users\john\AppData\Roaming\vlc
    2016-09-13 10:33 - 2016-02-18 20:33 - 00000000 ____D C:\Users\john\Documents\OneNote Notebooks
    2016-09-09 00:33 - 2016-08-07 19:02 - 00000000 ____D C:\Users\Guest\AppData\Local\Google
    2016-09-08 19:32 - 2016-07-17 12:13 - 00000000 ____D C:\WINDOWS\Downloaded Installations
    2016-09-08 19:32 - 2013-08-22 12:47 - 00000000 ____D C:\WINDOWS\system32\MsDtc
    2016-09-08 16:29 - 2016-07-15 15:20 - 00000000 ____D C:\Users\john\AppData\Roaming\TeamViewer
    2016-09-07 05:41 - 2016-07-10 10:45 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
    2016-09-07 05:41 - 2016-07-10 10:45 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
    2016-09-04 17:56 - 2016-02-07 02:22 - 00000000 ____D C:\Users\john\AppData\Local\Packages
    2016-09-03 02:25 - 2016-07-15 15:49 - 00000000 ____D C:\Program Files\Dropbox
    2016-09-02 20:15 - 2014-04-11 06:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
    2016-09-02 20:15 - 2014-04-11 06:40 - 00000000 ____D C:\Program Files\ASUS
    2016-09-01 22:15 - 2016-07-10 03:20 - 00434144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
    2016-09-01 22:15 - 2016-07-10 03:20 - 00224616 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
    2016-09-01 22:15 - 2016-07-10 03:20 - 00118664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
    2016-09-01 22:15 - 2016-07-10 03:20 - 00092256 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
    2016-09-01 22:15 - 2016-07-10 03:20 - 00091232 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
    2016-09-01 22:15 - 2016-07-10 03:20 - 00060424 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
    2016-09-01 22:15 - 2016-07-10 03:20 - 00035096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
    2016-09-01 22:15 - 2016-07-10 03:20 - 00034008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
    2016-08-29 23:15 - 2013-08-22 12:47 - 00000000 __RSD C:\WINDOWS\Media
    2016-08-29 11:13 - 2013-08-22 12:47 - 00000000 ____D C:\WINDOWS\system32\NDF
    2016-08-27 11:16 - 2016-02-08 13:43 - 00000000 ____D C:\Users\john\Documents\Custom Office Templates
    2016-08-27 08:27 - 2016-07-15 15:18 - 00000000 ____D C:\Users\john\AppData\Roaming\qBittorrent
    2016-08-24 11:40 - 2016-07-15 15:20 - 00000000 ____D C:\Program Files\TeamViewer
    2016-08-24 03:19 - 2016-07-10 04:06 - 00000000 ____D C:\WINDOWS\system32\MRT
    2016-08-22 20:55 - 2016-08-08 17:05 - 00002849 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
    2016-08-22 13:36 - 2016-07-07 14:55 - 00000000 ____D C:\Users\john
    2016-08-21 19:45 - 2016-07-10 03:08 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.1
    2016-08-18 16:04 - 2016-07-15 15:20 - 00000943 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
    
    
    ==================== Files in the root of some directories =======
    
    
    2016-08-22 11:43 - 2016-08-22 23:18 - 0000006 _____ () C:\Users\john\AppData\Roaming\SmartDiarySuite.dic-sds
    2016-08-07 10:54 - 2016-08-07 10:54 - 0004933 _____ () C:\ProgramData\pqoxeahx.aem
    2014-04-11 06:40 - 2012-07-30 10:33 - 0000217 _____ () C:\ProgramData\SetStretch.cmd
    2014-04-11 06:40 - 2009-07-22 14:34 - 0024576 _____ () C:\ProgramData\SetStretch.exe
    
    
    Some zero byte size files/folders:
    ==========================
    C:\Windows\System32\MRT.exe
    
    
    ==================== Bamital & volsnap =================
    
    
    (There is no automatic fix for files that do not pass verification.)
    
    
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
    
    
    
    
    LastRegBack: 2016-09-15 14:48
    
    
    ==================== End of FRST.txt ============================
    Last edited by Brink; 15 Sep 2016 at 22:14. Reason: code box
      My System SpecsSystem Spec

  8. #8


    Quote Originally Posted by samuria View Post
    Run first two scans PCHF System Scans post results
    Code:
    Addition (from FRST)
    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-09-2016
    Ran by john (15-09-2016 17:57:19)
    Running from C:\Users\john\Desktop
    Microsoft Windows 8.1 (Update) (X86) (2016-07-07 10:31:07)
    Boot Mode: Normal
    ==========================================================
    
    
    
    
    ==================== Accounts: =============================
    
    
    Administrator (S-1-5-21-1211984804-1430602019-1276967695-500 - Administrator - Disabled) => C:\Users\Administrator
    Guest (S-1-5-21-1211984804-1430602019-1276967695-501 - Limited - Enabled) => C:\Users\Guest
    HomeGroupUser$ (S-1-5-21-1211984804-1430602019-1276967695-1003 - Limited - Enabled)
    john (S-1-5-21-1211984804-1430602019-1276967695-1001 - Administrator - Enabled) => C:\Users\john
    
    
    ==================== Security Center ========================
    
    
    (If an entry is included in the fixlist, it will be removed.)
    
    
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: Avast Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Avast Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    
    
    ==================== Installed Programs ======================
    
    
    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
    
    
    Adobe Acrobat XI Pro (HKLM\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.00 - Adobe Systems)
    Anki (HKLM\...\Anki) (Version:  - )
    ANY-maze (HKLM\...\ANY-maze) (Version:  - Stoelting Co.)
    ASUS Live Update (HKLM\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.4.3 - ASUS)
    ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.3 - ASUS)
    ASUS Smart Gesture (HKLM\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.16 - ASUS)
    ATK Package (HKLM\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0033 - ASUS)
    Avast Free Antivirus (HKLM\...\Avast) (Version: 12.3.2280 - AVAST Software)
    Blio (HKLM\...\{7DBB61C8-34AD-4D60-BEE1-7F694B9A587A}) (Version: 3.1.9534 - K-NFB Reading Technology, Inc.)
    Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.93.99.187.1 - Broadcom Corporation)
    calibre (HKLM\...\{263E62B9-CB1E-4864-A8A7-37DEAC651484}) (Version: 2.63.0 - Kovid Goyal)
    Canon MF210 Series (HKLM\...\{14824AB4-17F5-4909-80AB-A7E24743A47C}) (Version: 4.5.0.0 - CANON INC.)
    Citavi 5 (HKLM\...\{7EB278FB-0C3C-445E-8665-4A6CDD9B794E}) (Version: 5.0.0.11 - Swiss Academic Software)
    Cyberoam General Authentication Client 2.1.2.7 (HKLM\...\{043251F4-DA3F-44E6-A903-0A9B9FB375B9}}_is1) (Version:  - Cyberoam Technologies Pvt. Ltd.)
    Dropbox (HKLM\...\Dropbox) (Version: 9.4.49 - Dropbox, Inc.)
    Dropbox Update Helper (Version: 1.3.45.1 - Dropbox, Inc.) Hidden
    ePub Converter v2.7.109.352 (HKLM\...\ePub Converter v2.7.109.3522.7.109.352) (Version: 2.7.109.352 - Friends in War)
    EthoVision XT 11 (HKLM\...\{6F1198E3-A40C-4C59-B2FC-9A430B36D9AD}) (Version: 11.0.928 - Noldus Information Technology bv)
    Everything 1.3.4.686 (x86) (HKLM\...\Everything) (Version:  - )
    Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 8.0.0.624 - Foxit Software Inc.)
    GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
    GoldenDict (HKLM\...\GoldenDict) (Version:  - )
    Google Chrome (HKLM\...\{FD78FCBB-B20E-370E-BA1C-FE6886D4214F}) (Version: 52.0.2743.116 - Google, Inc.)
    Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
    GraphPad Prism 6 (Trial) (HKLM\...\{E2D64D20-54B1-11E1-72AE-0169BBF12CD6}) (Version: 6.07 - GraphPad Software)
    Herramientas de corrección de Microsoft Office 2016: español (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
    Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3417 - Intel Corporation)
    Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
    Internet Download Manager (HKLM\...\Internet Download Manager) (Version:  - Tonec Inc.)
    KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version:  - )
    MATLAB R2014a (HKLM\...\Matlab R2014a) (Version: 8.3 - The MathWorks, Inc.)
    Metric Collection SDK 35 (Version: 1.2.0006.00 - Lenovo Group Limited) Hidden
    Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Preview Redistributable (x86) - 12.0.20617 (HKLM\...\{1f407217-9aec-4146-8504-e64ac959c534}) (Version: 12.0.20617.1 - Microsoft Corporation)
    Noldus HardwareInterface Iobox 3.0.12 (HKLM\...\{515A24CA-6F55-44F6-94F1-F39BA91DA19E}) (Version: 3.0.12 - Noldus Information Technology bv)
    Noldus HardwareInterface MiniIobox 3.0.16 (HKLM\...\{705C9773-3987-45C8-B326-BB8D911A571B}) (Version: 3.0.16 - Noldus Information Technology bv)
    Noldus MainConcept Codec Package 8.5 (HKLM\...\{5DA40F7A-56E2-4F77-B37C-5C8092BA249B}) (Version: 8.5.30 - Noldus Information Technology bv)
    Noldus MainConcept Encoder Package 7.5 (HKLM\...\{6DF93DFB-24DA-48F9-8C73-E3A35F79107E}) (Version: 7.5.4 - Noldus Information Technology bv)
    Noldus MediaLooks A/V Filters 3.2 (HKLM\...\{505F9AC2-C8AD-4E17-98AE-B5CF4D1F2D21}) (Version: 3.2.00 - Noldus Information Technology bv)
    Noldus RBRMInterface (HKLM\...\{EDB651A9-DB41-49D3-97BB-021C1F290839}) (Version: 1.0.8 - Noldus Information Technology bv)
    Noldus Resizer Filter 12.0.2 (HKLM\...\{53C62640-01F0-4A8D-9FD9-47D2EEB08945}) (Version: 12.0.2 - Noldus Information Technology bv)
    OpenControl - Tracking Only v1.2 (HKLM\...\OpenControl-TrackingOnly_is1) (Version:  - Paulo Aguiar paguiar@ibmc.up.pt)
    Outils de vérification linguistique 2016 de Microsoft Office - Français (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
    Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9.140.248 - Google, Inc.)
    qBittorrent 3.3.5 (HKLM\...\qBittorrent) (Version: 3.3.5 - The qBittorrent project)
    Realtek I2S Audio (HKLM\...\{89A448AA-3301-46AA-AFC3-34F2D7C670E8}) (Version: 6.2.9600.4087 - Realtek Semiconductor Corp.)
    Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
    Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
    SafeZone Stable 1.51.2220.53 (Version: 1.51.2220.53 - Avast Software) Hidden
    Sandboxie 5.12 (32-bit) (HKLM\...\Sandboxie) (Version: 5.12 - Sandboxie Holdings, LLC)
    Sentinel Runtime (HKLM\...\{2A414CBE-CDF3-48C6-A91B-D3D4522F8EB5}) (Version: 6.60.1.36770 - SafeNet Inc.)
    SHAREit (HKLM\...\SHAREit_is1) (Version: 3.3.0.1103 - Lenovo)
    Smart Diary Suite 4 (HKLM\...\{4E0B21EE-F414-412A-B916-19CBDEA5EF64}_is1) (Version:  - Programming Sunrise)
    Smart v3.0.05 (HKLM\...\{13782DCB-22E7-4F72-8BF9-4B059D8599EA}_is1) (Version: 3.0.5.2902 - Panlab Harvard Apparatus)
    SugarSync (HKLM\...\SugarSync) (Version: 3.7.2.7.144324 - SugarSync, Inc.)
    TeamViewer 11 (HKLM\...\TeamViewer) (Version: 11.0.64630 - TeamViewer)
    Telegram Desktop version 0.10.1 (HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 0.10.1 - Telegram Messenger LLP)
    Temp File Cleaner (HKLM\...\Temp File Cleaner) (Version: 4.4.0 - Addpcs, LLC)
    Todoist (HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\{B1B3C79A-FFD9-4B28-A456-62B6E55E2A5C}_is1) (Version: 2.7.6.0 - Doist Ltd.)
    UnCleaner (HKLM\...\UnCleaner) (Version: 1.7 - Josh Cell Softwares Corporation)
    Update for Skype for Business 2016 (KB3118288) 32-Bit Edition (HKLM\...\{90160000-0011-0000-0000-0000000FF1CE}_Office16.PROPLUS_{736AF69B-309B-4C1E-A1E7-202FF8CCA0CD}) (Version:  - Microsoft)
    Update for Skype for Business 2016 (KB3118288) 32-Bit Edition (HKLM\...\{90160000-012B-0409-0000-0000000FF1CE}_Office16.PROPLUS_{736AF69B-309B-4C1E-A1E7-202FF8CCA0CD}) (Version:  - Microsoft)
    VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
    WebStorage (HKLM\...\WebStorage) (Version: 2.1.2.301 - ASUS Cloud Corporation)
    WinDirStat 1.1.2 (HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\WinDirStat) (Version:  - )
    Windows 10 Upgrade Assistant (HKLM\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17332 - Microsoft Corporation)
    Windows Driver Package - ASUS (AsusHID) Mouse  (03/17/2014 3.0.0.27) (HKLM\...\A2E56402A9DA7D645E15F917A8AD8C50FDC80753) (Version: 03/17/2014 3.0.0.27 - ASUS)
    WinFlash (HKLM\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
    WinRAR 5.31 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
    Xilisoft PDF to EPUB Converter (HKLM\...\Xilisoft PDF to EPUB Converter) (Version: 1.0.1.0927 - Xilisoft)
    Xvid Video Codec (HKLM\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
    
    
    ==================== Custom CLSID (Whitelisted): ==========================
    
    
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    
    
    
    
    ==================== Scheduled Tasks (Whitelisted) =============
    
    
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    
    
    Task: {004EEE38-C96B-4042-864E-DDE62D721259} - System32\Tasks\Update Checker => C:\Program Files\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
    Task: {0990F565-119A-4A2C-B762-78C82CA95154} - System32\Tasks\MATLAB R2014a Startup Accelerator => e:\Program Files\MATLAB\R2014a\bin\win32\MATLABStartupAccelerator.exe [2014-01-29] ()
    Task: {2D23BF59-B5E6-4294-832C-1AE7252389B9} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2014-01-14] (ASUSTek Computer Inc.)
    Task: {313B6B8F-EC4D-4EEB-B0A9-C0E2998D5847} - \ASUS Patch for Touch Panel -> No File <==== ATTENTION
    Task: {5318C8C0-7823-4B2F-B271-D2CFCE3D45F6} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 35 => C:\Program Files\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe
    Task: {57876349-58E1-4042-BE9F-F9DF9B7A125A} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-07-15] (Dropbox, Inc.)
    Task: {6E795BEF-3F18-4D59-B526-8A7E1193B411} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-09-01] (AVAST Software)
    Task: {6F8BE5F2-4AB8-407A-BB58-8C3C6FF9E49E} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)
    Task: {81593B05-5E9A-444A-BB06-7A36B65B2C91} - System32\Tasks\ASUS Live Update1 => C:\Program Files\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
    Task: {83F42300-30C3-4F23-98AB-96AA04A9F01C} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPLauncher.exe [2014-04-09] (AsusTek)
    Task: {8687639D-93DD-494F-AE76-1922D6B6A23C} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-07-10] (AVAST Software)
    Task: {C1C9D87E-22F6-4B23-8929-DE23B74A1DA3} - System32\Tasks\SafeZone scheduled Autoupdate 1472832695 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-08-09] (Avast Software)
    Task: {D6EFF91B-908E-4AE1-BAC6-79B0610F168D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-07-10] (Google Inc.)
    Task: {E3555FF8-B04C-4D2C-ADC0-C52D617756F9} - System32\Tasks\ASUS Live Update2 => C:\Program Files\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
    Task: {F0FED4FB-582A-4548-B6CE-63C1258D7D8A} - System32\Tasks\AutoPico Daily Restart => d:\Program Files\KMSpico\AutoPico.exe [2015-09-27] (@ByELDI)
    Task: {F2179854-30CB-4504-900A-3B886F9401C6} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-07-15] (Dropbox, Inc.)
    Task: {F69F135A-1B72-4262-860F-D31950AFAD91} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-07-10] (Google Inc.)
    Task: {FAB49829-3EE7-4234-BE84-277862F2A57C} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
    
    
    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
    
    
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\MATLAB R2014a Startup Accelerator.job => e:\Program Files\MATLAB\R2014a\bin\win32\MATLABStartupAccelerator.exe
    
    
    ==================== Shortcuts =============================
    
    
    (The entries could be listed to be restored or removed.)
    
    
    ShortcutWithArgument: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Freelancy Time Tracker.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=olkajbcicgbkoefeclmjjbdhidnnmgkh
    ShortcutWithArgument: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gliffy Diagrams.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=bhmicilclplefnflapjmnngmkkkkpfad
    ShortcutWithArgument: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Keep - notes and lists.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki
    ShortcutWithArgument: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Pocket.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=mjcnijlhddpbdemagnpefmlkjdagkogk
    
    
    ==================== Loaded Modules (Whitelisted) ==============
    
    
    2016-07-15 15:21 - 2016-08-06 11:43 - 00019216 _____ () C:\WINDOWS\system32\spool\PRTPROCS\W32X86\TeamViewer_PrintProcessor.dll
    2016-07-10 03:19 - 2016-07-10 03:19 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2016-09-01 22:15 - 2016-09-01 22:15 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2016-09-01 22:15 - 2016-09-01 22:15 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
    2016-08-09 14:36 - 2016-08-03 04:54 - 01771336 _____ () C:\Program Files\Google\Chrome\Application\52.0.2743.116\libglesv2.dll
    2016-08-09 14:36 - 2016-08-03 04:53 - 00094024 _____ () C:\Program Files\Google\Chrome\Application\52.0.2743.116\libegl.dll
    
    
    ==================== Alternate Data Streams (Whitelisted) =========
    
    
    (If an entry is included in the fixlist, only the ADS will be removed.)
    
    
    
    
    ==================== Safe Mode (Whitelisted) ===================
    
    
    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
    
    
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
    
    
    ==================== Association (Whitelisted) ===============
    
    
    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)
    
    
    
    
    ==================== Internet Explorer trusted/restricted ===============
    
    
    (If an entry is included in the fixlist, it will be removed from the registry.)
    
    
    
    
    ==================== Hosts content: ===============================
    
    
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
    
    
    2013-08-22 10:43 - 2016-09-09 00:04 - 00000753 ____A C:\WINDOWS\system32\Drivers\etc\hosts
    
    
     
    127.0.0.1       localhost 
    
    
    ==================== Other Areas ============================
    
    
    (Currently there is no automatic fix for this section.)
    
    
    HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\asus\wallpapers\asus.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.
    
    
    ==================== MSCONFIG/TASK MANAGER disabled items ==
    
    
    (Currently there is no automatic fix for this section.)
    
    
    HKLM\...\StartupApproved\StartupFolder: => "Cyberoam General Authentication Client.lnk"
    HKLM\...\StartupApproved\Run: => "WebStorage"
    HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
    HKLM\...\StartupApproved\Run: => "Everything"
    HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_D08D85DCFC7DC1C74F7FE73786AFDD07"
    HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\StartupApproved\Run: => "IDMan"
    HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\StartupApproved\Run: => "SandboxieControl"
    HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\StartupApproved\Run: => "SugarSync"
    
    
    ==================== FirewallRules (Whitelisted) ===============
    
    
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    
    
    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [{9D61E6CB-5763-41DC-8C3F-B008269381A2}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe
    FirewallRules: [{BEFB68FE-2829-4C43-9389-4E28E4352F11}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe
    FirewallRules: [{1AFD70A4-6761-42EB-A1CE-0037C60A97AB}] => (Allow) C:\WINDOWS\system32\hasplms.exe
    FirewallRules: [{8122C688-943D-4E78-8DA2-81026A22E387}] => (Allow) D:\Program Files\SHAREit\SHAREit.exe
    FirewallRules: [{03D00B97-38FA-4CC9-AB46-137760E3C979}] => (Allow) D:\Program Files\SHAREit\SHAREit.exe
    FirewallRules: [{39CACE31-6E80-4BFD-9E17-C33167368718}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
    FirewallRules: [{E796579A-3C8D-4EDC-AC62-61A8CCD9B560}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
    FirewallRules: [{795B5D8D-CFEB-44A7-AA6C-B6A8E9FE4933}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{A8235268-B96A-46A5-BA60-A788E3C30341}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{C6293449-82E5-4ED1-BCCD-3C290B968B91}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
    FirewallRules: [{2CA38FD0-9E62-4844-AF73-F25513492427}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
    FirewallRules: [{B2CF45F7-7CD5-4F0F-B437-7F125D088AA8}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
    FirewallRules: [{145D4365-FDAD-4C2A-8F39-BE9EC439C178}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{E6B57682-B80E-471B-999B-C9F4F6006BEA}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
    FirewallRules: [{709C1F62-6910-44AF-9E5A-045C27239C6C}] => (Allow) C:\Program Files\Internet Download Manager\IDMan.exe
    FirewallRules: [{C0EB0285-0D4B-499C-9367-BA1D1D3ADC5E}] => (Allow) C:\Program Files\Internet Download Manager\IDMan.exe
    FirewallRules: [{E3CF7D3E-49DB-4099-908B-065F0DBBD1F8}] => (Allow) C:\Program Files\Internet Download Manager\IDMan.exe
    FirewallRules: [{E2136944-8C09-4054-BBE4-087976BABF17}] => (Allow) C:\Program Files\Internet Download Manager\IDMan.exe
    FirewallRules: [TCP Query User{DED73CCC-54EB-4DEA-94B1-BC0CE89C5CE6}C:\users\john\desktop\shortcuts\fg759p.exe] => (Allow) C:\users\john\desktop\shortcuts\fg759p.exe
    FirewallRules: [UDP Query User{2BD954D6-D8B6-4D6C-980A-0E4F566067F4}C:\users\john\desktop\shortcuts\fg759p.exe] => (Allow) C:\users\john\desktop\shortcuts\fg759p.exe
    FirewallRules: [{B6947C46-921D-4403-9484-3CC8BCC11180}] => (Allow) C:\Program Files\Dropbox\Client\Dropbox.exe
    FirewallRules: [{5A23F26C-C55E-441B-BA66-C3E34E196AB6}] => (Allow) LPort=1688
    FirewallRules: [{449AE8C3-1263-4C07-B028-0E0FD91066A2}] => (Allow) D:\Program Files\KMSpico\Service_KMS.exe
    FirewallRules: [{10FBAC06-9F86-476B-B9BC-D46E6E705000}] => (Allow) D:\Program Files\KMSpico\Service_KMS.exe
    
    
    ==================== Restore Points =========================
    
    
    
    
    ==================== Faulty Device Manager Devices =============
    
    
    
    
    ==================== Event log errors: =========================
    
    
    Application errors:
    ==================
    Error: (09/15/2016 05:37:00 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: chrome.exe, version: 52.0.2743.116, time stamp: 0x57a128a8
    Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception code: 0xc0000005
    Fault offset: 0x00000000
    Faulting process id: 0xd64
    Faulting application start time: 0x01d20f5170d1eb88
    Faulting application path: C:\Program Files\Google\Chrome\Application\chrome.exe
    Faulting module path: unknown
    Report Id: 491dbe13-7b45-11e6-9746-7824af713162
    Faulting package full name: 
    Faulting package-relative application ID:
    
    
    Error: (09/15/2016 05:32:43 PM) (Source: DptfPolicyLpmService) (EventID: 1) (User: )
    Description: Event-ID 1
    
    
    Error: (09/15/2016 05:22:53 PM) (Source: System Restore) (EventID: 8193) (User: )
    Description: Failed to create restore point (Process = C:\WINDOWS\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x8004231f).
    
    
    Error: (09/15/2016 03:11:23 PM) (Source: System Restore) (EventID: 8211) (User: )
    Description: The scheduled restore point could not be created.  Additional information: (0x80070070).
    
    
    Error: (09/15/2016 03:11:23 PM) (Source: System Restore) (EventID: 8193) (User: )
    Description: Failed to create restore point (Process = C:\WINDOWS\system32\srtasks.exe ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070070).
    
    
    Error: (09/15/2016 02:49:51 PM) (Source: VSS) (EventID: 12305) (User: )
    Description: Volume Shadow Copy Service error: Volume/disk not connected or not found.
    Error context: CreateFileW(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy1,0xc0000000,0x00000003,...).
    
    
    
    
    Operation:
       Processing PostFinalCommitSnapshots
    
    
    Context:
       Execution Context: System Provider
    
    
    Error: (09/15/2016 02:35:28 PM) (Source: DptfPolicyLpmService) (EventID: 1) (User: )
    Description: Event-ID 1
    
    
    Error: (09/15/2016 02:35:28 PM) (Source: DptfPolicyLpmService) (EventID: 1) (User: )
    Description: Event-ID 1
    
    
    Error: (09/15/2016 02:34:04 PM) (Source: System Restore) (EventID: 8193) (User: )
    Description: Failed to create restore point (Process = C:\WINDOWS\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_9dfef83fe2e442e4\TiWorker.exe -Embedding; Description = Windows Modules Installer; Error = 0x8004231f).
    
    
    Error: (09/15/2016 02:33:50 PM) (Source: System Restore) (EventID: 8193) (User: )
    Description: Failed to create restore point (Process = C:\WINDOWS\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x8004231f).
    
    
    
    
    System errors:
    =============
    Error: (09/15/2016 05:23:00 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Windows Malicious Software Removal Tool for Windows 8, 8.1 and 10 - September 2016 (KB890830).
    
    
    Error: (09/15/2016 05:22:53 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Microsoft Visio 2016 (KB3115494) 32-Bit Edition.
    
    
    Error: (09/15/2016 03:10:49 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Microsoft Office 2016 (KB3115495) 32-Bit Edition.
    
    
    Error: (09/15/2016 03:10:44 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Windows 8.1 (KB2965142).
    
    
    Error: (09/15/2016 03:10:44 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 8.1 (KB3177186).
    
    
    Error: (09/15/2016 03:10:44 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Security Update for Windows 8.1 (KB3178539).
    
    
    Error: (09/15/2016 02:49:51 PM) (Source: volsnap) (EventID: 36) (User: )
    Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    
    
    Error: (09/15/2016 02:35:09 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
     and APPID 
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
     to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
    
    
    Error: (09/15/2016 02:34:17 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Microsoft Office 2016 (KB3115495) 32-Bit Edition.
    
    
    Error: (09/15/2016 02:34:17 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070070: Update for Windows 8.1 (KB2965142).
    
    
    
    
    CodeIntegrity:
    ===================================
      Date: 2016-09-15 17:30:10.237
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    
    
      Date: 2016-09-15 17:26:57.021
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    
    
      Date: 2016-09-15 14:34:45.690
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    
    
      Date: 2016-09-13 10:18:04.440
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    
    
      Date: 2016-09-10 14:03:59.221
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    
    
      Date: 2016-09-09 01:35:54.942
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    
    
      Date: 2016-09-08 23:42:48.471
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    
    
      Date: 2016-09-08 23:27:44.659
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    
    
      Date: 2016-09-08 16:23:02.143
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    
    
      Date: 2016-09-02 20:41:04.221
      Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\Drivers\hwinterface.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    
    
    
    
    ==================== Memory info =========================== 
    
    
    Processor: Intel(R) Atom(TM) CPU Z3775 @ 1.46GHz
    Percentage of memory in use: 65%
    Total physical RAM: 1933.14 MB
    Available physical RAM: 663.49 MB
    Total Virtual: 2260.77 MB
    Available Virtual: 652.31 MB
    
    
    ==================== Drives ================================
    
    
    Drive c: (OS) (Fixed) (Total:20.9 GB) (Free:0.46 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive d: () (Removable) (Total:28.97 GB) (Free:3.9 GB) FAT32
    Drive e: (Data1) (Fixed) (Total:465.76 GB) (Free:195.17 GB) NTFS
    
    
    ==================== MBR & Partition Table ==================
    
    
    ========================================================
    Disk: 0 (Size: 29.1 GB) (Disk ID: 6836FA22)
    
    
    Partition: GPT.
    
    
    ========================================================
    Disk: 1 (Size: 29 GB) (Disk ID: 00000000)
    
    
    Partition: GPT.
    
    
    ========================================================
    Disk: 2 (Size: 465.8 GB) (Disk ID: 233EF10A)
    
    
    Partition: GPT.
    
    
    ==================== End of Addition.txt ============================
    
    FRST
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2016
    Ran by john (administrator) on SNTODAY (15-09-2016 17:56:11)
    Running from C:\Users\john\Desktop
    Loaded Profiles: john (Available Profiles: john & Administrator & Guest)
    Platform: Microsoft Windows 8.1 (Update) (X86) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
    
    
    ==================== Processes (Whitelisted) =================
    
    
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
    
    
    (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
    (ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (ASUS) C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    (ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe
    (ASUS Cloud Corporation) C:\Program Files\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe
    (Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe
    (Intel Corporation) C:\Windows\System32\DptfPolicyCriticalService.exe
    (Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe
    (Foxit Software Inc.) C:\Program Files\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
    (SafeNet Inc.) C:\Windows\System32\hasplms.exe
    (Intel(R) Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
    (@ByELDI) D:\Program Files\KMSpico\Service_KMS.exe
    (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
    (ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe
    (ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe
    (ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPLoader.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPCenter.exe
    (Intel Corporation) C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPHelper.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Adobe Systems Inc.) D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe
    (Microsoft Corporation) D:\Program Files\Microsoft Office\Office16\ONENOTEM.EXE
    (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe
    (Microsoft Corporation) D:\Program Files\Microsoft Office\Office16\WINWORD.EXE
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_9dfef83fe2e442e4\TiWorker.exe
    
    
    
    
    ==================== Registry (Whitelisted) ===========================
    
    
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
    
    
    HKLM\...\Run: [ASUSPRP] => C:\Program Files\ASUS\APRP\APRP.EXE [1080992 2014-04-11] (ASUSTek Computer Inc.)
    HKLM\...\Run: [WebStorage] => C:\Program Files\ASUS\WebStorage\2.1.2.301\ASUSWSLoader.exe [63296 2014-02-25] ()
    HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe [81360 2014-01-22] (Intel Corporation)
    HKLM\...\Run: [RtkNGUI] => C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe [2912256 2014-01-17] (Realtek Semiconductor)
    HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [1048576 2014-08-06] ()
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9107616 2016-09-12] (AVAST Software)
    HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [25197248 2016-08-31] (Dropbox, Inc.)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
    HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
    HKLM\...\Run: [] => [X]
    HKLM\...\Run: [Acrobat Assistant 8.0] => D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3477640 2012-09-23] (Adobe Systems Inc.)
    HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [3961968 2016-07-15] (Tonec Inc.)
    HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\Run: [SugarSync] => C:\Program Files\SugarSync\SugarSync.exe [18918368 2016-05-19] (SugarSync, Inc.)
    HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [644240 2016-06-15] (Sandboxie Holdings, LLC)
    HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\Run: [GoogleChromeAutoLaunch_D08D85DCFC7DC1C74F7FE73786AFDD07] => C:\Program Files\Google\Chrome\Application\chrome.exe [961352 2016-08-03] (Google Inc.)
    HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
    ShellIconOverlayIdentifiers: [   IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll [2015-08-14] (Tonec Inc.)
    ShellIconOverlayIdentifiers: [ !SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files\SugarSync\SugarSyncShellExt.dll [2016-05-19] (SugarSync, Inc.)
    ShellIconOverlayIdentifiers: [ !SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files\SugarSync\SugarSyncShellExt.dll [2016-05-19] (SugarSync, Inc.)
    ShellIconOverlayIdentifiers: [ !SugarSyncSharedSyncing] -> {F7395C2E-A5D8-4a32-9536-5C6A9F1DC450} => C:\Program Files\SugarSync\SugarSyncShellExt.dll [2016-05-19] (SugarSync, Inc.)
    ShellIconOverlayIdentifiers: [ !SugarSyncSynced] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files\SugarSync\SugarSyncShellExt.dll [2016-05-19] (SugarSync, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files\Dropbox\Client\DropboxExt.42.dll [2016-08-31] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_BN] -> {CC5FC992-B0AA-47CD-9DC2-83445083CBB9} => C:\Program Files\Common Files\AWS\2.1.2.301\ASUSWSShellExt.dll [2013-06-26] (ASUS Cloud Corporation.)
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_ON] -> {618A47A2-528B-4D9A-AFC8-97D3233511E3} => C:\Program Files\Common Files\AWS\2.1.2.301\ASUSWSShellExt.dll [2013-06-26] (ASUS Cloud Corporation.)
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_UN] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files\Common Files\AWS\2.1.2.301\ASUSWSShellExt.dll [2013-06-26] (ASUS Cloud Corporation.)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-09-01] (AVAST Software)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Cyberoam General Authentication Client.lnk [2016-07-27]
    ShortcutTarget: Cyberoam General Authentication Client.lnk -> C:\Program Files\Cyberoam\Cyberoam General Authentication Client\CyberoamClient.exe ()
    Startup: C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-09-15]
    ShortcutTarget: Send to OneNote.lnk -> D:\Program Files\Microsoft Office\Office16\ONENOTEM.EXE (Microsoft Corporation)
    
    
    ==================== Internet (Whitelisted) ====================
    
    
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
    
    
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{DC3F7DB0-A95E-4F15-8348-BED0679CEF24}: [DhcpNameServer] 40.51.1.13
    Tcpip\..\Interfaces\{ED5A8691-112E-4B41-AD16-64AE84004562}: [DhcpNameServer] 192.168.1.1
    
    
    Internet Explorer:
    ==================
    HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com/?pc=ASJB
    HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
    SearchScopes: HKU\S-1-5-21-1211984804-1430602019-1276967695-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
    BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll [2016-07-05] (Internet Download Manager, Tonec Inc.)
    BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
    BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-09-01] (AVAST Software)
    BHO: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
    BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
    Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
    Toolbar: HKU\S-1-5-21-1211984804-1430602019-1276967695-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
    Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - D:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-06-14] (Microsoft Corporation)
    Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - D:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2016-06-14] (Microsoft Corporation)
    
    
    FireFox:
    ========
    FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-06-07] (Foxit Corporation)
    FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-06-07] (Foxit Corporation)
    FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-06-07] (Foxit Corporation)
    FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-06-07] (Foxit Corporation)
    FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2015-08-27] (Google, Inc.)
    FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll [2013-07-13] (Intel Corporation)
    FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll [2013-07-13] (Intel Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> D:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
    FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
    FF Plugin: Adobe Acrobat -> D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
    FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-09-01]
    FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
    FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-09-01]
    FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
    FF Extension: (Adobe Acrobat - Create PDF) - D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2016-07-27] [not signed]
    FF HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\john\AppData\Roaming\IDM\idmmzcc5
    FF Extension: (IDM CC) - C:\Users\john\AppData\Roaming\IDM\idmmzcc5 [2016-09-15] [not signed]
    FF HKU\S-1-5-21-1211984804-1430602019-1276967695-1001\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - C:\Program Files\Internet Download Manager\idmmzcc2.xpi
    FF Extension: (IDM integration) - C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2016-06-08]
    
    
    Chrome: 
    =======
    CHR DefaultSearchKeyword: Default -> cal
    CHR Session Restore: Default -> is enabled.
    CHR Profile: C:\Users\john\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-09]
    CHR Extension: (Google Docs) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-09]
    CHR Extension: (Task Timer) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomfjmibjhhfdenfkpaodhnlhkolngif [2016-09-09]
    CHR Extension: (Google Drive) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-09]
    CHR Extension: (Gliffy Diagrams) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmicilclplefnflapjmnngmkkkkpfad [2016-09-09]
    CHR Extension: (YouTube) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-09]
    CHR Extension: (Calendar and Countdown) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\caplfhpahpkhhckglldpmdmjclabckhc [2016-09-09]
    CHR Extension: (OneTab) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2016-09-09]
    CHR Extension: (High Contrast) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcfdncoelnlbldjfhinnjlhdjlikmph [2016-09-09]
    CHR Extension: (Adobe Acrobat) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2016-09-09]
    CHR Extension: (Google Calendar) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2016-09-09]
    CHR Extension: (Avast SafePrice) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-09-10]
    CHR Extension: (Morphine) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbnpehpbojenlldmfcopeajkichnnjpo [2016-09-09]
    CHR Extension: (Google Sheets) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-09]
    CHR Extension: (Notepad) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffbhefmlcoihbjcmibbfkocmnaiacinp [2016-09-09]
    CHR Extension: (Google Docs Offline) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-09]
    CHR Extension: (AdBlock) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-09-09]
    CHR Extension: (Google Calendar (by Google)) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2016-09-09]
    CHR Extension: (Avast Online Security) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-09-09]
    CHR Extension: (Super Simple Highlighter) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlhjgianpocpoppaiihmlpgcoehlhio [2016-09-09]
    CHR Extension: (Checker Plus for Google Calendar™) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkhggnncdpfibdhinjiegagmopldibha [2016-09-12]
    CHR Extension: (Google Keep - notes and lists) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2016-09-13]
    CHR Extension: (Apps Launcher) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijmgkhchjindcjamnckoiahagecjnkdc [2016-09-14]
    CHR Extension: (Spreed - speed read the web) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipikiaejjblmdopojhpejjmbedhlibno [2016-09-09]
    CHR Extension: (Simple Notepad) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfjclcfpbfhdmikhohhjacgdmndneckj [2016-09-09]
    CHR Extension: (BugMeNot Lite) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\lackfehpdclhclidcbbfcemcpolgdgnb [2016-09-09]
    CHR Extension: (Progress Bar Timer) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmnlbapfmmoaehepmgbkgfcgpddlhbko [2016-09-09]
    CHR Extension: (Pocket) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2016-09-10]
    CHR Extension: (Prioritab) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\napbejkndjhcciibiglkimmgdlfjcbnp [2016-09-09]
    CHR Extension: (IDM Integration Module) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2016-09-09]
    CHR Extension: (Save to Pocket) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2016-09-09]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-09]
    CHR Extension: (Citavi Picker) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgndokldibnndfnjnagojmheejlengn [2016-09-09]
    CHR Extension: (Readability) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\oknpjjbmpnndlpmnhmekjpocelpnlfdi [2016-09-09]
    CHR Extension: (Freelancy Time Tracker) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\olkajbcicgbkoefeclmjjbdhidnnmgkh [2016-09-09]
    CHR Extension: (Browsec VPN - Privacy and Security Online) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\omghfjlpggmjjaagoclmmobgdodcjboh [2016-09-09]
    CHR Extension: (SiteBlock) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfglnpdpgmecffbejlfgpnebopinlclj [2016-09-09]
    CHR Extension: (Gmail) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-09]
    CHR Extension: (Chrome Media Router) - C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-09]
    CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]
    CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2016-06-09]
    CHR HKLM\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn] - hxxps://clients2.google.com/service/update2/crx
    
    
    ==================== Services (Whitelisted) ========================
    
    
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    
    
    R2 AsHidService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe [103224 2013-09-09] (ASUSTek Computer Inc.)
    R2 ASLDRService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe [115512 2014-02-18] (ASUSTek Computer Inc.)
    R2 Asus WebStorage Windows Service; C:\Program Files\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe [71680 2014-02-25] (ASUS Cloud Corporation) [File not signed]
    R2 ATKGFNEXSrv; C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2011-11-22] (ASUS)
    S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-01] (AVAST Software)
    S2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [1677016 2014-08-07] (Broadcom Corporation.)
    S3 cphs; C:\WINDOWS\system32\IntelCpHeciSvc.exe [277304 2014-02-11] (Intel Corporation)
    S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-07-15] (Dropbox, Inc.)
    S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-07-15] (Dropbox, Inc.)
    R2 DptfParticipantProcessorService; C:\WINDOWS\system32\DptfParticipantProcessorService.exe [83920 2014-01-22] (Intel Corporation)
    R2 DptfPolicyCriticalService; C:\WINDOWS\system32\DptfPolicyCriticalService.exe [96720 2014-01-22] (Intel Corporation)
    R2 DptfPolicyLpmService; C:\WINDOWS\system32\DptfPolicyLpmService.exe [90576 2014-01-22] (Intel Corporation)
    R2 FoxitReaderService; C:\Program Files\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1647808 2016-06-21] (Foxit Software Inc.)
    R2 hasplms; C:\WINDOWS\system32\hasplms.exe [4609928 2013-08-01] (SafeNet Inc.)
    R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [586752 2013-07-02] (Intel(R) Corporation) [File not signed]
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [637912 2013-07-02] (Intel(R) Corporation)
    R2 jhi_service; C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe [168216 2014-01-15] (Intel Corporation)
    S3 Lenovo EasyPlus Hotspot; C:\Program Files\Common Files\LENOVO\easyplussdk\bin\EPHotspot.exe [509424 2015-06-08] (Lenovo)
    R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [154256 2016-06-15] (Sandboxie Holdings, LLC)
    R2 Service KMSELDI; d:\Program Files\KMSpico\Service_KMS.exe [739520 2015-09-27] (@ByELDI) [File not signed]
    S3 ShareItSvc; D:\Program Files\SHAREit\Shareit.Service.exe [31704 2016-03-31] (SHAREit Technologies Co.Ltd)
    R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [7248144 2016-08-09] (TeamViewer GmbH)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [284520 2015-07-07] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22224 2015-07-07] (Microsoft Corporation)
    
    
    ===================== Drivers (Whitelisted) ==========================
    
    
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    
    
    R2 aksfridge; C:\WINDOWS\system32\drivers\aksfridge.sys [376200 2013-08-01] (SafeNet Inc.)
    R2 ASMMAP; C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys [13880 2009-07-03] (ASUS)
    R3 AsusHID; C:\WINDOWS\System32\drivers\AsusHID.sys [68888 2014-04-09] (ASUS Corporation)
    S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [34008 2016-09-01] (AVAST Software)
    R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [35096 2016-09-01] (AVAST Software)
    R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [92256 2016-09-01] (AVAST Software)
    R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [91232 2016-09-01] (AVAST Software)
    R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [60424 2016-09-01] (AVAST Software)
    R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [735488 2016-09-13] (AVAST Software)
    R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [434144 2016-09-01] (AVAST Software)
    S2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [118664 2016-09-01] (AVAST Software)
    R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [224616 2016-09-01] (AVAST Software)
    R1 ATKWMIACPIIO; C:\Program Files\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi.sys [17720 2013-07-03] (ASUSTek Computer Inc.)
    S3 AX88772; C:\WINDOWS\system32\DRIVERS\ax88772.sys [97896 2013-07-18] (ASIX Electronics Corp.)
    R3 BCMSDH43XX; C:\WINDOWS\system32\DRIVERS\bcmdhd63.sys [304344 2014-08-07] (Broadcom Corp)
    R3 BthMini; C:\WINDOWS\System32\Drivers\BTHMINI.sys [23552 2014-10-29] (Microsoft Corporation)
    S3 btwampfl; C:\WINDOWS\system32\DRIVERS\btwampfl.sys [144600 2014-08-07] (Broadcom Corporation.)
    R3 BtwSerialBus; C:\WINDOWS\system32\DRIVERS\BtwSerialBus.sys [130776 2014-08-07] (Broadcom Corporation.)
    R3 camera; C:\WINDOWS\system32\DRIVERS\camera.sys [345088 2013-12-02] (Intel Corporation)
    R3 CM3218x; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [188416 2014-05-31] (Microsoft Corporation)
    R3 CPLMACPI; C:\WINDOWS\system32\DRIVERS\CPLMACPI.sys [16488 2013-09-06] (Capella Microsystems, Inc.)
    R3 DptfDevDBPT; C:\WINDOWS\system32\DRIVERS\DptfDevPower.sys [25552 2014-01-22] (Intel Corporation)
    R3 DptfDevDisplay; C:\WINDOWS\system32\DRIVERS\DptfDevDisplay.sys [28112 2014-01-22] (Intel Corporation)
    R3 DptfDevGen; C:\WINDOWS\system32\DRIVERS\DptfDevGen.sys [36304 2014-01-22] (Intel Corporation)
    R3 DptfDevProc; C:\WINDOWS\system32\DRIVERS\DptfDevProc.sys [80848 2014-01-22] (Intel Corporation)
    R3 DptfManager; C:\WINDOWS\system32\DRIVERS\DptfManager.sys [181712 2014-01-22] (Intel Corporation)
    R3 GPIO; C:\WINDOWS\System32\drivers\iaiogpioe.sys [23552 2013-12-30] (Intel Corporation)
    R3 GpioVirtual; C:\WINDOWS\System32\drivers\iaiogpiovirtual.sys [16896 2013-12-30] (Intel Corporation)
    R2 hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [608648 2013-08-01] (SafeNet Inc.)
    R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsHIDSwitch.sys [17720 2013-10-08] (ASUS)
    S1 hwinterface; C:\WINDOWS\System32\Drivers\hwinterface.sys [3026 2016-08-07] (Logix4u) [File not signed]
    R3 iaioi2c; C:\WINDOWS\System32\drivers\iaioi2ce.sys [58368 2013-11-15] (Intel Corporation)
    R3 iaiouart; C:\WINDOWS\System32\drivers\iaiouart.sys [87552 2013-12-30] (Intel Corporation)
    S0 iaStorA; C:\WINDOWS\System32\drivers\iaStorA.sys [489832 2013-12-16] (Intel Corporation)
    R2 inpout32; C:\WINDOWS\System32\Drivers\inpout32.sys [11936 2016-08-05] (Highresolution Enterprises [www.highrez.co.uk])
    S3 intaud_WaveExtensible; C:\WINDOWS\system32\drivers\intelaud.sys [32664 2014-01-23] (Intel Corporation)
    R3 IntelSST; C:\WINDOWS\system32\drivers\isstrtc.sys [254464 2013-12-30] (Intel(R) Corporation)
    R3 INVN_MotionApps; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [188416 2014-05-31] (Microsoft Corporation)
    R3 iwdbus; C:\WINDOWS\System32\drivers\iwdbus.sys [23448 2014-01-23] (Intel Corporation)
    R0 MBI; C:\WINDOWS\System32\drivers\MBI.sys [21456 2013-12-30] (Intel Corporation)
    R3 MT9M114; C:\WINDOWS\System32\drivers\MT9M114.sys [38912 2013-12-02] (Intel Corporation)
    S3 NETwNs32; C:\WINDOWS\system32\DRIVERS\Netwsn00.sys [10372096 2013-06-18] (Intel Corporation)
    R3 PMIC; C:\WINDOWS\System32\drivers\PMIC.sys [48128 2013-12-30] (Intel Corporation)
    R3 rtii2sac; C:\WINDOWS\system32\DRIVERS\rtii2sac.sys [169176 2014-03-14] (Realtek Semiconductor Corp.)
    R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [177296 2016-06-15] (Sandboxie Holdings, LLC)
    R3 SensorsServiceDriver; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [188416 2014-05-31] (Microsoft Corporation)
    R3 teamviewervpn; C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys [25088 2016-07-05] (TeamViewer GmbH)
    R3 TXEI; C:\WINDOWS\System32\drivers\TXEI.sys [75792 2014-02-26] (Intel Corporation)
    S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [38928 2015-07-07] (Microsoft Corporation)
    S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [233304 2015-07-07] (Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [84824 2015-07-07] (Microsoft Corporation)
    U0 msahci; no ImagePath
    
    
    ==================== NetSvcs (Whitelisted) ===================
    
    
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
    
    
    
    
    ==================== One Month Created files and folders ========
    
    
    (If an entry is included in the fixlist, the file/folder will be moved.)
    
    
    2016-09-15 17:56 - 2016-09-15 17:56 - 00031615 _____ C:\Users\john\Desktop\FRST.txt
    2016-09-15 17:55 - 2016-09-15 17:55 - 01748992 _____ (Farbar) C:\Users\john\Desktop\FRST.exe
    2016-09-15 17:55 - 2016-09-15 17:55 - 00000000 ____D C:\Users\john\Desktop\FRST-OlderVersion
    2016-09-15 17:51 - 2016-09-15 17:53 - 00031686 _____ C:\Users\john\Desktop\reg.txt
    2016-09-15 17:51 - 2016-09-08 23:48 - 00278831 _____ C:\Users\john\Desktop\wireless.exe
    2016-09-15 17:49 - 2016-09-15 17:49 - 00035851 _____ C:\Users\john\Desktop\MTB.txt
    2016-09-15 17:36 - 2016-09-15 17:36 - 03861056 _____ C:\Users\john\Desktop\adwcleaner_6.020.exe
    2016-09-15 15:01 - 2014-04-14 07:07 - 00865280 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
    2016-09-15 14:29 - 2014-08-16 07:46 - 01205976 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
    2016-09-15 14:29 - 2014-08-16 05:13 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
    2016-09-15 14:29 - 2014-08-16 05:01 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll
    2016-09-15 14:29 - 2014-08-16 04:51 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcsvDevice.dll
    2016-09-15 14:29 - 2014-08-16 04:45 - 00586752 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
    2016-09-15 14:29 - 2014-08-16 04:44 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
    2016-09-15 14:29 - 2014-08-16 04:43 - 05902848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
    2016-09-15 14:29 - 2014-08-16 04:43 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
    2016-09-15 14:29 - 2014-08-16 04:41 - 03985408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
    2016-09-15 14:29 - 2014-08-16 04:35 - 00877056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
    2016-09-15 14:29 - 2014-07-24 15:12 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
    2016-09-15 14:03 - 2014-05-19 10:03 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvcfg.exe
    2016-09-15 14:03 - 2014-05-19 09:53 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe
    2016-09-15 13:33 - 2016-08-13 12:15 - 05761880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2016-09-15 13:33 - 2016-08-13 12:14 - 01471544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2016-09-15 13:33 - 2016-08-13 12:14 - 01395664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2016-09-15 13:33 - 2016-08-13 12:14 - 01284576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
    2016-09-15 13:33 - 2016-08-13 12:14 - 01271152 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
    2016-09-15 13:33 - 2016-08-13 12:14 - 01173016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
    2016-09-15 13:33 - 2016-08-13 02:49 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
    2016-09-15 13:33 - 2014-04-11 12:55 - 00419928 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
    2016-09-15 12:42 - 2014-04-18 18:13 - 00031064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll
    2016-09-15 12:42 - 2014-04-18 13:21 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\energyprov.dll
    2016-09-15 12:42 - 2014-04-14 12:31 - 00285144 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
    2016-09-15 12:42 - 2014-04-11 08:53 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
    2016-09-15 12:42 - 2014-04-11 07:57 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
    2016-09-15 12:42 - 2014-04-09 10:14 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll
    2016-09-15 12:42 - 2014-04-06 19:53 - 00098584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
    2016-09-15 12:42 - 2014-04-06 19:52 - 00178184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
    2016-09-15 12:42 - 2014-04-06 19:48 - 00271192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
    2016-09-15 12:42 - 2014-04-06 19:46 - 01209616 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
    2016-09-15 12:42 - 2014-04-06 19:46 - 01159520 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
    2016-09-15 12:42 - 2014-04-06 19:46 - 00707048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
    2016-09-15 12:42 - 2014-04-06 19:46 - 00669856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
    2016-09-15 12:42 - 2014-04-06 19:46 - 00518544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
    2016-09-15 12:42 - 2014-04-06 16:36 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\srclient.dll
    2016-09-15 12:42 - 2014-04-06 16:30 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
    2016-09-15 12:42 - 2014-04-06 16:17 - 00264704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
    2016-09-15 12:42 - 2014-04-06 16:10 - 00245248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe
    2016-09-15 12:42 - 2014-04-06 15:28 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
    2016-09-15 12:42 - 2014-04-06 15:07 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
    2016-09-15 12:42 - 2014-04-06 15:06 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
    2016-09-15 12:42 - 2014-04-06 14:29 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
    2016-09-15 12:42 - 2014-04-03 08:33 - 00230808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
    2016-09-15 12:42 - 2014-04-03 06:53 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\tlscsp.dll
    2016-09-15 12:42 - 2014-03-27 09:18 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
    2016-09-15 12:42 - 2014-03-27 08:49 - 00313344 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
    2016-09-15 12:42 - 2014-03-27 07:52 - 00244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
    2016-09-15 12:42 - 2014-03-27 07:33 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll
    2016-09-15 12:42 - 2014-03-19 11:47 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll
    2016-09-15 12:42 - 2014-03-19 11:39 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
    2016-09-15 12:42 - 2014-03-19 09:30 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
    2016-09-15 12:42 - 2014-03-19 09:21 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
    2016-09-15 12:42 - 2014-03-19 09:17 - 01309184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
    2016-09-15 12:42 - 2014-03-18 11:52 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
    2016-09-15 12:42 - 2014-03-17 08:41 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
    2016-09-15 12:42 - 2014-03-17 07:15 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
    2016-09-15 12:41 - 2014-07-15 21:37 - 02257584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
    2016-09-15 12:41 - 2014-07-15 12:33 - 02344448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
    2016-09-15 12:41 - 2014-07-15 12:25 - 02045440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll
    2016-09-15 12:41 - 2014-05-01 15:30 - 00046512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wpcfltr.sys
    2016-09-15 12:17 - 2016-08-21 03:21 - 01118720 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2016-09-15 12:17 - 2016-08-21 03:20 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
    2016-09-15 12:17 - 2016-08-14 22:44 - 01403320 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
    2016-09-15 12:17 - 2016-08-14 21:52 - 03475968 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
    2016-09-15 12:15 - 2014-05-13 09:51 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\BulkOperationHost.exe
    2016-09-15 12:15 - 2014-05-13 08:13 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
    2016-09-15 12:15 - 2014-05-03 09:27 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
    2016-09-15 12:15 - 2014-05-03 09:16 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncobjapi.dll
    2016-09-15 12:15 - 2014-05-03 09:07 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedynos.dll
    2016-09-15 12:15 - 2014-05-03 09:07 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedyn.dll
    2016-09-15 12:15 - 2014-04-30 10:02 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwififlt.sys
    2016-09-15 12:15 - 2014-04-30 09:59 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
    2016-09-15 12:15 - 2014-04-30 09:18 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
    2016-09-15 12:15 - 2014-04-30 08:16 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
    2016-09-15 12:15 - 2014-04-30 08:16 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
    2016-09-15 12:15 - 2014-04-30 08:16 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll
    2016-09-15 12:15 - 2014-04-30 08:15 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll
    2016-09-15 12:15 - 2014-04-30 07:45 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
    2016-09-15 12:15 - 2014-04-14 12:38 - 01797896 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
    2016-09-15 12:15 - 2014-04-14 09:48 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d8thk.dll
    2016-09-15 11:49 - 2014-08-23 10:02 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
    2016-09-15 11:49 - 2014-08-23 08:32 - 00612352 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
    2016-09-15 11:47 - 2016-09-15 11:47 - 00914104 _____ C:\Users\john\Desktop\The Art of Forgetting.pdf
    2016-09-15 11:41 - 2016-09-15 14:25 - 00010033 _____ C:\Users\john\Desktop\Book of all to do.xlsx
    2016-09-15 11:37 - 2014-07-12 08:13 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
    2016-09-15 11:36 - 2016-08-21 03:35 - 05273600 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll
    2016-09-15 11:36 - 2016-08-21 02:57 - 05268480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
    2016-09-15 11:31 - 2016-09-01 07:38 - 20312064 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2016-09-15 11:31 - 2016-09-01 07:16 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2016-09-15 11:31 - 2016-09-01 06:54 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2016-09-15 11:31 - 2016-09-01 06:09 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
    2016-09-15 11:31 - 2016-09-01 06:00 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2016-09-15 11:31 - 2016-09-01 05:57 - 13808128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2016-09-15 11:31 - 2016-09-01 05:54 - 04607488 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2016-09-15 11:31 - 2016-09-01 05:13 - 02445824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2016-09-15 11:31 - 2016-09-01 05:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
    2016-09-15 11:31 - 2016-09-01 05:08 - 01316352 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2016-09-15 11:31 - 2016-08-26 09:14 - 02286592 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2016-09-15 11:31 - 2016-08-26 08:30 - 01049600 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
    2016-09-15 11:22 - 2016-08-10 03:17 - 00611576 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
    2016-09-15 11:20 - 2016-09-09 02:21 - 00332632 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
    2016-09-15 11:20 - 2016-08-22 20:39 - 00136872 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
    2016-09-15 11:20 - 2016-08-22 20:39 - 00077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
    2016-09-15 11:20 - 2016-08-21 04:31 - 00153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
    2016-09-15 11:20 - 2016-08-21 04:30 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
    2016-09-15 11:20 - 2016-08-21 04:29 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
    2016-09-14 10:36 - 2016-09-14 11:49 - 00001614 _____ C:\Users\john\Downloads\dcopycopy.m
    2016-09-11 22:43 - 2016-09-11 22:43 - 00000000 _____ C:\WINDOWS\system32\last.dump
    2016-09-10 23:15 - 2016-09-03 22:18 - 00143995 _____ C:\Users\john\Downloads\d - Copy - Copy.mat
    2016-09-10 23:15 - 2016-09-03 22:18 - 00143995 _____ C:\Users\john\Downloads\d - Copy - Copy (3).mat
    2016-09-10 23:15 - 2016-09-03 22:18 - 00143995 _____ C:\Users\john\Downloads\d - Copy - Copy (2).mat
    2016-09-10 14:02 - 2016-09-10 14:02 - 00000000 ____D C:\Users\Guest\AppData\Local\VirtualStore
    2016-09-09 12:48 - 2016-09-09 12:48 - 00000000 ____D C:\ProgramData\IDM
    2016-09-09 00:40 - 2016-09-09 00:01 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
    2016-09-09 00:01 - 2016-09-09 00:33 - 00000000 ____D C:\zoek_backup
    2016-09-08 23:54 - 2016-09-15 17:56 - 00000000 ____D C:\FRST
    2016-09-08 23:38 - 2016-09-08 23:38 - 00000000 ____D C:\ProgramData\Blio
    2016-09-08 23:37 - 2016-09-08 23:37 - 00001706 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Blio eBooks.lnk
    2016-09-08 23:37 - 2016-09-08 23:37 - 00000000 ____D C:\Users\john\AppData\Roaming\Blio
    2016-09-08 23:37 - 2016-09-08 23:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-NFB Reading Technology
    2016-09-08 23:36 - 2016-09-15 17:41 - 00000000 ____D C:\AdwCleaner
    2016-09-08 23:34 - 2016-09-08 23:34 - 00892416 _____ (Farbar) C:\Users\john\Desktop\MiniToolBox.exe
    2016-09-08 19:31 - 2016-09-08 19:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\UnCleaner
    2016-09-08 19:31 - 2016-09-08 19:31 - 00000000 ____D C:\Program Files\UnCleaner
    2016-09-08 16:42 - 2016-09-08 16:43 - 01584719 _____ C:\Users\john\Downloads\butterfly-wallpaper.jpeg
    2016-09-08 16:14 - 2016-09-08 16:14 - 00773572 _____ (Soft98.iR) C:\Users\john\Downloads\Unconfirmed 993990.crdownload
    2016-09-05 15:51 - 2016-09-05 16:03 - 00000000 ____D C:\Users\john\Desktop\New folder
    2016-09-05 11:33 - 2016-09-15 17:33 - 00000560 _____ C:\WINDOWS\Tasks\MATLAB R2014a Startup Accelerator.job
    2016-09-05 11:33 - 2016-09-05 11:33 - 00000906 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MATLAB R2014a.lnk
    2016-09-05 11:33 - 2016-09-05 11:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MATLAB
    2016-09-05 11:33 - 2016-09-05 11:33 - 00000000 ____D C:\ProgramData\MathWorks
    2016-09-05 10:47 - 2016-09-11 16:25 - 00000000 ____D C:\Users\john\AppData\Roaming\Psiphon3
    2016-09-04 00:04 - 2016-09-04 00:10 - 00000000 ____D C:\Users\john\Downloads\Video
    2016-09-03 22:21 - 2016-09-03 22:18 - 00143995 _____ C:\Users\john\Downloads\d2.mat
    2016-09-03 22:21 - 2016-09-03 22:18 - 00143995 _____ C:\Users\john\Downloads\d - Copy.mat
    2016-09-03 22:18 - 2016-09-03 22:18 - 00143995 _____ C:\Users\john\Downloads\d.mat
    2016-09-03 02:25 - 2016-09-03 02:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
    2016-09-02 21:42 - 2016-09-02 21:43 - 00148586 _____ C:\Users\john\Documents\Picasa.pdf
    2016-09-02 21:41 - 2016-09-13 22:18 - 00000000 ____D C:\Users\john\Downloads\Telegram Desktop
    2016-09-02 20:41 - 2016-09-02 20:41 - 00001142 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
    2016-09-02 15:09 - 2016-09-14 14:18 - 00000000 ____D C:\Users\john\Downloads\Compressed
    2016-09-01 22:58 - 2016-09-01 22:58 - 01623442 _____ C:\Users\john\Documents\fatemehID.pdf
    2016-09-01 22:16 - 2016-09-01 22:15 - 00319760 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
    2016-09-01 22:15 - 2016-09-01 22:15 - 00053208 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
    2016-08-29 23:32 - 2016-08-29 23:32 - 00000000 ____D C:\Users\john\AppData\Roaming\Canon
    2016-08-29 23:05 - 2016-08-29 23:05 - 00000000 ___HD C:\WINDOWS\system32\CanonMF Uninstaller Information
    2016-08-29 23:05 - 2016-08-29 23:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon
    2016-08-29 23:05 - 2014-03-04 10:50 - 00338944 _____ (CANON INC.) C:\WINDOWS\system32\CNCC210.DLL
    2016-08-29 23:05 - 2014-03-04 10:50 - 00138240 _____ (CANON INC.) C:\WINDOWS\system32\CNCE210.DLL
    2016-08-29 23:05 - 2014-03-04 10:50 - 00112640 _____ (CANON INC.) C:\WINDOWS\system32\CNCL210.DLL
    2016-08-29 23:05 - 2014-03-04 10:50 - 00112128 _____ (CANON INC.) C:\WINDOWS\system32\CNCLSD48b.DLL
    2016-08-29 23:05 - 2014-03-04 10:50 - 00100352 _____ (CANON INC.) C:\WINDOWS\system32\CNCLSI48b.DLL
    2016-08-29 23:05 - 2014-03-04 10:50 - 00090624 _____ (CANON INC.) C:\WINDOWS\system32\CNCLST48b.DLL
    2016-08-29 23:05 - 2014-03-04 10:50 - 00082432 _____ (CANON INC.) C:\WINDOWS\system32\CNCI210.DLL
    2016-08-29 23:05 - 2014-03-04 10:50 - 00073728 _____ (CANON INC.) C:\WINDOWS\system32\CNCLSC48b.DLL
    2016-08-29 23:05 - 2014-03-04 10:50 - 00066560 _____ (CANON INC.) C:\WINDOWS\system32\CNCLSU48b.DLL
    2016-08-29 23:05 - 2014-02-03 19:19 - 00000431 _____ C:\WINDOWS\system32\CNCMFP48.INI
    2016-08-29 23:04 - 2016-08-29 23:04 - 00000000 ____D C:\Program Files\Canon
    2016-08-29 22:16 - 2016-08-29 22:16 - 00000341 _____ C:\Users\john\Desktop\fg.ini
    2016-08-29 19:36 - 2016-08-29 19:36 - 00000948 _____ C:\Users\john\Desktop\Folders - Shortcut.lnk
    2016-08-29 19:31 - 2016-08-29 19:31 - 00000980 _____ C:\Users\john\Desktop\fg759p - Shortcut.lnk
    2016-08-29 19:30 - 2016-09-15 17:36 - 00000000 ___RD C:\Users\john\Desktop\Shortcuts
    2016-08-29 11:26 - 2016-08-29 11:26 - 00000000 ____D C:\Users\john\AppData\Local\Chromium
    2016-08-29 11:11 - 2016-08-29 11:11 - 00000000 ____D C:\Users\john\AppData\Local\IsolatedStorage
    2016-08-29 11:09 - 2016-09-15 02:01 - 00000000 ____D C:\Users\john\Documents\Blio
    2016-08-29 10:59 - 2016-08-29 10:59 - 00000000 ____D C:\Users\Public\Blio
    2016-08-29 10:52 - 2016-08-29 10:52 - 00000000 ____D C:\Users\john\Documents\My Digital Editions
    2016-08-22 11:43 - 2016-08-22 23:18 - 00000006 _____ C:\Users\john\AppData\Roaming\SmartDiarySuite.dic-sds
    2016-08-22 11:42 - 2016-08-22 11:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Diary Suite 4
    2016-08-21 20:06 - 2016-08-21 20:06 - 00000000 ____D C:\Users\john\AppData\Local\Doist_Ltd
    2016-08-21 20:05 - 2016-08-21 20:05 - 00000000 ____D C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Todoist
    2016-08-21 20:05 - 2016-08-21 20:05 - 00000000 ____D C:\Users\john\AppData\Local\Todoist
    2016-08-20 13:31 - 2016-08-20 13:31 - 00012362 ____H C:\Users\john\Desktop\~WRL0005.tmp
    2016-08-20 12:14 - 2016-08-20 12:14 - 00001041 _____ C:\Users\john\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Temp File Cleaner.lnk
    2016-08-20 12:14 - 2016-08-20 12:14 - 00000000 ____D C:\Users\john\AppData\Roaming\addpcs
    2016-08-20 12:14 - 2016-08-20 12:14 - 00000000 ____D C:\Program Files\Temp File Cleaner
    2016-08-18 16:49 - 2016-08-18 16:49 - 00000728 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anki.lnk
    2016-08-18 16:49 - 2016-08-18 16:49 - 00000716 _____ C:\Users\Guest\Desktop\Anki.lnk
    2016-08-18 16:49 - 2016-08-18 16:49 - 00000716 _____ C:\Users\Administrator\Desktop\Anki.lnk
    2016-08-18 16:49 - 2016-08-18 16:49 - 00000000 ____D C:\Program Files\Anki
    2016-08-17 10:53 - 2016-09-05 11:37 - 00000000 ____D C:\Users\john\AppData\Local\MathWorks
    2016-08-17 10:53 - 2016-08-17 10:53 - 00000000 ____D C:\Users\john\AppData\Roaming\Subversion
    2016-08-17 10:47 - 2016-08-17 10:47 - 00000000 ____D C:\Users\john\AppData\Roaming\MathWorks
    2016-08-17 08:52 - 2016-08-17 08:52 - 00000000 ____D C:\Users\john\AppData\Local\VS Revo Group
    2016-08-17 08:52 - 2016-08-17 08:52 - 00000000 ____D C:\ProgramData\VS Revo Group
    2016-08-17 08:52 - 2016-08-17 08:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
    2016-08-17 08:52 - 2009-12-30 10:21 - 00027192 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys
    2016-08-16 20:37 - 2004-09-06 09:05 - 00645120 _____ C:\WINDOWS\system32\config.gms
    
    
    ==================== One Month Modified files and folders ========
    
    
    (If an entry is included in the fixlist, the file/folder will be moved.)
    
    
    2016-09-15 17:56 - 2013-08-22 12:35 - 00000000 ____D C:\WINDOWS\CbsTemp
    2016-09-15 17:54 - 2016-07-15 15:49 - 00000908 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
    2016-09-15 17:37 - 2014-04-11 07:13 - 00799478 _____ C:\WINDOWS\system32\prfh0816.dat
    2016-09-15 17:37 - 2014-04-11 07:13 - 00164812 _____ C:\WINDOWS\system32\prfc0816.dat
    2016-09-15 17:37 - 2014-03-18 12:31 - 01816356 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2016-09-15 17:37 - 2013-08-22 10:51 - 00000000 ____D C:\WINDOWS\inf
    2016-09-15 17:36 - 2016-07-15 15:30 - 00000000 ____D C:\Users\john\AppData\Roaming\IDM
    2016-09-15 17:34 - 2016-02-07 03:01 - 00000000 ____D C:\Users\john\Documents\Anki
    2016-09-15 17:33 - 2016-02-07 03:15 - 00000000 ___RD C:\Users\john\Dropbox
    2016-09-15 17:32 - 2016-07-15 15:49 - 00000904 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
    2016-09-15 17:32 - 2016-07-10 02:11 - 00000906 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2016-09-15 17:32 - 2016-02-07 02:51 - 00000000 __RDO C:\Users\john\OneDrive
    2016-09-15 17:30 - 2013-08-22 11:53 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2016-09-15 17:29 - 2013-08-22 10:43 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
    2016-09-15 17:27 - 2013-08-22 11:52 - 00362144 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2016-09-15 17:24 - 2013-08-22 12:47 - 00000000 ____D C:\WINDOWS\MediaViewer
    2016-09-15 17:24 - 2013-08-22 12:47 - 00000000 ____D C:\WINDOWS\FileManager
    2016-09-15 17:24 - 2013-08-22 12:47 - 00000000 ____D C:\WINDOWS\Camera
    2016-09-15 17:24 - 2013-08-22 10:51 - 00000000 ____D C:\WINDOWS\system32\oobe
    2016-09-15 17:23 - 2016-07-10 04:06 - 00000000 ____C C:\WINDOWS\system32\MRT.exe
    2016-09-15 17:22 - 2016-07-10 02:11 - 00000910 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2016-09-15 15:11 - 2013-08-22 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
    2016-09-15 14:50 - 2013-08-22 12:47 - 00000000 ___RD C:\WINDOWS\ToastData
    2016-09-15 14:32 - 2016-08-06 10:57 - 00000000 ____D C:\Users\john\AppData\Roaming\GoldenDict
    2016-09-15 14:32 - 2016-07-10 02:13 - 00000000 ____D C:\Users\john\AppData\Roaming\Everything
    2016-09-15 11:46 - 2016-07-10 02:34 - 00000000 ____D C:\ProgramData\Foxit Software
    2016-09-14 14:21 - 2016-07-15 15:30 - 00000000 ____D C:\Users\john\AppData\Roaming\DMCache
    2016-09-14 12:04 - 2016-07-15 15:19 - 00000000 ____D C:\Users\john\AppData\Roaming\Telegram Desktop
    2016-09-14 10:09 - 2016-04-17 06:25 - 00000000 ____D C:\Users\john\Documents\MATLAB
    2016-09-13 22:16 - 2016-07-10 03:20 - 00735488 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
    2016-09-13 22:14 - 2016-07-16 21:12 - 00000000 ____D C:\Users\john\AppData\Roaming\vlc
    2016-09-13 10:33 - 2016-02-18 20:33 - 00000000 ____D C:\Users\john\Documents\OneNote Notebooks
    2016-09-09 00:33 - 2016-08-07 19:02 - 00000000 ____D C:\Users\Guest\AppData\Local\Google
    2016-09-08 19:32 - 2016-07-17 12:13 - 00000000 ____D C:\WINDOWS\Downloaded Installations
    2016-09-08 19:32 - 2013-08-22 12:47 - 00000000 ____D C:\WINDOWS\system32\MsDtc
    2016-09-08 16:29 - 2016-07-15 15:20 - 00000000 ____D C:\Users\john\AppData\Roaming\TeamViewer
    2016-09-07 05:41 - 2016-07-10 10:45 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
    2016-09-07 05:41 - 2016-07-10 10:45 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
    2016-09-04 17:56 - 2016-02-07 02:22 - 00000000 ____D C:\Users\john\AppData\Local\Packages
    2016-09-03 02:25 - 2016-07-15 15:49 - 00000000 ____D C:\Program Files\Dropbox
    2016-09-02 20:15 - 2014-04-11 06:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
    2016-09-02 20:15 - 2014-04-11 06:40 - 00000000 ____D C:\Program Files\ASUS
    2016-09-01 22:15 - 2016-07-10 03:20 - 00434144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
    2016-09-01 22:15 - 2016-07-10 03:20 - 00224616 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
    2016-09-01 22:15 - 2016-07-10 03:20 - 00118664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
    2016-09-01 22:15 - 2016-07-10 03:20 - 00092256 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
    2016-09-01 22:15 - 2016-07-10 03:20 - 00091232 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
    2016-09-01 22:15 - 2016-07-10 03:20 - 00060424 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
    2016-09-01 22:15 - 2016-07-10 03:20 - 00035096 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
    2016-09-01 22:15 - 2016-07-10 03:20 - 00034008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
    2016-08-29 23:15 - 2013-08-22 12:47 - 00000000 __RSD C:\WINDOWS\Media
    2016-08-29 11:13 - 2013-08-22 12:47 - 00000000 ____D C:\WINDOWS\system32\NDF
    2016-08-27 11:16 - 2016-02-08 13:43 - 00000000 ____D C:\Users\john\Documents\Custom Office Templates
    2016-08-27 08:27 - 2016-07-15 15:18 - 00000000 ____D C:\Users\john\AppData\Roaming\qBittorrent
    2016-08-24 11:40 - 2016-07-15 15:20 - 00000000 ____D C:\Program Files\TeamViewer
    2016-08-24 03:19 - 2016-07-10 04:06 - 00000000 ____D C:\WINDOWS\system32\MRT
    2016-08-22 20:55 - 2016-08-08 17:05 - 00002849 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
    2016-08-22 13:36 - 2016-07-07 14:55 - 00000000 ____D C:\Users\john
    2016-08-21 19:45 - 2016-07-10 03:08 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.1
    2016-08-18 16:04 - 2016-07-15 15:20 - 00000943 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
    
    
    ==================== Files in the root of some directories =======
    
    
    2016-08-22 11:43 - 2016-08-22 23:18 - 0000006 _____ () C:\Users\john\AppData\Roaming\SmartDiarySuite.dic-sds
    2016-08-07 10:54 - 2016-08-07 10:54 - 0004933 _____ () C:\ProgramData\pqoxeahx.aem
    2014-04-11 06:40 - 2012-07-30 10:33 - 0000217 _____ () C:\ProgramData\SetStretch.cmd
    2014-04-11 06:40 - 2009-07-22 14:34 - 0024576 _____ () C:\ProgramData\SetStretch.exe
    
    
    Some zero byte size files/folders:
    ==========================
    C:\Windows\System32\MRT.exe
    
    
    ==================== Bamital & volsnap =================
    
    
    (There is no automatic fix for files that do not pass verification.)
    
    
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
    
    
    
    
    LastRegBack: 2016-09-15 14:48
    
    
    ==================== End of FRST.txt ============================
    Last edited by Brink; 15 Sep 2016 at 22:15. Reason: code box
      My System SpecsSystem Spec

  9. #9


    How much space is system restore taking there seems to be a task that keeps saving it that can take up gigs? Is window's genuine as there is a pirate activator running which is only used for window's or office.
      My System SpecsSystem Spec

  10. #10


    Code:
    ZOEK
    
    
    
    Zoek.exe v5.0.0.1 Updated 27-09-2015
    Tool run by john on Thu 09/15/2016 at 18:05:07.86.
    Microsoft Windows 8.1 6.3.9600  x86
    Running in: Normal Mode No Internet Access Detected
    Launched: C:\Users\john\Desktop\zoek.exe [Scan all users] [Script inserted] 
    
    
    ==== Older Logs ======================
    
    
    C:\zoek-results2016-09-08-211402.log    9739 bytes
    
    
    ==== System Restore Info ======================
    
    
    9/15/2016 6:06:07 PM Zoek.exe System Restore Point Created Successfully.
    
    
    ==== Reset Hosts File ======================
    
    
    # Copyright (c) 1993-2006 Microsoft Corp. 
    # 
    # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. 
    # 
    # This file contains the mappings of IP addresses to host names. Each 
    # entry should be kept on an individual line. The IP address should 
    # be placed in the first column followed by the corresponding host name. 
    # The IP address and the host name should be separated by at least one 
    # space. 
    # 
    # Additionally, comments (such as these) may be inserted on individual 
    # lines or following the machine name denoted by a '#' symbol. 
    # 
    # For example: 
    # 
    #      102.54.94.97     rhino.acme.com          # source server 
    #       38.25.63.10     x.acme.com              # x client host 
     
    127.0.0.1       localhost 
    
    
    ==== Empty Folders Check ======================
    
    
    C:\PROGRA~2\IDM deleted successfully
    C:\Users\Guest\AppData\Local\Google deleted successfully
    C:\Users\Guest\AppData\Local\VirtualStore deleted successfully
    
    
    ==== Deleting CLSID Registry Keys ======================
    
    
    
    
    ==== Deleting CLSID Registry Values ======================
    
    
    
    
    ==== Deleting Services ======================
    
    
    
    
    ==== Batch Command(s) Run By Tool======================
    
    
    
    
    ==== Deleting Files \ Folders ======================
    
    
    C:\Users\Guest\AppData\Local\Temporary Internet Files deleted
    
    
    ==== Firefox Extensions Registry ======================
    
    
    [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
    "web2pdfextension@web2pdf.adobedotcom"="D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn" [07/27/2016 07:40 PM]
    
    
    ==== Chromium Look ======================
    
    
    HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
    efaidnbmnnnibpcajpcglclefindmkaj - D:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx[09/23/2012 08:43 PM]
    eofcbnmajmjmplflapaojjnihcjkigck - No path found[]
    gomekmidlodglbbmalcneegieacbdmki - No path found[]
    ngpampappnmepgilojfohadhhmbhlaek - C:\Program Files\Internet Download Manager\IDMGCExt.crx[06/09/2016 09:18 PM]
    ohgndokldibnndfnjnagojmheejlengn - No path found[]
    
    
    C&C - john\AppData\Local\Google\Chrome\User Data\Default\Extensions\caplfhpahpkhhckglldpmdmjclabckhc
    OneTab - john\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall
    Avast SafePrice - john\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
    Morphine - john\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbnpehpbojenlldmfcopeajkichnnjpo
    Notepad - john\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffbhefmlcoihbjcmibbfkocmnaiacinp
    Avast Online Security - john\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
    Checker Plus for Google Calendar™ - john\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkhggnncdpfibdhinjiegagmopldibha
    Spreed - speed read the web - john\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipikiaejjblmdopojhpejjmbedhlibno
    Simple Notepad - john\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfjclcfpbfhdmikhohhjacgdmndneckj
    Progress Bar Timer - john\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmnlbapfmmoaehepmgbkgfcgpddlhbko
    Prioritab - john\AppData\Local\Google\Chrome\User Data\Default\Extensions\napbejkndjhcciibiglkimmgdlfjcbnp
    IDM Integration Module - john\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek
    Save to Pocket - john\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj
    Citavi Picker - john\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgndokldibnndfnjnagojmheejlengn
    Readability - john\AppData\Local\Google\Chrome\User Data\Default\Extensions\oknpjjbmpnndlpmnhmekjpocelpnlfdi
    latest - john\AppData\Local\Google\Chrome\User Data\Default\Extensions\olkajbcicgbkoefeclmjjbdhidnnmgkh
    Browsec - john\AppData\Local\Google\Chrome\User Data\Default\Extensions\omghfjlpggmjjaagoclmmobgdodcjboh
    SiteBlock - john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfglnpdpgmecffbejlfgpnebopinlclj
    Chrome Media Router - john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
    
    
    ==== Chromium Fix ======================
    
    
    C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_toolbar.yahoo.com_0.localstorage deleted successfully
    C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_toolbar.yahoo.com_0.localstorage-journal deleted successfully
    C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully
    C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully
    C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
    C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
    C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully
    C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully
    
    
    ==== Set IE to Default ======================
    
    
    Old Values:
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="http://asus13.msn.com/?pc=ASJB"
    
    
    New Values:
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="http://asus13.msn.com/?pc=ASJB"
    
    
    ==== All HKCU SearchScopes ======================
    
    
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
    "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
    {012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
    {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=ASJB"
    
    
    ==== Reset Google Chrome ======================
    
    
    C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
    C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
    C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
    C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
    
    
    ==== Reset IE Proxy ======================
    
    
    Value(s) before fix:
    "ProxyEnable"=dword:00000000
    
    
    Value(s) after fix:
    "ProxyEnable"=dword:00000000
    
    
    ==== Empty IE Cache ======================
    
    
    C:\Users\Guest\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
    C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Users\john\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
    C:\Users\john\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
    C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Users\john\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
    C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
    C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
    C:\Users\Guest\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
    C:\Users\john\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
    C:\Users\john\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
    C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
    
    
    ==== Empty FireFox Cache ======================
    
    
    No FireFox Profiles found
    
    
    ==== Empty Chrome Cache ======================
    
    
    C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
    
    
    ==== Empty All Flash Cache ======================
    
    
    Flash Cache Emptied Successfully
    
    
    ==== Empty All Java Cache ======================
    
    
    No Java Cache Found
    
    
    ==== C:\zoek_backup content ======================
    
    
    C:\zoek_backup (files=95 folders=48 23527592 bytes)
    
    
    ==== Empty Temp Folders ======================
    
    
    C:\Users\Administrator\AppData\Local\Temp emptied successfully
    C:\Users\Default\AppData\Local\Temp emptied successfully
    C:\Users\Default User\AppData\Local\Temp emptied successfully
    C:\Users\Guest\AppData\Local\Temp emptied successfully
    C:\Users\john\AppData\Local\Temp will be emptied at reboot
    C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
    C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
    C:\WINDOWS\Temp will be emptied at reboot
    
    
    ==== After Reboot ======================
    
    
    ==== Empty Temp Folders ======================
    
    
    C:\WINDOWS\Temp successfully emptied
    C:\Users\john\AppData\Local\Temp successfully emptied
    
    
    ==== Empty Recycle Bin ======================
    
    
    C:\$RECYCLE.BIN successfully emptied
    
    
    ==== EOF on Thu 09/15/2016 at 19:09:48.12 ======================
    Last edited by Brink; 15 Sep 2016 at 22:20. Reason: code box
      My System SpecsSystem Spec

Page 1 of 2 12 LastLast
C gone bonkers; no stable free space
Related Threads
Am I the only one to notice and complain over this in W8.1. This morning a new Adobe Flash update has appeared, KB3079777. The update is sized at 17.9mb. Nothing is running on the PC, its idle and with no disk activity. Free space is 55.4GB. I apply the update and free space immediately falls...
Cannot free space on iPhone 5 in Software and Apps
Hi. I didn't know where to put this topic, but I have an iPhone 5 and I need to free space from it now. Problem is, there is nothing really to delete, nor what I haves can equal to the many GBs taken: the highest is photos, and that's 200+MB, that's it. I tried to delete things that came with the...
I got Windows Firewall set to download updates automatically. I'm sure the downloads take up a lot of space on my drive. Is there a way to free up this space?
How do I merge the 18 gb system drive, that has no drive letter, with my c: Drive. See screen shot: https://www.eightforums.com/attachments/general-support/55995-runnig-out-disk-space-7-free-space-left-ashampoo_snap_2015.01.01_06h27m43s_001_.jpg
C is running out of free space in General Support
hello i know this is a kind of a stupid question but i really need help i have a 500 GB hard drive the windows partition -60 GB- is running out of free space (only 13 GB is free after cleaning up and so) and the performance is going down i want to increase the capacity of my C partition...
free space missing in Performance & Maintenance
I deleted my folder (25GB) because i was running low on space, deleted my recycle bin. And still don't have more than 1GB of free space. I searched for the deleted folder but it's gone, but no space. Any idea what could be the problem ?
Eight Forums Android App Eight Forums IOS App Follow us on Facebook